From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:22:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700152.1092791 (Exim 4.92) (envelope-from ) id 1rrf1Z-0002hH-7p; Tue, 02 Apr 2024 14:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700152.1092791; Tue, 02 Apr 2024 14:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf1Z-0002hA-5B; Tue, 02 Apr 2024 14:22:05 +0000 Received: by outflank-mailman (input) for mailman id 700152; Tue, 02 Apr 2024 14:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf1X-0002h2-Tt for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf1X-00020P-JE for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrf1X-0002EP-Ec for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uOIngN0Z9JnEJ2ie1HeXiX6QXKUhw7/pNA8N7BUy3Gw=; b=MsGBntw6oxsuyZaxmuwaAfxd9n 8CUe4HOenlrMsw5wmQddryzHczTjHOyBm8vwVgcGGMJnnzGPEcedchdBYDJEW+P5HTu6Odya9H6rj KhKLHFFpP+5DBcbQ5oBEKD93WkA/js7H9u+ih5TzrpeNvOQ9PPezEWZHtHLQIG0f3RFA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/cpu-policy: Hide x2APIC from PV guests Message-Id: Date: Tue, 02 Apr 2024 14:22:03 +0000 commit 03cc579ae3244f571f17293678f24a09be2ea5cc Author: Andrew Cooper AuthorDate: Tue Apr 2 16:13:07 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:13:07 2024 +0200 x86/cpu-policy: Hide x2APIC from PV guests PV guests can't write to MSR_APIC_BASE (in order to set EXTD), nor can they access any of the x2APIC MSR range. Therefore they mustn't see the x2APIC CPUID bit saying that they can. Right now, the host x2APIC flag filters into PV guests, meaning that PV guests generally see x2APIC except on Zen1-and-older AMD systems. Linux works around this by explicitly hiding the bit itself, and filtering EXTD out of MSR_APIC_BASE reads. NetBSD behaves more in the spirit of PV guests, and entirely ignores the APIC when built as a PV guest. Change the annotation from !A to !S. This has a consequence of stripping it out of both PV featuremasks. However, as existing guests may have seen the bit, set it back into the PV Max policy; a VM which saw the bit and is alive enough to migrate will have ignored it one way or another. Hiding x2APIC does change the contents of leaf 0xb, but as the information is nonsense to begin with, this is likely an improvement on the status quo. Xen's blind assumption that APIC_ID = vCPU_ID * 2 isn't interlinked with the host's topology structure, where a PV guest may see real host values, and the APIC_IDs are useless without an MADT to start with. Dom0 is the only PV VM to get an MADT but it's the host one, meaning the two sets of APIC_IDs are from different address spaces. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: 5420aa165dfa5fe95dd84bb71cb96c15459935b1 master date: 2024-03-01 20:14:19 +0000 --- xen/arch/x86/cpu-policy.c | 11 +++++++++-- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index 12e621b97d..cda5ad3eab 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -566,6 +566,14 @@ static void __init calculate_pv_max_policy(void) for ( i = 0; i < ARRAY_SIZE(fs); ++i ) fs[i] &= pv_max_featuremask[i]; + /* + * Xen at the time of writing (Feb 2024, 4.19 dev cycle) used to leak the + * host x2APIC capability into PV guests, but never supported the guest + * trying to turn x2APIC mode on. Tolerate an incoming VM which saw the + * x2APIC CPUID bit and is alive enough to migrate. + */ + __set_bit(X86_FEATURE_X2APIC, fs); + /* * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional * availability, or admin choice), hide the feature. @@ -859,11 +867,10 @@ void recalculate_cpuid_policy(struct domain *d) } /* - * Allow the toolstack to set HTT, X2APIC and CMP_LEGACY. These bits + * Allow the toolstack to set HTT and CMP_LEGACY. These bits * affect how to interpret topology information in other cpuid leaves. */ __set_bit(X86_FEATURE_HTT, max_fs); - __set_bit(X86_FEATURE_X2APIC, max_fs); __set_bit(X86_FEATURE_CMP_LEGACY, max_fs); /* diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 8e17ef670f..f3f745ef61 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -123,7 +123,7 @@ XEN_CPUFEATURE(PCID, 1*32+17) /*H Process Context ID */ XEN_CPUFEATURE(DCA, 1*32+18) /* Direct Cache Access */ XEN_CPUFEATURE(SSE4_1, 1*32+19) /*A Streaming SIMD Extensions 4.1 */ XEN_CPUFEATURE(SSE4_2, 1*32+20) /*A Streaming SIMD Extensions 4.2 */ -XEN_CPUFEATURE(X2APIC, 1*32+21) /*!A Extended xAPIC */ +XEN_CPUFEATURE(X2APIC, 1*32+21) /*!S Extended xAPIC */ XEN_CPUFEATURE(MOVBE, 1*32+22) /*A movbe instruction */ XEN_CPUFEATURE(POPCNT, 1*32+23) /*A POPCNT instruction */ XEN_CPUFEATURE(TSC_DEADLINE, 1*32+24) /*S TSC Deadline Timer */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:22:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700153.1092794 (Exim 4.92) (envelope-from ) id 1rrf1j-0002iq-9D; Tue, 02 Apr 2024 14:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700153.1092794; Tue, 02 Apr 2024 14:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf1j-0002ii-6d; Tue, 02 Apr 2024 14:22:15 +0000 Received: by outflank-mailman (input) for mailman id 700153; Tue, 02 Apr 2024 14:22:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf1h-0002ic-Ow for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf1h-00020U-O7 for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrf1h-0002GQ-LN for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oqKDtKzW663zlM9qCR4bCrx4cS1gZcs+SjhKdyDw7aw=; b=UycRk8GW+qQl8Qb01Cz26kwDbV uBZhfkp5caHeIFPR7pWL2wHgjsDTLGhK8QMpw25J/LogDlQWAT972Cq+qLdfN/yJm7p3W7Fk9mPVl 7hAZdjpFKFTxeQZ6rIYfgU+KEiZe8eG/CkDO4S/vnyR6IiY8KjY39LEwQyKfywXKCeRU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max policies Message-Id: Date: Tue, 02 Apr 2024 14:22:13 +0000 commit b576e09b66218834baacaa1881cbda2d6b6b5a53 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:13:55 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:13:55 2024 +0200 x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max policies The block in recalculate_cpuid_policy() predates the proper split between default and max policies, and was a "slightly max for a toolstack which knows about it" capability. It didn't get transformed properly in Xen 4.14. Because Xen will accept a VM with HTT/CMP_LEGACY seen, they should be visible in the max polices. Keep the default policy matching host settings. This manifested as an incorrectly-rejected migration across XenServer's Xen 4.13 -> 4.17 upgrade, as Xapi is slowly growing the logic to check a VM against the target max policy. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: e2d8a652251660c3252d92b442e1a9c5d6e6a1e9 master date: 2024-03-01 20:14:19 +0000 --- xen/arch/x86/cpu-policy.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index cda5ad3eab..85064e4a36 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -465,6 +465,16 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) raw_cpu_policy.feat.clwb ) __set_bit(X86_FEATURE_CLWB, fs); } + + /* + * Topology information inside the guest is entirely at the toolstack's + * discretion, and bears no relationship to the host we're running on. + * + * HTT identifies p->basic.lppp as valid + * CMP_LEGACY identifies p->extd.nc as valid + */ + __set_bit(X86_FEATURE_HTT, fs); + __set_bit(X86_FEATURE_CMP_LEGACY, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -519,6 +529,18 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) __clear_bit(X86_FEATURE_CLWB, fs); } + /* + * Topology information is at the toolstack's discretion so these are + * unconditionally set in max, but pick a default which matches the host. + */ + __clear_bit(X86_FEATURE_HTT, fs); + if ( cpu_has_htt ) + __set_bit(X86_FEATURE_HTT, fs); + + __clear_bit(X86_FEATURE_CMP_LEGACY, fs); + if ( cpu_has_cmp_legacy ) + __set_bit(X86_FEATURE_CMP_LEGACY, fs); + /* * On certain hardware, speculative or errata workarounds can result in * TSX being placed in "force-abort" mode, where it doesn't actually @@ -866,13 +888,6 @@ void recalculate_cpuid_policy(struct domain *d) } } - /* - * Allow the toolstack to set HTT and CMP_LEGACY. These bits - * affect how to interpret topology information in other cpuid leaves. - */ - __set_bit(X86_FEATURE_HTT, max_fs); - __set_bit(X86_FEATURE_CMP_LEGACY, max_fs); - /* * 32bit PV domains can't use any Long Mode features, and cannot use * SYSCALL on non-AMD hardware. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:22:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:22:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700154.1092799 (Exim 4.92) (envelope-from ) id 1rrf1t-0002m7-Ao; Tue, 02 Apr 2024 14:22:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700154.1092799; Tue, 02 Apr 2024 14:22:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf1t-0002lz-8D; Tue, 02 Apr 2024 14:22:25 +0000 Received: by outflank-mailman (input) for mailman id 700154; Tue, 02 Apr 2024 14:22:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf1r-0002lj-Tr for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf1r-00020g-T1 for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrf1r-0002Gx-QL for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qdTleE50D9JzrApaHz5TEjjgS5dvJ9xPxaUdmXAi0Ac=; b=RR1WaMTLtQ77lFuAScZDJoSGLq AzyOp0w5Ylq0V5xQUSVqB/jKEXCKUb6eu2KG1MrZmQxFsYxTpwlTap2W7dEuLbvMjW9XSYjyR5qGo AfNOdvI69cSVxAE9CsUr61CGQuwVfIK2fe11B/0yDzvF+NKCAibXZTSDVfQ5sk41g5VM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] xen/virtual-region: Rename the start/end fields Message-Id: Date: Tue, 02 Apr 2024 14:22:23 +0000 commit 8c13f6c5658d31b6a4bc1f85d358da9767d283f1 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:14:28 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:14:28 2024 +0200 xen/virtual-region: Rename the start/end fields ... to text_{start,end}. We're about to introduce another start/end pair. Despite it's name, struct virtual_region has always been a module-ish description. Call this out specifically. As minor cleanup, replace ROUNDUP(x, PAGE_SIZE) with the more concise PAGE_ALIGN() ahead of duplicating the example. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: 989556c6f8ca080f5f202417af97d1188b9ba52a master date: 2024-03-07 14:24:42 +0000 --- xen/common/livepatch.c | 4 ++-- xen/common/virtual_region.c | 19 ++++++++++--------- xen/include/xen/virtual_region.h | 11 +++++++++-- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 0cc048fd83..b311cbf18a 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -785,8 +785,8 @@ static int prepare_payload(struct payload *payload, region = &payload->region; region->symbols_lookup = livepatch_symbols_lookup; - region->start = payload->text_addr; - region->end = payload->text_addr + payload->text_size; + region->text_start = payload->text_addr; + region->text_end = payload->text_addr + payload->text_size; /* Optional sections. */ for ( i = 0; i < BUGFRAME_NR; i++ ) diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 9f12c30efe..b22ffb75c4 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -11,15 +11,15 @@ static struct virtual_region core = { .list = LIST_HEAD_INIT(core.list), - .start = _stext, - .end = _etext, + .text_start = _stext, + .text_end = _etext, }; /* Becomes irrelevant when __init sections are cleared. */ static struct virtual_region core_init __initdata = { .list = LIST_HEAD_INIT(core_init.list), - .start = _sinittext, - .end = _einittext, + .text_start = _sinittext, + .text_end = _einittext, }; /* @@ -39,7 +39,8 @@ const struct virtual_region *find_text_region(unsigned long addr) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) { - if ( (void *)addr >= region->start && (void *)addr < region->end ) + if ( (void *)addr >= region->text_start && + (void *)addr < region->text_end ) { rcu_read_unlock(&rcu_virtual_region_lock); return region; @@ -88,8 +89,8 @@ void relax_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) - modify_xen_mappings_lite((unsigned long)region->start, - ROUNDUP((unsigned long)region->end, PAGE_SIZE), + modify_xen_mappings_lite((unsigned long)region->text_start, + PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RWX); rcu_read_unlock(&rcu_virtual_region_lock); } @@ -100,8 +101,8 @@ void tighten_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) - modify_xen_mappings_lite((unsigned long)region->start, - ROUNDUP((unsigned long)region->end, PAGE_SIZE), + modify_xen_mappings_lite((unsigned long)region->text_start, + PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RX); rcu_read_unlock(&rcu_virtual_region_lock); } diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index d053620711..442a45bf1f 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -9,11 +9,18 @@ #include #include +/* + * Despite it's name, this is a module(ish) description. + * + * There's one region for the runtime .text/etc, one region for .init during + * boot only, and one region per livepatch. + */ struct virtual_region { struct list_head list; - const void *start; /* Virtual address start. */ - const void *end; /* Virtual address end. */ + + const void *text_start; /* .text virtual address start. */ + const void *text_end; /* .text virtual address end. */ /* If this is NULL the default lookup mechanism is used. */ symbols_lookup_t *symbols_lookup; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:22:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:22:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700155.1092803 (Exim 4.92) (envelope-from ) id 1rrf23-0002pH-CR; Tue, 02 Apr 2024 14:22:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700155.1092803; Tue, 02 Apr 2024 14:22:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf23-0002p8-9d; Tue, 02 Apr 2024 14:22:35 +0000 Received: by outflank-mailman (input) for mailman id 700155; Tue, 02 Apr 2024 14:22:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf22-0002os-0l for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf21-00020n-WA for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrf21-0002HS-VM for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P2rdqYpAFWwNGXHZXrvyS8iJGFwAV3LtH1OqJp5aPOQ=; b=u/qw1rQ624VK9Js3S5Gcd1qjER fwrKlg9exWzRXJKQGDWzs2Xilc7498hWNU5z+MwXppza/Paegx8yzADLBt3nxz/PVXtwy1/1DdMq/ YItLLMRNWDFDyCfzGOtizRa57ybAws6LcBTDps3jtqoC1kq04I/Z23cbJduXMInMwJU8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] xen/virtual-region: Include rodata pointers Message-Id: Date: Tue, 02 Apr 2024 14:22:33 +0000 commit 4fc27254deda6b49e14f41eda8d951cd13461633 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:14:59 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:14:59 2024 +0200 xen/virtual-region: Include rodata pointers These are optional. .init doesn't distinguish types of data like this, and livepatches don't necesserily have any .rodata either. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: ef969144a425e39f5b214a875b5713d0ea8575fb master date: 2024-03-07 14:24:42 +0000 --- xen/common/livepatch.c | 6 ++++++ xen/common/virtual_region.c | 2 ++ xen/include/xen/virtual_region.h | 3 +++ 3 files changed, 11 insertions(+) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index b311cbf18a..352639c47f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -788,6 +788,12 @@ static int prepare_payload(struct payload *payload, region->text_start = payload->text_addr; region->text_end = payload->text_addr + payload->text_size; + if ( payload->ro_size ) + { + region->rodata_start = payload->ro_addr; + region->rodata_end = payload->ro_addr + payload->ro_size; + } + /* Optional sections. */ for ( i = 0; i < BUGFRAME_NR; i++ ) { diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index b22ffb75c4..9c566f8ec9 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -13,6 +13,8 @@ static struct virtual_region core = { .list = LIST_HEAD_INIT(core.list), .text_start = _stext, .text_end = _etext, + .rodata_start = _srodata, + .rodata_end = _erodata, }; /* Becomes irrelevant when __init sections are cleared. */ diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index 442a45bf1f..dcdc95ba49 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -22,6 +22,9 @@ struct virtual_region const void *text_start; /* .text virtual address start. */ const void *text_end; /* .text virtual address end. */ + const void *rodata_start; /* .rodata virtual address start (optional). */ + const void *rodata_end; /* .rodata virtual address end. */ + /* If this is NULL the default lookup mechanism is used. */ symbols_lookup_t *symbols_lookup; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:22:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:22:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700156.1092808 (Exim 4.92) (envelope-from ) id 1rrf2D-0002rv-Ed; Tue, 02 Apr 2024 14:22:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700156.1092808; Tue, 02 Apr 2024 14:22:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf2D-0002rn-B5; Tue, 02 Apr 2024 14:22:45 +0000 Received: by outflank-mailman (input) for mailman id 700156; Tue, 02 Apr 2024 14:22:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf2C-0002rZ-4A for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf2C-00020w-3N for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrf2C-0002I2-24 for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:22:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k1AO/kwhflCsPFzrRwjpz10tS1fVeyveiWcTOkGdkD0=; b=WBkf1J1tqGSXUAxhCO/ThtQaoI Xm4LGMzaDTBl2uCuo019L7jQ6sCP1hVB8q6oS8HqCGJXtHihGbR3W+QbPoirgcHmBjFQ+E2ppt1/Q xT/uOGpEjQwV2DivSmcDU7/BoBb0m2iU6TijS+RBf79J/+s2vJMTkQtNPd7x0/m26qsE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/livepatch: Relax permissions on rodata too Message-Id: Date: Tue, 02 Apr 2024 14:22:44 +0000 commit d0173bbed1819550a3fae9932dfe6fb9ce16b896 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:15:18 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:15:18 2024 +0200 x86/livepatch: Relax permissions on rodata too This reinstates the capability to patch .rodata in load/unload hooks, which was lost when we stopped using CR0.WP=0 to patch. This turns out to be rather less of a large TODO than I thought at the time. Fixes: 8676092a0f16 ("x86/livepatch: Fix livepatch application when CET is active") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: b083b1c393dc8961acf0959b1d2e0ad459985ae3 master date: 2024-03-07 14:24:42 +0000 --- xen/arch/x86/livepatch.c | 4 ++-- xen/common/virtual_region.c | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index ee539f001b..4f76127e1f 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -62,7 +62,7 @@ int arch_livepatch_safety_check(void) int noinline arch_livepatch_quiesce(void) { /* - * Relax perms on .text to be RWX, so we can modify them. + * Relax perms on .text/.rodata, so we can modify them. * * This relaxes perms globally, but all other CPUs are waiting on us. */ @@ -75,7 +75,7 @@ int noinline arch_livepatch_quiesce(void) void noinline arch_livepatch_revive(void) { /* - * Reinstate perms on .text to be RX. This also cleans out the dirty + * Reinstate perms on .text/.rodata. This also cleans out the dirty * bits, which matters when CET Shstk is active. * * The other CPUs waiting for us could in principle have re-walked while diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 9c566f8ec9..aefc08e75f 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -91,9 +91,15 @@ void relax_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) + { modify_xen_mappings_lite((unsigned long)region->text_start, PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RWX); + if ( region->rodata_start ) + modify_xen_mappings_lite((unsigned long)region->rodata_start, + PAGE_ALIGN((unsigned long)region->rodata_end), + PAGE_HYPERVISOR_RW); + } rcu_read_unlock(&rcu_virtual_region_lock); } @@ -103,9 +109,15 @@ void tighten_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) + { modify_xen_mappings_lite((unsigned long)region->text_start, PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RX); + if ( region->rodata_start ) + modify_xen_mappings_lite((unsigned long)region->rodata_start, + PAGE_ALIGN((unsigned long)region->rodata_end), + PAGE_HYPERVISOR_RO); + } rcu_read_unlock(&rcu_virtual_region_lock); } #endif /* CONFIG_X86 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:23:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:23:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700157.1092810 (Exim 4.92) (envelope-from ) id 1rrf2X-0002ui-FO; Tue, 02 Apr 2024 14:23:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700157.1092810; Tue, 02 Apr 2024 14:23:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf2X-0002ub-Cn; Tue, 02 Apr 2024 14:23:05 +0000 Received: by outflank-mailman (input) for mailman id 700157; Tue, 02 Apr 2024 14:23:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf2W-0002uT-Cn for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:23:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrf2W-00021h-Bx for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:23:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrf2W-0002JY-BA for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:23:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D2DhceXhiaD0bxOFVufx6JCCNHpH23eT9V09t6tgou8=; b=mgYHBzyGuqIMvCv/a1FZCeH+PH 7PlsEtOvZz3CyfnV9Ktp/bzdyXxgeepQtBhWzjdL2P5gqmSbpvvCvSO2UwGQJVej/8mqzWzgXtjpK 8yHYU/QpVimJrcCfS/eyf66pyxXuS8GFhq0/7VIlmWBj5qhnRTzSuhkRu4dzR9Xs6148=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/boot: Support the watchdog on newer AMD systems Message-Id: Date: Tue, 02 Apr 2024 14:23:04 +0000 commit 5c4aacab178410a89cd090c5f857f5049823e741 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:16:25 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:16:25 2024 +0200 x86/boot: Support the watchdog on newer AMD systems The MSRs used by setup_k7_watchdog() are architectural in 64bit. The Unit Select (0x76, cycles not in halt state) isn't, but it hasn't changed in 25 years, making this a trend likely to continue. Drop the family check. If the Unit Select does happen to change meaning in the future, check_nmi_watchdog() will still notice the watchdog not operating as expected. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 131892e0dcc1265b621c2b7d844cb9e7c3a4404f master date: 2024-03-19 18:29:37 +0000 --- xen/arch/x86/nmi.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index f7767a2967..04b7cfffc9 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -387,15 +387,12 @@ void setup_apic_nmi_watchdog(void) if ( nmi_watchdog == NMI_NONE ) return; - switch (boot_cpu_data.x86_vendor) { + switch ( boot_cpu_data.x86_vendor ) + { case X86_VENDOR_AMD: - switch (boot_cpu_data.x86) { - case 6: - case 0xf ... 0x19: - setup_k7_watchdog(); - break; - } + setup_k7_watchdog(); break; + case X86_VENDOR_INTEL: switch (boot_cpu_data.x86) { case 6: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:33:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700161.1092825 (Exim 4.92) (envelope-from ) id 1rrfCD-0004pH-JD; Tue, 02 Apr 2024 14:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700161.1092825; Tue, 02 Apr 2024 14:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCD-0004p9-Gg; Tue, 02 Apr 2024 14:33:05 +0000 Received: by outflank-mailman (input) for mailman id 700161; Tue, 02 Apr 2024 14:33:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCB-0004p3-GV for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCB-0002Bw-5W for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrfCB-0002sa-4W for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R1sJHb16AT7JfYtKANuHrqJsBU0DXLivZtsMApfEtU4=; b=1nh1EfFWkbAUNbtpn3bEbCdpwD XpIhxAk984uAcq2LL+EhOX+ThRb9D7+eolxdwpolHTECmQ1qlNkRi2c7DsOTLW8vgW/y1yvVqTnYi 3Ewc3dSZjkZcs4Vy1AsBVXTIjp7nawBwwoqXGCkPva19So4o0sy07ask70xIwjodm8EQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] tests/resource: Fix HVM guest in !SHADOW builds Message-Id: Date: Tue, 02 Apr 2024 14:33:03 +0000 commit 17cf285d87e28a9ee9ab1f192982fc6dfc9e4193 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:23:54 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:23:54 2024 +0200 tests/resource: Fix HVM guest in !SHADOW builds Right now, test-resource always creates HVM Shadow guests. But if Xen has SHADOW compiled out, running the test yields: $./test-resource XENMEM_acquire_resource tests Test x86 PV Created d1 Test grant table Test x86 PVH Skip: 95 - Operation not supported and doesn't really test HVM guests, but doesn't fail either. There's nothing paging-mode-specific about this test, so default to HAP if possible and provide a more specific message if neither HAP or Shadow are available. As we've got physinfo to hand, also provide more specific message about the absence of PV or HVM support. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné master commit: 0263dc9069ddb66335c72a159e09050b1600e56a master date: 2024-03-01 20:14:19 +0000 --- tools/tests/resource/test-resource.c | 39 ++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/tools/tests/resource/test-resource.c b/tools/tests/resource/test-resource.c index 7ae88ea348..1b10be16a6 100644 --- a/tools/tests/resource/test-resource.c +++ b/tools/tests/resource/test-resource.c @@ -20,6 +20,8 @@ static xc_interface *xch; static xenforeignmemory_handle *fh; static xengnttab_handle *gh; +static xc_physinfo_t physinfo; + static void test_gnttab(uint32_t domid, unsigned int nr_frames, unsigned long gfn) { @@ -172,6 +174,37 @@ static void test_domain_configurations(void) printf("Test %s\n", t->name); +#if defined(__x86_64__) || defined(__i386__) + if ( t->create.flags & XEN_DOMCTL_CDF_hvm ) + { + if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_hvm) ) + { + printf(" Skip: HVM not available\n"); + continue; + } + + /* + * On x86, use HAP guests if possible, but skip if neither HAP nor + * SHADOW is available. + */ + if ( physinfo.capabilities & XEN_SYSCTL_PHYSCAP_hap ) + t->create.flags |= XEN_DOMCTL_CDF_hap; + else if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_shadow) ) + { + printf(" Skip: Neither HAP or SHADOW available\n"); + continue; + } + } + else + { + if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_pv) ) + { + printf(" Skip: PV not available\n"); + continue; + } + } +#endif + rc = xc_domain_create(xch, &domid, &t->create); if ( rc ) { @@ -214,6 +247,8 @@ static void test_domain_configurations(void) int main(int argc, char **argv) { + int rc; + printf("XENMEM_acquire_resource tests\n"); xch = xc_interface_open(NULL, NULL, 0); @@ -227,6 +262,10 @@ int main(int argc, char **argv) if ( !gh ) err(1, "xengnttab_open"); + rc = xc_physinfo(xch, &physinfo); + if ( rc ) + err(1, "Failed to obtain physinfo"); + test_domain_configurations(); return !!nr_failures; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:33:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700162.1092829 (Exim 4.92) (envelope-from ) id 1rrfCN-0004sd-L0; Tue, 02 Apr 2024 14:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700162.1092829; Tue, 02 Apr 2024 14:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCN-0004sT-I4; Tue, 02 Apr 2024 14:33:15 +0000 Received: by outflank-mailman (input) for mailman id 700162; Tue, 02 Apr 2024 14:33:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCL-0004sJ-Lz for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCL-0002C3-JR for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrfCL-0002vV-IV for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ITpuyQX5KSa/TFwAU+o0cHXw3IscZawAcqGuzVYm3M4=; b=3IQW0jhXEx2Rj2D+ayQP3i27xy L8TYaHxKKfTRggpZApiGL32VXVwC1UIV1PF9x3JJfW4Yi9MQgsHiHYFKXzbSm5k4/JJnzEkc6qYAj oidlT3TKNrgJVwu4J8yEGmT9zBu07DQduguhsgWE+n5JvLqzxvBKV3a4IYQYtqeOiN+Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/cpu-policy: Hide x2APIC from PV guests Message-Id: Date: Tue, 02 Apr 2024 14:33:13 +0000 commit bb27e11c56963e170d1f6d2fbddbc956f7164121 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:17:25 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:17:25 2024 +0200 x86/cpu-policy: Hide x2APIC from PV guests PV guests can't write to MSR_APIC_BASE (in order to set EXTD), nor can they access any of the x2APIC MSR range. Therefore they mustn't see the x2APIC CPUID bit saying that they can. Right now, the host x2APIC flag filters into PV guests, meaning that PV guests generally see x2APIC except on Zen1-and-older AMD systems. Linux works around this by explicitly hiding the bit itself, and filtering EXTD out of MSR_APIC_BASE reads. NetBSD behaves more in the spirit of PV guests, and entirely ignores the APIC when built as a PV guest. Change the annotation from !A to !S. This has a consequence of stripping it out of both PV featuremasks. However, as existing guests may have seen the bit, set it back into the PV Max policy; a VM which saw the bit and is alive enough to migrate will have ignored it one way or another. Hiding x2APIC does change the contents of leaf 0xb, but as the information is nonsense to begin with, this is likely an improvement on the status quo. Xen's blind assumption that APIC_ID = vCPU_ID * 2 isn't interlinked with the host's topology structure, where a PV guest may see real host values, and the APIC_IDs are useless without an MADT to start with. Dom0 is the only PV VM to get an MADT but it's the host one, meaning the two sets of APIC_IDs are from different address spaces. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: 5420aa165dfa5fe95dd84bb71cb96c15459935b1 master date: 2024-03-01 20:14:19 +0000 --- xen/arch/x86/cpu-policy.c | 11 +++++++++-- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index 96c2cee1a8..ed64d56294 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -559,6 +559,14 @@ static void __init calculate_pv_max_policy(void) for ( i = 0; i < ARRAY_SIZE(fs); ++i ) fs[i] &= pv_max_featuremask[i]; + /* + * Xen at the time of writing (Feb 2024, 4.19 dev cycle) used to leak the + * host x2APIC capability into PV guests, but never supported the guest + * trying to turn x2APIC mode on. Tolerate an incoming VM which saw the + * x2APIC CPUID bit and is alive enough to migrate. + */ + __set_bit(X86_FEATURE_X2APIC, fs); + /* * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional * availability, or admin choice), hide the feature. @@ -837,11 +845,10 @@ void recalculate_cpuid_policy(struct domain *d) } /* - * Allow the toolstack to set HTT, X2APIC and CMP_LEGACY. These bits + * Allow the toolstack to set HTT and CMP_LEGACY. These bits * affect how to interpret topology information in other cpuid leaves. */ __set_bit(X86_FEATURE_HTT, max_fs); - __set_bit(X86_FEATURE_X2APIC, max_fs); __set_bit(X86_FEATURE_CMP_LEGACY, max_fs); /* diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 113e6cadc1..bc971f3c6f 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -123,7 +123,7 @@ XEN_CPUFEATURE(PCID, 1*32+17) /*H Process Context ID */ XEN_CPUFEATURE(DCA, 1*32+18) /* Direct Cache Access */ XEN_CPUFEATURE(SSE4_1, 1*32+19) /*A Streaming SIMD Extensions 4.1 */ XEN_CPUFEATURE(SSE4_2, 1*32+20) /*A Streaming SIMD Extensions 4.2 */ -XEN_CPUFEATURE(X2APIC, 1*32+21) /*!A Extended xAPIC */ +XEN_CPUFEATURE(X2APIC, 1*32+21) /*!S Extended xAPIC */ XEN_CPUFEATURE(MOVBE, 1*32+22) /*A movbe instruction */ XEN_CPUFEATURE(POPCNT, 1*32+23) /*A POPCNT instruction */ XEN_CPUFEATURE(TSC_DEADLINE, 1*32+24) /*S TSC Deadline Timer */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:33:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700163.1092833 (Exim 4.92) (envelope-from ) id 1rrfCX-0004vH-M5; Tue, 02 Apr 2024 14:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700163.1092833; Tue, 02 Apr 2024 14:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCX-0004v9-JU; Tue, 02 Apr 2024 14:33:25 +0000 Received: by outflank-mailman (input) for mailman id 700163; Tue, 02 Apr 2024 14:33:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCV-0004uu-NN for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCV-0002CE-MX for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrfCV-0002vu-Le for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f9oAD2fmCIYwbemDF7Bgy7DaWYn3XYOqi5PRgzhA6AM=; b=jnjvDllgF8VkPkktLpclZCj9B7 07IBsZSsHcKSJDMMp0a5XitXRGzXB3n5gNqsC1bMTVjRA9Ip0DLioD33yggC/f6kFQ4OD3IOezxGr Mg23pd3ATwRLP5iiUBWBQvZAvJrIIDGjkTaxR3nPOM27CtatnKrN+jSWK3WXOetIKJRQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max policies Message-Id: Date: Tue, 02 Apr 2024 14:33:23 +0000 commit 70ad9c5fdeac4814050080c87e06d44292ecf868 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:18:05 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:18:05 2024 +0200 x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max policies The block in recalculate_cpuid_policy() predates the proper split between default and max policies, and was a "slightly max for a toolstack which knows about it" capability. It didn't get transformed properly in Xen 4.14. Because Xen will accept a VM with HTT/CMP_LEGACY seen, they should be visible in the max polices. Keep the default policy matching host settings. This manifested as an incorrectly-rejected migration across XenServer's Xen 4.13 -> 4.17 upgrade, as Xapi is slowly growing the logic to check a VM against the target max policy. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: e2d8a652251660c3252d92b442e1a9c5d6e6a1e9 master date: 2024-03-01 20:14:19 +0000 --- xen/arch/x86/cpu-policy.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index ed64d56294..24acd12ce2 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -458,6 +458,16 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) raw_cpu_policy.feat.clwb ) __set_bit(X86_FEATURE_CLWB, fs); } + + /* + * Topology information inside the guest is entirely at the toolstack's + * discretion, and bears no relationship to the host we're running on. + * + * HTT identifies p->basic.lppp as valid + * CMP_LEGACY identifies p->extd.nc as valid + */ + __set_bit(X86_FEATURE_HTT, fs); + __set_bit(X86_FEATURE_CMP_LEGACY, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -512,6 +522,18 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) __clear_bit(X86_FEATURE_CLWB, fs); } + /* + * Topology information is at the toolstack's discretion so these are + * unconditionally set in max, but pick a default which matches the host. + */ + __clear_bit(X86_FEATURE_HTT, fs); + if ( cpu_has_htt ) + __set_bit(X86_FEATURE_HTT, fs); + + __clear_bit(X86_FEATURE_CMP_LEGACY, fs); + if ( cpu_has_cmp_legacy ) + __set_bit(X86_FEATURE_CMP_LEGACY, fs); + /* * On certain hardware, speculative or errata workarounds can result in * TSX being placed in "force-abort" mode, where it doesn't actually @@ -844,13 +866,6 @@ void recalculate_cpuid_policy(struct domain *d) } } - /* - * Allow the toolstack to set HTT and CMP_LEGACY. These bits - * affect how to interpret topology information in other cpuid leaves. - */ - __set_bit(X86_FEATURE_HTT, max_fs); - __set_bit(X86_FEATURE_CMP_LEGACY, max_fs); - /* * 32bit PV domains can't use any Long Mode features, and cannot use * SYSCALL on non-AMD hardware. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:33:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:33:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700164.1092836 (Exim 4.92) (envelope-from ) id 1rrfCh-0004xe-NN; Tue, 02 Apr 2024 14:33:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700164.1092836; Tue, 02 Apr 2024 14:33:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCh-0004xX-Kx; Tue, 02 Apr 2024 14:33:35 +0000 Received: by outflank-mailman (input) for mailman id 700164; Tue, 02 Apr 2024 14:33:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCf-0004xN-QX for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCf-0002CN-Pk for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrfCf-0002wV-Os for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qWyXDK1WqgzewOtA/605p91i9GXjm9eyCLLU564sVkw=; b=4WYFENwBY2Paqpo5sksJu/9KFn s4oK4+JbV6s5gopuRJTc7lG+7l0knSFdLCrVzG2AC2tx6NuliJ09a5hwszEP3665llmbtySCEK3Qo 76YvYFnMzMdR02ERyvqSxC61+I9AhWRqFmbAS8Ecu/ak8cYhqEnolNJ860DBJ6O1etD8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] xen/virtual-region: Rename the start/end fields Message-Id: Date: Tue, 02 Apr 2024 14:33:33 +0000 commit 2392e958ec6fd2e48e011781344cf94dee6d6142 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:18:51 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:18:51 2024 +0200 xen/virtual-region: Rename the start/end fields ... to text_{start,end}. We're about to introduce another start/end pair. Despite it's name, struct virtual_region has always been a module-ish description. Call this out specifically. As minor cleanup, replace ROUNDUP(x, PAGE_SIZE) with the more concise PAGE_ALIGN() ahead of duplicating the example. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: 989556c6f8ca080f5f202417af97d1188b9ba52a master date: 2024-03-07 14:24:42 +0000 --- xen/common/livepatch.c | 9 +++++---- xen/common/virtual_region.c | 19 ++++++++++--------- xen/include/xen/virtual_region.h | 11 +++++++++-- 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index a5068a2217..29395f286f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -785,8 +785,8 @@ static int prepare_payload(struct payload *payload, region = &payload->region; region->symbols_lookup = livepatch_symbols_lookup; - region->start = payload->text_addr; - region->end = payload->text_addr + payload->text_size; + region->text_start = payload->text_addr; + region->text_end = payload->text_addr + payload->text_size; /* Optional sections. */ for ( i = 0; i < BUGFRAME_NR; i++ ) @@ -823,8 +823,9 @@ static int prepare_payload(struct payload *payload, const void *instr = ALT_ORIG_PTR(a); const void *replacement = ALT_REPL_PTR(a); - if ( (instr < region->start && instr >= region->end) || - (replacement < region->start && replacement >= region->end) ) + if ( (instr < region->text_start && instr >= region->text_end) || + (replacement < region->text_start && + replacement >= region->text_end) ) { printk(XENLOG_ERR LIVEPATCH "%s Alt patching outside payload: %p\n", elf->name, instr); diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 9f12c30efe..b22ffb75c4 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -11,15 +11,15 @@ static struct virtual_region core = { .list = LIST_HEAD_INIT(core.list), - .start = _stext, - .end = _etext, + .text_start = _stext, + .text_end = _etext, }; /* Becomes irrelevant when __init sections are cleared. */ static struct virtual_region core_init __initdata = { .list = LIST_HEAD_INIT(core_init.list), - .start = _sinittext, - .end = _einittext, + .text_start = _sinittext, + .text_end = _einittext, }; /* @@ -39,7 +39,8 @@ const struct virtual_region *find_text_region(unsigned long addr) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) { - if ( (void *)addr >= region->start && (void *)addr < region->end ) + if ( (void *)addr >= region->text_start && + (void *)addr < region->text_end ) { rcu_read_unlock(&rcu_virtual_region_lock); return region; @@ -88,8 +89,8 @@ void relax_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) - modify_xen_mappings_lite((unsigned long)region->start, - ROUNDUP((unsigned long)region->end, PAGE_SIZE), + modify_xen_mappings_lite((unsigned long)region->text_start, + PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RWX); rcu_read_unlock(&rcu_virtual_region_lock); } @@ -100,8 +101,8 @@ void tighten_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) - modify_xen_mappings_lite((unsigned long)region->start, - ROUNDUP((unsigned long)region->end, PAGE_SIZE), + modify_xen_mappings_lite((unsigned long)region->text_start, + PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RX); rcu_read_unlock(&rcu_virtual_region_lock); } diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index d053620711..442a45bf1f 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -9,11 +9,18 @@ #include #include +/* + * Despite it's name, this is a module(ish) description. + * + * There's one region for the runtime .text/etc, one region for .init during + * boot only, and one region per livepatch. + */ struct virtual_region { struct list_head list; - const void *start; /* Virtual address start. */ - const void *end; /* Virtual address end. */ + + const void *text_start; /* .text virtual address start. */ + const void *text_end; /* .text virtual address end. */ /* If this is NULL the default lookup mechanism is used. */ symbols_lookup_t *symbols_lookup; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:33:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:33:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700165.1092840 (Exim 4.92) (envelope-from ) id 1rrfCq-00050c-P1; Tue, 02 Apr 2024 14:33:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700165.1092840; Tue, 02 Apr 2024 14:33:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCq-00050V-MV; Tue, 02 Apr 2024 14:33:44 +0000 Received: by outflank-mailman (input) for mailman id 700165; Tue, 02 Apr 2024 14:33:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCp-00050N-VB for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCp-0002CU-Sc for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrfCp-0002xD-Ru for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=b+08JC8V2fudJH3xrgm6R7Tgm0yoAm7fAuuqSSSOFx0=; b=z+HleChmg4YA+12DeaTFkvz+WQ DSxTa/AYnDno/pzd/C/q15bFAe0XknWR2fRk4rCSP54ep81bZ6KoFosPSDC130iCe5CoimfgBlgv0 Jn2HQxeKexSfEPPo+IHTgXbpA5H19DoQOClM+it4OSScL9UUmjt+9K3ecSp7+LUNOJ8g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] xen/virtual-region: Include rodata pointers Message-Id: Date: Tue, 02 Apr 2024 14:33:43 +0000 commit 335cbb55567b20df8e8bd2d1b340609e272ddab6 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:19:11 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:19:11 2024 +0200 xen/virtual-region: Include rodata pointers These are optional. .init doesn't distinguish types of data like this, and livepatches don't necesserily have any .rodata either. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: ef969144a425e39f5b214a875b5713d0ea8575fb master date: 2024-03-07 14:24:42 +0000 --- xen/common/livepatch.c | 6 ++++++ xen/common/virtual_region.c | 2 ++ xen/include/xen/virtual_region.h | 3 +++ 3 files changed, 11 insertions(+) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 29395f286f..28c09ddf58 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -788,6 +788,12 @@ static int prepare_payload(struct payload *payload, region->text_start = payload->text_addr; region->text_end = payload->text_addr + payload->text_size; + if ( payload->ro_size ) + { + region->rodata_start = payload->ro_addr; + region->rodata_end = payload->ro_addr + payload->ro_size; + } + /* Optional sections. */ for ( i = 0; i < BUGFRAME_NR; i++ ) { diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index b22ffb75c4..9c566f8ec9 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -13,6 +13,8 @@ static struct virtual_region core = { .list = LIST_HEAD_INIT(core.list), .text_start = _stext, .text_end = _etext, + .rodata_start = _srodata, + .rodata_end = _erodata, }; /* Becomes irrelevant when __init sections are cleared. */ diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index 442a45bf1f..dcdc95ba49 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -22,6 +22,9 @@ struct virtual_region const void *text_start; /* .text virtual address start. */ const void *text_end; /* .text virtual address end. */ + const void *rodata_start; /* .rodata virtual address start (optional). */ + const void *rodata_end; /* .rodata virtual address end. */ + /* If this is NULL the default lookup mechanism is used. */ symbols_lookup_t *symbols_lookup; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:33:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:33:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700166.1092845 (Exim 4.92) (envelope-from ) id 1rrfD0-00053n-Qx; Tue, 02 Apr 2024 14:33:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700166.1092845; Tue, 02 Apr 2024 14:33:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfD0-00053g-OM; Tue, 02 Apr 2024 14:33:54 +0000 Received: by outflank-mailman (input) for mailman id 700166; Tue, 02 Apr 2024 14:33:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfD0-00053X-0A for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfCz-0002Cu-VY for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrfCz-0002xp-Ui for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:33:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zlgb73Ne0lpo/z6fNDUx/lm/dAAKMgngoIEKD0yhOGY=; b=k2OrDXNMeSrfQpxp+nMZ+KBXrA ABM5UOqHGyhhQR1dEDVeKavZfXsMyFs+zzkUBp7XXb20K+vQDoXWop01gKZDtdsUegFN9ZHNwRiow FCFTBBBdKkAD4s6ujfYUsw/nV2ZOTv5ovWjOuqc7k0y7uUZ5bXaX5yc1Ad0DciYeRR5o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/livepatch: Relax permissions on rodata too Message-Id: Date: Tue, 02 Apr 2024 14:33:53 +0000 commit c3ff11b11c21777a9b1c616607705f3a7340b391 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:19:36 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:19:36 2024 +0200 x86/livepatch: Relax permissions on rodata too This reinstates the capability to patch .rodata in load/unload hooks, which was lost when we stopped using CR0.WP=0 to patch. This turns out to be rather less of a large TODO than I thought at the time. Fixes: 8676092a0f16 ("x86/livepatch: Fix livepatch application when CET is active") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: b083b1c393dc8961acf0959b1d2e0ad459985ae3 master date: 2024-03-07 14:24:42 +0000 --- xen/arch/x86/livepatch.c | 4 ++-- xen/common/virtual_region.c | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index ee539f001b..4f76127e1f 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -62,7 +62,7 @@ int arch_livepatch_safety_check(void) int noinline arch_livepatch_quiesce(void) { /* - * Relax perms on .text to be RWX, so we can modify them. + * Relax perms on .text/.rodata, so we can modify them. * * This relaxes perms globally, but all other CPUs are waiting on us. */ @@ -75,7 +75,7 @@ int noinline arch_livepatch_quiesce(void) void noinline arch_livepatch_revive(void) { /* - * Reinstate perms on .text to be RX. This also cleans out the dirty + * Reinstate perms on .text/.rodata. This also cleans out the dirty * bits, which matters when CET Shstk is active. * * The other CPUs waiting for us could in principle have re-walked while diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 9c566f8ec9..aefc08e75f 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -91,9 +91,15 @@ void relax_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) + { modify_xen_mappings_lite((unsigned long)region->text_start, PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RWX); + if ( region->rodata_start ) + modify_xen_mappings_lite((unsigned long)region->rodata_start, + PAGE_ALIGN((unsigned long)region->rodata_end), + PAGE_HYPERVISOR_RW); + } rcu_read_unlock(&rcu_virtual_region_lock); } @@ -103,9 +109,15 @@ void tighten_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) + { modify_xen_mappings_lite((unsigned long)region->text_start, PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RX); + if ( region->rodata_start ) + modify_xen_mappings_lite((unsigned long)region->rodata_start, + PAGE_ALIGN((unsigned long)region->rodata_end), + PAGE_HYPERVISOR_RO); + } rcu_read_unlock(&rcu_virtual_region_lock); } #endif /* CONFIG_X86 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:34:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:34:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700167.1092848 (Exim 4.92) (envelope-from ) id 1rrfDK-00057N-U3; Tue, 02 Apr 2024 14:34:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700167.1092848; Tue, 02 Apr 2024 14:34:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfDK-00057G-Re; Tue, 02 Apr 2024 14:34:14 +0000 Received: by outflank-mailman (input) for mailman id 700167; Tue, 02 Apr 2024 14:34:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfDK-00057A-6A for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:34:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfDK-0002DO-5Q for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:34:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrfDK-000301-4e for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:34:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TIjvFg/kIgk2TTWCPAwbqmQitUZkS+eKg50fFcV0Ypc=; b=cZbl+lKe4I0tSATwAwkKFGYHMS lQGhRCxFn9SgAlkLQU5E3/YNApzxeb8BF78GryKGyq5QdZjcNUCcbnej0E3TusUMs404EwysQzC4R fUTnB3OPO4ctBYswExlwLYKhLxUrNzefz3cJTwpbTdtLTBHsk9KiB6LD2lU761rleBxA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/boot: Support the watchdog on newer AMD systems Message-Id: Date: Tue, 02 Apr 2024 14:34:14 +0000 commit 2777b499f1f6d5cea68f9479f82d055542b822ad Author: Andrew Cooper AuthorDate: Tue Apr 2 16:20:30 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:20:30 2024 +0200 x86/boot: Support the watchdog on newer AMD systems The MSRs used by setup_k7_watchdog() are architectural in 64bit. The Unit Select (0x76, cycles not in halt state) isn't, but it hasn't changed in 25 years, making this a trend likely to continue. Drop the family check. If the Unit Select does happen to change meaning in the future, check_nmi_watchdog() will still notice the watchdog not operating as expected. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 131892e0dcc1265b621c2b7d844cb9e7c3a4404f master date: 2024-03-19 18:29:37 +0000 --- xen/arch/x86/nmi.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index dd31034ac8..c7c51614a6 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -386,15 +386,12 @@ void setup_apic_nmi_watchdog(void) if ( nmi_watchdog == NMI_NONE ) return; - switch (boot_cpu_data.x86_vendor) { + switch ( boot_cpu_data.x86_vendor ) + { case X86_VENDOR_AMD: - switch (boot_cpu_data.x86) { - case 6: - case 0xf ... 0x19: - setup_k7_watchdog(); - break; - } + setup_k7_watchdog(); break; + case X86_VENDOR_INTEL: switch (boot_cpu_data.x86) { case 6: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 02 14:34:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 02 Apr 2024 14:34:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700169.1092857 (Exim 4.92) (envelope-from ) id 1rrfDV-0005CG-6y; Tue, 02 Apr 2024 14:34:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700169.1092857; Tue, 02 Apr 2024 14:34:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfDV-0005Bx-3Y; Tue, 02 Apr 2024 14:34:25 +0000 Received: by outflank-mailman (input) for mailman id 700169; Tue, 02 Apr 2024 14:34:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfDU-00059k-8s for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:34:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrfDU-0002Db-89 for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:34:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrfDU-00031B-7S for xen-changelog@lists.xenproject.org; Tue, 02 Apr 2024 14:34:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Pww5HX7oWBrRye6cD201edu/yngpOqUw331MTB6Mv1I=; b=3j+b+nY8RCfs0BdCORfx3dcFP5 FrC1d1ipyzK1QVcbAf4g2ECZ30iceOZ8GN6vj0PQAJ5Xt/Zy8LeXAr8/dc8hvTvgz5Ve8ljUyKfPE seErC50xaWMmqG2VnoGQQaeRqD70EyBQg9YduFOF4rKgrf2ZJzUPnXwLXMxAFMwD3MKc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] tests/resource: Fix HVM guest in !SHADOW builds Message-Id: Date: Tue, 02 Apr 2024 14:34:24 +0000 commit 9bc40dbcf9eafccc1923b2555286bf6a2af03b7a Author: Andrew Cooper AuthorDate: Tue Apr 2 16:24:07 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:24:07 2024 +0200 tests/resource: Fix HVM guest in !SHADOW builds Right now, test-resource always creates HVM Shadow guests. But if Xen has SHADOW compiled out, running the test yields: $./test-resource XENMEM_acquire_resource tests Test x86 PV Created d1 Test grant table Test x86 PVH Skip: 95 - Operation not supported and doesn't really test HVM guests, but doesn't fail either. There's nothing paging-mode-specific about this test, so default to HAP if possible and provide a more specific message if neither HAP or Shadow are available. As we've got physinfo to hand, also provide more specific message about the absence of PV or HVM support. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné master commit: 0263dc9069ddb66335c72a159e09050b1600e56a master date: 2024-03-01 20:14:19 +0000 --- tools/tests/resource/test-resource.c | 39 ++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/tools/tests/resource/test-resource.c b/tools/tests/resource/test-resource.c index 0a950072f9..e2c4ba3478 100644 --- a/tools/tests/resource/test-resource.c +++ b/tools/tests/resource/test-resource.c @@ -20,6 +20,8 @@ static xc_interface *xch; static xenforeignmemory_handle *fh; static xengnttab_handle *gh; +static xc_physinfo_t physinfo; + static void test_gnttab(uint32_t domid, unsigned int nr_frames, unsigned long gfn) { @@ -172,6 +174,37 @@ static void test_domain_configurations(void) printf("Test %s\n", t->name); +#if defined(__x86_64__) || defined(__i386__) + if ( t->create.flags & XEN_DOMCTL_CDF_hvm ) + { + if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_hvm) ) + { + printf(" Skip: HVM not available\n"); + continue; + } + + /* + * On x86, use HAP guests if possible, but skip if neither HAP nor + * SHADOW is available. + */ + if ( physinfo.capabilities & XEN_SYSCTL_PHYSCAP_hap ) + t->create.flags |= XEN_DOMCTL_CDF_hap; + else if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_shadow) ) + { + printf(" Skip: Neither HAP or SHADOW available\n"); + continue; + } + } + else + { + if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_pv) ) + { + printf(" Skip: PV not available\n"); + continue; + } + } +#endif + rc = xc_domain_create(xch, &domid, &t->create); if ( rc ) { @@ -214,6 +247,8 @@ static void test_domain_configurations(void) int main(int argc, char **argv) { + int rc; + printf("XENMEM_acquire_resource tests\n"); xch = xc_interface_open(NULL, NULL, 0); @@ -227,6 +262,10 @@ int main(int argc, char **argv) if ( !gh ) err(1, "xengnttab_open"); + rc = xc_physinfo(xch, &physinfo); + if ( rc ) + err(1, "Failed to obtain physinfo"); + test_domain_configurations(); return !!nr_failures; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 01:44:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 01:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700257.1093090 (Exim 4.92) (envelope-from ) id 1rrpfW-0003ju-8C; Wed, 03 Apr 2024 01:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700257.1093090; Wed, 03 Apr 2024 01:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpfW-0003jl-5C; Wed, 03 Apr 2024 01:44:02 +0000 Received: by outflank-mailman (input) for mailman id 700257; Wed, 03 Apr 2024 01:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpfV-0003jf-Ls for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpfV-0005bB-FH for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrpfV-0000c0-D3 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=h3g6Km3f+UTzCbJw+NEby70ENnoeII7nZIeNn85LnAI=; b=Ro9nY+rsXG4R62yX3uX/5AzAeU kAB7nGNzR68zeihPpn/jgA3joBTdoVOXyy3E4hK6wTnwuJuFuVWv8KaSHjdRQgqKYe0l0sLx8aSLg vmmz+8DC9rSsantkLo2yQyLf58Rg5yLl9geGTA+HPxiqKSab2ce/9uI7nlkjg0Go4iug=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/cpu-policy: Hide x2APIC from PV guests Message-Id: Date: Wed, 03 Apr 2024 01:44:01 +0000 commit 03cc579ae3244f571f17293678f24a09be2ea5cc Author: Andrew Cooper AuthorDate: Tue Apr 2 16:13:07 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:13:07 2024 +0200 x86/cpu-policy: Hide x2APIC from PV guests PV guests can't write to MSR_APIC_BASE (in order to set EXTD), nor can they access any of the x2APIC MSR range. Therefore they mustn't see the x2APIC CPUID bit saying that they can. Right now, the host x2APIC flag filters into PV guests, meaning that PV guests generally see x2APIC except on Zen1-and-older AMD systems. Linux works around this by explicitly hiding the bit itself, and filtering EXTD out of MSR_APIC_BASE reads. NetBSD behaves more in the spirit of PV guests, and entirely ignores the APIC when built as a PV guest. Change the annotation from !A to !S. This has a consequence of stripping it out of both PV featuremasks. However, as existing guests may have seen the bit, set it back into the PV Max policy; a VM which saw the bit and is alive enough to migrate will have ignored it one way or another. Hiding x2APIC does change the contents of leaf 0xb, but as the information is nonsense to begin with, this is likely an improvement on the status quo. Xen's blind assumption that APIC_ID = vCPU_ID * 2 isn't interlinked with the host's topology structure, where a PV guest may see real host values, and the APIC_IDs are useless without an MADT to start with. Dom0 is the only PV VM to get an MADT but it's the host one, meaning the two sets of APIC_IDs are from different address spaces. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: 5420aa165dfa5fe95dd84bb71cb96c15459935b1 master date: 2024-03-01 20:14:19 +0000 --- xen/arch/x86/cpu-policy.c | 11 +++++++++-- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index 12e621b97d..cda5ad3eab 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -566,6 +566,14 @@ static void __init calculate_pv_max_policy(void) for ( i = 0; i < ARRAY_SIZE(fs); ++i ) fs[i] &= pv_max_featuremask[i]; + /* + * Xen at the time of writing (Feb 2024, 4.19 dev cycle) used to leak the + * host x2APIC capability into PV guests, but never supported the guest + * trying to turn x2APIC mode on. Tolerate an incoming VM which saw the + * x2APIC CPUID bit and is alive enough to migrate. + */ + __set_bit(X86_FEATURE_X2APIC, fs); + /* * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional * availability, or admin choice), hide the feature. @@ -859,11 +867,10 @@ void recalculate_cpuid_policy(struct domain *d) } /* - * Allow the toolstack to set HTT, X2APIC and CMP_LEGACY. These bits + * Allow the toolstack to set HTT and CMP_LEGACY. These bits * affect how to interpret topology information in other cpuid leaves. */ __set_bit(X86_FEATURE_HTT, max_fs); - __set_bit(X86_FEATURE_X2APIC, max_fs); __set_bit(X86_FEATURE_CMP_LEGACY, max_fs); /* diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 8e17ef670f..f3f745ef61 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -123,7 +123,7 @@ XEN_CPUFEATURE(PCID, 1*32+17) /*H Process Context ID */ XEN_CPUFEATURE(DCA, 1*32+18) /* Direct Cache Access */ XEN_CPUFEATURE(SSE4_1, 1*32+19) /*A Streaming SIMD Extensions 4.1 */ XEN_CPUFEATURE(SSE4_2, 1*32+20) /*A Streaming SIMD Extensions 4.2 */ -XEN_CPUFEATURE(X2APIC, 1*32+21) /*!A Extended xAPIC */ +XEN_CPUFEATURE(X2APIC, 1*32+21) /*!S Extended xAPIC */ XEN_CPUFEATURE(MOVBE, 1*32+22) /*A movbe instruction */ XEN_CPUFEATURE(POPCNT, 1*32+23) /*A POPCNT instruction */ XEN_CPUFEATURE(TSC_DEADLINE, 1*32+24) /*S TSC Deadline Timer */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 01:44:12 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 01:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700258.1093094 (Exim 4.92) (envelope-from ) id 1rrpfg-0003lV-9V; Wed, 03 Apr 2024 01:44:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700258.1093094; Wed, 03 Apr 2024 01:44:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpfg-0003lN-6f; Wed, 03 Apr 2024 01:44:12 +0000 Received: by outflank-mailman (input) for mailman id 700258; Wed, 03 Apr 2024 01:44:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpff-0003lF-Jk for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpff-0005bS-Iw for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrpff-0000cn-HN for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wbGmqQxhOmqLza22ut7VVM/BSGEFPMpM+OBD5q+0MiA=; b=BVwyQJl2iRQ57mQhDTie87MAAk pS01x+Kh8j/uRH5nEr0mIc0a3t8g4ooBptwAYLGdMV6AeWQwFT5ZaMAsP1HGun3N/b4+vJCMWH7X2 XDJkklWDdbB9JWhQ2gTj7tPebKL4pp9Q9Fjn4hsU74HQA5lE6BN6TsXOg2dAy9aK1ols=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max policies Message-Id: Date: Wed, 03 Apr 2024 01:44:11 +0000 commit b576e09b66218834baacaa1881cbda2d6b6b5a53 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:13:55 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:13:55 2024 +0200 x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max policies The block in recalculate_cpuid_policy() predates the proper split between default and max policies, and was a "slightly max for a toolstack which knows about it" capability. It didn't get transformed properly in Xen 4.14. Because Xen will accept a VM with HTT/CMP_LEGACY seen, they should be visible in the max polices. Keep the default policy matching host settings. This manifested as an incorrectly-rejected migration across XenServer's Xen 4.13 -> 4.17 upgrade, as Xapi is slowly growing the logic to check a VM against the target max policy. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: e2d8a652251660c3252d92b442e1a9c5d6e6a1e9 master date: 2024-03-01 20:14:19 +0000 --- xen/arch/x86/cpu-policy.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index cda5ad3eab..85064e4a36 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -465,6 +465,16 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) raw_cpu_policy.feat.clwb ) __set_bit(X86_FEATURE_CLWB, fs); } + + /* + * Topology information inside the guest is entirely at the toolstack's + * discretion, and bears no relationship to the host we're running on. + * + * HTT identifies p->basic.lppp as valid + * CMP_LEGACY identifies p->extd.nc as valid + */ + __set_bit(X86_FEATURE_HTT, fs); + __set_bit(X86_FEATURE_CMP_LEGACY, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -519,6 +529,18 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) __clear_bit(X86_FEATURE_CLWB, fs); } + /* + * Topology information is at the toolstack's discretion so these are + * unconditionally set in max, but pick a default which matches the host. + */ + __clear_bit(X86_FEATURE_HTT, fs); + if ( cpu_has_htt ) + __set_bit(X86_FEATURE_HTT, fs); + + __clear_bit(X86_FEATURE_CMP_LEGACY, fs); + if ( cpu_has_cmp_legacy ) + __set_bit(X86_FEATURE_CMP_LEGACY, fs); + /* * On certain hardware, speculative or errata workarounds can result in * TSX being placed in "force-abort" mode, where it doesn't actually @@ -866,13 +888,6 @@ void recalculate_cpuid_policy(struct domain *d) } } - /* - * Allow the toolstack to set HTT and CMP_LEGACY. These bits - * affect how to interpret topology information in other cpuid leaves. - */ - __set_bit(X86_FEATURE_HTT, max_fs); - __set_bit(X86_FEATURE_CMP_LEGACY, max_fs); - /* * 32bit PV domains can't use any Long Mode features, and cannot use * SYSCALL on non-AMD hardware. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 01:44:22 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 01:44:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700259.1093099 (Exim 4.92) (envelope-from ) id 1rrpfq-0003nx-BC; Wed, 03 Apr 2024 01:44:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700259.1093099; Wed, 03 Apr 2024 01:44:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpfq-0003np-8C; Wed, 03 Apr 2024 01:44:22 +0000 Received: by outflank-mailman (input) for mailman id 700259; Wed, 03 Apr 2024 01:44:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpfp-0003nh-Of for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpfp-0005bi-Nn for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrpfp-0000dC-L6 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tvABbrGLY/P2zz2+nwFuZfaGu07E38RFRsFncJrpGR4=; b=aP2vNK9KfTgoCketp7lL3Jgw5k kxn7bl7YLVA93/eqDVcihRMPCCXbs8F24jX1z4eq3Fi9I3fi1h3JwrqxQEAgn7H6gEjBIqZ6q2xSN S8SRtY9d1Hufqx6d7Ie60Pe6qFDcj/pWoPJr2k3/V/RlXEAGmC12SXtk4DNTj0pqIdAk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] xen/virtual-region: Rename the start/end fields Message-Id: Date: Wed, 03 Apr 2024 01:44:21 +0000 commit 8c13f6c5658d31b6a4bc1f85d358da9767d283f1 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:14:28 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:14:28 2024 +0200 xen/virtual-region: Rename the start/end fields ... to text_{start,end}. We're about to introduce another start/end pair. Despite it's name, struct virtual_region has always been a module-ish description. Call this out specifically. As minor cleanup, replace ROUNDUP(x, PAGE_SIZE) with the more concise PAGE_ALIGN() ahead of duplicating the example. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: 989556c6f8ca080f5f202417af97d1188b9ba52a master date: 2024-03-07 14:24:42 +0000 --- xen/common/livepatch.c | 4 ++-- xen/common/virtual_region.c | 19 ++++++++++--------- xen/include/xen/virtual_region.h | 11 +++++++++-- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 0cc048fd83..b311cbf18a 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -785,8 +785,8 @@ static int prepare_payload(struct payload *payload, region = &payload->region; region->symbols_lookup = livepatch_symbols_lookup; - region->start = payload->text_addr; - region->end = payload->text_addr + payload->text_size; + region->text_start = payload->text_addr; + region->text_end = payload->text_addr + payload->text_size; /* Optional sections. */ for ( i = 0; i < BUGFRAME_NR; i++ ) diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 9f12c30efe..b22ffb75c4 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -11,15 +11,15 @@ static struct virtual_region core = { .list = LIST_HEAD_INIT(core.list), - .start = _stext, - .end = _etext, + .text_start = _stext, + .text_end = _etext, }; /* Becomes irrelevant when __init sections are cleared. */ static struct virtual_region core_init __initdata = { .list = LIST_HEAD_INIT(core_init.list), - .start = _sinittext, - .end = _einittext, + .text_start = _sinittext, + .text_end = _einittext, }; /* @@ -39,7 +39,8 @@ const struct virtual_region *find_text_region(unsigned long addr) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) { - if ( (void *)addr >= region->start && (void *)addr < region->end ) + if ( (void *)addr >= region->text_start && + (void *)addr < region->text_end ) { rcu_read_unlock(&rcu_virtual_region_lock); return region; @@ -88,8 +89,8 @@ void relax_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) - modify_xen_mappings_lite((unsigned long)region->start, - ROUNDUP((unsigned long)region->end, PAGE_SIZE), + modify_xen_mappings_lite((unsigned long)region->text_start, + PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RWX); rcu_read_unlock(&rcu_virtual_region_lock); } @@ -100,8 +101,8 @@ void tighten_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) - modify_xen_mappings_lite((unsigned long)region->start, - ROUNDUP((unsigned long)region->end, PAGE_SIZE), + modify_xen_mappings_lite((unsigned long)region->text_start, + PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RX); rcu_read_unlock(&rcu_virtual_region_lock); } diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index d053620711..442a45bf1f 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -9,11 +9,18 @@ #include #include +/* + * Despite it's name, this is a module(ish) description. + * + * There's one region for the runtime .text/etc, one region for .init during + * boot only, and one region per livepatch. + */ struct virtual_region { struct list_head list; - const void *start; /* Virtual address start. */ - const void *end; /* Virtual address end. */ + + const void *text_start; /* .text virtual address start. */ + const void *text_end; /* .text virtual address end. */ /* If this is NULL the default lookup mechanism is used. */ symbols_lookup_t *symbols_lookup; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 01:44:32 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 01:44:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700260.1093102 (Exim 4.92) (envelope-from ) id 1rrpg0-0003qp-CF; Wed, 03 Apr 2024 01:44:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700260.1093102; Wed, 03 Apr 2024 01:44:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpg0-0003qh-9c; Wed, 03 Apr 2024 01:44:32 +0000 Received: by outflank-mailman (input) for mailman id 700260; Wed, 03 Apr 2024 01:44:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpfz-0003qa-RZ for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpfz-0005bp-Qp for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrpfz-0000dv-Py for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=skaEMP+btYlBnVaNuZDrKcSpeaU3cEImxg1QlmR38t8=; b=bxpC4qyJvX2BoL5z7oKTFJv2lI jHBN3w+nywLq/qcRx4cM1DOTWrIdGXrbzaIIWg0FMIrUO/AZ+1SR+7/ihA/ZAp1jHfTc+eLvh7MHk an3A/uN/NV1+VtO57Ef65/3dmCalCv4ZkauNdG+JDDGfmhA2Bbuj/r7ZqPhKzkNKFAB8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] xen/virtual-region: Include rodata pointers Message-Id: Date: Wed, 03 Apr 2024 01:44:31 +0000 commit 4fc27254deda6b49e14f41eda8d951cd13461633 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:14:59 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:14:59 2024 +0200 xen/virtual-region: Include rodata pointers These are optional. .init doesn't distinguish types of data like this, and livepatches don't necesserily have any .rodata either. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: ef969144a425e39f5b214a875b5713d0ea8575fb master date: 2024-03-07 14:24:42 +0000 --- xen/common/livepatch.c | 6 ++++++ xen/common/virtual_region.c | 2 ++ xen/include/xen/virtual_region.h | 3 +++ 3 files changed, 11 insertions(+) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index b311cbf18a..352639c47f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -788,6 +788,12 @@ static int prepare_payload(struct payload *payload, region->text_start = payload->text_addr; region->text_end = payload->text_addr + payload->text_size; + if ( payload->ro_size ) + { + region->rodata_start = payload->ro_addr; + region->rodata_end = payload->ro_addr + payload->ro_size; + } + /* Optional sections. */ for ( i = 0; i < BUGFRAME_NR; i++ ) { diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index b22ffb75c4..9c566f8ec9 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -13,6 +13,8 @@ static struct virtual_region core = { .list = LIST_HEAD_INIT(core.list), .text_start = _stext, .text_end = _etext, + .rodata_start = _srodata, + .rodata_end = _erodata, }; /* Becomes irrelevant when __init sections are cleared. */ diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index 442a45bf1f..dcdc95ba49 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -22,6 +22,9 @@ struct virtual_region const void *text_start; /* .text virtual address start. */ const void *text_end; /* .text virtual address end. */ + const void *rodata_start; /* .rodata virtual address start (optional). */ + const void *rodata_end; /* .rodata virtual address end. */ + /* If this is NULL the default lookup mechanism is used. */ symbols_lookup_t *symbols_lookup; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 01:44:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 01:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700261.1093106 (Exim 4.92) (envelope-from ) id 1rrpgB-0003uj-FG; Wed, 03 Apr 2024 01:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700261.1093106; Wed, 03 Apr 2024 01:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpgB-0003ub-Ce; Wed, 03 Apr 2024 01:44:43 +0000 Received: by outflank-mailman (input) for mailman id 700261; Wed, 03 Apr 2024 01:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpg9-0003uE-VA for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:41 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpg9-0005c0-UO for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrpg9-0000eR-T6 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:44:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UeRG37J3wLeMPUme8moiDFZmo+lTW1fC84kNgCsXSw0=; b=MJCAm1niukaTK1QI2ou4ZjGsWo a8Evb+M1U1wLOy2UFKegpCT3IEohe8hLYHhvMj4pOqjupUtr42lcx55he1Yqm9Td98D78gWZX3uqx pVc4gVhq1OaccjfjLz02Q2R3QSz7hsoHORV27z64IZ6lWE0EB8KmOGGtWZ9QJ1alip70=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/livepatch: Relax permissions on rodata too Message-Id: Date: Wed, 03 Apr 2024 01:44:41 +0000 commit d0173bbed1819550a3fae9932dfe6fb9ce16b896 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:15:18 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:15:18 2024 +0200 x86/livepatch: Relax permissions on rodata too This reinstates the capability to patch .rodata in load/unload hooks, which was lost when we stopped using CR0.WP=0 to patch. This turns out to be rather less of a large TODO than I thought at the time. Fixes: 8676092a0f16 ("x86/livepatch: Fix livepatch application when CET is active") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: b083b1c393dc8961acf0959b1d2e0ad459985ae3 master date: 2024-03-07 14:24:42 +0000 --- xen/arch/x86/livepatch.c | 4 ++-- xen/common/virtual_region.c | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index ee539f001b..4f76127e1f 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -62,7 +62,7 @@ int arch_livepatch_safety_check(void) int noinline arch_livepatch_quiesce(void) { /* - * Relax perms on .text to be RWX, so we can modify them. + * Relax perms on .text/.rodata, so we can modify them. * * This relaxes perms globally, but all other CPUs are waiting on us. */ @@ -75,7 +75,7 @@ int noinline arch_livepatch_quiesce(void) void noinline arch_livepatch_revive(void) { /* - * Reinstate perms on .text to be RX. This also cleans out the dirty + * Reinstate perms on .text/.rodata. This also cleans out the dirty * bits, which matters when CET Shstk is active. * * The other CPUs waiting for us could in principle have re-walked while diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 9c566f8ec9..aefc08e75f 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -91,9 +91,15 @@ void relax_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) + { modify_xen_mappings_lite((unsigned long)region->text_start, PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RWX); + if ( region->rodata_start ) + modify_xen_mappings_lite((unsigned long)region->rodata_start, + PAGE_ALIGN((unsigned long)region->rodata_end), + PAGE_HYPERVISOR_RW); + } rcu_read_unlock(&rcu_virtual_region_lock); } @@ -103,9 +109,15 @@ void tighten_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) + { modify_xen_mappings_lite((unsigned long)region->text_start, PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RX); + if ( region->rodata_start ) + modify_xen_mappings_lite((unsigned long)region->rodata_start, + PAGE_ALIGN((unsigned long)region->rodata_end), + PAGE_HYPERVISOR_RO); + } rcu_read_unlock(&rcu_virtual_region_lock); } #endif /* CONFIG_X86 */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 01:45:03 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 01:45:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700262.1093109 (Exim 4.92) (envelope-from ) id 1rrpgV-0003xw-HB; Wed, 03 Apr 2024 01:45:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700262.1093109; Wed, 03 Apr 2024 01:45:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpgV-0003xp-Ea; Wed, 03 Apr 2024 01:45:03 +0000 Received: by outflank-mailman (input) for mailman id 700262; Wed, 03 Apr 2024 01:45:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpgU-0003xf-4w for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:45:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpgU-0005d1-4A for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:45:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrpgU-0000fU-3H for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:45:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PZuRsUBM7AnU6mhZ6V+CG8p+vpCA7aViPRbc4Wq+eIM=; b=Fa4ASxRNgrpjoZDDWyjD8a0l7X 5Wyp5/9jugtyIYw4XuhrbGFk18BTeW9PXa/VbbIYMVzlSA+UrWB8VYDCze26+pxAH60C2+mqlJQWL 1XjBNq6d+WhMSX9eeeBwRwIkvcbF9mFc3/wzvJqsCl7mvGHO8zvGQYfM0p8XfwRFR8f4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/boot: Support the watchdog on newer AMD systems Message-Id: Date: Wed, 03 Apr 2024 01:45:02 +0000 commit 5c4aacab178410a89cd090c5f857f5049823e741 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:16:25 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:16:25 2024 +0200 x86/boot: Support the watchdog on newer AMD systems The MSRs used by setup_k7_watchdog() are architectural in 64bit. The Unit Select (0x76, cycles not in halt state) isn't, but it hasn't changed in 25 years, making this a trend likely to continue. Drop the family check. If the Unit Select does happen to change meaning in the future, check_nmi_watchdog() will still notice the watchdog not operating as expected. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 131892e0dcc1265b621c2b7d844cb9e7c3a4404f master date: 2024-03-19 18:29:37 +0000 --- xen/arch/x86/nmi.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index f7767a2967..04b7cfffc9 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -387,15 +387,12 @@ void setup_apic_nmi_watchdog(void) if ( nmi_watchdog == NMI_NONE ) return; - switch (boot_cpu_data.x86_vendor) { + switch ( boot_cpu_data.x86_vendor ) + { case X86_VENDOR_AMD: - switch (boot_cpu_data.x86) { - case 6: - case 0xf ... 0x19: - setup_k7_watchdog(); - break; - } + setup_k7_watchdog(); break; + case X86_VENDOR_INTEL: switch (boot_cpu_data.x86) { case 6: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 01:45:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 01:45:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700263.1093113 (Exim 4.92) (envelope-from ) id 1rrpgf-00040J-In; Wed, 03 Apr 2024 01:45:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700263.1093113; Wed, 03 Apr 2024 01:45:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpgf-00040C-GB; Wed, 03 Apr 2024 01:45:13 +0000 Received: by outflank-mailman (input) for mailman id 700263; Wed, 03 Apr 2024 01:45:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpge-0003zt-9n for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:45:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrpge-0005d8-7D for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:45:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrpge-0000fx-6R for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 01:45:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0vGhZxXEqr0wJHP8LXUuGJnpyhNzoomFON5nhm4ue24=; b=kM0xpuniEa/HxdOzd4sPxMppqm OyKWXy+fdQ73wWZA1DSjkk6ecw4RHzMLQ0Hh3Stxjm8HkJU1GT9gCHUnBWNY+sdLVmnYYp0dTRyWG +LTigu60pvBVwisFTg8SA4LRCk5//LNuh85LFuaiEtd+BpBM6/8eKNWMH1vcKl1Rw2OY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] tests/resource: Fix HVM guest in !SHADOW builds Message-Id: Date: Wed, 03 Apr 2024 01:45:12 +0000 commit 17cf285d87e28a9ee9ab1f192982fc6dfc9e4193 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:23:54 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:23:54 2024 +0200 tests/resource: Fix HVM guest in !SHADOW builds Right now, test-resource always creates HVM Shadow guests. But if Xen has SHADOW compiled out, running the test yields: $./test-resource XENMEM_acquire_resource tests Test x86 PV Created d1 Test grant table Test x86 PVH Skip: 95 - Operation not supported and doesn't really test HVM guests, but doesn't fail either. There's nothing paging-mode-specific about this test, so default to HAP if possible and provide a more specific message if neither HAP or Shadow are available. As we've got physinfo to hand, also provide more specific message about the absence of PV or HVM support. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné master commit: 0263dc9069ddb66335c72a159e09050b1600e56a master date: 2024-03-01 20:14:19 +0000 --- tools/tests/resource/test-resource.c | 39 ++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/tools/tests/resource/test-resource.c b/tools/tests/resource/test-resource.c index 7ae88ea348..1b10be16a6 100644 --- a/tools/tests/resource/test-resource.c +++ b/tools/tests/resource/test-resource.c @@ -20,6 +20,8 @@ static xc_interface *xch; static xenforeignmemory_handle *fh; static xengnttab_handle *gh; +static xc_physinfo_t physinfo; + static void test_gnttab(uint32_t domid, unsigned int nr_frames, unsigned long gfn) { @@ -172,6 +174,37 @@ static void test_domain_configurations(void) printf("Test %s\n", t->name); +#if defined(__x86_64__) || defined(__i386__) + if ( t->create.flags & XEN_DOMCTL_CDF_hvm ) + { + if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_hvm) ) + { + printf(" Skip: HVM not available\n"); + continue; + } + + /* + * On x86, use HAP guests if possible, but skip if neither HAP nor + * SHADOW is available. + */ + if ( physinfo.capabilities & XEN_SYSCTL_PHYSCAP_hap ) + t->create.flags |= XEN_DOMCTL_CDF_hap; + else if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_shadow) ) + { + printf(" Skip: Neither HAP or SHADOW available\n"); + continue; + } + } + else + { + if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_pv) ) + { + printf(" Skip: PV not available\n"); + continue; + } + } +#endif + rc = xc_domain_create(xch, &domid, &t->create); if ( rc ) { @@ -214,6 +247,8 @@ static void test_domain_configurations(void) int main(int argc, char **argv) { + int rc; + printf("XENMEM_acquire_resource tests\n"); xch = xc_interface_open(NULL, NULL, 0); @@ -227,6 +262,10 @@ int main(int argc, char **argv) if ( !gh ) err(1, "xengnttab_open"); + rc = xc_physinfo(xch, &physinfo); + if ( rc ) + err(1, "Failed to obtain physinfo"); + test_domain_configurations(); return !!nr_failures; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 03:44:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 03:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700270.1093128 (Exim 4.92) (envelope-from ) id 1rrrXe-0000hu-Si; Wed, 03 Apr 2024 03:44:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700270.1093128; Wed, 03 Apr 2024 03:44:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrXe-0000hm-Q0; Wed, 03 Apr 2024 03:44:02 +0000 Received: by outflank-mailman (input) for mailman id 700270; Wed, 03 Apr 2024 03:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrXe-0000hg-1h for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrXd-000841-R1 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrrXd-0000v9-Py for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R6r1bMosNgvMssDDi1gmeTngAht8RfVhwSE05JmUW9U=; b=ur/B4uDV5zhNf69raEJ4zvn6F+ mXfekE0JJFliaaEJx41T0ILbG20iZvqnZCvBi76JwNoA4tjnTkKtM6FWybv0Ro3sAYN2M00XguYC6 QAAN5Id3TXVDNR4hARPGeLfCvhkylE/3qTFClqMzKp3wGk/n6n9yTNxTkR76ProvL1R8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/cpu-policy: Hide x2APIC from PV guests Message-Id: Date: Wed, 03 Apr 2024 03:44:01 +0000 commit bb27e11c56963e170d1f6d2fbddbc956f7164121 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:17:25 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:17:25 2024 +0200 x86/cpu-policy: Hide x2APIC from PV guests PV guests can't write to MSR_APIC_BASE (in order to set EXTD), nor can they access any of the x2APIC MSR range. Therefore they mustn't see the x2APIC CPUID bit saying that they can. Right now, the host x2APIC flag filters into PV guests, meaning that PV guests generally see x2APIC except on Zen1-and-older AMD systems. Linux works around this by explicitly hiding the bit itself, and filtering EXTD out of MSR_APIC_BASE reads. NetBSD behaves more in the spirit of PV guests, and entirely ignores the APIC when built as a PV guest. Change the annotation from !A to !S. This has a consequence of stripping it out of both PV featuremasks. However, as existing guests may have seen the bit, set it back into the PV Max policy; a VM which saw the bit and is alive enough to migrate will have ignored it one way or another. Hiding x2APIC does change the contents of leaf 0xb, but as the information is nonsense to begin with, this is likely an improvement on the status quo. Xen's blind assumption that APIC_ID = vCPU_ID * 2 isn't interlinked with the host's topology structure, where a PV guest may see real host values, and the APIC_IDs are useless without an MADT to start with. Dom0 is the only PV VM to get an MADT but it's the host one, meaning the two sets of APIC_IDs are from different address spaces. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: 5420aa165dfa5fe95dd84bb71cb96c15459935b1 master date: 2024-03-01 20:14:19 +0000 --- xen/arch/x86/cpu-policy.c | 11 +++++++++-- xen/include/public/arch-x86/cpufeatureset.h | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index 96c2cee1a8..ed64d56294 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -559,6 +559,14 @@ static void __init calculate_pv_max_policy(void) for ( i = 0; i < ARRAY_SIZE(fs); ++i ) fs[i] &= pv_max_featuremask[i]; + /* + * Xen at the time of writing (Feb 2024, 4.19 dev cycle) used to leak the + * host x2APIC capability into PV guests, but never supported the guest + * trying to turn x2APIC mode on. Tolerate an incoming VM which saw the + * x2APIC CPUID bit and is alive enough to migrate. + */ + __set_bit(X86_FEATURE_X2APIC, fs); + /* * If Xen isn't virtualising MSR_SPEC_CTRL for PV guests (functional * availability, or admin choice), hide the feature. @@ -837,11 +845,10 @@ void recalculate_cpuid_policy(struct domain *d) } /* - * Allow the toolstack to set HTT, X2APIC and CMP_LEGACY. These bits + * Allow the toolstack to set HTT and CMP_LEGACY. These bits * affect how to interpret topology information in other cpuid leaves. */ __set_bit(X86_FEATURE_HTT, max_fs); - __set_bit(X86_FEATURE_X2APIC, max_fs); __set_bit(X86_FEATURE_CMP_LEGACY, max_fs); /* diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 113e6cadc1..bc971f3c6f 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -123,7 +123,7 @@ XEN_CPUFEATURE(PCID, 1*32+17) /*H Process Context ID */ XEN_CPUFEATURE(DCA, 1*32+18) /* Direct Cache Access */ XEN_CPUFEATURE(SSE4_1, 1*32+19) /*A Streaming SIMD Extensions 4.1 */ XEN_CPUFEATURE(SSE4_2, 1*32+20) /*A Streaming SIMD Extensions 4.2 */ -XEN_CPUFEATURE(X2APIC, 1*32+21) /*!A Extended xAPIC */ +XEN_CPUFEATURE(X2APIC, 1*32+21) /*!S Extended xAPIC */ XEN_CPUFEATURE(MOVBE, 1*32+22) /*A movbe instruction */ XEN_CPUFEATURE(POPCNT, 1*32+23) /*A POPCNT instruction */ XEN_CPUFEATURE(TSC_DEADLINE, 1*32+24) /*S TSC Deadline Timer */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 03:44:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 03:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700271.1093132 (Exim 4.92) (envelope-from ) id 1rrrXo-0000jS-UR; Wed, 03 Apr 2024 03:44:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700271.1093132; Wed, 03 Apr 2024 03:44:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrXo-0000jK-Rd; Wed, 03 Apr 2024 03:44:12 +0000 Received: by outflank-mailman (input) for mailman id 700271; Wed, 03 Apr 2024 03:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrXn-0000jC-Vd for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrXn-000849-Ur for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrrXn-00013c-T9 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tSop5RUBMI4udVjsu7utHeQRXW/rFOy+5AigkPLze70=; b=xIOjBOtMTPRBBgfqEP68pxo0KN ur+GpKSmXLUCxgsFmV7XJChuxyoHnK7DJdiME5S9k9CPXLZfOd9UsPiSFtbFiyobtXd2uyuG6l96K mT+lk7QJVDXGSatkr53KxCI9tZIEjzdrPID7l0leUNbX3yS/B88LPsuJ1hFsDeAMN9rE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max policies Message-Id: Date: Wed, 03 Apr 2024 03:44:11 +0000 commit 70ad9c5fdeac4814050080c87e06d44292ecf868 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:18:05 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:18:05 2024 +0200 x86/cpu-policy: Fix visibility of HTT/CMP_LEGACY in max policies The block in recalculate_cpuid_policy() predates the proper split between default and max policies, and was a "slightly max for a toolstack which knows about it" capability. It didn't get transformed properly in Xen 4.14. Because Xen will accept a VM with HTT/CMP_LEGACY seen, they should be visible in the max polices. Keep the default policy matching host settings. This manifested as an incorrectly-rejected migration across XenServer's Xen 4.13 -> 4.17 upgrade, as Xapi is slowly growing the logic to check a VM against the target max policy. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné master commit: e2d8a652251660c3252d92b442e1a9c5d6e6a1e9 master date: 2024-03-01 20:14:19 +0000 --- xen/arch/x86/cpu-policy.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index ed64d56294..24acd12ce2 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -458,6 +458,16 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) raw_cpu_policy.feat.clwb ) __set_bit(X86_FEATURE_CLWB, fs); } + + /* + * Topology information inside the guest is entirely at the toolstack's + * discretion, and bears no relationship to the host we're running on. + * + * HTT identifies p->basic.lppp as valid + * CMP_LEGACY identifies p->extd.nc as valid + */ + __set_bit(X86_FEATURE_HTT, fs); + __set_bit(X86_FEATURE_CMP_LEGACY, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -512,6 +522,18 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) __clear_bit(X86_FEATURE_CLWB, fs); } + /* + * Topology information is at the toolstack's discretion so these are + * unconditionally set in max, but pick a default which matches the host. + */ + __clear_bit(X86_FEATURE_HTT, fs); + if ( cpu_has_htt ) + __set_bit(X86_FEATURE_HTT, fs); + + __clear_bit(X86_FEATURE_CMP_LEGACY, fs); + if ( cpu_has_cmp_legacy ) + __set_bit(X86_FEATURE_CMP_LEGACY, fs); + /* * On certain hardware, speculative or errata workarounds can result in * TSX being placed in "force-abort" mode, where it doesn't actually @@ -844,13 +866,6 @@ void recalculate_cpuid_policy(struct domain *d) } } - /* - * Allow the toolstack to set HTT and CMP_LEGACY. These bits - * affect how to interpret topology information in other cpuid leaves. - */ - __set_bit(X86_FEATURE_HTT, max_fs); - __set_bit(X86_FEATURE_CMP_LEGACY, max_fs); - /* * 32bit PV domains can't use any Long Mode features, and cannot use * SYSCALL on non-AMD hardware. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 03:44:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 03:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700275.1093146 (Exim 4.92) (envelope-from ) id 1rrrXz-00011q-Bs; Wed, 03 Apr 2024 03:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700275.1093146; Wed, 03 Apr 2024 03:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrXz-00011i-8r; Wed, 03 Apr 2024 03:44:23 +0000 Received: by outflank-mailman (input) for mailman id 700275; Wed, 03 Apr 2024 03:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrXy-000118-2W for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrXy-00084V-1Z for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrrXy-0001Cm-0j for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zhqNbc17ZE28eJi7MpBoAa2XPBE8/cCZ4fvqbAE1NzU=; b=qVZ9ZHIX52QzlVIn6b63HaGs6y mHe4SIMxxhPaun0CB6GKcozmVQmb5XEX+KM6oIgAhLYEToG1bGxgeVs1S18lcjm/QD7juk3ypYw60 XNx/cHyIKTLc1n2y3eKIpHvtSAoqU5jQsLdU4s+7S+OjE6nvNkEyzltsHo3g40jmyUS4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] xen/virtual-region: Rename the start/end fields Message-Id: Date: Wed, 03 Apr 2024 03:44:22 +0000 commit 2392e958ec6fd2e48e011781344cf94dee6d6142 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:18:51 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:18:51 2024 +0200 xen/virtual-region: Rename the start/end fields ... to text_{start,end}. We're about to introduce another start/end pair. Despite it's name, struct virtual_region has always been a module-ish description. Call this out specifically. As minor cleanup, replace ROUNDUP(x, PAGE_SIZE) with the more concise PAGE_ALIGN() ahead of duplicating the example. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: 989556c6f8ca080f5f202417af97d1188b9ba52a master date: 2024-03-07 14:24:42 +0000 --- xen/common/livepatch.c | 9 +++++---- xen/common/virtual_region.c | 19 ++++++++++--------- xen/include/xen/virtual_region.h | 11 +++++++++-- 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index a5068a2217..29395f286f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -785,8 +785,8 @@ static int prepare_payload(struct payload *payload, region = &payload->region; region->symbols_lookup = livepatch_symbols_lookup; - region->start = payload->text_addr; - region->end = payload->text_addr + payload->text_size; + region->text_start = payload->text_addr; + region->text_end = payload->text_addr + payload->text_size; /* Optional sections. */ for ( i = 0; i < BUGFRAME_NR; i++ ) @@ -823,8 +823,9 @@ static int prepare_payload(struct payload *payload, const void *instr = ALT_ORIG_PTR(a); const void *replacement = ALT_REPL_PTR(a); - if ( (instr < region->start && instr >= region->end) || - (replacement < region->start && replacement >= region->end) ) + if ( (instr < region->text_start && instr >= region->text_end) || + (replacement < region->text_start && + replacement >= region->text_end) ) { printk(XENLOG_ERR LIVEPATCH "%s Alt patching outside payload: %p\n", elf->name, instr); diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 9f12c30efe..b22ffb75c4 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -11,15 +11,15 @@ static struct virtual_region core = { .list = LIST_HEAD_INIT(core.list), - .start = _stext, - .end = _etext, + .text_start = _stext, + .text_end = _etext, }; /* Becomes irrelevant when __init sections are cleared. */ static struct virtual_region core_init __initdata = { .list = LIST_HEAD_INIT(core_init.list), - .start = _sinittext, - .end = _einittext, + .text_start = _sinittext, + .text_end = _einittext, }; /* @@ -39,7 +39,8 @@ const struct virtual_region *find_text_region(unsigned long addr) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) { - if ( (void *)addr >= region->start && (void *)addr < region->end ) + if ( (void *)addr >= region->text_start && + (void *)addr < region->text_end ) { rcu_read_unlock(&rcu_virtual_region_lock); return region; @@ -88,8 +89,8 @@ void relax_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) - modify_xen_mappings_lite((unsigned long)region->start, - ROUNDUP((unsigned long)region->end, PAGE_SIZE), + modify_xen_mappings_lite((unsigned long)region->text_start, + PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RWX); rcu_read_unlock(&rcu_virtual_region_lock); } @@ -100,8 +101,8 @@ void tighten_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) - modify_xen_mappings_lite((unsigned long)region->start, - ROUNDUP((unsigned long)region->end, PAGE_SIZE), + modify_xen_mappings_lite((unsigned long)region->text_start, + PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RX); rcu_read_unlock(&rcu_virtual_region_lock); } diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index d053620711..442a45bf1f 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -9,11 +9,18 @@ #include #include +/* + * Despite it's name, this is a module(ish) description. + * + * There's one region for the runtime .text/etc, one region for .init during + * boot only, and one region per livepatch. + */ struct virtual_region { struct list_head list; - const void *start; /* Virtual address start. */ - const void *end; /* Virtual address end. */ + + const void *text_start; /* .text virtual address start. */ + const void *text_end; /* .text virtual address end. */ /* If this is NULL the default lookup mechanism is used. */ symbols_lookup_t *symbols_lookup; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 03:44:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 03:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700276.1093150 (Exim 4.92) (envelope-from ) id 1rrrY9-0001B7-EN; Wed, 03 Apr 2024 03:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700276.1093150; Wed, 03 Apr 2024 03:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrY9-0001B0-Bf; Wed, 03 Apr 2024 03:44:33 +0000 Received: by outflank-mailman (input) for mailman id 700276; Wed, 03 Apr 2024 03:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrY8-0001AP-7p for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrY8-00084c-71 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrrY8-0001Lp-3l for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sdSnO0NAk9qUAYEkEeII3SjRdKkQc3GudxR5GR/7YPI=; b=bhTx/O8IfTTst5LMJIsQlKnA2i p1NPSHTysxxvSNCZV54PvrE//8lT4u0tDk+zEo4uBkFNQ2J1peblPEKLTBuI+GuGS5g7HSRIkSnRb Gf0botrJspcing3uLGvNk9X4STGKpUfxC5ztiW4KhAzBSokhvwYhps6NUwN/vmoY+jhQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] xen/virtual-region: Include rodata pointers Message-Id: Date: Wed, 03 Apr 2024 03:44:32 +0000 commit 335cbb55567b20df8e8bd2d1b340609e272ddab6 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:19:11 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:19:11 2024 +0200 xen/virtual-region: Include rodata pointers These are optional. .init doesn't distinguish types of data like this, and livepatches don't necesserily have any .rodata either. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: ef969144a425e39f5b214a875b5713d0ea8575fb master date: 2024-03-07 14:24:42 +0000 --- xen/common/livepatch.c | 6 ++++++ xen/common/virtual_region.c | 2 ++ xen/include/xen/virtual_region.h | 3 +++ 3 files changed, 11 insertions(+) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 29395f286f..28c09ddf58 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -788,6 +788,12 @@ static int prepare_payload(struct payload *payload, region->text_start = payload->text_addr; region->text_end = payload->text_addr + payload->text_size; + if ( payload->ro_size ) + { + region->rodata_start = payload->ro_addr; + region->rodata_end = payload->ro_addr + payload->ro_size; + } + /* Optional sections. */ for ( i = 0; i < BUGFRAME_NR; i++ ) { diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index b22ffb75c4..9c566f8ec9 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -13,6 +13,8 @@ static struct virtual_region core = { .list = LIST_HEAD_INIT(core.list), .text_start = _stext, .text_end = _etext, + .rodata_start = _srodata, + .rodata_end = _erodata, }; /* Becomes irrelevant when __init sections are cleared. */ diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index 442a45bf1f..dcdc95ba49 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -22,6 +22,9 @@ struct virtual_region const void *text_start; /* .text virtual address start. */ const void *text_end; /* .text virtual address end. */ + const void *rodata_start; /* .rodata virtual address start (optional). */ + const void *rodata_end; /* .rodata virtual address end. */ + /* If this is NULL the default lookup mechanism is used. */ symbols_lookup_t *symbols_lookup; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 03:44:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 03:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700278.1093154 (Exim 4.92) (envelope-from ) id 1rrrYJ-0001M3-Ff; Wed, 03 Apr 2024 03:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700278.1093154; Wed, 03 Apr 2024 03:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrYJ-0001Lv-DA; Wed, 03 Apr 2024 03:44:43 +0000 Received: by outflank-mailman (input) for mailman id 700278; Wed, 03 Apr 2024 03:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrYI-0001KI-At for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrYI-00084o-A1 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrrYI-0001MN-95 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aSK2s1N2BHLdeZIF2/RqSLfOXWUqduT8HtgJSdxjcJM=; b=QPj+hJBv8M5saJ8u5qgP33BwLJ rU/UkShN2gfgrkbm1FaArSSdjhdOHBvEYyVhsLm6CcClEOhQe1lj87UnYZGEi0vcgnVErOaB4lsdx 6x88lvihKuX9R0ciq8KXgDN3yy4jBVMXAEOzGe1hoAbCVF62QW+ucrMe+nQn0EfT0ass=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/livepatch: Relax permissions on rodata too Message-Id: Date: Wed, 03 Apr 2024 03:44:42 +0000 commit c3ff11b11c21777a9b1c616607705f3a7340b391 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:19:36 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:19:36 2024 +0200 x86/livepatch: Relax permissions on rodata too This reinstates the capability to patch .rodata in load/unload hooks, which was lost when we stopped using CR0.WP=0 to patch. This turns out to be rather less of a large TODO than I thought at the time. Fixes: 8676092a0f16 ("x86/livepatch: Fix livepatch application when CET is active") Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Ross Lagerwall master commit: b083b1c393dc8961acf0959b1d2e0ad459985ae3 master date: 2024-03-07 14:24:42 +0000 --- xen/arch/x86/livepatch.c | 4 ++-- xen/common/virtual_region.c | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/livepatch.c b/xen/arch/x86/livepatch.c index ee539f001b..4f76127e1f 100644 --- a/xen/arch/x86/livepatch.c +++ b/xen/arch/x86/livepatch.c @@ -62,7 +62,7 @@ int arch_livepatch_safety_check(void) int noinline arch_livepatch_quiesce(void) { /* - * Relax perms on .text to be RWX, so we can modify them. + * Relax perms on .text/.rodata, so we can modify them. * * This relaxes perms globally, but all other CPUs are waiting on us. */ @@ -75,7 +75,7 @@ int noinline arch_livepatch_quiesce(void) void noinline arch_livepatch_revive(void) { /* - * Reinstate perms on .text to be RX. This also cleans out the dirty + * Reinstate perms on .text/.rodata. This also cleans out the dirty * bits, which matters when CET Shstk is active. * * The other CPUs waiting for us could in principle have re-walked while diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 9c566f8ec9..aefc08e75f 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -91,9 +91,15 @@ void relax_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) + { modify_xen_mappings_lite((unsigned long)region->text_start, PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RWX); + if ( region->rodata_start ) + modify_xen_mappings_lite((unsigned long)region->rodata_start, + PAGE_ALIGN((unsigned long)region->rodata_end), + PAGE_HYPERVISOR_RW); + } rcu_read_unlock(&rcu_virtual_region_lock); } @@ -103,9 +109,15 @@ void tighten_virtual_region_perms(void) rcu_read_lock(&rcu_virtual_region_lock); list_for_each_entry_rcu( region, &virtual_region_list, list ) + { modify_xen_mappings_lite((unsigned long)region->text_start, PAGE_ALIGN((unsigned long)region->text_end), PAGE_HYPERVISOR_RX); + if ( region->rodata_start ) + modify_xen_mappings_lite((unsigned long)region->rodata_start, + PAGE_ALIGN((unsigned long)region->rodata_end), + PAGE_HYPERVISOR_RO); + } rcu_read_unlock(&rcu_virtual_region_lock); } #endif /* CONFIG_X86 */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 03:45:03 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 03:45:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700280.1093158 (Exim 4.92) (envelope-from ) id 1rrrYd-0001Sk-HQ; Wed, 03 Apr 2024 03:45:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700280.1093158; Wed, 03 Apr 2024 03:45:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrYd-0001Sc-Ev; Wed, 03 Apr 2024 03:45:03 +0000 Received: by outflank-mailman (input) for mailman id 700280; Wed, 03 Apr 2024 03:45:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrYc-0001SS-Gn for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:45:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrYc-00085p-Fz for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:45:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrrYc-0001aM-FC for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:45:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m4l0z6W37+6YcqmwXfLtvbkHlsgZORX/2F6innEd3CQ=; b=SgXCDmW/gKU62aYECl+Kzk6vVu VPQFMLtnEbTHrd5LOVscs2fsRGnwvFEAvrSgA2MQEUEizWOOCwz9x0qrr/AND6+OxqHOqQY8MRQjT Gi0UGRw5wilPOsFUf2AVU++UQ41DqH/qCNxNDMH45SMdBFo615GEeASA4uPdpblK7ViU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/boot: Support the watchdog on newer AMD systems Message-Id: Date: Wed, 03 Apr 2024 03:45:02 +0000 commit 2777b499f1f6d5cea68f9479f82d055542b822ad Author: Andrew Cooper AuthorDate: Tue Apr 2 16:20:30 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:20:30 2024 +0200 x86/boot: Support the watchdog on newer AMD systems The MSRs used by setup_k7_watchdog() are architectural in 64bit. The Unit Select (0x76, cycles not in halt state) isn't, but it hasn't changed in 25 years, making this a trend likely to continue. Drop the family check. If the Unit Select does happen to change meaning in the future, check_nmi_watchdog() will still notice the watchdog not operating as expected. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich master commit: 131892e0dcc1265b621c2b7d844cb9e7c3a4404f master date: 2024-03-19 18:29:37 +0000 --- xen/arch/x86/nmi.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index dd31034ac8..c7c51614a6 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -386,15 +386,12 @@ void setup_apic_nmi_watchdog(void) if ( nmi_watchdog == NMI_NONE ) return; - switch (boot_cpu_data.x86_vendor) { + switch ( boot_cpu_data.x86_vendor ) + { case X86_VENDOR_AMD: - switch (boot_cpu_data.x86) { - case 6: - case 0xf ... 0x19: - setup_k7_watchdog(); - break; - } + setup_k7_watchdog(); break; + case X86_VENDOR_INTEL: switch (boot_cpu_data.x86) { case 6: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 03:45:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 03:45:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700281.1093162 (Exim 4.92) (envelope-from ) id 1rrrYn-0001V5-Iw; Wed, 03 Apr 2024 03:45:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700281.1093162; Wed, 03 Apr 2024 03:45:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrYn-0001Ux-GM; Wed, 03 Apr 2024 03:45:13 +0000 Received: by outflank-mailman (input) for mailman id 700281; Wed, 03 Apr 2024 03:45:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrYm-0001Un-Jy for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:45:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrrYm-00085w-JF for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:45:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrrYm-0001f2-IJ for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 03:45:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r83kBQiSjXl7g1PmWbQsJcXDGFNnOB2niq/CFodcomw=; b=rrHc0ODzWuKCUaEswXj2mkxix0 CzPQludQaDhubkQgWpb6fWnfm4HpY1eb1PtFUeesZFBEYoi5fhK8AoPOnuBozidH5ZwhhEoKMdA/T 3z/6axuQosz0zviLjO0dfP2dKyzzxf0npxyvbVYWgaVvTOchDl1w4o2ZCdNI6LJ3fgJY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] tests/resource: Fix HVM guest in !SHADOW builds Message-Id: Date: Wed, 03 Apr 2024 03:45:12 +0000 commit 9bc40dbcf9eafccc1923b2555286bf6a2af03b7a Author: Andrew Cooper AuthorDate: Tue Apr 2 16:24:07 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 2 16:24:07 2024 +0200 tests/resource: Fix HVM guest in !SHADOW builds Right now, test-resource always creates HVM Shadow guests. But if Xen has SHADOW compiled out, running the test yields: $./test-resource XENMEM_acquire_resource tests Test x86 PV Created d1 Test grant table Test x86 PVH Skip: 95 - Operation not supported and doesn't really test HVM guests, but doesn't fail either. There's nothing paging-mode-specific about this test, so default to HAP if possible and provide a more specific message if neither HAP or Shadow are available. As we've got physinfo to hand, also provide more specific message about the absence of PV or HVM support. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné master commit: 0263dc9069ddb66335c72a159e09050b1600e56a master date: 2024-03-01 20:14:19 +0000 --- tools/tests/resource/test-resource.c | 39 ++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/tools/tests/resource/test-resource.c b/tools/tests/resource/test-resource.c index 0a950072f9..e2c4ba3478 100644 --- a/tools/tests/resource/test-resource.c +++ b/tools/tests/resource/test-resource.c @@ -20,6 +20,8 @@ static xc_interface *xch; static xenforeignmemory_handle *fh; static xengnttab_handle *gh; +static xc_physinfo_t physinfo; + static void test_gnttab(uint32_t domid, unsigned int nr_frames, unsigned long gfn) { @@ -172,6 +174,37 @@ static void test_domain_configurations(void) printf("Test %s\n", t->name); +#if defined(__x86_64__) || defined(__i386__) + if ( t->create.flags & XEN_DOMCTL_CDF_hvm ) + { + if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_hvm) ) + { + printf(" Skip: HVM not available\n"); + continue; + } + + /* + * On x86, use HAP guests if possible, but skip if neither HAP nor + * SHADOW is available. + */ + if ( physinfo.capabilities & XEN_SYSCTL_PHYSCAP_hap ) + t->create.flags |= XEN_DOMCTL_CDF_hap; + else if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_shadow) ) + { + printf(" Skip: Neither HAP or SHADOW available\n"); + continue; + } + } + else + { + if ( !(physinfo.capabilities & XEN_SYSCTL_PHYSCAP_pv) ) + { + printf(" Skip: PV not available\n"); + continue; + } + } +#endif + rc = xc_domain_create(xch, &domid, &t->create); if ( rc ) { @@ -214,6 +247,8 @@ static void test_domain_configurations(void) int main(int argc, char **argv) { + int rc; + printf("XENMEM_acquire_resource tests\n"); xch = xc_interface_open(NULL, NULL, 0); @@ -227,6 +262,10 @@ int main(int argc, char **argv) if ( !gh ) err(1, "xengnttab_open"); + rc = xc_physinfo(xch, &physinfo); + if ( rc ) + err(1, "Failed to obtain physinfo"); + test_domain_configurations(); return !!nr_failures; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 07:44:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 07:44:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700339.1093319 (Exim 4.92) (envelope-from ) id 1rrvHx-0005qS-Er; Wed, 03 Apr 2024 07:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700339.1093319; Wed, 03 Apr 2024 07:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvHx-0005qK-CB; Wed, 03 Apr 2024 07:44:05 +0000 Received: by outflank-mailman (input) for mailman id 700339; Wed, 03 Apr 2024 07:44:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvHv-0005qE-Se for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvHv-000542-Jy for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrvHv-0003dZ-I4 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iIf4oJ4s0fYcoLXIWs1dOAk7c23vYSr63qmjpBATAUY=; b=x8KUG78+tZI+7VqsLi0Gi2Z+fI gEx4U2fFNZlBO9caZMAY+PaVdt1B/NnpxNmjkPFjT8yCjh/0ahwscRkMhuPwcwW3VSkgi6+CKcWso lsE5gaFTH9cecNk82ZKtSHqjrRBhtY3QVgz9IhP0BUKhtwH4NlxKBrS38qoqRoejqctE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] drivers/char: mark extra reserved device memory in memory map Message-Id: Date: Wed, 03 Apr 2024 07:44:03 +0000 commit dd5101a6169f89b9e3f3b72f0b0fcdb38db2fb35 Author: Marek Marczykowski-Górecki AuthorDate: Wed Apr 3 09:34:22 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:34:22 2024 +0200 drivers/char: mark extra reserved device memory in memory map The IOMMU driver checks if RMRR/IVMD are marked as reserved in memory map. This should be true for addresses coming from the firmware, but when extra pages used by Xen itself are included in the mapping, those are taken from usable RAM used. Mark those pages as reserved too. Not marking the pages as reserved didn't caused issues before due to another a bug in IOMMU driver code, that was fixed in 83afa3135830 ("amd-vi: fix IVMD memory type checks"). Failing to reserve memory will lead to panic in IOMMU setup code. And not including the page in IOMMU mapping will lead to broken console (due to IOMMU faults). The pages chosen by the XHCI console driver should still be usable by the CPU though, and the console code already can deal with too slow console by dropping characters (and console not printing anything is a special case of "slow"). When reserving fails print an error message showing which pages failed and who requested them. This should be enough hint to find why XHCI console doesn't work. Fixes: 3a1a7b809ffa "drivers/char: mark DMA buffers as reserved for the XHCI" Signed-off-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich --- xen/drivers/passthrough/iommu.c | 17 +++++++++++++++++ xen/include/xen/iommu.h | 5 ++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 03587c0cd6..ba18136c46 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -22,6 +22,10 @@ #include #include +#ifdef CONFIG_X86 +#include +#endif + unsigned int __read_mostly iommu_dev_iotlb_timeout = 1000; integer_param("iommu_dev_iotlb_timeout", iommu_dev_iotlb_timeout); @@ -715,6 +719,19 @@ int __init iommu_get_extra_reserved_device_memory(iommu_grdm_t *func, for ( idx = 0; idx < nr_extra_reserved_ranges; idx++ ) { +#ifdef CONFIG_X86 + paddr_t start = pfn_to_paddr(extra_reserved_ranges[idx].start); + paddr_t end = pfn_to_paddr(extra_reserved_ranges[idx].start + + extra_reserved_ranges[idx].nr); + + if ( !reserve_e820_ram(&e820, start, end) ) + { + printk(XENLOG_ERR "Failed to reserve [%"PRIx64"-%"PRIx64") for %s, " + "skipping IOMMU mapping for it, some functionality may be broken\n", + start, end, extra_reserved_ranges[idx].name); + continue; + } +#endif ret = func(extra_reserved_ranges[idx].start, extra_reserved_ranges[idx].nr, extra_reserved_ranges[idx].sbdf.sbdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index a9c9457c07..92db6f124f 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -321,7 +321,8 @@ struct iommu_ops { }; /* - * To be called by Xen internally, to register extra RMRR/IVMD ranges. + * To be called by Xen internally, to register extra RMRR/IVMD ranges for RAM + * pages. * Needs to be called before IOMMU initialization. */ extern int iommu_add_extra_reserved_device_memory(unsigned long start, @@ -331,6 +332,8 @@ extern int iommu_add_extra_reserved_device_memory(unsigned long start, /* * To be called by specific IOMMU driver during initialization, * to fetch ranges registered with iommu_add_extra_reserved_device_memory(). + * This has a side effect of marking requested ranges as "reserved" in the + * memory map. */ extern int iommu_get_extra_reserved_device_memory(iommu_grdm_t *func, void *ctxt); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 07:44:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 07:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700340.1093322 (Exim 4.92) (envelope-from ) id 1rrvI7-0005sE-GD; Wed, 03 Apr 2024 07:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700340.1093322; Wed, 03 Apr 2024 07:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvI7-0005s6-Dk; Wed, 03 Apr 2024 07:44:15 +0000 Received: by outflank-mailman (input) for mailman id 700340; Wed, 03 Apr 2024 07:44:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvI5-0005rw-ON for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvI5-00054R-N7 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrvI5-0003er-M2 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VR+D4ZwcP+wX8suk32koyzaqviS7LWFo+DYMx5YGfuw=; b=Gsi18yMKz2YzZtEbEd9xZ2OgD2 xPm21BfEQS/WwT+7jdfz0pAQ3KSumEeoK/QcdKjWeL0fclqA8ic+QplTZdND09TUiSV4CXgDbiaJV vXcM9srt1tek8ayT/Lz7vDCxOQoKM17NRLq2kNrSo4/Gme976jOol2vQlIQDyN4SRwTg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/vPMU: address violations of MISRA C Rule 20.7 Message-Id: Date: Wed, 03 Apr 2024 07:44:13 +0000 commit a9b2a72926b85122c5eec628f54082e66812266e Author: Nicola Vetrini AuthorDate: Wed Apr 3 09:35:37 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:35:37 2024 +0200 x86/vPMU: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/include/asm/vpmu.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/include/asm/vpmu.h b/xen/arch/x86/include/asm/vpmu.h index f271f28e4a..dae9b43dac 100644 --- a/xen/arch/x86/include/asm/vpmu.h +++ b/xen/arch/x86/include/asm/vpmu.h @@ -23,8 +23,8 @@ #define MSR_TYPE_ARCH_CTRL 4 /* Start of PMU register bank */ -#define vpmu_reg_pointer(ctxt, offset) ((void *)((uintptr_t)ctxt + \ - (uintptr_t)ctxt->offset)) +#define vpmu_reg_pointer(ctxt, offset) ((void *)((uintptr_t)(ctxt) + \ + (uintptr_t)(ctxt)->offset)) /* Arch specific operations shared by all vpmus */ struct arch_vpmu_ops { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 07:44:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 07:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700341.1093327 (Exim 4.92) (envelope-from ) id 1rrvIH-0005uk-Hn; Wed, 03 Apr 2024 07:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700341.1093327; Wed, 03 Apr 2024 07:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIH-0005ua-F9; Wed, 03 Apr 2024 07:44:25 +0000 Received: by outflank-mailman (input) for mailman id 700341; Wed, 03 Apr 2024 07:44:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIF-0005uQ-Sr for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIF-00054i-QD for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrvIF-0003fr-PE for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PuUr7XH4oOrkLtLZif8XVqHgvXTMmrEtgj1nE15O2qQ=; b=MLhPop5OsaDlyB462srhytzvm0 hgJ6O2mPef3jOOb//V2ludyolhy0Het7kpLOZhnzglXlpBQ7Yug8pz6clp0h1A0uORz6s/xRdNzFq OGlhv+agawkclpaKXZcqbH61/HF9pdkfinZsuR+4QZ0wobXhdcptOCDtDehSzWYt7Dis=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvm: address violations of MISRA C Rule 20.7 Message-Id: Date: Wed, 03 Apr 2024 07:44:23 +0000 commit 5811fb4816477d14ac764e63073149c9281cb18c Author: Nicola Vetrini AuthorDate: Wed Apr 3 09:36:07 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:36:07 2024 +0200 x86/hvm: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/hvm/domain.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/domain.c b/xen/arch/x86/hvm/domain.c index 7f6e362a70..048f29ae49 100644 --- a/xen/arch/x86/hvm/domain.c +++ b/xen/arch/x86/hvm/domain.c @@ -132,9 +132,9 @@ int arch_set_info_hvm_guest(struct vcpu *v, const struct vcpu_hvm_context *ctx) s = (struct segment_register) \ { 0, { (r)->s ## _ar }, (r)->s ## _limit, (r)->s ## _base }; \ /* Set accessed / busy bit for present segments. */ \ - if ( s.p ) \ - s.type |= (x86_seg_##s != x86_seg_tr ? 1 : 2); \ - check_segment(&s, x86_seg_ ## s); }) + if ( (s).p ) \ + (s).type |= (x86_seg_ ## s != x86_seg_tr ? 1 : 2); \ + check_segment(&(s), x86_seg_ ## s); }) rc = SEG(cs, regs); rc |= SEG(ds, regs); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 07:44:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 07:44:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700342.1093331 (Exim 4.92) (envelope-from ) id 1rrvIR-0005yB-Kx; Wed, 03 Apr 2024 07:44:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700342.1093331; Wed, 03 Apr 2024 07:44:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIR-0005y3-I1; Wed, 03 Apr 2024 07:44:35 +0000 Received: by outflank-mailman (input) for mailman id 700342; Wed, 03 Apr 2024 07:44:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIP-0005xq-U1 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIP-00054p-TI for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrvIP-0003gG-SJ for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tDVjnrnWduDXgIwVEmuq21x3EW1CAOS2PLc74DbyZxY=; b=3OkoFfFFOnJJ629He0pBWgrCmN yW4iarIDc7rmuhHczWwwLsAy8zrBodp53enyl/ZvEMBkltY+TPvXY9FsXI4z5DSK1QUc0kA0XqLGx FdnXznKGarnjTd1lXhKFssxSf3XwwqwNWRqi8Qt8W4BIoOUMrFjT8WiLu61zOfHfQvcY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/mm: address violations of MISRA C Rule 20.7 Message-Id: Date: Wed, 03 Apr 2024 07:44:33 +0000 commit da88f434bc9f9fbc943c78f8b86ed0c94b148ee7 Author: Nicola Vetrini AuthorDate: Wed Apr 3 09:36:30 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:36:30 2024 +0200 xen/mm: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/include/xen/mm.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 3e84960a36..7561297a75 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -415,15 +415,15 @@ page_list_splice(struct page_list_head *list, struct page_list_head *head) } #define page_list_for_each(pos, head) \ - for ( pos = (head)->next; pos; pos = page_list_next(pos, head) ) + for ( (pos) = (head)->next; (pos); (pos) = page_list_next(pos, head) ) #define page_list_for_each_safe(pos, tmp, head) \ - for ( pos = (head)->next; \ - pos ? (tmp = page_list_next(pos, head), 1) : 0; \ - pos = tmp ) + for ( (pos) = (head)->next; \ + (pos) ? ((tmp) = page_list_next(pos, head), 1) : 0; \ + (pos) = (tmp) ) #define page_list_for_each_safe_reverse(pos, tmp, head) \ - for ( pos = (head)->tail; \ - pos ? (tmp = page_list_prev(pos, head), 1) : 0; \ - pos = tmp ) + for ( (pos) = (head)->tail; \ + (pos) ? ((tmp) = page_list_prev(pos, head), 1) : 0; \ + (pos) = (tmp) ) #else # define page_list_head list_head # define PAGE_LIST_HEAD_INIT LIST_HEAD_INIT -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 07:44:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 07:44:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700343.1093334 (Exim 4.92) (envelope-from ) id 1rrvIb-00061R-Lw; Wed, 03 Apr 2024 07:44:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700343.1093334; Wed, 03 Apr 2024 07:44:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIb-00061K-JT; Wed, 03 Apr 2024 07:44:45 +0000 Received: by outflank-mailman (input) for mailman id 700343; Wed, 03 Apr 2024 07:44:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIa-000616-0t for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIa-000550-0D for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrvIZ-0003gs-VP for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GFtQALKQWJqDtD9zL8T1wvtx+j3l7Icyc+uRyHnw46s=; b=JtQEqpWpNgPohgWjaBDW4C7wRE ARI7JEROxGzRUh1sfVGjuSYcvrRkjIPq7GpMaP1qEmw6ryiUOMiwfedkMSh3XA7T2N0/zxhlQiLL5 wX9FmNDBGPMlivG2rYFHOKVsXxft853MmE4GWocy3kNJHWZAJgQxcef9MSDmXF+dKW00=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/amd: address violations of MISRA C Rule 20.7 Message-Id: Date: Wed, 03 Apr 2024 07:44:43 +0000 commit 795c4e367b7bfa268a732b99de7cd3f79469cf3f Author: Nicola Vetrini AuthorDate: Wed Apr 3 09:37:00 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:37:00 2024 +0200 x86/amd: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/include/asm/amd.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/include/asm/amd.h b/xen/arch/x86/include/asm/amd.h index 2cc0ce2e9f..fa4e0fc766 100644 --- a/xen/arch/x86/include/asm/amd.h +++ b/xen/arch/x86/include/asm/amd.h @@ -119,7 +119,8 @@ #define AMD_LEGACY_ERRATUM(...) -1 /* legacy */, __VA_ARGS__, 0 #define AMD_OSVW_ERRATUM(osvw_id, ...) osvw_id, __VA_ARGS__, 0 #define AMD_MODEL_RANGE(f, m_start, s_start, m_end, s_end) \ - ((f << 24) | (m_start << 16) | (s_start << 12) | (m_end << 4) | (s_end)) + (((f) << 24) | ((m_start) << 16) | ((s_start) << 12) | \ + ((m_end) << 4) | (s_end)) #define AMD_MODEL_RANGE_FAMILY(range) (((range) >> 24) & 0xff) #define AMD_MODEL_RANGE_START(range) (((range) >> 12) & 0xfff) #define AMD_MODEL_RANGE_END(range) ((range) & 0xfff) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 07:44:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 07:44:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700344.1093339 (Exim 4.92) (envelope-from ) id 1rrvIl-000647-NY; Wed, 03 Apr 2024 07:44:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700344.1093339; Wed, 03 Apr 2024 07:44:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIl-000640-Ky; Wed, 03 Apr 2024 07:44:55 +0000 Received: by outflank-mailman (input) for mailman id 700344; Wed, 03 Apr 2024 07:44:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIk-00063p-4D for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIk-00055D-3E for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrvIk-0003hH-2H for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:44:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tdNaxw7k2r0xDaArhmEd6WHFboyTyAi4knIQLdeG4ys=; b=n2QNPjqqlyIBVrrbalfFF7PHhz i+CnKWVVqU+YdC8yO6c8K+9a/ORZB7sqqeiH56FobTzOk5Rm0/S7BrShGZVOsNmniCl7GzTkIH+KK /1Odw7534P5XouFBuyVc2rRuzmAimel3JrfFYwQKlwh5TonpaDwZ5erIo93BbtItV2hc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/domctl: address a violation of MISRA C:2012 Rule 16.3 Message-Id: Date: Wed, 03 Apr 2024 07:44:54 +0000 commit 2c205ce5c09bd506937e99de0bc33b06ce3e6911 Author: Federico Serafini AuthorDate: Wed Apr 3 09:37:26 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:37:26 2024 +0200 xen/domctl: address a violation of MISRA C:2012 Rule 16.3 Add break statement to address a violation of MISRA C:2012 Rule 16.3 ("An unconditional `break' statement shall terminate every switch-clause "). No functional change. Signed-off-by: Federico Serafini Reviewed-by: Jan Beulich --- xen/common/domctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/domctl.c b/xen/common/domctl.c index d94a9dae91..f2e0e36a17 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -316,6 +316,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) d = rcu_lock_domain_by_id(op->domain); if ( !d ) return -ESRCH; + break; } ret = xsm_domctl(XSM_OTHER, d, op->cmd); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 07:45:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 07:45:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700345.1093342 (Exim 4.92) (envelope-from ) id 1rrvIv-00066k-Ot; Wed, 03 Apr 2024 07:45:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700345.1093342; Wed, 03 Apr 2024 07:45:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIv-00066d-MS; Wed, 03 Apr 2024 07:45:05 +0000 Received: by outflank-mailman (input) for mailman id 700345; Wed, 03 Apr 2024 07:45:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIu-00066S-76 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:45:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvIu-000561-6K for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:45:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrvIu-0003hv-5R for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:45:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pqt5IIRiH+dssUyl8YX+i5hiB+SwefjVw8Dx7fEY7bk=; b=EqQ5MuvxyQEM+16HuNAtaJfY00 w9TUj4tKDW9B7X3wP3MYuIgHbjm7b25JpJk+ZHRInq2UGzvXYx8+Xg0VWFSdl3ITIRgRcDL/xXagi 25ALgvkCA2Bt7C6fONE0VyqnAUgtK3/5HLhEG09brMloVOAqElJWW71Qv+rEUwqWeels=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] console: address a violation of MISRA C:2012 Rule 16.3 Message-Id: Date: Wed, 03 Apr 2024 07:45:04 +0000 commit 163ea7d9a8ca5ac8f56822a3714d146e94a5e54d Author: Federico Serafini AuthorDate: Wed Apr 3 09:37:47 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:37:47 2024 +0200 console: address a violation of MISRA C:2012 Rule 16.3 Add break statement to address a violation of MISRA C:2012 Rule 16.3 ("An unconditional `break' statement shall terminate every switch-clause "). No functional change. Signed-off-by: Federico Serafini Reviewed-by: Jan Beulich --- xen/drivers/char/console.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index ccd5f8cc14..e185f80efe 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -568,6 +568,8 @@ static void __serial_rx(char c) if ( d != NULL ) rcu_unlock_domain(d); + + break; } #endif } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 07:45:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 07:45:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700346.1093346 (Exim 4.92) (envelope-from ) id 1rrvJ5-000696-QO; Wed, 03 Apr 2024 07:45:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700346.1093346; Wed, 03 Apr 2024 07:45:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvJ5-00068z-Ny; Wed, 03 Apr 2024 07:45:15 +0000 Received: by outflank-mailman (input) for mailman id 700346; Wed, 03 Apr 2024 07:45:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvJ4-00068n-A0 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:45:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvJ4-000568-9F for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:45:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrvJ4-0003ib-8V for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:45:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=czL7/K68bvrjLMoi7kD+d5MUWzJ3BtHRyeCJyeSzogw=; b=LJukUPUrNgNEjYIYAJ/b4Ny1Un 3yblpSodGlVqM7V6nK4cwHxS5nOm1wizZvsaIr/QiC9wdE6o+phTFWPpefZhY4kC3sE/yt/g89Rwd yRUfI8SdT9LwtCIeIYR4PfVGqkag/CTr6Vgcm458RxScHHkOKad+9oZeBWDCtd9x7Yxo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/evtchn: address a violation of MISRA C:2012 Rule 16.3 Message-Id: Date: Wed, 03 Apr 2024 07:45:14 +0000 commit cde0c58714332f3775105f2c6cfd010a7c919837 Author: Federico Serafini AuthorDate: Wed Apr 3 09:38:22 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:38:22 2024 +0200 xen/evtchn: address a violation of MISRA C:2012 Rule 16.3 Add break statement to address a violation of MISRA C:2012 Rule 16.3 ("An unconditional `break' statement shall terminate every switch-clause "). No functional change. Signed-off-by: Federico Serafini Reviewed-by: Jan Beulich --- xen/common/event_channel.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index 20f586cf5e..aceee0695f 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -853,6 +853,7 @@ int evtchn_send(struct domain *ld, unsigned int lport) break; default: ret = -EINVAL; + break; } out: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 07:45:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 07:45:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700347.1093351 (Exim 4.92) (envelope-from ) id 1rrvJF-0006Bs-SD; Wed, 03 Apr 2024 07:45:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700347.1093351; Wed, 03 Apr 2024 07:45:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvJF-0006Bk-PW; Wed, 03 Apr 2024 07:45:25 +0000 Received: by outflank-mailman (input) for mailman id 700347; Wed, 03 Apr 2024 07:45:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvJE-0006BT-D1 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:45:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rrvJE-00056F-CF for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:45:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rrvJE-0003j8-BU for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 07:45:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=V7Cz6qC1s4b3fFg2rQAXDePokNLlkO9vHWlw+ERIHec=; b=cWdLY8NRKlNJTfG884EMKr1slh QPCdV/amcu0N/Z8ewBwTVw0nnu607WY33fF3MNIH1ZK7+YsXTGxpRwourzDw8DQ0M3PY1pVUF5dbE azk3S4QsfDTFxsi6Y3igMwG8RvcYkkc4suR9SYYHyFRFA5LMqIPIxJ6bP1USilS9SQJA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/vm-event: address a violation of MISRA C:2012 Rule 16.3 Message-Id: Date: Wed, 03 Apr 2024 07:45:24 +0000 commit ac682fbac14a4286645810c02f60a2ba844b6c0a Author: Federico Serafini AuthorDate: Wed Apr 3 09:38:41 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:38:41 2024 +0200 xen/vm-event: address a violation of MISRA C:2012 Rule 16.3 Add break statement to address a violation of MISRA C:2012 Rule 16.3 ("An unconditional `break' statement shall terminate every switch-clause "). No functional change. Signed-off-by: Federico Serafini Acked-by: Tamas K Lengyel --- xen/common/vm_event.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c index ecf49c38a9..fbf1aa0848 100644 --- a/xen/common/vm_event.c +++ b/xen/common/vm_event.c @@ -770,6 +770,7 @@ int vm_event_domctl(struct domain *d, struct xen_domctl_vm_event_op *vec) default: rc = -ENOSYS; + break; } return rc; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 23:33:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 23:33:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700640.1094098 (Exim 4.92) (envelope-from ) id 1rsA6L-0008E0-Bo; Wed, 03 Apr 2024 23:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700640.1094098; Wed, 03 Apr 2024 23:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6L-0008Ds-99; Wed, 03 Apr 2024 23:33:05 +0000 Received: by outflank-mailman (input) for mailman id 700640; Wed, 03 Apr 2024 23:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6K-0008Dm-6q for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6J-0001o0-Lm for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsA6J-0005ET-KU for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KBpWlu/RDDSnE6mCRkNnnb3GWahOvcW1zdhnKw1vuCI=; b=AshZDsXGO8U/xnQIxEku7q1tGj s+KtMLlPiI7xcKP26DPrcnKqdncHhx07gGe8HoS4/CE+MPbeCdDec0/d/l41lVSI/D47oh+wfR+9r heWIRBCf8+MA+qr0yhKs3szKOU5jq09EuvE/fZAnccPZipi1cRDNl8RGG0nLlWMqLMAo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: ffa: rename functions to use ffa_ prefix Message-Id: Date: Wed, 03 Apr 2024 23:33:03 +0000 commit b21cbaf6ba5d69eab8f8a8a29223069fd3d815f8 Author: Jens Wiklander AuthorDate: Mon Mar 25 10:38:59 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:08:14 2024 -0700 xen/arm: ffa: rename functions to use ffa_ prefix Prepare to separate into modules by renaming functions that will need new names when becoming non-static in the following commit. Signed-off-by: Jens Wiklander Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/ffa.c | 125 +++++++++++++++++++++++++------------------------ 1 file changed, 65 insertions(+), 60 deletions(-) diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index 9a05dcede1..0344a0f17e 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -4,7 +4,7 @@ * * Arm Firmware Framework for ARMv8-A (FF-A) mediator * - * Copyright (C) 2023 Linaro Limited + * Copyright (C) 2023-2024 Linaro Limited * * References: * FF-A-1.0-REL: FF-A specification version 1.0 available at @@ -473,7 +473,7 @@ static bool ffa_get_version(uint32_t *vers) return true; } -static int32_t get_ffa_ret_code(const struct arm_smccc_1_2_regs *resp) +static int32_t ffa_get_ret_code(const struct arm_smccc_1_2_regs *resp) { switch ( resp->a0 ) { @@ -504,7 +504,7 @@ static int32_t ffa_simple_call(uint32_t fid, register_t a1, register_t a2, arm_smccc_1_2_smc(&arg, &resp); - return get_ffa_ret_code(&resp); + return ffa_get_ret_code(&resp); } static int32_t ffa_features(uint32_t id) @@ -546,7 +546,7 @@ static int32_t ffa_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, arm_smccc_1_2_smc(&arg, &resp); - ret = get_ffa_ret_code(&resp); + ret = ffa_get_ret_code(&resp); if ( !ret ) { *count = resp.a2; @@ -654,15 +654,16 @@ static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id, return res; } -static uint16_t get_vm_id(const struct domain *d) +static uint16_t ffa_get_vm_id(const struct domain *d) { /* +1 since 0 is reserved for the hypervisor in FF-A */ return d->domain_id + 1; } -static void set_regs(struct cpu_user_regs *regs, register_t v0, register_t v1, - register_t v2, register_t v3, register_t v4, register_t v5, - register_t v6, register_t v7) +static void ffa_set_regs(struct cpu_user_regs *regs, register_t v0, + register_t v1, register_t v2, register_t v3, + register_t v4, register_t v5, register_t v6, + register_t v7) { set_user_reg(regs, 0, v0); set_user_reg(regs, 1, v1); @@ -674,15 +675,15 @@ static void set_regs(struct cpu_user_regs *regs, register_t v0, register_t v1, set_user_reg(regs, 7, v7); } -static void set_regs_error(struct cpu_user_regs *regs, uint32_t error_code) +static void ffa_set_regs_error(struct cpu_user_regs *regs, uint32_t error_code) { - set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0); + ffa_set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0); } -static void set_regs_success(struct cpu_user_regs *regs, uint32_t w2, +static void ffa_set_regs_success(struct cpu_user_regs *regs, uint32_t w2, uint32_t w3) { - set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0); + ffa_set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0); } static void handle_version(struct cpu_user_regs *regs) @@ -697,11 +698,11 @@ static void handle_version(struct cpu_user_regs *regs) vers = FFA_VERSION_1_1; ctx->guest_vers = vers; - set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0); + ffa_set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0); } -static uint32_t handle_rxtx_map(uint32_t fid, register_t tx_addr, - register_t rx_addr, uint32_t page_count) +static uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t tx_addr, + register_t rx_addr, uint32_t page_count) { uint32_t ret = FFA_RET_INVALID_PARAMETERS; struct domain *d = current->domain; @@ -789,7 +790,7 @@ static void rxtx_unmap(struct ffa_ctx *ctx) ctx->rx_is_free = false; } -static uint32_t handle_rxtx_unmap(void) +static uint32_t ffa_handle_rxtx_unmap(void) { struct domain *d = current->domain; struct ffa_ctx *ctx = d->arch.tee; @@ -802,9 +803,10 @@ static uint32_t handle_rxtx_unmap(void) return FFA_RET_OK; } -static int32_t handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, - uint32_t w4, uint32_t w5, - uint32_t *count, uint32_t *fpi_size) +static int32_t ffa_handle_partition_info_get(uint32_t w1, uint32_t w2, + uint32_t w3, uint32_t w4, + uint32_t w5, uint32_t *count, + uint32_t *fpi_size) { int32_t ret = FFA_RET_DENIED; struct domain *d = current->domain; @@ -883,7 +885,7 @@ out: return ret; } -static int32_t handle_rx_release(void) +static int32_t ffa_handle_rx_release(void) { int32_t ret = FFA_RET_DENIED; struct domain *d = current->domain; @@ -916,7 +918,7 @@ static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid) mask = GENMASK_ULL(31, 0); src_dst = get_user_reg(regs, 1); - if ( (src_dst >> 16) != get_vm_id(d) ) + if ( (src_dst >> 16) != ffa_get_vm_id(d) ) { resp.a0 = FFA_ERROR; resp.a2 = FFA_RET_INVALID_PARAMETERS; @@ -949,8 +951,9 @@ static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid) } out: - set_regs(regs, resp.a0, resp.a1 & mask, resp.a2 & mask, resp.a3 & mask, - resp.a4 & mask, resp.a5 & mask, resp.a6 & mask, resp.a7 & mask); + ffa_set_regs(regs, resp.a0, resp.a1 & mask, resp.a2 & mask, resp.a3 & mask, + resp.a4 & mask, resp.a5 & mask, resp.a6 & mask, + resp.a7 & mask); } /* @@ -1249,7 +1252,7 @@ static int read_mem_transaction(uint32_t ffa_vers, const void *buf, size_t blen, return 0; } -static void handle_mem_share(struct cpu_user_regs *regs) +static void ffa_handle_mem_share(struct cpu_user_regs *regs) { uint32_t tot_len = get_user_reg(regs, 1); uint32_t frag_len = get_user_reg(regs, 2); @@ -1318,7 +1321,7 @@ static void handle_mem_share(struct cpu_user_regs *regs) goto out_unlock; } - if ( trans.sender_id != get_vm_id(d) ) + if ( trans.sender_id != ffa_get_vm_id(d) ) { ret = FFA_RET_INVALID_PARAMETERS; goto out_unlock; @@ -1402,9 +1405,9 @@ out_unlock: out_set_ret: if ( ret == 0) - set_regs_success(regs, handle_lo, handle_hi); + ffa_set_regs_success(regs, handle_lo, handle_hi); else - set_regs_error(regs, ret); + ffa_set_regs_error(regs, ret); } /* Must only be called with ctx->lock held */ @@ -1419,7 +1422,7 @@ static struct ffa_shm_mem *find_shm_mem(struct ffa_ctx *ctx, uint64_t handle) return NULL; } -static int handle_mem_reclaim(uint64_t handle, uint32_t flags) +static int ffa_handle_mem_reclaim(uint64_t handle, uint32_t flags) { struct domain *d = current->domain; struct ffa_ctx *ctx = d->arch.tee; @@ -1471,41 +1474,42 @@ static bool ffa_handle_call(struct cpu_user_regs *regs) handle_version(regs); return true; case FFA_ID_GET: - set_regs_success(regs, get_vm_id(d), 0); + ffa_set_regs_success(regs, ffa_get_vm_id(d), 0); return true; case FFA_RXTX_MAP_32: case FFA_RXTX_MAP_64: - e = handle_rxtx_map(fid, get_user_reg(regs, 1), get_user_reg(regs, 2), - get_user_reg(regs, 3)); + e = ffa_handle_rxtx_map(fid, get_user_reg(regs, 1), + get_user_reg(regs, 2), get_user_reg(regs, 3)); if ( e ) - set_regs_error(regs, e); + ffa_set_regs_error(regs, e); else - set_regs_success(regs, 0, 0); + ffa_set_regs_success(regs, 0, 0); return true; case FFA_RXTX_UNMAP: - e = handle_rxtx_unmap(); + e = ffa_handle_rxtx_unmap(); if ( e ) - set_regs_error(regs, e); + ffa_set_regs_error(regs, e); else - set_regs_success(regs, 0, 0); + ffa_set_regs_success(regs, 0, 0); return true; case FFA_PARTITION_INFO_GET: - e = handle_partition_info_get(get_user_reg(regs, 1), - get_user_reg(regs, 2), - get_user_reg(regs, 3), - get_user_reg(regs, 4), - get_user_reg(regs, 5), &count, &fpi_size); + e = ffa_handle_partition_info_get(get_user_reg(regs, 1), + get_user_reg(regs, 2), + get_user_reg(regs, 3), + get_user_reg(regs, 4), + get_user_reg(regs, 5), &count, + &fpi_size); if ( e ) - set_regs_error(regs, e); + ffa_set_regs_error(regs, e); else - set_regs_success(regs, count, fpi_size); + ffa_set_regs_success(regs, count, fpi_size); return true; case FFA_RX_RELEASE: - e = handle_rx_release(); + e = ffa_handle_rx_release(); if ( e ) - set_regs_error(regs, e); + ffa_set_regs_error(regs, e); else - set_regs_success(regs, 0, 0); + ffa_set_regs_success(regs, 0, 0); return true; case FFA_MSG_SEND_DIRECT_REQ_32: case FFA_MSG_SEND_DIRECT_REQ_64: @@ -1513,21 +1517,21 @@ static bool ffa_handle_call(struct cpu_user_regs *regs) return true; case FFA_MEM_SHARE_32: case FFA_MEM_SHARE_64: - handle_mem_share(regs); + ffa_handle_mem_share(regs); return true; case FFA_MEM_RECLAIM: - e = handle_mem_reclaim(regpair_to_uint64(get_user_reg(regs, 2), - get_user_reg(regs, 1)), - get_user_reg(regs, 3)); + e = ffa_handle_mem_reclaim(regpair_to_uint64(get_user_reg(regs, 2), + get_user_reg(regs, 1)), + get_user_reg(regs, 3)); if ( e ) - set_regs_error(regs, e); + ffa_set_regs_error(regs, e); else - set_regs_success(regs, 0, 0); + ffa_set_regs_success(regs, 0, 0); return true; default: gprintk(XENLOG_ERR, "ffa: unhandled fid 0x%x\n", fid); - set_regs_error(regs, FFA_RET_NOT_SUPPORTED); + ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED); return true; } } @@ -1593,12 +1597,12 @@ static int ffa_domain_init(struct domain *d) for ( n = 0; n < subscr_vm_created_count; n++ ) { - res = ffa_direct_req_send_vm(subscr_vm_created[n], get_vm_id(d), + res = ffa_direct_req_send_vm(subscr_vm_created[n], ffa_get_vm_id(d), FFA_MSG_SEND_VM_CREATED); if ( res ) { printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u to %u: res %d\n", - get_vm_id(d), subscr_vm_created[n], res); + ffa_get_vm_id(d), subscr_vm_created[n], res); break; } } @@ -1620,13 +1624,13 @@ static void send_vm_destroyed(struct domain *d) if ( !test_bit(n, ctx->vm_destroy_bitmap) ) continue; - res = ffa_direct_req_send_vm(subscr_vm_destroyed[n], get_vm_id(d), + res = ffa_direct_req_send_vm(subscr_vm_destroyed[n], ffa_get_vm_id(d), FFA_MSG_SEND_VM_DESTROYED); if ( res ) { printk(XENLOG_ERR "%pd: ffa: Failed to report destruction of vm_id %u to %u: res %d\n", - d, get_vm_id(d), subscr_vm_destroyed[n], res); + d, ffa_get_vm_id(d), subscr_vm_destroyed[n], res); } /* @@ -1640,7 +1644,7 @@ static void send_vm_destroyed(struct domain *d) } } -static void reclaim_shms(struct domain *d) +static void ffa_reclaim_shms(struct domain *d) { struct ffa_ctx *ctx = d->arch.tee; struct ffa_shm_mem *shm, *tmp; @@ -1699,7 +1703,7 @@ static void ffa_domain_teardown_continue(struct ffa_ctx *ctx, bool first_time) struct ffa_ctx *next_ctx = NULL; send_vm_destroyed(ctx->teardown_d); - reclaim_shms(ctx->teardown_d); + ffa_reclaim_shms(ctx->teardown_d); if ( ctx->shm_count || !bitmap_empty(ctx->vm_destroy_bitmap, subscr_vm_destroyed_count) ) @@ -1719,7 +1723,8 @@ static void ffa_domain_teardown_continue(struct ffa_ctx *ctx, bool first_time) { /* * domain_destroy() might have been called (via put_domain() in - * reclaim_shms()), so we can't touch the domain structure anymore. + * ffa_reclaim_shms()), so we can't touch the domain structure + * anymore. */ xfree(ctx); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 23:33:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 23:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700641.1094102 (Exim 4.92) (envelope-from ) id 1rsA6V-0008HG-De; Wed, 03 Apr 2024 23:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700641.1094102; Wed, 03 Apr 2024 23:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6V-0008H8-Af; Wed, 03 Apr 2024 23:33:15 +0000 Received: by outflank-mailman (input) for mailman id 700641; Wed, 03 Apr 2024 23:33:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6T-0008Gu-Qx for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6T-0001o7-Pg for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsA6T-0005F1-Nz for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sklhcngnTa4bjrtwR8Av6okl0OOAVm4WIKj+MqivM5M=; b=bkMwRQECAtq7KJycYvkD7v2Stb B/tikQfbkb21tip2qmkzMD9cDq4nT6MpXJeAtUiGMOjG1NRvtbzHRw1Q301DAAuKdSL1AnQWf33iz 6z1d8dZoI8CJPa85zh8xlzN8O/Ac4+/Qs84GFRfxUevibairZbVTUMSBGaBLdPw22uAo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: ffa: move common things to ffa_private.h Message-Id: Date: Wed, 03 Apr 2024 23:33:13 +0000 commit bb584ec036833fba4dfac729867e06d59e138c2d Author: Jens Wiklander AuthorDate: Mon Mar 25 10:39:00 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:08:26 2024 -0700 xen/arm: ffa: move common things to ffa_private.h Prepare to separate ffa.c into modules by moving common things into the new internal header file ffa_private.h. Signed-off-by: Jens Wiklander Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/ffa.c | 298 +------------------------------------- xen/arch/arm/tee/ffa_private.h | 318 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 319 insertions(+), 297 deletions(-) diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index 0344a0f17e..259851f20b 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -63,204 +63,7 @@ #include #include -/* Error codes */ -#define FFA_RET_OK 0 -#define FFA_RET_NOT_SUPPORTED -1 -#define FFA_RET_INVALID_PARAMETERS -2 -#define FFA_RET_NO_MEMORY -3 -#define FFA_RET_BUSY -4 -#define FFA_RET_INTERRUPTED -5 -#define FFA_RET_DENIED -6 -#define FFA_RET_RETRY -7 -#define FFA_RET_ABORTED -8 - -/* FFA_VERSION helpers */ -#define FFA_VERSION_MAJOR_SHIFT 16U -#define FFA_VERSION_MAJOR_MASK 0x7FFFU -#define FFA_VERSION_MINOR_SHIFT 0U -#define FFA_VERSION_MINOR_MASK 0xFFFFU -#define MAKE_FFA_VERSION(major, minor) \ - ((((major) & FFA_VERSION_MAJOR_MASK) << FFA_VERSION_MAJOR_SHIFT) | \ - ((minor) & FFA_VERSION_MINOR_MASK)) - -#define FFA_VERSION_1_0 MAKE_FFA_VERSION(1, 0) -#define FFA_VERSION_1_1 MAKE_FFA_VERSION(1, 1) -/* The minimal FF-A version of the SPMC that can be supported */ -#define FFA_MIN_SPMC_VERSION FFA_VERSION_1_1 - -/* - * This is the version we want to use in communication with guests and SPs. - * During negotiation with a guest or a SP we may need to lower it for - * that particular guest or SP. - */ -#define FFA_MY_VERSION_MAJOR 1U -#define FFA_MY_VERSION_MINOR 1U -#define FFA_MY_VERSION MAKE_FFA_VERSION(FFA_MY_VERSION_MAJOR, \ - FFA_MY_VERSION_MINOR) - -/* - * The FF-A specification explicitly works with 4K pages as a measure of - * memory size, for example, FFA_RXTX_MAP takes one parameter "RX/TX page - * count" which is the number of contiguous 4K pages allocated. Xen may use - * a different page size depending on the configuration to avoid confusion - * with PAGE_SIZE use a special define when it's a page size as in the FF-A - * specification. - */ -#define FFA_PAGE_SIZE SZ_4K - -/* - * The number of pages used for each of the RX and TX buffers shared with - * the SPMC. - */ -#define FFA_RXTX_PAGE_COUNT 1 - -/* - * Limit the number of pages RX/TX buffers guests can map. - * TODO support a larger number. - */ -#define FFA_MAX_RXTX_PAGE_COUNT 1 - -/* - * Limit for shared buffer size. Please note that this define limits - * number of pages. - * - * FF-A doesn't have any direct requirements on GlobalPlatform or vice - * versa, but an implementation can very well use FF-A in order to provide - * a GlobalPlatform interface on top. - * - * Global Platform specification for TEE requires that any TEE - * implementation should allow to share buffers with size of at least - * 512KB, defined in TEEC-1.0C page 24, Table 4-1, - * TEEC_CONFIG_SHAREDMEM_MAX_SIZE. - * Due to overhead which can be hard to predict exactly, double this number - * to give a safe margin. - */ -#define FFA_MAX_SHM_PAGE_COUNT (2 * SZ_512K / FFA_PAGE_SIZE) - -/* - * Limits the number of shared buffers that guest can have at once. This - * is to prevent case, when guests trick XEN into exhausting its own - * memory by allocating many small buffers. This value has been chosen - * arbitrarily. - */ -#define FFA_MAX_SHM_COUNT 32 - -/* - * The time we wait until trying to tear down a domain again if it was - * blocked initially. - */ -#define FFA_CTX_TEARDOWN_DELAY SECONDS(1) - -/* FF-A-1.1-REL0 section 10.9.2 Memory region handle, page 167 */ -#define FFA_HANDLE_HYP_FLAG BIT(63, ULL) -#define FFA_HANDLE_INVALID 0xffffffffffffffffULL - -/* - * Memory attributes: Normal memory, Write-Back cacheable, Inner shareable - * Defined in FF-A-1.1-REL0 Table 10.18 at page 175. - */ -#define FFA_NORMAL_MEM_REG_ATTR 0x2fU -/* - * Memory access permissions: Read-write - * Defined in FF-A-1.1-REL0 Table 10.15 at page 168. - */ -#define FFA_MEM_ACC_RW 0x2U - -/* FF-A-1.1-REL0 section 10.11.4 Flags usage, page 184-187 */ -/* Clear memory before mapping in receiver */ -#define FFA_MEMORY_REGION_FLAG_CLEAR BIT(0, U) -/* Relayer may time slice this operation */ -#define FFA_MEMORY_REGION_FLAG_TIME_SLICE BIT(1, U) -/* Clear memory after receiver relinquishes it */ -#define FFA_MEMORY_REGION_FLAG_CLEAR_RELINQUISH BIT(2, U) -/* Share memory transaction */ -#define FFA_MEMORY_REGION_TRANSACTION_TYPE_SHARE (1U << 3) - -/* - * Flags and field values used for the MSG_SEND_DIRECT_REQ/RESP: - * BIT(31): Framework or partition message - * BIT(7-0): Message type for frameworks messages - */ -#define FFA_MSG_FLAG_FRAMEWORK BIT(31, U) -#define FFA_MSG_TYPE_MASK 0xFFU; -#define FFA_MSG_PSCI 0x0U -#define FFA_MSG_SEND_VM_CREATED 0x4U -#define FFA_MSG_RESP_VM_CREATED 0x5U -#define FFA_MSG_SEND_VM_DESTROYED 0x6U -#define FFA_MSG_RESP_VM_DESTROYED 0x7U - -/* - * Flags to determine partition properties in FFA_PARTITION_INFO_GET return - * message: - * BIT(0): Supports receipt of direct requests - * BIT(1): Can send direct requests - * BIT(2): Can send and receive indirect messages - * BIT(3): Supports receipt of notifications - * BIT(4-5): Partition ID is a PE endpoint ID - * BIT(6): Partition must be informed about each VM that is created by - * the Hypervisor - * BIT(7): Partition must be informed about each VM that is destroyed by - * the Hypervisor - * BIT(8): Partition runs in the AArch64 execution state else AArch32 - * execution state - */ -#define FFA_PART_PROP_DIRECT_REQ_RECV BIT(0, U) -#define FFA_PART_PROP_DIRECT_REQ_SEND BIT(1, U) -#define FFA_PART_PROP_INDIRECT_MSGS BIT(2, U) -#define FFA_PART_PROP_RECV_NOTIF BIT(3, U) -#define FFA_PART_PROP_IS_TYPE_MASK (3U << 4) -#define FFA_PART_PROP_IS_PE_ID (0U << 4) -#define FFA_PART_PROP_IS_SEPID_INDEP (1U << 4) -#define FFA_PART_PROP_IS_SEPID_DEP (2U << 4) -#define FFA_PART_PROP_IS_AUX_ID (3U << 4) -#define FFA_PART_PROP_NOTIF_CREATED BIT(6, U) -#define FFA_PART_PROP_NOTIF_DESTROYED BIT(7, U) -#define FFA_PART_PROP_AARCH64_STATE BIT(8, U) - -/* - * Flag used as parameter to FFA_PARTITION_INFO_GET to return partition - * count only. - */ -#define FFA_PARTITION_INFO_GET_COUNT_FLAG BIT(0, U) - -/* Function IDs */ -#define FFA_ERROR 0x84000060U -#define FFA_SUCCESS_32 0x84000061U -#define FFA_SUCCESS_64 0xC4000061U -#define FFA_INTERRUPT 0x84000062U -#define FFA_VERSION 0x84000063U -#define FFA_FEATURES 0x84000064U -#define FFA_RX_ACQUIRE 0x84000084U -#define FFA_RX_RELEASE 0x84000065U -#define FFA_RXTX_MAP_32 0x84000066U -#define FFA_RXTX_MAP_64 0xC4000066U -#define FFA_RXTX_UNMAP 0x84000067U -#define FFA_PARTITION_INFO_GET 0x84000068U -#define FFA_ID_GET 0x84000069U -#define FFA_SPM_ID_GET 0x84000085U -#define FFA_MSG_WAIT 0x8400006BU -#define FFA_MSG_YIELD 0x8400006CU -#define FFA_RUN 0x8400006DU -#define FFA_MSG_SEND2 0x84000086U -#define FFA_MSG_SEND_DIRECT_REQ_32 0x8400006FU -#define FFA_MSG_SEND_DIRECT_REQ_64 0xC400006FU -#define FFA_MSG_SEND_DIRECT_RESP_32 0x84000070U -#define FFA_MSG_SEND_DIRECT_RESP_64 0xC4000070U -#define FFA_MEM_DONATE_32 0x84000071U -#define FFA_MEM_DONATE_64 0xC4000071U -#define FFA_MEM_LEND_32 0x84000072U -#define FFA_MEM_LEND_64 0xC4000072U -#define FFA_MEM_SHARE_32 0x84000073U -#define FFA_MEM_SHARE_64 0xC4000073U -#define FFA_MEM_RETRIEVE_REQ_32 0x84000074U -#define FFA_MEM_RETRIEVE_REQ_64 0xC4000074U -#define FFA_MEM_RETRIEVE_RESP 0x84000075U -#define FFA_MEM_RELINQUISH 0x84000076U -#define FFA_MEM_RECLAIM 0x84000077U -#define FFA_MEM_FRAG_RX 0x8400007AU -#define FFA_MEM_FRAG_TX 0x8400007BU -#define FFA_MSG_SEND 0x8400006EU -#define FFA_MSG_POLL 0x8400006AU +#include "ffa_private.h" /* * Structs below ending with _1_0 are defined in FF-A-1.0-REL and @@ -382,39 +185,6 @@ struct ffa_endpoint_rxtx_descriptor_1_1 { uint32_t tx_region_offs; }; -struct ffa_ctx { - void *rx; - const void *tx; - struct page_info *rx_pg; - struct page_info *tx_pg; - /* Number of 4kB pages in each of rx/rx_pg and tx/tx_pg */ - unsigned int page_count; - /* FF-A version used by the guest */ - uint32_t guest_vers; - bool rx_is_free; - /* Used shared memory objects, struct ffa_shm_mem */ - struct list_head shm_list; - /* Number of allocated shared memory object */ - unsigned int shm_count; - /* - * tx_lock is used to serialize access to tx - * rx_lock is used to serialize access to rx - * lock is used for the rest in this struct - */ - spinlock_t tx_lock; - spinlock_t rx_lock; - spinlock_t lock; - /* Used if domain can't be torn down immediately */ - struct domain *teardown_d; - struct list_head teardown_list; - s_time_t teardown_expire; - /* - * Used for ffa_domain_teardown() to keep track of which SPs should be - * notified that this guest is being destroyed. - */ - unsigned long vm_destroy_bitmap[]; -}; - struct ffa_shm_mem { struct list_head list; uint16_t sender_id; @@ -473,40 +243,6 @@ static bool ffa_get_version(uint32_t *vers) return true; } -static int32_t ffa_get_ret_code(const struct arm_smccc_1_2_regs *resp) -{ - switch ( resp->a0 ) - { - case FFA_ERROR: - if ( resp->a2 ) - return resp->a2; - else - return FFA_RET_NOT_SUPPORTED; - case FFA_SUCCESS_32: - case FFA_SUCCESS_64: - return FFA_RET_OK; - default: - return FFA_RET_NOT_SUPPORTED; - } -} - -static int32_t ffa_simple_call(uint32_t fid, register_t a1, register_t a2, - register_t a3, register_t a4) -{ - const struct arm_smccc_1_2_regs arg = { - .a0 = fid, - .a1 = a1, - .a2 = a2, - .a3 = a3, - .a4 = a4, - }; - struct arm_smccc_1_2_regs resp; - - arm_smccc_1_2_smc(&arg, &resp); - - return ffa_get_ret_code(&resp); -} - static int32_t ffa_features(uint32_t id) { return ffa_simple_call(FFA_FEATURES, id, 0, 0, 0); @@ -654,38 +390,6 @@ static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id, return res; } -static uint16_t ffa_get_vm_id(const struct domain *d) -{ - /* +1 since 0 is reserved for the hypervisor in FF-A */ - return d->domain_id + 1; -} - -static void ffa_set_regs(struct cpu_user_regs *regs, register_t v0, - register_t v1, register_t v2, register_t v3, - register_t v4, register_t v5, register_t v6, - register_t v7) -{ - set_user_reg(regs, 0, v0); - set_user_reg(regs, 1, v1); - set_user_reg(regs, 2, v2); - set_user_reg(regs, 3, v3); - set_user_reg(regs, 4, v4); - set_user_reg(regs, 5, v5); - set_user_reg(regs, 6, v6); - set_user_reg(regs, 7, v7); -} - -static void ffa_set_regs_error(struct cpu_user_regs *regs, uint32_t error_code) -{ - ffa_set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0); -} - -static void ffa_set_regs_success(struct cpu_user_regs *regs, uint32_t w2, - uint32_t w3) -{ - ffa_set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0); -} - static void handle_version(struct cpu_user_regs *regs) { struct domain *d = current->domain; diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h new file mode 100644 index 0000000000..8352b6b55a --- /dev/null +++ b/xen/arch/arm/tee/ffa_private.h @@ -0,0 +1,318 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 Linaro Limited + */ + +#ifndef __FFA_PRIVATE_H__ +#define __FFA_PRIVATE_H__ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* Error codes */ +#define FFA_RET_OK 0 +#define FFA_RET_NOT_SUPPORTED -1 +#define FFA_RET_INVALID_PARAMETERS -2 +#define FFA_RET_NO_MEMORY -3 +#define FFA_RET_BUSY -4 +#define FFA_RET_INTERRUPTED -5 +#define FFA_RET_DENIED -6 +#define FFA_RET_RETRY -7 +#define FFA_RET_ABORTED -8 + +/* FFA_VERSION helpers */ +#define FFA_VERSION_MAJOR_SHIFT 16U +#define FFA_VERSION_MAJOR_MASK 0x7FFFU +#define FFA_VERSION_MINOR_SHIFT 0U +#define FFA_VERSION_MINOR_MASK 0xFFFFU +#define MAKE_FFA_VERSION(major, minor) \ + ((((major) & FFA_VERSION_MAJOR_MASK) << FFA_VERSION_MAJOR_SHIFT) | \ + ((minor) & FFA_VERSION_MINOR_MASK)) + +#define FFA_VERSION_1_0 MAKE_FFA_VERSION(1, 0) +#define FFA_VERSION_1_1 MAKE_FFA_VERSION(1, 1) +/* The minimal FF-A version of the SPMC that can be supported */ +#define FFA_MIN_SPMC_VERSION FFA_VERSION_1_1 + +/* + * This is the version we want to use in communication with guests and SPs. + * During negotiation with a guest or a SP we may need to lower it for + * that particular guest or SP. + */ +#define FFA_MY_VERSION_MAJOR 1U +#define FFA_MY_VERSION_MINOR 1U +#define FFA_MY_VERSION MAKE_FFA_VERSION(FFA_MY_VERSION_MAJOR, \ + FFA_MY_VERSION_MINOR) + +/* + * The FF-A specification explicitly works with 4K pages as a measure of + * memory size, for example, FFA_RXTX_MAP takes one parameter "RX/TX page + * count" which is the number of contiguous 4K pages allocated. Xen may use + * a different page size depending on the configuration to avoid confusion + * with PAGE_SIZE use a special define when it's a page size as in the FF-A + * specification. + */ +#define FFA_PAGE_SIZE SZ_4K + +/* + * The number of pages used for each of the RX and TX buffers shared with + * the SPMC. + */ +#define FFA_RXTX_PAGE_COUNT 1 + +/* + * Limit the number of pages RX/TX buffers guests can map. + * TODO support a larger number. + */ +#define FFA_MAX_RXTX_PAGE_COUNT 1 + +/* + * Limit for shared buffer size. Please note that this define limits + * number of pages. + * + * FF-A doesn't have any direct requirements on GlobalPlatform or vice + * versa, but an implementation can very well use FF-A in order to provide + * a GlobalPlatform interface on top. + * + * Global Platform specification for TEE requires that any TEE + * implementation should allow to share buffers with size of at least + * 512KB, defined in TEEC-1.0C page 24, Table 4-1, + * TEEC_CONFIG_SHAREDMEM_MAX_SIZE. + * Due to overhead which can be hard to predict exactly, double this number + * to give a safe margin. + */ +#define FFA_MAX_SHM_PAGE_COUNT (2 * SZ_512K / FFA_PAGE_SIZE) + +/* + * Limits the number of shared buffers that guest can have at once. This + * is to prevent case, when guests trick XEN into exhausting its own + * memory by allocating many small buffers. This value has been chosen + * arbitrarily. + */ +#define FFA_MAX_SHM_COUNT 32 + +/* + * The time we wait until trying to tear down a domain again if it was + * blocked initially. + */ +#define FFA_CTX_TEARDOWN_DELAY SECONDS(1) + +/* FF-A-1.1-REL0 section 10.9.2 Memory region handle, page 167 */ +#define FFA_HANDLE_HYP_FLAG BIT(63, ULL) +#define FFA_HANDLE_INVALID 0xffffffffffffffffULL + +/* + * Memory attributes: Normal memory, Write-Back cacheable, Inner shareable + * Defined in FF-A-1.1-REL0 Table 10.18 at page 175. + */ +#define FFA_NORMAL_MEM_REG_ATTR 0x2fU +/* + * Memory access permissions: Read-write + * Defined in FF-A-1.1-REL0 Table 10.15 at page 168. + */ +#define FFA_MEM_ACC_RW 0x2U + +/* FF-A-1.1-REL0 section 10.11.4 Flags usage, page 184-187 */ +/* Clear memory before mapping in receiver */ +#define FFA_MEMORY_REGION_FLAG_CLEAR BIT(0, U) +/* Relayer may time slice this operation */ +#define FFA_MEMORY_REGION_FLAG_TIME_SLICE BIT(1, U) +/* Clear memory after receiver relinquishes it */ +#define FFA_MEMORY_REGION_FLAG_CLEAR_RELINQUISH BIT(2, U) +/* Share memory transaction */ +#define FFA_MEMORY_REGION_TRANSACTION_TYPE_SHARE (1U << 3) + +/* + * Flags and field values used for the MSG_SEND_DIRECT_REQ/RESP: + * BIT(31): Framework or partition message + * BIT(7-0): Message type for frameworks messages + */ +#define FFA_MSG_FLAG_FRAMEWORK BIT(31, U) +#define FFA_MSG_TYPE_MASK 0xFFU; +#define FFA_MSG_PSCI 0x0U +#define FFA_MSG_SEND_VM_CREATED 0x4U +#define FFA_MSG_RESP_VM_CREATED 0x5U +#define FFA_MSG_SEND_VM_DESTROYED 0x6U +#define FFA_MSG_RESP_VM_DESTROYED 0x7U + +/* + * Flags to determine partition properties in FFA_PARTITION_INFO_GET return + * message: + * BIT(0): Supports receipt of direct requests + * BIT(1): Can send direct requests + * BIT(2): Can send and receive indirect messages + * BIT(3): Supports receipt of notifications + * BIT(4-5): Partition ID is a PE endpoint ID + * BIT(6): Partition must be informed about each VM that is created by + * the Hypervisor + * BIT(7): Partition must be informed about each VM that is destroyed by + * the Hypervisor + * BIT(8): Partition runs in the AArch64 execution state else AArch32 + * execution state + */ +#define FFA_PART_PROP_DIRECT_REQ_RECV BIT(0, U) +#define FFA_PART_PROP_DIRECT_REQ_SEND BIT(1, U) +#define FFA_PART_PROP_INDIRECT_MSGS BIT(2, U) +#define FFA_PART_PROP_RECV_NOTIF BIT(3, U) +#define FFA_PART_PROP_IS_TYPE_MASK (3U << 4) +#define FFA_PART_PROP_IS_PE_ID (0U << 4) +#define FFA_PART_PROP_IS_SEPID_INDEP (1U << 4) +#define FFA_PART_PROP_IS_SEPID_DEP (2U << 4) +#define FFA_PART_PROP_IS_AUX_ID (3U << 4) +#define FFA_PART_PROP_NOTIF_CREATED BIT(6, U) +#define FFA_PART_PROP_NOTIF_DESTROYED BIT(7, U) +#define FFA_PART_PROP_AARCH64_STATE BIT(8, U) + +/* + * Flag used as parameter to FFA_PARTITION_INFO_GET to return partition + * count only. + */ +#define FFA_PARTITION_INFO_GET_COUNT_FLAG BIT(0, U) + +/* Function IDs */ +#define FFA_ERROR 0x84000060U +#define FFA_SUCCESS_32 0x84000061U +#define FFA_SUCCESS_64 0xC4000061U +#define FFA_INTERRUPT 0x84000062U +#define FFA_VERSION 0x84000063U +#define FFA_FEATURES 0x84000064U +#define FFA_RX_ACQUIRE 0x84000084U +#define FFA_RX_RELEASE 0x84000065U +#define FFA_RXTX_MAP_32 0x84000066U +#define FFA_RXTX_MAP_64 0xC4000066U +#define FFA_RXTX_UNMAP 0x84000067U +#define FFA_PARTITION_INFO_GET 0x84000068U +#define FFA_ID_GET 0x84000069U +#define FFA_SPM_ID_GET 0x84000085U +#define FFA_MSG_WAIT 0x8400006BU +#define FFA_MSG_YIELD 0x8400006CU +#define FFA_RUN 0x8400006DU +#define FFA_MSG_SEND2 0x84000086U +#define FFA_MSG_SEND_DIRECT_REQ_32 0x8400006FU +#define FFA_MSG_SEND_DIRECT_REQ_64 0xC400006FU +#define FFA_MSG_SEND_DIRECT_RESP_32 0x84000070U +#define FFA_MSG_SEND_DIRECT_RESP_64 0xC4000070U +#define FFA_MEM_DONATE_32 0x84000071U +#define FFA_MEM_DONATE_64 0xC4000071U +#define FFA_MEM_LEND_32 0x84000072U +#define FFA_MEM_LEND_64 0xC4000072U +#define FFA_MEM_SHARE_32 0x84000073U +#define FFA_MEM_SHARE_64 0xC4000073U +#define FFA_MEM_RETRIEVE_REQ_32 0x84000074U +#define FFA_MEM_RETRIEVE_REQ_64 0xC4000074U +#define FFA_MEM_RETRIEVE_RESP 0x84000075U +#define FFA_MEM_RELINQUISH 0x84000076U +#define FFA_MEM_RECLAIM 0x84000077U +#define FFA_MEM_FRAG_RX 0x8400007AU +#define FFA_MEM_FRAG_TX 0x8400007BU +#define FFA_MSG_SEND 0x8400006EU +#define FFA_MSG_POLL 0x8400006AU + +struct ffa_ctx { + void *rx; + const void *tx; + struct page_info *rx_pg; + struct page_info *tx_pg; + /* Number of 4kB pages in each of rx/rx_pg and tx/tx_pg */ + unsigned int page_count; + /* FF-A version used by the guest */ + uint32_t guest_vers; + bool rx_is_free; + /* Used shared memory objects, struct ffa_shm_mem */ + struct list_head shm_list; + /* Number of allocated shared memory object */ + unsigned int shm_count; + /* + * tx_lock is used to serialize access to tx + * rx_lock is used to serialize access to rx + * lock is used for the rest in this struct + */ + spinlock_t tx_lock; + spinlock_t rx_lock; + spinlock_t lock; + /* Used if domain can't be torn down immediately */ + struct domain *teardown_d; + struct list_head teardown_list; + s_time_t teardown_expire; + /* + * Used for ffa_domain_teardown() to keep track of which SPs should be + * notified that this guest is being destroyed. + */ + unsigned long vm_destroy_bitmap[]; +}; + +static inline uint16_t ffa_get_vm_id(const struct domain *d) +{ + /* +1 since 0 is reserved for the hypervisor in FF-A */ + return d->domain_id + 1; +} + +static inline void ffa_set_regs(struct cpu_user_regs *regs, register_t v0, + register_t v1, register_t v2, register_t v3, + register_t v4, register_t v5, register_t v6, + register_t v7) +{ + set_user_reg(regs, 0, v0); + set_user_reg(regs, 1, v1); + set_user_reg(regs, 2, v2); + set_user_reg(regs, 3, v3); + set_user_reg(regs, 4, v4); + set_user_reg(regs, 5, v5); + set_user_reg(regs, 6, v6); + set_user_reg(regs, 7, v7); +} + +static inline void ffa_set_regs_error(struct cpu_user_regs *regs, + uint32_t error_code) +{ + ffa_set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0); +} + +static inline void ffa_set_regs_success(struct cpu_user_regs *regs, + uint32_t w2, uint32_t w3) +{ + ffa_set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0); +} + +static inline int32_t ffa_get_ret_code(const struct arm_smccc_1_2_regs *resp) +{ + switch ( resp->a0 ) + { + case FFA_ERROR: + if ( resp->a2 ) + return resp->a2; + else + return FFA_RET_NOT_SUPPORTED; + case FFA_SUCCESS_32: + case FFA_SUCCESS_64: + return FFA_RET_OK; + default: + return FFA_RET_NOT_SUPPORTED; + } +} + +static inline int32_t ffa_simple_call(uint32_t fid, register_t a1, + register_t a2, register_t a3, + register_t a4) +{ + const struct arm_smccc_1_2_regs arg = { + .a0 = fid, + .a1 = a1, + .a2 = a2, + .a3 = a3, + .a4 = a4, + }; + struct arm_smccc_1_2_regs resp; + + arm_smccc_1_2_smc(&arg, &resp); + + return ffa_get_ret_code(&resp); +} + +#endif /*__FFA_PRIVATE_H__*/ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 23:33:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 23:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700642.1094105 (Exim 4.92) (envelope-from ) id 1rsA6f-0008KK-GH; Wed, 03 Apr 2024 23:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700642.1094105; Wed, 03 Apr 2024 23:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6f-0008KD-Db; Wed, 03 Apr 2024 23:33:25 +0000 Received: by outflank-mailman (input) for mailman id 700642; Wed, 03 Apr 2024 23:33:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6d-0008Jx-Td for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6d-0001og-Sr for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsA6d-0005Fs-Rt for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=x8v85VJkGeDjsAH/tc8CLaUmGqAy7rf/uuqZYzhGLFw=; b=RNxLp9kJVY8kurwH1G9nxKt4rw 9KTtsGxv8Zkm+3waydEYiKSWCbOkPgPa454mN94pfH545g6YQ9RJTqTsQX+THWaVEU0OJcGXwC54E Xuuh87mjoeitQ0voINkOf6sI6djTZdvXLKVFuPyQwP2cCiLz6Y8AtNsTUx0kNLZM5K/U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: ffa: separate memory sharing routines Message-Id: Date: Wed, 03 Apr 2024 23:33:23 +0000 commit 88368672003e7d97c82f01a2cc7ac87c6f6c5585 Author: Jens Wiklander AuthorDate: Mon Mar 25 10:39:01 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:10:45 2024 -0700 xen/arm: ffa: separate memory sharing routines Move memory sharing routines into a separate file for easier navigation in the source code. Add ffa_shm_domain_destroy() to isolate the ffa_shm things in ffa_domain_teardown_continue(). Signed-off-by: Jens Wiklander [stefano: fix date in header] Signed-off-by: Stefano Stabellini Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/Makefile | 1 + xen/arch/arm/tee/ffa.c | 708 +---------------------------------------- xen/arch/arm/tee/ffa_private.h | 10 + xen/arch/arm/tee/ffa_shm.c | 708 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 729 insertions(+), 698 deletions(-) diff --git a/xen/arch/arm/tee/Makefile b/xen/arch/arm/tee/Makefile index 58a1015e40..0e683d23aa 100644 --- a/xen/arch/arm/tee/Makefile +++ b/xen/arch/arm/tee/Makefile @@ -1,3 +1,4 @@ obj-$(CONFIG_FFA) += ffa.o +obj-$(CONFIG_FFA) += ffa_shm.o obj-y += tee.o obj-$(CONFIG_OPTEE) += optee.o diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index 259851f20b..db36292dc5 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -84,92 +84,6 @@ struct ffa_partition_info_1_1 { uint8_t uuid[16]; }; -/* Constituent memory region descriptor */ -struct ffa_address_range { - uint64_t address; - uint32_t page_count; - uint32_t reserved; -}; - -/* Composite memory region descriptor */ -struct ffa_mem_region { - uint32_t total_page_count; - uint32_t address_range_count; - uint64_t reserved; - struct ffa_address_range address_range_array[]; -}; - -/* Memory access permissions descriptor */ -struct ffa_mem_access_perm { - uint16_t endpoint_id; - uint8_t perm; - uint8_t flags; -}; - -/* Endpoint memory access descriptor */ -struct ffa_mem_access { - struct ffa_mem_access_perm access_perm; - uint32_t region_offs; - uint64_t reserved; -}; - -/* Lend, donate or share memory transaction descriptor */ -struct ffa_mem_transaction_1_0 { - uint16_t sender_id; - uint8_t mem_reg_attr; - uint8_t reserved0; - uint32_t flags; - uint64_t handle; - uint64_t tag; - uint32_t reserved1; - uint32_t mem_access_count; - struct ffa_mem_access mem_access_array[]; -}; - -struct ffa_mem_transaction_1_1 { - uint16_t sender_id; - uint16_t mem_reg_attr; - uint32_t flags; - uint64_t handle; - uint64_t tag; - uint32_t mem_access_size; - uint32_t mem_access_count; - uint32_t mem_access_offs; - uint8_t reserved[12]; -}; - -/* Calculate offset of struct ffa_mem_access from start of buffer */ -#define MEM_ACCESS_OFFSET(access_idx) \ - ( sizeof(struct ffa_mem_transaction_1_1) + \ - ( access_idx ) * sizeof(struct ffa_mem_access) ) - -/* Calculate offset of struct ffa_mem_region from start of buffer */ -#define REGION_OFFSET(access_count, region_idx) \ - ( MEM_ACCESS_OFFSET(access_count) + \ - ( region_idx ) * sizeof(struct ffa_mem_region) ) - -/* Calculate offset of struct ffa_address_range from start of buffer */ -#define ADDR_RANGE_OFFSET(access_count, region_count, range_idx) \ - ( REGION_OFFSET(access_count, region_count) + \ - ( range_idx ) * sizeof(struct ffa_address_range) ) - -/* - * The parts needed from struct ffa_mem_transaction_1_0 or struct - * ffa_mem_transaction_1_1, used to provide an abstraction of difference in - * data structures between version 1.0 and 1.1. This is just an internal - * interface and can be changed without changing any ABI. - */ -struct ffa_mem_transaction_int { - uint16_t sender_id; - uint8_t mem_reg_attr; - uint8_t flags; - uint8_t mem_access_size; - uint8_t mem_access_count; - uint16_t mem_access_offs; - uint64_t handle; - uint64_t tag; -}; - /* Endpoint RX/TX descriptor */ struct ffa_endpoint_rxtx_descriptor_1_0 { uint16_t sender_id; @@ -185,15 +99,6 @@ struct ffa_endpoint_rxtx_descriptor_1_1 { uint32_t tx_region_offs; }; -struct ffa_shm_mem { - struct list_head list; - uint16_t sender_id; - uint16_t ep_id; /* endpoint, the one lending */ - uint64_t handle; /* FFA_HANDLE_INVALID if not set yet */ - unsigned int page_count; - struct page_info *pages[]; -}; - /* Negotiated FF-A version to use with the SPMC */ static uint32_t __ro_after_init ffa_version; @@ -212,10 +117,10 @@ static uint16_t subscr_vm_destroyed_count __read_mostly; * for calls which uses our RX buffer to deliver a result we must call * ffa_rx_release() to let the SPMC know that we're done with the buffer. */ -static void *ffa_rx __read_mostly; -static void *ffa_tx __read_mostly; -static DEFINE_SPINLOCK(ffa_rx_buffer_lock); -static DEFINE_SPINLOCK(ffa_tx_buffer_lock); +void *ffa_rx __read_mostly; +void *ffa_tx __read_mostly; +DEFINE_SPINLOCK(ffa_rx_buffer_lock); +DEFINE_SPINLOCK(ffa_tx_buffer_lock); /* Used to track domains that could not be torn down immediately. */ @@ -297,47 +202,6 @@ static int32_t ffa_rx_release(void) return ffa_simple_call(FFA_RX_RELEASE, 0, 0, 0, 0); } -static int32_t ffa_mem_share(uint32_t tot_len, uint32_t frag_len, - register_t addr, uint32_t pg_count, - uint64_t *handle) -{ - struct arm_smccc_1_2_regs arg = { - .a0 = FFA_MEM_SHARE_64, - .a1 = tot_len, - .a2 = frag_len, - .a3 = addr, - .a4 = pg_count, - }; - struct arm_smccc_1_2_regs resp; - - arm_smccc_1_2_smc(&arg, &resp); - - switch ( resp.a0 ) - { - case FFA_ERROR: - if ( resp.a2 ) - return resp.a2; - else - return FFA_RET_NOT_SUPPORTED; - case FFA_SUCCESS_32: - *handle = regpair_to_uint64(resp.a3, resp.a2); - return FFA_RET_OK; - case FFA_MEM_FRAG_RX: - *handle = regpair_to_uint64(resp.a2, resp.a1); - if ( resp.a3 > INT32_MAX ) /* Impossible value */ - return FFA_RET_ABORTED; - return resp.a3 & INT32_MAX; - default: - return FFA_RET_NOT_SUPPORTED; - } -} - -static int32_t ffa_mem_reclaim(uint32_t handle_lo, uint32_t handle_hi, - uint32_t flags) -{ - return ffa_simple_call(FFA_MEM_RECLAIM, handle_lo, handle_hi, flags, 0); -} - static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id, uint8_t msg) { @@ -660,506 +524,6 @@ out: resp.a7 & mask); } -/* - * Gets all page and assigns them to the supplied shared memory object. If - * this function fails then the caller is still expected to call - * put_shm_pages() as a cleanup. - */ -static int get_shm_pages(struct domain *d, struct ffa_shm_mem *shm, - const struct ffa_address_range *range, - uint32_t range_count, unsigned int start_page_idx, - unsigned int *last_page_idx) -{ - unsigned int pg_idx = start_page_idx; - gfn_t gfn; - unsigned int n; - unsigned int m; - p2m_type_t t; - uint64_t addr; - uint64_t page_count; - - for ( n = 0; n < range_count; n++ ) - { - page_count = read_atomic(&range[n].page_count); - addr = read_atomic(&range[n].address); - for ( m = 0; m < page_count; m++ ) - { - if ( pg_idx >= shm->page_count ) - return FFA_RET_INVALID_PARAMETERS; - - gfn = gaddr_to_gfn(addr + m * FFA_PAGE_SIZE); - shm->pages[pg_idx] = get_page_from_gfn(d, gfn_x(gfn), &t, - P2M_ALLOC); - if ( !shm->pages[pg_idx] ) - return FFA_RET_DENIED; - /* Only normal RW RAM for now */ - if ( t != p2m_ram_rw ) - return FFA_RET_DENIED; - pg_idx++; - } - } - - *last_page_idx = pg_idx; - - return FFA_RET_OK; -} - -static void put_shm_pages(struct ffa_shm_mem *shm) -{ - unsigned int n; - - for ( n = 0; n < shm->page_count && shm->pages[n]; n++ ) - { - put_page(shm->pages[n]); - shm->pages[n] = NULL; - } -} - -static bool inc_ctx_shm_count(struct domain *d, struct ffa_ctx *ctx) -{ - bool ret = true; - - spin_lock(&ctx->lock); - - if ( ctx->shm_count >= FFA_MAX_SHM_COUNT ) - { - ret = false; - } - else - { - /* - * If this is the first shm added, increase the domain reference - * counter as we need to keep domain around a bit longer to reclaim - * the shared memory in the teardown path. - */ - if ( !ctx->shm_count ) - get_knownalive_domain(d); - - ctx->shm_count++; - } - - spin_unlock(&ctx->lock); - - return ret; -} - -static void dec_ctx_shm_count(struct domain *d, struct ffa_ctx *ctx) -{ - bool drop_ref; - - spin_lock(&ctx->lock); - - ASSERT(ctx->shm_count > 0); - ctx->shm_count--; - - /* - * If this was the last shm removed, let go of the domain reference we - * took in inc_ctx_shm_count() above. - */ - drop_ref = !ctx->shm_count; - - spin_unlock(&ctx->lock); - - if ( drop_ref ) - put_domain(d); -} - -static struct ffa_shm_mem *alloc_ffa_shm_mem(struct domain *d, - unsigned int page_count) -{ - struct ffa_ctx *ctx = d->arch.tee; - struct ffa_shm_mem *shm; - - if ( page_count >= FFA_MAX_SHM_PAGE_COUNT ) - return NULL; - if ( !inc_ctx_shm_count(d, ctx) ) - return NULL; - - shm = xzalloc_flex_struct(struct ffa_shm_mem, pages, page_count); - if ( shm ) - shm->page_count = page_count; - else - dec_ctx_shm_count(d, ctx); - - return shm; -} - -static void free_ffa_shm_mem(struct domain *d, struct ffa_shm_mem *shm) -{ - struct ffa_ctx *ctx = d->arch.tee; - - if ( !shm ) - return; - - dec_ctx_shm_count(d, ctx); - put_shm_pages(shm); - xfree(shm); -} - -static void init_range(struct ffa_address_range *addr_range, - paddr_t pa) -{ - memset(addr_range, 0, sizeof(*addr_range)); - addr_range->address = pa; - addr_range->page_count = 1; -} - -/* - * This function uses the ffa_tx buffer to transmit the memory transaction - * descriptor. The function depends ffa_tx_buffer_lock to be used to guard - * the buffer from concurrent use. - */ -static int share_shm(struct ffa_shm_mem *shm) -{ - const uint32_t max_frag_len = FFA_RXTX_PAGE_COUNT * FFA_PAGE_SIZE; - struct ffa_mem_access *mem_access_array; - struct ffa_mem_transaction_1_1 *descr; - struct ffa_address_range *addr_range; - struct ffa_mem_region *region_descr; - const unsigned int region_count = 1; - void *buf = ffa_tx; - uint32_t frag_len; - uint32_t tot_len; - paddr_t last_pa; - unsigned int n; - paddr_t pa; - - ASSERT(spin_is_locked(&ffa_tx_buffer_lock)); - ASSERT(shm->page_count); - - descr = buf; - memset(descr, 0, sizeof(*descr)); - descr->sender_id = shm->sender_id; - descr->handle = shm->handle; - descr->mem_reg_attr = FFA_NORMAL_MEM_REG_ATTR; - descr->mem_access_count = 1; - descr->mem_access_size = sizeof(*mem_access_array); - descr->mem_access_offs = MEM_ACCESS_OFFSET(0); - - mem_access_array = buf + descr->mem_access_offs; - memset(mem_access_array, 0, sizeof(*mem_access_array)); - mem_access_array[0].access_perm.endpoint_id = shm->ep_id; - mem_access_array[0].access_perm.perm = FFA_MEM_ACC_RW; - mem_access_array[0].region_offs = REGION_OFFSET(descr->mem_access_count, 0); - - region_descr = buf + mem_access_array[0].region_offs; - memset(region_descr, 0, sizeof(*region_descr)); - region_descr->total_page_count = shm->page_count; - - region_descr->address_range_count = 1; - last_pa = page_to_maddr(shm->pages[0]); - for ( n = 1; n < shm->page_count; last_pa = pa, n++ ) - { - pa = page_to_maddr(shm->pages[n]); - if ( last_pa + FFA_PAGE_SIZE == pa ) - continue; - region_descr->address_range_count++; - } - - tot_len = ADDR_RANGE_OFFSET(descr->mem_access_count, region_count, - region_descr->address_range_count); - if ( tot_len > max_frag_len ) - return FFA_RET_NOT_SUPPORTED; - - addr_range = region_descr->address_range_array; - frag_len = ADDR_RANGE_OFFSET(descr->mem_access_count, region_count, 1); - last_pa = page_to_maddr(shm->pages[0]); - init_range(addr_range, last_pa); - for ( n = 1; n < shm->page_count; last_pa = pa, n++ ) - { - pa = page_to_maddr(shm->pages[n]); - if ( last_pa + FFA_PAGE_SIZE == pa ) - { - addr_range->page_count++; - continue; - } - - frag_len += sizeof(*addr_range); - addr_range++; - init_range(addr_range, pa); - } - - return ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle); -} - -static int read_mem_transaction(uint32_t ffa_vers, const void *buf, size_t blen, - struct ffa_mem_transaction_int *trans) -{ - uint16_t mem_reg_attr; - uint32_t flags; - uint32_t count; - uint32_t offs; - uint32_t size; - - if ( ffa_vers >= FFA_VERSION_1_1 ) - { - const struct ffa_mem_transaction_1_1 *descr; - - if ( blen < sizeof(*descr) ) - return FFA_RET_INVALID_PARAMETERS; - - descr = buf; - trans->sender_id = descr->sender_id; - mem_reg_attr = descr->mem_reg_attr; - flags = descr->flags; - trans->handle = descr->handle; - trans->tag = descr->tag; - - count = descr->mem_access_count; - size = descr->mem_access_size; - offs = descr->mem_access_offs; - } - else - { - const struct ffa_mem_transaction_1_0 *descr; - - if ( blen < sizeof(*descr) ) - return FFA_RET_INVALID_PARAMETERS; - - descr = buf; - trans->sender_id = descr->sender_id; - mem_reg_attr = descr->mem_reg_attr; - flags = descr->flags; - trans->handle = descr->handle; - trans->tag = descr->tag; - - count = descr->mem_access_count; - size = sizeof(struct ffa_mem_access); - offs = offsetof(struct ffa_mem_transaction_1_0, mem_access_array); - } - /* - * Make sure that "descr" which is shared with the guest isn't accessed - * again after this point. - */ - barrier(); - - /* - * We're doing a rough check to see that no information is lost when - * tranfering the values into a struct ffa_mem_transaction_int below. - * The fields in struct ffa_mem_transaction_int are wide enough to hold - * any valid value so being out of range means that something is wrong. - */ - if ( mem_reg_attr > UINT8_MAX || flags > UINT8_MAX || size > UINT8_MAX || - count > UINT8_MAX || offs > UINT16_MAX ) - return FFA_RET_INVALID_PARAMETERS; - - /* Check that the endpoint memory access descriptor array fits */ - if ( size * count + offs > blen ) - return FFA_RET_INVALID_PARAMETERS; - - trans->mem_reg_attr = mem_reg_attr; - trans->flags = flags; - trans->mem_access_size = size; - trans->mem_access_count = count; - trans->mem_access_offs = offs; - - return 0; -} - -static void ffa_handle_mem_share(struct cpu_user_regs *regs) -{ - uint32_t tot_len = get_user_reg(regs, 1); - uint32_t frag_len = get_user_reg(regs, 2); - uint64_t addr = get_user_reg(regs, 3); - uint32_t page_count = get_user_reg(regs, 4); - const struct ffa_mem_region *region_descr; - const struct ffa_mem_access *mem_access; - struct ffa_mem_transaction_int trans; - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - struct ffa_shm_mem *shm = NULL; - unsigned int last_page_idx = 0; - register_t handle_hi = 0; - register_t handle_lo = 0; - int ret = FFA_RET_DENIED; - uint32_t range_count; - uint32_t region_offs; - - /* - * We're only accepting memory transaction descriptors via the rx/tx - * buffer. - */ - if ( addr ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_set_ret; - } - - /* Check that fragment length doesn't exceed total length */ - if ( frag_len > tot_len ) - { - ret = FFA_RET_INVALID_PARAMETERS; - goto out_set_ret; - } - - /* We currently only support a single fragment */ - if ( frag_len != tot_len ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_set_ret; - } - - if ( !spin_trylock(&ctx->tx_lock) ) - { - ret = FFA_RET_BUSY; - goto out_set_ret; - } - - if ( frag_len > ctx->page_count * FFA_PAGE_SIZE ) - goto out_unlock; - - ret = read_mem_transaction(ctx->guest_vers, ctx->tx, frag_len, &trans); - if ( ret ) - goto out_unlock; - - if ( trans.mem_reg_attr != FFA_NORMAL_MEM_REG_ATTR ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_unlock; - } - - /* Only supports sharing it with one SP for now */ - if ( trans.mem_access_count != 1 ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_unlock; - } - - if ( trans.sender_id != ffa_get_vm_id(d) ) - { - ret = FFA_RET_INVALID_PARAMETERS; - goto out_unlock; - } - - /* Check that it fits in the supplied data */ - if ( trans.mem_access_offs + trans.mem_access_size > frag_len ) - goto out_unlock; - - mem_access = ctx->tx + trans.mem_access_offs; - if ( read_atomic(&mem_access->access_perm.perm) != FFA_MEM_ACC_RW ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_unlock; - } - - region_offs = read_atomic(&mem_access->region_offs); - if ( sizeof(*region_descr) + region_offs > frag_len ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_unlock; - } - - region_descr = ctx->tx + region_offs; - range_count = read_atomic(®ion_descr->address_range_count); - page_count = read_atomic(®ion_descr->total_page_count); - - if ( !page_count ) - { - ret = FFA_RET_INVALID_PARAMETERS; - goto out_unlock; - } - - shm = alloc_ffa_shm_mem(d, page_count); - if ( !shm ) - { - ret = FFA_RET_NO_MEMORY; - goto out_unlock; - } - shm->sender_id = trans.sender_id; - shm->ep_id = read_atomic(&mem_access->access_perm.endpoint_id); - - /* - * Check that the Composite memory region descriptor fits. - */ - if ( sizeof(*region_descr) + region_offs + - range_count * sizeof(struct ffa_address_range) > frag_len ) - { - ret = FFA_RET_INVALID_PARAMETERS; - goto out; - } - - ret = get_shm_pages(d, shm, region_descr->address_range_array, range_count, - 0, &last_page_idx); - if ( ret ) - goto out; - if ( last_page_idx != shm->page_count ) - { - ret = FFA_RET_INVALID_PARAMETERS; - goto out; - } - - /* Note that share_shm() uses our tx buffer */ - spin_lock(&ffa_tx_buffer_lock); - ret = share_shm(shm); - spin_unlock(&ffa_tx_buffer_lock); - if ( ret ) - goto out; - - spin_lock(&ctx->lock); - list_add_tail(&shm->list, &ctx->shm_list); - spin_unlock(&ctx->lock); - - uint64_to_regpair(&handle_hi, &handle_lo, shm->handle); - -out: - if ( ret ) - free_ffa_shm_mem(d, shm); -out_unlock: - spin_unlock(&ctx->tx_lock); - -out_set_ret: - if ( ret == 0) - ffa_set_regs_success(regs, handle_lo, handle_hi); - else - ffa_set_regs_error(regs, ret); -} - -/* Must only be called with ctx->lock held */ -static struct ffa_shm_mem *find_shm_mem(struct ffa_ctx *ctx, uint64_t handle) -{ - struct ffa_shm_mem *shm; - - list_for_each_entry(shm, &ctx->shm_list, list) - if ( shm->handle == handle ) - return shm; - - return NULL; -} - -static int ffa_handle_mem_reclaim(uint64_t handle, uint32_t flags) -{ - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - struct ffa_shm_mem *shm; - register_t handle_hi; - register_t handle_lo; - int ret; - - spin_lock(&ctx->lock); - shm = find_shm_mem(ctx, handle); - if ( shm ) - list_del(&shm->list); - spin_unlock(&ctx->lock); - if ( !shm ) - return FFA_RET_INVALID_PARAMETERS; - - uint64_to_regpair(&handle_hi, &handle_lo, handle); - ret = ffa_mem_reclaim(handle_lo, handle_hi, flags); - - if ( ret ) - { - spin_lock(&ctx->lock); - list_add_tail(&shm->list, &ctx->shm_list); - spin_unlock(&ctx->lock); - } - else - { - free_ffa_shm_mem(d, shm); - } - - return ret; -} - static bool ffa_handle_call(struct cpu_user_regs *regs) { uint32_t fid = get_user_reg(regs, 0); @@ -1284,8 +648,8 @@ static int ffa_domain_init(struct domain *d) if ( !ffa_version ) return -ENODEV; /* - * We can't use that last possible domain ID or get_vm_id() would cause - * an overflow. + * We can't use that last possible domain ID or ffa_get_vm_id() would + * cause an overflow. */ if ( d->domain_id >= UINT16_MAX) return -ERANGE; @@ -1348,68 +712,16 @@ static void send_vm_destroyed(struct domain *d) } } -static void ffa_reclaim_shms(struct domain *d) -{ - struct ffa_ctx *ctx = d->arch.tee; - struct ffa_shm_mem *shm, *tmp; - int32_t res; - - list_for_each_entry_safe(shm, tmp, &ctx->shm_list, list) - { - register_t handle_hi; - register_t handle_lo; - - uint64_to_regpair(&handle_hi, &handle_lo, shm->handle); - res = ffa_mem_reclaim(handle_lo, handle_hi, 0); - switch ( res ) { - case FFA_RET_OK: - printk(XENLOG_G_DEBUG "%pd: ffa: Reclaimed handle %#lx\n", - d, shm->handle); - list_del(&shm->list); - free_ffa_shm_mem(d, shm); - break; - case FFA_RET_DENIED: - /* - * A temporary error that may get resolved a bit later, it's - * worth retrying. - */ - printk(XENLOG_G_INFO "%pd: ffa: Failed to reclaim handle %#lx : %d\n", - d, shm->handle, res); - break; /* We will retry later */ - default: - /* - * The rest of the error codes are not expected and are assumed - * to be of a permanent nature. It not in our control to handle - * the error properly so the object in this case is to try to - * minimize the damage. - * - * FFA_RET_NO_MEMORY might be a temporary error as it it could - * succeed if retried later, but treat it as permanent for now. - */ - printk(XENLOG_G_INFO "%pd: ffa: Permanent failure to reclaim handle %#lx : %d\n", - d, shm->handle, res); - - /* - * Remove the shm from the list and free it, but don't drop - * references. This results in having the shared physical pages - * permanently allocate and also keeps the domain as a zombie - * domain. - */ - list_del(&shm->list); - xfree(shm); - break; - } - } -} - static void ffa_domain_teardown_continue(struct ffa_ctx *ctx, bool first_time) { struct ffa_ctx *next_ctx = NULL; + bool retry = false; send_vm_destroyed(ctx->teardown_d); - ffa_reclaim_shms(ctx->teardown_d); + if ( !ffa_shm_domain_destroy(ctx->teardown_d) ) + retry = true; - if ( ctx->shm_count || + if ( retry || !bitmap_empty(ctx->vm_destroy_bitmap, subscr_vm_destroyed_count) ) { printk(XENLOG_G_INFO "%pd: ffa: Remaining cleanup, retrying\n", ctx->teardown_d); diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h index 8352b6b55a..f3e2f42e57 100644 --- a/xen/arch/arm/tee/ffa_private.h +++ b/xen/arch/arm/tee/ffa_private.h @@ -247,6 +247,16 @@ struct ffa_ctx { unsigned long vm_destroy_bitmap[]; }; +extern void *ffa_rx; +extern void *ffa_tx; +extern spinlock_t ffa_rx_buffer_lock; +extern spinlock_t ffa_tx_buffer_lock; + +bool ffa_shm_domain_destroy(struct domain *d); +void ffa_handle_mem_share(struct cpu_user_regs *regs); +int ffa_handle_mem_reclaim(uint64_t handle, uint32_t flags); + + static inline uint16_t ffa_get_vm_id(const struct domain *d) { /* +1 since 0 is reserved for the hypervisor in FF-A */ diff --git a/xen/arch/arm/tee/ffa_shm.c b/xen/arch/arm/tee/ffa_shm.c new file mode 100644 index 0000000000..eed9ad2d29 --- /dev/null +++ b/xen/arch/arm/tee/ffa_shm.c @@ -0,0 +1,708 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2024 Linaro Limited + */ + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "ffa_private.h" + +/* Constituent memory region descriptor */ +struct ffa_address_range { + uint64_t address; + uint32_t page_count; + uint32_t reserved; +}; + +/* Composite memory region descriptor */ +struct ffa_mem_region { + uint32_t total_page_count; + uint32_t address_range_count; + uint64_t reserved; + struct ffa_address_range address_range_array[]; +}; + +/* Memory access permissions descriptor */ +struct ffa_mem_access_perm { + uint16_t endpoint_id; + uint8_t perm; + uint8_t flags; +}; + +/* Endpoint memory access descriptor */ +struct ffa_mem_access { + struct ffa_mem_access_perm access_perm; + uint32_t region_offs; + uint64_t reserved; +}; + +/* Lend, donate or share memory transaction descriptor */ +struct ffa_mem_transaction_1_0 { + uint16_t sender_id; + uint8_t mem_reg_attr; + uint8_t reserved0; + uint32_t flags; + uint64_t handle; + uint64_t tag; + uint32_t reserved1; + uint32_t mem_access_count; + struct ffa_mem_access mem_access_array[]; +}; + +struct ffa_mem_transaction_1_1 { + uint16_t sender_id; + uint16_t mem_reg_attr; + uint32_t flags; + uint64_t handle; + uint64_t tag; + uint32_t mem_access_size; + uint32_t mem_access_count; + uint32_t mem_access_offs; + uint8_t reserved[12]; +}; + +/* Calculate offset of struct ffa_mem_access from start of buffer */ +#define MEM_ACCESS_OFFSET(access_idx) \ + ( sizeof(struct ffa_mem_transaction_1_1) + \ + ( access_idx ) * sizeof(struct ffa_mem_access) ) + +/* Calculate offset of struct ffa_mem_region from start of buffer */ +#define REGION_OFFSET(access_count, region_idx) \ + ( MEM_ACCESS_OFFSET(access_count) + \ + ( region_idx ) * sizeof(struct ffa_mem_region) ) + +/* Calculate offset of struct ffa_address_range from start of buffer */ +#define ADDR_RANGE_OFFSET(access_count, region_count, range_idx) \ + ( REGION_OFFSET(access_count, region_count) + \ + ( range_idx ) * sizeof(struct ffa_address_range) ) + +/* + * The parts needed from struct ffa_mem_transaction_1_0 or struct + * ffa_mem_transaction_1_1, used to provide an abstraction of difference in + * data structures between version 1.0 and 1.1. This is just an internal + * interface and can be changed without changing any ABI. + */ +struct ffa_mem_transaction_int { + uint16_t sender_id; + uint8_t mem_reg_attr; + uint8_t flags; + uint8_t mem_access_size; + uint8_t mem_access_count; + uint16_t mem_access_offs; + uint64_t handle; + uint64_t tag; +}; + +struct ffa_shm_mem { + struct list_head list; + uint16_t sender_id; + uint16_t ep_id; /* endpoint, the one lending */ + uint64_t handle; /* FFA_HANDLE_INVALID if not set yet */ + unsigned int page_count; + struct page_info *pages[]; +}; + +static int32_t ffa_mem_share(uint32_t tot_len, uint32_t frag_len, + register_t addr, uint32_t pg_count, + uint64_t *handle) +{ + struct arm_smccc_1_2_regs arg = { + .a0 = FFA_MEM_SHARE_64, + .a1 = tot_len, + .a2 = frag_len, + .a3 = addr, + .a4 = pg_count, + }; + struct arm_smccc_1_2_regs resp; + + arm_smccc_1_2_smc(&arg, &resp); + + switch ( resp.a0 ) + { + case FFA_ERROR: + if ( resp.a2 ) + return resp.a2; + else + return FFA_RET_NOT_SUPPORTED; + case FFA_SUCCESS_32: + *handle = regpair_to_uint64(resp.a3, resp.a2); + return FFA_RET_OK; + case FFA_MEM_FRAG_RX: + *handle = regpair_to_uint64(resp.a2, resp.a1); + if ( resp.a3 > INT32_MAX ) /* Impossible value */ + return FFA_RET_ABORTED; + return resp.a3 & INT32_MAX; + default: + return FFA_RET_NOT_SUPPORTED; + } +} + +static int32_t ffa_mem_reclaim(uint32_t handle_lo, uint32_t handle_hi, + uint32_t flags) +{ + return ffa_simple_call(FFA_MEM_RECLAIM, handle_lo, handle_hi, flags, 0); +} + +/* + * Gets all page and assigns them to the supplied shared memory object. If + * this function fails then the caller is still expected to call + * put_shm_pages() as a cleanup. + */ +static int get_shm_pages(struct domain *d, struct ffa_shm_mem *shm, + const struct ffa_address_range *range, + uint32_t range_count, unsigned int start_page_idx, + unsigned int *last_page_idx) +{ + unsigned int pg_idx = start_page_idx; + gfn_t gfn; + unsigned int n; + unsigned int m; + p2m_type_t t; + uint64_t addr; + uint64_t page_count; + + for ( n = 0; n < range_count; n++ ) + { + page_count = read_atomic(&range[n].page_count); + addr = read_atomic(&range[n].address); + for ( m = 0; m < page_count; m++ ) + { + if ( pg_idx >= shm->page_count ) + return FFA_RET_INVALID_PARAMETERS; + + gfn = gaddr_to_gfn(addr + m * FFA_PAGE_SIZE); + shm->pages[pg_idx] = get_page_from_gfn(d, gfn_x(gfn), &t, + P2M_ALLOC); + if ( !shm->pages[pg_idx] ) + return FFA_RET_DENIED; + /* Only normal RW RAM for now */ + if ( t != p2m_ram_rw ) + return FFA_RET_DENIED; + pg_idx++; + } + } + + *last_page_idx = pg_idx; + + return FFA_RET_OK; +} + +static void put_shm_pages(struct ffa_shm_mem *shm) +{ + unsigned int n; + + for ( n = 0; n < shm->page_count && shm->pages[n]; n++ ) + { + put_page(shm->pages[n]); + shm->pages[n] = NULL; + } +} + +static bool inc_ctx_shm_count(struct domain *d, struct ffa_ctx *ctx) +{ + bool ret = true; + + spin_lock(&ctx->lock); + + if ( ctx->shm_count >= FFA_MAX_SHM_COUNT ) + { + ret = false; + } + else + { + /* + * If this is the first shm added, increase the domain reference + * counter as we need to keep domain around a bit longer to reclaim + * the shared memory in the teardown path. + */ + if ( !ctx->shm_count ) + get_knownalive_domain(d); + + ctx->shm_count++; + } + + spin_unlock(&ctx->lock); + + return ret; +} + +static void dec_ctx_shm_count(struct domain *d, struct ffa_ctx *ctx) +{ + bool drop_ref; + + spin_lock(&ctx->lock); + + ASSERT(ctx->shm_count > 0); + ctx->shm_count--; + + /* + * If this was the last shm removed, let go of the domain reference we + * took in inc_ctx_shm_count() above. + */ + drop_ref = !ctx->shm_count; + + spin_unlock(&ctx->lock); + + if ( drop_ref ) + put_domain(d); +} + +static struct ffa_shm_mem *alloc_ffa_shm_mem(struct domain *d, + unsigned int page_count) +{ + struct ffa_ctx *ctx = d->arch.tee; + struct ffa_shm_mem *shm; + + if ( page_count >= FFA_MAX_SHM_PAGE_COUNT ) + return NULL; + if ( !inc_ctx_shm_count(d, ctx) ) + return NULL; + + shm = xzalloc_flex_struct(struct ffa_shm_mem, pages, page_count); + if ( shm ) + shm->page_count = page_count; + else + dec_ctx_shm_count(d, ctx); + + return shm; +} + +static void free_ffa_shm_mem(struct domain *d, struct ffa_shm_mem *shm) +{ + struct ffa_ctx *ctx = d->arch.tee; + + if ( !shm ) + return; + + dec_ctx_shm_count(d, ctx); + put_shm_pages(shm); + xfree(shm); +} + +static void init_range(struct ffa_address_range *addr_range, + paddr_t pa) +{ + memset(addr_range, 0, sizeof(*addr_range)); + addr_range->address = pa; + addr_range->page_count = 1; +} + +/* + * This function uses the ffa_tx buffer to transmit the memory transaction + * descriptor. The function depends ffa_tx_buffer_lock to be used to guard + * the buffer from concurrent use. + */ +static int share_shm(struct ffa_shm_mem *shm) +{ + const uint32_t max_frag_len = FFA_RXTX_PAGE_COUNT * FFA_PAGE_SIZE; + struct ffa_mem_access *mem_access_array; + struct ffa_mem_transaction_1_1 *descr; + struct ffa_address_range *addr_range; + struct ffa_mem_region *region_descr; + const unsigned int region_count = 1; + void *buf = ffa_tx; + uint32_t frag_len; + uint32_t tot_len; + paddr_t last_pa; + unsigned int n; + paddr_t pa; + + ASSERT(spin_is_locked(&ffa_tx_buffer_lock)); + ASSERT(shm->page_count); + + descr = buf; + memset(descr, 0, sizeof(*descr)); + descr->sender_id = shm->sender_id; + descr->handle = shm->handle; + descr->mem_reg_attr = FFA_NORMAL_MEM_REG_ATTR; + descr->mem_access_count = 1; + descr->mem_access_size = sizeof(*mem_access_array); + descr->mem_access_offs = MEM_ACCESS_OFFSET(0); + + mem_access_array = buf + descr->mem_access_offs; + memset(mem_access_array, 0, sizeof(*mem_access_array)); + mem_access_array[0].access_perm.endpoint_id = shm->ep_id; + mem_access_array[0].access_perm.perm = FFA_MEM_ACC_RW; + mem_access_array[0].region_offs = REGION_OFFSET(descr->mem_access_count, 0); + + region_descr = buf + mem_access_array[0].region_offs; + memset(region_descr, 0, sizeof(*region_descr)); + region_descr->total_page_count = shm->page_count; + + region_descr->address_range_count = 1; + last_pa = page_to_maddr(shm->pages[0]); + for ( n = 1; n < shm->page_count; last_pa = pa, n++ ) + { + pa = page_to_maddr(shm->pages[n]); + if ( last_pa + FFA_PAGE_SIZE == pa ) + continue; + region_descr->address_range_count++; + } + + tot_len = ADDR_RANGE_OFFSET(descr->mem_access_count, region_count, + region_descr->address_range_count); + if ( tot_len > max_frag_len ) + return FFA_RET_NOT_SUPPORTED; + + addr_range = region_descr->address_range_array; + frag_len = ADDR_RANGE_OFFSET(descr->mem_access_count, region_count, 1); + last_pa = page_to_maddr(shm->pages[0]); + init_range(addr_range, last_pa); + for ( n = 1; n < shm->page_count; last_pa = pa, n++ ) + { + pa = page_to_maddr(shm->pages[n]); + if ( last_pa + FFA_PAGE_SIZE == pa ) + { + addr_range->page_count++; + continue; + } + + frag_len += sizeof(*addr_range); + addr_range++; + init_range(addr_range, pa); + } + + return ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle); +} + +static int read_mem_transaction(uint32_t ffa_vers, const void *buf, size_t blen, + struct ffa_mem_transaction_int *trans) +{ + uint16_t mem_reg_attr; + uint32_t flags; + uint32_t count; + uint32_t offs; + uint32_t size; + + if ( ffa_vers >= FFA_VERSION_1_1 ) + { + const struct ffa_mem_transaction_1_1 *descr; + + if ( blen < sizeof(*descr) ) + return FFA_RET_INVALID_PARAMETERS; + + descr = buf; + trans->sender_id = descr->sender_id; + mem_reg_attr = descr->mem_reg_attr; + flags = descr->flags; + trans->handle = descr->handle; + trans->tag = descr->tag; + + count = descr->mem_access_count; + size = descr->mem_access_size; + offs = descr->mem_access_offs; + } + else + { + const struct ffa_mem_transaction_1_0 *descr; + + if ( blen < sizeof(*descr) ) + return FFA_RET_INVALID_PARAMETERS; + + descr = buf; + trans->sender_id = descr->sender_id; + mem_reg_attr = descr->mem_reg_attr; + flags = descr->flags; + trans->handle = descr->handle; + trans->tag = descr->tag; + + count = descr->mem_access_count; + size = sizeof(struct ffa_mem_access); + offs = offsetof(struct ffa_mem_transaction_1_0, mem_access_array); + } + /* + * Make sure that "descr" which is shared with the guest isn't accessed + * again after this point. + */ + barrier(); + + /* + * We're doing a rough check to see that no information is lost when + * tranfering the values into a struct ffa_mem_transaction_int below. + * The fields in struct ffa_mem_transaction_int are wide enough to hold + * any valid value so being out of range means that something is wrong. + */ + if ( mem_reg_attr > UINT8_MAX || flags > UINT8_MAX || size > UINT8_MAX || + count > UINT8_MAX || offs > UINT16_MAX ) + return FFA_RET_INVALID_PARAMETERS; + + /* Check that the endpoint memory access descriptor array fits */ + if ( size * count + offs > blen ) + return FFA_RET_INVALID_PARAMETERS; + + trans->mem_reg_attr = mem_reg_attr; + trans->flags = flags; + trans->mem_access_size = size; + trans->mem_access_count = count; + trans->mem_access_offs = offs; + + return 0; +} + +void ffa_handle_mem_share(struct cpu_user_regs *regs) +{ + uint32_t tot_len = get_user_reg(regs, 1); + uint32_t frag_len = get_user_reg(regs, 2); + uint64_t addr = get_user_reg(regs, 3); + uint32_t page_count = get_user_reg(regs, 4); + const struct ffa_mem_region *region_descr; + const struct ffa_mem_access *mem_access; + struct ffa_mem_transaction_int trans; + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + struct ffa_shm_mem *shm = NULL; + unsigned int last_page_idx = 0; + register_t handle_hi = 0; + register_t handle_lo = 0; + int ret = FFA_RET_DENIED; + uint32_t range_count; + uint32_t region_offs; + + /* + * We're only accepting memory transaction descriptors via the rx/tx + * buffer. + */ + if ( addr ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_set_ret; + } + + /* Check that fragment length doesn't exceed total length */ + if ( frag_len > tot_len ) + { + ret = FFA_RET_INVALID_PARAMETERS; + goto out_set_ret; + } + + /* We currently only support a single fragment */ + if ( frag_len != tot_len ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_set_ret; + } + + if ( !spin_trylock(&ctx->tx_lock) ) + { + ret = FFA_RET_BUSY; + goto out_set_ret; + } + + if ( frag_len > ctx->page_count * FFA_PAGE_SIZE ) + goto out_unlock; + + ret = read_mem_transaction(ctx->guest_vers, ctx->tx, frag_len, &trans); + if ( ret ) + goto out_unlock; + + if ( trans.mem_reg_attr != FFA_NORMAL_MEM_REG_ATTR ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_unlock; + } + + /* Only supports sharing it with one SP for now */ + if ( trans.mem_access_count != 1 ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_unlock; + } + + if ( trans.sender_id != ffa_get_vm_id(d) ) + { + ret = FFA_RET_INVALID_PARAMETERS; + goto out_unlock; + } + + /* Check that it fits in the supplied data */ + if ( trans.mem_access_offs + trans.mem_access_size > frag_len ) + goto out_unlock; + + mem_access = ctx->tx + trans.mem_access_offs; + if ( read_atomic(&mem_access->access_perm.perm) != FFA_MEM_ACC_RW ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_unlock; + } + + region_offs = read_atomic(&mem_access->region_offs); + if ( sizeof(*region_descr) + region_offs > frag_len ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_unlock; + } + + region_descr = ctx->tx + region_offs; + range_count = read_atomic(®ion_descr->address_range_count); + page_count = read_atomic(®ion_descr->total_page_count); + + if ( !page_count ) + { + ret = FFA_RET_INVALID_PARAMETERS; + goto out_unlock; + } + + shm = alloc_ffa_shm_mem(d, page_count); + if ( !shm ) + { + ret = FFA_RET_NO_MEMORY; + goto out_unlock; + } + shm->sender_id = trans.sender_id; + shm->ep_id = read_atomic(&mem_access->access_perm.endpoint_id); + + /* + * Check that the Composite memory region descriptor fits. + */ + if ( sizeof(*region_descr) + region_offs + + range_count * sizeof(struct ffa_address_range) > frag_len ) + { + ret = FFA_RET_INVALID_PARAMETERS; + goto out; + } + + ret = get_shm_pages(d, shm, region_descr->address_range_array, range_count, + 0, &last_page_idx); + if ( ret ) + goto out; + if ( last_page_idx != shm->page_count ) + { + ret = FFA_RET_INVALID_PARAMETERS; + goto out; + } + + /* Note that share_shm() uses our tx buffer */ + spin_lock(&ffa_tx_buffer_lock); + ret = share_shm(shm); + spin_unlock(&ffa_tx_buffer_lock); + if ( ret ) + goto out; + + spin_lock(&ctx->lock); + list_add_tail(&shm->list, &ctx->shm_list); + spin_unlock(&ctx->lock); + + uint64_to_regpair(&handle_hi, &handle_lo, shm->handle); + +out: + if ( ret ) + free_ffa_shm_mem(d, shm); +out_unlock: + spin_unlock(&ctx->tx_lock); + +out_set_ret: + if ( ret == 0) + ffa_set_regs_success(regs, handle_lo, handle_hi); + else + ffa_set_regs_error(regs, ret); +} + +/* Must only be called with ctx->lock held */ +static struct ffa_shm_mem *find_shm_mem(struct ffa_ctx *ctx, uint64_t handle) +{ + struct ffa_shm_mem *shm; + + list_for_each_entry(shm, &ctx->shm_list, list) + if ( shm->handle == handle ) + return shm; + + return NULL; +} + +int ffa_handle_mem_reclaim(uint64_t handle, uint32_t flags) +{ + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + struct ffa_shm_mem *shm; + register_t handle_hi; + register_t handle_lo; + int ret; + + spin_lock(&ctx->lock); + shm = find_shm_mem(ctx, handle); + if ( shm ) + list_del(&shm->list); + spin_unlock(&ctx->lock); + if ( !shm ) + return FFA_RET_INVALID_PARAMETERS; + + uint64_to_regpair(&handle_hi, &handle_lo, handle); + ret = ffa_mem_reclaim(handle_lo, handle_hi, flags); + + if ( ret ) + { + spin_lock(&ctx->lock); + list_add_tail(&shm->list, &ctx->shm_list); + spin_unlock(&ctx->lock); + } + else + { + free_ffa_shm_mem(d, shm); + } + + return ret; +} + +bool ffa_shm_domain_destroy(struct domain *d) +{ + struct ffa_ctx *ctx = d->arch.tee; + struct ffa_shm_mem *shm, *tmp; + int32_t res; + + list_for_each_entry_safe(shm, tmp, &ctx->shm_list, list) + { + register_t handle_hi; + register_t handle_lo; + + uint64_to_regpair(&handle_hi, &handle_lo, shm->handle); + res = ffa_mem_reclaim(handle_lo, handle_hi, 0); + switch ( res ) { + case FFA_RET_OK: + printk(XENLOG_G_DEBUG "%pd: ffa: Reclaimed handle %#lx\n", + d, shm->handle); + list_del(&shm->list); + free_ffa_shm_mem(d, shm); + break; + case FFA_RET_DENIED: + /* + * A temporary error that may get resolved a bit later, it's + * worth retrying. + */ + printk(XENLOG_G_INFO "%pd: ffa: Failed to reclaim handle %#lx : %d\n", + d, shm->handle, res); + break; /* We will retry later */ + default: + /* + * The rest of the error codes are not expected and are assumed + * to be of a permanent nature. It not in our control to handle + * the error properly so the object in this case is to try to + * minimize the damage. + * + * FFA_RET_NO_MEMORY might be a temporary error as it it could + * succeed if retried later, but treat it as permanent for now. + */ + printk(XENLOG_G_INFO "%pd: ffa: Permanent failure to reclaim handle %#lx : %d\n", + d, shm->handle, res); + + /* + * Remove the shm from the list and free it, but don't drop + * references. This results in having the shared physical pages + * permanently allocate and also keeps the domain as a zombie + * domain. + */ + list_del(&shm->list); + xfree(shm); + break; + } + } + + return !ctx->shm_count; +} -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 23:33:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 23:33:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700646.1094119 (Exim 4.92) (envelope-from ) id 1rsA6o-0000DT-RL; Wed, 03 Apr 2024 23:33:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700646.1094119; Wed, 03 Apr 2024 23:33:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6o-0000DM-OX; Wed, 03 Apr 2024 23:33:34 +0000 Received: by outflank-mailman (input) for mailman id 700646; Wed, 03 Apr 2024 23:33:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6o-0000Cz-0I for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6n-0001oy-Vn for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsA6n-0005GJ-V1 for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AOQBqJ5C7mKsOuYRfjS2OUQmQcK8Vi516iE6zP6uGo0=; b=u/7MUpXtapsbmvg1i97GVnv5uT /3+x4nsboNGekeK5DrCjRMMDpn3Yr2bx31iyd4mk5aKAYS9ySaiv1RqDCacnhNxtGWd54Nk8EyLKG yTBZdz624CWegZOb0CcB7zxKNyN7r/L4GD6+o5wUXRnta/RsmHIXkGlxnrEvRjVAG/Vc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: ffa: separate partition info get routines Message-Id: Date: Wed, 03 Apr 2024 23:33:33 +0000 commit bded3e646711e1c7c9bd49e6d85f39bdb4216d93 Author: Jens Wiklander AuthorDate: Mon Mar 25 10:39:02 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:11:01 2024 -0700 xen/arm: ffa: separate partition info get routines Move partition info get routines into a separate file for easier navigation in the source code. Add ffa_partinfo_init(), ffa_partinfo_domain_init(), and ffa_partinfo_domain_destroy() to handle the ffa_partinfo internal things on initialization and teardown. Signed-off-by: Jens Wiklander Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/Makefile | 1 + xen/arch/arm/tee/ffa.c | 359 ++------------------------------------ xen/arch/arm/tee/ffa_partinfo.c | 373 ++++++++++++++++++++++++++++++++++++++++ xen/arch/arm/tee/ffa_private.h | 14 +- 4 files changed, 398 insertions(+), 349 deletions(-) diff --git a/xen/arch/arm/tee/Makefile b/xen/arch/arm/tee/Makefile index 0e683d23aa..be644fba80 100644 --- a/xen/arch/arm/tee/Makefile +++ b/xen/arch/arm/tee/Makefile @@ -1,4 +1,5 @@ obj-$(CONFIG_FFA) += ffa.o obj-$(CONFIG_FFA) += ffa_shm.o +obj-$(CONFIG_FFA) += ffa_partinfo.o obj-y += tee.o obj-$(CONFIG_OPTEE) += optee.o diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index db36292dc5..7a28038814 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -70,20 +70,6 @@ * structs ending with _1_1 are defined in FF-A-1.1-REL0. */ -/* Partition information descriptor */ -struct ffa_partition_info_1_0 { - uint16_t id; - uint16_t execution_context; - uint32_t partition_properties; -}; - -struct ffa_partition_info_1_1 { - uint16_t id; - uint16_t execution_context; - uint32_t partition_properties; - uint8_t uuid[16]; -}; - /* Endpoint RX/TX descriptor */ struct ffa_endpoint_rxtx_descriptor_1_0 { uint16_t sender_id; @@ -102,11 +88,6 @@ struct ffa_endpoint_rxtx_descriptor_1_1 { /* Negotiated FF-A version to use with the SPMC */ static uint32_t __ro_after_init ffa_version; -/* SPs subscribing to VM_CREATE and VM_DESTROYED events */ -static uint16_t *subscr_vm_created __read_mostly; -static uint16_t subscr_vm_created_count __read_mostly; -static uint16_t *subscr_vm_destroyed __read_mostly; -static uint16_t subscr_vm_destroyed_count __read_mostly; /* * Our rx/tx buffers shared with the SPMC. FFA_RXTX_PAGE_COUNT is the @@ -170,90 +151,6 @@ static int32_t ffa_rxtx_map(paddr_t tx_addr, paddr_t rx_addr, return ffa_simple_call(FFA_RXTX_MAP_64, tx_addr, rx_addr, page_count, 0); } -static int32_t ffa_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, - uint32_t w4, uint32_t w5, - uint32_t *count, uint32_t *fpi_size) -{ - const struct arm_smccc_1_2_regs arg = { - .a0 = FFA_PARTITION_INFO_GET, - .a1 = w1, - .a2 = w2, - .a3 = w3, - .a4 = w4, - .a5 = w5, - }; - struct arm_smccc_1_2_regs resp; - uint32_t ret; - - arm_smccc_1_2_smc(&arg, &resp); - - ret = ffa_get_ret_code(&resp); - if ( !ret ) - { - *count = resp.a2; - *fpi_size = resp.a3; - } - - return ret; -} - -static int32_t ffa_rx_release(void) -{ - return ffa_simple_call(FFA_RX_RELEASE, 0, 0, 0, 0); -} - -static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id, - uint8_t msg) -{ - uint32_t exp_resp = FFA_MSG_FLAG_FRAMEWORK; - unsigned int retry_count = 0; - int32_t res; - - if ( msg == FFA_MSG_SEND_VM_CREATED ) - exp_resp |= FFA_MSG_RESP_VM_CREATED; - else if ( msg == FFA_MSG_SEND_VM_DESTROYED ) - exp_resp |= FFA_MSG_RESP_VM_DESTROYED; - else - return FFA_RET_INVALID_PARAMETERS; - - do { - const struct arm_smccc_1_2_regs arg = { - .a0 = FFA_MSG_SEND_DIRECT_REQ_32, - .a1 = sp_id, - .a2 = FFA_MSG_FLAG_FRAMEWORK | msg, - .a5 = vm_id, - }; - struct arm_smccc_1_2_regs resp; - - arm_smccc_1_2_smc(&arg, &resp); - if ( resp.a0 != FFA_MSG_SEND_DIRECT_RESP_32 || resp.a2 != exp_resp ) - { - /* - * This is an invalid response, likely due to some error in the - * implementation of the ABI. - */ - return FFA_RET_INVALID_PARAMETERS; - } - res = resp.a3; - if ( ++retry_count > 10 ) - { - /* - * TODO - * FFA_RET_INTERRUPTED means that the SPMC has a pending - * non-secure interrupt, we need a way of delivering that - * non-secure interrupt. - * FFA_RET_RETRY is the SP telling us that it's temporarily - * blocked from handling the direct request, we need a generic - * way to deal with this. - * For now in both cases, give up after a few retries. - */ - return res; - } - } while ( res == FFA_RET_INTERRUPTED || res == FFA_RET_RETRY ); - - return res; -} - static void handle_version(struct cpu_user_regs *regs) { struct domain *d = current->domain; @@ -371,88 +268,6 @@ static uint32_t ffa_handle_rxtx_unmap(void) return FFA_RET_OK; } -static int32_t ffa_handle_partition_info_get(uint32_t w1, uint32_t w2, - uint32_t w3, uint32_t w4, - uint32_t w5, uint32_t *count, - uint32_t *fpi_size) -{ - int32_t ret = FFA_RET_DENIED; - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - - /* - * FF-A v1.0 has w5 MBZ while v1.1 allows - * FFA_PARTITION_INFO_GET_COUNT_FLAG to be non-zero. - * - * FFA_PARTITION_INFO_GET_COUNT is only using registers and not the - * rxtx buffer so do the partition_info_get directly. - */ - if ( w5 == FFA_PARTITION_INFO_GET_COUNT_FLAG && - ctx->guest_vers == FFA_VERSION_1_1 ) - return ffa_partition_info_get(w1, w2, w3, w4, w5, count, fpi_size); - if ( w5 ) - return FFA_RET_INVALID_PARAMETERS; - - if ( !ffa_rx ) - return FFA_RET_DENIED; - - if ( !spin_trylock(&ctx->rx_lock) ) - return FFA_RET_BUSY; - - if ( !ctx->page_count || !ctx->rx_is_free ) - goto out; - spin_lock(&ffa_rx_buffer_lock); - ret = ffa_partition_info_get(w1, w2, w3, w4, w5, count, fpi_size); - if ( ret ) - goto out_rx_buf_unlock; - /* - * ffa_partition_info_get() succeeded so we now own the RX buffer we - * share with the SPMC. We must give it back using ffa_rx_release() - * once we've copied the content. - */ - - if ( ctx->guest_vers == FFA_VERSION_1_0 ) - { - size_t n; - struct ffa_partition_info_1_1 *src = ffa_rx; - struct ffa_partition_info_1_0 *dst = ctx->rx; - - if ( ctx->page_count * FFA_PAGE_SIZE < *count * sizeof(*dst) ) - { - ret = FFA_RET_NO_MEMORY; - goto out_rx_release; - } - - for ( n = 0; n < *count; n++ ) - { - dst[n].id = src[n].id; - dst[n].execution_context = src[n].execution_context; - dst[n].partition_properties = src[n].partition_properties; - } - } - else - { - size_t sz = *count * *fpi_size; - - if ( ctx->page_count * FFA_PAGE_SIZE < sz ) - { - ret = FFA_RET_NO_MEMORY; - goto out_rx_release; - } - - memcpy(ctx->rx, ffa_rx, sz); - } - ctx->rx_is_free = false; -out_rx_release: - ffa_rx_release(); -out_rx_buf_unlock: - spin_unlock(&ffa_rx_buffer_lock); -out: - spin_unlock(&ctx->rx_lock); - - return ret; -} - static int32_t ffa_handle_rx_release(void) { int32_t ret = FFA_RET_DENIED; @@ -604,46 +419,9 @@ static bool ffa_handle_call(struct cpu_user_regs *regs) } } -static bool is_in_subscr_list(const uint16_t *subscr, uint16_t start, - uint16_t end, uint16_t sp_id) -{ - unsigned int n; - - for ( n = start; n < end; n++ ) - { - if ( subscr[n] == sp_id ) - return true; - } - - return false; -} - -static void vm_destroy_bitmap_init(struct ffa_ctx *ctx, - unsigned int create_signal_count) -{ - unsigned int n; - - for ( n = 0; n < subscr_vm_destroyed_count; n++ ) - { - /* - * Skip SPs subscribed to the VM created event that never was - * notified of the VM creation due to an error during - * ffa_domain_init(). - */ - if ( is_in_subscr_list(subscr_vm_created, create_signal_count, - subscr_vm_created_count, - subscr_vm_destroyed[n]) ) - continue; - - set_bit(n, ctx->vm_destroy_bitmap); - } -} - static int ffa_domain_init(struct domain *d) { struct ffa_ctx *ctx; - unsigned int n; - int32_t res; if ( !ffa_version ) return -ENODEV; @@ -654,8 +432,7 @@ static int ffa_domain_init(struct domain *d) if ( d->domain_id >= UINT16_MAX) return -ERANGE; - ctx = xzalloc_flex_struct(struct ffa_ctx, vm_destroy_bitmap, - BITS_TO_LONGS(subscr_vm_destroyed_count)); + ctx = xzalloc(struct ffa_ctx); if ( !ctx ) return -ENOMEM; @@ -663,66 +440,28 @@ static int ffa_domain_init(struct domain *d) ctx->teardown_d = d; INIT_LIST_HEAD(&ctx->shm_list); - for ( n = 0; n < subscr_vm_created_count; n++ ) - { - res = ffa_direct_req_send_vm(subscr_vm_created[n], ffa_get_vm_id(d), - FFA_MSG_SEND_VM_CREATED); - if ( res ) - { - printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u to %u: res %d\n", - ffa_get_vm_id(d), subscr_vm_created[n], res); - break; - } - } - vm_destroy_bitmap_init(ctx, n); - if ( n != subscr_vm_created_count ) + /* + * ffa_domain_teardown() will be called if ffa_domain_init() returns an + * error, so no need for cleanup in this function. + */ + + if ( !ffa_partinfo_domain_init(d) ) return -EIO; return 0; } -static void send_vm_destroyed(struct domain *d) -{ - struct ffa_ctx *ctx = d->arch.tee; - unsigned int n; - int32_t res; - - for ( n = 0; n < subscr_vm_destroyed_count; n++ ) - { - if ( !test_bit(n, ctx->vm_destroy_bitmap) ) - continue; - - res = ffa_direct_req_send_vm(subscr_vm_destroyed[n], ffa_get_vm_id(d), - FFA_MSG_SEND_VM_DESTROYED); - - if ( res ) - { - printk(XENLOG_ERR "%pd: ffa: Failed to report destruction of vm_id %u to %u: res %d\n", - d, ffa_get_vm_id(d), subscr_vm_destroyed[n], res); - } - - /* - * For these two error codes the hypervisor is expected to resend - * the destruction message. For the rest it is expected that the - * error is permanent and that is doesn't help to resend the - * destruction message. - */ - if ( res != FFA_RET_INTERRUPTED && res != FFA_RET_RETRY ) - clear_bit(n, ctx->vm_destroy_bitmap); - } -} - static void ffa_domain_teardown_continue(struct ffa_ctx *ctx, bool first_time) { struct ffa_ctx *next_ctx = NULL; bool retry = false; - send_vm_destroyed(ctx->teardown_d); + if ( !ffa_partinfo_domain_destroy(ctx->teardown_d) ) + retry = true; if ( !ffa_shm_domain_destroy(ctx->teardown_d) ) retry = true; - if ( retry || - !bitmap_empty(ctx->vm_destroy_bitmap, subscr_vm_destroyed_count) ) + if ( retry ) { printk(XENLOG_G_INFO "%pd: ffa: Remaining cleanup, retrying\n", ctx->teardown_d); @@ -796,82 +535,6 @@ static int ffa_relinquish_resources(struct domain *d) return 0; } -static void uninit_subscribers(void) -{ - subscr_vm_created_count = 0; - subscr_vm_destroyed_count = 0; - XFREE(subscr_vm_created); - XFREE(subscr_vm_destroyed); -} - -static bool init_subscribers(struct ffa_partition_info_1_1 *fpi, uint16_t count) -{ - uint16_t n; - uint16_t c_pos; - uint16_t d_pos; - - subscr_vm_created_count = 0; - subscr_vm_destroyed_count = 0; - for ( n = 0; n < count; n++ ) - { - if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED ) - subscr_vm_created_count++; - if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED ) - subscr_vm_destroyed_count++; - } - - if ( subscr_vm_created_count ) - subscr_vm_created = xzalloc_array(uint16_t, subscr_vm_created_count); - if ( subscr_vm_destroyed_count ) - subscr_vm_destroyed = xzalloc_array(uint16_t, - subscr_vm_destroyed_count); - if ( (subscr_vm_created_count && !subscr_vm_created) || - (subscr_vm_destroyed_count && !subscr_vm_destroyed) ) - { - printk(XENLOG_ERR "ffa: Failed to allocate subscription lists\n"); - uninit_subscribers(); - return false; - } - - for ( c_pos = 0, d_pos = 0, n = 0; n < count; n++ ) - { - if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED ) - subscr_vm_created[c_pos++] = fpi[n].id; - if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED ) - subscr_vm_destroyed[d_pos++] = fpi[n].id; - } - - return true; -} - -static bool init_sps(void) -{ - bool ret = false; - uint32_t fpi_size; - uint32_t count; - int e; - - e = ffa_partition_info_get(0, 0, 0, 0, 0, &count, &fpi_size); - if ( e ) - { - printk(XENLOG_ERR "ffa: Failed to get list of SPs: %d\n", e); - goto out; - } - - if ( count >= UINT16_MAX ) - { - printk(XENLOG_ERR "ffa: Impossible number of SPs: %u\n", count); - goto out; - } - - ret = init_subscribers(ffa_rx, count); - -out: - ffa_rx_release(); - - return ret; -} - static bool ffa_probe(void) { uint32_t vers; @@ -949,7 +612,7 @@ static bool ffa_probe(void) } ffa_version = vers; - if ( !init_sps() ) + if ( !ffa_partinfo_init() ) goto err_free_ffa_tx; INIT_LIST_HEAD(&ffa_teardown_head); diff --git a/xen/arch/arm/tee/ffa_partinfo.c b/xen/arch/arm/tee/ffa_partinfo.c new file mode 100644 index 0000000000..dc10595848 --- /dev/null +++ b/xen/arch/arm/tee/ffa_partinfo.c @@ -0,0 +1,373 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2024 Linaro Limited + */ + +#include +#include +#include + +#include +#include + +#include "ffa_private.h" + +/* Partition information descriptor defined in FF-A-1.0-REL */ +struct ffa_partition_info_1_0 { + uint16_t id; + uint16_t execution_context; + uint32_t partition_properties; +}; + +/* Partition information descriptor defined in FF-A-1.1-REL0 */ +struct ffa_partition_info_1_1 { + uint16_t id; + uint16_t execution_context; + uint32_t partition_properties; + uint8_t uuid[16]; +}; + +/* SPs subscribing to VM_CREATE and VM_DESTROYED events */ +static uint16_t *subscr_vm_created __read_mostly; +static uint16_t subscr_vm_created_count __read_mostly; +static uint16_t *subscr_vm_destroyed __read_mostly; +static uint16_t subscr_vm_destroyed_count __read_mostly; + +static int32_t ffa_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, + uint32_t w4, uint32_t w5, uint32_t *count, + uint32_t *fpi_size) +{ + const struct arm_smccc_1_2_regs arg = { + .a0 = FFA_PARTITION_INFO_GET, + .a1 = w1, + .a2 = w2, + .a3 = w3, + .a4 = w4, + .a5 = w5, + }; + struct arm_smccc_1_2_regs resp; + uint32_t ret; + + arm_smccc_1_2_smc(&arg, &resp); + + ret = ffa_get_ret_code(&resp); + if ( !ret ) + { + *count = resp.a2; + *fpi_size = resp.a3; + } + + return ret; +} + +int32_t ffa_handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, + uint32_t w4, uint32_t w5, uint32_t *count, + uint32_t *fpi_size) +{ + int32_t ret = FFA_RET_DENIED; + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + + /* + * FF-A v1.0 has w5 MBZ while v1.1 allows + * FFA_PARTITION_INFO_GET_COUNT_FLAG to be non-zero. + * + * FFA_PARTITION_INFO_GET_COUNT is only using registers and not the + * rxtx buffer so do the partition_info_get directly. + */ + if ( w5 == FFA_PARTITION_INFO_GET_COUNT_FLAG && + ctx->guest_vers == FFA_VERSION_1_1 ) + return ffa_partition_info_get(w1, w2, w3, w4, w5, count, fpi_size); + if ( w5 ) + return FFA_RET_INVALID_PARAMETERS; + + if ( !ffa_rx ) + return FFA_RET_DENIED; + + if ( !spin_trylock(&ctx->rx_lock) ) + return FFA_RET_BUSY; + + if ( !ctx->page_count || !ctx->rx_is_free ) + goto out; + spin_lock(&ffa_rx_buffer_lock); + ret = ffa_partition_info_get(w1, w2, w3, w4, w5, count, fpi_size); + if ( ret ) + goto out_rx_buf_unlock; + /* + * ffa_partition_info_get() succeeded so we now own the RX buffer we + * share with the SPMC. We must give it back using ffa_rx_release() + * once we've copied the content. + */ + + if ( ctx->guest_vers == FFA_VERSION_1_0 ) + { + size_t n; + struct ffa_partition_info_1_1 *src = ffa_rx; + struct ffa_partition_info_1_0 *dst = ctx->rx; + + if ( ctx->page_count * FFA_PAGE_SIZE < *count * sizeof(*dst) ) + { + ret = FFA_RET_NO_MEMORY; + goto out_rx_release; + } + + for ( n = 0; n < *count; n++ ) + { + dst[n].id = src[n].id; + dst[n].execution_context = src[n].execution_context; + dst[n].partition_properties = src[n].partition_properties; + } + } + else + { + size_t sz = *count * *fpi_size; + + if ( ctx->page_count * FFA_PAGE_SIZE < sz ) + { + ret = FFA_RET_NO_MEMORY; + goto out_rx_release; + } + + memcpy(ctx->rx, ffa_rx, sz); + } + ctx->rx_is_free = false; +out_rx_release: + ffa_rx_release(); +out_rx_buf_unlock: + spin_unlock(&ffa_rx_buffer_lock); +out: + spin_unlock(&ctx->rx_lock); + + return ret; +} + +static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id, + uint8_t msg) +{ + uint32_t exp_resp = FFA_MSG_FLAG_FRAMEWORK; + unsigned int retry_count = 0; + int32_t res; + + if ( msg == FFA_MSG_SEND_VM_CREATED ) + exp_resp |= FFA_MSG_RESP_VM_CREATED; + else if ( msg == FFA_MSG_SEND_VM_DESTROYED ) + exp_resp |= FFA_MSG_RESP_VM_DESTROYED; + else + return FFA_RET_INVALID_PARAMETERS; + + do { + const struct arm_smccc_1_2_regs arg = { + .a0 = FFA_MSG_SEND_DIRECT_REQ_32, + .a1 = sp_id, + .a2 = FFA_MSG_FLAG_FRAMEWORK | msg, + .a5 = vm_id, + }; + struct arm_smccc_1_2_regs resp; + + arm_smccc_1_2_smc(&arg, &resp); + if ( resp.a0 != FFA_MSG_SEND_DIRECT_RESP_32 || resp.a2 != exp_resp ) + { + /* + * This is an invalid response, likely due to some error in the + * implementation of the ABI. + */ + return FFA_RET_INVALID_PARAMETERS; + } + res = resp.a3; + if ( ++retry_count > 10 ) + { + /* + * TODO + * FFA_RET_INTERRUPTED means that the SPMC has a pending + * non-secure interrupt, we need a way of delivering that + * non-secure interrupt. + * FFA_RET_RETRY is the SP telling us that it's temporarily + * blocked from handling the direct request, we need a generic + * way to deal with this. + * For now in both cases, give up after a few retries. + */ + return res; + } + } while ( res == FFA_RET_INTERRUPTED || res == FFA_RET_RETRY ); + + return res; +} + +static void uninit_subscribers(void) +{ + subscr_vm_created_count = 0; + subscr_vm_destroyed_count = 0; + XFREE(subscr_vm_created); + XFREE(subscr_vm_destroyed); +} + +static bool init_subscribers(struct ffa_partition_info_1_1 *fpi, uint16_t count) +{ + uint16_t n; + uint16_t c_pos; + uint16_t d_pos; + + subscr_vm_created_count = 0; + subscr_vm_destroyed_count = 0; + for ( n = 0; n < count; n++ ) + { + if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED ) + subscr_vm_created_count++; + if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED ) + subscr_vm_destroyed_count++; + } + + if ( subscr_vm_created_count ) + subscr_vm_created = xzalloc_array(uint16_t, subscr_vm_created_count); + if ( subscr_vm_destroyed_count ) + subscr_vm_destroyed = xzalloc_array(uint16_t, + subscr_vm_destroyed_count); + if ( (subscr_vm_created_count && !subscr_vm_created) || + (subscr_vm_destroyed_count && !subscr_vm_destroyed) ) + { + printk(XENLOG_ERR "ffa: Failed to allocate subscription lists\n"); + uninit_subscribers(); + return false; + } + + for ( c_pos = 0, d_pos = 0, n = 0; n < count; n++ ) + { + if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED ) + subscr_vm_created[c_pos++] = fpi[n].id; + if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED ) + subscr_vm_destroyed[d_pos++] = fpi[n].id; + } + + return true; +} + + + +bool ffa_partinfo_init(void) +{ + bool ret = false; + uint32_t fpi_size; + uint32_t count; + int e; + + e = ffa_partition_info_get(0, 0, 0, 0, 0, &count, &fpi_size); + if ( e ) + { + printk(XENLOG_ERR "ffa: Failed to get list of SPs: %d\n", e); + goto out; + } + + if ( count >= UINT16_MAX ) + { + printk(XENLOG_ERR "ffa: Impossible number of SPs: %u\n", count); + goto out; + } + + ret = init_subscribers(ffa_rx, count); + +out: + ffa_rx_release(); + + return ret; +} + +static bool is_in_subscr_list(const uint16_t *subscr, uint16_t start, + uint16_t end, uint16_t sp_id) +{ + unsigned int n; + + for ( n = start; n < end; n++ ) + { + if ( subscr[n] == sp_id ) + return true; + } + + return false; +} + +static void vm_destroy_bitmap_init(struct ffa_ctx *ctx, + unsigned int create_signal_count) +{ + unsigned int n; + + for ( n = 0; n < subscr_vm_destroyed_count; n++ ) + { + /* + * Skip SPs subscribed to the VM created event that never was + * notified of the VM creation due to an error during + * ffa_domain_init(). + */ + if ( is_in_subscr_list(subscr_vm_created, create_signal_count, + subscr_vm_created_count, + subscr_vm_destroyed[n]) ) + continue; + + set_bit(n, ctx->vm_destroy_bitmap); + } +} + +bool ffa_partinfo_domain_init(struct domain *d) +{ + unsigned int count = BITS_TO_LONGS(subscr_vm_destroyed_count); + struct ffa_ctx *ctx = d->arch.tee; + unsigned int n; + int32_t res; + + ctx->vm_destroy_bitmap = xzalloc_array(unsigned long, count); + if ( !ctx->vm_destroy_bitmap ) + return false; + + for ( n = 0; n < subscr_vm_created_count; n++ ) + { + res = ffa_direct_req_send_vm(subscr_vm_created[n], ffa_get_vm_id(d), + FFA_MSG_SEND_VM_CREATED); + if ( res ) + { + printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u to %u: res %d\n", + ffa_get_vm_id(d), subscr_vm_created[n], res); + break; + } + } + vm_destroy_bitmap_init(ctx, n); + + return n == subscr_vm_created_count; +} + +bool ffa_partinfo_domain_destroy(struct domain *d) +{ + struct ffa_ctx *ctx = d->arch.tee; + unsigned int n; + int32_t res; + + if ( !ctx->vm_destroy_bitmap ) + return true; + + for ( n = 0; n < subscr_vm_destroyed_count; n++ ) + { + if ( !test_bit(n, ctx->vm_destroy_bitmap) ) + continue; + + res = ffa_direct_req_send_vm(subscr_vm_destroyed[n], ffa_get_vm_id(d), + FFA_MSG_SEND_VM_DESTROYED); + + if ( res ) + { + printk(XENLOG_ERR "%pd: ffa: Failed to report destruction of vm_id %u to %u: res %d\n", + d, ffa_get_vm_id(d), subscr_vm_destroyed[n], res); + } + + /* + * For these two error codes the hypervisor is expected to resend + * the destruction message. For the rest it is expected that the + * error is permanent and that is doesn't help to resend the + * destruction message. + */ + if ( res != FFA_RET_INTERRUPTED && res != FFA_RET_RETRY ) + clear_bit(n, ctx->vm_destroy_bitmap); + } + + if ( bitmap_empty(ctx->vm_destroy_bitmap, subscr_vm_destroyed_count) ) + XFREE(ctx->vm_destroy_bitmap); + + return !ctx->vm_destroy_bitmap; +} diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h index f3e2f42e57..6b32b69cfe 100644 --- a/xen/arch/arm/tee/ffa_private.h +++ b/xen/arch/arm/tee/ffa_private.h @@ -244,7 +244,7 @@ struct ffa_ctx { * Used for ffa_domain_teardown() to keep track of which SPs should be * notified that this guest is being destroyed. */ - unsigned long vm_destroy_bitmap[]; + unsigned long *vm_destroy_bitmap; }; extern void *ffa_rx; @@ -256,6 +256,13 @@ bool ffa_shm_domain_destroy(struct domain *d); void ffa_handle_mem_share(struct cpu_user_regs *regs); int ffa_handle_mem_reclaim(uint64_t handle, uint32_t flags); +bool ffa_partinfo_init(void); +bool ffa_partinfo_domain_init(struct domain *d); +bool ffa_partinfo_domain_destroy(struct domain *d); +int32_t ffa_handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, + uint32_t w4, uint32_t w5, uint32_t *count, + uint32_t *fpi_size); + static inline uint16_t ffa_get_vm_id(const struct domain *d) { @@ -325,4 +332,9 @@ static inline int32_t ffa_simple_call(uint32_t fid, register_t a1, return ffa_get_ret_code(&resp); } +static inline int32_t ffa_rx_release(void) +{ + return ffa_simple_call(FFA_RX_RELEASE, 0, 0, 0, 0); +} + #endif /*__FFA_PRIVATE_H__*/ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 23:33:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 23:33:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700647.1094123 (Exim 4.92) (envelope-from ) id 1rsA6z-0000P3-T9; Wed, 03 Apr 2024 23:33:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700647.1094123; Wed, 03 Apr 2024 23:33:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6z-0000Ow-QE; Wed, 03 Apr 2024 23:33:45 +0000 Received: by outflank-mailman (input) for mailman id 700647; Wed, 03 Apr 2024 23:33:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6y-0000N7-3L for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA6y-0001p9-2Z for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsA6y-0005Gl-1e for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=K6Uf2/Ku4VP58stIOGqsWU0QxNUwUNbhpD34jIwbxGk=; b=qFn/LWwRgeiFSQ6GnUScp03orN NRelLANh3QX4sWDdIxM4MUguScmdj98/vhCP63I68LYtgCUnQ4+wShxJOwIPPXSe96iNVeweufv2u /vizJXQGPHXO5p3JoI12spayq4hK6cMmAcEAiKundKJQfmCq4e1mrpwO7KwD4U2GuxRU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: ffa: separate rxtx buffer routines Message-Id: Date: Wed, 03 Apr 2024 23:33:44 +0000 commit be75f686eb038e7df81c0d68944f1e280bc64db7 Author: Jens Wiklander AuthorDate: Mon Mar 25 10:39:03 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:11:01 2024 -0700 xen/arm: ffa: separate rxtx buffer routines Move rxtx buffer routines into a spearate file for easier navigation in the source code. Add ffa_rxtx_init(), ffa_rxtx_destroy(), and ffa_rxtx_domain_destroy() to handle the ffa_rxtx internal things on initialization and teardown. Signed-off-by: Jens Wiklander Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/Makefile | 1 + xen/arch/arm/tee/ffa.c | 174 +-------------------------------- xen/arch/arm/tee/ffa_private.h | 7 ++ xen/arch/arm/tee/ffa_rxtx.c | 216 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 229 insertions(+), 169 deletions(-) diff --git a/xen/arch/arm/tee/Makefile b/xen/arch/arm/tee/Makefile index be644fba80..f0112a2f92 100644 --- a/xen/arch/arm/tee/Makefile +++ b/xen/arch/arm/tee/Makefile @@ -1,5 +1,6 @@ obj-$(CONFIG_FFA) += ffa.o obj-$(CONFIG_FFA) += ffa_shm.o obj-$(CONFIG_FFA) += ffa_partinfo.o +obj-$(CONFIG_FFA) += ffa_rxtx.o obj-y += tee.o obj-$(CONFIG_OPTEE) += optee.o diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index 7a28038814..4f7775b8c8 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -65,26 +65,6 @@ #include "ffa_private.h" -/* - * Structs below ending with _1_0 are defined in FF-A-1.0-REL and - * structs ending with _1_1 are defined in FF-A-1.1-REL0. - */ - -/* Endpoint RX/TX descriptor */ -struct ffa_endpoint_rxtx_descriptor_1_0 { - uint16_t sender_id; - uint16_t reserved; - uint32_t rx_range_count; - uint32_t tx_range_count; -}; - -struct ffa_endpoint_rxtx_descriptor_1_1 { - uint16_t sender_id; - uint16_t reserved; - uint32_t rx_region_offs; - uint32_t tx_region_offs; -}; - /* Negotiated FF-A version to use with the SPMC */ static uint32_t __ro_after_init ffa_version; @@ -145,12 +125,6 @@ static bool check_mandatory_feature(uint32_t id) return !ret; } -static int32_t ffa_rxtx_map(paddr_t tx_addr, paddr_t rx_addr, - uint32_t page_count) -{ - return ffa_simple_call(FFA_RXTX_MAP_64, tx_addr, rx_addr, page_count, 0); -} - static void handle_version(struct cpu_user_regs *regs) { struct domain *d = current->domain; @@ -166,127 +140,6 @@ static void handle_version(struct cpu_user_regs *regs) ffa_set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0); } -static uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t tx_addr, - register_t rx_addr, uint32_t page_count) -{ - uint32_t ret = FFA_RET_INVALID_PARAMETERS; - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - struct page_info *tx_pg; - struct page_info *rx_pg; - p2m_type_t t; - void *rx; - void *tx; - - if ( !smccc_is_conv_64(fid) ) - { - /* - * Calls using the 32-bit calling convention must ignore the upper - * 32 bits in the argument registers. - */ - tx_addr &= UINT32_MAX; - rx_addr &= UINT32_MAX; - } - - if ( page_count > FFA_MAX_RXTX_PAGE_COUNT ) - { - printk(XENLOG_ERR "ffa: RXTX_MAP: error: %u pages requested (limit %u)\n", - page_count, FFA_MAX_RXTX_PAGE_COUNT); - return FFA_RET_INVALID_PARAMETERS; - } - - /* Already mapped */ - if ( ctx->rx ) - return FFA_RET_DENIED; - - tx_pg = get_page_from_gfn(d, gfn_x(gaddr_to_gfn(tx_addr)), &t, P2M_ALLOC); - if ( !tx_pg ) - return FFA_RET_INVALID_PARAMETERS; - - /* Only normal RW RAM for now */ - if ( t != p2m_ram_rw ) - goto err_put_tx_pg; - - rx_pg = get_page_from_gfn(d, gfn_x(gaddr_to_gfn(rx_addr)), &t, P2M_ALLOC); - if ( !tx_pg ) - goto err_put_tx_pg; - - /* Only normal RW RAM for now */ - if ( t != p2m_ram_rw ) - goto err_put_rx_pg; - - tx = __map_domain_page_global(tx_pg); - if ( !tx ) - goto err_put_rx_pg; - - rx = __map_domain_page_global(rx_pg); - if ( !rx ) - goto err_unmap_tx; - - ctx->rx = rx; - ctx->tx = tx; - ctx->rx_pg = rx_pg; - ctx->tx_pg = tx_pg; - ctx->page_count = page_count; - ctx->rx_is_free = true; - return FFA_RET_OK; - -err_unmap_tx: - unmap_domain_page_global(tx); -err_put_rx_pg: - put_page(rx_pg); -err_put_tx_pg: - put_page(tx_pg); - - return ret; -} - -static void rxtx_unmap(struct ffa_ctx *ctx) -{ - unmap_domain_page_global(ctx->rx); - unmap_domain_page_global(ctx->tx); - put_page(ctx->rx_pg); - put_page(ctx->tx_pg); - ctx->rx = NULL; - ctx->tx = NULL; - ctx->rx_pg = NULL; - ctx->tx_pg = NULL; - ctx->page_count = 0; - ctx->rx_is_free = false; -} - -static uint32_t ffa_handle_rxtx_unmap(void) -{ - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - - if ( !ctx->rx ) - return FFA_RET_INVALID_PARAMETERS; - - rxtx_unmap(ctx); - - return FFA_RET_OK; -} - -static int32_t ffa_handle_rx_release(void) -{ - int32_t ret = FFA_RET_DENIED; - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - - if ( !spin_trylock(&ctx->rx_lock) ) - return FFA_RET_BUSY; - - if ( !ctx->page_count || ctx->rx_is_free ) - goto out; - ret = FFA_RET_OK; - ctx->rx_is_free = true; -out: - spin_unlock(&ctx->rx_lock); - - return ret; -} - static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid) { struct arm_smccc_1_2_regs arg = { .a0 = fid, }; @@ -522,8 +375,7 @@ static int ffa_domain_teardown(struct domain *d) if ( !ctx ) return 0; - if ( ctx->rx ) - rxtx_unmap(ctx); + ffa_rxtx_domain_destroy(d); ffa_domain_teardown_continue(ctx, true /* first_time */); @@ -538,7 +390,6 @@ static int ffa_relinquish_resources(struct domain *d) static bool ffa_probe(void) { uint32_t vers; - int e; unsigned int major_vers; unsigned int minor_vers; @@ -596,36 +447,21 @@ static bool ffa_probe(void) !check_mandatory_feature(FFA_MSG_SEND_DIRECT_REQ_32) ) return false; - ffa_rx = alloc_xenheap_pages(get_order_from_pages(FFA_RXTX_PAGE_COUNT), 0); - if ( !ffa_rx ) + if ( !ffa_rxtx_init() ) return false; - ffa_tx = alloc_xenheap_pages(get_order_from_pages(FFA_RXTX_PAGE_COUNT), 0); - if ( !ffa_tx ) - goto err_free_ffa_rx; - - e = ffa_rxtx_map(__pa(ffa_tx), __pa(ffa_rx), FFA_RXTX_PAGE_COUNT); - if ( e ) - { - printk(XENLOG_ERR "ffa: Failed to map rxtx: error %d\n", e); - goto err_free_ffa_tx; - } ffa_version = vers; if ( !ffa_partinfo_init() ) - goto err_free_ffa_tx; + goto err_rxtx_destroy; INIT_LIST_HEAD(&ffa_teardown_head); init_timer(&ffa_teardown_timer, ffa_teardown_timer_callback, NULL, 0); return true; -err_free_ffa_tx: - free_xenheap_pages(ffa_tx, 0); - ffa_tx = NULL; -err_free_ffa_rx: - free_xenheap_pages(ffa_rx, 0); - ffa_rx = NULL; +err_rxtx_destroy: + ffa_rxtx_destroy(); ffa_version = 0; return false; diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h index 6b32b69cfe..98236cbf14 100644 --- a/xen/arch/arm/tee/ffa_private.h +++ b/xen/arch/arm/tee/ffa_private.h @@ -263,6 +263,13 @@ int32_t ffa_handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, uint32_t w4, uint32_t w5, uint32_t *count, uint32_t *fpi_size); +bool ffa_rxtx_init(void); +void ffa_rxtx_destroy(void); +void ffa_rxtx_domain_destroy(struct domain *d); +uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t tx_addr, + register_t rx_addr, uint32_t page_count); +uint32_t ffa_handle_rxtx_unmap(void); +int32_t ffa_handle_rx_release(void); static inline uint16_t ffa_get_vm_id(const struct domain *d) { diff --git a/xen/arch/arm/tee/ffa_rxtx.c b/xen/arch/arm/tee/ffa_rxtx.c new file mode 100644 index 0000000000..661764052e --- /dev/null +++ b/xen/arch/arm/tee/ffa_rxtx.c @@ -0,0 +1,216 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2024 Linaro Limited + */ + +#include +#include +#include +#include +#include + +#include +#include + +#include "ffa_private.h" + +/* Endpoint RX/TX descriptor defined in FF-A-1.0-REL */ +struct ffa_endpoint_rxtx_descriptor_1_0 { + uint16_t sender_id; + uint16_t reserved; + uint32_t rx_range_count; + uint32_t tx_range_count; +}; + +/* Endpoint RX/TX descriptor defined in FF-A-1.1-REL0 */ +struct ffa_endpoint_rxtx_descriptor_1_1 { + uint16_t sender_id; + uint16_t reserved; + uint32_t rx_region_offs; + uint32_t tx_region_offs; +}; + +uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t tx_addr, + register_t rx_addr, uint32_t page_count) +{ + uint32_t ret = FFA_RET_INVALID_PARAMETERS; + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + struct page_info *tx_pg; + struct page_info *rx_pg; + p2m_type_t t; + void *rx; + void *tx; + + if ( !smccc_is_conv_64(fid) ) + { + /* + * Calls using the 32-bit calling convention must ignore the upper + * 32 bits in the argument registers. + */ + tx_addr &= UINT32_MAX; + rx_addr &= UINT32_MAX; + } + + if ( page_count > FFA_MAX_RXTX_PAGE_COUNT ) + { + printk(XENLOG_ERR "ffa: RXTX_MAP: error: %u pages requested (limit %u)\n", + page_count, FFA_MAX_RXTX_PAGE_COUNT); + return FFA_RET_INVALID_PARAMETERS; + } + + /* Already mapped */ + if ( ctx->rx ) + return FFA_RET_DENIED; + + tx_pg = get_page_from_gfn(d, gfn_x(gaddr_to_gfn(tx_addr)), &t, P2M_ALLOC); + if ( !tx_pg ) + return FFA_RET_INVALID_PARAMETERS; + + /* Only normal RW RAM for now */ + if ( t != p2m_ram_rw ) + goto err_put_tx_pg; + + rx_pg = get_page_from_gfn(d, gfn_x(gaddr_to_gfn(rx_addr)), &t, P2M_ALLOC); + if ( !tx_pg ) + goto err_put_tx_pg; + + /* Only normal RW RAM for now */ + if ( t != p2m_ram_rw ) + goto err_put_rx_pg; + + tx = __map_domain_page_global(tx_pg); + if ( !tx ) + goto err_put_rx_pg; + + rx = __map_domain_page_global(rx_pg); + if ( !rx ) + goto err_unmap_tx; + + ctx->rx = rx; + ctx->tx = tx; + ctx->rx_pg = rx_pg; + ctx->tx_pg = tx_pg; + ctx->page_count = page_count; + ctx->rx_is_free = true; + return FFA_RET_OK; + +err_unmap_tx: + unmap_domain_page_global(tx); +err_put_rx_pg: + put_page(rx_pg); +err_put_tx_pg: + put_page(tx_pg); + + return ret; +} + +static void rxtx_unmap(struct ffa_ctx *ctx) +{ + unmap_domain_page_global(ctx->rx); + unmap_domain_page_global(ctx->tx); + put_page(ctx->rx_pg); + put_page(ctx->tx_pg); + ctx->rx = NULL; + ctx->tx = NULL; + ctx->rx_pg = NULL; + ctx->tx_pg = NULL; + ctx->page_count = 0; + ctx->rx_is_free = false; +} + +uint32_t ffa_handle_rxtx_unmap(void) +{ + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + + if ( !ctx->rx ) + return FFA_RET_INVALID_PARAMETERS; + + rxtx_unmap(ctx); + + return FFA_RET_OK; +} + +int32_t ffa_handle_rx_release(void) +{ + int32_t ret = FFA_RET_DENIED; + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + + if ( !spin_trylock(&ctx->rx_lock) ) + return FFA_RET_BUSY; + + if ( !ctx->page_count || ctx->rx_is_free ) + goto out; + ret = FFA_RET_OK; + ctx->rx_is_free = true; +out: + spin_unlock(&ctx->rx_lock); + + return ret; +} + +static int32_t ffa_rxtx_map(paddr_t tx_addr, paddr_t rx_addr, + uint32_t page_count) +{ + return ffa_simple_call(FFA_RXTX_MAP_64, tx_addr, rx_addr, page_count, 0); +} + +static int32_t ffa_rxtx_unmap(void) +{ + return ffa_simple_call(FFA_RXTX_UNMAP, 0, 0, 0, 0); +} + +void ffa_rxtx_domain_destroy(struct domain *d) +{ + struct ffa_ctx *ctx = d->arch.tee; + + if ( ctx->rx ) + rxtx_unmap(ctx); +} + +void ffa_rxtx_destroy(void) +{ + bool need_unmap = ffa_tx && ffa_rx; + + if ( ffa_tx ) + { + free_xenheap_pages(ffa_tx, 0); + ffa_tx = NULL; + } + if ( ffa_rx ) + { + free_xenheap_pages(ffa_rx, 0); + ffa_rx = NULL; + } + + if ( need_unmap ) + ffa_rxtx_unmap(); +} + +bool ffa_rxtx_init(void) +{ + int e; + + ffa_rx = alloc_xenheap_pages(get_order_from_pages(FFA_RXTX_PAGE_COUNT), 0); + if ( !ffa_rx ) + return false; + + ffa_tx = alloc_xenheap_pages(get_order_from_pages(FFA_RXTX_PAGE_COUNT), 0); + if ( !ffa_tx ) + goto err; + + e = ffa_rxtx_map(__pa(ffa_tx), __pa(ffa_rx), FFA_RXTX_PAGE_COUNT); + if ( e ) + { + printk(XENLOG_ERR "ffa: Failed to map rxtx: error %d\n", e); + goto err; + } + return true; + +err: + ffa_rxtx_destroy(); + + return false; +} -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 23:33:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 23:33:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700648.1094128 (Exim 4.92) (envelope-from ) id 1rsA79-0000X4-W0; Wed, 03 Apr 2024 23:33:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700648.1094128; Wed, 03 Apr 2024 23:33:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA79-0000Ww-TL; Wed, 03 Apr 2024 23:33:55 +0000 Received: by outflank-mailman (input) for mailman id 700648; Wed, 03 Apr 2024 23:33:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA78-0000VR-7U for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA78-0001pK-6h for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsA78-0005HT-4h for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:33:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=joAKd8hEVG6IO6qZTwi7yfYTM+c52MP1Y0bVxK/18fk=; b=ro2C+zOStKay9QawPj62993Ire fz9EPxWzztQtx+uZ5SvNRuoV5wwtwmKFIpAoexRJHPoztgl13ESOxonrj0uOwokzXmmkLja4BsWvW JV9XdkgEwiE5Vvblv9XZsrOAO/T9rEOickQ1EMZgJI6YAHofvJrj365B7LMIF6hp2xpc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: ffa: support FFA_FEATURES Message-Id: Date: Wed, 03 Apr 2024 23:33:54 +0000 commit 538ab07badd6858207fb187b42103dbf820864bc Author: Jens Wiklander AuthorDate: Mon Mar 25 10:39:04 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:20:17 2024 -0700 xen/arm: ffa: support FFA_FEATURES Add support for the mandatory FF-A ABI function FFA_FEATURES. Signed-off-by: Jens Wiklander Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/ffa.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index 4f7775b8c8..8665201e34 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -192,6 +192,60 @@ out: resp.a7 & mask); } +static void handle_features(struct cpu_user_regs *regs) +{ + uint32_t a1 = get_user_reg(regs, 1); + unsigned int n; + + for ( n = 2; n <= 7; n++ ) + { + if ( get_user_reg(regs, n) ) + { + ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED); + return; + } + } + + switch ( a1 ) + { + case FFA_ERROR: + case FFA_VERSION: + case FFA_SUCCESS_32: + case FFA_SUCCESS_64: + case FFA_FEATURES: + case FFA_ID_GET: + case FFA_RX_RELEASE: + case FFA_RXTX_UNMAP: + case FFA_MEM_RECLAIM: + case FFA_PARTITION_INFO_GET: + case FFA_MSG_SEND_DIRECT_REQ_32: + case FFA_MSG_SEND_DIRECT_REQ_64: + ffa_set_regs_success(regs, 0, 0); + break; + case FFA_MEM_SHARE_64: + case FFA_MEM_SHARE_32: + /* + * We currently don't support dynamically allocated buffers. Report + * that with 0 in bit[0] of w2. + */ + ffa_set_regs_success(regs, 0, 0); + break; + case FFA_RXTX_MAP_64: + case FFA_RXTX_MAP_32: + /* + * We currently support 4k pages only, report that as 00 in + * bit[0:1] in w0. This needs to be revised if Xen page size + * differs from FFA_PAGE_SIZE (SZ_4K). + */ + BUILD_BUG_ON(PAGE_SIZE != FFA_PAGE_SIZE); + ffa_set_regs_success(regs, 0, 0); + break; + default: + ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED); + break; + } +} + static bool ffa_handle_call(struct cpu_user_regs *regs) { uint32_t fid = get_user_reg(regs, 0); @@ -212,6 +266,9 @@ static bool ffa_handle_call(struct cpu_user_regs *regs) case FFA_ID_GET: ffa_set_regs_success(regs, ffa_get_vm_id(d), 0); return true; + case FFA_FEATURES: + handle_features(regs); + return true; case FFA_RXTX_MAP_32: case FFA_RXTX_MAP_64: e = ffa_handle_rxtx_map(fid, get_user_reg(regs, 1), -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 03 23:34:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 03 Apr 2024 23:34:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700650.1094132 (Exim 4.92) (envelope-from ) id 1rsA7K-0000aH-1H; Wed, 03 Apr 2024 23:34:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700650.1094132; Wed, 03 Apr 2024 23:34:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA7J-0000a9-Uk; Wed, 03 Apr 2024 23:34:05 +0000 Received: by outflank-mailman (input) for mailman id 700650; Wed, 03 Apr 2024 23:34:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA7I-0000Zu-Ak for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:34:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsA7I-0001ph-9u for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:34:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsA7I-0005Io-8q for xen-changelog@lists.xenproject.org; Wed, 03 Apr 2024 23:34:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3trMK8jtbURGKiqLiF6OBgUUz4r9xR9anO0uheuhrbg=; b=5iWb8LqO9nGUGO0uWUr6wd7ep3 zBSFXJNm9iQNnt7XYlQ3rkFxfOmX9QeioSPvyhLeN5of+jevf7ihkEMGxOWRGcQoiR78cLEHA3FG0 56UDsJ4b3bYyTqMjSF2ILqAOfWMlPUv8pKLh+W4wSqldc2XsTTBldNsoe3uQQw2mcP18=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs/misra: add 13.6 to rules.rst Message-Id: Date: Wed, 03 Apr 2024 23:34:04 +0000 commit 6117179dd99958e4ef2687617d12c9b15bdbae24 Author: Stefano Stabellini AuthorDate: Tue Apr 2 16:21:41 2024 -0700 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:21:59 2024 -0700 docs/misra: add 13.6 to rules.rst As agreed during MISRA C meetings, add Rule 13.6 to rules.rst, with a note about extending the rule to alignof and typeof. Also take the opportunity to remove an older and out of order entry for the same rule. Signed-off-by: Stefano Stabellini Acked-by: Jan Beulich --- docs/misra/rules.rst | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index 1e134ccebc..79487cf91c 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -434,17 +434,18 @@ maintainers if you want to suggest a change. parameter declared as "array of type" - - * - `Rule 13.6 `_ - - Mandatory - - The operand of the sizeof operator shall not contain any - expression which has potential side effects - - - * - `Rule 13.1 `_ - Required - Initializer lists shall not contain persistent side effects - + * - `Rule 13.6 `_ + - Required + - The operand of the sizeof operator shall not contain any + expression which has potential side effects + - In addition to sizeof, we also want to apply the rule to typeof + and alignof + * - `Rule 14.1 `_ - Required - A loop counter shall not have essentially floating type -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 05:44:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 05:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700674.1094175 (Exim 4.92) (envelope-from ) id 1rsFtM-0007iO-DT; Thu, 04 Apr 2024 05:44:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700674.1094175; Thu, 04 Apr 2024 05:44:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFtM-0007iG-AR; Thu, 04 Apr 2024 05:44:04 +0000 Received: by outflank-mailman (input) for mailman id 700674; Thu, 04 Apr 2024 05:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFtK-0007iA-6t for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFtK-0001ms-1y for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsFtK-00018f-0h for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Fwk4fnyufQUD6mudZ7aJOr+B5vdlA10MhqW57scN4WM=; b=L2mbBgUnhDpqLGiYZ4VeoDAyJ4 EdPD5sbFpf0tnoSyn95jtWFQAla1Dv/+bmLZiEdcC+tGM74EE+f2fwz0C42hDwPPivk0d49iAuRMW LUt7lh1K1CKKPotvMeCjkA1T0xvf/4NKvMV5xL0if+DfbRO9BlYM2SaHe6rKjw6ljDzE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] drivers/char: mark extra reserved device memory in memory map Message-Id: Date: Thu, 04 Apr 2024 05:44:02 +0000 commit dd5101a6169f89b9e3f3b72f0b0fcdb38db2fb35 Author: Marek Marczykowski-Górecki AuthorDate: Wed Apr 3 09:34:22 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:34:22 2024 +0200 drivers/char: mark extra reserved device memory in memory map The IOMMU driver checks if RMRR/IVMD are marked as reserved in memory map. This should be true for addresses coming from the firmware, but when extra pages used by Xen itself are included in the mapping, those are taken from usable RAM used. Mark those pages as reserved too. Not marking the pages as reserved didn't caused issues before due to another a bug in IOMMU driver code, that was fixed in 83afa3135830 ("amd-vi: fix IVMD memory type checks"). Failing to reserve memory will lead to panic in IOMMU setup code. And not including the page in IOMMU mapping will lead to broken console (due to IOMMU faults). The pages chosen by the XHCI console driver should still be usable by the CPU though, and the console code already can deal with too slow console by dropping characters (and console not printing anything is a special case of "slow"). When reserving fails print an error message showing which pages failed and who requested them. This should be enough hint to find why XHCI console doesn't work. Fixes: 3a1a7b809ffa "drivers/char: mark DMA buffers as reserved for the XHCI" Signed-off-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich --- xen/drivers/passthrough/iommu.c | 17 +++++++++++++++++ xen/include/xen/iommu.h | 5 ++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 03587c0cd6..ba18136c46 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -22,6 +22,10 @@ #include #include +#ifdef CONFIG_X86 +#include +#endif + unsigned int __read_mostly iommu_dev_iotlb_timeout = 1000; integer_param("iommu_dev_iotlb_timeout", iommu_dev_iotlb_timeout); @@ -715,6 +719,19 @@ int __init iommu_get_extra_reserved_device_memory(iommu_grdm_t *func, for ( idx = 0; idx < nr_extra_reserved_ranges; idx++ ) { +#ifdef CONFIG_X86 + paddr_t start = pfn_to_paddr(extra_reserved_ranges[idx].start); + paddr_t end = pfn_to_paddr(extra_reserved_ranges[idx].start + + extra_reserved_ranges[idx].nr); + + if ( !reserve_e820_ram(&e820, start, end) ) + { + printk(XENLOG_ERR "Failed to reserve [%"PRIx64"-%"PRIx64") for %s, " + "skipping IOMMU mapping for it, some functionality may be broken\n", + start, end, extra_reserved_ranges[idx].name); + continue; + } +#endif ret = func(extra_reserved_ranges[idx].start, extra_reserved_ranges[idx].nr, extra_reserved_ranges[idx].sbdf.sbdf, diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index a9c9457c07..92db6f124f 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -321,7 +321,8 @@ struct iommu_ops { }; /* - * To be called by Xen internally, to register extra RMRR/IVMD ranges. + * To be called by Xen internally, to register extra RMRR/IVMD ranges for RAM + * pages. * Needs to be called before IOMMU initialization. */ extern int iommu_add_extra_reserved_device_memory(unsigned long start, @@ -331,6 +332,8 @@ extern int iommu_add_extra_reserved_device_memory(unsigned long start, /* * To be called by specific IOMMU driver during initialization, * to fetch ranges registered with iommu_add_extra_reserved_device_memory(). + * This has a side effect of marking requested ranges as "reserved" in the + * memory map. */ extern int iommu_get_extra_reserved_device_memory(iommu_grdm_t *func, void *ctxt); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 05:44:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 05:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700675.1094178 (Exim 4.92) (envelope-from ) id 1rsFtV-0007k5-ET; Thu, 04 Apr 2024 05:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700675.1094178; Thu, 04 Apr 2024 05:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFtV-0007jy-Bz; Thu, 04 Apr 2024 05:44:13 +0000 Received: by outflank-mailman (input) for mailman id 700675; Thu, 04 Apr 2024 05:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFtU-0007jm-7b for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFtU-0001n1-5t for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsFtU-00019w-44 for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E7JCbxC5zkSl9yBmGRoqTItl8MtBMkWpjYVY19LOUv0=; b=HsN+uenPHoTWAQDAFvRusk2VSg qGUuwAtcG7GzUoLRUcKVHljEy9hJ/Oj4WDp68gvnkbWLPNDeIpH6p/hLA/kHIAp16JEYWYxyhxzY1 Zhd1+FogbTb45UPISYJUI3Z8Z3j93SUQF+jj35/AsITI7Haxy54k70gP8Y0LEy+HeiLM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/vPMU: address violations of MISRA C Rule 20.7 Message-Id: Date: Thu, 04 Apr 2024 05:44:12 +0000 commit a9b2a72926b85122c5eec628f54082e66812266e Author: Nicola Vetrini AuthorDate: Wed Apr 3 09:35:37 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:35:37 2024 +0200 x86/vPMU: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/include/asm/vpmu.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/include/asm/vpmu.h b/xen/arch/x86/include/asm/vpmu.h index f271f28e4a..dae9b43dac 100644 --- a/xen/arch/x86/include/asm/vpmu.h +++ b/xen/arch/x86/include/asm/vpmu.h @@ -23,8 +23,8 @@ #define MSR_TYPE_ARCH_CTRL 4 /* Start of PMU register bank */ -#define vpmu_reg_pointer(ctxt, offset) ((void *)((uintptr_t)ctxt + \ - (uintptr_t)ctxt->offset)) +#define vpmu_reg_pointer(ctxt, offset) ((void *)((uintptr_t)(ctxt) + \ + (uintptr_t)(ctxt)->offset)) /* Arch specific operations shared by all vpmus */ struct arch_vpmu_ops { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 05:44:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 05:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700676.1094183 (Exim 4.92) (envelope-from ) id 1rsFtf-0007mj-GL; Thu, 04 Apr 2024 05:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700676.1094183; Thu, 04 Apr 2024 05:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFtf-0007mb-DV; Thu, 04 Apr 2024 05:44:23 +0000 Received: by outflank-mailman (input) for mailman id 700676; Thu, 04 Apr 2024 05:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFte-0007mS-9n for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFte-0001na-8w for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsFte-0001AP-82 for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HVUKtCmWBb30VdnufcGzPSgWbl0jbQCWENs1+xqcEn0=; b=nk6sQEZyfewMQpmXgO9IRyRcMO UaqKy9Z2jiciWHawr4c/9hDbSaGemrwpSvQ5vYeTz5CwoUE3fRK1Ki7Qlb83WnuebuQzCh/05FZzL SeRJT8s+5k/EbUsT7KdMsFk1iuCymlk27q93wSt1ZUq/KXSwEYN6Jr/4aoySjdwoEpcU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hvm: address violations of MISRA C Rule 20.7 Message-Id: Date: Thu, 04 Apr 2024 05:44:22 +0000 commit 5811fb4816477d14ac764e63073149c9281cb18c Author: Nicola Vetrini AuthorDate: Wed Apr 3 09:36:07 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:36:07 2024 +0200 x86/hvm: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/hvm/domain.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/domain.c b/xen/arch/x86/hvm/domain.c index 7f6e362a70..048f29ae49 100644 --- a/xen/arch/x86/hvm/domain.c +++ b/xen/arch/x86/hvm/domain.c @@ -132,9 +132,9 @@ int arch_set_info_hvm_guest(struct vcpu *v, const struct vcpu_hvm_context *ctx) s = (struct segment_register) \ { 0, { (r)->s ## _ar }, (r)->s ## _limit, (r)->s ## _base }; \ /* Set accessed / busy bit for present segments. */ \ - if ( s.p ) \ - s.type |= (x86_seg_##s != x86_seg_tr ? 1 : 2); \ - check_segment(&s, x86_seg_ ## s); }) + if ( (s).p ) \ + (s).type |= (x86_seg_ ## s != x86_seg_tr ? 1 : 2); \ + check_segment(&(s), x86_seg_ ## s); }) rc = SEG(cs, regs); rc |= SEG(ds, regs); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 05:44:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 05:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700677.1094187 (Exim 4.92) (envelope-from ) id 1rsFtp-0007p8-Hd; Thu, 04 Apr 2024 05:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700677.1094187; Thu, 04 Apr 2024 05:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFtp-0007p0-F0; Thu, 04 Apr 2024 05:44:33 +0000 Received: by outflank-mailman (input) for mailman id 700677; Thu, 04 Apr 2024 05:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFto-0007on-Cq for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFto-0001ni-C3 for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsFto-0001Ao-BB for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8x3R1D7eo8cU2QPK/Jj6sUq3T6bKatjuu/z8LOy0MVU=; b=UQqrtaPmxRzCr+ke3wNOKYqgw/ 6jyk2wG+LYgREYGnbJoP8WCmTQN800tCUHjtwTojXyNH0oysueklA/7rB0DbkpCXnRXyRobvUBca5 imRsmltWtI4mbqwBV92hVBzGTOpG7joveKjMSsYwgpQCzooVj8ys5QvjEb1qmXCqysc0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/mm: address violations of MISRA C Rule 20.7 Message-Id: Date: Thu, 04 Apr 2024 05:44:32 +0000 commit da88f434bc9f9fbc943c78f8b86ed0c94b148ee7 Author: Nicola Vetrini AuthorDate: Wed Apr 3 09:36:30 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:36:30 2024 +0200 xen/mm: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/include/xen/mm.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index 3e84960a36..7561297a75 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -415,15 +415,15 @@ page_list_splice(struct page_list_head *list, struct page_list_head *head) } #define page_list_for_each(pos, head) \ - for ( pos = (head)->next; pos; pos = page_list_next(pos, head) ) + for ( (pos) = (head)->next; (pos); (pos) = page_list_next(pos, head) ) #define page_list_for_each_safe(pos, tmp, head) \ - for ( pos = (head)->next; \ - pos ? (tmp = page_list_next(pos, head), 1) : 0; \ - pos = tmp ) + for ( (pos) = (head)->next; \ + (pos) ? ((tmp) = page_list_next(pos, head), 1) : 0; \ + (pos) = (tmp) ) #define page_list_for_each_safe_reverse(pos, tmp, head) \ - for ( pos = (head)->tail; \ - pos ? (tmp = page_list_prev(pos, head), 1) : 0; \ - pos = tmp ) + for ( (pos) = (head)->tail; \ + (pos) ? ((tmp) = page_list_prev(pos, head), 1) : 0; \ + (pos) = (tmp) ) #else # define page_list_head list_head # define PAGE_LIST_HEAD_INIT LIST_HEAD_INIT -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 05:44:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 05:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700678.1094190 (Exim 4.92) (envelope-from ) id 1rsFtz-0007rz-Iq; Thu, 04 Apr 2024 05:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700678.1094190; Thu, 04 Apr 2024 05:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFtz-0007rs-GR; Thu, 04 Apr 2024 05:44:43 +0000 Received: by outflank-mailman (input) for mailman id 700678; Thu, 04 Apr 2024 05:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFty-0007rQ-Ht for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFty-0001nv-FC for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsFty-0001BF-EC for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Uu6Kyun18vcRMkoB69dy7olVQx0L9aCkMVY3VXZ4bS4=; b=htb/GqUMtynKA3kg8TI+yJnqCU bRGRk7EUr0HNELFaOmlJGaWpR7wDzGrRqyiqGxbFHtE425XORLAUpFins8XH61aMWqIjBIkLdNkCT hZp2tKgXUs9FXom+FD4eyosNxVCj/2e/Fux77tpuWAMH8/pwvo9VSUZ4W57GSC+64SG8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/amd: address violations of MISRA C Rule 20.7 Message-Id: Date: Thu, 04 Apr 2024 05:44:42 +0000 commit 795c4e367b7bfa268a732b99de7cd3f79469cf3f Author: Nicola Vetrini AuthorDate: Wed Apr 3 09:37:00 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:37:00 2024 +0200 x86/amd: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/include/asm/amd.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/include/asm/amd.h b/xen/arch/x86/include/asm/amd.h index 2cc0ce2e9f..fa4e0fc766 100644 --- a/xen/arch/x86/include/asm/amd.h +++ b/xen/arch/x86/include/asm/amd.h @@ -119,7 +119,8 @@ #define AMD_LEGACY_ERRATUM(...) -1 /* legacy */, __VA_ARGS__, 0 #define AMD_OSVW_ERRATUM(osvw_id, ...) osvw_id, __VA_ARGS__, 0 #define AMD_MODEL_RANGE(f, m_start, s_start, m_end, s_end) \ - ((f << 24) | (m_start << 16) | (s_start << 12) | (m_end << 4) | (s_end)) + (((f) << 24) | ((m_start) << 16) | ((s_start) << 12) | \ + ((m_end) << 4) | (s_end)) #define AMD_MODEL_RANGE_FAMILY(range) (((range) >> 24) & 0xff) #define AMD_MODEL_RANGE_START(range) (((range) >> 12) & 0xfff) #define AMD_MODEL_RANGE_END(range) ((range) & 0xfff) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 05:44:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 05:44:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700679.1094195 (Exim 4.92) (envelope-from ) id 1rsFu9-0007uu-Ly; Thu, 04 Apr 2024 05:44:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700679.1094195; Thu, 04 Apr 2024 05:44:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFu9-0007um-JE; Thu, 04 Apr 2024 05:44:53 +0000 Received: by outflank-mailman (input) for mailman id 700679; Thu, 04 Apr 2024 05:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFu8-0007uf-Jr for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFu8-0001oB-Iy for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsFu8-0001C0-HN for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xVeY7sn19N7/mT2C9OKH8K4hGUW6ev13ThB7NoHoRT4=; b=QznsF9VaSSPbCurRRCsDFzfG0M Zm9ACxId+4/vkAlRLFxzBbgIaHBi2b86HKOEe+4AkJibH2QuXIdLXFuXsqAFyZaPxjr7h2d56RId8 RemmkYFCT6QjF+cWYayXY5H7pKI8mB025ipXLFzDqE41O6NGybDZEzN6VfoHqHvtvsNM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/domctl: address a violation of MISRA C:2012 Rule 16.3 Message-Id: Date: Thu, 04 Apr 2024 05:44:52 +0000 commit 2c205ce5c09bd506937e99de0bc33b06ce3e6911 Author: Federico Serafini AuthorDate: Wed Apr 3 09:37:26 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:37:26 2024 +0200 xen/domctl: address a violation of MISRA C:2012 Rule 16.3 Add break statement to address a violation of MISRA C:2012 Rule 16.3 ("An unconditional `break' statement shall terminate every switch-clause "). No functional change. Signed-off-by: Federico Serafini Reviewed-by: Jan Beulich --- xen/common/domctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/domctl.c b/xen/common/domctl.c index d94a9dae91..f2e0e36a17 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -316,6 +316,7 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) d = rcu_lock_domain_by_id(op->domain); if ( !d ) return -ESRCH; + break; } ret = xsm_domctl(XSM_OTHER, d, op->cmd); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 05:45:03 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 05:45:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700680.1094198 (Exim 4.92) (envelope-from ) id 1rsFuJ-0007y4-NL; Thu, 04 Apr 2024 05:45:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700680.1094198; Thu, 04 Apr 2024 05:45:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFuJ-0007xx-Kh; Thu, 04 Apr 2024 05:45:03 +0000 Received: by outflank-mailman (input) for mailman id 700680; Thu, 04 Apr 2024 05:45:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFuI-0007xl-Mx for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:45:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFuI-0001om-Lz for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:45:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsFuI-0001Ck-L8 for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:45:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Kr26sO/GmWtaMhWLQZf/OGuOy5K8HGSItLvOa7RZJ4Y=; b=l9xQd+HGSEBdNijyUUGJy36uEt Vd1syKaFlTVz3Xsup0+HLvwSJ1WTIKBnZJLPzSm8jZGkacNqQynWqctgwnvE/U6yurRvlYdiXbfQp tH5winuA9vSB47Nm8nH0vhxYBxSmvr0hqDGY+JB6XX0TSS5B9dIDZ9uLfYbip8pZiTXc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] console: address a violation of MISRA C:2012 Rule 16.3 Message-Id: Date: Thu, 04 Apr 2024 05:45:02 +0000 commit 163ea7d9a8ca5ac8f56822a3714d146e94a5e54d Author: Federico Serafini AuthorDate: Wed Apr 3 09:37:47 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:37:47 2024 +0200 console: address a violation of MISRA C:2012 Rule 16.3 Add break statement to address a violation of MISRA C:2012 Rule 16.3 ("An unconditional `break' statement shall terminate every switch-clause "). No functional change. Signed-off-by: Federico Serafini Reviewed-by: Jan Beulich --- xen/drivers/char/console.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index ccd5f8cc14..e185f80efe 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -568,6 +568,8 @@ static void __serial_rx(char c) if ( d != NULL ) rcu_unlock_domain(d); + + break; } #endif } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 05:45:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 05:45:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700681.1094203 (Exim 4.92) (envelope-from ) id 1rsFuT-00081F-Or; Thu, 04 Apr 2024 05:45:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700681.1094203; Thu, 04 Apr 2024 05:45:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFuT-000817-MH; Thu, 04 Apr 2024 05:45:13 +0000 Received: by outflank-mailman (input) for mailman id 700681; Thu, 04 Apr 2024 05:45:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFuS-00080z-QF for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:45:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFuS-0001ow-PN for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:45:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsFuS-0001DM-OD for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:45:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6SIMwwdDSnKNmxgz30lcU9EO0X8pCIaB8SPIIgX4pQM=; b=UsiI6NlH49GOZ4gprniNsW38HW T2vI2Y6A+TKFKpJfPPy5A/OgA4PV7MS6vcCGbcoPWxOy2I3sSnGGm+YaYdrOPRHZYcIlf/ij/Dx3h YkuaVXFWlIR8cIlZ+ELT0MOqK3V+px+dG2dCaoX4DYaOFud7EX4wXZ/rbzwEIrnPtMig=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/evtchn: address a violation of MISRA C:2012 Rule 16.3 Message-Id: Date: Thu, 04 Apr 2024 05:45:12 +0000 commit cde0c58714332f3775105f2c6cfd010a7c919837 Author: Federico Serafini AuthorDate: Wed Apr 3 09:38:22 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:38:22 2024 +0200 xen/evtchn: address a violation of MISRA C:2012 Rule 16.3 Add break statement to address a violation of MISRA C:2012 Rule 16.3 ("An unconditional `break' statement shall terminate every switch-clause "). No functional change. Signed-off-by: Federico Serafini Reviewed-by: Jan Beulich --- xen/common/event_channel.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index 20f586cf5e..aceee0695f 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -853,6 +853,7 @@ int evtchn_send(struct domain *ld, unsigned int lport) break; default: ret = -EINVAL; + break; } out: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 05:45:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 05:45:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700682.1094207 (Exim 4.92) (envelope-from ) id 1rsFud-00084S-QX; Thu, 04 Apr 2024 05:45:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700682.1094207; Thu, 04 Apr 2024 05:45:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFud-00084K-Ni; Thu, 04 Apr 2024 05:45:23 +0000 Received: by outflank-mailman (input) for mailman id 700682; Thu, 04 Apr 2024 05:45:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFuc-000844-T7 for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:45:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsFuc-0001pK-SG for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:45:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsFuc-0001Dr-RX for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 05:45:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5sx77Vco0m8o6zi8YK4g6QUw1vXaCC+zSXQs6r9FjQs=; b=CjPIu4TFpCTuHNOe6HCOgfbHD9 sl0j3NFKtSBQVz+TRlbv1pDO/jENcj+3WqMfvnBPG4/4IHqroNwrW447NqeMRTEB3pAJQqzkLAHmk oGvuWgADFit729x/QGGXgN2xwd068O8kgOo4CrWAnQF1UVxcQTO/ryI++vr/3SNPxhVs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/vm-event: address a violation of MISRA C:2012 Rule 16.3 Message-Id: Date: Thu, 04 Apr 2024 05:45:22 +0000 commit ac682fbac14a4286645810c02f60a2ba844b6c0a Author: Federico Serafini AuthorDate: Wed Apr 3 09:38:41 2024 +0200 Commit: Jan Beulich CommitDate: Wed Apr 3 09:38:41 2024 +0200 xen/vm-event: address a violation of MISRA C:2012 Rule 16.3 Add break statement to address a violation of MISRA C:2012 Rule 16.3 ("An unconditional `break' statement shall terminate every switch-clause "). No functional change. Signed-off-by: Federico Serafini Acked-by: Tamas K Lengyel --- xen/common/vm_event.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/common/vm_event.c b/xen/common/vm_event.c index ecf49c38a9..fbf1aa0848 100644 --- a/xen/common/vm_event.c +++ b/xen/common/vm_event.c @@ -770,6 +770,7 @@ int vm_event_domctl(struct domain *d, struct xen_domctl_vm_event_op *vec) default: rc = -ENOSYS; + break; } return rc; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 10:11:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 10:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700785.1094460 (Exim 4.92) (envelope-from ) id 1rsK3k-000238-5V; Thu, 04 Apr 2024 10:11:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700785.1094460; Thu, 04 Apr 2024 10:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK3k-000231-2w; Thu, 04 Apr 2024 10:11:04 +0000 Received: by outflank-mailman (input) for mailman id 700785; Thu, 04 Apr 2024 10:11:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK3j-00022t-OS for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK3j-00089Z-Gf for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsK3j-0000vQ-Dq for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VGs2YfUwDTuhOkzZ8efzHKbKtBGl2huMZ1hI8B6Gncw=; b=ctAGHMZcn7Ldz9ipRQvhsWCqOA xd4utEPdBD/AyZwp0PeS81LIxuZPHF2qZF0BEXxHtke71W44XApyVqUj36uA+IZXkFBV3dA2j1v2z c6T5egx+atxWf8izZ5eCtYNT9kZ+06Jo6YCyH/oUwv/u7Va+IY1XnOamHlIxdNZ+cVlM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: introduce fixed randconfig for RISC-V Message-Id: Date: Thu, 04 Apr 2024 10:11:03 +0000 commit 7b02b505bbe2379f34a3a46c9a065e43a9f588ac Author: Oleksii Kurochko AuthorDate: Thu Apr 4 11:59:15 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 11:59:15 2024 +0200 automation: introduce fixed randconfig for RISC-V This patch introduces the anchor riscv-fixed-randconfig, which includes all configurations that should be disabled for randconfig builds. Suggested-by: Stefano Stabellini Signed-off-by: Oleksii Kurochko Reviewed-by: Michal Orzel Acked-by: Stefano Stabellini --- automation/gitlab-ci/build.yaml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index 6d2cb18b88..aac29ee13a 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -512,6 +512,14 @@ alpine-3.18-gcc-debug-arm64-boot-cpupools: CONFIG_BOOT_TIME_CPUPOOLS=y # RISC-V 64 cross-build +.riscv-fixed-randconfig: + variables: &riscv-fixed-randconfig + EXTRA_FIXED_RANDCONFIG: | + CONFIG_COVERAGE=n + CONFIG_EXPERT=y + CONFIG_GRANT_TABLE=n + CONFIG_MEM_ACCESS=n + archlinux-current-gcc-riscv64: extends: .gcc-riscv64-cross-build variables: @@ -532,8 +540,7 @@ archlinux-current-gcc-riscv64-randconfig: CONTAINER: archlinux:current-riscv64 KBUILD_DEFCONFIG: tiny64_defconfig RANDCONFIG: y - EXTRA_FIXED_RANDCONFIG: - CONFIG_COVERAGE=n + <<: *riscv-fixed-randconfig archlinux-current-gcc-riscv64-debug-randconfig: extends: .gcc-riscv64-cross-build-debug @@ -541,8 +548,7 @@ archlinux-current-gcc-riscv64-debug-randconfig: CONTAINER: archlinux:current-riscv64 KBUILD_DEFCONFIG: tiny64_defconfig RANDCONFIG: y - EXTRA_FIXED_RANDCONFIG: - CONFIG_COVERAGE=n + <<: *riscv-fixed-randconfig # Power cross-build debian-bullseye-gcc-ppc64le: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 10:11:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 10:11:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700786.1094465 (Exim 4.92) (envelope-from ) id 1rsK3u-000250-75; Thu, 04 Apr 2024 10:11:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700786.1094465; Thu, 04 Apr 2024 10:11:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK3u-00024t-4T; Thu, 04 Apr 2024 10:11:14 +0000 Received: by outflank-mailman (input) for mailman id 700786; Thu, 04 Apr 2024 10:11:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK3t-00024l-Kk for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK3t-00089f-Jt for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsK3t-0000w1-In for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YRlGdSJK9U86+g+to4j+sYI7Fv0R85etm9zkpGoyxqQ=; b=1gu2FpOYYaBm0FkEAs3VfWzW+R chMbtsgLN53jAUqtR+a7EBDiPOZ7/f3mikJPPOIA5T6wsWGH5zNgXI66CD0Yd72TDUzoXZBos2Dhp 9JYM/nkrbWLIFfGmMT8vKDnT+cY/IUX367/8FPNXmWJsoJqJp4aF8R4ZWka8wlHZbcgw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/riscv: introduce extension support check by compiler Message-Id: Date: Thu, 04 Apr 2024 10:11:13 +0000 commit 1e6cd4155dcfe947f7c51f1dbaf293284909afba Author: Oleksii Kurochko AuthorDate: Thu Apr 4 12:00:17 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 12:00:17 2024 +0200 xen/riscv: introduce extension support check by compiler Currently, RISC-V requires two extensions: _zbb and _zihintpause. This patch introduces a compiler check to check if these extensions are supported. Additionally, it introduces the riscv/booting.txt file, which contains information about the extensions that should be supported by the platform. In the future, a feature will be introduced to check whether an extension is supported at runtime. However, this feature requires functionality for parsing device tree source (DTS), which is not yet available. Signed-off-by: Oleksii Kurochko Acked-by: Jan Beulich --- docs/misc/riscv/booting.txt | 16 ++++++++++++++++ xen/arch/riscv/arch.mk | 15 +++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/docs/misc/riscv/booting.txt b/docs/misc/riscv/booting.txt new file mode 100644 index 0000000000..cb4d79f12c --- /dev/null +++ b/docs/misc/riscv/booting.txt @@ -0,0 +1,16 @@ +System requirements +=================== + +The following extensions are expected to be supported by a system on which +Xen is run: +- Zbb: + RISC-V doesn't have a CLZ instruction in the base ISA. + As a consequence, __builtin_ffs() emits a library call to ffs() on GCC, + or a de Bruijn sequence on Clang. + Zbb extension adds a CLZ instruction, after which __builtin_ffs() emits + a very simple sequence. + The similar issue occurs with other __builtin_, so it is needed to + provide a generic version of bitops in RISC-V bitops.h +- Zihintpause: + On a system that doesn't have this extension, cpu_relax() should be + implemented properly. diff --git a/xen/arch/riscv/arch.mk b/xen/arch/riscv/arch.mk index 8403f96b6f..9f3ed4ff06 100644 --- a/xen/arch/riscv/arch.mk +++ b/xen/arch/riscv/arch.mk @@ -3,16 +3,27 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) -CFLAGS-$(CONFIG_RISCV_64) += -mabi=lp64 +riscv-abi-$(CONFIG_RISCV_32) := -mabi=ilp32 +riscv-abi-$(CONFIG_RISCV_64) := -mabi=lp64 riscv-march-$(CONFIG_RISCV_ISA_RV64G) := rv64g riscv-march-$(CONFIG_RISCV_ISA_C) := $(riscv-march-y)c +riscv-generic-flags := $(riscv-abi-y) -march=$(riscv-march-y) + +zbb := $(call as-insn,$(CC) $(riscv-generic-flags)_zbb,"",_zbb) +zihintpause := $(call as-insn, \ + $(CC) $(riscv-generic-flags)_zihintpause,"pause",_zihintpause) + +extensions := $(zbb) $(zihintpause) + +extensions := $(subst $(space),,$(extensions)) + # Note that -mcmodel=medany is used so that Xen can be mapped # into the upper half _or_ the lower half of the address space. # -mcmodel=medlow would force Xen into the lower half. -CFLAGS += -march=$(riscv-march-y) -mstrict-align -mcmodel=medany +CFLAGS += $(riscv-generic-flags)$(extensions) -mstrict-align -mcmodel=medany # TODO: Drop override when more of the build is working override ALL_OBJS-y = arch/$(SRCARCH)/built_in.o -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 10:11:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 10:11:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700787.1094468 (Exim 4.92) (envelope-from ) id 1rsK44-00027U-8U; Thu, 04 Apr 2024 10:11:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700787.1094468; Thu, 04 Apr 2024 10:11:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK44-00027N-63; Thu, 04 Apr 2024 10:11:24 +0000 Received: by outflank-mailman (input) for mailman id 700787; Thu, 04 Apr 2024 10:11:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK43-00027H-QK for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK43-0008A8-Om for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsK43-0000wU-M2 for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IAIaCfzmUwVbvV5nXDefTxM/+O/fasXHjq0hvU8Hm0c=; b=mNFZlrlL1eqNbSDw/7nTXtrQNW VMRI8Baz+sIOBhhudctDZRgJCEqJLtPeIjNMJsg4zQ7yFTNl1mxOBkPRnHIcA5TCcQDBYDTJmsIQe gOM/gLpG4prz0cN9JTQ5OqJ0qQLs4UHld0W8hHxtcOpDIyS0dxceKHSkNd7rST7YZX/g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/init-xenstore-domain: Replace variable MB() usage Message-Id: Date: Thu, 04 Apr 2024 10:11:23 +0000 commit 4c41749852cb3be980bf8955d5bc5e1982029dfb Author: Jason Andryuk AuthorDate: Thu Apr 4 12:00:59 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 12:00:59 2024 +0200 tools/init-xenstore-domain: Replace variable MB() usage The local MB() & GB() macros will be replaced with a common implementation, but those only work with numeric values. Introduce a static inline mb_to_bytes() in place of the MB() macro to convert the variable values, at the same time addressing the lack of parenthesization of the prior macro's parameter. Fixes: 134d53f57707 ("tools/init-xenstore-domain: fix memory map for PVH stubdom") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/helpers/init-xenstore-domain.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/helpers/init-xenstore-domain.c b/tools/helpers/init-xenstore-domain.c index 1683438c5c..7332545770 100644 --- a/tools/helpers/init-xenstore-domain.c +++ b/tools/helpers/init-xenstore-domain.c @@ -20,7 +20,6 @@ #include "init-dom-json.h" #define LAPIC_BASE_ADDRESS 0xfee00000UL -#define MB(x) ((uint64_t)x << 20) #define GB(x) ((uint64_t)x << 30) static uint32_t domid = ~0; @@ -36,6 +35,11 @@ static xc_evtchn_port_or_error_t console_evtchn; static xentoollog_level minmsglevel = XTL_PROGRESS; static void *logger; +static inline uint64_t mb_to_bytes(int mem) +{ + return (uint64_t)mem << 20; +} + static struct option options[] = { { "kernel", 1, NULL, 'k' }, { "memory", 1, NULL, 'm' }, @@ -76,8 +80,8 @@ static int build(xc_interface *xch) int rv, xs_fd; struct xc_dom_image *dom = NULL; int limit_kb = (maxmem ? : memory) * 1024 + X86_HVM_NR_SPECIAL_PAGES * 4; - uint64_t mem_size = MB(memory); - uint64_t max_size = MB(maxmem ? : memory); + uint64_t mem_size = mb_to_bytes(memory); + uint64_t max_size = mb_to_bytes(maxmem ? : memory); struct e820entry e820[3]; struct xen_domctl_createdomain config = { .ssidref = SECINITSID_DOMU, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 10:11:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 10:11:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700788.1094472 (Exim 4.92) (envelope-from ) id 1rsK4F-0002AE-AE; Thu, 04 Apr 2024 10:11:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700788.1094472; Thu, 04 Apr 2024 10:11:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK4F-0002A6-7a; Thu, 04 Apr 2024 10:11:35 +0000 Received: by outflank-mailman (input) for mailman id 700788; Thu, 04 Apr 2024 10:11:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK4D-00029s-T7 for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK4D-0008AH-SL for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsK4D-0000x1-RN for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=q60DdWh32tEYo0I10vT5u24LXjINxrtHZkyMhneiyF8=; b=KcMJ9Rn57cgwKc0MW2hbMWGKaI bBDKbO24Cq+KgicaFXwQC/Uk28M/ld3FTgj67yRbUv/hLGNWpx5WliZunC33FVjpv9KMOSLwWJdI6 8GAXbDG8GLsdBiJr6WZggSfHd1BXECIgNSvcElaGxm3JRh4BqHA6VGNFVQ79LPlaxiao=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools: Move MB/GB() to common-macros.h Message-Id: Date: Thu, 04 Apr 2024 10:11:33 +0000 commit 21e0c8fc0ee03adf29c1f17e78f477ad39384207 Author: Jason Andryuk AuthorDate: Thu Apr 4 12:01:13 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 12:01:13 2024 +0200 tools: Move MB/GB() to common-macros.h Consolidate to a single set of common macros for tools. MB() will gain another use in libelf, so this movement makes it available. Requested-by: Jan Beulich Signed-off-by: Jason Andryuk Reviewed-by: Jan Beulich Acked-by: Anthony PERARD --- tools/firmware/hvmloader/util.h | 3 --- tools/helpers/init-xenstore-domain.c | 1 - tools/include/xen-tools/common-macros.h | 4 ++++ tools/libs/light/libxl_internal.h | 4 ---- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/tools/firmware/hvmloader/util.h b/tools/firmware/hvmloader/util.h index 87be213dec..14078bde1e 100644 --- a/tools/firmware/hvmloader/util.h +++ b/tools/firmware/hvmloader/util.h @@ -38,9 +38,6 @@ void __bug(const char *file, int line) __attribute__((noreturn)); #define BUG() __bug(__FILE__, __LINE__) #define BUG_ON(p) do { if (p) BUG(); } while (0) -#define MB(mb) (mb##ULL << 20) -#define GB(gb) (gb##ULL << 30) - static inline int test_bit(unsigned int b, const void *p) { return !!(((const uint8_t *)p)[b>>3] & (1u<<(b&7))); diff --git a/tools/helpers/init-xenstore-domain.c b/tools/helpers/init-xenstore-domain.c index 7332545770..01ca667d25 100644 --- a/tools/helpers/init-xenstore-domain.c +++ b/tools/helpers/init-xenstore-domain.c @@ -20,7 +20,6 @@ #include "init-dom-json.h" #define LAPIC_BASE_ADDRESS 0xfee00000UL -#define GB(x) ((uint64_t)x << 30) static uint32_t domid = ~0; static char *kernel; diff --git a/tools/include/xen-tools/common-macros.h b/tools/include/xen-tools/common-macros.h index 81fba2e9f5..07aed92684 100644 --- a/tools/include/xen-tools/common-macros.h +++ b/tools/include/xen-tools/common-macros.h @@ -91,6 +91,10 @@ #define __AC(X, Y) (X ## Y) #define _AC(X, Y) __AC(X, Y) +/* Size macros. */ +#define MB(_mb) (_AC(_mb, ULL) << 20) +#define GB(_gb) (_AC(_gb, ULL) << 30) + #define get_unaligned_t(type, ptr) ({ \ const struct { type x; } __packed *ptr_ = (typeof(ptr_))(ptr); \ ptr_->x; \ diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index 094d0df9b1..803dbc1a03 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -126,10 +126,6 @@ #define PVSHIM_BASENAME "xen-shim" #define PVSHIM_CMDLINE "pv-shim console=xen,pv" -/* Size macros. */ -#define MB(_mb) (_AC(_mb, ULL) << 20) -#define GB(_gb) (_AC(_gb, ULL) << 30) - #define DIV_ROUNDUP(n, d) (((n) + (d) - 1) / (d)) #define LIBXL__LOGGING_ENABLED -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 10:11:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 10:11:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700789.1094477 (Exim 4.92) (envelope-from ) id 1rsK4P-0002Dx-Cx; Thu, 04 Apr 2024 10:11:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700789.1094477; Thu, 04 Apr 2024 10:11:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK4P-0002Dp-AL; Thu, 04 Apr 2024 10:11:45 +0000 Received: by outflank-mailman (input) for mailman id 700789; Thu, 04 Apr 2024 10:11:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK4O-0002DY-07 for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK4N-0008C0-VZ for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsK4N-0000xW-Uk for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0oO0cl1sg/78Cj3x/rI4bssF86uyhykNCfjSLKpL5Xo=; b=Plw1KhxKQESEoLVeILL3hn0TU3 qM1DwiAZldVjaX8eXJrrfWLNhJcqocyqv+JL8wljvdvyRrDVQQ2jx/tRDmd5g0yChLS4nW7VTxgzZ LCdo3IsXo8Jiehd4dFjYgTlT5bi0rpxeE/RojbFzOo7bO/NJRJKVs4sPk0x28ESyI0dc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/sched: address violations of MISRA C:2012 Rule 16.3 Message-Id: Date: Thu, 04 Apr 2024 10:11:43 +0000 commit 226bdb155bc2686869004ac64a780993f48ccdcb Author: Federico Serafini AuthorDate: Thu Apr 4 12:01:27 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 12:01:27 2024 +0200 xen/sched: address violations of MISRA C:2012 Rule 16.3 Add break statement to address a violation of MISRA C:2012 Rule 16.3 ("An unconditional `break' statement shall terminate every switch-clause"). Replace deprecated comment /* FALLTHRU */ with pseudo-keyword fallthrough to meet the requirements to deviate the rule. No functional change. Signed-off-by: Federico Serafini Reviewed-by: Jan Beulich Acked-by: George Dunlap --- xen/common/sched/core.c | 1 + xen/common/sched/credit2.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 3e48da1cdd..0cb33831d2 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -2007,6 +2007,7 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) default: ret = -ENOSYS; + break; } return ret; diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index c76330d79d..0962b52415 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -3152,8 +3152,8 @@ static int cf_check csched2_sys_cntl( printk(XENLOG_INFO "Disabling context switch rate limiting\n"); prv->ratelimit_us = params->ratelimit_us; write_unlock_irqrestore(&prv->lock, flags); + fallthrough; - /* FALLTHRU */ case XEN_SYSCTL_SCHEDOP_getinfo: params->ratelimit_us = prv->ratelimit_us; break; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 10:11:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 10:11:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700790.1094481 (Exim 4.92) (envelope-from ) id 1rsK4Z-0002Hf-Eb; Thu, 04 Apr 2024 10:11:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700790.1094481; Thu, 04 Apr 2024 10:11:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK4Z-0002HX-Bo; Thu, 04 Apr 2024 10:11:55 +0000 Received: by outflank-mailman (input) for mailman id 700790; Thu, 04 Apr 2024 10:11:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK4Y-0002H8-37 for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsK4Y-0008CC-2J for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsK4Y-0000xz-1S for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 10:11:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NqjsmfrIstDg/2lwrrNY7fWHwW2q8cY1Ff7RARZb3V0=; b=NQNW6vZ9pcZGTxb0p09zkTgVdU gTChOSOx1oGUZ0TlJHtcfFqwOvSIqe1L5qNtDgvUk9X8z+NO1o4+ihJGgHUa0X0hoQsdz85o9KysH RNssrDzDNHCTikFdi4MEVPQYLK6NtPcAA5k+QKhg+47bOQwCR5PF295r3EP1KuSWmqAc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] vsprintf: address violations of MISRA C:2012 Rule 16.3 Message-Id: Date: Thu, 04 Apr 2024 10:11:54 +0000 commit 6eeb3e86bdfa55874f4c44527551e9b82125dc83 Author: Federico Serafini AuthorDate: Thu Apr 4 12:01:50 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 12:01:50 2024 +0200 vsprintf: address violations of MISRA C:2012 Rule 16.3 MISRA C:2012 Rule 16.3 states: "An unconditional `break' statement shall terminate every switch-clause". In order to meet the requirements to deviate the rule: 1) refactor the for loop to make the switch-clause ending with a return statement (note that adding a break at the end of the switch-clause would result in a violation of Rule 2.1 "A project shall not contain unreachable code"); 2) add pseudo-keyword fallthrough. No functional change. Signed-off-by: Federico Serafini Reviewed-by: Jan Beulich --- xen/common/vsprintf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/common/vsprintf.c b/xen/common/vsprintf.c index c49631c0a4..612751c90f 100644 --- a/xen/common/vsprintf.c +++ b/xen/common/vsprintf.c @@ -377,7 +377,7 @@ static char *pointer(char *str, const char *end, const char **fmt_ptr, str = number(str, end, hex_buffer[i], 16, 2, -1, ZEROPAD); if ( ++i == field_width ) - return str; + break; if ( sep ) { @@ -386,6 +386,8 @@ static char *pointer(char *str, const char *end, const char **fmt_ptr, ++str; } } + + return str; } case 'p': /* PCI SBDF. */ @@ -619,6 +621,7 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) case 'X': flags |= LARGE; + fallthrough; case 'x': base = 16; break; @@ -626,6 +629,7 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) case 'd': case 'i': flags |= SIGN; + fallthrough; case 'u': break; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 21:00:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 21:00:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700988.1094921 (Exim 4.92) (envelope-from ) id 1rsUBn-0007IV-6g; Thu, 04 Apr 2024 21:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700988.1094921; Thu, 04 Apr 2024 21:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUBn-0007I8-3s; Thu, 04 Apr 2024 21:00:03 +0000 Received: by outflank-mailman (input) for mailman id 700988; Thu, 04 Apr 2024 21:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUBm-0006zN-1l for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUBl-0007UX-LO for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsUBl-00026J-Jy for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5z4p945xXB8khlX4EpN2hlgm3tTfx7yq34nXTc8hMzs=; b=B34ipxkFaoHblwus1rfs0OO3ZF 2UuARBxNfiGT6RHc1ymMKLlbVobuqM2GL3FRrwq9+sVfv848GGU9h4UXFTqkIfM2sBfkZh6+BuyEq 8TppPoQH+NQIkXdEii1SuY/PNn2dieasG1amt40t2fegt5WzvPxXPtApkOLdvue4B18o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: ffa: rename functions to use ffa_ prefix Message-Id: Date: Thu, 04 Apr 2024 21:00:01 +0000 commit b21cbaf6ba5d69eab8f8a8a29223069fd3d815f8 Author: Jens Wiklander AuthorDate: Mon Mar 25 10:38:59 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:08:14 2024 -0700 xen/arm: ffa: rename functions to use ffa_ prefix Prepare to separate into modules by renaming functions that will need new names when becoming non-static in the following commit. Signed-off-by: Jens Wiklander Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/ffa.c | 125 +++++++++++++++++++++++++------------------------ 1 file changed, 65 insertions(+), 60 deletions(-) diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index 9a05dcede1..0344a0f17e 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -4,7 +4,7 @@ * * Arm Firmware Framework for ARMv8-A (FF-A) mediator * - * Copyright (C) 2023 Linaro Limited + * Copyright (C) 2023-2024 Linaro Limited * * References: * FF-A-1.0-REL: FF-A specification version 1.0 available at @@ -473,7 +473,7 @@ static bool ffa_get_version(uint32_t *vers) return true; } -static int32_t get_ffa_ret_code(const struct arm_smccc_1_2_regs *resp) +static int32_t ffa_get_ret_code(const struct arm_smccc_1_2_regs *resp) { switch ( resp->a0 ) { @@ -504,7 +504,7 @@ static int32_t ffa_simple_call(uint32_t fid, register_t a1, register_t a2, arm_smccc_1_2_smc(&arg, &resp); - return get_ffa_ret_code(&resp); + return ffa_get_ret_code(&resp); } static int32_t ffa_features(uint32_t id) @@ -546,7 +546,7 @@ static int32_t ffa_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, arm_smccc_1_2_smc(&arg, &resp); - ret = get_ffa_ret_code(&resp); + ret = ffa_get_ret_code(&resp); if ( !ret ) { *count = resp.a2; @@ -654,15 +654,16 @@ static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id, return res; } -static uint16_t get_vm_id(const struct domain *d) +static uint16_t ffa_get_vm_id(const struct domain *d) { /* +1 since 0 is reserved for the hypervisor in FF-A */ return d->domain_id + 1; } -static void set_regs(struct cpu_user_regs *regs, register_t v0, register_t v1, - register_t v2, register_t v3, register_t v4, register_t v5, - register_t v6, register_t v7) +static void ffa_set_regs(struct cpu_user_regs *regs, register_t v0, + register_t v1, register_t v2, register_t v3, + register_t v4, register_t v5, register_t v6, + register_t v7) { set_user_reg(regs, 0, v0); set_user_reg(regs, 1, v1); @@ -674,15 +675,15 @@ static void set_regs(struct cpu_user_regs *regs, register_t v0, register_t v1, set_user_reg(regs, 7, v7); } -static void set_regs_error(struct cpu_user_regs *regs, uint32_t error_code) +static void ffa_set_regs_error(struct cpu_user_regs *regs, uint32_t error_code) { - set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0); + ffa_set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0); } -static void set_regs_success(struct cpu_user_regs *regs, uint32_t w2, +static void ffa_set_regs_success(struct cpu_user_regs *regs, uint32_t w2, uint32_t w3) { - set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0); + ffa_set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0); } static void handle_version(struct cpu_user_regs *regs) @@ -697,11 +698,11 @@ static void handle_version(struct cpu_user_regs *regs) vers = FFA_VERSION_1_1; ctx->guest_vers = vers; - set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0); + ffa_set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0); } -static uint32_t handle_rxtx_map(uint32_t fid, register_t tx_addr, - register_t rx_addr, uint32_t page_count) +static uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t tx_addr, + register_t rx_addr, uint32_t page_count) { uint32_t ret = FFA_RET_INVALID_PARAMETERS; struct domain *d = current->domain; @@ -789,7 +790,7 @@ static void rxtx_unmap(struct ffa_ctx *ctx) ctx->rx_is_free = false; } -static uint32_t handle_rxtx_unmap(void) +static uint32_t ffa_handle_rxtx_unmap(void) { struct domain *d = current->domain; struct ffa_ctx *ctx = d->arch.tee; @@ -802,9 +803,10 @@ static uint32_t handle_rxtx_unmap(void) return FFA_RET_OK; } -static int32_t handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, - uint32_t w4, uint32_t w5, - uint32_t *count, uint32_t *fpi_size) +static int32_t ffa_handle_partition_info_get(uint32_t w1, uint32_t w2, + uint32_t w3, uint32_t w4, + uint32_t w5, uint32_t *count, + uint32_t *fpi_size) { int32_t ret = FFA_RET_DENIED; struct domain *d = current->domain; @@ -883,7 +885,7 @@ out: return ret; } -static int32_t handle_rx_release(void) +static int32_t ffa_handle_rx_release(void) { int32_t ret = FFA_RET_DENIED; struct domain *d = current->domain; @@ -916,7 +918,7 @@ static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid) mask = GENMASK_ULL(31, 0); src_dst = get_user_reg(regs, 1); - if ( (src_dst >> 16) != get_vm_id(d) ) + if ( (src_dst >> 16) != ffa_get_vm_id(d) ) { resp.a0 = FFA_ERROR; resp.a2 = FFA_RET_INVALID_PARAMETERS; @@ -949,8 +951,9 @@ static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid) } out: - set_regs(regs, resp.a0, resp.a1 & mask, resp.a2 & mask, resp.a3 & mask, - resp.a4 & mask, resp.a5 & mask, resp.a6 & mask, resp.a7 & mask); + ffa_set_regs(regs, resp.a0, resp.a1 & mask, resp.a2 & mask, resp.a3 & mask, + resp.a4 & mask, resp.a5 & mask, resp.a6 & mask, + resp.a7 & mask); } /* @@ -1249,7 +1252,7 @@ static int read_mem_transaction(uint32_t ffa_vers, const void *buf, size_t blen, return 0; } -static void handle_mem_share(struct cpu_user_regs *regs) +static void ffa_handle_mem_share(struct cpu_user_regs *regs) { uint32_t tot_len = get_user_reg(regs, 1); uint32_t frag_len = get_user_reg(regs, 2); @@ -1318,7 +1321,7 @@ static void handle_mem_share(struct cpu_user_regs *regs) goto out_unlock; } - if ( trans.sender_id != get_vm_id(d) ) + if ( trans.sender_id != ffa_get_vm_id(d) ) { ret = FFA_RET_INVALID_PARAMETERS; goto out_unlock; @@ -1402,9 +1405,9 @@ out_unlock: out_set_ret: if ( ret == 0) - set_regs_success(regs, handle_lo, handle_hi); + ffa_set_regs_success(regs, handle_lo, handle_hi); else - set_regs_error(regs, ret); + ffa_set_regs_error(regs, ret); } /* Must only be called with ctx->lock held */ @@ -1419,7 +1422,7 @@ static struct ffa_shm_mem *find_shm_mem(struct ffa_ctx *ctx, uint64_t handle) return NULL; } -static int handle_mem_reclaim(uint64_t handle, uint32_t flags) +static int ffa_handle_mem_reclaim(uint64_t handle, uint32_t flags) { struct domain *d = current->domain; struct ffa_ctx *ctx = d->arch.tee; @@ -1471,41 +1474,42 @@ static bool ffa_handle_call(struct cpu_user_regs *regs) handle_version(regs); return true; case FFA_ID_GET: - set_regs_success(regs, get_vm_id(d), 0); + ffa_set_regs_success(regs, ffa_get_vm_id(d), 0); return true; case FFA_RXTX_MAP_32: case FFA_RXTX_MAP_64: - e = handle_rxtx_map(fid, get_user_reg(regs, 1), get_user_reg(regs, 2), - get_user_reg(regs, 3)); + e = ffa_handle_rxtx_map(fid, get_user_reg(regs, 1), + get_user_reg(regs, 2), get_user_reg(regs, 3)); if ( e ) - set_regs_error(regs, e); + ffa_set_regs_error(regs, e); else - set_regs_success(regs, 0, 0); + ffa_set_regs_success(regs, 0, 0); return true; case FFA_RXTX_UNMAP: - e = handle_rxtx_unmap(); + e = ffa_handle_rxtx_unmap(); if ( e ) - set_regs_error(regs, e); + ffa_set_regs_error(regs, e); else - set_regs_success(regs, 0, 0); + ffa_set_regs_success(regs, 0, 0); return true; case FFA_PARTITION_INFO_GET: - e = handle_partition_info_get(get_user_reg(regs, 1), - get_user_reg(regs, 2), - get_user_reg(regs, 3), - get_user_reg(regs, 4), - get_user_reg(regs, 5), &count, &fpi_size); + e = ffa_handle_partition_info_get(get_user_reg(regs, 1), + get_user_reg(regs, 2), + get_user_reg(regs, 3), + get_user_reg(regs, 4), + get_user_reg(regs, 5), &count, + &fpi_size); if ( e ) - set_regs_error(regs, e); + ffa_set_regs_error(regs, e); else - set_regs_success(regs, count, fpi_size); + ffa_set_regs_success(regs, count, fpi_size); return true; case FFA_RX_RELEASE: - e = handle_rx_release(); + e = ffa_handle_rx_release(); if ( e ) - set_regs_error(regs, e); + ffa_set_regs_error(regs, e); else - set_regs_success(regs, 0, 0); + ffa_set_regs_success(regs, 0, 0); return true; case FFA_MSG_SEND_DIRECT_REQ_32: case FFA_MSG_SEND_DIRECT_REQ_64: @@ -1513,21 +1517,21 @@ static bool ffa_handle_call(struct cpu_user_regs *regs) return true; case FFA_MEM_SHARE_32: case FFA_MEM_SHARE_64: - handle_mem_share(regs); + ffa_handle_mem_share(regs); return true; case FFA_MEM_RECLAIM: - e = handle_mem_reclaim(regpair_to_uint64(get_user_reg(regs, 2), - get_user_reg(regs, 1)), - get_user_reg(regs, 3)); + e = ffa_handle_mem_reclaim(regpair_to_uint64(get_user_reg(regs, 2), + get_user_reg(regs, 1)), + get_user_reg(regs, 3)); if ( e ) - set_regs_error(regs, e); + ffa_set_regs_error(regs, e); else - set_regs_success(regs, 0, 0); + ffa_set_regs_success(regs, 0, 0); return true; default: gprintk(XENLOG_ERR, "ffa: unhandled fid 0x%x\n", fid); - set_regs_error(regs, FFA_RET_NOT_SUPPORTED); + ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED); return true; } } @@ -1593,12 +1597,12 @@ static int ffa_domain_init(struct domain *d) for ( n = 0; n < subscr_vm_created_count; n++ ) { - res = ffa_direct_req_send_vm(subscr_vm_created[n], get_vm_id(d), + res = ffa_direct_req_send_vm(subscr_vm_created[n], ffa_get_vm_id(d), FFA_MSG_SEND_VM_CREATED); if ( res ) { printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u to %u: res %d\n", - get_vm_id(d), subscr_vm_created[n], res); + ffa_get_vm_id(d), subscr_vm_created[n], res); break; } } @@ -1620,13 +1624,13 @@ static void send_vm_destroyed(struct domain *d) if ( !test_bit(n, ctx->vm_destroy_bitmap) ) continue; - res = ffa_direct_req_send_vm(subscr_vm_destroyed[n], get_vm_id(d), + res = ffa_direct_req_send_vm(subscr_vm_destroyed[n], ffa_get_vm_id(d), FFA_MSG_SEND_VM_DESTROYED); if ( res ) { printk(XENLOG_ERR "%pd: ffa: Failed to report destruction of vm_id %u to %u: res %d\n", - d, get_vm_id(d), subscr_vm_destroyed[n], res); + d, ffa_get_vm_id(d), subscr_vm_destroyed[n], res); } /* @@ -1640,7 +1644,7 @@ static void send_vm_destroyed(struct domain *d) } } -static void reclaim_shms(struct domain *d) +static void ffa_reclaim_shms(struct domain *d) { struct ffa_ctx *ctx = d->arch.tee; struct ffa_shm_mem *shm, *tmp; @@ -1699,7 +1703,7 @@ static void ffa_domain_teardown_continue(struct ffa_ctx *ctx, bool first_time) struct ffa_ctx *next_ctx = NULL; send_vm_destroyed(ctx->teardown_d); - reclaim_shms(ctx->teardown_d); + ffa_reclaim_shms(ctx->teardown_d); if ( ctx->shm_count || !bitmap_empty(ctx->vm_destroy_bitmap, subscr_vm_destroyed_count) ) @@ -1719,7 +1723,8 @@ static void ffa_domain_teardown_continue(struct ffa_ctx *ctx, bool first_time) { /* * domain_destroy() might have been called (via put_domain() in - * reclaim_shms()), so we can't touch the domain structure anymore. + * ffa_reclaim_shms()), so we can't touch the domain structure + * anymore. */ xfree(ctx); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 21:00:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 21:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700989.1094925 (Exim 4.92) (envelope-from ) id 1rsUBx-0007qG-7v; Thu, 04 Apr 2024 21:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700989.1094925; Thu, 04 Apr 2024 21:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUBx-0007q9-5M; Thu, 04 Apr 2024 21:00:13 +0000 Received: by outflank-mailman (input) for mailman id 700989; Thu, 04 Apr 2024 21:00:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUBv-0007q3-RT for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUBv-0007Wu-Pt for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsUBv-00028D-Ne for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=G/Yv4a49vnlhpgyf7hNNzMhz86IaTSZS/roOefcI6Jg=; b=Fj3pGcJm/z5TM9w81UFExSPrmt RViopIyAZSEKVvPCpoT4GP3Uc+vbHLs937jovQ1DEQUSZYuHBeYjUKEs9HVppQ8KFZRd1bfbPnDfi +VfkIKdUcmNihn8ab/K5uXT6efxXPqhu+U5tpouB8YF2koyMPskPXeoodevmfsY0PtS4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: ffa: move common things to ffa_private.h Message-Id: Date: Thu, 04 Apr 2024 21:00:11 +0000 commit bb584ec036833fba4dfac729867e06d59e138c2d Author: Jens Wiklander AuthorDate: Mon Mar 25 10:39:00 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:08:26 2024 -0700 xen/arm: ffa: move common things to ffa_private.h Prepare to separate ffa.c into modules by moving common things into the new internal header file ffa_private.h. Signed-off-by: Jens Wiklander Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/ffa.c | 298 +------------------------------------- xen/arch/arm/tee/ffa_private.h | 318 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 319 insertions(+), 297 deletions(-) diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index 0344a0f17e..259851f20b 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -63,204 +63,7 @@ #include #include -/* Error codes */ -#define FFA_RET_OK 0 -#define FFA_RET_NOT_SUPPORTED -1 -#define FFA_RET_INVALID_PARAMETERS -2 -#define FFA_RET_NO_MEMORY -3 -#define FFA_RET_BUSY -4 -#define FFA_RET_INTERRUPTED -5 -#define FFA_RET_DENIED -6 -#define FFA_RET_RETRY -7 -#define FFA_RET_ABORTED -8 - -/* FFA_VERSION helpers */ -#define FFA_VERSION_MAJOR_SHIFT 16U -#define FFA_VERSION_MAJOR_MASK 0x7FFFU -#define FFA_VERSION_MINOR_SHIFT 0U -#define FFA_VERSION_MINOR_MASK 0xFFFFU -#define MAKE_FFA_VERSION(major, minor) \ - ((((major) & FFA_VERSION_MAJOR_MASK) << FFA_VERSION_MAJOR_SHIFT) | \ - ((minor) & FFA_VERSION_MINOR_MASK)) - -#define FFA_VERSION_1_0 MAKE_FFA_VERSION(1, 0) -#define FFA_VERSION_1_1 MAKE_FFA_VERSION(1, 1) -/* The minimal FF-A version of the SPMC that can be supported */ -#define FFA_MIN_SPMC_VERSION FFA_VERSION_1_1 - -/* - * This is the version we want to use in communication with guests and SPs. - * During negotiation with a guest or a SP we may need to lower it for - * that particular guest or SP. - */ -#define FFA_MY_VERSION_MAJOR 1U -#define FFA_MY_VERSION_MINOR 1U -#define FFA_MY_VERSION MAKE_FFA_VERSION(FFA_MY_VERSION_MAJOR, \ - FFA_MY_VERSION_MINOR) - -/* - * The FF-A specification explicitly works with 4K pages as a measure of - * memory size, for example, FFA_RXTX_MAP takes one parameter "RX/TX page - * count" which is the number of contiguous 4K pages allocated. Xen may use - * a different page size depending on the configuration to avoid confusion - * with PAGE_SIZE use a special define when it's a page size as in the FF-A - * specification. - */ -#define FFA_PAGE_SIZE SZ_4K - -/* - * The number of pages used for each of the RX and TX buffers shared with - * the SPMC. - */ -#define FFA_RXTX_PAGE_COUNT 1 - -/* - * Limit the number of pages RX/TX buffers guests can map. - * TODO support a larger number. - */ -#define FFA_MAX_RXTX_PAGE_COUNT 1 - -/* - * Limit for shared buffer size. Please note that this define limits - * number of pages. - * - * FF-A doesn't have any direct requirements on GlobalPlatform or vice - * versa, but an implementation can very well use FF-A in order to provide - * a GlobalPlatform interface on top. - * - * Global Platform specification for TEE requires that any TEE - * implementation should allow to share buffers with size of at least - * 512KB, defined in TEEC-1.0C page 24, Table 4-1, - * TEEC_CONFIG_SHAREDMEM_MAX_SIZE. - * Due to overhead which can be hard to predict exactly, double this number - * to give a safe margin. - */ -#define FFA_MAX_SHM_PAGE_COUNT (2 * SZ_512K / FFA_PAGE_SIZE) - -/* - * Limits the number of shared buffers that guest can have at once. This - * is to prevent case, when guests trick XEN into exhausting its own - * memory by allocating many small buffers. This value has been chosen - * arbitrarily. - */ -#define FFA_MAX_SHM_COUNT 32 - -/* - * The time we wait until trying to tear down a domain again if it was - * blocked initially. - */ -#define FFA_CTX_TEARDOWN_DELAY SECONDS(1) - -/* FF-A-1.1-REL0 section 10.9.2 Memory region handle, page 167 */ -#define FFA_HANDLE_HYP_FLAG BIT(63, ULL) -#define FFA_HANDLE_INVALID 0xffffffffffffffffULL - -/* - * Memory attributes: Normal memory, Write-Back cacheable, Inner shareable - * Defined in FF-A-1.1-REL0 Table 10.18 at page 175. - */ -#define FFA_NORMAL_MEM_REG_ATTR 0x2fU -/* - * Memory access permissions: Read-write - * Defined in FF-A-1.1-REL0 Table 10.15 at page 168. - */ -#define FFA_MEM_ACC_RW 0x2U - -/* FF-A-1.1-REL0 section 10.11.4 Flags usage, page 184-187 */ -/* Clear memory before mapping in receiver */ -#define FFA_MEMORY_REGION_FLAG_CLEAR BIT(0, U) -/* Relayer may time slice this operation */ -#define FFA_MEMORY_REGION_FLAG_TIME_SLICE BIT(1, U) -/* Clear memory after receiver relinquishes it */ -#define FFA_MEMORY_REGION_FLAG_CLEAR_RELINQUISH BIT(2, U) -/* Share memory transaction */ -#define FFA_MEMORY_REGION_TRANSACTION_TYPE_SHARE (1U << 3) - -/* - * Flags and field values used for the MSG_SEND_DIRECT_REQ/RESP: - * BIT(31): Framework or partition message - * BIT(7-0): Message type for frameworks messages - */ -#define FFA_MSG_FLAG_FRAMEWORK BIT(31, U) -#define FFA_MSG_TYPE_MASK 0xFFU; -#define FFA_MSG_PSCI 0x0U -#define FFA_MSG_SEND_VM_CREATED 0x4U -#define FFA_MSG_RESP_VM_CREATED 0x5U -#define FFA_MSG_SEND_VM_DESTROYED 0x6U -#define FFA_MSG_RESP_VM_DESTROYED 0x7U - -/* - * Flags to determine partition properties in FFA_PARTITION_INFO_GET return - * message: - * BIT(0): Supports receipt of direct requests - * BIT(1): Can send direct requests - * BIT(2): Can send and receive indirect messages - * BIT(3): Supports receipt of notifications - * BIT(4-5): Partition ID is a PE endpoint ID - * BIT(6): Partition must be informed about each VM that is created by - * the Hypervisor - * BIT(7): Partition must be informed about each VM that is destroyed by - * the Hypervisor - * BIT(8): Partition runs in the AArch64 execution state else AArch32 - * execution state - */ -#define FFA_PART_PROP_DIRECT_REQ_RECV BIT(0, U) -#define FFA_PART_PROP_DIRECT_REQ_SEND BIT(1, U) -#define FFA_PART_PROP_INDIRECT_MSGS BIT(2, U) -#define FFA_PART_PROP_RECV_NOTIF BIT(3, U) -#define FFA_PART_PROP_IS_TYPE_MASK (3U << 4) -#define FFA_PART_PROP_IS_PE_ID (0U << 4) -#define FFA_PART_PROP_IS_SEPID_INDEP (1U << 4) -#define FFA_PART_PROP_IS_SEPID_DEP (2U << 4) -#define FFA_PART_PROP_IS_AUX_ID (3U << 4) -#define FFA_PART_PROP_NOTIF_CREATED BIT(6, U) -#define FFA_PART_PROP_NOTIF_DESTROYED BIT(7, U) -#define FFA_PART_PROP_AARCH64_STATE BIT(8, U) - -/* - * Flag used as parameter to FFA_PARTITION_INFO_GET to return partition - * count only. - */ -#define FFA_PARTITION_INFO_GET_COUNT_FLAG BIT(0, U) - -/* Function IDs */ -#define FFA_ERROR 0x84000060U -#define FFA_SUCCESS_32 0x84000061U -#define FFA_SUCCESS_64 0xC4000061U -#define FFA_INTERRUPT 0x84000062U -#define FFA_VERSION 0x84000063U -#define FFA_FEATURES 0x84000064U -#define FFA_RX_ACQUIRE 0x84000084U -#define FFA_RX_RELEASE 0x84000065U -#define FFA_RXTX_MAP_32 0x84000066U -#define FFA_RXTX_MAP_64 0xC4000066U -#define FFA_RXTX_UNMAP 0x84000067U -#define FFA_PARTITION_INFO_GET 0x84000068U -#define FFA_ID_GET 0x84000069U -#define FFA_SPM_ID_GET 0x84000085U -#define FFA_MSG_WAIT 0x8400006BU -#define FFA_MSG_YIELD 0x8400006CU -#define FFA_RUN 0x8400006DU -#define FFA_MSG_SEND2 0x84000086U -#define FFA_MSG_SEND_DIRECT_REQ_32 0x8400006FU -#define FFA_MSG_SEND_DIRECT_REQ_64 0xC400006FU -#define FFA_MSG_SEND_DIRECT_RESP_32 0x84000070U -#define FFA_MSG_SEND_DIRECT_RESP_64 0xC4000070U -#define FFA_MEM_DONATE_32 0x84000071U -#define FFA_MEM_DONATE_64 0xC4000071U -#define FFA_MEM_LEND_32 0x84000072U -#define FFA_MEM_LEND_64 0xC4000072U -#define FFA_MEM_SHARE_32 0x84000073U -#define FFA_MEM_SHARE_64 0xC4000073U -#define FFA_MEM_RETRIEVE_REQ_32 0x84000074U -#define FFA_MEM_RETRIEVE_REQ_64 0xC4000074U -#define FFA_MEM_RETRIEVE_RESP 0x84000075U -#define FFA_MEM_RELINQUISH 0x84000076U -#define FFA_MEM_RECLAIM 0x84000077U -#define FFA_MEM_FRAG_RX 0x8400007AU -#define FFA_MEM_FRAG_TX 0x8400007BU -#define FFA_MSG_SEND 0x8400006EU -#define FFA_MSG_POLL 0x8400006AU +#include "ffa_private.h" /* * Structs below ending with _1_0 are defined in FF-A-1.0-REL and @@ -382,39 +185,6 @@ struct ffa_endpoint_rxtx_descriptor_1_1 { uint32_t tx_region_offs; }; -struct ffa_ctx { - void *rx; - const void *tx; - struct page_info *rx_pg; - struct page_info *tx_pg; - /* Number of 4kB pages in each of rx/rx_pg and tx/tx_pg */ - unsigned int page_count; - /* FF-A version used by the guest */ - uint32_t guest_vers; - bool rx_is_free; - /* Used shared memory objects, struct ffa_shm_mem */ - struct list_head shm_list; - /* Number of allocated shared memory object */ - unsigned int shm_count; - /* - * tx_lock is used to serialize access to tx - * rx_lock is used to serialize access to rx - * lock is used for the rest in this struct - */ - spinlock_t tx_lock; - spinlock_t rx_lock; - spinlock_t lock; - /* Used if domain can't be torn down immediately */ - struct domain *teardown_d; - struct list_head teardown_list; - s_time_t teardown_expire; - /* - * Used for ffa_domain_teardown() to keep track of which SPs should be - * notified that this guest is being destroyed. - */ - unsigned long vm_destroy_bitmap[]; -}; - struct ffa_shm_mem { struct list_head list; uint16_t sender_id; @@ -473,40 +243,6 @@ static bool ffa_get_version(uint32_t *vers) return true; } -static int32_t ffa_get_ret_code(const struct arm_smccc_1_2_regs *resp) -{ - switch ( resp->a0 ) - { - case FFA_ERROR: - if ( resp->a2 ) - return resp->a2; - else - return FFA_RET_NOT_SUPPORTED; - case FFA_SUCCESS_32: - case FFA_SUCCESS_64: - return FFA_RET_OK; - default: - return FFA_RET_NOT_SUPPORTED; - } -} - -static int32_t ffa_simple_call(uint32_t fid, register_t a1, register_t a2, - register_t a3, register_t a4) -{ - const struct arm_smccc_1_2_regs arg = { - .a0 = fid, - .a1 = a1, - .a2 = a2, - .a3 = a3, - .a4 = a4, - }; - struct arm_smccc_1_2_regs resp; - - arm_smccc_1_2_smc(&arg, &resp); - - return ffa_get_ret_code(&resp); -} - static int32_t ffa_features(uint32_t id) { return ffa_simple_call(FFA_FEATURES, id, 0, 0, 0); @@ -654,38 +390,6 @@ static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id, return res; } -static uint16_t ffa_get_vm_id(const struct domain *d) -{ - /* +1 since 0 is reserved for the hypervisor in FF-A */ - return d->domain_id + 1; -} - -static void ffa_set_regs(struct cpu_user_regs *regs, register_t v0, - register_t v1, register_t v2, register_t v3, - register_t v4, register_t v5, register_t v6, - register_t v7) -{ - set_user_reg(regs, 0, v0); - set_user_reg(regs, 1, v1); - set_user_reg(regs, 2, v2); - set_user_reg(regs, 3, v3); - set_user_reg(regs, 4, v4); - set_user_reg(regs, 5, v5); - set_user_reg(regs, 6, v6); - set_user_reg(regs, 7, v7); -} - -static void ffa_set_regs_error(struct cpu_user_regs *regs, uint32_t error_code) -{ - ffa_set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0); -} - -static void ffa_set_regs_success(struct cpu_user_regs *regs, uint32_t w2, - uint32_t w3) -{ - ffa_set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0); -} - static void handle_version(struct cpu_user_regs *regs) { struct domain *d = current->domain; diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h new file mode 100644 index 0000000000..8352b6b55a --- /dev/null +++ b/xen/arch/arm/tee/ffa_private.h @@ -0,0 +1,318 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 Linaro Limited + */ + +#ifndef __FFA_PRIVATE_H__ +#define __FFA_PRIVATE_H__ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* Error codes */ +#define FFA_RET_OK 0 +#define FFA_RET_NOT_SUPPORTED -1 +#define FFA_RET_INVALID_PARAMETERS -2 +#define FFA_RET_NO_MEMORY -3 +#define FFA_RET_BUSY -4 +#define FFA_RET_INTERRUPTED -5 +#define FFA_RET_DENIED -6 +#define FFA_RET_RETRY -7 +#define FFA_RET_ABORTED -8 + +/* FFA_VERSION helpers */ +#define FFA_VERSION_MAJOR_SHIFT 16U +#define FFA_VERSION_MAJOR_MASK 0x7FFFU +#define FFA_VERSION_MINOR_SHIFT 0U +#define FFA_VERSION_MINOR_MASK 0xFFFFU +#define MAKE_FFA_VERSION(major, minor) \ + ((((major) & FFA_VERSION_MAJOR_MASK) << FFA_VERSION_MAJOR_SHIFT) | \ + ((minor) & FFA_VERSION_MINOR_MASK)) + +#define FFA_VERSION_1_0 MAKE_FFA_VERSION(1, 0) +#define FFA_VERSION_1_1 MAKE_FFA_VERSION(1, 1) +/* The minimal FF-A version of the SPMC that can be supported */ +#define FFA_MIN_SPMC_VERSION FFA_VERSION_1_1 + +/* + * This is the version we want to use in communication with guests and SPs. + * During negotiation with a guest or a SP we may need to lower it for + * that particular guest or SP. + */ +#define FFA_MY_VERSION_MAJOR 1U +#define FFA_MY_VERSION_MINOR 1U +#define FFA_MY_VERSION MAKE_FFA_VERSION(FFA_MY_VERSION_MAJOR, \ + FFA_MY_VERSION_MINOR) + +/* + * The FF-A specification explicitly works with 4K pages as a measure of + * memory size, for example, FFA_RXTX_MAP takes one parameter "RX/TX page + * count" which is the number of contiguous 4K pages allocated. Xen may use + * a different page size depending on the configuration to avoid confusion + * with PAGE_SIZE use a special define when it's a page size as in the FF-A + * specification. + */ +#define FFA_PAGE_SIZE SZ_4K + +/* + * The number of pages used for each of the RX and TX buffers shared with + * the SPMC. + */ +#define FFA_RXTX_PAGE_COUNT 1 + +/* + * Limit the number of pages RX/TX buffers guests can map. + * TODO support a larger number. + */ +#define FFA_MAX_RXTX_PAGE_COUNT 1 + +/* + * Limit for shared buffer size. Please note that this define limits + * number of pages. + * + * FF-A doesn't have any direct requirements on GlobalPlatform or vice + * versa, but an implementation can very well use FF-A in order to provide + * a GlobalPlatform interface on top. + * + * Global Platform specification for TEE requires that any TEE + * implementation should allow to share buffers with size of at least + * 512KB, defined in TEEC-1.0C page 24, Table 4-1, + * TEEC_CONFIG_SHAREDMEM_MAX_SIZE. + * Due to overhead which can be hard to predict exactly, double this number + * to give a safe margin. + */ +#define FFA_MAX_SHM_PAGE_COUNT (2 * SZ_512K / FFA_PAGE_SIZE) + +/* + * Limits the number of shared buffers that guest can have at once. This + * is to prevent case, when guests trick XEN into exhausting its own + * memory by allocating many small buffers. This value has been chosen + * arbitrarily. + */ +#define FFA_MAX_SHM_COUNT 32 + +/* + * The time we wait until trying to tear down a domain again if it was + * blocked initially. + */ +#define FFA_CTX_TEARDOWN_DELAY SECONDS(1) + +/* FF-A-1.1-REL0 section 10.9.2 Memory region handle, page 167 */ +#define FFA_HANDLE_HYP_FLAG BIT(63, ULL) +#define FFA_HANDLE_INVALID 0xffffffffffffffffULL + +/* + * Memory attributes: Normal memory, Write-Back cacheable, Inner shareable + * Defined in FF-A-1.1-REL0 Table 10.18 at page 175. + */ +#define FFA_NORMAL_MEM_REG_ATTR 0x2fU +/* + * Memory access permissions: Read-write + * Defined in FF-A-1.1-REL0 Table 10.15 at page 168. + */ +#define FFA_MEM_ACC_RW 0x2U + +/* FF-A-1.1-REL0 section 10.11.4 Flags usage, page 184-187 */ +/* Clear memory before mapping in receiver */ +#define FFA_MEMORY_REGION_FLAG_CLEAR BIT(0, U) +/* Relayer may time slice this operation */ +#define FFA_MEMORY_REGION_FLAG_TIME_SLICE BIT(1, U) +/* Clear memory after receiver relinquishes it */ +#define FFA_MEMORY_REGION_FLAG_CLEAR_RELINQUISH BIT(2, U) +/* Share memory transaction */ +#define FFA_MEMORY_REGION_TRANSACTION_TYPE_SHARE (1U << 3) + +/* + * Flags and field values used for the MSG_SEND_DIRECT_REQ/RESP: + * BIT(31): Framework or partition message + * BIT(7-0): Message type for frameworks messages + */ +#define FFA_MSG_FLAG_FRAMEWORK BIT(31, U) +#define FFA_MSG_TYPE_MASK 0xFFU; +#define FFA_MSG_PSCI 0x0U +#define FFA_MSG_SEND_VM_CREATED 0x4U +#define FFA_MSG_RESP_VM_CREATED 0x5U +#define FFA_MSG_SEND_VM_DESTROYED 0x6U +#define FFA_MSG_RESP_VM_DESTROYED 0x7U + +/* + * Flags to determine partition properties in FFA_PARTITION_INFO_GET return + * message: + * BIT(0): Supports receipt of direct requests + * BIT(1): Can send direct requests + * BIT(2): Can send and receive indirect messages + * BIT(3): Supports receipt of notifications + * BIT(4-5): Partition ID is a PE endpoint ID + * BIT(6): Partition must be informed about each VM that is created by + * the Hypervisor + * BIT(7): Partition must be informed about each VM that is destroyed by + * the Hypervisor + * BIT(8): Partition runs in the AArch64 execution state else AArch32 + * execution state + */ +#define FFA_PART_PROP_DIRECT_REQ_RECV BIT(0, U) +#define FFA_PART_PROP_DIRECT_REQ_SEND BIT(1, U) +#define FFA_PART_PROP_INDIRECT_MSGS BIT(2, U) +#define FFA_PART_PROP_RECV_NOTIF BIT(3, U) +#define FFA_PART_PROP_IS_TYPE_MASK (3U << 4) +#define FFA_PART_PROP_IS_PE_ID (0U << 4) +#define FFA_PART_PROP_IS_SEPID_INDEP (1U << 4) +#define FFA_PART_PROP_IS_SEPID_DEP (2U << 4) +#define FFA_PART_PROP_IS_AUX_ID (3U << 4) +#define FFA_PART_PROP_NOTIF_CREATED BIT(6, U) +#define FFA_PART_PROP_NOTIF_DESTROYED BIT(7, U) +#define FFA_PART_PROP_AARCH64_STATE BIT(8, U) + +/* + * Flag used as parameter to FFA_PARTITION_INFO_GET to return partition + * count only. + */ +#define FFA_PARTITION_INFO_GET_COUNT_FLAG BIT(0, U) + +/* Function IDs */ +#define FFA_ERROR 0x84000060U +#define FFA_SUCCESS_32 0x84000061U +#define FFA_SUCCESS_64 0xC4000061U +#define FFA_INTERRUPT 0x84000062U +#define FFA_VERSION 0x84000063U +#define FFA_FEATURES 0x84000064U +#define FFA_RX_ACQUIRE 0x84000084U +#define FFA_RX_RELEASE 0x84000065U +#define FFA_RXTX_MAP_32 0x84000066U +#define FFA_RXTX_MAP_64 0xC4000066U +#define FFA_RXTX_UNMAP 0x84000067U +#define FFA_PARTITION_INFO_GET 0x84000068U +#define FFA_ID_GET 0x84000069U +#define FFA_SPM_ID_GET 0x84000085U +#define FFA_MSG_WAIT 0x8400006BU +#define FFA_MSG_YIELD 0x8400006CU +#define FFA_RUN 0x8400006DU +#define FFA_MSG_SEND2 0x84000086U +#define FFA_MSG_SEND_DIRECT_REQ_32 0x8400006FU +#define FFA_MSG_SEND_DIRECT_REQ_64 0xC400006FU +#define FFA_MSG_SEND_DIRECT_RESP_32 0x84000070U +#define FFA_MSG_SEND_DIRECT_RESP_64 0xC4000070U +#define FFA_MEM_DONATE_32 0x84000071U +#define FFA_MEM_DONATE_64 0xC4000071U +#define FFA_MEM_LEND_32 0x84000072U +#define FFA_MEM_LEND_64 0xC4000072U +#define FFA_MEM_SHARE_32 0x84000073U +#define FFA_MEM_SHARE_64 0xC4000073U +#define FFA_MEM_RETRIEVE_REQ_32 0x84000074U +#define FFA_MEM_RETRIEVE_REQ_64 0xC4000074U +#define FFA_MEM_RETRIEVE_RESP 0x84000075U +#define FFA_MEM_RELINQUISH 0x84000076U +#define FFA_MEM_RECLAIM 0x84000077U +#define FFA_MEM_FRAG_RX 0x8400007AU +#define FFA_MEM_FRAG_TX 0x8400007BU +#define FFA_MSG_SEND 0x8400006EU +#define FFA_MSG_POLL 0x8400006AU + +struct ffa_ctx { + void *rx; + const void *tx; + struct page_info *rx_pg; + struct page_info *tx_pg; + /* Number of 4kB pages in each of rx/rx_pg and tx/tx_pg */ + unsigned int page_count; + /* FF-A version used by the guest */ + uint32_t guest_vers; + bool rx_is_free; + /* Used shared memory objects, struct ffa_shm_mem */ + struct list_head shm_list; + /* Number of allocated shared memory object */ + unsigned int shm_count; + /* + * tx_lock is used to serialize access to tx + * rx_lock is used to serialize access to rx + * lock is used for the rest in this struct + */ + spinlock_t tx_lock; + spinlock_t rx_lock; + spinlock_t lock; + /* Used if domain can't be torn down immediately */ + struct domain *teardown_d; + struct list_head teardown_list; + s_time_t teardown_expire; + /* + * Used for ffa_domain_teardown() to keep track of which SPs should be + * notified that this guest is being destroyed. + */ + unsigned long vm_destroy_bitmap[]; +}; + +static inline uint16_t ffa_get_vm_id(const struct domain *d) +{ + /* +1 since 0 is reserved for the hypervisor in FF-A */ + return d->domain_id + 1; +} + +static inline void ffa_set_regs(struct cpu_user_regs *regs, register_t v0, + register_t v1, register_t v2, register_t v3, + register_t v4, register_t v5, register_t v6, + register_t v7) +{ + set_user_reg(regs, 0, v0); + set_user_reg(regs, 1, v1); + set_user_reg(regs, 2, v2); + set_user_reg(regs, 3, v3); + set_user_reg(regs, 4, v4); + set_user_reg(regs, 5, v5); + set_user_reg(regs, 6, v6); + set_user_reg(regs, 7, v7); +} + +static inline void ffa_set_regs_error(struct cpu_user_regs *regs, + uint32_t error_code) +{ + ffa_set_regs(regs, FFA_ERROR, 0, error_code, 0, 0, 0, 0, 0); +} + +static inline void ffa_set_regs_success(struct cpu_user_regs *regs, + uint32_t w2, uint32_t w3) +{ + ffa_set_regs(regs, FFA_SUCCESS_32, 0, w2, w3, 0, 0, 0, 0); +} + +static inline int32_t ffa_get_ret_code(const struct arm_smccc_1_2_regs *resp) +{ + switch ( resp->a0 ) + { + case FFA_ERROR: + if ( resp->a2 ) + return resp->a2; + else + return FFA_RET_NOT_SUPPORTED; + case FFA_SUCCESS_32: + case FFA_SUCCESS_64: + return FFA_RET_OK; + default: + return FFA_RET_NOT_SUPPORTED; + } +} + +static inline int32_t ffa_simple_call(uint32_t fid, register_t a1, + register_t a2, register_t a3, + register_t a4) +{ + const struct arm_smccc_1_2_regs arg = { + .a0 = fid, + .a1 = a1, + .a2 = a2, + .a3 = a3, + .a4 = a4, + }; + struct arm_smccc_1_2_regs resp; + + arm_smccc_1_2_smc(&arg, &resp); + + return ffa_get_ret_code(&resp); +} + +#endif /*__FFA_PRIVATE_H__*/ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 21:00:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 21:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700990.1094929 (Exim 4.92) (envelope-from ) id 1rsUC7-0007sp-Bj; Thu, 04 Apr 2024 21:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700990.1094929; Thu, 04 Apr 2024 21:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUC7-0007si-8o; Thu, 04 Apr 2024 21:00:23 +0000 Received: by outflank-mailman (input) for mailman id 700990; Thu, 04 Apr 2024 21:00:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUC5-0007sR-UO for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUC5-0007X5-TA for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsUC5-00028q-SC for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GUbzkkInCAvMgwK2g0yyULPoN6uuLJtzInfQHrcsHmw=; b=tvny+wi5Dh4iaZ9xYgFI3orj+l OFE1TJjSBdyXiVtOaPT5B3//yI7lImx1FQNsK+fGFjmpO3yMXCZnS74SMRSu+HVHJKLoHqE4p+51G 1SLHLH2mEVmhm3unaGEppn1EZTvEqIqO+DjtBqBjijXhopTAHTOnZXJRY3tzaqQAOxYg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: ffa: separate memory sharing routines Message-Id: Date: Thu, 04 Apr 2024 21:00:21 +0000 commit 88368672003e7d97c82f01a2cc7ac87c6f6c5585 Author: Jens Wiklander AuthorDate: Mon Mar 25 10:39:01 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:10:45 2024 -0700 xen/arm: ffa: separate memory sharing routines Move memory sharing routines into a separate file for easier navigation in the source code. Add ffa_shm_domain_destroy() to isolate the ffa_shm things in ffa_domain_teardown_continue(). Signed-off-by: Jens Wiklander [stefano: fix date in header] Signed-off-by: Stefano Stabellini Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/Makefile | 1 + xen/arch/arm/tee/ffa.c | 708 +---------------------------------------- xen/arch/arm/tee/ffa_private.h | 10 + xen/arch/arm/tee/ffa_shm.c | 708 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 729 insertions(+), 698 deletions(-) diff --git a/xen/arch/arm/tee/Makefile b/xen/arch/arm/tee/Makefile index 58a1015e40..0e683d23aa 100644 --- a/xen/arch/arm/tee/Makefile +++ b/xen/arch/arm/tee/Makefile @@ -1,3 +1,4 @@ obj-$(CONFIG_FFA) += ffa.o +obj-$(CONFIG_FFA) += ffa_shm.o obj-y += tee.o obj-$(CONFIG_OPTEE) += optee.o diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index 259851f20b..db36292dc5 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -84,92 +84,6 @@ struct ffa_partition_info_1_1 { uint8_t uuid[16]; }; -/* Constituent memory region descriptor */ -struct ffa_address_range { - uint64_t address; - uint32_t page_count; - uint32_t reserved; -}; - -/* Composite memory region descriptor */ -struct ffa_mem_region { - uint32_t total_page_count; - uint32_t address_range_count; - uint64_t reserved; - struct ffa_address_range address_range_array[]; -}; - -/* Memory access permissions descriptor */ -struct ffa_mem_access_perm { - uint16_t endpoint_id; - uint8_t perm; - uint8_t flags; -}; - -/* Endpoint memory access descriptor */ -struct ffa_mem_access { - struct ffa_mem_access_perm access_perm; - uint32_t region_offs; - uint64_t reserved; -}; - -/* Lend, donate or share memory transaction descriptor */ -struct ffa_mem_transaction_1_0 { - uint16_t sender_id; - uint8_t mem_reg_attr; - uint8_t reserved0; - uint32_t flags; - uint64_t handle; - uint64_t tag; - uint32_t reserved1; - uint32_t mem_access_count; - struct ffa_mem_access mem_access_array[]; -}; - -struct ffa_mem_transaction_1_1 { - uint16_t sender_id; - uint16_t mem_reg_attr; - uint32_t flags; - uint64_t handle; - uint64_t tag; - uint32_t mem_access_size; - uint32_t mem_access_count; - uint32_t mem_access_offs; - uint8_t reserved[12]; -}; - -/* Calculate offset of struct ffa_mem_access from start of buffer */ -#define MEM_ACCESS_OFFSET(access_idx) \ - ( sizeof(struct ffa_mem_transaction_1_1) + \ - ( access_idx ) * sizeof(struct ffa_mem_access) ) - -/* Calculate offset of struct ffa_mem_region from start of buffer */ -#define REGION_OFFSET(access_count, region_idx) \ - ( MEM_ACCESS_OFFSET(access_count) + \ - ( region_idx ) * sizeof(struct ffa_mem_region) ) - -/* Calculate offset of struct ffa_address_range from start of buffer */ -#define ADDR_RANGE_OFFSET(access_count, region_count, range_idx) \ - ( REGION_OFFSET(access_count, region_count) + \ - ( range_idx ) * sizeof(struct ffa_address_range) ) - -/* - * The parts needed from struct ffa_mem_transaction_1_0 or struct - * ffa_mem_transaction_1_1, used to provide an abstraction of difference in - * data structures between version 1.0 and 1.1. This is just an internal - * interface and can be changed without changing any ABI. - */ -struct ffa_mem_transaction_int { - uint16_t sender_id; - uint8_t mem_reg_attr; - uint8_t flags; - uint8_t mem_access_size; - uint8_t mem_access_count; - uint16_t mem_access_offs; - uint64_t handle; - uint64_t tag; -}; - /* Endpoint RX/TX descriptor */ struct ffa_endpoint_rxtx_descriptor_1_0 { uint16_t sender_id; @@ -185,15 +99,6 @@ struct ffa_endpoint_rxtx_descriptor_1_1 { uint32_t tx_region_offs; }; -struct ffa_shm_mem { - struct list_head list; - uint16_t sender_id; - uint16_t ep_id; /* endpoint, the one lending */ - uint64_t handle; /* FFA_HANDLE_INVALID if not set yet */ - unsigned int page_count; - struct page_info *pages[]; -}; - /* Negotiated FF-A version to use with the SPMC */ static uint32_t __ro_after_init ffa_version; @@ -212,10 +117,10 @@ static uint16_t subscr_vm_destroyed_count __read_mostly; * for calls which uses our RX buffer to deliver a result we must call * ffa_rx_release() to let the SPMC know that we're done with the buffer. */ -static void *ffa_rx __read_mostly; -static void *ffa_tx __read_mostly; -static DEFINE_SPINLOCK(ffa_rx_buffer_lock); -static DEFINE_SPINLOCK(ffa_tx_buffer_lock); +void *ffa_rx __read_mostly; +void *ffa_tx __read_mostly; +DEFINE_SPINLOCK(ffa_rx_buffer_lock); +DEFINE_SPINLOCK(ffa_tx_buffer_lock); /* Used to track domains that could not be torn down immediately. */ @@ -297,47 +202,6 @@ static int32_t ffa_rx_release(void) return ffa_simple_call(FFA_RX_RELEASE, 0, 0, 0, 0); } -static int32_t ffa_mem_share(uint32_t tot_len, uint32_t frag_len, - register_t addr, uint32_t pg_count, - uint64_t *handle) -{ - struct arm_smccc_1_2_regs arg = { - .a0 = FFA_MEM_SHARE_64, - .a1 = tot_len, - .a2 = frag_len, - .a3 = addr, - .a4 = pg_count, - }; - struct arm_smccc_1_2_regs resp; - - arm_smccc_1_2_smc(&arg, &resp); - - switch ( resp.a0 ) - { - case FFA_ERROR: - if ( resp.a2 ) - return resp.a2; - else - return FFA_RET_NOT_SUPPORTED; - case FFA_SUCCESS_32: - *handle = regpair_to_uint64(resp.a3, resp.a2); - return FFA_RET_OK; - case FFA_MEM_FRAG_RX: - *handle = regpair_to_uint64(resp.a2, resp.a1); - if ( resp.a3 > INT32_MAX ) /* Impossible value */ - return FFA_RET_ABORTED; - return resp.a3 & INT32_MAX; - default: - return FFA_RET_NOT_SUPPORTED; - } -} - -static int32_t ffa_mem_reclaim(uint32_t handle_lo, uint32_t handle_hi, - uint32_t flags) -{ - return ffa_simple_call(FFA_MEM_RECLAIM, handle_lo, handle_hi, flags, 0); -} - static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id, uint8_t msg) { @@ -660,506 +524,6 @@ out: resp.a7 & mask); } -/* - * Gets all page and assigns them to the supplied shared memory object. If - * this function fails then the caller is still expected to call - * put_shm_pages() as a cleanup. - */ -static int get_shm_pages(struct domain *d, struct ffa_shm_mem *shm, - const struct ffa_address_range *range, - uint32_t range_count, unsigned int start_page_idx, - unsigned int *last_page_idx) -{ - unsigned int pg_idx = start_page_idx; - gfn_t gfn; - unsigned int n; - unsigned int m; - p2m_type_t t; - uint64_t addr; - uint64_t page_count; - - for ( n = 0; n < range_count; n++ ) - { - page_count = read_atomic(&range[n].page_count); - addr = read_atomic(&range[n].address); - for ( m = 0; m < page_count; m++ ) - { - if ( pg_idx >= shm->page_count ) - return FFA_RET_INVALID_PARAMETERS; - - gfn = gaddr_to_gfn(addr + m * FFA_PAGE_SIZE); - shm->pages[pg_idx] = get_page_from_gfn(d, gfn_x(gfn), &t, - P2M_ALLOC); - if ( !shm->pages[pg_idx] ) - return FFA_RET_DENIED; - /* Only normal RW RAM for now */ - if ( t != p2m_ram_rw ) - return FFA_RET_DENIED; - pg_idx++; - } - } - - *last_page_idx = pg_idx; - - return FFA_RET_OK; -} - -static void put_shm_pages(struct ffa_shm_mem *shm) -{ - unsigned int n; - - for ( n = 0; n < shm->page_count && shm->pages[n]; n++ ) - { - put_page(shm->pages[n]); - shm->pages[n] = NULL; - } -} - -static bool inc_ctx_shm_count(struct domain *d, struct ffa_ctx *ctx) -{ - bool ret = true; - - spin_lock(&ctx->lock); - - if ( ctx->shm_count >= FFA_MAX_SHM_COUNT ) - { - ret = false; - } - else - { - /* - * If this is the first shm added, increase the domain reference - * counter as we need to keep domain around a bit longer to reclaim - * the shared memory in the teardown path. - */ - if ( !ctx->shm_count ) - get_knownalive_domain(d); - - ctx->shm_count++; - } - - spin_unlock(&ctx->lock); - - return ret; -} - -static void dec_ctx_shm_count(struct domain *d, struct ffa_ctx *ctx) -{ - bool drop_ref; - - spin_lock(&ctx->lock); - - ASSERT(ctx->shm_count > 0); - ctx->shm_count--; - - /* - * If this was the last shm removed, let go of the domain reference we - * took in inc_ctx_shm_count() above. - */ - drop_ref = !ctx->shm_count; - - spin_unlock(&ctx->lock); - - if ( drop_ref ) - put_domain(d); -} - -static struct ffa_shm_mem *alloc_ffa_shm_mem(struct domain *d, - unsigned int page_count) -{ - struct ffa_ctx *ctx = d->arch.tee; - struct ffa_shm_mem *shm; - - if ( page_count >= FFA_MAX_SHM_PAGE_COUNT ) - return NULL; - if ( !inc_ctx_shm_count(d, ctx) ) - return NULL; - - shm = xzalloc_flex_struct(struct ffa_shm_mem, pages, page_count); - if ( shm ) - shm->page_count = page_count; - else - dec_ctx_shm_count(d, ctx); - - return shm; -} - -static void free_ffa_shm_mem(struct domain *d, struct ffa_shm_mem *shm) -{ - struct ffa_ctx *ctx = d->arch.tee; - - if ( !shm ) - return; - - dec_ctx_shm_count(d, ctx); - put_shm_pages(shm); - xfree(shm); -} - -static void init_range(struct ffa_address_range *addr_range, - paddr_t pa) -{ - memset(addr_range, 0, sizeof(*addr_range)); - addr_range->address = pa; - addr_range->page_count = 1; -} - -/* - * This function uses the ffa_tx buffer to transmit the memory transaction - * descriptor. The function depends ffa_tx_buffer_lock to be used to guard - * the buffer from concurrent use. - */ -static int share_shm(struct ffa_shm_mem *shm) -{ - const uint32_t max_frag_len = FFA_RXTX_PAGE_COUNT * FFA_PAGE_SIZE; - struct ffa_mem_access *mem_access_array; - struct ffa_mem_transaction_1_1 *descr; - struct ffa_address_range *addr_range; - struct ffa_mem_region *region_descr; - const unsigned int region_count = 1; - void *buf = ffa_tx; - uint32_t frag_len; - uint32_t tot_len; - paddr_t last_pa; - unsigned int n; - paddr_t pa; - - ASSERT(spin_is_locked(&ffa_tx_buffer_lock)); - ASSERT(shm->page_count); - - descr = buf; - memset(descr, 0, sizeof(*descr)); - descr->sender_id = shm->sender_id; - descr->handle = shm->handle; - descr->mem_reg_attr = FFA_NORMAL_MEM_REG_ATTR; - descr->mem_access_count = 1; - descr->mem_access_size = sizeof(*mem_access_array); - descr->mem_access_offs = MEM_ACCESS_OFFSET(0); - - mem_access_array = buf + descr->mem_access_offs; - memset(mem_access_array, 0, sizeof(*mem_access_array)); - mem_access_array[0].access_perm.endpoint_id = shm->ep_id; - mem_access_array[0].access_perm.perm = FFA_MEM_ACC_RW; - mem_access_array[0].region_offs = REGION_OFFSET(descr->mem_access_count, 0); - - region_descr = buf + mem_access_array[0].region_offs; - memset(region_descr, 0, sizeof(*region_descr)); - region_descr->total_page_count = shm->page_count; - - region_descr->address_range_count = 1; - last_pa = page_to_maddr(shm->pages[0]); - for ( n = 1; n < shm->page_count; last_pa = pa, n++ ) - { - pa = page_to_maddr(shm->pages[n]); - if ( last_pa + FFA_PAGE_SIZE == pa ) - continue; - region_descr->address_range_count++; - } - - tot_len = ADDR_RANGE_OFFSET(descr->mem_access_count, region_count, - region_descr->address_range_count); - if ( tot_len > max_frag_len ) - return FFA_RET_NOT_SUPPORTED; - - addr_range = region_descr->address_range_array; - frag_len = ADDR_RANGE_OFFSET(descr->mem_access_count, region_count, 1); - last_pa = page_to_maddr(shm->pages[0]); - init_range(addr_range, last_pa); - for ( n = 1; n < shm->page_count; last_pa = pa, n++ ) - { - pa = page_to_maddr(shm->pages[n]); - if ( last_pa + FFA_PAGE_SIZE == pa ) - { - addr_range->page_count++; - continue; - } - - frag_len += sizeof(*addr_range); - addr_range++; - init_range(addr_range, pa); - } - - return ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle); -} - -static int read_mem_transaction(uint32_t ffa_vers, const void *buf, size_t blen, - struct ffa_mem_transaction_int *trans) -{ - uint16_t mem_reg_attr; - uint32_t flags; - uint32_t count; - uint32_t offs; - uint32_t size; - - if ( ffa_vers >= FFA_VERSION_1_1 ) - { - const struct ffa_mem_transaction_1_1 *descr; - - if ( blen < sizeof(*descr) ) - return FFA_RET_INVALID_PARAMETERS; - - descr = buf; - trans->sender_id = descr->sender_id; - mem_reg_attr = descr->mem_reg_attr; - flags = descr->flags; - trans->handle = descr->handle; - trans->tag = descr->tag; - - count = descr->mem_access_count; - size = descr->mem_access_size; - offs = descr->mem_access_offs; - } - else - { - const struct ffa_mem_transaction_1_0 *descr; - - if ( blen < sizeof(*descr) ) - return FFA_RET_INVALID_PARAMETERS; - - descr = buf; - trans->sender_id = descr->sender_id; - mem_reg_attr = descr->mem_reg_attr; - flags = descr->flags; - trans->handle = descr->handle; - trans->tag = descr->tag; - - count = descr->mem_access_count; - size = sizeof(struct ffa_mem_access); - offs = offsetof(struct ffa_mem_transaction_1_0, mem_access_array); - } - /* - * Make sure that "descr" which is shared with the guest isn't accessed - * again after this point. - */ - barrier(); - - /* - * We're doing a rough check to see that no information is lost when - * tranfering the values into a struct ffa_mem_transaction_int below. - * The fields in struct ffa_mem_transaction_int are wide enough to hold - * any valid value so being out of range means that something is wrong. - */ - if ( mem_reg_attr > UINT8_MAX || flags > UINT8_MAX || size > UINT8_MAX || - count > UINT8_MAX || offs > UINT16_MAX ) - return FFA_RET_INVALID_PARAMETERS; - - /* Check that the endpoint memory access descriptor array fits */ - if ( size * count + offs > blen ) - return FFA_RET_INVALID_PARAMETERS; - - trans->mem_reg_attr = mem_reg_attr; - trans->flags = flags; - trans->mem_access_size = size; - trans->mem_access_count = count; - trans->mem_access_offs = offs; - - return 0; -} - -static void ffa_handle_mem_share(struct cpu_user_regs *regs) -{ - uint32_t tot_len = get_user_reg(regs, 1); - uint32_t frag_len = get_user_reg(regs, 2); - uint64_t addr = get_user_reg(regs, 3); - uint32_t page_count = get_user_reg(regs, 4); - const struct ffa_mem_region *region_descr; - const struct ffa_mem_access *mem_access; - struct ffa_mem_transaction_int trans; - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - struct ffa_shm_mem *shm = NULL; - unsigned int last_page_idx = 0; - register_t handle_hi = 0; - register_t handle_lo = 0; - int ret = FFA_RET_DENIED; - uint32_t range_count; - uint32_t region_offs; - - /* - * We're only accepting memory transaction descriptors via the rx/tx - * buffer. - */ - if ( addr ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_set_ret; - } - - /* Check that fragment length doesn't exceed total length */ - if ( frag_len > tot_len ) - { - ret = FFA_RET_INVALID_PARAMETERS; - goto out_set_ret; - } - - /* We currently only support a single fragment */ - if ( frag_len != tot_len ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_set_ret; - } - - if ( !spin_trylock(&ctx->tx_lock) ) - { - ret = FFA_RET_BUSY; - goto out_set_ret; - } - - if ( frag_len > ctx->page_count * FFA_PAGE_SIZE ) - goto out_unlock; - - ret = read_mem_transaction(ctx->guest_vers, ctx->tx, frag_len, &trans); - if ( ret ) - goto out_unlock; - - if ( trans.mem_reg_attr != FFA_NORMAL_MEM_REG_ATTR ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_unlock; - } - - /* Only supports sharing it with one SP for now */ - if ( trans.mem_access_count != 1 ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_unlock; - } - - if ( trans.sender_id != ffa_get_vm_id(d) ) - { - ret = FFA_RET_INVALID_PARAMETERS; - goto out_unlock; - } - - /* Check that it fits in the supplied data */ - if ( trans.mem_access_offs + trans.mem_access_size > frag_len ) - goto out_unlock; - - mem_access = ctx->tx + trans.mem_access_offs; - if ( read_atomic(&mem_access->access_perm.perm) != FFA_MEM_ACC_RW ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_unlock; - } - - region_offs = read_atomic(&mem_access->region_offs); - if ( sizeof(*region_descr) + region_offs > frag_len ) - { - ret = FFA_RET_NOT_SUPPORTED; - goto out_unlock; - } - - region_descr = ctx->tx + region_offs; - range_count = read_atomic(®ion_descr->address_range_count); - page_count = read_atomic(®ion_descr->total_page_count); - - if ( !page_count ) - { - ret = FFA_RET_INVALID_PARAMETERS; - goto out_unlock; - } - - shm = alloc_ffa_shm_mem(d, page_count); - if ( !shm ) - { - ret = FFA_RET_NO_MEMORY; - goto out_unlock; - } - shm->sender_id = trans.sender_id; - shm->ep_id = read_atomic(&mem_access->access_perm.endpoint_id); - - /* - * Check that the Composite memory region descriptor fits. - */ - if ( sizeof(*region_descr) + region_offs + - range_count * sizeof(struct ffa_address_range) > frag_len ) - { - ret = FFA_RET_INVALID_PARAMETERS; - goto out; - } - - ret = get_shm_pages(d, shm, region_descr->address_range_array, range_count, - 0, &last_page_idx); - if ( ret ) - goto out; - if ( last_page_idx != shm->page_count ) - { - ret = FFA_RET_INVALID_PARAMETERS; - goto out; - } - - /* Note that share_shm() uses our tx buffer */ - spin_lock(&ffa_tx_buffer_lock); - ret = share_shm(shm); - spin_unlock(&ffa_tx_buffer_lock); - if ( ret ) - goto out; - - spin_lock(&ctx->lock); - list_add_tail(&shm->list, &ctx->shm_list); - spin_unlock(&ctx->lock); - - uint64_to_regpair(&handle_hi, &handle_lo, shm->handle); - -out: - if ( ret ) - free_ffa_shm_mem(d, shm); -out_unlock: - spin_unlock(&ctx->tx_lock); - -out_set_ret: - if ( ret == 0) - ffa_set_regs_success(regs, handle_lo, handle_hi); - else - ffa_set_regs_error(regs, ret); -} - -/* Must only be called with ctx->lock held */ -static struct ffa_shm_mem *find_shm_mem(struct ffa_ctx *ctx, uint64_t handle) -{ - struct ffa_shm_mem *shm; - - list_for_each_entry(shm, &ctx->shm_list, list) - if ( shm->handle == handle ) - return shm; - - return NULL; -} - -static int ffa_handle_mem_reclaim(uint64_t handle, uint32_t flags) -{ - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - struct ffa_shm_mem *shm; - register_t handle_hi; - register_t handle_lo; - int ret; - - spin_lock(&ctx->lock); - shm = find_shm_mem(ctx, handle); - if ( shm ) - list_del(&shm->list); - spin_unlock(&ctx->lock); - if ( !shm ) - return FFA_RET_INVALID_PARAMETERS; - - uint64_to_regpair(&handle_hi, &handle_lo, handle); - ret = ffa_mem_reclaim(handle_lo, handle_hi, flags); - - if ( ret ) - { - spin_lock(&ctx->lock); - list_add_tail(&shm->list, &ctx->shm_list); - spin_unlock(&ctx->lock); - } - else - { - free_ffa_shm_mem(d, shm); - } - - return ret; -} - static bool ffa_handle_call(struct cpu_user_regs *regs) { uint32_t fid = get_user_reg(regs, 0); @@ -1284,8 +648,8 @@ static int ffa_domain_init(struct domain *d) if ( !ffa_version ) return -ENODEV; /* - * We can't use that last possible domain ID or get_vm_id() would cause - * an overflow. + * We can't use that last possible domain ID or ffa_get_vm_id() would + * cause an overflow. */ if ( d->domain_id >= UINT16_MAX) return -ERANGE; @@ -1348,68 +712,16 @@ static void send_vm_destroyed(struct domain *d) } } -static void ffa_reclaim_shms(struct domain *d) -{ - struct ffa_ctx *ctx = d->arch.tee; - struct ffa_shm_mem *shm, *tmp; - int32_t res; - - list_for_each_entry_safe(shm, tmp, &ctx->shm_list, list) - { - register_t handle_hi; - register_t handle_lo; - - uint64_to_regpair(&handle_hi, &handle_lo, shm->handle); - res = ffa_mem_reclaim(handle_lo, handle_hi, 0); - switch ( res ) { - case FFA_RET_OK: - printk(XENLOG_G_DEBUG "%pd: ffa: Reclaimed handle %#lx\n", - d, shm->handle); - list_del(&shm->list); - free_ffa_shm_mem(d, shm); - break; - case FFA_RET_DENIED: - /* - * A temporary error that may get resolved a bit later, it's - * worth retrying. - */ - printk(XENLOG_G_INFO "%pd: ffa: Failed to reclaim handle %#lx : %d\n", - d, shm->handle, res); - break; /* We will retry later */ - default: - /* - * The rest of the error codes are not expected and are assumed - * to be of a permanent nature. It not in our control to handle - * the error properly so the object in this case is to try to - * minimize the damage. - * - * FFA_RET_NO_MEMORY might be a temporary error as it it could - * succeed if retried later, but treat it as permanent for now. - */ - printk(XENLOG_G_INFO "%pd: ffa: Permanent failure to reclaim handle %#lx : %d\n", - d, shm->handle, res); - - /* - * Remove the shm from the list and free it, but don't drop - * references. This results in having the shared physical pages - * permanently allocate and also keeps the domain as a zombie - * domain. - */ - list_del(&shm->list); - xfree(shm); - break; - } - } -} - static void ffa_domain_teardown_continue(struct ffa_ctx *ctx, bool first_time) { struct ffa_ctx *next_ctx = NULL; + bool retry = false; send_vm_destroyed(ctx->teardown_d); - ffa_reclaim_shms(ctx->teardown_d); + if ( !ffa_shm_domain_destroy(ctx->teardown_d) ) + retry = true; - if ( ctx->shm_count || + if ( retry || !bitmap_empty(ctx->vm_destroy_bitmap, subscr_vm_destroyed_count) ) { printk(XENLOG_G_INFO "%pd: ffa: Remaining cleanup, retrying\n", ctx->teardown_d); diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h index 8352b6b55a..f3e2f42e57 100644 --- a/xen/arch/arm/tee/ffa_private.h +++ b/xen/arch/arm/tee/ffa_private.h @@ -247,6 +247,16 @@ struct ffa_ctx { unsigned long vm_destroy_bitmap[]; }; +extern void *ffa_rx; +extern void *ffa_tx; +extern spinlock_t ffa_rx_buffer_lock; +extern spinlock_t ffa_tx_buffer_lock; + +bool ffa_shm_domain_destroy(struct domain *d); +void ffa_handle_mem_share(struct cpu_user_regs *regs); +int ffa_handle_mem_reclaim(uint64_t handle, uint32_t flags); + + static inline uint16_t ffa_get_vm_id(const struct domain *d) { /* +1 since 0 is reserved for the hypervisor in FF-A */ diff --git a/xen/arch/arm/tee/ffa_shm.c b/xen/arch/arm/tee/ffa_shm.c new file mode 100644 index 0000000000..eed9ad2d29 --- /dev/null +++ b/xen/arch/arm/tee/ffa_shm.c @@ -0,0 +1,708 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2024 Linaro Limited + */ + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "ffa_private.h" + +/* Constituent memory region descriptor */ +struct ffa_address_range { + uint64_t address; + uint32_t page_count; + uint32_t reserved; +}; + +/* Composite memory region descriptor */ +struct ffa_mem_region { + uint32_t total_page_count; + uint32_t address_range_count; + uint64_t reserved; + struct ffa_address_range address_range_array[]; +}; + +/* Memory access permissions descriptor */ +struct ffa_mem_access_perm { + uint16_t endpoint_id; + uint8_t perm; + uint8_t flags; +}; + +/* Endpoint memory access descriptor */ +struct ffa_mem_access { + struct ffa_mem_access_perm access_perm; + uint32_t region_offs; + uint64_t reserved; +}; + +/* Lend, donate or share memory transaction descriptor */ +struct ffa_mem_transaction_1_0 { + uint16_t sender_id; + uint8_t mem_reg_attr; + uint8_t reserved0; + uint32_t flags; + uint64_t handle; + uint64_t tag; + uint32_t reserved1; + uint32_t mem_access_count; + struct ffa_mem_access mem_access_array[]; +}; + +struct ffa_mem_transaction_1_1 { + uint16_t sender_id; + uint16_t mem_reg_attr; + uint32_t flags; + uint64_t handle; + uint64_t tag; + uint32_t mem_access_size; + uint32_t mem_access_count; + uint32_t mem_access_offs; + uint8_t reserved[12]; +}; + +/* Calculate offset of struct ffa_mem_access from start of buffer */ +#define MEM_ACCESS_OFFSET(access_idx) \ + ( sizeof(struct ffa_mem_transaction_1_1) + \ + ( access_idx ) * sizeof(struct ffa_mem_access) ) + +/* Calculate offset of struct ffa_mem_region from start of buffer */ +#define REGION_OFFSET(access_count, region_idx) \ + ( MEM_ACCESS_OFFSET(access_count) + \ + ( region_idx ) * sizeof(struct ffa_mem_region) ) + +/* Calculate offset of struct ffa_address_range from start of buffer */ +#define ADDR_RANGE_OFFSET(access_count, region_count, range_idx) \ + ( REGION_OFFSET(access_count, region_count) + \ + ( range_idx ) * sizeof(struct ffa_address_range) ) + +/* + * The parts needed from struct ffa_mem_transaction_1_0 or struct + * ffa_mem_transaction_1_1, used to provide an abstraction of difference in + * data structures between version 1.0 and 1.1. This is just an internal + * interface and can be changed without changing any ABI. + */ +struct ffa_mem_transaction_int { + uint16_t sender_id; + uint8_t mem_reg_attr; + uint8_t flags; + uint8_t mem_access_size; + uint8_t mem_access_count; + uint16_t mem_access_offs; + uint64_t handle; + uint64_t tag; +}; + +struct ffa_shm_mem { + struct list_head list; + uint16_t sender_id; + uint16_t ep_id; /* endpoint, the one lending */ + uint64_t handle; /* FFA_HANDLE_INVALID if not set yet */ + unsigned int page_count; + struct page_info *pages[]; +}; + +static int32_t ffa_mem_share(uint32_t tot_len, uint32_t frag_len, + register_t addr, uint32_t pg_count, + uint64_t *handle) +{ + struct arm_smccc_1_2_regs arg = { + .a0 = FFA_MEM_SHARE_64, + .a1 = tot_len, + .a2 = frag_len, + .a3 = addr, + .a4 = pg_count, + }; + struct arm_smccc_1_2_regs resp; + + arm_smccc_1_2_smc(&arg, &resp); + + switch ( resp.a0 ) + { + case FFA_ERROR: + if ( resp.a2 ) + return resp.a2; + else + return FFA_RET_NOT_SUPPORTED; + case FFA_SUCCESS_32: + *handle = regpair_to_uint64(resp.a3, resp.a2); + return FFA_RET_OK; + case FFA_MEM_FRAG_RX: + *handle = regpair_to_uint64(resp.a2, resp.a1); + if ( resp.a3 > INT32_MAX ) /* Impossible value */ + return FFA_RET_ABORTED; + return resp.a3 & INT32_MAX; + default: + return FFA_RET_NOT_SUPPORTED; + } +} + +static int32_t ffa_mem_reclaim(uint32_t handle_lo, uint32_t handle_hi, + uint32_t flags) +{ + return ffa_simple_call(FFA_MEM_RECLAIM, handle_lo, handle_hi, flags, 0); +} + +/* + * Gets all page and assigns them to the supplied shared memory object. If + * this function fails then the caller is still expected to call + * put_shm_pages() as a cleanup. + */ +static int get_shm_pages(struct domain *d, struct ffa_shm_mem *shm, + const struct ffa_address_range *range, + uint32_t range_count, unsigned int start_page_idx, + unsigned int *last_page_idx) +{ + unsigned int pg_idx = start_page_idx; + gfn_t gfn; + unsigned int n; + unsigned int m; + p2m_type_t t; + uint64_t addr; + uint64_t page_count; + + for ( n = 0; n < range_count; n++ ) + { + page_count = read_atomic(&range[n].page_count); + addr = read_atomic(&range[n].address); + for ( m = 0; m < page_count; m++ ) + { + if ( pg_idx >= shm->page_count ) + return FFA_RET_INVALID_PARAMETERS; + + gfn = gaddr_to_gfn(addr + m * FFA_PAGE_SIZE); + shm->pages[pg_idx] = get_page_from_gfn(d, gfn_x(gfn), &t, + P2M_ALLOC); + if ( !shm->pages[pg_idx] ) + return FFA_RET_DENIED; + /* Only normal RW RAM for now */ + if ( t != p2m_ram_rw ) + return FFA_RET_DENIED; + pg_idx++; + } + } + + *last_page_idx = pg_idx; + + return FFA_RET_OK; +} + +static void put_shm_pages(struct ffa_shm_mem *shm) +{ + unsigned int n; + + for ( n = 0; n < shm->page_count && shm->pages[n]; n++ ) + { + put_page(shm->pages[n]); + shm->pages[n] = NULL; + } +} + +static bool inc_ctx_shm_count(struct domain *d, struct ffa_ctx *ctx) +{ + bool ret = true; + + spin_lock(&ctx->lock); + + if ( ctx->shm_count >= FFA_MAX_SHM_COUNT ) + { + ret = false; + } + else + { + /* + * If this is the first shm added, increase the domain reference + * counter as we need to keep domain around a bit longer to reclaim + * the shared memory in the teardown path. + */ + if ( !ctx->shm_count ) + get_knownalive_domain(d); + + ctx->shm_count++; + } + + spin_unlock(&ctx->lock); + + return ret; +} + +static void dec_ctx_shm_count(struct domain *d, struct ffa_ctx *ctx) +{ + bool drop_ref; + + spin_lock(&ctx->lock); + + ASSERT(ctx->shm_count > 0); + ctx->shm_count--; + + /* + * If this was the last shm removed, let go of the domain reference we + * took in inc_ctx_shm_count() above. + */ + drop_ref = !ctx->shm_count; + + spin_unlock(&ctx->lock); + + if ( drop_ref ) + put_domain(d); +} + +static struct ffa_shm_mem *alloc_ffa_shm_mem(struct domain *d, + unsigned int page_count) +{ + struct ffa_ctx *ctx = d->arch.tee; + struct ffa_shm_mem *shm; + + if ( page_count >= FFA_MAX_SHM_PAGE_COUNT ) + return NULL; + if ( !inc_ctx_shm_count(d, ctx) ) + return NULL; + + shm = xzalloc_flex_struct(struct ffa_shm_mem, pages, page_count); + if ( shm ) + shm->page_count = page_count; + else + dec_ctx_shm_count(d, ctx); + + return shm; +} + +static void free_ffa_shm_mem(struct domain *d, struct ffa_shm_mem *shm) +{ + struct ffa_ctx *ctx = d->arch.tee; + + if ( !shm ) + return; + + dec_ctx_shm_count(d, ctx); + put_shm_pages(shm); + xfree(shm); +} + +static void init_range(struct ffa_address_range *addr_range, + paddr_t pa) +{ + memset(addr_range, 0, sizeof(*addr_range)); + addr_range->address = pa; + addr_range->page_count = 1; +} + +/* + * This function uses the ffa_tx buffer to transmit the memory transaction + * descriptor. The function depends ffa_tx_buffer_lock to be used to guard + * the buffer from concurrent use. + */ +static int share_shm(struct ffa_shm_mem *shm) +{ + const uint32_t max_frag_len = FFA_RXTX_PAGE_COUNT * FFA_PAGE_SIZE; + struct ffa_mem_access *mem_access_array; + struct ffa_mem_transaction_1_1 *descr; + struct ffa_address_range *addr_range; + struct ffa_mem_region *region_descr; + const unsigned int region_count = 1; + void *buf = ffa_tx; + uint32_t frag_len; + uint32_t tot_len; + paddr_t last_pa; + unsigned int n; + paddr_t pa; + + ASSERT(spin_is_locked(&ffa_tx_buffer_lock)); + ASSERT(shm->page_count); + + descr = buf; + memset(descr, 0, sizeof(*descr)); + descr->sender_id = shm->sender_id; + descr->handle = shm->handle; + descr->mem_reg_attr = FFA_NORMAL_MEM_REG_ATTR; + descr->mem_access_count = 1; + descr->mem_access_size = sizeof(*mem_access_array); + descr->mem_access_offs = MEM_ACCESS_OFFSET(0); + + mem_access_array = buf + descr->mem_access_offs; + memset(mem_access_array, 0, sizeof(*mem_access_array)); + mem_access_array[0].access_perm.endpoint_id = shm->ep_id; + mem_access_array[0].access_perm.perm = FFA_MEM_ACC_RW; + mem_access_array[0].region_offs = REGION_OFFSET(descr->mem_access_count, 0); + + region_descr = buf + mem_access_array[0].region_offs; + memset(region_descr, 0, sizeof(*region_descr)); + region_descr->total_page_count = shm->page_count; + + region_descr->address_range_count = 1; + last_pa = page_to_maddr(shm->pages[0]); + for ( n = 1; n < shm->page_count; last_pa = pa, n++ ) + { + pa = page_to_maddr(shm->pages[n]); + if ( last_pa + FFA_PAGE_SIZE == pa ) + continue; + region_descr->address_range_count++; + } + + tot_len = ADDR_RANGE_OFFSET(descr->mem_access_count, region_count, + region_descr->address_range_count); + if ( tot_len > max_frag_len ) + return FFA_RET_NOT_SUPPORTED; + + addr_range = region_descr->address_range_array; + frag_len = ADDR_RANGE_OFFSET(descr->mem_access_count, region_count, 1); + last_pa = page_to_maddr(shm->pages[0]); + init_range(addr_range, last_pa); + for ( n = 1; n < shm->page_count; last_pa = pa, n++ ) + { + pa = page_to_maddr(shm->pages[n]); + if ( last_pa + FFA_PAGE_SIZE == pa ) + { + addr_range->page_count++; + continue; + } + + frag_len += sizeof(*addr_range); + addr_range++; + init_range(addr_range, pa); + } + + return ffa_mem_share(tot_len, frag_len, 0, 0, &shm->handle); +} + +static int read_mem_transaction(uint32_t ffa_vers, const void *buf, size_t blen, + struct ffa_mem_transaction_int *trans) +{ + uint16_t mem_reg_attr; + uint32_t flags; + uint32_t count; + uint32_t offs; + uint32_t size; + + if ( ffa_vers >= FFA_VERSION_1_1 ) + { + const struct ffa_mem_transaction_1_1 *descr; + + if ( blen < sizeof(*descr) ) + return FFA_RET_INVALID_PARAMETERS; + + descr = buf; + trans->sender_id = descr->sender_id; + mem_reg_attr = descr->mem_reg_attr; + flags = descr->flags; + trans->handle = descr->handle; + trans->tag = descr->tag; + + count = descr->mem_access_count; + size = descr->mem_access_size; + offs = descr->mem_access_offs; + } + else + { + const struct ffa_mem_transaction_1_0 *descr; + + if ( blen < sizeof(*descr) ) + return FFA_RET_INVALID_PARAMETERS; + + descr = buf; + trans->sender_id = descr->sender_id; + mem_reg_attr = descr->mem_reg_attr; + flags = descr->flags; + trans->handle = descr->handle; + trans->tag = descr->tag; + + count = descr->mem_access_count; + size = sizeof(struct ffa_mem_access); + offs = offsetof(struct ffa_mem_transaction_1_0, mem_access_array); + } + /* + * Make sure that "descr" which is shared with the guest isn't accessed + * again after this point. + */ + barrier(); + + /* + * We're doing a rough check to see that no information is lost when + * tranfering the values into a struct ffa_mem_transaction_int below. + * The fields in struct ffa_mem_transaction_int are wide enough to hold + * any valid value so being out of range means that something is wrong. + */ + if ( mem_reg_attr > UINT8_MAX || flags > UINT8_MAX || size > UINT8_MAX || + count > UINT8_MAX || offs > UINT16_MAX ) + return FFA_RET_INVALID_PARAMETERS; + + /* Check that the endpoint memory access descriptor array fits */ + if ( size * count + offs > blen ) + return FFA_RET_INVALID_PARAMETERS; + + trans->mem_reg_attr = mem_reg_attr; + trans->flags = flags; + trans->mem_access_size = size; + trans->mem_access_count = count; + trans->mem_access_offs = offs; + + return 0; +} + +void ffa_handle_mem_share(struct cpu_user_regs *regs) +{ + uint32_t tot_len = get_user_reg(regs, 1); + uint32_t frag_len = get_user_reg(regs, 2); + uint64_t addr = get_user_reg(regs, 3); + uint32_t page_count = get_user_reg(regs, 4); + const struct ffa_mem_region *region_descr; + const struct ffa_mem_access *mem_access; + struct ffa_mem_transaction_int trans; + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + struct ffa_shm_mem *shm = NULL; + unsigned int last_page_idx = 0; + register_t handle_hi = 0; + register_t handle_lo = 0; + int ret = FFA_RET_DENIED; + uint32_t range_count; + uint32_t region_offs; + + /* + * We're only accepting memory transaction descriptors via the rx/tx + * buffer. + */ + if ( addr ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_set_ret; + } + + /* Check that fragment length doesn't exceed total length */ + if ( frag_len > tot_len ) + { + ret = FFA_RET_INVALID_PARAMETERS; + goto out_set_ret; + } + + /* We currently only support a single fragment */ + if ( frag_len != tot_len ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_set_ret; + } + + if ( !spin_trylock(&ctx->tx_lock) ) + { + ret = FFA_RET_BUSY; + goto out_set_ret; + } + + if ( frag_len > ctx->page_count * FFA_PAGE_SIZE ) + goto out_unlock; + + ret = read_mem_transaction(ctx->guest_vers, ctx->tx, frag_len, &trans); + if ( ret ) + goto out_unlock; + + if ( trans.mem_reg_attr != FFA_NORMAL_MEM_REG_ATTR ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_unlock; + } + + /* Only supports sharing it with one SP for now */ + if ( trans.mem_access_count != 1 ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_unlock; + } + + if ( trans.sender_id != ffa_get_vm_id(d) ) + { + ret = FFA_RET_INVALID_PARAMETERS; + goto out_unlock; + } + + /* Check that it fits in the supplied data */ + if ( trans.mem_access_offs + trans.mem_access_size > frag_len ) + goto out_unlock; + + mem_access = ctx->tx + trans.mem_access_offs; + if ( read_atomic(&mem_access->access_perm.perm) != FFA_MEM_ACC_RW ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_unlock; + } + + region_offs = read_atomic(&mem_access->region_offs); + if ( sizeof(*region_descr) + region_offs > frag_len ) + { + ret = FFA_RET_NOT_SUPPORTED; + goto out_unlock; + } + + region_descr = ctx->tx + region_offs; + range_count = read_atomic(®ion_descr->address_range_count); + page_count = read_atomic(®ion_descr->total_page_count); + + if ( !page_count ) + { + ret = FFA_RET_INVALID_PARAMETERS; + goto out_unlock; + } + + shm = alloc_ffa_shm_mem(d, page_count); + if ( !shm ) + { + ret = FFA_RET_NO_MEMORY; + goto out_unlock; + } + shm->sender_id = trans.sender_id; + shm->ep_id = read_atomic(&mem_access->access_perm.endpoint_id); + + /* + * Check that the Composite memory region descriptor fits. + */ + if ( sizeof(*region_descr) + region_offs + + range_count * sizeof(struct ffa_address_range) > frag_len ) + { + ret = FFA_RET_INVALID_PARAMETERS; + goto out; + } + + ret = get_shm_pages(d, shm, region_descr->address_range_array, range_count, + 0, &last_page_idx); + if ( ret ) + goto out; + if ( last_page_idx != shm->page_count ) + { + ret = FFA_RET_INVALID_PARAMETERS; + goto out; + } + + /* Note that share_shm() uses our tx buffer */ + spin_lock(&ffa_tx_buffer_lock); + ret = share_shm(shm); + spin_unlock(&ffa_tx_buffer_lock); + if ( ret ) + goto out; + + spin_lock(&ctx->lock); + list_add_tail(&shm->list, &ctx->shm_list); + spin_unlock(&ctx->lock); + + uint64_to_regpair(&handle_hi, &handle_lo, shm->handle); + +out: + if ( ret ) + free_ffa_shm_mem(d, shm); +out_unlock: + spin_unlock(&ctx->tx_lock); + +out_set_ret: + if ( ret == 0) + ffa_set_regs_success(regs, handle_lo, handle_hi); + else + ffa_set_regs_error(regs, ret); +} + +/* Must only be called with ctx->lock held */ +static struct ffa_shm_mem *find_shm_mem(struct ffa_ctx *ctx, uint64_t handle) +{ + struct ffa_shm_mem *shm; + + list_for_each_entry(shm, &ctx->shm_list, list) + if ( shm->handle == handle ) + return shm; + + return NULL; +} + +int ffa_handle_mem_reclaim(uint64_t handle, uint32_t flags) +{ + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + struct ffa_shm_mem *shm; + register_t handle_hi; + register_t handle_lo; + int ret; + + spin_lock(&ctx->lock); + shm = find_shm_mem(ctx, handle); + if ( shm ) + list_del(&shm->list); + spin_unlock(&ctx->lock); + if ( !shm ) + return FFA_RET_INVALID_PARAMETERS; + + uint64_to_regpair(&handle_hi, &handle_lo, handle); + ret = ffa_mem_reclaim(handle_lo, handle_hi, flags); + + if ( ret ) + { + spin_lock(&ctx->lock); + list_add_tail(&shm->list, &ctx->shm_list); + spin_unlock(&ctx->lock); + } + else + { + free_ffa_shm_mem(d, shm); + } + + return ret; +} + +bool ffa_shm_domain_destroy(struct domain *d) +{ + struct ffa_ctx *ctx = d->arch.tee; + struct ffa_shm_mem *shm, *tmp; + int32_t res; + + list_for_each_entry_safe(shm, tmp, &ctx->shm_list, list) + { + register_t handle_hi; + register_t handle_lo; + + uint64_to_regpair(&handle_hi, &handle_lo, shm->handle); + res = ffa_mem_reclaim(handle_lo, handle_hi, 0); + switch ( res ) { + case FFA_RET_OK: + printk(XENLOG_G_DEBUG "%pd: ffa: Reclaimed handle %#lx\n", + d, shm->handle); + list_del(&shm->list); + free_ffa_shm_mem(d, shm); + break; + case FFA_RET_DENIED: + /* + * A temporary error that may get resolved a bit later, it's + * worth retrying. + */ + printk(XENLOG_G_INFO "%pd: ffa: Failed to reclaim handle %#lx : %d\n", + d, shm->handle, res); + break; /* We will retry later */ + default: + /* + * The rest of the error codes are not expected and are assumed + * to be of a permanent nature. It not in our control to handle + * the error properly so the object in this case is to try to + * minimize the damage. + * + * FFA_RET_NO_MEMORY might be a temporary error as it it could + * succeed if retried later, but treat it as permanent for now. + */ + printk(XENLOG_G_INFO "%pd: ffa: Permanent failure to reclaim handle %#lx : %d\n", + d, shm->handle, res); + + /* + * Remove the shm from the list and free it, but don't drop + * references. This results in having the shared physical pages + * permanently allocate and also keeps the domain as a zombie + * domain. + */ + list_del(&shm->list); + xfree(shm); + break; + } + } + + return !ctx->shm_count; +} -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 21:00:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 21:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700991.1094933 (Exim 4.92) (envelope-from ) id 1rsUCH-0007vv-Ez; Thu, 04 Apr 2024 21:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700991.1094933; Thu, 04 Apr 2024 21:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCH-0007vo-CT; Thu, 04 Apr 2024 21:00:33 +0000 Received: by outflank-mailman (input) for mailman id 700991; Thu, 04 Apr 2024 21:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCG-0007vb-2H for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCG-0007XV-1W for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsUCF-00029d-VU for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3m4jbcaLGc0LXNmw06LFHaR/bsFT9boUdTMGNHEfINY=; b=23wO6WQPAEV//1vI+CQAxa7yY+ yN+QoflTOvWTyzHBFq9qVLNsDNSaWml0wgUBo3vEMlBPhs8ZfSdImz1tTv798K6lMF0QVPm0JyOfc xRvDdTC3zo5s2+p74EREWC/DMA9H2Gd/cW6wqIuHSx9ywmbLjhk5uiJrOus64oH6ABFw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: ffa: separate partition info get routines Message-Id: Date: Thu, 04 Apr 2024 21:00:31 +0000 commit bded3e646711e1c7c9bd49e6d85f39bdb4216d93 Author: Jens Wiklander AuthorDate: Mon Mar 25 10:39:02 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:11:01 2024 -0700 xen/arm: ffa: separate partition info get routines Move partition info get routines into a separate file for easier navigation in the source code. Add ffa_partinfo_init(), ffa_partinfo_domain_init(), and ffa_partinfo_domain_destroy() to handle the ffa_partinfo internal things on initialization and teardown. Signed-off-by: Jens Wiklander Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/Makefile | 1 + xen/arch/arm/tee/ffa.c | 359 ++------------------------------------ xen/arch/arm/tee/ffa_partinfo.c | 373 ++++++++++++++++++++++++++++++++++++++++ xen/arch/arm/tee/ffa_private.h | 14 +- 4 files changed, 398 insertions(+), 349 deletions(-) diff --git a/xen/arch/arm/tee/Makefile b/xen/arch/arm/tee/Makefile index 0e683d23aa..be644fba80 100644 --- a/xen/arch/arm/tee/Makefile +++ b/xen/arch/arm/tee/Makefile @@ -1,4 +1,5 @@ obj-$(CONFIG_FFA) += ffa.o obj-$(CONFIG_FFA) += ffa_shm.o +obj-$(CONFIG_FFA) += ffa_partinfo.o obj-y += tee.o obj-$(CONFIG_OPTEE) += optee.o diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index db36292dc5..7a28038814 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -70,20 +70,6 @@ * structs ending with _1_1 are defined in FF-A-1.1-REL0. */ -/* Partition information descriptor */ -struct ffa_partition_info_1_0 { - uint16_t id; - uint16_t execution_context; - uint32_t partition_properties; -}; - -struct ffa_partition_info_1_1 { - uint16_t id; - uint16_t execution_context; - uint32_t partition_properties; - uint8_t uuid[16]; -}; - /* Endpoint RX/TX descriptor */ struct ffa_endpoint_rxtx_descriptor_1_0 { uint16_t sender_id; @@ -102,11 +88,6 @@ struct ffa_endpoint_rxtx_descriptor_1_1 { /* Negotiated FF-A version to use with the SPMC */ static uint32_t __ro_after_init ffa_version; -/* SPs subscribing to VM_CREATE and VM_DESTROYED events */ -static uint16_t *subscr_vm_created __read_mostly; -static uint16_t subscr_vm_created_count __read_mostly; -static uint16_t *subscr_vm_destroyed __read_mostly; -static uint16_t subscr_vm_destroyed_count __read_mostly; /* * Our rx/tx buffers shared with the SPMC. FFA_RXTX_PAGE_COUNT is the @@ -170,90 +151,6 @@ static int32_t ffa_rxtx_map(paddr_t tx_addr, paddr_t rx_addr, return ffa_simple_call(FFA_RXTX_MAP_64, tx_addr, rx_addr, page_count, 0); } -static int32_t ffa_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, - uint32_t w4, uint32_t w5, - uint32_t *count, uint32_t *fpi_size) -{ - const struct arm_smccc_1_2_regs arg = { - .a0 = FFA_PARTITION_INFO_GET, - .a1 = w1, - .a2 = w2, - .a3 = w3, - .a4 = w4, - .a5 = w5, - }; - struct arm_smccc_1_2_regs resp; - uint32_t ret; - - arm_smccc_1_2_smc(&arg, &resp); - - ret = ffa_get_ret_code(&resp); - if ( !ret ) - { - *count = resp.a2; - *fpi_size = resp.a3; - } - - return ret; -} - -static int32_t ffa_rx_release(void) -{ - return ffa_simple_call(FFA_RX_RELEASE, 0, 0, 0, 0); -} - -static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id, - uint8_t msg) -{ - uint32_t exp_resp = FFA_MSG_FLAG_FRAMEWORK; - unsigned int retry_count = 0; - int32_t res; - - if ( msg == FFA_MSG_SEND_VM_CREATED ) - exp_resp |= FFA_MSG_RESP_VM_CREATED; - else if ( msg == FFA_MSG_SEND_VM_DESTROYED ) - exp_resp |= FFA_MSG_RESP_VM_DESTROYED; - else - return FFA_RET_INVALID_PARAMETERS; - - do { - const struct arm_smccc_1_2_regs arg = { - .a0 = FFA_MSG_SEND_DIRECT_REQ_32, - .a1 = sp_id, - .a2 = FFA_MSG_FLAG_FRAMEWORK | msg, - .a5 = vm_id, - }; - struct arm_smccc_1_2_regs resp; - - arm_smccc_1_2_smc(&arg, &resp); - if ( resp.a0 != FFA_MSG_SEND_DIRECT_RESP_32 || resp.a2 != exp_resp ) - { - /* - * This is an invalid response, likely due to some error in the - * implementation of the ABI. - */ - return FFA_RET_INVALID_PARAMETERS; - } - res = resp.a3; - if ( ++retry_count > 10 ) - { - /* - * TODO - * FFA_RET_INTERRUPTED means that the SPMC has a pending - * non-secure interrupt, we need a way of delivering that - * non-secure interrupt. - * FFA_RET_RETRY is the SP telling us that it's temporarily - * blocked from handling the direct request, we need a generic - * way to deal with this. - * For now in both cases, give up after a few retries. - */ - return res; - } - } while ( res == FFA_RET_INTERRUPTED || res == FFA_RET_RETRY ); - - return res; -} - static void handle_version(struct cpu_user_regs *regs) { struct domain *d = current->domain; @@ -371,88 +268,6 @@ static uint32_t ffa_handle_rxtx_unmap(void) return FFA_RET_OK; } -static int32_t ffa_handle_partition_info_get(uint32_t w1, uint32_t w2, - uint32_t w3, uint32_t w4, - uint32_t w5, uint32_t *count, - uint32_t *fpi_size) -{ - int32_t ret = FFA_RET_DENIED; - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - - /* - * FF-A v1.0 has w5 MBZ while v1.1 allows - * FFA_PARTITION_INFO_GET_COUNT_FLAG to be non-zero. - * - * FFA_PARTITION_INFO_GET_COUNT is only using registers and not the - * rxtx buffer so do the partition_info_get directly. - */ - if ( w5 == FFA_PARTITION_INFO_GET_COUNT_FLAG && - ctx->guest_vers == FFA_VERSION_1_1 ) - return ffa_partition_info_get(w1, w2, w3, w4, w5, count, fpi_size); - if ( w5 ) - return FFA_RET_INVALID_PARAMETERS; - - if ( !ffa_rx ) - return FFA_RET_DENIED; - - if ( !spin_trylock(&ctx->rx_lock) ) - return FFA_RET_BUSY; - - if ( !ctx->page_count || !ctx->rx_is_free ) - goto out; - spin_lock(&ffa_rx_buffer_lock); - ret = ffa_partition_info_get(w1, w2, w3, w4, w5, count, fpi_size); - if ( ret ) - goto out_rx_buf_unlock; - /* - * ffa_partition_info_get() succeeded so we now own the RX buffer we - * share with the SPMC. We must give it back using ffa_rx_release() - * once we've copied the content. - */ - - if ( ctx->guest_vers == FFA_VERSION_1_0 ) - { - size_t n; - struct ffa_partition_info_1_1 *src = ffa_rx; - struct ffa_partition_info_1_0 *dst = ctx->rx; - - if ( ctx->page_count * FFA_PAGE_SIZE < *count * sizeof(*dst) ) - { - ret = FFA_RET_NO_MEMORY; - goto out_rx_release; - } - - for ( n = 0; n < *count; n++ ) - { - dst[n].id = src[n].id; - dst[n].execution_context = src[n].execution_context; - dst[n].partition_properties = src[n].partition_properties; - } - } - else - { - size_t sz = *count * *fpi_size; - - if ( ctx->page_count * FFA_PAGE_SIZE < sz ) - { - ret = FFA_RET_NO_MEMORY; - goto out_rx_release; - } - - memcpy(ctx->rx, ffa_rx, sz); - } - ctx->rx_is_free = false; -out_rx_release: - ffa_rx_release(); -out_rx_buf_unlock: - spin_unlock(&ffa_rx_buffer_lock); -out: - spin_unlock(&ctx->rx_lock); - - return ret; -} - static int32_t ffa_handle_rx_release(void) { int32_t ret = FFA_RET_DENIED; @@ -604,46 +419,9 @@ static bool ffa_handle_call(struct cpu_user_regs *regs) } } -static bool is_in_subscr_list(const uint16_t *subscr, uint16_t start, - uint16_t end, uint16_t sp_id) -{ - unsigned int n; - - for ( n = start; n < end; n++ ) - { - if ( subscr[n] == sp_id ) - return true; - } - - return false; -} - -static void vm_destroy_bitmap_init(struct ffa_ctx *ctx, - unsigned int create_signal_count) -{ - unsigned int n; - - for ( n = 0; n < subscr_vm_destroyed_count; n++ ) - { - /* - * Skip SPs subscribed to the VM created event that never was - * notified of the VM creation due to an error during - * ffa_domain_init(). - */ - if ( is_in_subscr_list(subscr_vm_created, create_signal_count, - subscr_vm_created_count, - subscr_vm_destroyed[n]) ) - continue; - - set_bit(n, ctx->vm_destroy_bitmap); - } -} - static int ffa_domain_init(struct domain *d) { struct ffa_ctx *ctx; - unsigned int n; - int32_t res; if ( !ffa_version ) return -ENODEV; @@ -654,8 +432,7 @@ static int ffa_domain_init(struct domain *d) if ( d->domain_id >= UINT16_MAX) return -ERANGE; - ctx = xzalloc_flex_struct(struct ffa_ctx, vm_destroy_bitmap, - BITS_TO_LONGS(subscr_vm_destroyed_count)); + ctx = xzalloc(struct ffa_ctx); if ( !ctx ) return -ENOMEM; @@ -663,66 +440,28 @@ static int ffa_domain_init(struct domain *d) ctx->teardown_d = d; INIT_LIST_HEAD(&ctx->shm_list); - for ( n = 0; n < subscr_vm_created_count; n++ ) - { - res = ffa_direct_req_send_vm(subscr_vm_created[n], ffa_get_vm_id(d), - FFA_MSG_SEND_VM_CREATED); - if ( res ) - { - printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u to %u: res %d\n", - ffa_get_vm_id(d), subscr_vm_created[n], res); - break; - } - } - vm_destroy_bitmap_init(ctx, n); - if ( n != subscr_vm_created_count ) + /* + * ffa_domain_teardown() will be called if ffa_domain_init() returns an + * error, so no need for cleanup in this function. + */ + + if ( !ffa_partinfo_domain_init(d) ) return -EIO; return 0; } -static void send_vm_destroyed(struct domain *d) -{ - struct ffa_ctx *ctx = d->arch.tee; - unsigned int n; - int32_t res; - - for ( n = 0; n < subscr_vm_destroyed_count; n++ ) - { - if ( !test_bit(n, ctx->vm_destroy_bitmap) ) - continue; - - res = ffa_direct_req_send_vm(subscr_vm_destroyed[n], ffa_get_vm_id(d), - FFA_MSG_SEND_VM_DESTROYED); - - if ( res ) - { - printk(XENLOG_ERR "%pd: ffa: Failed to report destruction of vm_id %u to %u: res %d\n", - d, ffa_get_vm_id(d), subscr_vm_destroyed[n], res); - } - - /* - * For these two error codes the hypervisor is expected to resend - * the destruction message. For the rest it is expected that the - * error is permanent and that is doesn't help to resend the - * destruction message. - */ - if ( res != FFA_RET_INTERRUPTED && res != FFA_RET_RETRY ) - clear_bit(n, ctx->vm_destroy_bitmap); - } -} - static void ffa_domain_teardown_continue(struct ffa_ctx *ctx, bool first_time) { struct ffa_ctx *next_ctx = NULL; bool retry = false; - send_vm_destroyed(ctx->teardown_d); + if ( !ffa_partinfo_domain_destroy(ctx->teardown_d) ) + retry = true; if ( !ffa_shm_domain_destroy(ctx->teardown_d) ) retry = true; - if ( retry || - !bitmap_empty(ctx->vm_destroy_bitmap, subscr_vm_destroyed_count) ) + if ( retry ) { printk(XENLOG_G_INFO "%pd: ffa: Remaining cleanup, retrying\n", ctx->teardown_d); @@ -796,82 +535,6 @@ static int ffa_relinquish_resources(struct domain *d) return 0; } -static void uninit_subscribers(void) -{ - subscr_vm_created_count = 0; - subscr_vm_destroyed_count = 0; - XFREE(subscr_vm_created); - XFREE(subscr_vm_destroyed); -} - -static bool init_subscribers(struct ffa_partition_info_1_1 *fpi, uint16_t count) -{ - uint16_t n; - uint16_t c_pos; - uint16_t d_pos; - - subscr_vm_created_count = 0; - subscr_vm_destroyed_count = 0; - for ( n = 0; n < count; n++ ) - { - if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED ) - subscr_vm_created_count++; - if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED ) - subscr_vm_destroyed_count++; - } - - if ( subscr_vm_created_count ) - subscr_vm_created = xzalloc_array(uint16_t, subscr_vm_created_count); - if ( subscr_vm_destroyed_count ) - subscr_vm_destroyed = xzalloc_array(uint16_t, - subscr_vm_destroyed_count); - if ( (subscr_vm_created_count && !subscr_vm_created) || - (subscr_vm_destroyed_count && !subscr_vm_destroyed) ) - { - printk(XENLOG_ERR "ffa: Failed to allocate subscription lists\n"); - uninit_subscribers(); - return false; - } - - for ( c_pos = 0, d_pos = 0, n = 0; n < count; n++ ) - { - if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED ) - subscr_vm_created[c_pos++] = fpi[n].id; - if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED ) - subscr_vm_destroyed[d_pos++] = fpi[n].id; - } - - return true; -} - -static bool init_sps(void) -{ - bool ret = false; - uint32_t fpi_size; - uint32_t count; - int e; - - e = ffa_partition_info_get(0, 0, 0, 0, 0, &count, &fpi_size); - if ( e ) - { - printk(XENLOG_ERR "ffa: Failed to get list of SPs: %d\n", e); - goto out; - } - - if ( count >= UINT16_MAX ) - { - printk(XENLOG_ERR "ffa: Impossible number of SPs: %u\n", count); - goto out; - } - - ret = init_subscribers(ffa_rx, count); - -out: - ffa_rx_release(); - - return ret; -} - static bool ffa_probe(void) { uint32_t vers; @@ -949,7 +612,7 @@ static bool ffa_probe(void) } ffa_version = vers; - if ( !init_sps() ) + if ( !ffa_partinfo_init() ) goto err_free_ffa_tx; INIT_LIST_HEAD(&ffa_teardown_head); diff --git a/xen/arch/arm/tee/ffa_partinfo.c b/xen/arch/arm/tee/ffa_partinfo.c new file mode 100644 index 0000000000..dc10595848 --- /dev/null +++ b/xen/arch/arm/tee/ffa_partinfo.c @@ -0,0 +1,373 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2024 Linaro Limited + */ + +#include +#include +#include + +#include +#include + +#include "ffa_private.h" + +/* Partition information descriptor defined in FF-A-1.0-REL */ +struct ffa_partition_info_1_0 { + uint16_t id; + uint16_t execution_context; + uint32_t partition_properties; +}; + +/* Partition information descriptor defined in FF-A-1.1-REL0 */ +struct ffa_partition_info_1_1 { + uint16_t id; + uint16_t execution_context; + uint32_t partition_properties; + uint8_t uuid[16]; +}; + +/* SPs subscribing to VM_CREATE and VM_DESTROYED events */ +static uint16_t *subscr_vm_created __read_mostly; +static uint16_t subscr_vm_created_count __read_mostly; +static uint16_t *subscr_vm_destroyed __read_mostly; +static uint16_t subscr_vm_destroyed_count __read_mostly; + +static int32_t ffa_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, + uint32_t w4, uint32_t w5, uint32_t *count, + uint32_t *fpi_size) +{ + const struct arm_smccc_1_2_regs arg = { + .a0 = FFA_PARTITION_INFO_GET, + .a1 = w1, + .a2 = w2, + .a3 = w3, + .a4 = w4, + .a5 = w5, + }; + struct arm_smccc_1_2_regs resp; + uint32_t ret; + + arm_smccc_1_2_smc(&arg, &resp); + + ret = ffa_get_ret_code(&resp); + if ( !ret ) + { + *count = resp.a2; + *fpi_size = resp.a3; + } + + return ret; +} + +int32_t ffa_handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, + uint32_t w4, uint32_t w5, uint32_t *count, + uint32_t *fpi_size) +{ + int32_t ret = FFA_RET_DENIED; + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + + /* + * FF-A v1.0 has w5 MBZ while v1.1 allows + * FFA_PARTITION_INFO_GET_COUNT_FLAG to be non-zero. + * + * FFA_PARTITION_INFO_GET_COUNT is only using registers and not the + * rxtx buffer so do the partition_info_get directly. + */ + if ( w5 == FFA_PARTITION_INFO_GET_COUNT_FLAG && + ctx->guest_vers == FFA_VERSION_1_1 ) + return ffa_partition_info_get(w1, w2, w3, w4, w5, count, fpi_size); + if ( w5 ) + return FFA_RET_INVALID_PARAMETERS; + + if ( !ffa_rx ) + return FFA_RET_DENIED; + + if ( !spin_trylock(&ctx->rx_lock) ) + return FFA_RET_BUSY; + + if ( !ctx->page_count || !ctx->rx_is_free ) + goto out; + spin_lock(&ffa_rx_buffer_lock); + ret = ffa_partition_info_get(w1, w2, w3, w4, w5, count, fpi_size); + if ( ret ) + goto out_rx_buf_unlock; + /* + * ffa_partition_info_get() succeeded so we now own the RX buffer we + * share with the SPMC. We must give it back using ffa_rx_release() + * once we've copied the content. + */ + + if ( ctx->guest_vers == FFA_VERSION_1_0 ) + { + size_t n; + struct ffa_partition_info_1_1 *src = ffa_rx; + struct ffa_partition_info_1_0 *dst = ctx->rx; + + if ( ctx->page_count * FFA_PAGE_SIZE < *count * sizeof(*dst) ) + { + ret = FFA_RET_NO_MEMORY; + goto out_rx_release; + } + + for ( n = 0; n < *count; n++ ) + { + dst[n].id = src[n].id; + dst[n].execution_context = src[n].execution_context; + dst[n].partition_properties = src[n].partition_properties; + } + } + else + { + size_t sz = *count * *fpi_size; + + if ( ctx->page_count * FFA_PAGE_SIZE < sz ) + { + ret = FFA_RET_NO_MEMORY; + goto out_rx_release; + } + + memcpy(ctx->rx, ffa_rx, sz); + } + ctx->rx_is_free = false; +out_rx_release: + ffa_rx_release(); +out_rx_buf_unlock: + spin_unlock(&ffa_rx_buffer_lock); +out: + spin_unlock(&ctx->rx_lock); + + return ret; +} + +static int32_t ffa_direct_req_send_vm(uint16_t sp_id, uint16_t vm_id, + uint8_t msg) +{ + uint32_t exp_resp = FFA_MSG_FLAG_FRAMEWORK; + unsigned int retry_count = 0; + int32_t res; + + if ( msg == FFA_MSG_SEND_VM_CREATED ) + exp_resp |= FFA_MSG_RESP_VM_CREATED; + else if ( msg == FFA_MSG_SEND_VM_DESTROYED ) + exp_resp |= FFA_MSG_RESP_VM_DESTROYED; + else + return FFA_RET_INVALID_PARAMETERS; + + do { + const struct arm_smccc_1_2_regs arg = { + .a0 = FFA_MSG_SEND_DIRECT_REQ_32, + .a1 = sp_id, + .a2 = FFA_MSG_FLAG_FRAMEWORK | msg, + .a5 = vm_id, + }; + struct arm_smccc_1_2_regs resp; + + arm_smccc_1_2_smc(&arg, &resp); + if ( resp.a0 != FFA_MSG_SEND_DIRECT_RESP_32 || resp.a2 != exp_resp ) + { + /* + * This is an invalid response, likely due to some error in the + * implementation of the ABI. + */ + return FFA_RET_INVALID_PARAMETERS; + } + res = resp.a3; + if ( ++retry_count > 10 ) + { + /* + * TODO + * FFA_RET_INTERRUPTED means that the SPMC has a pending + * non-secure interrupt, we need a way of delivering that + * non-secure interrupt. + * FFA_RET_RETRY is the SP telling us that it's temporarily + * blocked from handling the direct request, we need a generic + * way to deal with this. + * For now in both cases, give up after a few retries. + */ + return res; + } + } while ( res == FFA_RET_INTERRUPTED || res == FFA_RET_RETRY ); + + return res; +} + +static void uninit_subscribers(void) +{ + subscr_vm_created_count = 0; + subscr_vm_destroyed_count = 0; + XFREE(subscr_vm_created); + XFREE(subscr_vm_destroyed); +} + +static bool init_subscribers(struct ffa_partition_info_1_1 *fpi, uint16_t count) +{ + uint16_t n; + uint16_t c_pos; + uint16_t d_pos; + + subscr_vm_created_count = 0; + subscr_vm_destroyed_count = 0; + for ( n = 0; n < count; n++ ) + { + if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED ) + subscr_vm_created_count++; + if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED ) + subscr_vm_destroyed_count++; + } + + if ( subscr_vm_created_count ) + subscr_vm_created = xzalloc_array(uint16_t, subscr_vm_created_count); + if ( subscr_vm_destroyed_count ) + subscr_vm_destroyed = xzalloc_array(uint16_t, + subscr_vm_destroyed_count); + if ( (subscr_vm_created_count && !subscr_vm_created) || + (subscr_vm_destroyed_count && !subscr_vm_destroyed) ) + { + printk(XENLOG_ERR "ffa: Failed to allocate subscription lists\n"); + uninit_subscribers(); + return false; + } + + for ( c_pos = 0, d_pos = 0, n = 0; n < count; n++ ) + { + if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_CREATED ) + subscr_vm_created[c_pos++] = fpi[n].id; + if ( fpi[n].partition_properties & FFA_PART_PROP_NOTIF_DESTROYED ) + subscr_vm_destroyed[d_pos++] = fpi[n].id; + } + + return true; +} + + + +bool ffa_partinfo_init(void) +{ + bool ret = false; + uint32_t fpi_size; + uint32_t count; + int e; + + e = ffa_partition_info_get(0, 0, 0, 0, 0, &count, &fpi_size); + if ( e ) + { + printk(XENLOG_ERR "ffa: Failed to get list of SPs: %d\n", e); + goto out; + } + + if ( count >= UINT16_MAX ) + { + printk(XENLOG_ERR "ffa: Impossible number of SPs: %u\n", count); + goto out; + } + + ret = init_subscribers(ffa_rx, count); + +out: + ffa_rx_release(); + + return ret; +} + +static bool is_in_subscr_list(const uint16_t *subscr, uint16_t start, + uint16_t end, uint16_t sp_id) +{ + unsigned int n; + + for ( n = start; n < end; n++ ) + { + if ( subscr[n] == sp_id ) + return true; + } + + return false; +} + +static void vm_destroy_bitmap_init(struct ffa_ctx *ctx, + unsigned int create_signal_count) +{ + unsigned int n; + + for ( n = 0; n < subscr_vm_destroyed_count; n++ ) + { + /* + * Skip SPs subscribed to the VM created event that never was + * notified of the VM creation due to an error during + * ffa_domain_init(). + */ + if ( is_in_subscr_list(subscr_vm_created, create_signal_count, + subscr_vm_created_count, + subscr_vm_destroyed[n]) ) + continue; + + set_bit(n, ctx->vm_destroy_bitmap); + } +} + +bool ffa_partinfo_domain_init(struct domain *d) +{ + unsigned int count = BITS_TO_LONGS(subscr_vm_destroyed_count); + struct ffa_ctx *ctx = d->arch.tee; + unsigned int n; + int32_t res; + + ctx->vm_destroy_bitmap = xzalloc_array(unsigned long, count); + if ( !ctx->vm_destroy_bitmap ) + return false; + + for ( n = 0; n < subscr_vm_created_count; n++ ) + { + res = ffa_direct_req_send_vm(subscr_vm_created[n], ffa_get_vm_id(d), + FFA_MSG_SEND_VM_CREATED); + if ( res ) + { + printk(XENLOG_ERR "ffa: Failed to report creation of vm_id %u to %u: res %d\n", + ffa_get_vm_id(d), subscr_vm_created[n], res); + break; + } + } + vm_destroy_bitmap_init(ctx, n); + + return n == subscr_vm_created_count; +} + +bool ffa_partinfo_domain_destroy(struct domain *d) +{ + struct ffa_ctx *ctx = d->arch.tee; + unsigned int n; + int32_t res; + + if ( !ctx->vm_destroy_bitmap ) + return true; + + for ( n = 0; n < subscr_vm_destroyed_count; n++ ) + { + if ( !test_bit(n, ctx->vm_destroy_bitmap) ) + continue; + + res = ffa_direct_req_send_vm(subscr_vm_destroyed[n], ffa_get_vm_id(d), + FFA_MSG_SEND_VM_DESTROYED); + + if ( res ) + { + printk(XENLOG_ERR "%pd: ffa: Failed to report destruction of vm_id %u to %u: res %d\n", + d, ffa_get_vm_id(d), subscr_vm_destroyed[n], res); + } + + /* + * For these two error codes the hypervisor is expected to resend + * the destruction message. For the rest it is expected that the + * error is permanent and that is doesn't help to resend the + * destruction message. + */ + if ( res != FFA_RET_INTERRUPTED && res != FFA_RET_RETRY ) + clear_bit(n, ctx->vm_destroy_bitmap); + } + + if ( bitmap_empty(ctx->vm_destroy_bitmap, subscr_vm_destroyed_count) ) + XFREE(ctx->vm_destroy_bitmap); + + return !ctx->vm_destroy_bitmap; +} diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h index f3e2f42e57..6b32b69cfe 100644 --- a/xen/arch/arm/tee/ffa_private.h +++ b/xen/arch/arm/tee/ffa_private.h @@ -244,7 +244,7 @@ struct ffa_ctx { * Used for ffa_domain_teardown() to keep track of which SPs should be * notified that this guest is being destroyed. */ - unsigned long vm_destroy_bitmap[]; + unsigned long *vm_destroy_bitmap; }; extern void *ffa_rx; @@ -256,6 +256,13 @@ bool ffa_shm_domain_destroy(struct domain *d); void ffa_handle_mem_share(struct cpu_user_regs *regs); int ffa_handle_mem_reclaim(uint64_t handle, uint32_t flags); +bool ffa_partinfo_init(void); +bool ffa_partinfo_domain_init(struct domain *d); +bool ffa_partinfo_domain_destroy(struct domain *d); +int32_t ffa_handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, + uint32_t w4, uint32_t w5, uint32_t *count, + uint32_t *fpi_size); + static inline uint16_t ffa_get_vm_id(const struct domain *d) { @@ -325,4 +332,9 @@ static inline int32_t ffa_simple_call(uint32_t fid, register_t a1, return ffa_get_ret_code(&resp); } +static inline int32_t ffa_rx_release(void) +{ + return ffa_simple_call(FFA_RX_RELEASE, 0, 0, 0, 0); +} + #endif /*__FFA_PRIVATE_H__*/ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 21:00:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 21:00:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700992.1094936 (Exim 4.92) (envelope-from ) id 1rsUCR-0007z3-Gj; Thu, 04 Apr 2024 21:00:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700992.1094936; Thu, 04 Apr 2024 21:00:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCR-0007yv-E4; Thu, 04 Apr 2024 21:00:43 +0000 Received: by outflank-mailman (input) for mailman id 700992; Thu, 04 Apr 2024 21:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCQ-0007yS-5Q for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCQ-0007Xi-4a for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsUCQ-0002AY-3l for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mo33+QHbLN1PnOossb5Dob8hCxboCNYLhKSMSI0kjx4=; b=vMF7Iq3uoDiiqfVyrIiBT+U6Ri z4UBNuXdd1Aql99o3iqoVEIsl443JqX+hsSFpO58rStXok2HX36HcGQ+c69c1eX/P++CxupDCRf68 /ADy0TtZ1VSbyvRTQ2VrcRA2FalTuYnJgkoykrWHoP5SITrUM6fwloF17ssktlalsNgw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: ffa: separate rxtx buffer routines Message-Id: Date: Thu, 04 Apr 2024 21:00:42 +0000 commit be75f686eb038e7df81c0d68944f1e280bc64db7 Author: Jens Wiklander AuthorDate: Mon Mar 25 10:39:03 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:11:01 2024 -0700 xen/arm: ffa: separate rxtx buffer routines Move rxtx buffer routines into a spearate file for easier navigation in the source code. Add ffa_rxtx_init(), ffa_rxtx_destroy(), and ffa_rxtx_domain_destroy() to handle the ffa_rxtx internal things on initialization and teardown. Signed-off-by: Jens Wiklander Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/Makefile | 1 + xen/arch/arm/tee/ffa.c | 174 +-------------------------------- xen/arch/arm/tee/ffa_private.h | 7 ++ xen/arch/arm/tee/ffa_rxtx.c | 216 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 229 insertions(+), 169 deletions(-) diff --git a/xen/arch/arm/tee/Makefile b/xen/arch/arm/tee/Makefile index be644fba80..f0112a2f92 100644 --- a/xen/arch/arm/tee/Makefile +++ b/xen/arch/arm/tee/Makefile @@ -1,5 +1,6 @@ obj-$(CONFIG_FFA) += ffa.o obj-$(CONFIG_FFA) += ffa_shm.o obj-$(CONFIG_FFA) += ffa_partinfo.o +obj-$(CONFIG_FFA) += ffa_rxtx.o obj-y += tee.o obj-$(CONFIG_OPTEE) += optee.o diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index 7a28038814..4f7775b8c8 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -65,26 +65,6 @@ #include "ffa_private.h" -/* - * Structs below ending with _1_0 are defined in FF-A-1.0-REL and - * structs ending with _1_1 are defined in FF-A-1.1-REL0. - */ - -/* Endpoint RX/TX descriptor */ -struct ffa_endpoint_rxtx_descriptor_1_0 { - uint16_t sender_id; - uint16_t reserved; - uint32_t rx_range_count; - uint32_t tx_range_count; -}; - -struct ffa_endpoint_rxtx_descriptor_1_1 { - uint16_t sender_id; - uint16_t reserved; - uint32_t rx_region_offs; - uint32_t tx_region_offs; -}; - /* Negotiated FF-A version to use with the SPMC */ static uint32_t __ro_after_init ffa_version; @@ -145,12 +125,6 @@ static bool check_mandatory_feature(uint32_t id) return !ret; } -static int32_t ffa_rxtx_map(paddr_t tx_addr, paddr_t rx_addr, - uint32_t page_count) -{ - return ffa_simple_call(FFA_RXTX_MAP_64, tx_addr, rx_addr, page_count, 0); -} - static void handle_version(struct cpu_user_regs *regs) { struct domain *d = current->domain; @@ -166,127 +140,6 @@ static void handle_version(struct cpu_user_regs *regs) ffa_set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0); } -static uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t tx_addr, - register_t rx_addr, uint32_t page_count) -{ - uint32_t ret = FFA_RET_INVALID_PARAMETERS; - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - struct page_info *tx_pg; - struct page_info *rx_pg; - p2m_type_t t; - void *rx; - void *tx; - - if ( !smccc_is_conv_64(fid) ) - { - /* - * Calls using the 32-bit calling convention must ignore the upper - * 32 bits in the argument registers. - */ - tx_addr &= UINT32_MAX; - rx_addr &= UINT32_MAX; - } - - if ( page_count > FFA_MAX_RXTX_PAGE_COUNT ) - { - printk(XENLOG_ERR "ffa: RXTX_MAP: error: %u pages requested (limit %u)\n", - page_count, FFA_MAX_RXTX_PAGE_COUNT); - return FFA_RET_INVALID_PARAMETERS; - } - - /* Already mapped */ - if ( ctx->rx ) - return FFA_RET_DENIED; - - tx_pg = get_page_from_gfn(d, gfn_x(gaddr_to_gfn(tx_addr)), &t, P2M_ALLOC); - if ( !tx_pg ) - return FFA_RET_INVALID_PARAMETERS; - - /* Only normal RW RAM for now */ - if ( t != p2m_ram_rw ) - goto err_put_tx_pg; - - rx_pg = get_page_from_gfn(d, gfn_x(gaddr_to_gfn(rx_addr)), &t, P2M_ALLOC); - if ( !tx_pg ) - goto err_put_tx_pg; - - /* Only normal RW RAM for now */ - if ( t != p2m_ram_rw ) - goto err_put_rx_pg; - - tx = __map_domain_page_global(tx_pg); - if ( !tx ) - goto err_put_rx_pg; - - rx = __map_domain_page_global(rx_pg); - if ( !rx ) - goto err_unmap_tx; - - ctx->rx = rx; - ctx->tx = tx; - ctx->rx_pg = rx_pg; - ctx->tx_pg = tx_pg; - ctx->page_count = page_count; - ctx->rx_is_free = true; - return FFA_RET_OK; - -err_unmap_tx: - unmap_domain_page_global(tx); -err_put_rx_pg: - put_page(rx_pg); -err_put_tx_pg: - put_page(tx_pg); - - return ret; -} - -static void rxtx_unmap(struct ffa_ctx *ctx) -{ - unmap_domain_page_global(ctx->rx); - unmap_domain_page_global(ctx->tx); - put_page(ctx->rx_pg); - put_page(ctx->tx_pg); - ctx->rx = NULL; - ctx->tx = NULL; - ctx->rx_pg = NULL; - ctx->tx_pg = NULL; - ctx->page_count = 0; - ctx->rx_is_free = false; -} - -static uint32_t ffa_handle_rxtx_unmap(void) -{ - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - - if ( !ctx->rx ) - return FFA_RET_INVALID_PARAMETERS; - - rxtx_unmap(ctx); - - return FFA_RET_OK; -} - -static int32_t ffa_handle_rx_release(void) -{ - int32_t ret = FFA_RET_DENIED; - struct domain *d = current->domain; - struct ffa_ctx *ctx = d->arch.tee; - - if ( !spin_trylock(&ctx->rx_lock) ) - return FFA_RET_BUSY; - - if ( !ctx->page_count || ctx->rx_is_free ) - goto out; - ret = FFA_RET_OK; - ctx->rx_is_free = true; -out: - spin_unlock(&ctx->rx_lock); - - return ret; -} - static void handle_msg_send_direct_req(struct cpu_user_regs *regs, uint32_t fid) { struct arm_smccc_1_2_regs arg = { .a0 = fid, }; @@ -522,8 +375,7 @@ static int ffa_domain_teardown(struct domain *d) if ( !ctx ) return 0; - if ( ctx->rx ) - rxtx_unmap(ctx); + ffa_rxtx_domain_destroy(d); ffa_domain_teardown_continue(ctx, true /* first_time */); @@ -538,7 +390,6 @@ static int ffa_relinquish_resources(struct domain *d) static bool ffa_probe(void) { uint32_t vers; - int e; unsigned int major_vers; unsigned int minor_vers; @@ -596,36 +447,21 @@ static bool ffa_probe(void) !check_mandatory_feature(FFA_MSG_SEND_DIRECT_REQ_32) ) return false; - ffa_rx = alloc_xenheap_pages(get_order_from_pages(FFA_RXTX_PAGE_COUNT), 0); - if ( !ffa_rx ) + if ( !ffa_rxtx_init() ) return false; - ffa_tx = alloc_xenheap_pages(get_order_from_pages(FFA_RXTX_PAGE_COUNT), 0); - if ( !ffa_tx ) - goto err_free_ffa_rx; - - e = ffa_rxtx_map(__pa(ffa_tx), __pa(ffa_rx), FFA_RXTX_PAGE_COUNT); - if ( e ) - { - printk(XENLOG_ERR "ffa: Failed to map rxtx: error %d\n", e); - goto err_free_ffa_tx; - } ffa_version = vers; if ( !ffa_partinfo_init() ) - goto err_free_ffa_tx; + goto err_rxtx_destroy; INIT_LIST_HEAD(&ffa_teardown_head); init_timer(&ffa_teardown_timer, ffa_teardown_timer_callback, NULL, 0); return true; -err_free_ffa_tx: - free_xenheap_pages(ffa_tx, 0); - ffa_tx = NULL; -err_free_ffa_rx: - free_xenheap_pages(ffa_rx, 0); - ffa_rx = NULL; +err_rxtx_destroy: + ffa_rxtx_destroy(); ffa_version = 0; return false; diff --git a/xen/arch/arm/tee/ffa_private.h b/xen/arch/arm/tee/ffa_private.h index 6b32b69cfe..98236cbf14 100644 --- a/xen/arch/arm/tee/ffa_private.h +++ b/xen/arch/arm/tee/ffa_private.h @@ -263,6 +263,13 @@ int32_t ffa_handle_partition_info_get(uint32_t w1, uint32_t w2, uint32_t w3, uint32_t w4, uint32_t w5, uint32_t *count, uint32_t *fpi_size); +bool ffa_rxtx_init(void); +void ffa_rxtx_destroy(void); +void ffa_rxtx_domain_destroy(struct domain *d); +uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t tx_addr, + register_t rx_addr, uint32_t page_count); +uint32_t ffa_handle_rxtx_unmap(void); +int32_t ffa_handle_rx_release(void); static inline uint16_t ffa_get_vm_id(const struct domain *d) { diff --git a/xen/arch/arm/tee/ffa_rxtx.c b/xen/arch/arm/tee/ffa_rxtx.c new file mode 100644 index 0000000000..661764052e --- /dev/null +++ b/xen/arch/arm/tee/ffa_rxtx.c @@ -0,0 +1,216 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2024 Linaro Limited + */ + +#include +#include +#include +#include +#include + +#include +#include + +#include "ffa_private.h" + +/* Endpoint RX/TX descriptor defined in FF-A-1.0-REL */ +struct ffa_endpoint_rxtx_descriptor_1_0 { + uint16_t sender_id; + uint16_t reserved; + uint32_t rx_range_count; + uint32_t tx_range_count; +}; + +/* Endpoint RX/TX descriptor defined in FF-A-1.1-REL0 */ +struct ffa_endpoint_rxtx_descriptor_1_1 { + uint16_t sender_id; + uint16_t reserved; + uint32_t rx_region_offs; + uint32_t tx_region_offs; +}; + +uint32_t ffa_handle_rxtx_map(uint32_t fid, register_t tx_addr, + register_t rx_addr, uint32_t page_count) +{ + uint32_t ret = FFA_RET_INVALID_PARAMETERS; + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + struct page_info *tx_pg; + struct page_info *rx_pg; + p2m_type_t t; + void *rx; + void *tx; + + if ( !smccc_is_conv_64(fid) ) + { + /* + * Calls using the 32-bit calling convention must ignore the upper + * 32 bits in the argument registers. + */ + tx_addr &= UINT32_MAX; + rx_addr &= UINT32_MAX; + } + + if ( page_count > FFA_MAX_RXTX_PAGE_COUNT ) + { + printk(XENLOG_ERR "ffa: RXTX_MAP: error: %u pages requested (limit %u)\n", + page_count, FFA_MAX_RXTX_PAGE_COUNT); + return FFA_RET_INVALID_PARAMETERS; + } + + /* Already mapped */ + if ( ctx->rx ) + return FFA_RET_DENIED; + + tx_pg = get_page_from_gfn(d, gfn_x(gaddr_to_gfn(tx_addr)), &t, P2M_ALLOC); + if ( !tx_pg ) + return FFA_RET_INVALID_PARAMETERS; + + /* Only normal RW RAM for now */ + if ( t != p2m_ram_rw ) + goto err_put_tx_pg; + + rx_pg = get_page_from_gfn(d, gfn_x(gaddr_to_gfn(rx_addr)), &t, P2M_ALLOC); + if ( !tx_pg ) + goto err_put_tx_pg; + + /* Only normal RW RAM for now */ + if ( t != p2m_ram_rw ) + goto err_put_rx_pg; + + tx = __map_domain_page_global(tx_pg); + if ( !tx ) + goto err_put_rx_pg; + + rx = __map_domain_page_global(rx_pg); + if ( !rx ) + goto err_unmap_tx; + + ctx->rx = rx; + ctx->tx = tx; + ctx->rx_pg = rx_pg; + ctx->tx_pg = tx_pg; + ctx->page_count = page_count; + ctx->rx_is_free = true; + return FFA_RET_OK; + +err_unmap_tx: + unmap_domain_page_global(tx); +err_put_rx_pg: + put_page(rx_pg); +err_put_tx_pg: + put_page(tx_pg); + + return ret; +} + +static void rxtx_unmap(struct ffa_ctx *ctx) +{ + unmap_domain_page_global(ctx->rx); + unmap_domain_page_global(ctx->tx); + put_page(ctx->rx_pg); + put_page(ctx->tx_pg); + ctx->rx = NULL; + ctx->tx = NULL; + ctx->rx_pg = NULL; + ctx->tx_pg = NULL; + ctx->page_count = 0; + ctx->rx_is_free = false; +} + +uint32_t ffa_handle_rxtx_unmap(void) +{ + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + + if ( !ctx->rx ) + return FFA_RET_INVALID_PARAMETERS; + + rxtx_unmap(ctx); + + return FFA_RET_OK; +} + +int32_t ffa_handle_rx_release(void) +{ + int32_t ret = FFA_RET_DENIED; + struct domain *d = current->domain; + struct ffa_ctx *ctx = d->arch.tee; + + if ( !spin_trylock(&ctx->rx_lock) ) + return FFA_RET_BUSY; + + if ( !ctx->page_count || ctx->rx_is_free ) + goto out; + ret = FFA_RET_OK; + ctx->rx_is_free = true; +out: + spin_unlock(&ctx->rx_lock); + + return ret; +} + +static int32_t ffa_rxtx_map(paddr_t tx_addr, paddr_t rx_addr, + uint32_t page_count) +{ + return ffa_simple_call(FFA_RXTX_MAP_64, tx_addr, rx_addr, page_count, 0); +} + +static int32_t ffa_rxtx_unmap(void) +{ + return ffa_simple_call(FFA_RXTX_UNMAP, 0, 0, 0, 0); +} + +void ffa_rxtx_domain_destroy(struct domain *d) +{ + struct ffa_ctx *ctx = d->arch.tee; + + if ( ctx->rx ) + rxtx_unmap(ctx); +} + +void ffa_rxtx_destroy(void) +{ + bool need_unmap = ffa_tx && ffa_rx; + + if ( ffa_tx ) + { + free_xenheap_pages(ffa_tx, 0); + ffa_tx = NULL; + } + if ( ffa_rx ) + { + free_xenheap_pages(ffa_rx, 0); + ffa_rx = NULL; + } + + if ( need_unmap ) + ffa_rxtx_unmap(); +} + +bool ffa_rxtx_init(void) +{ + int e; + + ffa_rx = alloc_xenheap_pages(get_order_from_pages(FFA_RXTX_PAGE_COUNT), 0); + if ( !ffa_rx ) + return false; + + ffa_tx = alloc_xenheap_pages(get_order_from_pages(FFA_RXTX_PAGE_COUNT), 0); + if ( !ffa_tx ) + goto err; + + e = ffa_rxtx_map(__pa(ffa_tx), __pa(ffa_rx), FFA_RXTX_PAGE_COUNT); + if ( e ) + { + printk(XENLOG_ERR "ffa: Failed to map rxtx: error %d\n", e); + goto err; + } + return true; + +err: + ffa_rxtx_destroy(); + + return false; +} -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 21:00:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 21:00:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700993.1094941 (Exim 4.92) (envelope-from ) id 1rsUCb-00083M-Ki; Thu, 04 Apr 2024 21:00:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700993.1094941; Thu, 04 Apr 2024 21:00:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCb-00083A-Hl; Thu, 04 Apr 2024 21:00:53 +0000 Received: by outflank-mailman (input) for mailman id 700993; Thu, 04 Apr 2024 21:00:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCa-00082h-8m for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCa-0007Xq-7z for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsUCa-0002BQ-6l for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=darOe9/4A188hTtkwDqEelnfwJqfTe8IQBig0AxEZ2g=; b=hND7MpfNbcFPTJd+CtsqjDpDf6 qlLIjPzE8zc1vBQAOX8rGkZyXGxsAnCmxsc1KBejwFc9jbv2At6k5H70baHq2wrK1UUkMMUcvQXqM 0XlIghbxC/gnjEN8PkrSY4x1j7jTT/caj62EiT6wiizCW+d6bogOp7Woz40olg7xzmwg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: ffa: support FFA_FEATURES Message-Id: Date: Thu, 04 Apr 2024 21:00:52 +0000 commit 538ab07badd6858207fb187b42103dbf820864bc Author: Jens Wiklander AuthorDate: Mon Mar 25 10:39:04 2024 +0100 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:20:17 2024 -0700 xen/arm: ffa: support FFA_FEATURES Add support for the mandatory FF-A ABI function FFA_FEATURES. Signed-off-by: Jens Wiklander Reviewed-by: Bertrand Marquis --- xen/arch/arm/tee/ffa.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c index 4f7775b8c8..8665201e34 100644 --- a/xen/arch/arm/tee/ffa.c +++ b/xen/arch/arm/tee/ffa.c @@ -192,6 +192,60 @@ out: resp.a7 & mask); } +static void handle_features(struct cpu_user_regs *regs) +{ + uint32_t a1 = get_user_reg(regs, 1); + unsigned int n; + + for ( n = 2; n <= 7; n++ ) + { + if ( get_user_reg(regs, n) ) + { + ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED); + return; + } + } + + switch ( a1 ) + { + case FFA_ERROR: + case FFA_VERSION: + case FFA_SUCCESS_32: + case FFA_SUCCESS_64: + case FFA_FEATURES: + case FFA_ID_GET: + case FFA_RX_RELEASE: + case FFA_RXTX_UNMAP: + case FFA_MEM_RECLAIM: + case FFA_PARTITION_INFO_GET: + case FFA_MSG_SEND_DIRECT_REQ_32: + case FFA_MSG_SEND_DIRECT_REQ_64: + ffa_set_regs_success(regs, 0, 0); + break; + case FFA_MEM_SHARE_64: + case FFA_MEM_SHARE_32: + /* + * We currently don't support dynamically allocated buffers. Report + * that with 0 in bit[0] of w2. + */ + ffa_set_regs_success(regs, 0, 0); + break; + case FFA_RXTX_MAP_64: + case FFA_RXTX_MAP_32: + /* + * We currently support 4k pages only, report that as 00 in + * bit[0:1] in w0. This needs to be revised if Xen page size + * differs from FFA_PAGE_SIZE (SZ_4K). + */ + BUILD_BUG_ON(PAGE_SIZE != FFA_PAGE_SIZE); + ffa_set_regs_success(regs, 0, 0); + break; + default: + ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED); + break; + } +} + static bool ffa_handle_call(struct cpu_user_regs *regs) { uint32_t fid = get_user_reg(regs, 0); @@ -212,6 +266,9 @@ static bool ffa_handle_call(struct cpu_user_regs *regs) case FFA_ID_GET: ffa_set_regs_success(regs, ffa_get_vm_id(d), 0); return true; + case FFA_FEATURES: + handle_features(regs); + return true; case FFA_RXTX_MAP_32: case FFA_RXTX_MAP_64: e = ffa_handle_rxtx_map(fid, get_user_reg(regs, 1), -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 21:01:03 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 21:01:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.700994.1094945 (Exim 4.92) (envelope-from ) id 1rsUCl-00086A-Lo; Thu, 04 Apr 2024 21:01:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 700994.1094945; Thu, 04 Apr 2024 21:01:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCl-000863-JH; Thu, 04 Apr 2024 21:01:03 +0000 Received: by outflank-mailman (input) for mailman id 700994; Thu, 04 Apr 2024 21:01:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCk-00085l-Bf for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:01:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsUCk-0007YF-Aw for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:01:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsUCk-0002Ca-A5 for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 21:01:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Jpb3Vh1F8GhGrGcucdsyeUgn0SgMn/zhIQQqxZ5oSjc=; b=evJRaBuyrGXFt2ZZdlUBWlXgd8 1D2/sGRoAu4laLfOrtoos09uiA1+eXsGS6zP4bYLjIpA+dJs2gN/Hx83AAqya+zkGygXkeKxzwLbf cFu+7E3GGR7XwWYryBV4tvQikMLjx4p7w55gMwOJlBhqj6eooUAaIx+4je450950zQpI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs/misra: add 13.6 to rules.rst Message-Id: Date: Thu, 04 Apr 2024 21:01:02 +0000 commit 6117179dd99958e4ef2687617d12c9b15bdbae24 Author: Stefano Stabellini AuthorDate: Tue Apr 2 16:21:41 2024 -0700 Commit: Stefano Stabellini CommitDate: Wed Apr 3 16:21:59 2024 -0700 docs/misra: add 13.6 to rules.rst As agreed during MISRA C meetings, add Rule 13.6 to rules.rst, with a note about extending the rule to alignof and typeof. Also take the opportunity to remove an older and out of order entry for the same rule. Signed-off-by: Stefano Stabellini Acked-by: Jan Beulich --- docs/misra/rules.rst | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index 1e134ccebc..79487cf91c 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -434,17 +434,18 @@ maintainers if you want to suggest a change. parameter declared as "array of type" - - * - `Rule 13.6 `_ - - Mandatory - - The operand of the sizeof operator shall not contain any - expression which has potential side effects - - - * - `Rule 13.1 `_ - Required - Initializer lists shall not contain persistent side effects - + * - `Rule 13.6 `_ + - Required + - The operand of the sizeof operator shall not contain any + expression which has potential side effects + - In addition to sizeof, we also want to apply the rule to typeof + and alignof + * - `Rule 14.1 `_ - Required - A loop counter shall not have essentially floating type -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 23:44:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 23:44:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701026.1095028 (Exim 4.92) (envelope-from ) id 1rsWkW-00039z-RX; Thu, 04 Apr 2024 23:44:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701026.1095028; Thu, 04 Apr 2024 23:44:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsWkW-00039s-P0; Thu, 04 Apr 2024 23:44:04 +0000 Received: by outflank-mailman (input) for mailman id 701026; Thu, 04 Apr 2024 23:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsWkV-00039m-T8 for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 23:44:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsWkV-00021A-Oo for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 23:44:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsWkV-0000Lu-Nj for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 23:44:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1tr1c+GVAtMFsMl7OashMZDLuDkHVb+MCTWTDwYw7b0=; b=w7+CulsOT3wHT3OE9D+nqYU54F 35Kg1fmRcvz/ssD3mBxpHBwosn8eA6aE4wlQxnnx+fz6/jvoBcaLLVVTdnNMqZZksBrnIQzyE28Sz WO2qGHIEqfsF06ec17D7J9GuG5oJhd8TNukFqRH9ljJpN0XdoGKll4vIZp4CDbPAvl5E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] drivers: char: Drop useless suspend/resume stubs in Arm drivers Message-Id: Date: Thu, 04 Apr 2024 23:44:03 +0000 commit 4932163b358f0a577395b797d430eafc9b8ec442 Author: Michal Orzel AuthorDate: Thu Apr 4 09:51:42 2024 +0200 Commit: Stefano Stabellini CommitDate: Thu Apr 4 16:35:58 2024 -0700 drivers: char: Drop useless suspend/resume stubs in Arm drivers On Arm we don't use console_{suspend,resume} and the corresponding stubs in serial drivers are being redundantly copied whenever a new driver is added. Drop them as well as useless .endboot = NULL assignment. Signed-off-by: Michal Orzel Reviewed-by: Jan Beulich Acked-by: Stefano Stabellini --- xen/drivers/char/cadence-uart.c | 13 ------------- xen/drivers/char/exynos4210-uart.c | 13 ------------- xen/drivers/char/imx-lpuart.c | 13 ------------- xen/drivers/char/meson-uart.c | 13 ------------- xen/drivers/char/mvebu-uart.c | 13 ------------- xen/drivers/char/omap-uart.c | 13 ------------- xen/drivers/char/pl011.c | 13 ------------- xen/drivers/char/scif-uart.c | 13 ------------- 8 files changed, 104 deletions(-) diff --git a/xen/drivers/char/cadence-uart.c b/xen/drivers/char/cadence-uart.c index 3618fa88d8..b2f379833f 100644 --- a/xen/drivers/char/cadence-uart.c +++ b/xen/drivers/char/cadence-uart.c @@ -90,16 +90,6 @@ static void __init cuart_init_postirq(struct serial_port *port) cuart_write(uart, R_UART_IER, UART_SR_INTR_RTRIG); } -static void cuart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void cuart_resume(struct serial_port *port) -{ - BUG(); -} - static int cuart_tx_ready(struct serial_port *port) { struct cuart *uart = port->uart; @@ -143,9 +133,6 @@ static const struct vuart_info *cuart_vuart(struct serial_port *port) static struct uart_driver __read_mostly cuart_driver = { .init_preirq = cuart_init_preirq, .init_postirq = cuart_init_postirq, - .endboot = NULL, - .suspend = cuart_suspend, - .resume = cuart_resume, .tx_ready = cuart_tx_ready, .putc = cuart_putc, .getc = cuart_getc, diff --git a/xen/drivers/char/exynos4210-uart.c b/xen/drivers/char/exynos4210-uart.c index b29fd75c5a..58901df554 100644 --- a/xen/drivers/char/exynos4210-uart.c +++ b/xen/drivers/char/exynos4210-uart.c @@ -212,16 +212,6 @@ static void __init exynos4210_uart_init_postirq(struct serial_port *port) exynos4210_write(uart, UMCON, exynos4210_read(uart, UMCON) | UMCON_INT_EN); } -static void exynos4210_uart_suspend(struct serial_port *port) -{ - BUG(); // XXX -} - -static void exynos4210_uart_resume(struct serial_port *port) -{ - BUG(); // XXX -} - static int exynos4210_uart_tx_ready(struct serial_port *port) { struct exynos4210_uart *uart = port->uart; @@ -286,9 +276,6 @@ static const struct vuart_info *exynos4210_vuart_info(struct serial_port *port) static struct uart_driver __read_mostly exynos4210_uart_driver = { .init_preirq = exynos4210_uart_init_preirq, .init_postirq = exynos4210_uart_init_postirq, - .endboot = NULL, - .suspend = exynos4210_uart_suspend, - .resume = exynos4210_uart_resume, .tx_ready = exynos4210_uart_tx_ready, .putc = exynos4210_uart_putc, .getc = exynos4210_uart_getc, diff --git a/xen/drivers/char/imx-lpuart.c b/xen/drivers/char/imx-lpuart.c index 522680a25c..faf4693b66 100644 --- a/xen/drivers/char/imx-lpuart.c +++ b/xen/drivers/char/imx-lpuart.c @@ -101,16 +101,6 @@ static void __init imx_lpuart_init_postirq(struct serial_port *port) imx_lpuart_write(uart, UARTCTRL, temp); } -static void imx_lpuart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void imx_lpuart_resume(struct serial_port *port) -{ - BUG(); -} - static int imx_lpuart_tx_ready(struct serial_port *port) { struct imx_lpuart *uart = port->uart; @@ -185,9 +175,6 @@ static void imx_lpuart_stop_tx(struct serial_port *port) static struct uart_driver __read_mostly imx_lpuart_driver = { .init_preirq = imx_lpuart_init_preirq, .init_postirq = imx_lpuart_init_postirq, - .endboot = NULL, - .suspend = imx_lpuart_suspend, - .resume = imx_lpuart_resume, .tx_ready = imx_lpuart_tx_ready, .putc = imx_lpuart_putc, .getc = imx_lpuart_getc, diff --git a/xen/drivers/char/meson-uart.c b/xen/drivers/char/meson-uart.c index 694381986d..407a276085 100644 --- a/xen/drivers/char/meson-uart.c +++ b/xen/drivers/char/meson-uart.c @@ -116,16 +116,6 @@ static void __init meson_uart_init_postirq(struct serial_port *port) (AML_UART_RX_INT_EN | AML_UART_TX_INT_EN)); } -static void meson_uart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void meson_uart_resume(struct serial_port *port) -{ - BUG(); -} - static void meson_uart_putc(struct serial_port *port, char c) { struct meson_uart *uart = port->uart; @@ -191,9 +181,6 @@ static int meson_uart_tx_ready(struct serial_port *port) static struct uart_driver __read_mostly meson_uart_driver = { .init_preirq = meson_uart_init_preirq, .init_postirq = meson_uart_init_postirq, - .endboot = NULL, - .suspend = meson_uart_suspend, - .resume = meson_uart_resume, .putc = meson_uart_putc, .getc = meson_uart_getc, .tx_ready = meson_uart_tx_ready, diff --git a/xen/drivers/char/mvebu-uart.c b/xen/drivers/char/mvebu-uart.c index 1913fe8b5f..db2418576c 100644 --- a/xen/drivers/char/mvebu-uart.c +++ b/xen/drivers/char/mvebu-uart.c @@ -125,16 +125,6 @@ static void __init mvebu3700_uart_init_postirq(struct serial_port *port) mvebu3700_write(uart, UART_CTRL_REG, reg); } -static void mvebu3700_uart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void mvebu3700_uart_resume(struct serial_port *port) -{ - BUG(); -} - static void mvebu3700_uart_putc(struct serial_port *port, char c) { struct mvebu3700_uart *uart = port->uart; @@ -213,9 +203,6 @@ static int mvebu3700_uart_tx_ready(struct serial_port *port) static struct uart_driver __read_mostly mvebu3700_uart_driver = { .init_preirq = mvebu3700_uart_init_preirq, .init_postirq = mvebu3700_uart_init_postirq, - .endboot = NULL, - .suspend = mvebu3700_uart_suspend, - .resume = mvebu3700_uart_resume, .putc = mvebu3700_uart_putc, .getc = mvebu3700_uart_getc, .tx_ready = mvebu3700_uart_tx_ready, diff --git a/xen/drivers/char/omap-uart.c b/xen/drivers/char/omap-uart.c index e4f5be2289..f4368c158c 100644 --- a/xen/drivers/char/omap-uart.c +++ b/xen/drivers/char/omap-uart.c @@ -242,16 +242,6 @@ static void __init omap_uart_init_postirq(struct serial_port *port) omap_write(uart, UART_IER, UART_IER_ERDAI|UART_IER_ETHREI|UART_IER_ELSI); } -static void omap_uart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void omap_uart_resume(struct serial_port *port) -{ - BUG(); -} - static int omap_uart_tx_ready(struct serial_port *port) { struct omap_uart *uart = port->uart; @@ -307,9 +297,6 @@ static const struct vuart_info *omap_vuart_info(struct serial_port *port) static struct uart_driver __read_mostly omap_uart_driver = { .init_preirq = omap_uart_init_preirq, .init_postirq = omap_uart_init_postirq, - .endboot = NULL, - .suspend = omap_uart_suspend, - .resume = omap_uart_resume, .tx_ready = omap_uart_tx_ready, .putc = omap_uart_putc, .getc = omap_uart_getc, diff --git a/xen/drivers/char/pl011.c b/xen/drivers/char/pl011.c index 7260a988ca..5f9913367d 100644 --- a/xen/drivers/char/pl011.c +++ b/xen/drivers/char/pl011.c @@ -166,16 +166,6 @@ static void __init pl011_init_postirq(struct serial_port *port) pl011_write(uart, IMSC, RTI|OEI|BEI|PEI|FEI|TXI|RXI); } -static void pl011_suspend(struct serial_port *port) -{ - BUG(); // XXX -} - -static void pl011_resume(struct serial_port *port) -{ - BUG(); // XXX -} - static int pl011_tx_ready(struct serial_port *port) { struct pl011 *uart = port->uart; @@ -232,9 +222,6 @@ static void pl011_tx_start(struct serial_port *port) static struct uart_driver __read_mostly pl011_driver = { .init_preirq = pl011_init_preirq, .init_postirq = pl011_init_postirq, - .endboot = NULL, - .suspend = pl011_suspend, - .resume = pl011_resume, .tx_ready = pl011_tx_ready, .putc = pl011_putc, .getc = pl011_getc, diff --git a/xen/drivers/char/scif-uart.c b/xen/drivers/char/scif-uart.c index b7f86f882c..757793ca45 100644 --- a/xen/drivers/char/scif-uart.c +++ b/xen/drivers/char/scif-uart.c @@ -195,16 +195,6 @@ static void __init scif_uart_init_postirq(struct serial_port *port) params->irq_flags); } -static void scif_uart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void scif_uart_resume(struct serial_port *port) -{ - BUG(); -} - static int scif_uart_tx_ready(struct serial_port *port) { struct scif_uart *uart = port->uart; @@ -284,9 +274,6 @@ static void scif_uart_stop_tx(struct serial_port *port) static struct uart_driver __read_mostly scif_uart_driver = { .init_preirq = scif_uart_init_preirq, .init_postirq = scif_uart_init_postirq, - .endboot = NULL, - .suspend = scif_uart_suspend, - .resume = scif_uart_resume, .tx_ready = scif_uart_tx_ready, .putc = scif_uart_putc, .getc = scif_uart_getc, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 04 23:44:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 04 Apr 2024 23:44:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701027.1095034 (Exim 4.92) (envelope-from ) id 1rsWkg-0003Be-UW; Thu, 04 Apr 2024 23:44:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701027.1095034; Thu, 04 Apr 2024 23:44:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsWkg-0003BW-Qo; Thu, 04 Apr 2024 23:44:14 +0000 Received: by outflank-mailman (input) for mailman id 701027; Thu, 04 Apr 2024 23:44:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsWkf-0003BO-Tg for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 23:44:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsWkf-00021F-Ru for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 23:44:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsWkf-0000MU-Qu for xen-changelog@lists.xenproject.org; Thu, 04 Apr 2024 23:44:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5weeo6G1b2EuPl6Xwj3UhWMbeawB+8hASPBd3hmDIGc=; b=pyJ+MlhPPcn6ZIp9ObB7kozy6c EFH59ujixTEEs4XRtTHX87dCAiyo3xOrhFXQBJ65pcjC/bVkPI44mOiWhy9oEqPSU3u9Yn44qxmA6 /iqMl2vsfK6v6j12xH9z/6T4YLpLgCSmU8mfZr24QI/U2x/nXallpTyXE8nEMLd4T8PQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] char: lpuart: Drop useless variables from UART structure Message-Id: Date: Thu, 04 Apr 2024 23:44:13 +0000 commit 270588b9b2b751b0bb6b36f4853cb13005e4706f Author: Michal Orzel AuthorDate: Thu Apr 4 09:51:43 2024 +0200 Commit: Stefano Stabellini CommitDate: Thu Apr 4 16:36:25 2024 -0700 char: lpuart: Drop useless variables from UART structure These variables are useless. They are being assigned a value which is never used since UART is expected to be pre-configured. No functional change. Signed-off-by: Michal Orzel Reviewed-by: Stefano Stabellini --- xen/drivers/char/imx-lpuart.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/xen/drivers/char/imx-lpuart.c b/xen/drivers/char/imx-lpuart.c index faf4693b66..7770d158bf 100644 --- a/xen/drivers/char/imx-lpuart.c +++ b/xen/drivers/char/imx-lpuart.c @@ -30,7 +30,6 @@ #define imx_lpuart_write(uart, off, val) writel((val), (uart)->regs + (off)) static struct imx_lpuart { - uint32_t baud, clock_hz, data_bits, parity, stop_bits, fifo_size; uint32_t irq; char __iomem *regs; struct irqaction irqaction; @@ -197,11 +196,6 @@ static int __init imx_lpuart_init(struct dt_device_node *dev, uart = &imx8_com; - uart->baud = 115200; - uart->data_bits = 8; - uart->parity = 0; - uart->stop_bits = 1; - res = dt_device_get_paddr(dev, 0, &addr, &size); if ( res ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 07:44:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 07:44:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701131.1095287 (Exim 4.92) (envelope-from ) id 1rseF2-0008QW-31; Fri, 05 Apr 2024 07:44:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701131.1095287; Fri, 05 Apr 2024 07:44:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseF2-0008QM-0S; Fri, 05 Apr 2024 07:44:04 +0000 Received: by outflank-mailman (input) for mailman id 701131; Fri, 05 Apr 2024 07:44:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseF0-0008Px-93 for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseF0-000295-8H for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rseF0-0002mH-5e for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8vJscjECS7X/9ePIFDgAIKdbL3uDwylky6H/sbN0TUQ=; b=JrSFmAq9OcD+8FyoO85tmjxx0F VVm7DYLIz6REMxSptWY4XKX+VXgy6WFKLa7oUcISVpxD1gA6TU4LNkm0hWJn+Xf+/s7/4Iq8OSAm2 7/spGOydx+2mOIuH+Jkb+6WK4+b0f5qRAEoqoiojElSin3fLTwVUFURaZNxxOFZuS4Aw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] automation: introduce fixed randconfig for RISC-V Message-Id: Date: Fri, 05 Apr 2024 07:44:02 +0000 commit 7b02b505bbe2379f34a3a46c9a065e43a9f588ac Author: Oleksii Kurochko AuthorDate: Thu Apr 4 11:59:15 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 11:59:15 2024 +0200 automation: introduce fixed randconfig for RISC-V This patch introduces the anchor riscv-fixed-randconfig, which includes all configurations that should be disabled for randconfig builds. Suggested-by: Stefano Stabellini Signed-off-by: Oleksii Kurochko Reviewed-by: Michal Orzel Acked-by: Stefano Stabellini --- automation/gitlab-ci/build.yaml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index 6d2cb18b88..aac29ee13a 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -512,6 +512,14 @@ alpine-3.18-gcc-debug-arm64-boot-cpupools: CONFIG_BOOT_TIME_CPUPOOLS=y # RISC-V 64 cross-build +.riscv-fixed-randconfig: + variables: &riscv-fixed-randconfig + EXTRA_FIXED_RANDCONFIG: | + CONFIG_COVERAGE=n + CONFIG_EXPERT=y + CONFIG_GRANT_TABLE=n + CONFIG_MEM_ACCESS=n + archlinux-current-gcc-riscv64: extends: .gcc-riscv64-cross-build variables: @@ -532,8 +540,7 @@ archlinux-current-gcc-riscv64-randconfig: CONTAINER: archlinux:current-riscv64 KBUILD_DEFCONFIG: tiny64_defconfig RANDCONFIG: y - EXTRA_FIXED_RANDCONFIG: - CONFIG_COVERAGE=n + <<: *riscv-fixed-randconfig archlinux-current-gcc-riscv64-debug-randconfig: extends: .gcc-riscv64-cross-build-debug @@ -541,8 +548,7 @@ archlinux-current-gcc-riscv64-debug-randconfig: CONTAINER: archlinux:current-riscv64 KBUILD_DEFCONFIG: tiny64_defconfig RANDCONFIG: y - EXTRA_FIXED_RANDCONFIG: - CONFIG_COVERAGE=n + <<: *riscv-fixed-randconfig # Power cross-build debian-bullseye-gcc-ppc64le: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 07:44:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 07:44:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701132.1095291 (Exim 4.92) (envelope-from ) id 1rseFC-00005C-4b; Fri, 05 Apr 2024 07:44:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701132.1095291; Fri, 05 Apr 2024 07:44:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFC-000050-1q; Fri, 05 Apr 2024 07:44:14 +0000 Received: by outflank-mailman (input) for mailman id 701132; Fri, 05 Apr 2024 07:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFA-0008Uq-C8 for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFA-00029G-BK for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rseFA-0002nN-AK for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=x8AIeYxHhOzGw4TYZS1JZyMZZOUYEDob0lptmu5Qltw=; b=jr44DQZTQlQcE7ExjEcaMhkL7+ jsicWrFXsbIHYIpuTaQCAKkBRNMfphhIcuETSZWPQGT5YJkADvkjU8tOGC8la87FR6yu8Kx115v6A DQwZvUhJ3QjyDTa9oeTAdUxImIh8WCf17P/YOxqphCXPngjiifNeIFm8h0TSwYXOeKS0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/riscv: introduce extension support check by compiler Message-Id: Date: Fri, 05 Apr 2024 07:44:12 +0000 commit 1e6cd4155dcfe947f7c51f1dbaf293284909afba Author: Oleksii Kurochko AuthorDate: Thu Apr 4 12:00:17 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 12:00:17 2024 +0200 xen/riscv: introduce extension support check by compiler Currently, RISC-V requires two extensions: _zbb and _zihintpause. This patch introduces a compiler check to check if these extensions are supported. Additionally, it introduces the riscv/booting.txt file, which contains information about the extensions that should be supported by the platform. In the future, a feature will be introduced to check whether an extension is supported at runtime. However, this feature requires functionality for parsing device tree source (DTS), which is not yet available. Signed-off-by: Oleksii Kurochko Acked-by: Jan Beulich --- docs/misc/riscv/booting.txt | 16 ++++++++++++++++ xen/arch/riscv/arch.mk | 15 +++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/docs/misc/riscv/booting.txt b/docs/misc/riscv/booting.txt new file mode 100644 index 0000000000..cb4d79f12c --- /dev/null +++ b/docs/misc/riscv/booting.txt @@ -0,0 +1,16 @@ +System requirements +=================== + +The following extensions are expected to be supported by a system on which +Xen is run: +- Zbb: + RISC-V doesn't have a CLZ instruction in the base ISA. + As a consequence, __builtin_ffs() emits a library call to ffs() on GCC, + or a de Bruijn sequence on Clang. + Zbb extension adds a CLZ instruction, after which __builtin_ffs() emits + a very simple sequence. + The similar issue occurs with other __builtin_, so it is needed to + provide a generic version of bitops in RISC-V bitops.h +- Zihintpause: + On a system that doesn't have this extension, cpu_relax() should be + implemented properly. diff --git a/xen/arch/riscv/arch.mk b/xen/arch/riscv/arch.mk index 8403f96b6f..9f3ed4ff06 100644 --- a/xen/arch/riscv/arch.mk +++ b/xen/arch/riscv/arch.mk @@ -3,16 +3,27 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) -CFLAGS-$(CONFIG_RISCV_64) += -mabi=lp64 +riscv-abi-$(CONFIG_RISCV_32) := -mabi=ilp32 +riscv-abi-$(CONFIG_RISCV_64) := -mabi=lp64 riscv-march-$(CONFIG_RISCV_ISA_RV64G) := rv64g riscv-march-$(CONFIG_RISCV_ISA_C) := $(riscv-march-y)c +riscv-generic-flags := $(riscv-abi-y) -march=$(riscv-march-y) + +zbb := $(call as-insn,$(CC) $(riscv-generic-flags)_zbb,"",_zbb) +zihintpause := $(call as-insn, \ + $(CC) $(riscv-generic-flags)_zihintpause,"pause",_zihintpause) + +extensions := $(zbb) $(zihintpause) + +extensions := $(subst $(space),,$(extensions)) + # Note that -mcmodel=medany is used so that Xen can be mapped # into the upper half _or_ the lower half of the address space. # -mcmodel=medlow would force Xen into the lower half. -CFLAGS += -march=$(riscv-march-y) -mstrict-align -mcmodel=medany +CFLAGS += $(riscv-generic-flags)$(extensions) -mstrict-align -mcmodel=medany # TODO: Drop override when more of the build is working override ALL_OBJS-y = arch/$(SRCARCH)/built_in.o -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 07:44:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 07:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701134.1095294 (Exim 4.92) (envelope-from ) id 1rseFL-0000ET-8I; Fri, 05 Apr 2024 07:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701134.1095294; Fri, 05 Apr 2024 07:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFL-0000EL-5e; Fri, 05 Apr 2024 07:44:23 +0000 Received: by outflank-mailman (input) for mailman id 701134; Fri, 05 Apr 2024 07:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFK-0000E6-FR for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFK-00029R-Ef for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rseFK-0002no-DN for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mIK+JDLK8Qdk0zycDGjaaI+S0KdbCxRSMSC9WKlag1A=; b=kIGZSyCsKHWgaUM3cNU9lZMliH n0tSwNJivWtMrEISkHYrzKpcehkPAPscbB41ptJl7zSO6x+kvwv2lbakIqa8d25YvgPAOR4GipTM7 f1/rBmfGGUkk/r1j9am0rucY4dvztssN4bE6D3EGR8Hi9yXzVypiUpdjNcUQ1fITFgLw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/init-xenstore-domain: Replace variable MB() usage Message-Id: Date: Fri, 05 Apr 2024 07:44:22 +0000 commit 4c41749852cb3be980bf8955d5bc5e1982029dfb Author: Jason Andryuk AuthorDate: Thu Apr 4 12:00:59 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 12:00:59 2024 +0200 tools/init-xenstore-domain: Replace variable MB() usage The local MB() & GB() macros will be replaced with a common implementation, but those only work with numeric values. Introduce a static inline mb_to_bytes() in place of the MB() macro to convert the variable values, at the same time addressing the lack of parenthesization of the prior macro's parameter. Fixes: 134d53f57707 ("tools/init-xenstore-domain: fix memory map for PVH stubdom") Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/helpers/init-xenstore-domain.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/helpers/init-xenstore-domain.c b/tools/helpers/init-xenstore-domain.c index 1683438c5c..7332545770 100644 --- a/tools/helpers/init-xenstore-domain.c +++ b/tools/helpers/init-xenstore-domain.c @@ -20,7 +20,6 @@ #include "init-dom-json.h" #define LAPIC_BASE_ADDRESS 0xfee00000UL -#define MB(x) ((uint64_t)x << 20) #define GB(x) ((uint64_t)x << 30) static uint32_t domid = ~0; @@ -36,6 +35,11 @@ static xc_evtchn_port_or_error_t console_evtchn; static xentoollog_level minmsglevel = XTL_PROGRESS; static void *logger; +static inline uint64_t mb_to_bytes(int mem) +{ + return (uint64_t)mem << 20; +} + static struct option options[] = { { "kernel", 1, NULL, 'k' }, { "memory", 1, NULL, 'm' }, @@ -76,8 +80,8 @@ static int build(xc_interface *xch) int rv, xs_fd; struct xc_dom_image *dom = NULL; int limit_kb = (maxmem ? : memory) * 1024 + X86_HVM_NR_SPECIAL_PAGES * 4; - uint64_t mem_size = MB(memory); - uint64_t max_size = MB(maxmem ? : memory); + uint64_t mem_size = mb_to_bytes(memory); + uint64_t max_size = mb_to_bytes(maxmem ? : memory); struct e820entry e820[3]; struct xen_domctl_createdomain config = { .ssidref = SECINITSID_DOMU, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 07:44:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 07:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701136.1095299 (Exim 4.92) (envelope-from ) id 1rseFV-0000Ok-9c; Fri, 05 Apr 2024 07:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701136.1095299; Fri, 05 Apr 2024 07:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFV-0000Oc-79; Fri, 05 Apr 2024 07:44:33 +0000 Received: by outflank-mailman (input) for mailman id 701136; Fri, 05 Apr 2024 07:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFU-0000OK-JZ for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFU-00029Y-Hu for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rseFU-0002oD-H1 for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fNnT94ofgSVIO1OE5jKbRYFmfGCnqRBg+1odKcgwWSM=; b=sS6pSGud0zwXf/oIxRAGQeveM8 8mfau9iee/LKFG7WQj3C+i58La5m9//Fbh7dmpAsgo8cQ6uRCPFJdVT3ZD+WL9MSL6MroXw/EDfNY MaQ8kY2lBrbBRAznslcxSWstD6Uz0frM0VnOcuCiwh9VMCF+IBOWAAB+zt0i1Ot0CLSk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools: Move MB/GB() to common-macros.h Message-Id: Date: Fri, 05 Apr 2024 07:44:32 +0000 commit 21e0c8fc0ee03adf29c1f17e78f477ad39384207 Author: Jason Andryuk AuthorDate: Thu Apr 4 12:01:13 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 12:01:13 2024 +0200 tools: Move MB/GB() to common-macros.h Consolidate to a single set of common macros for tools. MB() will gain another use in libelf, so this movement makes it available. Requested-by: Jan Beulich Signed-off-by: Jason Andryuk Reviewed-by: Jan Beulich Acked-by: Anthony PERARD --- tools/firmware/hvmloader/util.h | 3 --- tools/helpers/init-xenstore-domain.c | 1 - tools/include/xen-tools/common-macros.h | 4 ++++ tools/libs/light/libxl_internal.h | 4 ---- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/tools/firmware/hvmloader/util.h b/tools/firmware/hvmloader/util.h index 87be213dec..14078bde1e 100644 --- a/tools/firmware/hvmloader/util.h +++ b/tools/firmware/hvmloader/util.h @@ -38,9 +38,6 @@ void __bug(const char *file, int line) __attribute__((noreturn)); #define BUG() __bug(__FILE__, __LINE__) #define BUG_ON(p) do { if (p) BUG(); } while (0) -#define MB(mb) (mb##ULL << 20) -#define GB(gb) (gb##ULL << 30) - static inline int test_bit(unsigned int b, const void *p) { return !!(((const uint8_t *)p)[b>>3] & (1u<<(b&7))); diff --git a/tools/helpers/init-xenstore-domain.c b/tools/helpers/init-xenstore-domain.c index 7332545770..01ca667d25 100644 --- a/tools/helpers/init-xenstore-domain.c +++ b/tools/helpers/init-xenstore-domain.c @@ -20,7 +20,6 @@ #include "init-dom-json.h" #define LAPIC_BASE_ADDRESS 0xfee00000UL -#define GB(x) ((uint64_t)x << 30) static uint32_t domid = ~0; static char *kernel; diff --git a/tools/include/xen-tools/common-macros.h b/tools/include/xen-tools/common-macros.h index 81fba2e9f5..07aed92684 100644 --- a/tools/include/xen-tools/common-macros.h +++ b/tools/include/xen-tools/common-macros.h @@ -91,6 +91,10 @@ #define __AC(X, Y) (X ## Y) #define _AC(X, Y) __AC(X, Y) +/* Size macros. */ +#define MB(_mb) (_AC(_mb, ULL) << 20) +#define GB(_gb) (_AC(_gb, ULL) << 30) + #define get_unaligned_t(type, ptr) ({ \ const struct { type x; } __packed *ptr_ = (typeof(ptr_))(ptr); \ ptr_->x; \ diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index 094d0df9b1..803dbc1a03 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -126,10 +126,6 @@ #define PVSHIM_BASENAME "xen-shim" #define PVSHIM_CMDLINE "pv-shim console=xen,pv" -/* Size macros. */ -#define MB(_mb) (_AC(_mb, ULL) << 20) -#define GB(_gb) (_AC(_gb, ULL) << 30) - #define DIV_ROUNDUP(n, d) (((n) + (d) - 1) / (d)) #define LIBXL__LOGGING_ENABLED -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 07:44:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 07:44:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701137.1095302 (Exim 4.92) (envelope-from ) id 1rseFf-0000Sp-BL; Fri, 05 Apr 2024 07:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701137.1095302; Fri, 05 Apr 2024 07:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFf-0000Sh-8Y; Fri, 05 Apr 2024 07:44:43 +0000 Received: by outflank-mailman (input) for mailman id 701137; Fri, 05 Apr 2024 07:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFe-0000SX-M2 for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFe-0002A2-LJ for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rseFe-0002on-KH for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UbTkrHBBW4Wq3V653a/C0fvKF13Tq7zCX/tCplnccJM=; b=0dQ3caaYV2mQz+Fp2f4yc/rkVE FzP6iS9RiHYLHijUhn9hoq8tBUinyXA/KcJ07nuEA3o/zTNMcSkJstX1yKOz4Fm0vbGKi1QhYZ5pI x38sTxEnzJwneq9O4zC+VZQD2CNc43/59Q0Sitz6icl62Xuf+sBJj3LIrm5RfmamtltM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/sched: address violations of MISRA C:2012 Rule 16.3 Message-Id: Date: Fri, 05 Apr 2024 07:44:42 +0000 commit 226bdb155bc2686869004ac64a780993f48ccdcb Author: Federico Serafini AuthorDate: Thu Apr 4 12:01:27 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 12:01:27 2024 +0200 xen/sched: address violations of MISRA C:2012 Rule 16.3 Add break statement to address a violation of MISRA C:2012 Rule 16.3 ("An unconditional `break' statement shall terminate every switch-clause"). Replace deprecated comment /* FALLTHRU */ with pseudo-keyword fallthrough to meet the requirements to deviate the rule. No functional change. Signed-off-by: Federico Serafini Reviewed-by: Jan Beulich Acked-by: George Dunlap --- xen/common/sched/core.c | 1 + xen/common/sched/credit2.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c index 3e48da1cdd..0cb33831d2 100644 --- a/xen/common/sched/core.c +++ b/xen/common/sched/core.c @@ -2007,6 +2007,7 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) default: ret = -ENOSYS; + break; } return ret; diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c index c76330d79d..0962b52415 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -3152,8 +3152,8 @@ static int cf_check csched2_sys_cntl( printk(XENLOG_INFO "Disabling context switch rate limiting\n"); prv->ratelimit_us = params->ratelimit_us; write_unlock_irqrestore(&prv->lock, flags); + fallthrough; - /* FALLTHRU */ case XEN_SYSCTL_SCHEDOP_getinfo: params->ratelimit_us = prv->ratelimit_us; break; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 07:44:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 07:44:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701138.1095307 (Exim 4.92) (envelope-from ) id 1rseFp-0000Vf-Cu; Fri, 05 Apr 2024 07:44:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701138.1095307; Fri, 05 Apr 2024 07:44:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFp-0000VX-AA; Fri, 05 Apr 2024 07:44:53 +0000 Received: by outflank-mailman (input) for mailman id 701138; Fri, 05 Apr 2024 07:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFo-0000VP-Po for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rseFo-0002AH-Ou for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rseFo-0002pT-NN for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 07:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3BYrHq/47j2AQqMrPSJamUGZjjhmvY54zPK1Tbt6ZPI=; b=TlXnZzH1YJ2j+sUZUTdEUZ+sKy CoPdTG3A7Ws5DA66KUR0NLMcqj8+LogCSZdH8hX009yaCCiO4Xttiep1WsvZmHPTWmUAK0VTp6/8d +R1gMjntKq+s0NjrHvBWom8B6ykmlRnpXRf5WgaiilCiLqmJ+fHSc4g0ALZUfH0X0DzE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] vsprintf: address violations of MISRA C:2012 Rule 16.3 Message-Id: Date: Fri, 05 Apr 2024 07:44:52 +0000 commit 6eeb3e86bdfa55874f4c44527551e9b82125dc83 Author: Federico Serafini AuthorDate: Thu Apr 4 12:01:50 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 4 12:01:50 2024 +0200 vsprintf: address violations of MISRA C:2012 Rule 16.3 MISRA C:2012 Rule 16.3 states: "An unconditional `break' statement shall terminate every switch-clause". In order to meet the requirements to deviate the rule: 1) refactor the for loop to make the switch-clause ending with a return statement (note that adding a break at the end of the switch-clause would result in a violation of Rule 2.1 "A project shall not contain unreachable code"); 2) add pseudo-keyword fallthrough. No functional change. Signed-off-by: Federico Serafini Reviewed-by: Jan Beulich --- xen/common/vsprintf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/common/vsprintf.c b/xen/common/vsprintf.c index c49631c0a4..612751c90f 100644 --- a/xen/common/vsprintf.c +++ b/xen/common/vsprintf.c @@ -377,7 +377,7 @@ static char *pointer(char *str, const char *end, const char **fmt_ptr, str = number(str, end, hex_buffer[i], 16, 2, -1, ZEROPAD); if ( ++i == field_width ) - return str; + break; if ( sep ) { @@ -386,6 +386,8 @@ static char *pointer(char *str, const char *end, const char **fmt_ptr, ++str; } } + + return str; } case 'p': /* PCI SBDF. */ @@ -619,6 +621,7 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) case 'X': flags |= LARGE; + fallthrough; case 'x': base = 16; break; @@ -626,6 +629,7 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) case 'd': case 'i': flags |= SIGN; + fallthrough; case 'u': break; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 14:11:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 14:11:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701312.1095687 (Exim 4.92) (envelope-from ) id 1rskHZ-00082n-0O; Fri, 05 Apr 2024 14:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701312.1095687; Fri, 05 Apr 2024 14:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rskHY-00082f-Tm; Fri, 05 Apr 2024 14:11:04 +0000 Received: by outflank-mailman (input) for mailman id 701312; Fri, 05 Apr 2024 14:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rskHY-00082G-20 for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 14:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rskHX-0001QY-SW for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 14:11:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rskHX-0007ug-Nu for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 14:11:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=z6clIbku0vuUr8SgF44K4KGE9DqOm+dyYn05eS6pX+I=; b=cqU6qweohIL4tlribVj3VL7W1h Rw8fRI3nJDzPtivitcXUOmzvzbNKGJTVjxGFaKbcbeIhE7XnGZ1rgsMeviyCQWWjDOT8MxxPQpDV2 UqG4+6k1CqBcuHVMjCVS7f5wAXvv0QCntiyFQyI26ZNPIKiXG4tQVCxx4z7qstPFgbI8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch Message-Id: Date: Fri, 05 Apr 2024 14:11:03 +0000 commit b33f191e3ca99458fdcea1cb5a29dfa4965d1604 Author: Andrew Cooper AuthorDate: Wed Apr 3 17:43:42 2024 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 5 14:53:59 2024 +0100 x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch It turns out there is something wonky on some but not all CPUs with MSR_TSX_FORCE_ABORT. The presence of RTM_ALWAYS_ABORT causes Xen to think it's safe to offer HLE/RTM to guests, but in this case, XBEGIN instructions genuinely #UD. Spot this case and try to back out as cleanly as we can. Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich --- xen/arch/x86/tsx.c | 55 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 50d8059f23..fbdd05971c 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -1,5 +1,6 @@ #include #include +#include #include /* @@ -9,6 +10,7 @@ * -1 => Default, altered to 0/1 (if unspecified) by: * - TAA heuristics/settings for speculative safety * - "TSX vs PCR3" select for TSX memory ordering safety + * -2 => Implicit tsx=0 (from RTM_ALWAYS_ABORT vs RTM mismatch) * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) * * This is arranged such that the bottom bit encodes whether TSX is actually @@ -114,11 +116,50 @@ void tsx_init(void) if ( cpu_has_tsx_force_abort ) { + uint64_t val; + /* - * On an early TSX-enable Skylake part subject to the memory + * On an early TSX-enabled Skylake part subject to the memory * ordering erratum, with at least the March 2019 microcode. */ + rdmsrl(MSR_TSX_FORCE_ABORT, val); + + /* + * At the time of writing (April 2024), it was discovered that + * some parts (e.g. CoffeeLake 8th Gen, 06-9e-0a, ucode 0xf6) + * advertise RTM_ALWAYS_ABORT, but XBEGIN instructions #UD. Other + * similar parts (e.g. KabyLake Xeon-E3, 06-9e-09, ucode 0xf8) + * operate as expected. + * + * In this case: + * - RTM_ALWAYS_ABORT and MSR_TSX_FORCE_ABORT are enumerated. + * - XBEGIN instructions genuinely #UD. + * - MSR_TSX_FORCE_ABORT appears to be write-discard and fails to + * hold its value. + * - HLE and RTM are not enumerated, despite + * MSR_TSX_FORCE_ABORT.TSX_CPUID_CLEAR being clear. + * + * Spot RTM being unavailable without CLEAR_CPUID being set, and + * treat it as if no TSX is available at all. This will prevent + * Xen from thinking it's safe to offer HLE/RTM to VMs. + */ + if ( val == 0 && cpu_has_rtm_always_abort && !cpu_has_rtm ) + { + printk(XENLOG_ERR + "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RTM_ALWAYS_ABORT vs RTM mismatch\n", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_mask, this_cpu(cpu_sig).rev); + + setup_clear_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + setup_clear_cpu_cap(X86_FEATURE_TSX_FORCE_ABORT); + + if ( opt_tsx < 0 ) + opt_tsx = -2; + + goto done_probe; + } + /* * Probe for the June 2021 microcode which de-features TSX on * client parts. (Note - this is a subset of parts impacted by @@ -128,15 +169,8 @@ void tsx_init(void) * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. */ - if ( !has_rtm_always_abort ) - { - uint64_t val; - - rdmsrl(MSR_TSX_FORCE_ABORT, val); - - if ( val & TSX_ENABLE_RTM ) - has_rtm_always_abort = true; - } + if ( val & TSX_ENABLE_RTM ) + has_rtm_always_abort = true; /* * If no explicit tsx= option is provided, pick a default. @@ -191,6 +225,7 @@ void tsx_init(void) setup_force_cpu_cap(X86_FEATURE_RTM); } } + done_probe: /* * Note: MSR_TSX_CTRL is enumerated on TSX-enabled MDS_NO and later parts. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 14:11:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 14:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701313.1095690 (Exim 4.92) (envelope-from ) id 1rskHj-00084x-1V; Fri, 05 Apr 2024 14:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701313.1095690; Fri, 05 Apr 2024 14:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rskHi-00084r-VD; Fri, 05 Apr 2024 14:11:14 +0000 Received: by outflank-mailman (input) for mailman id 701313; Fri, 05 Apr 2024 14:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rskHi-00084j-5V for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 14:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rskHi-0001Qc-2t for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 14:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rskHh-0007vO-Uq for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 14:11:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4CRx31mxwyyYZEaZRCEMSsSIe2kR99dKgB24bcXAUlo=; b=bibGC7Uw5hKW769pvnupMtZZZq 9J/PtopEDSXaNGc4RXHoYyAuDICbSI3paak1lWitQED83daRwo5NASqtm0q35TwOHwe3lN8nlY4QT Tla0DUpKEPoOVXk8+C89tLTjme1dvY7slhFwgjIKO+/cMkRO+QCaW+erORnqxQ0EjiRI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: Address MISRA Rule 13.6 Message-Id: Date: Fri, 05 Apr 2024 14:11:13 +0000 commit e9b0f8b6909dcba9843250c486e80879b042fd65 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:26:22 2024 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 5 14:54:53 2024 +0100 x86: Address MISRA Rule 13.6 MISRA Rule 13.6 doesn't like having an expression in a sizeof() which potentially has side effects, including function calls. Address several violations by pulling the expression out into a local variable. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/irq.c | 4 ++-- xen/arch/x86/time.c | 6 ++++-- xen/drivers/passthrough/amd/iommu_intr.c | 3 ++- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 0487f734a5..a042faf104 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -1149,9 +1149,9 @@ static void cf_check irq_guest_eoi_timer_fn(void *data) for ( i = 0; i < action->nr_guests; i++ ) { struct domain *d = action->guest[i]; - unsigned int pirq = domain_irq_to_pirq(d, irq); + struct pirq *pirq = pirq_info(d, domain_irq_to_pirq(d, irq)); - if ( test_and_clear_bool(pirq_info(d, pirq)->masked) ) + if ( test_and_clear_bool(pirq->masked) ) action->in_flight--; } diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 6087004789..6f136f4b14 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -2503,7 +2503,9 @@ static long cmos_utc_offset; /* in seconds */ int time_suspend(void) { - if ( smp_processor_id() == 0 ) + unsigned int cpu = smp_processor_id(); + + if ( cpu == 0 ) { cmos_utc_offset = -get_wallclock_time(); cmos_utc_offset += get_sec(); @@ -2514,7 +2516,7 @@ int time_suspend(void) } /* Better to cancel calibration timer for accuracy. */ - clear_bit(TIME_CALIBRATE_SOFTIRQ, &softirq_pending(smp_processor_id())); + clear_bit(TIME_CALIBRATE_SOFTIRQ, &softirq_pending(cpu)); return 0; } diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c index d9eefcd8e4..7fc796dec2 100644 --- a/xen/drivers/passthrough/amd/iommu_intr.c +++ b/xen/drivers/passthrough/amd/iommu_intr.c @@ -183,6 +183,7 @@ static void free_intremap_entry(const struct amd_iommu *iommu, unsigned int bdf, unsigned int index) { union irte_ptr entry = get_intremap_entry(iommu, bdf, index); + struct ivrs_mappings *ivrs = get_ivrs_mappings(iommu->seg); if ( iommu->ctrl.ga_en ) { @@ -201,7 +202,7 @@ static void free_intremap_entry(const struct amd_iommu *iommu, else ACCESS_ONCE(entry.ptr32->raw) = 0; - __clear_bit(index, get_ivrs_mappings(iommu->seg)[bdf].intremap_inuse); + __clear_bit(index, ivrs[bdf].intremap_inuse); } static void update_intremap_entry(const struct amd_iommu *iommu, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 18:22:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 18:22:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701359.1095753 (Exim 4.92) (envelope-from ) id 1rsoCU-0007nk-1h; Fri, 05 Apr 2024 18:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701359.1095753; Fri, 05 Apr 2024 18:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCT-0007nd-VM; Fri, 05 Apr 2024 18:22:05 +0000 Received: by outflank-mailman (input) for mailman id 701359; Fri, 05 Apr 2024 18:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCS-0007nT-6t for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCR-0006qn-U5 for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsoCR-00028A-S1 for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6GsWOO4i8wBXDf5tScWIgc9o0Kchzf8keQIxU090Trw=; b=5Mbs001mDt8EYT/RinxOvxdCum dF3ukC1qZ54QhTatc0e/hAssiyLdH7/3VGRqTgvhZGsIDIxRiAm/+2WLpNv14Mfmy3pEUsas7jlxr tX2LbL8CBElQZ9/y6ACgYAEUK9PKi8YIJ7ZJbpFjOqRm1DMp90XzfJ88dz31hpV5lT4Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] arm/public: address violations of MISRA C Rule 20.7 Message-Id: Date: Fri, 05 Apr 2024 18:22:03 +0000 commit 6bdb67d19ecb8c8e561d975f5c62b6a8a5783f51 Author: Nicola Vetrini AuthorDate: Fri Mar 29 10:11:30 2024 +0100 Commit: Stefano Stabellini CommitDate: Fri Apr 5 11:15:47 2024 -0700 arm/public: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Reviewed-by: Stefano Stabellini --- xen/include/public/arch-arm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-arm.h b/xen/include/public/arch-arm.h index a25e87dbda..e167e14f8d 100644 --- a/xen/include/public/arch-arm.h +++ b/xen/include/public/arch-arm.h @@ -209,7 +209,7 @@ do { \ __typeof__(&(hnd)) _sxghr_tmp = &(hnd); \ _sxghr_tmp->q = 0; \ - _sxghr_tmp->p = val; \ + _sxghr_tmp->p = (val); \ } while ( 0 ) #define set_xen_guest_handle(hnd, val) set_xen_guest_handle_raw(hnd, val) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 18:22:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 18:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701360.1095757 (Exim 4.92) (envelope-from ) id 1rsoCe-0007q5-39; Fri, 05 Apr 2024 18:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701360.1095757; Fri, 05 Apr 2024 18:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCe-0007px-0W; Fri, 05 Apr 2024 18:22:16 +0000 Received: by outflank-mailman (input) for mailman id 701360; Fri, 05 Apr 2024 18:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCc-0007pl-1o for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCc-0006qu-11 for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsoCc-0002Ab-03 for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=K1HP9W3ndabT3ldtfib60JVsKBBhok/jd2fZzsbUbVo=; b=QXMU3GC91BPF7nINJr9AMLAXbs 5/1jSIjYRbUr0xMYQ+L6WrXm4gzYQouZXpN7w5k3dhHOTTQyg6C/TXT/IWEo3Rm0BLn9PUPeHlTIM ceos0Ql9gUnhhFi4KoX8xzffkqVO6CqeBHQY033AEnEBPjyVFTI8+3ri/Sn7EPKo4eKw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation/eclair: add deviations for Rule 20.7 Message-Id: Date: Fri, 05 Apr 2024 18:22:14 +0000 commit 80d28865e181ae51d2a2f7cea5f0332ea5d845ee Author: Nicola Vetrini AuthorDate: Fri Mar 29 10:11:33 2024 +0100 Commit: Stefano Stabellini CommitDate: Fri Apr 5 11:15:47 2024 -0700 automation/eclair: add deviations for Rule 20.7 These deviations deal with the following cases: - macro arguments used directly as initializer list arguments; - uses of the __config_enabled macro, that can't be brought into compliance without breaking its functionality; - exclude files that are out of scope (efi headers and cpu_idle); - uses of alternative_{call,vcall}[0-9] macros. The existing configuration for R20.7 is reordered so that it matches the cases listed in its documentation comment. Signed-off-by: Nicola Vetrini Reviewed-by: Stefano Stabellini --- automation/eclair_analysis/ECLAIR/deviations.ecl | 25 ++++++++++++++++++++++-- docs/misra/deviations.rst | 14 ++++++++++++- docs/misra/rules.rst | 2 +- 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index de9ba723fb..70756503f5 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -401,12 +401,33 @@ unexpected result when the structure is given as argument to a sizeof() operator -doc_begin="Code violating Rule 20.7 is safe when macro parameters are used: (1) as function arguments; (2) as macro arguments; (3) as array indices; (4) as lhs -in assignments." +in assignments; (5) as initializers, possibly designated, in initalizer lists." -config=MC3R1.R20.7,expansion_context= {safe, "context(__call_expr_arg_contexts)"}, +{safe, "left_right(^[(,\\[]$,^[),\\]]$)"}, {safe, "context(skip_to(__expr_non_syntactic_contexts, stmt_child(node(array_subscript_expr), subscript)))"}, {safe, "context(skip_to(__expr_non_syntactic_contexts, stmt_child(operator(assign), lhs)))"}, -{safe, "left_right(^[(,\\[]$,^[),\\]]$)"} +{safe, "context(skip_to(__expr_non_syntactic_contexts, stmt_child(node(init_list_expr||designated_init_expr), init)))"} +-doc_end + +-doc_begin="Violations involving the __config_enabled macros cannot be fixed without +breaking the macro's logic; futhermore, the macro is only ever used in the context +of the IS_ENABLED or STATIC_IF/STATIC_IF_NOT macros, so it always receives a literal +0 or 1 as input, posing no risk to safety." +-config=MC3R1.R20.7,reports+={safe, "any_area(any_loc(any_exp(macro(^___config_enabled$))))"} +-doc_end + +-doc_begin="Violations due to the use of macros defined in files that are +not in scope for compliance are allowed, as that is imported code." +-file_tag+={gnu_efi_include, "^xen/include/efi/.*$"} +-file_tag+={acpi_cpu_idle, "^xen/arch/x86/acpi/cpu_idle\\.c$"} +-config=MC3R1.R20.7,reports+={safe, "any_area(any_loc(file(gnu_efi_include)))"} +-config=MC3R1.R20.7,reports+={safe, "any_area(any_loc(file(acpi_cpu_idle)))"} +-doc_end + +-doc_begin="To avoid compromising readability, the macros alternative_(v)?call[0-9] are allowed +not to parenthesize their arguments." +-config=MC3R1.R20.7,reports+={safe, "any_area(any_loc(any_exp(macro(^alternative_(v)?call[0-9]$))))"} -doc_end -doc_begin="Uses of variadic macros that have one of their arguments defined as diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index eb5ef2bd9d..5fdacfd420 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -345,7 +345,19 @@ Deviations related to MISRA C:2012 Rules: (1) as function arguments; (2) as macro arguments; (3) as array indices; - (4) as lhs in assignments. + (4) as lhs in assignments; + (5) as initializers, possibly designated, in initalizer lists. + - Tagged as `safe` for ECLAIR. + + * - R20.7 + - Violations due to the use of macros defined in files that are not + in scope for compliance are allowed, as that is imported code. + - Tagged as `safe` for ECLAIR. + + * - R20.7 + - To avoid compromising readability, the macros `alternative_(v)?call[0-9]` + are allowed not to parenthesize their arguments, as there are already + sanity checks in place. - Tagged as `safe` for ECLAIR. * - R20.12 diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index 79487cf91c..86f4ad0ab3 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -561,7 +561,7 @@ maintainers if you want to suggest a change. shall be enclosed in parentheses - Extra parentheses are not required when macro parameters are used as function arguments, as macro arguments, array indices, lhs in - assignments + assignments or as initializers in initalizer lists. * - `Rule 20.9 `_ - Required -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 18:22:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 18:22:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701361.1095761 (Exim 4.92) (envelope-from ) id 1rsoCo-0007sw-4V; Fri, 05 Apr 2024 18:22:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701361.1095761; Fri, 05 Apr 2024 18:22:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCo-0007so-1x; Fri, 05 Apr 2024 18:22:26 +0000 Received: by outflank-mailman (input) for mailman id 701361; Fri, 05 Apr 2024 18:22:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCm-0007sQ-5T for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCm-0006r3-4f for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsoCm-0002B1-36 for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IA3nhTbg2fHS1haKwQu9IuG+m2mQqS4uBeSCPio2Pfc=; b=HC6vSJwKeIp9PNtUlmNXM3kSb/ E9fsi5glHKNoMkAiilx/7QEtQOq2mTtNaMOCbl2fP/GFXwWp0TiP/vaxs98MhU2VKkvrPv/GclC4A XuxchC3bb0tZCw5eOAgtIMiMSESJIpkaY/1NMEj5pFHsxvXMAht1uMMFGbMEOWein3DI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MISRA C:2012 Rule 17.1 states: The features of `' shall not be used Message-Id: Date: Fri, 05 Apr 2024 18:22:24 +0000 commit ea33a6e1e377d2ac90b2283d80e01a1a1d9b391b Author: Simone Ballarin AuthorDate: Thu Mar 28 11:29:34 2024 +0100 Commit: Stefano Stabellini CommitDate: Fri Apr 5 11:15:47 2024 -0700 MISRA C:2012 Rule 17.1 states: The features of `' shall not be used The Xen community wants to avoid using variadic functions except for specific circumstances where it feels appropriate by strict code review. Add deviation for printf()-like functions. Signed-off-by: Simone Ballarin Reviewed-by: Stefano Stabellini --- automation/eclair_analysis/ECLAIR/deviations.ecl | 13 +++++++++++++ docs/misra/deviations.rst | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 70756503f5..0230b41c6d 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -386,6 +386,19 @@ explicit comment indicating the fallthrough intention is present." -config=MC3R1.R16.6,switch_clauses+={deliberate, "default(0)"} -doc_end +# +# Series 17. +# + +-doc_begin="printf()-like functions are allowed to use the variadic features provided by stdarg.h." +-config=MC3R1.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printk\(.*\)$)))"} +-config=MC3R1.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printf\(.*\)$)))"} +-config=MC3R1.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(panic)&&kind(function))))"} +-config=MC3R1.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(elf_call_log_callback)&&kind(function))))"} +-config=MC3R1.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(vprintk_common)&&kind(function))))"} +-config=MC3R1.R17.1,macros+={hide , "^va_(arg|start|copy|end)$"} +-doc_end + # # Series 18. # diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 5fdacfd420..32b02905d1 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -334,6 +334,11 @@ Deviations related to MISRA C:2012 Rules: improve readability. - Tagged as `deliberate` for ECLAIR. + * - R17.1 + - printf()-like functions are allowed to use the variadic features provided + by `stdarg.h`. + - Tagged as `deliberate` for ECLAIR. + * - R20.4 - The override of the keyword \"inline\" in xen/compiler.h is present so that section contents checks pass when the compiler chooses not to -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 18:22:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 18:22:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701362.1095765 (Exim 4.92) (envelope-from ) id 1rsoCy-0007wF-6f; Fri, 05 Apr 2024 18:22:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701362.1095765; Fri, 05 Apr 2024 18:22:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCy-0007w7-3Q; Fri, 05 Apr 2024 18:22:36 +0000 Received: by outflank-mailman (input) for mailman id 701362; Fri, 05 Apr 2024 18:22:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCw-0007vf-9M for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsoCw-0006rD-8R for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsoCw-0002BQ-6j for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 18:22:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2qtE0p5PLW/yb+1b4gSbJlvAkf3VufCJap7S4IvxdtY=; b=p9+NILVMmZb7ZvNXggswb6yuQF +NG8LjEiIq1S0wt05MdfgdUWOGKdUYq0lrjcBkyuUdTfa6C3fGRMPaa2ZAX5v1SqZQ6c3cYRjBjQC IbwPgg0gJAtOs0fW8B1BiaGcBSE6pqtRSlO8CxTpQEDxGBf+x86c7y17hvOTj0/jMeKQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MISRA C Rule 17.1 states: "The features of `' shall not be used" Message-Id: Date: Fri, 05 Apr 2024 18:22:34 +0000 commit 402c2d3e66a6bc9481dcabfc8697750dc4beabed Author: Simone Ballarin AuthorDate: Thu Mar 28 11:29:35 2024 +0100 Commit: Stefano Stabellini CommitDate: Fri Apr 5 11:15:47 2024 -0700 MISRA C Rule 17.1 states: "The features of `' shall not be used" The Xen community wants to avoid using variadic functions except for specific circumstances where it feels appropriate by strict code review. Functions hypercall_create_continuation and hypercall_xlat_continuation are internal helper functions made to break long running hypercalls into multiple calls. They take a variable number of arguments depending on the original hypercall they are trying to continue. Add SAF deviations for the aforementioned functions. Signed-off-by: Simone Ballarin Reviewed-by: Stefano Stabellini --- docs/misra/safe.json | 8 ++++++++ xen/arch/arm/domain.c | 1 + xen/arch/x86/hypercall.c | 2 ++ 3 files changed, 11 insertions(+) diff --git a/docs/misra/safe.json b/docs/misra/safe.json index d361d0e65c..fe2bc18509 100644 --- a/docs/misra/safe.json +++ b/docs/misra/safe.json @@ -36,6 +36,14 @@ }, { "id": "SAF-4-safe", + "analyser": { + "eclair": "MC3R1.R17.1" + }, + "name": "Rule 17.1: internal helper functions made to break long running hypercalls into multiple calls.", + "text": "They need to take a variable number of arguments depending on the original hypercall they are trying to continue." + }, + { + "id": "SAF-5-safe", "analyser": {}, "name": "Sentinel", "text": "Next ID to be used" diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index f38cb5e04c..34cbfe699a 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -382,6 +382,7 @@ unsigned long hypercall_create_continuation( const char *p = format; unsigned long arg, rc; unsigned int i; + /* SAF-4-safe allowed variadic function */ va_list args; current->hcall_preempted = true; diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 01cd73040d..133e9f221c 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -31,6 +31,7 @@ unsigned long hypercall_create_continuation( const char *p = format; unsigned long arg; unsigned int i; + /* SAF-4-safe allowed variadic function */ va_list args; curr->hcall_preempted = true; @@ -115,6 +116,7 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, struct cpu_user_regs *regs; unsigned int i, cval = 0; unsigned long nval = 0; + /* SAF-4-safe allowed variadic function */ va_list args; ASSERT(nr <= ARRAY_SIZE(mcs->call.args)); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 23:22:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 23:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701385.1095819 (Exim 4.92) (envelope-from ) id 1rsssl-0000xm-G4; Fri, 05 Apr 2024 23:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701385.1095819; Fri, 05 Apr 2024 23:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsssl-0000xf-DD; Fri, 05 Apr 2024 23:22:03 +0000 Received: by outflank-mailman (input) for mailman id 701385; Fri, 05 Apr 2024 23:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsssk-0000xX-9I for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 23:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsssj-0004Nc-Sd for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 23:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rsssj-0001b7-Qn for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 23:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3ezwb9S5A0hAP+hVhxfDry7B/jRu8+50kVXcEAbmRJ0=; b=CW5RNyCRHNuBnW/XdPREbSB9tG S/AumnqHJ69CQHUo9lVR3xenDt4Y5zD2hWybUjjt7q6zAUBULZb2vSpEgmRGxTpzAvauvNXthgclT ZUIa8tIyeLdE9cWg3MwlF0sho65Luh6MAPNTe/H++BpRwtDw4BhisUmUwHMsl5SGHPRY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] drivers: char: Drop useless suspend/resume stubs in Arm drivers Message-Id: Date: Fri, 05 Apr 2024 23:22:01 +0000 commit 4932163b358f0a577395b797d430eafc9b8ec442 Author: Michal Orzel AuthorDate: Thu Apr 4 09:51:42 2024 +0200 Commit: Stefano Stabellini CommitDate: Thu Apr 4 16:35:58 2024 -0700 drivers: char: Drop useless suspend/resume stubs in Arm drivers On Arm we don't use console_{suspend,resume} and the corresponding stubs in serial drivers are being redundantly copied whenever a new driver is added. Drop them as well as useless .endboot = NULL assignment. Signed-off-by: Michal Orzel Reviewed-by: Jan Beulich Acked-by: Stefano Stabellini --- xen/drivers/char/cadence-uart.c | 13 ------------- xen/drivers/char/exynos4210-uart.c | 13 ------------- xen/drivers/char/imx-lpuart.c | 13 ------------- xen/drivers/char/meson-uart.c | 13 ------------- xen/drivers/char/mvebu-uart.c | 13 ------------- xen/drivers/char/omap-uart.c | 13 ------------- xen/drivers/char/pl011.c | 13 ------------- xen/drivers/char/scif-uart.c | 13 ------------- 8 files changed, 104 deletions(-) diff --git a/xen/drivers/char/cadence-uart.c b/xen/drivers/char/cadence-uart.c index 3618fa88d8..b2f379833f 100644 --- a/xen/drivers/char/cadence-uart.c +++ b/xen/drivers/char/cadence-uart.c @@ -90,16 +90,6 @@ static void __init cuart_init_postirq(struct serial_port *port) cuart_write(uart, R_UART_IER, UART_SR_INTR_RTRIG); } -static void cuart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void cuart_resume(struct serial_port *port) -{ - BUG(); -} - static int cuart_tx_ready(struct serial_port *port) { struct cuart *uart = port->uart; @@ -143,9 +133,6 @@ static const struct vuart_info *cuart_vuart(struct serial_port *port) static struct uart_driver __read_mostly cuart_driver = { .init_preirq = cuart_init_preirq, .init_postirq = cuart_init_postirq, - .endboot = NULL, - .suspend = cuart_suspend, - .resume = cuart_resume, .tx_ready = cuart_tx_ready, .putc = cuart_putc, .getc = cuart_getc, diff --git a/xen/drivers/char/exynos4210-uart.c b/xen/drivers/char/exynos4210-uart.c index b29fd75c5a..58901df554 100644 --- a/xen/drivers/char/exynos4210-uart.c +++ b/xen/drivers/char/exynos4210-uart.c @@ -212,16 +212,6 @@ static void __init exynos4210_uart_init_postirq(struct serial_port *port) exynos4210_write(uart, UMCON, exynos4210_read(uart, UMCON) | UMCON_INT_EN); } -static void exynos4210_uart_suspend(struct serial_port *port) -{ - BUG(); // XXX -} - -static void exynos4210_uart_resume(struct serial_port *port) -{ - BUG(); // XXX -} - static int exynos4210_uart_tx_ready(struct serial_port *port) { struct exynos4210_uart *uart = port->uart; @@ -286,9 +276,6 @@ static const struct vuart_info *exynos4210_vuart_info(struct serial_port *port) static struct uart_driver __read_mostly exynos4210_uart_driver = { .init_preirq = exynos4210_uart_init_preirq, .init_postirq = exynos4210_uart_init_postirq, - .endboot = NULL, - .suspend = exynos4210_uart_suspend, - .resume = exynos4210_uart_resume, .tx_ready = exynos4210_uart_tx_ready, .putc = exynos4210_uart_putc, .getc = exynos4210_uart_getc, diff --git a/xen/drivers/char/imx-lpuart.c b/xen/drivers/char/imx-lpuart.c index 522680a25c..faf4693b66 100644 --- a/xen/drivers/char/imx-lpuart.c +++ b/xen/drivers/char/imx-lpuart.c @@ -101,16 +101,6 @@ static void __init imx_lpuart_init_postirq(struct serial_port *port) imx_lpuart_write(uart, UARTCTRL, temp); } -static void imx_lpuart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void imx_lpuart_resume(struct serial_port *port) -{ - BUG(); -} - static int imx_lpuart_tx_ready(struct serial_port *port) { struct imx_lpuart *uart = port->uart; @@ -185,9 +175,6 @@ static void imx_lpuart_stop_tx(struct serial_port *port) static struct uart_driver __read_mostly imx_lpuart_driver = { .init_preirq = imx_lpuart_init_preirq, .init_postirq = imx_lpuart_init_postirq, - .endboot = NULL, - .suspend = imx_lpuart_suspend, - .resume = imx_lpuart_resume, .tx_ready = imx_lpuart_tx_ready, .putc = imx_lpuart_putc, .getc = imx_lpuart_getc, diff --git a/xen/drivers/char/meson-uart.c b/xen/drivers/char/meson-uart.c index 694381986d..407a276085 100644 --- a/xen/drivers/char/meson-uart.c +++ b/xen/drivers/char/meson-uart.c @@ -116,16 +116,6 @@ static void __init meson_uart_init_postirq(struct serial_port *port) (AML_UART_RX_INT_EN | AML_UART_TX_INT_EN)); } -static void meson_uart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void meson_uart_resume(struct serial_port *port) -{ - BUG(); -} - static void meson_uart_putc(struct serial_port *port, char c) { struct meson_uart *uart = port->uart; @@ -191,9 +181,6 @@ static int meson_uart_tx_ready(struct serial_port *port) static struct uart_driver __read_mostly meson_uart_driver = { .init_preirq = meson_uart_init_preirq, .init_postirq = meson_uart_init_postirq, - .endboot = NULL, - .suspend = meson_uart_suspend, - .resume = meson_uart_resume, .putc = meson_uart_putc, .getc = meson_uart_getc, .tx_ready = meson_uart_tx_ready, diff --git a/xen/drivers/char/mvebu-uart.c b/xen/drivers/char/mvebu-uart.c index 1913fe8b5f..db2418576c 100644 --- a/xen/drivers/char/mvebu-uart.c +++ b/xen/drivers/char/mvebu-uart.c @@ -125,16 +125,6 @@ static void __init mvebu3700_uart_init_postirq(struct serial_port *port) mvebu3700_write(uart, UART_CTRL_REG, reg); } -static void mvebu3700_uart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void mvebu3700_uart_resume(struct serial_port *port) -{ - BUG(); -} - static void mvebu3700_uart_putc(struct serial_port *port, char c) { struct mvebu3700_uart *uart = port->uart; @@ -213,9 +203,6 @@ static int mvebu3700_uart_tx_ready(struct serial_port *port) static struct uart_driver __read_mostly mvebu3700_uart_driver = { .init_preirq = mvebu3700_uart_init_preirq, .init_postirq = mvebu3700_uart_init_postirq, - .endboot = NULL, - .suspend = mvebu3700_uart_suspend, - .resume = mvebu3700_uart_resume, .putc = mvebu3700_uart_putc, .getc = mvebu3700_uart_getc, .tx_ready = mvebu3700_uart_tx_ready, diff --git a/xen/drivers/char/omap-uart.c b/xen/drivers/char/omap-uart.c index e4f5be2289..f4368c158c 100644 --- a/xen/drivers/char/omap-uart.c +++ b/xen/drivers/char/omap-uart.c @@ -242,16 +242,6 @@ static void __init omap_uart_init_postirq(struct serial_port *port) omap_write(uart, UART_IER, UART_IER_ERDAI|UART_IER_ETHREI|UART_IER_ELSI); } -static void omap_uart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void omap_uart_resume(struct serial_port *port) -{ - BUG(); -} - static int omap_uart_tx_ready(struct serial_port *port) { struct omap_uart *uart = port->uart; @@ -307,9 +297,6 @@ static const struct vuart_info *omap_vuart_info(struct serial_port *port) static struct uart_driver __read_mostly omap_uart_driver = { .init_preirq = omap_uart_init_preirq, .init_postirq = omap_uart_init_postirq, - .endboot = NULL, - .suspend = omap_uart_suspend, - .resume = omap_uart_resume, .tx_ready = omap_uart_tx_ready, .putc = omap_uart_putc, .getc = omap_uart_getc, diff --git a/xen/drivers/char/pl011.c b/xen/drivers/char/pl011.c index 7260a988ca..5f9913367d 100644 --- a/xen/drivers/char/pl011.c +++ b/xen/drivers/char/pl011.c @@ -166,16 +166,6 @@ static void __init pl011_init_postirq(struct serial_port *port) pl011_write(uart, IMSC, RTI|OEI|BEI|PEI|FEI|TXI|RXI); } -static void pl011_suspend(struct serial_port *port) -{ - BUG(); // XXX -} - -static void pl011_resume(struct serial_port *port) -{ - BUG(); // XXX -} - static int pl011_tx_ready(struct serial_port *port) { struct pl011 *uart = port->uart; @@ -232,9 +222,6 @@ static void pl011_tx_start(struct serial_port *port) static struct uart_driver __read_mostly pl011_driver = { .init_preirq = pl011_init_preirq, .init_postirq = pl011_init_postirq, - .endboot = NULL, - .suspend = pl011_suspend, - .resume = pl011_resume, .tx_ready = pl011_tx_ready, .putc = pl011_putc, .getc = pl011_getc, diff --git a/xen/drivers/char/scif-uart.c b/xen/drivers/char/scif-uart.c index b7f86f882c..757793ca45 100644 --- a/xen/drivers/char/scif-uart.c +++ b/xen/drivers/char/scif-uart.c @@ -195,16 +195,6 @@ static void __init scif_uart_init_postirq(struct serial_port *port) params->irq_flags); } -static void scif_uart_suspend(struct serial_port *port) -{ - BUG(); -} - -static void scif_uart_resume(struct serial_port *port) -{ - BUG(); -} - static int scif_uart_tx_ready(struct serial_port *port) { struct scif_uart *uart = port->uart; @@ -284,9 +274,6 @@ static void scif_uart_stop_tx(struct serial_port *port) static struct uart_driver __read_mostly scif_uart_driver = { .init_preirq = scif_uart_init_preirq, .init_postirq = scif_uart_init_postirq, - .endboot = NULL, - .suspend = scif_uart_suspend, - .resume = scif_uart_resume, .tx_ready = scif_uart_tx_ready, .putc = scif_uart_putc, .getc = scif_uart_getc, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 05 23:22:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 05 Apr 2024 23:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701386.1095822 (Exim 4.92) (envelope-from ) id 1rsssv-000103-Hb; Fri, 05 Apr 2024 23:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701386.1095822; Fri, 05 Apr 2024 23:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsssv-0000zv-Ej; Fri, 05 Apr 2024 23:22:13 +0000 Received: by outflank-mailman (input) for mailman id 701386; Fri, 05 Apr 2024 23:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsssu-0000zh-2R for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 23:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rsssu-0004Nx-1j for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 23:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rssst-0001c3-Uj for xen-changelog@lists.xenproject.org; Fri, 05 Apr 2024 23:22:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O9P3tjtzQkMa15N2AXZJGVc+Gak1lJ1Hs6je7Wf3dxQ=; b=xUlXFBxgSw1Yr0Prz1Cv2uZ2GR TdF6wmCxg5SoXTU5hmQV46r+AqORygBHpPUtUCOXST1GXgYCOZuDTJPNiT4/+NtSvG2E7YZRdnUK0 dT54XeU5/CmvReWt4QIA4z+kpGVZvON8SUhSAkSF//e+/PdFVjq0q2jhbxa+QuGq91Xk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] char: lpuart: Drop useless variables from UART structure Message-Id: Date: Fri, 05 Apr 2024 23:22:11 +0000 commit 270588b9b2b751b0bb6b36f4853cb13005e4706f Author: Michal Orzel AuthorDate: Thu Apr 4 09:51:43 2024 +0200 Commit: Stefano Stabellini CommitDate: Thu Apr 4 16:36:25 2024 -0700 char: lpuart: Drop useless variables from UART structure These variables are useless. They are being assigned a value which is never used since UART is expected to be pre-configured. No functional change. Signed-off-by: Michal Orzel Reviewed-by: Stefano Stabellini --- xen/drivers/char/imx-lpuart.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/xen/drivers/char/imx-lpuart.c b/xen/drivers/char/imx-lpuart.c index faf4693b66..7770d158bf 100644 --- a/xen/drivers/char/imx-lpuart.c +++ b/xen/drivers/char/imx-lpuart.c @@ -30,7 +30,6 @@ #define imx_lpuart_write(uart, off, val) writel((val), (uart)->regs + (off)) static struct imx_lpuart { - uint32_t baud, clock_hz, data_bits, parity, stop_bits, fifo_size; uint32_t irq; char __iomem *regs; struct irqaction irqaction; @@ -197,11 +196,6 @@ static int __init imx_lpuart_init(struct dt_device_node *dev, uart = &imx8_com; - uart->baud = 115200; - uart->data_bits = 8; - uart->parity = 0; - uart->stop_bits = 1; - res = dt_device_get_paddr(dev, 0, &addr, &size); if ( res ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 06 10:11:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 06 Apr 2024 10:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701445.1095850 (Exim 4.92) (envelope-from ) id 1rt30p-0006Ss-Cj; Sat, 06 Apr 2024 10:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701445.1095850; Sat, 06 Apr 2024 10:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt30p-0006Sj-9c; Sat, 06 Apr 2024 10:11:03 +0000 Received: by outflank-mailman (input) for mailman id 701445; Sat, 06 Apr 2024 10:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt30o-0006Sb-86 for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt30n-0000ZJ-O9 for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rt30n-0001JM-MY for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gn/6AjH8TlfTlk9jVnEHJh+ii+B5IAO9ziW8Q4cvMMY=; b=z1QnZJrAuxXcpK2XagK2CoEdmZ 9D/NcU48ipF7DFa7OobYp2IoEeVWpasclXimg3YB/d4KkM7IPgBoDwPZgH9Qc6H/fTzwV0UxGCmrn HdhdqtwYSorCTkEchj7PQAIcwqnpXq7qYFFbhwNqXOICh5uFpd+w0exF4+5J8W2HJubk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch Message-Id: Date: Sat, 06 Apr 2024 10:11:01 +0000 commit b33f191e3ca99458fdcea1cb5a29dfa4965d1604 Author: Andrew Cooper AuthorDate: Wed Apr 3 17:43:42 2024 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 5 14:53:59 2024 +0100 x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch It turns out there is something wonky on some but not all CPUs with MSR_TSX_FORCE_ABORT. The presence of RTM_ALWAYS_ABORT causes Xen to think it's safe to offer HLE/RTM to guests, but in this case, XBEGIN instructions genuinely #UD. Spot this case and try to back out as cleanly as we can. Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich --- xen/arch/x86/tsx.c | 55 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 50d8059f23..fbdd05971c 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -1,5 +1,6 @@ #include #include +#include #include /* @@ -9,6 +10,7 @@ * -1 => Default, altered to 0/1 (if unspecified) by: * - TAA heuristics/settings for speculative safety * - "TSX vs PCR3" select for TSX memory ordering safety + * -2 => Implicit tsx=0 (from RTM_ALWAYS_ABORT vs RTM mismatch) * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) * * This is arranged such that the bottom bit encodes whether TSX is actually @@ -114,11 +116,50 @@ void tsx_init(void) if ( cpu_has_tsx_force_abort ) { + uint64_t val; + /* - * On an early TSX-enable Skylake part subject to the memory + * On an early TSX-enabled Skylake part subject to the memory * ordering erratum, with at least the March 2019 microcode. */ + rdmsrl(MSR_TSX_FORCE_ABORT, val); + + /* + * At the time of writing (April 2024), it was discovered that + * some parts (e.g. CoffeeLake 8th Gen, 06-9e-0a, ucode 0xf6) + * advertise RTM_ALWAYS_ABORT, but XBEGIN instructions #UD. Other + * similar parts (e.g. KabyLake Xeon-E3, 06-9e-09, ucode 0xf8) + * operate as expected. + * + * In this case: + * - RTM_ALWAYS_ABORT and MSR_TSX_FORCE_ABORT are enumerated. + * - XBEGIN instructions genuinely #UD. + * - MSR_TSX_FORCE_ABORT appears to be write-discard and fails to + * hold its value. + * - HLE and RTM are not enumerated, despite + * MSR_TSX_FORCE_ABORT.TSX_CPUID_CLEAR being clear. + * + * Spot RTM being unavailable without CLEAR_CPUID being set, and + * treat it as if no TSX is available at all. This will prevent + * Xen from thinking it's safe to offer HLE/RTM to VMs. + */ + if ( val == 0 && cpu_has_rtm_always_abort && !cpu_has_rtm ) + { + printk(XENLOG_ERR + "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RTM_ALWAYS_ABORT vs RTM mismatch\n", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_mask, this_cpu(cpu_sig).rev); + + setup_clear_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + setup_clear_cpu_cap(X86_FEATURE_TSX_FORCE_ABORT); + + if ( opt_tsx < 0 ) + opt_tsx = -2; + + goto done_probe; + } + /* * Probe for the June 2021 microcode which de-features TSX on * client parts. (Note - this is a subset of parts impacted by @@ -128,15 +169,8 @@ void tsx_init(void) * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. */ - if ( !has_rtm_always_abort ) - { - uint64_t val; - - rdmsrl(MSR_TSX_FORCE_ABORT, val); - - if ( val & TSX_ENABLE_RTM ) - has_rtm_always_abort = true; - } + if ( val & TSX_ENABLE_RTM ) + has_rtm_always_abort = true; /* * If no explicit tsx= option is provided, pick a default. @@ -191,6 +225,7 @@ void tsx_init(void) setup_force_cpu_cap(X86_FEATURE_RTM); } } + done_probe: /* * Note: MSR_TSX_CTRL is enumerated on TSX-enabled MDS_NO and later parts. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 06 10:11:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 06 Apr 2024 10:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701446.1095854 (Exim 4.92) (envelope-from ) id 1rt30z-0006UN-Dd; Sat, 06 Apr 2024 10:11:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701446.1095854; Sat, 06 Apr 2024 10:11:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt30z-0006UE-BB; Sat, 06 Apr 2024 10:11:13 +0000 Received: by outflank-mailman (input) for mailman id 701446; Sat, 06 Apr 2024 10:11:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt30x-0006Tz-Sz for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt30x-0000Za-Rw for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rt30x-0001KC-QX for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=v8fPGs1XmrLWe4lLudWgneSxtpNyRuDd49p8d6KKNX0=; b=Kt+ZQJ/BrJcMyw3pBH+GQwJODg i+CduAY4ms1D3AD6iAbPzity9318rBJEGJjE6WcbO7lfv9wNQArFT43+ZTgcc0+AcBDWE+w6j6owU rR0FdwkMOHUQo4je3+InF1x3ji8AxoS2EHkD1s7A3win8ZIvzCyA5IILe++0GEaaWBMk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: Address MISRA Rule 13.6 Message-Id: Date: Sat, 06 Apr 2024 10:11:11 +0000 commit e9b0f8b6909dcba9843250c486e80879b042fd65 Author: Andrew Cooper AuthorDate: Tue Apr 2 16:26:22 2024 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 5 14:54:53 2024 +0100 x86: Address MISRA Rule 13.6 MISRA Rule 13.6 doesn't like having an expression in a sizeof() which potentially has side effects, including function calls. Address several violations by pulling the expression out into a local variable. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/irq.c | 4 ++-- xen/arch/x86/time.c | 6 ++++-- xen/drivers/passthrough/amd/iommu_intr.c | 3 ++- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 0487f734a5..a042faf104 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -1149,9 +1149,9 @@ static void cf_check irq_guest_eoi_timer_fn(void *data) for ( i = 0; i < action->nr_guests; i++ ) { struct domain *d = action->guest[i]; - unsigned int pirq = domain_irq_to_pirq(d, irq); + struct pirq *pirq = pirq_info(d, domain_irq_to_pirq(d, irq)); - if ( test_and_clear_bool(pirq_info(d, pirq)->masked) ) + if ( test_and_clear_bool(pirq->masked) ) action->in_flight--; } diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 6087004789..6f136f4b14 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -2503,7 +2503,9 @@ static long cmos_utc_offset; /* in seconds */ int time_suspend(void) { - if ( smp_processor_id() == 0 ) + unsigned int cpu = smp_processor_id(); + + if ( cpu == 0 ) { cmos_utc_offset = -get_wallclock_time(); cmos_utc_offset += get_sec(); @@ -2514,7 +2516,7 @@ int time_suspend(void) } /* Better to cancel calibration timer for accuracy. */ - clear_bit(TIME_CALIBRATE_SOFTIRQ, &softirq_pending(smp_processor_id())); + clear_bit(TIME_CALIBRATE_SOFTIRQ, &softirq_pending(cpu)); return 0; } diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c index d9eefcd8e4..7fc796dec2 100644 --- a/xen/drivers/passthrough/amd/iommu_intr.c +++ b/xen/drivers/passthrough/amd/iommu_intr.c @@ -183,6 +183,7 @@ static void free_intremap_entry(const struct amd_iommu *iommu, unsigned int bdf, unsigned int index) { union irte_ptr entry = get_intremap_entry(iommu, bdf, index); + struct ivrs_mappings *ivrs = get_ivrs_mappings(iommu->seg); if ( iommu->ctrl.ga_en ) { @@ -201,7 +202,7 @@ static void free_intremap_entry(const struct amd_iommu *iommu, else ACCESS_ONCE(entry.ptr32->raw) = 0; - __clear_bit(index, get_ivrs_mappings(iommu->seg)[bdf].intremap_inuse); + __clear_bit(index, ivrs[bdf].intremap_inuse); } static void update_intremap_entry(const struct amd_iommu *iommu, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 06 10:11:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 06 Apr 2024 10:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701447.1095857 (Exim 4.92) (envelope-from ) id 1rt319-0006XB-FU; Sat, 06 Apr 2024 10:11:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701447.1095857; Sat, 06 Apr 2024 10:11:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt319-0006X4-Cm; Sat, 06 Apr 2024 10:11:23 +0000 Received: by outflank-mailman (input) for mailman id 701447; Sat, 06 Apr 2024 10:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt318-0006Wm-0i for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt317-0000Zn-W7 for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rt317-0001Km-U7 for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gnPO7dXo+R2tgjJNhHywQKfHQIq7Pc2AQ74louh1GH0=; b=stje6UefHL/vMT8tFRHM6YB3Ds G5SAJNBqZtgpqpZdKHqxivpgivyXtYiPIJ2C8x3Rg2hdA/uMXaNYJKs0NO9fj8lcE3vPZALCD4nrO y6zO2o4Q0DP4OL0bC+VRKeyJOFhBvpjDDD8otGp5RW0Aa65z6jf9T+xTV3Grk+lvdhwQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] arm/public: address violations of MISRA C Rule 20.7 Message-Id: Date: Sat, 06 Apr 2024 10:11:21 +0000 commit 6bdb67d19ecb8c8e561d975f5c62b6a8a5783f51 Author: Nicola Vetrini AuthorDate: Fri Mar 29 10:11:30 2024 +0100 Commit: Stefano Stabellini CommitDate: Fri Apr 5 11:15:47 2024 -0700 arm/public: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Reviewed-by: Stefano Stabellini --- xen/include/public/arch-arm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-arm.h b/xen/include/public/arch-arm.h index a25e87dbda..e167e14f8d 100644 --- a/xen/include/public/arch-arm.h +++ b/xen/include/public/arch-arm.h @@ -209,7 +209,7 @@ do { \ __typeof__(&(hnd)) _sxghr_tmp = &(hnd); \ _sxghr_tmp->q = 0; \ - _sxghr_tmp->p = val; \ + _sxghr_tmp->p = (val); \ } while ( 0 ) #define set_xen_guest_handle(hnd, val) set_xen_guest_handle_raw(hnd, val) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 06 10:11:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 06 Apr 2024 10:11:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701448.1095863 (Exim 4.92) (envelope-from ) id 1rt31J-0006bD-J5; Sat, 06 Apr 2024 10:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701448.1095863; Sat, 06 Apr 2024 10:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt31J-0006b5-Fv; Sat, 06 Apr 2024 10:11:33 +0000 Received: by outflank-mailman (input) for mailman id 701448; Sat, 06 Apr 2024 10:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt31I-0006ai-4K for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt31I-0000Zx-38 for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rt31I-0001LB-29 for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hkWB/PzQIzckbiLjYfNNoWLm+YlRzVK7CbQ2OJZWcIU=; b=kbWlGhq2DluVIjBsDQ0o4lr7Wi AozsQxsrcPxfPklg+pxtbfxwXtccZYJjZV5OmL5JzKB4e770ujs6tDVTyIjVU+XvAD81x2EMXrAKc 6Dt+yZ9t+n/4JBs4K/pdBCHZO7VzGBfh5JzQNCi31ck6ivANaT6KJcBTTt63UCDUkaEk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] automation/eclair: add deviations for Rule 20.7 Message-Id: Date: Sat, 06 Apr 2024 10:11:32 +0000 commit 80d28865e181ae51d2a2f7cea5f0332ea5d845ee Author: Nicola Vetrini AuthorDate: Fri Mar 29 10:11:33 2024 +0100 Commit: Stefano Stabellini CommitDate: Fri Apr 5 11:15:47 2024 -0700 automation/eclair: add deviations for Rule 20.7 These deviations deal with the following cases: - macro arguments used directly as initializer list arguments; - uses of the __config_enabled macro, that can't be brought into compliance without breaking its functionality; - exclude files that are out of scope (efi headers and cpu_idle); - uses of alternative_{call,vcall}[0-9] macros. The existing configuration for R20.7 is reordered so that it matches the cases listed in its documentation comment. Signed-off-by: Nicola Vetrini Reviewed-by: Stefano Stabellini --- automation/eclair_analysis/ECLAIR/deviations.ecl | 25 ++++++++++++++++++++++-- docs/misra/deviations.rst | 14 ++++++++++++- docs/misra/rules.rst | 2 +- 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index de9ba723fb..70756503f5 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -401,12 +401,33 @@ unexpected result when the structure is given as argument to a sizeof() operator -doc_begin="Code violating Rule 20.7 is safe when macro parameters are used: (1) as function arguments; (2) as macro arguments; (3) as array indices; (4) as lhs -in assignments." +in assignments; (5) as initializers, possibly designated, in initalizer lists." -config=MC3R1.R20.7,expansion_context= {safe, "context(__call_expr_arg_contexts)"}, +{safe, "left_right(^[(,\\[]$,^[),\\]]$)"}, {safe, "context(skip_to(__expr_non_syntactic_contexts, stmt_child(node(array_subscript_expr), subscript)))"}, {safe, "context(skip_to(__expr_non_syntactic_contexts, stmt_child(operator(assign), lhs)))"}, -{safe, "left_right(^[(,\\[]$,^[),\\]]$)"} +{safe, "context(skip_to(__expr_non_syntactic_contexts, stmt_child(node(init_list_expr||designated_init_expr), init)))"} +-doc_end + +-doc_begin="Violations involving the __config_enabled macros cannot be fixed without +breaking the macro's logic; futhermore, the macro is only ever used in the context +of the IS_ENABLED or STATIC_IF/STATIC_IF_NOT macros, so it always receives a literal +0 or 1 as input, posing no risk to safety." +-config=MC3R1.R20.7,reports+={safe, "any_area(any_loc(any_exp(macro(^___config_enabled$))))"} +-doc_end + +-doc_begin="Violations due to the use of macros defined in files that are +not in scope for compliance are allowed, as that is imported code." +-file_tag+={gnu_efi_include, "^xen/include/efi/.*$"} +-file_tag+={acpi_cpu_idle, "^xen/arch/x86/acpi/cpu_idle\\.c$"} +-config=MC3R1.R20.7,reports+={safe, "any_area(any_loc(file(gnu_efi_include)))"} +-config=MC3R1.R20.7,reports+={safe, "any_area(any_loc(file(acpi_cpu_idle)))"} +-doc_end + +-doc_begin="To avoid compromising readability, the macros alternative_(v)?call[0-9] are allowed +not to parenthesize their arguments." +-config=MC3R1.R20.7,reports+={safe, "any_area(any_loc(any_exp(macro(^alternative_(v)?call[0-9]$))))"} -doc_end -doc_begin="Uses of variadic macros that have one of their arguments defined as diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index eb5ef2bd9d..5fdacfd420 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -345,7 +345,19 @@ Deviations related to MISRA C:2012 Rules: (1) as function arguments; (2) as macro arguments; (3) as array indices; - (4) as lhs in assignments. + (4) as lhs in assignments; + (5) as initializers, possibly designated, in initalizer lists. + - Tagged as `safe` for ECLAIR. + + * - R20.7 + - Violations due to the use of macros defined in files that are not + in scope for compliance are allowed, as that is imported code. + - Tagged as `safe` for ECLAIR. + + * - R20.7 + - To avoid compromising readability, the macros `alternative_(v)?call[0-9]` + are allowed not to parenthesize their arguments, as there are already + sanity checks in place. - Tagged as `safe` for ECLAIR. * - R20.12 diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index 79487cf91c..86f4ad0ab3 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -561,7 +561,7 @@ maintainers if you want to suggest a change. shall be enclosed in parentheses - Extra parentheses are not required when macro parameters are used as function arguments, as macro arguments, array indices, lhs in - assignments + assignments or as initializers in initalizer lists. * - `Rule 20.9 `_ - Required -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 06 10:11:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 06 Apr 2024 10:11:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701449.1095866 (Exim 4.92) (envelope-from ) id 1rt31T-0006dw-KZ; Sat, 06 Apr 2024 10:11:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701449.1095866; Sat, 06 Apr 2024 10:11:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt31T-0006do-Hg; Sat, 06 Apr 2024 10:11:43 +0000 Received: by outflank-mailman (input) for mailman id 701449; Sat, 06 Apr 2024 10:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt31S-0006dd-7k for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt31S-0000be-69 for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rt31S-0001Lb-5F for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QBcQgzlva/6AusvcTi/jLU28JGTplngeoaq1ci2dpJ4=; b=d9EvnM+iVF+4krPYTK0SloE3xX Z46Mq6hZpYGorUFBovrcvkZTc8gNjBV9wMDBbZ/rLiIm/aFN5T8ACcimSrbWWISYjBw9WJhvrYxKu YuGW/aSItR6n9s3dxZoNlfK9Dhm6a88eqlT4kNMnnF941ogRQqa6HZwazSIGKW2XTgAA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MISRA C:2012 Rule 17.1 states: The features of `' shall not be used Message-Id: Date: Sat, 06 Apr 2024 10:11:42 +0000 commit ea33a6e1e377d2ac90b2283d80e01a1a1d9b391b Author: Simone Ballarin AuthorDate: Thu Mar 28 11:29:34 2024 +0100 Commit: Stefano Stabellini CommitDate: Fri Apr 5 11:15:47 2024 -0700 MISRA C:2012 Rule 17.1 states: The features of `' shall not be used The Xen community wants to avoid using variadic functions except for specific circumstances where it feels appropriate by strict code review. Add deviation for printf()-like functions. Signed-off-by: Simone Ballarin Reviewed-by: Stefano Stabellini --- automation/eclair_analysis/ECLAIR/deviations.ecl | 13 +++++++++++++ docs/misra/deviations.rst | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 70756503f5..0230b41c6d 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -386,6 +386,19 @@ explicit comment indicating the fallthrough intention is present." -config=MC3R1.R16.6,switch_clauses+={deliberate, "default(0)"} -doc_end +# +# Series 17. +# + +-doc_begin="printf()-like functions are allowed to use the variadic features provided by stdarg.h." +-config=MC3R1.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printk\(.*\)$)))"} +-config=MC3R1.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printf\(.*\)$)))"} +-config=MC3R1.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(panic)&&kind(function))))"} +-config=MC3R1.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(elf_call_log_callback)&&kind(function))))"} +-config=MC3R1.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(vprintk_common)&&kind(function))))"} +-config=MC3R1.R17.1,macros+={hide , "^va_(arg|start|copy|end)$"} +-doc_end + # # Series 18. # diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 5fdacfd420..32b02905d1 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -334,6 +334,11 @@ Deviations related to MISRA C:2012 Rules: improve readability. - Tagged as `deliberate` for ECLAIR. + * - R17.1 + - printf()-like functions are allowed to use the variadic features provided + by `stdarg.h`. + - Tagged as `deliberate` for ECLAIR. + * - R20.4 - The override of the keyword \"inline\" in xen/compiler.h is present so that section contents checks pass when the compiler chooses not to -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 06 10:11:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 06 Apr 2024 10:11:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701450.1095870 (Exim 4.92) (envelope-from ) id 1rt31d-0006gY-Ma; Sat, 06 Apr 2024 10:11:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701450.1095870; Sat, 06 Apr 2024 10:11:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt31d-0006gR-JK; Sat, 06 Apr 2024 10:11:53 +0000 Received: by outflank-mailman (input) for mailman id 701450; Sat, 06 Apr 2024 10:11:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt31c-0006gI-BK for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rt31c-0000bo-9H for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rt31c-0001M0-8H for xen-changelog@lists.xenproject.org; Sat, 06 Apr 2024 10:11:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WGugcphzXPFSPAEDjPSOdtwFwcNnIATDsS/5VhFIwKU=; b=wnQAoq56YgzYOWgJL9hZxSIXC3 o0PU+bZlh1/7diP5yK+R+lhCEMHVAQLgxKUsH6YaHpTurDzrqz6GARNb9eFzMRLJFkOxMpP3QHAc1 u4m/zxjtFIJX3jlenSfFIuW5TiWPVJqAhQYbQxWVPMUftKsoGNn6J2HUF1w4IGIbYK1c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MISRA C Rule 17.1 states: "The features of `' shall not be used" Message-Id: Date: Sat, 06 Apr 2024 10:11:52 +0000 commit 402c2d3e66a6bc9481dcabfc8697750dc4beabed Author: Simone Ballarin AuthorDate: Thu Mar 28 11:29:35 2024 +0100 Commit: Stefano Stabellini CommitDate: Fri Apr 5 11:15:47 2024 -0700 MISRA C Rule 17.1 states: "The features of `' shall not be used" The Xen community wants to avoid using variadic functions except for specific circumstances where it feels appropriate by strict code review. Functions hypercall_create_continuation and hypercall_xlat_continuation are internal helper functions made to break long running hypercalls into multiple calls. They take a variable number of arguments depending on the original hypercall they are trying to continue. Add SAF deviations for the aforementioned functions. Signed-off-by: Simone Ballarin Reviewed-by: Stefano Stabellini --- docs/misra/safe.json | 8 ++++++++ xen/arch/arm/domain.c | 1 + xen/arch/x86/hypercall.c | 2 ++ 3 files changed, 11 insertions(+) diff --git a/docs/misra/safe.json b/docs/misra/safe.json index d361d0e65c..fe2bc18509 100644 --- a/docs/misra/safe.json +++ b/docs/misra/safe.json @@ -36,6 +36,14 @@ }, { "id": "SAF-4-safe", + "analyser": { + "eclair": "MC3R1.R17.1" + }, + "name": "Rule 17.1: internal helper functions made to break long running hypercalls into multiple calls.", + "text": "They need to take a variable number of arguments depending on the original hypercall they are trying to continue." + }, + { + "id": "SAF-5-safe", "analyser": {}, "name": "Sentinel", "text": "Next ID to be used" diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index f38cb5e04c..34cbfe699a 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -382,6 +382,7 @@ unsigned long hypercall_create_continuation( const char *p = format; unsigned long arg, rc; unsigned int i; + /* SAF-4-safe allowed variadic function */ va_list args; current->hcall_preempted = true; diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 01cd73040d..133e9f221c 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -31,6 +31,7 @@ unsigned long hypercall_create_continuation( const char *p = format; unsigned long arg; unsigned int i; + /* SAF-4-safe allowed variadic function */ va_list args; curr->hcall_preempted = true; @@ -115,6 +116,7 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, struct cpu_user_regs *regs; unsigned int i, cval = 0; unsigned long nval = 0; + /* SAF-4-safe allowed variadic function */ va_list args; ASSERT(nr <= ARRAY_SIZE(mcs->call.args)); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 07:33:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 07:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701765.1096217 (Exim 4.92) (envelope-from ) id 1rtjV3-00035Y-6U; Mon, 08 Apr 2024 07:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701765.1096217; Mon, 08 Apr 2024 07:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjV3-00035Q-3u; Mon, 08 Apr 2024 07:33:05 +0000 Received: by outflank-mailman (input) for mailman id 701765; Mon, 08 Apr 2024 07:33:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjV1-00033r-O4 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjV1-0002Ru-Ek for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtjV1-0007Us-Dp for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tkXuZnTkCxmZvm6rSWOXpnbE91At2zGTqFyUw5Ir4TM=; b=JFi+KL8fFLp04PE2mJ1c612HhR m8SVDb6U/kLxR6siAya0oPjvp6OQeR9Ct7CfUSzZS7E6jbzDi5XPTZIiDyBai+6oyeIBZ0dhs9L7l 5YPVg9D1ve/C1+HHIHumutODjqqNFlz8lnOZV/ILWwS7xTs2xONyZUqJYuSuCMDQCJyM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/spinlock: add explicit non-recursive locking functions Message-Id: Date: Mon, 08 Apr 2024 07:33:03 +0000 commit 3696a9f27d32f63dec52a073478ddb86ce2fadff Author: Juergen Gross AuthorDate: Mon Apr 8 09:16:23 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:16:23 2024 +0200 xen/spinlock: add explicit non-recursive locking functions In order to prepare a type-safe recursive spinlock structure, add explicitly non-recursive locking functions to be used for non-recursive locking of spinlocks, which are used recursively, too. Signed-off-by: Juergen Gross Acked-by: Jan Beulich Acked-by: Michal Orzel --- xen/arch/arm/mm.c | 4 ++-- xen/arch/x86/domain.c | 12 ++++++------ xen/arch/x86/mm.c | 12 ++++++------ xen/arch/x86/mm/mem_sharing.c | 8 ++++---- xen/arch/x86/mm/p2m-pod.c | 4 ++-- xen/arch/x86/mm/p2m.c | 4 ++-- xen/arch/x86/tboot.c | 4 ++-- xen/common/domctl.c | 4 ++-- xen/common/grant_table.c | 10 +++++----- xen/common/memory.c | 4 ++-- xen/common/numa.c | 4 ++-- xen/common/page_alloc.c | 16 ++++++++-------- xen/drivers/char/console.c | 16 ++++++++-------- xen/include/xen/spinlock.h | 29 +++++++++++++++++++++++------ 14 files changed, 74 insertions(+), 57 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index b15a18a494..def939172c 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -105,7 +105,7 @@ void share_xen_page_with_guest(struct page_info *page, struct domain *d, if ( page_get_owner(page) == d ) return; - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); /* * The incremented type count pins as writable or read-only. @@ -136,7 +136,7 @@ void share_xen_page_with_guest(struct page_info *page, struct domain *d, page_list_add_tail(page, &d->xenpage_list); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); } int xenmem_add_to_physmap_one( diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index a11c55f921..33a2830d9d 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -212,7 +212,7 @@ void dump_pageframe_info(struct domain *d) { unsigned long total[MASK_EXTR(PGT_type_mask, PGT_type_mask) + 1] = {}; - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_for_each ( page, &d->page_list ) { unsigned int index = MASK_EXTR(page->u.inuse.type_info, @@ -231,13 +231,13 @@ void dump_pageframe_info(struct domain *d) _p(mfn_x(page_to_mfn(page))), page->count_info, page->u.inuse.type_info); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); } if ( is_hvm_domain(d) ) p2m_pod_dump_data(d); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_for_each ( page, &d->xenpage_list ) { @@ -253,7 +253,7 @@ void dump_pageframe_info(struct domain *d) page->count_info, page->u.inuse.type_info); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); } void update_guest_memory_policy(struct vcpu *v, @@ -2448,10 +2448,10 @@ int domain_relinquish_resources(struct domain *d) d->arch.auto_unmask = 0; } - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_splice(&d->arch.relmem_list, &d->page_list); INIT_PAGE_LIST_HEAD(&d->arch.relmem_list); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); PROGRESS(xen): diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 631da8d7d2..9141912ae5 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -482,7 +482,7 @@ void share_xen_page_with_guest(struct page_info *page, struct domain *d, set_gpfn_from_mfn(mfn_x(page_to_mfn(page)), INVALID_M2P_ENTRY); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); /* The incremented type count pins as writable or read-only. */ page->u.inuse.type_info = @@ -502,7 +502,7 @@ void share_xen_page_with_guest(struct page_info *page, struct domain *d, page_list_add_tail(page, &d->xenpage_list); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); } void make_cr3(struct vcpu *v, mfn_t mfn) @@ -3597,11 +3597,11 @@ long do_mmuext_op( { bool drop_ref; - spin_lock(&pg_owner->page_alloc_lock); + nrspin_lock(&pg_owner->page_alloc_lock); drop_ref = (pg_owner->is_dying && test_and_clear_bit(_PGT_pinned, &page->u.inuse.type_info)); - spin_unlock(&pg_owner->page_alloc_lock); + nrspin_unlock(&pg_owner->page_alloc_lock); if ( drop_ref ) { pin_drop: @@ -4424,7 +4424,7 @@ int steal_page( * that it might be upon return from alloc_domheap_pages with * MEMF_no_owner set. */ - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); BUG_ON(page->u.inuse.type_info & (PGT_count_mask | PGT_locked | PGT_pinned)); @@ -4436,7 +4436,7 @@ int steal_page( if ( !(memflags & MEMF_no_refcount) && !domain_adjust_tot_pages(d, -1) ) drop_dom_ref = true; - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); if ( unlikely(drop_dom_ref) ) put_domain(d); diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index f58576c702..da28266ef0 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -740,11 +740,11 @@ static int page_make_private(struct domain *d, struct page_info *page) if ( !get_page(page, dom_cow) ) return -EINVAL; - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); if ( d->is_dying ) { - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); put_page(page); return -EBUSY; } @@ -752,7 +752,7 @@ static int page_make_private(struct domain *d, struct page_info *page) expected_type = (PGT_shared_page | PGT_validated | PGT_locked | 2); if ( page->u.inuse.type_info != expected_type ) { - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); put_page(page); return -EEXIST; } @@ -769,7 +769,7 @@ static int page_make_private(struct domain *d, struct page_info *page) if ( domain_adjust_tot_pages(d, 1) == 1 ) get_knownalive_domain(d); page_list_add_tail(page, &d->page_list); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); put_page(page); diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 674f321cf6..c48ea169b7 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -27,7 +27,7 @@ static always_inline void lock_page_alloc(struct p2m_domain *p2m) { page_alloc_mm_pre_lock(p2m->domain); - spin_lock(&(p2m->domain->page_alloc_lock)); + nrspin_lock(&(p2m->domain->page_alloc_lock)); page_alloc_mm_post_lock(p2m->domain, p2m->domain->arch.page_alloc_unlock_level); } @@ -35,7 +35,7 @@ static always_inline void lock_page_alloc(struct p2m_domain *p2m) static inline void unlock_page_alloc(struct p2m_domain *p2m) { page_alloc_mm_unlock(p2m->domain->arch.page_alloc_unlock_level); - spin_unlock(&(p2m->domain->page_alloc_lock)); + nrspin_unlock(&(p2m->domain->page_alloc_lock)); } /* diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 4c5a79eb53..ce742c12e0 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2234,7 +2234,7 @@ void audit_p2m(struct domain *d, /* Audit part two: walk the domain's page allocation list, checking * the m2p entries. */ - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_for_each ( page, &d->page_list ) { mfn = mfn_x(page_to_mfn(page)); @@ -2286,7 +2286,7 @@ void audit_p2m(struct domain *d, P2M_PRINTK("OK: mfn=%#lx, gfn=%#lx, p2mfn=%#lx\n", mfn, gfn, mfn_x(p2mfn)); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); pod_unlock(p2m); p2m_unlock(p2m); diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c index 4c254b4e34..ba0700d2d5 100644 --- a/xen/arch/x86/tboot.c +++ b/xen/arch/x86/tboot.c @@ -205,14 +205,14 @@ static void tboot_gen_domain_integrity(const uint8_t key[TB_KEY_SIZE], continue; printk("MACing Domain %u\n", d->domain_id); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_for_each(page, &d->page_list) { void *pg = __map_domain_page(page); vmac_update(pg, PAGE_SIZE, &ctx); unmap_domain_page(pg); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); if ( is_iommu_enabled(d) && is_vtd ) { diff --git a/xen/common/domctl.c b/xen/common/domctl.c index f2e0e36a17..43b0b074c3 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -622,14 +622,14 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { uint64_t new_max = op->u.max_mem.max_memkb >> (PAGE_SHIFT - 10); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); /* * NB. We removed a check that new_max >= current tot_pages; this means * that the domain will now be allowed to "ratchet" down to new_max. In * the meantime, while tot > max, all new allocations are disallowed. */ d->max_pages = min(new_max, (uint64_t)(typeof(d->max_pages))-1); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); break; } diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 7708930882..e98e9da520 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -2376,7 +2376,7 @@ gnttab_transfer( mfn = page_to_mfn(page); } - spin_lock(&e->page_alloc_lock); + nrspin_lock(&e->page_alloc_lock); /* * Check that 'e' will accept the page and has reservation @@ -2387,7 +2387,7 @@ gnttab_transfer( unlikely(domain_tot_pages(e) >= e->max_pages) || unlikely(!(e->tot_pages + 1)) ) { - spin_unlock(&e->page_alloc_lock); + nrspin_unlock(&e->page_alloc_lock); if ( e->is_dying ) gdprintk(XENLOG_INFO, "Transferee d%d is dying\n", @@ -2411,7 +2411,7 @@ gnttab_transfer( * safely drop the lock and re-aquire it later to add page to the * pagelist. */ - spin_unlock(&e->page_alloc_lock); + nrspin_unlock(&e->page_alloc_lock); okay = gnttab_prepare_for_transfer(e, d, gop.ref); /* @@ -2427,9 +2427,9 @@ gnttab_transfer( * Need to grab this again to safely free our "reserved" * page in the page total */ - spin_lock(&e->page_alloc_lock); + nrspin_lock(&e->page_alloc_lock); drop_dom_ref = !domain_adjust_tot_pages(e, -1); - spin_unlock(&e->page_alloc_lock); + nrspin_unlock(&e->page_alloc_lock); if ( okay /* i.e. e->is_dying due to the surrounding if() */ ) gdprintk(XENLOG_INFO, "Transferee d%d is now dying\n", diff --git a/xen/common/memory.c b/xen/common/memory.c index b3b05c2ec0..b4593f5f45 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -770,10 +770,10 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg) (1UL << in_chunk_order)) - (j * (1UL << exch.out.extent_order))); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); drop_dom_ref = (dec_count && !domain_adjust_tot_pages(d, -dec_count)); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); if ( drop_dom_ref ) put_domain(d); diff --git a/xen/common/numa.c b/xen/common/numa.c index 6374ba1721..28a09766fa 100644 --- a/xen/common/numa.c +++ b/xen/common/numa.c @@ -719,13 +719,13 @@ static void cf_check dump_numa(unsigned char key) memset(page_num_node, 0, sizeof(page_num_node)); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_for_each ( page, &d->page_list ) { i = page_to_nid(page); page_num_node[i]++; } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); for_each_online_node ( i ) printk(" Node %u: %u\n", i, page_num_node[i]); diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index c94834d71b..4d6ce726e3 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -516,7 +516,7 @@ int domain_set_outstanding_pages(struct domain *d, unsigned long pages) * must always take the global heap_lock rather than only in the much * rarer case that d->outstanding_pages is non-zero */ - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); spin_lock(&heap_lock); /* pages==0 means "unset" the claim. */ @@ -562,7 +562,7 @@ int domain_set_outstanding_pages(struct domain *d, unsigned long pages) out: spin_unlock(&heap_lock); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); return ret; } @@ -2348,7 +2348,7 @@ int assign_pages( int rc = 0; unsigned int i; - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); if ( unlikely(d->is_dying) ) { @@ -2430,7 +2430,7 @@ int assign_pages( } out: - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); return rc; } @@ -2909,9 +2909,9 @@ mfn_t acquire_reserved_page(struct domain *d, unsigned int memflags) ASSERT_ALLOC_CONTEXT(); /* Acquire a page from reserved page list(resv_page_list). */ - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page = page_list_remove_head(&d->resv_page_list); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); if ( unlikely(!page) ) return INVALID_MFN; @@ -2930,9 +2930,9 @@ mfn_t acquire_reserved_page(struct domain *d, unsigned int memflags) */ unprepare_staticmem_pages(page, 1, false); fail: - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_add_tail(page, &d->resv_page_list); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); return INVALID_MFN; } #endif diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index e185f80efe..05638e32bb 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -368,9 +368,9 @@ long read_console_ring(struct xen_sysctl_readconsole *op) if ( op->clear ) { - spin_lock_irq(&console_lock); + nrspin_lock_irq(&console_lock); conringc = p - c > conring_size ? p - conring_size : c; - spin_unlock_irq(&console_lock); + nrspin_unlock_irq(&console_lock); } op->count = sofar; @@ -640,7 +640,7 @@ static long guest_console_write(XEN_GUEST_HANDLE_PARAM(char) buffer, if ( is_hardware_domain(cd) ) { /* Use direct console output as it could be interactive */ - spin_lock_irq(&console_lock); + nrspin_lock_irq(&console_lock); console_serial_puts(kbuf, kcount); video_puts(kbuf, kcount); @@ -661,7 +661,7 @@ static long guest_console_write(XEN_GUEST_HANDLE_PARAM(char) buffer, tasklet_schedule(¬ify_dom0_con_ring_tasklet); } - spin_unlock_irq(&console_lock); + nrspin_unlock_irq(&console_lock); } else { @@ -1028,9 +1028,9 @@ void __init console_init_preirq(void) pv_console_set_rx_handler(serial_rx); /* HELLO WORLD --- start-of-day banner text. */ - spin_lock(&console_lock); + nrspin_lock(&console_lock); __putstr(xen_banner()); - spin_unlock(&console_lock); + nrspin_unlock(&console_lock); printk("Xen version %d.%d%s (%s@%s) (%s) %s %s\n", xen_major_version(), xen_minor_version(), xen_extra_version(), xen_compile_by(), xen_compile_domain(), xen_compiler(), @@ -1067,13 +1067,13 @@ void __init console_init_ring(void) } opt_conring_size = PAGE_SIZE << order; - spin_lock_irqsave(&console_lock, flags); + nrspin_lock_irqsave(&console_lock, flags); for ( i = conringc ; i != conringp; i++ ) ring[i & (opt_conring_size - 1)] = conring[i & (conring_size - 1)]; conring = ring; smp_wmb(); /* Allow users of console_force_unlock() to see larger buffer. */ conring_size = opt_conring_size; - spin_unlock_irqrestore(&console_lock, flags); + nrspin_unlock_irqrestore(&console_lock, flags); printk("Allocated console ring of %u KiB.\n", opt_conring_size >> 10); } diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 593cba640e..53a33653f9 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -102,6 +102,9 @@ struct lock_profile_qhead { }; #define LOCK_PROFILE_(lockname) { .name = #lockname, .ptr.lock = &(lockname), } +#define RLOCK_PROFILE_(lockname) { .name = #lockname, \ + .ptr.rlock = &(lockname), \ + .is_rlock = true, } #define LOCK_PROFILE_PTR_(name) \ static struct lock_profile * const lock_profile__##name \ __used_section(".lockprofile.data") = \ @@ -118,10 +121,10 @@ struct lock_profile_qhead { LOCK_PROFILE_PTR_(l) #define DEFINE_RSPINLOCK(l) \ rspinlock_t l = SPIN_LOCK_UNLOCKED_(NULL); \ - static struct lock_profile lock_profile_data__##l = LOCK_PROFILE_(l); \ + static struct lock_profile lock_profile_data__##l = RLOCK_PROFILE_(l); \ LOCK_PROFILE_PTR_(l) -#define spin_lock_init_prof__(s, l, locktype) \ +#define spin_lock_init_prof__(s, l, lockptr, locktype, isr) \ do { \ struct lock_profile *prof; \ prof = xzalloc(struct lock_profile); \ @@ -134,13 +137,16 @@ struct lock_profile_qhead { break; \ } \ prof->name = #l; \ - prof->ptr.lock = &(s)->l; \ + prof->ptr.lockptr = &(s)->l; \ + prof->is_rlock = isr; \ prof->next = (s)->profile_head.elem_q; \ (s)->profile_head.elem_q = prof; \ } while( 0 ) -#define spin_lock_init_prof(s, l) spin_lock_init_prof__(s, l, spinlock_t) -#define rspin_lock_init_prof(s, l) spin_lock_init_prof__(s, l, rspinlock_t) +#define spin_lock_init_prof(s, l) \ + spin_lock_init_prof__(s, l, lock, spinlock_t, false) +#define rspin_lock_init_prof(s, l) \ + spin_lock_init_prof__(s, l, rlock, rspinlock_t, true) void _lock_profile_register_struct( int32_t type, struct lock_profile_qhead *qhead, int32_t idx); @@ -274,7 +280,10 @@ static always_inline void spin_lock_if(bool condition, spinlock_t *l) * reentered recursively on the same CPU. All critical regions that may form * part of a recursively-nested set must be protected by these forms. If there * are any critical regions that cannot form part of such a set, they can use - * standard spin_[un]lock(). + * nrspin_[un]lock(). + * The nrspin_[un]lock() forms act the same way as normal spin_[un]lock() + * calls, but operate on rspinlock_t locks. nrspin_lock() and rspin_lock() + * calls are blocking to each other for a specific lock even on the same cpu. */ bool _rspin_trylock(rspinlock_t *lock); void _rspin_lock(rspinlock_t *lock); @@ -298,4 +307,12 @@ static always_inline void rspin_lock(rspinlock_t *lock) #define rspin_unlock(l) _rspin_unlock(l) #define rspin_unlock_irqrestore(l, f) _rspin_unlock_irqrestore(l, f) +#define nrspin_trylock(l) spin_trylock(l) +#define nrspin_lock(l) spin_lock(l) +#define nrspin_unlock(l) spin_unlock(l) +#define nrspin_lock_irq(l) spin_lock_irq(l) +#define nrspin_unlock_irq(l) spin_unlock_irq(l) +#define nrspin_lock_irqsave(l, f) spin_lock_irqsave(l, f) +#define nrspin_unlock_irqrestore(l, f) spin_unlock_irqrestore(l, f) + #endif /* __SPINLOCK_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 07:33:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 07:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701767.1096220 (Exim 4.92) (envelope-from ) id 1rtjVD-0003DU-7o; Mon, 08 Apr 2024 07:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701767.1096220; Mon, 08 Apr 2024 07:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVD-0003DN-5P; Mon, 08 Apr 2024 07:33:15 +0000 Received: by outflank-mailman (input) for mailman id 701767; Mon, 08 Apr 2024 07:33:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVB-0003DB-JB for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVB-0002S2-Hv for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtjVB-0007VP-Gw for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ShZbXU4n4dzN0i5NvKk9rcLIwfNF13leF2LedAB/0eI=; b=Zk3R1y2gmfWxPv4gfZI7IK7M19 jtZHG+bjpSyBUKx9+SFlpTACSkpuuXSdaMNDBZjCufM7IhWrNn4wUXTZKnk9CM6u4ceq7pI+jgB5p sgKQUdLxzd8iRk4IR2D31jWwlO74NxCpe4IutXrQT3KhOzBUAbrXNx25gfYNUd3VnGvo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/spinlock: add another function level Message-Id: Date: Mon, 08 Apr 2024 07:33:13 +0000 commit ee1e1331258e27e42ea85cfa1b5d827ceebf906e Author: Juergen Gross AuthorDate: Mon Apr 8 09:17:47 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:17:47 2024 +0200 xen/spinlock: add another function level Add another function level in spinlock.c hiding the spinlock_t layout from the low level locking code. This is done in preparation of introducing rspinlock_t for recursive locks without having to duplicate all of the locking code. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/common/spinlock.c | 103 +++++++++++++++++++++++++++++---------------- xen/include/xen/spinlock.h | 1 + 2 files changed, 68 insertions(+), 36 deletions(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 874ed762b4..648393d95f 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -261,29 +261,31 @@ void spin_debug_disable(void) #ifdef CONFIG_DEBUG_LOCK_PROFILE +#define LOCK_PROFILE_PAR lock->profile #define LOCK_PROFILE_REL \ - if ( lock->profile ) \ + if ( profile ) \ { \ - lock->profile->time_hold += NOW() - lock->profile->time_locked; \ - lock->profile->lock_cnt++; \ + profile->time_hold += NOW() - profile->time_locked; \ + profile->lock_cnt++; \ } #define LOCK_PROFILE_VAR(var, val) s_time_t var = (val) #define LOCK_PROFILE_BLOCK(var) var = var ? : NOW() #define LOCK_PROFILE_BLKACC(tst, val) \ if ( tst ) \ { \ - lock->profile->time_block += lock->profile->time_locked - (val); \ - lock->profile->block_cnt++; \ + profile->time_block += profile->time_locked - (val); \ + profile->block_cnt++; \ } #define LOCK_PROFILE_GOT(val) \ - if ( lock->profile ) \ + if ( profile ) \ { \ - lock->profile->time_locked = NOW(); \ + profile->time_locked = NOW(); \ LOCK_PROFILE_BLKACC(val, val); \ } #else +#define LOCK_PROFILE_PAR NULL #define LOCK_PROFILE_REL #define LOCK_PROFILE_VAR(var, val) #define LOCK_PROFILE_BLOCK(var) @@ -307,17 +309,18 @@ static always_inline uint16_t observe_head(const spinlock_tickets_t *t) return read_atomic(&t->head); } -static void always_inline spin_lock_common(spinlock_t *lock, +static void always_inline spin_lock_common(spinlock_tickets_t *t, + union lock_debug *debug, + struct lock_profile *profile, void (*cb)(void *data), void *data) { spinlock_tickets_t tickets = SPINLOCK_TICKET_INC; LOCK_PROFILE_VAR(block, 0); - check_lock(&lock->debug, false); + check_lock(debug, false); preempt_disable(); - tickets.head_tail = arch_fetch_and_add(&lock->tickets.head_tail, - tickets.head_tail); - while ( tickets.tail != observe_head(&lock->tickets) ) + tickets.head_tail = arch_fetch_and_add(&t->head_tail, tickets.head_tail); + while ( tickets.tail != observe_head(t) ) { LOCK_PROFILE_BLOCK(block); if ( cb ) @@ -325,18 +328,19 @@ static void always_inline spin_lock_common(spinlock_t *lock, arch_lock_relax(); } arch_lock_acquire_barrier(); - got_lock(&lock->debug); + got_lock(debug); LOCK_PROFILE_GOT(block); } void _spin_lock(spinlock_t *lock) { - spin_lock_common(lock, NULL, NULL); + spin_lock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR, NULL, + NULL); } void _spin_lock_cb(spinlock_t *lock, void (*cb)(void *data), void *data) { - spin_lock_common(lock, cb, data); + spin_lock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR, cb, data); } void _spin_lock_irq(spinlock_t *lock) @@ -355,16 +359,23 @@ unsigned long _spin_lock_irqsave(spinlock_t *lock) return flags; } -void _spin_unlock(spinlock_t *lock) +static void always_inline spin_unlock_common(spinlock_tickets_t *t, + union lock_debug *debug, + struct lock_profile *profile) { LOCK_PROFILE_REL; - rel_lock(&lock->debug); + rel_lock(debug); arch_lock_release_barrier(); - add_sized(&lock->tickets.head, 1); + add_sized(&t->head, 1); arch_lock_signal(); preempt_enable(); } +void _spin_unlock(spinlock_t *lock) +{ + spin_unlock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + void _spin_unlock_irq(spinlock_t *lock) { _spin_unlock(lock); @@ -377,6 +388,11 @@ void _spin_unlock_irqrestore(spinlock_t *lock, unsigned long flags) local_irq_restore(flags); } +static bool always_inline spin_is_locked_common(const spinlock_tickets_t *t) +{ + return t->head != t->tail; +} + int _spin_is_locked(const spinlock_t *lock) { /* @@ -385,57 +401,70 @@ int _spin_is_locked(const spinlock_t *lock) * ASSERT()s and alike. */ return lock->recurse_cpu == SPINLOCK_NO_CPU - ? lock->tickets.head != lock->tickets.tail + ? spin_is_locked_common(&lock->tickets) : lock->recurse_cpu == smp_processor_id(); } -int _spin_trylock(spinlock_t *lock) +static bool always_inline spin_trylock_common(spinlock_tickets_t *t, + union lock_debug *debug, + struct lock_profile *profile) { spinlock_tickets_t old, new; preempt_disable(); - check_lock(&lock->debug, true); - old = observe_lock(&lock->tickets); + check_lock(debug, true); + old = observe_lock(t); if ( old.head != old.tail ) { preempt_enable(); - return 0; + return false; } new = old; new.tail++; - if ( cmpxchg(&lock->tickets.head_tail, - old.head_tail, new.head_tail) != old.head_tail ) + if ( cmpxchg(&t->head_tail, old.head_tail, new.head_tail) != old.head_tail ) { preempt_enable(); - return 0; + return false; } /* * cmpxchg() is a full barrier so no need for an * arch_lock_acquire_barrier(). */ - got_lock(&lock->debug); + got_lock(debug); LOCK_PROFILE_GOT(0); - return 1; + return true; } -void _spin_barrier(spinlock_t *lock) +int _spin_trylock(spinlock_t *lock) +{ + return spin_trylock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + +static void always_inline spin_barrier_common(spinlock_tickets_t *t, + union lock_debug *debug, + struct lock_profile *profile) { spinlock_tickets_t sample; LOCK_PROFILE_VAR(block, NOW()); - check_barrier(&lock->debug); + check_barrier(debug); smp_mb(); - sample = observe_lock(&lock->tickets); + sample = observe_lock(t); if ( sample.head != sample.tail ) { - while ( observe_head(&lock->tickets) == sample.head ) + while ( observe_head(t) == sample.head ) arch_lock_relax(); - LOCK_PROFILE_BLKACC(lock->profile, block); + LOCK_PROFILE_BLKACC(profile, block); } smp_mb(); } +void _spin_barrier(spinlock_t *lock) +{ + spin_barrier_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + bool _rspin_trylock(rspinlock_t *lock) { unsigned int cpu = smp_processor_id(); @@ -448,7 +477,8 @@ bool _rspin_trylock(rspinlock_t *lock) if ( likely(lock->recurse_cpu != cpu) ) { - if ( !_spin_trylock(lock) ) + if ( !spin_trylock_common(&lock->tickets, &lock->debug, + LOCK_PROFILE_PAR) ) return false; lock->recurse_cpu = cpu; } @@ -466,7 +496,8 @@ void _rspin_lock(rspinlock_t *lock) if ( likely(lock->recurse_cpu != cpu) ) { - _spin_lock(lock); + spin_lock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR, NULL, + NULL); lock->recurse_cpu = cpu; } @@ -490,7 +521,7 @@ void _rspin_unlock(rspinlock_t *lock) if ( likely(--lock->recurse_cnt == 0) ) { lock->recurse_cpu = SPINLOCK_NO_CPU; - spin_unlock(lock); + spin_unlock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); } } diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 53a33653f9..8bc4652526 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -165,6 +165,7 @@ extern void cf_check spinlock_profile_reset(unsigned char key); #else struct lock_profile_qhead { }; +struct lock_profile { }; #define SPIN_LOCK_UNLOCKED { \ .recurse_cpu = SPINLOCK_NO_CPU, \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 07:33:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 07:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701768.1096225 (Exim 4.92) (envelope-from ) id 1rtjVN-0003Jg-B2; Mon, 08 Apr 2024 07:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701768.1096225; Mon, 08 Apr 2024 07:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVN-0003JY-8K; Mon, 08 Apr 2024 07:33:25 +0000 Received: by outflank-mailman (input) for mailman id 701768; Mon, 08 Apr 2024 07:33:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVL-0003JD-M0 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVL-0002SD-LC for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtjVL-0007WG-KS for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=s0BXrkBHkbcqKc3+5slduYzyOYOaX+56/UriUt+omjw=; b=B8HTPlKxQmEoiyaZAbAd/dklsS nCgGqAOWP3nk/UUy2c8kDu2Fl3wu2eMa6EJ2QQtAWFwgq+ao0E6HLtSWJHtr/vwlAEOkpszn4Q0E/ olubQlxwqn1GwXfxeSgTpg460sS7hhp9W77lMI9oKuc+ZRdcD7/vwqcNw+7ZD+eS+VRY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/spinlock: add missing rspin_is_locked() and rspin_barrier() Message-Id: Date: Mon, 08 Apr 2024 07:33:23 +0000 commit 31be78285c8fed95a921736964bee2781d49168d Author: Juergen Gross AuthorDate: Mon Apr 8 09:18:40 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:18:40 2024 +0200 xen/spinlock: add missing rspin_is_locked() and rspin_barrier() Add rspin_is_locked() and rspin_barrier() in order to prepare differing spinlock_t and rspinlock_t types. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/arch/x86/mm/p2m-pod.c | 2 +- xen/common/domain.c | 2 +- xen/common/page_alloc.c | 2 +- xen/common/spinlock.c | 26 ++++++++++++++++++++------ xen/drivers/char/console.c | 4 ++-- xen/drivers/passthrough/pci.c | 2 +- xen/include/xen/spinlock.h | 4 ++++ 7 files changed, 30 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index c48ea169b7..9750a3a21b 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -374,7 +374,7 @@ int p2m_pod_empty_cache(struct domain *d) /* After this barrier no new PoD activities can happen. */ BUG_ON(!d->is_dying); - spin_barrier(&p2m->pod.lock.lock); + rspin_barrier(&p2m->pod.lock.lock); lock_page_alloc(p2m); diff --git a/xen/common/domain.c b/xen/common/domain.c index ceb44c8266..282c3ab623 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -991,7 +991,7 @@ int domain_kill(struct domain *d) case DOMDYING_alive: domain_pause(d); d->is_dying = DOMDYING_dying; - spin_barrier(&d->domain_lock); + rspin_barrier(&d->domain_lock); argo_destroy(d); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 4d6ce726e3..7c1bdfc046 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -477,7 +477,7 @@ unsigned long domain_adjust_tot_pages(struct domain *d, long pages) { long dom_before, dom_after, dom_claimed, sys_before, sys_after; - ASSERT(spin_is_locked(&d->page_alloc_lock)); + ASSERT(rspin_is_locked(&d->page_alloc_lock)); d->tot_pages += pages; /* diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 648393d95f..6572c76114 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -396,13 +396,10 @@ static bool always_inline spin_is_locked_common(const spinlock_tickets_t *t) int _spin_is_locked(const spinlock_t *lock) { /* - * Recursive locks may be locked by another CPU, yet we return - * "false" here, making this function suitable only for use in - * ASSERT()s and alike. + * This function is suitable only for use in ASSERT()s and alike, as it + * doesn't tell _who_ is holding the lock. */ - return lock->recurse_cpu == SPINLOCK_NO_CPU - ? spin_is_locked_common(&lock->tickets) - : lock->recurse_cpu == smp_processor_id(); + return spin_is_locked_common(&lock->tickets); } static bool always_inline spin_trylock_common(spinlock_tickets_t *t, @@ -465,6 +462,23 @@ void _spin_barrier(spinlock_t *lock) spin_barrier_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); } +bool _rspin_is_locked(const rspinlock_t *lock) +{ + /* + * Recursive locks may be locked by another CPU, yet we return + * "false" here, making this function suitable only for use in + * ASSERT()s and alike. + */ + return lock->recurse_cpu == SPINLOCK_NO_CPU + ? spin_is_locked_common(&lock->tickets) + : lock->recurse_cpu == smp_processor_id(); +} + +void _rspin_barrier(rspinlock_t *lock) +{ + spin_barrier_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + bool _rspin_trylock(rspinlock_t *lock) { unsigned int cpu = smp_processor_id(); diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index 05638e32bb..2c363d9c1d 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -327,7 +327,7 @@ static void cf_check do_dec_thresh(unsigned char key, bool unused) static void conring_puts(const char *str, size_t len) { - ASSERT(spin_is_locked(&console_lock)); + ASSERT(rspin_is_locked(&console_lock)); while ( len-- ) conring[CONRING_IDX_MASK(conringp++)] = *str++; @@ -767,7 +767,7 @@ static void __putstr(const char *str) { size_t len = strlen(str); - ASSERT(spin_is_locked(&console_lock)); + ASSERT(rspin_is_locked(&console_lock)); console_serial_puts(str, len); video_puts(str, len); diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 4fcc7e2cde..5a446d3dce 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -65,7 +65,7 @@ void pcidevs_unlock(void) bool pcidevs_locked(void) { - return !!spin_is_locked(&_pcidevs_lock); + return rspin_is_locked(&_pcidevs_lock); } static struct radix_tree_root pci_segments; diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 8bc4652526..148be1e116 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -297,6 +297,8 @@ void _rspin_lock(rspinlock_t *lock); unsigned long _rspin_lock_irqsave(rspinlock_t *lock); void _rspin_unlock(rspinlock_t *lock); void _rspin_unlock_irqrestore(rspinlock_t *lock, unsigned long flags); +bool _rspin_is_locked(const rspinlock_t *lock); +void _rspin_barrier(rspinlock_t *lock); static always_inline void rspin_lock(rspinlock_t *lock) { @@ -307,6 +309,8 @@ static always_inline void rspin_lock(rspinlock_t *lock) #define rspin_trylock(l) lock_evaluate_nospec(_rspin_trylock(l)) #define rspin_unlock(l) _rspin_unlock(l) #define rspin_unlock_irqrestore(l, f) _rspin_unlock_irqrestore(l, f) +#define rspin_barrier(l) _rspin_barrier(l) +#define rspin_is_locked(l) _rspin_is_locked(l) #define nrspin_trylock(l) spin_trylock(l) #define nrspin_lock(l) spin_lock(l) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 07:33:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 07:33:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701769.1096228 (Exim 4.92) (envelope-from ) id 1rtjVX-0003OG-CV; Mon, 08 Apr 2024 07:33:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701769.1096228; Mon, 08 Apr 2024 07:33:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVX-0003O8-9q; Mon, 08 Apr 2024 07:33:35 +0000 Received: by outflank-mailman (input) for mailman id 701769; Mon, 08 Apr 2024 07:33:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVV-0003Nq-PM for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVV-0002Sf-OR for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtjVV-0007Wh-NO for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oRji3U4XsR8ouZvi91i2KxjEqdOOAJMs6CitROIsUwo=; b=WnPwCXMG8YfNhCRCT/YV34OtTL k7l9spSgZP8gp9JR88fL8JGBWnLkzdUnD4xOl4EHWoDlpSFgbbZbjewFuPvxfkQsBUx6MMFqoN9k0 Qxxf3Q1Klg0psfoDzqU9mYSjiNkKjCFtl4OUwbxgKvoCuFZ6RjH879lxExKc+Qz5RkGg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/spinlock: split recursive spinlocks from normal ones Message-Id: Date: Mon, 08 Apr 2024 07:33:33 +0000 commit bfbec024b83e2705b40853468e7baa4aac0e7f1f Author: Juergen Gross AuthorDate: Mon Apr 8 09:19:34 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:19:34 2024 +0200 xen/spinlock: split recursive spinlocks from normal ones Recursive and normal spinlocks are sharing the same data structure for representation of the lock. This has two major disadvantages: - it is not clear from the definition of a lock, whether it is intended to be used recursive or not, while a mixture of both usage variants needs to be - in production builds (builds without CONFIG_DEBUG_LOCKS) the needed data size of an ordinary spinlock is 8 bytes instead of 4, due to the additional recursion data needed (associated with that the rwlock data is using 12 instead of only 8 bytes) Fix that by introducing a struct spinlock_recursive for recursive spinlocks only, and switch recursive spinlock functions to require pointers to this new struct. This allows to check the correct usage at build time. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/common/spinlock.c | 50 ++++++++++++++++++++++++++++++++ xen/include/xen/spinlock.h | 72 +++++++++++++++++++++++++++++++++++----------- 2 files changed, 105 insertions(+), 17 deletions(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 6572c76114..5aaca49a61 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -545,6 +545,56 @@ void _rspin_unlock_irqrestore(rspinlock_t *lock, unsigned long flags) local_irq_restore(flags); } +bool _nrspin_trylock(rspinlock_t *lock) +{ + check_lock(&lock->debug, true); + + if ( unlikely(lock->recurse_cpu != SPINLOCK_NO_CPU) ) + return false; + + return spin_trylock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + +void _nrspin_lock(rspinlock_t *lock) +{ + spin_lock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR, NULL, + NULL); +} + +void _nrspin_unlock(rspinlock_t *lock) +{ + spin_unlock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + +void _nrspin_lock_irq(rspinlock_t *lock) +{ + ASSERT(local_irq_is_enabled()); + local_irq_disable(); + _nrspin_lock(lock); +} + +void _nrspin_unlock_irq(rspinlock_t *lock) +{ + _nrspin_unlock(lock); + local_irq_enable(); +} + +unsigned long _nrspin_lock_irqsave(rspinlock_t *lock) +{ + unsigned long flags; + + local_irq_save(flags); + _nrspin_lock(lock); + + return flags; +} + +void _nrspin_unlock_irqrestore(rspinlock_t *lock, unsigned long flags) +{ + _nrspin_unlock(lock); + local_irq_restore(flags); +} + #ifdef CONFIG_DEBUG_LOCK_PROFILE struct lock_profile_anc { diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 148be1e116..f49ba928f0 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -77,8 +77,6 @@ union lock_debug { }; */ struct spinlock; -/* Temporary hack until a dedicated struct rspinlock is existing. */ -#define rspinlock spinlock struct lock_profile { struct lock_profile *next; /* forward link */ @@ -110,6 +108,10 @@ struct lock_profile_qhead { __used_section(".lockprofile.data") = \ &lock_profile_data__##name #define SPIN_LOCK_UNLOCKED_(x) { \ + .debug = LOCK_DEBUG_, \ + .profile = x, \ +} +#define RSPIN_LOCK_UNLOCKED_(x) { \ .recurse_cpu = SPINLOCK_NO_CPU, \ .debug = LOCK_DEBUG_, \ .profile = x, \ @@ -119,8 +121,9 @@ struct lock_profile_qhead { spinlock_t l = SPIN_LOCK_UNLOCKED_(NULL); \ static struct lock_profile lock_profile_data__##l = LOCK_PROFILE_(l); \ LOCK_PROFILE_PTR_(l) +#define RSPIN_LOCK_UNLOCKED RSPIN_LOCK_UNLOCKED_(NULL) #define DEFINE_RSPINLOCK(l) \ - rspinlock_t l = SPIN_LOCK_UNLOCKED_(NULL); \ + rspinlock_t l = RSPIN_LOCK_UNLOCKED_(NULL); \ static struct lock_profile lock_profile_data__##l = RLOCK_PROFILE_(l); \ LOCK_PROFILE_PTR_(l) @@ -145,8 +148,11 @@ struct lock_profile_qhead { #define spin_lock_init_prof(s, l) \ spin_lock_init_prof__(s, l, lock, spinlock_t, false) -#define rspin_lock_init_prof(s, l) \ - spin_lock_init_prof__(s, l, rlock, rspinlock_t, true) +#define rspin_lock_init_prof(s, l) do { \ + spin_lock_init_prof__(s, l, rlock, rspinlock_t, true); \ + (s)->l.recurse_cpu = SPINLOCK_NO_CPU; \ + (s)->l.recurse_cnt = 0; \ + } while (0) void _lock_profile_register_struct( int32_t type, struct lock_profile_qhead *qhead, int32_t idx); @@ -168,11 +174,14 @@ struct lock_profile_qhead { }; struct lock_profile { }; #define SPIN_LOCK_UNLOCKED { \ + .debug = LOCK_DEBUG_, \ +} +#define RSPIN_LOCK_UNLOCKED { \ .recurse_cpu = SPINLOCK_NO_CPU, \ .debug = LOCK_DEBUG_, \ } #define DEFINE_SPINLOCK(l) spinlock_t l = SPIN_LOCK_UNLOCKED -#define DEFINE_RSPINLOCK(l) rspinlock_t l = SPIN_LOCK_UNLOCKED +#define DEFINE_RSPINLOCK(l) rspinlock_t l = RSPIN_LOCK_UNLOCKED #define spin_lock_init_prof(s, l) spin_lock_init(&((s)->l)) #define rspin_lock_init_prof(s, l) rspin_lock_init(&((s)->l)) @@ -193,6 +202,14 @@ typedef union { #define SPINLOCK_TICKET_INC { .head_tail = 0x10000, } typedef struct spinlock { + spinlock_tickets_t tickets; + union lock_debug debug; +#ifdef CONFIG_DEBUG_LOCK_PROFILE + struct lock_profile *profile; +#endif +} spinlock_t; + +typedef struct rspinlock { spinlock_tickets_t tickets; uint16_t recurse_cpu:SPINLOCK_CPU_BITS; #define SPINLOCK_NO_CPU ((1u << SPINLOCK_CPU_BITS) - 1) @@ -203,12 +220,10 @@ typedef struct spinlock { #ifdef CONFIG_DEBUG_LOCK_PROFILE struct lock_profile *profile; #endif -} spinlock_t; - -typedef spinlock_t rspinlock_t; +} rspinlock_t; #define spin_lock_init(l) (*(l) = (spinlock_t)SPIN_LOCK_UNLOCKED) -#define rspin_lock_init(l) (*(l) = (rspinlock_t)SPIN_LOCK_UNLOCKED) +#define rspin_lock_init(l) (*(l) = (rspinlock_t)RSPIN_LOCK_UNLOCKED) void _spin_lock(spinlock_t *lock); void _spin_lock_cb(spinlock_t *lock, void (*cb)(void *data), void *data); @@ -312,12 +327,35 @@ static always_inline void rspin_lock(rspinlock_t *lock) #define rspin_barrier(l) _rspin_barrier(l) #define rspin_is_locked(l) _rspin_is_locked(l) -#define nrspin_trylock(l) spin_trylock(l) -#define nrspin_lock(l) spin_lock(l) -#define nrspin_unlock(l) spin_unlock(l) -#define nrspin_lock_irq(l) spin_lock_irq(l) -#define nrspin_unlock_irq(l) spin_unlock_irq(l) -#define nrspin_lock_irqsave(l, f) spin_lock_irqsave(l, f) -#define nrspin_unlock_irqrestore(l, f) spin_unlock_irqrestore(l, f) +bool _nrspin_trylock(rspinlock_t *lock); +void _nrspin_lock(rspinlock_t *lock); +#define nrspin_lock_irqsave(l, f) \ + ({ \ + BUILD_BUG_ON(sizeof(f) != sizeof(unsigned long)); \ + (f) = _nrspin_lock_irqsave(l); \ + block_lock_speculation(); \ + }) +unsigned long _nrspin_lock_irqsave(rspinlock_t *lock); +void _nrspin_unlock(rspinlock_t *lock); +void _nrspin_lock_irq(rspinlock_t *lock); +void _nrspin_unlock_irq(rspinlock_t *lock); +void _nrspin_unlock_irqrestore(rspinlock_t *lock, unsigned long flags); + +static always_inline void nrspin_lock(rspinlock_t *lock) +{ + _nrspin_lock(lock); + block_lock_speculation(); +} + +static always_inline void nrspin_lock_irq(rspinlock_t *l) +{ + _nrspin_lock_irq(l); + block_lock_speculation(); +} + +#define nrspin_trylock(l) lock_evaluate_nospec(_nrspin_trylock(l)) +#define nrspin_unlock(l) _nrspin_unlock(l) +#define nrspin_unlock_irqrestore(l, f) _nrspin_unlock_irqrestore(l, f) +#define nrspin_unlock_irq(l) _nrspin_unlock_irq(l) #endif /* __SPINLOCK_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 07:33:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 07:33:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701770.1096233 (Exim 4.92) (envelope-from ) id 1rtjVh-0003RQ-Dw; Mon, 08 Apr 2024 07:33:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701770.1096233; Mon, 08 Apr 2024 07:33:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVh-0003RI-BR; Mon, 08 Apr 2024 07:33:45 +0000 Received: by outflank-mailman (input) for mailman id 701770; Mon, 08 Apr 2024 07:33:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVf-0003RA-SL for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVf-0002So-RX for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtjVf-0007XA-Qb for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k3xp1zgXfM0bkMlgbU+sv/e6VtHqZB9CeltiizOMmMo=; b=KneHgFaX8L5nlNhVy1+8LsGLMP gIC7bdY4fXBeI5rrGhdcIIyK+dCrREE5VWXjWpjdSwDn6B74rKQOtlw4W7rsIiiaZ7/1ZWhhfdr/d 0sBN+9y+FUpu1J5tLXW2Bhs2yl5ObhJYjCekyTLP6oXu9Lvr/VHtCKbJ5Ls/e3n4O5NM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/spinlock: let all is_locked and trylock variants return bool Message-Id: Date: Mon, 08 Apr 2024 07:33:43 +0000 commit 0b09531d21ac26f63646159959c3b0a72bd107f8 Author: Juergen Gross AuthorDate: Mon Apr 8 09:20:24 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:20:24 2024 +0200 xen/spinlock: let all is_locked and trylock variants return bool Switch the remaining trylock and is_locked variants to return bool. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/common/spinlock.c | 4 ++-- xen/include/xen/spinlock.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 5aaca49a61..7ccb725171 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -393,7 +393,7 @@ static bool always_inline spin_is_locked_common(const spinlock_tickets_t *t) return t->head != t->tail; } -int _spin_is_locked(const spinlock_t *lock) +bool _spin_is_locked(const spinlock_t *lock) { /* * This function is suitable only for use in ASSERT()s and alike, as it @@ -433,7 +433,7 @@ static bool always_inline spin_trylock_common(spinlock_tickets_t *t, return true; } -int _spin_trylock(spinlock_t *lock) +bool _spin_trylock(spinlock_t *lock) { return spin_trylock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); } diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index f49ba928f0..3a4092626c 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -234,8 +234,8 @@ void _spin_unlock(spinlock_t *lock); void _spin_unlock_irq(spinlock_t *lock); void _spin_unlock_irqrestore(spinlock_t *lock, unsigned long flags); -int _spin_is_locked(const spinlock_t *lock); -int _spin_trylock(spinlock_t *lock); +bool _spin_is_locked(const spinlock_t *lock); +bool _spin_trylock(spinlock_t *lock); void _spin_barrier(spinlock_t *lock); static always_inline void spin_lock(spinlock_t *l) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 07:33:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 07:33:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701771.1096238 (Exim 4.92) (envelope-from ) id 1rtjVr-0003UX-Fw; Mon, 08 Apr 2024 07:33:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701771.1096238; Mon, 08 Apr 2024 07:33:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVr-0003UO-Cq; Mon, 08 Apr 2024 07:33:55 +0000 Received: by outflank-mailman (input) for mailman id 701771; Mon, 08 Apr 2024 07:33:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVp-0003UB-WA for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjVp-0002T4-UZ for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtjVp-0007XZ-Tg for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:33:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7pX96P6aoDICrXSOlBypcySAelqpd7Te+7/Y9YWsjz0=; b=sxuy4lwp1ALMnFceDuVywAvEJ0 fpqkV8UgYLEKFJ/jeZ/0MaX8FXuvy01WapRT8ZqcMMkbtUf+Cs8i7nYfrcGo7zP/yntbX//avspul s5XCK5VEx2XDO3+CUZEjU8vR1vgxEb1GWMEpnqPiysdMFfNUEv7JbcC/OgkKni3BcZj0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/spinlock: support higher number of cpus Message-Id: Date: Mon, 08 Apr 2024 07:33:53 +0000 commit c286bb93d20c7e49f61d3e8ca006d58d00af0d2e Author: Juergen Gross AuthorDate: Mon Apr 8 09:21:13 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:21:13 2024 +0200 xen/spinlock: support higher number of cpus Allow 16 bits per cpu number, which is the limit imposed by spinlock_tickets_t. This will allow up to 65535 cpus, while increasing only the size of recursive spinlocks in debug builds from 8 to 12 bytes. The current Xen limit of 4095 cpus is imposed by SPINLOCK_CPU_BITS being 12. There are machines available with more cpus than the current Xen limit, so it makes sense to have the possibility to use more cpus. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/common/spinlock.c | 2 ++ xen/include/xen/spinlock.h | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 7ccb725171..5aa9ba6188 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -485,7 +485,9 @@ bool _rspin_trylock(rspinlock_t *lock) /* Don't allow overflow of recurse_cpu field. */ BUILD_BUG_ON(NR_CPUS > SPINLOCK_NO_CPU); + BUILD_BUG_ON(SPINLOCK_CPU_BITS > sizeof(lock->recurse_cpu) * 8); BUILD_BUG_ON(SPINLOCK_RECURSE_BITS < 3); + BUILD_BUG_ON(SPINLOCK_MAX_RECURSE > ((1u << SPINLOCK_RECURSE_BITS) - 1)); check_lock(&lock->debug, true); diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 3a4092626c..db00a24646 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -8,16 +8,16 @@ #include #include -#define SPINLOCK_CPU_BITS 12 +#define SPINLOCK_CPU_BITS 16 #ifdef CONFIG_DEBUG_LOCKS union lock_debug { - uint16_t val; -#define LOCK_DEBUG_INITVAL 0xffff + uint32_t val; +#define LOCK_DEBUG_INITVAL 0xffffffff struct { - uint16_t cpu:SPINLOCK_CPU_BITS; -#define LOCK_DEBUG_PAD_BITS (14 - SPINLOCK_CPU_BITS) - uint16_t :LOCK_DEBUG_PAD_BITS; + unsigned int cpu:SPINLOCK_CPU_BITS; +#define LOCK_DEBUG_PAD_BITS (30 - SPINLOCK_CPU_BITS) + unsigned int :LOCK_DEBUG_PAD_BITS; bool irq_safe:1; bool unseen:1; }; @@ -211,11 +211,11 @@ typedef struct spinlock { typedef struct rspinlock { spinlock_tickets_t tickets; - uint16_t recurse_cpu:SPINLOCK_CPU_BITS; + uint16_t recurse_cpu; #define SPINLOCK_NO_CPU ((1u << SPINLOCK_CPU_BITS) - 1) -#define SPINLOCK_RECURSE_BITS (16 - SPINLOCK_CPU_BITS) - uint16_t recurse_cnt:SPINLOCK_RECURSE_BITS; -#define SPINLOCK_MAX_RECURSE ((1u << SPINLOCK_RECURSE_BITS) - 1) +#define SPINLOCK_RECURSE_BITS 8 + uint8_t recurse_cnt; +#define SPINLOCK_MAX_RECURSE 15 union lock_debug debug; #ifdef CONFIG_DEBUG_LOCK_PROFILE struct lock_profile *profile; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 07:34:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 07:34:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701772.1096241 (Exim 4.92) (envelope-from ) id 1rtjW1-0003XT-Gm; Mon, 08 Apr 2024 07:34:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701772.1096241; Mon, 08 Apr 2024 07:34:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjW1-0003XM-EL; Mon, 08 Apr 2024 07:34:05 +0000 Received: by outflank-mailman (input) for mailman id 701772; Mon, 08 Apr 2024 07:34:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjW0-0003X0-22 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjW0-0002TO-1F for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtjW0-0007YZ-0P for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D3K6oRy4QRLE5f79RGo4d1X1HHi91Zfshij06FE9JUo=; b=bstePnbKmwVbYFpFwWIV66OsC5 jSy6Githl6L+bh/xPhb4Auoijj1CLYLcbTxpInL72a+QIL2FXnwCJS/2sAPxy3Lm6LftNiq4NlPWv U2PAOF6Sr3sDTCexvLXkAIj61JsGBPQF/AcxOkDeJl8kr9e52ZLgK9kb97AIr21MzTeI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/rwlock: raise the number of possible cpus Message-Id: Date: Mon, 08 Apr 2024 07:34:04 +0000 commit 77b219f915c54d6029a370c6208ccb1bb965ee1c Author: Juergen Gross AuthorDate: Mon Apr 8 09:21:41 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:21:41 2024 +0200 xen/rwlock: raise the number of possible cpus The rwlock handling is limiting the number of cpus to 4095 today. The main reason is the use of the atomic_t data type for the main lock handling, which needs 2 bits for the locking state (writer waiting or write locked), 12 bits for the id of a possible writer, and a 12 bit counter for readers. The limit isn't 4096 due to an off by one sanity check. The atomic_t data type is 32 bits wide, so in theory 15 bits for the writer's cpu id and 15 bits for the reader count seem to be fine, but via read_trylock() more readers than cpus are possible. This means that it is possible to raise the number of cpus to 16384 without changing the rwlock_t data structure. In order to avoid the reader count wrapping to zero, don't let read_trylock() succeed in case the highest bit of the reader's count is set already. This leaves enough headroom for non-recursive readers to enter without risking a wrap. While at it calculate _QW_CPUMASK and _QR_SHIFT from _QW_SHIFT and add a sanity check for not overflowing the atomic_t data type. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/include/xen/rwlock.h | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/xen/include/xen/rwlock.h b/xen/include/xen/rwlock.h index 65d88b0ef4..a2e98cad34 100644 --- a/xen/include/xen/rwlock.h +++ b/xen/include/xen/rwlock.h @@ -23,12 +23,12 @@ typedef struct { #define rwlock_init(l) (*(l) = (rwlock_t)RW_LOCK_UNLOCKED) /* Writer states & reader shift and bias. */ -#define _QW_CPUMASK 0xfffU /* Writer CPU mask */ -#define _QW_SHIFT 12 /* Writer flags shift */ -#define _QW_WAITING (1U << _QW_SHIFT) /* A writer is waiting */ -#define _QW_LOCKED (3U << _QW_SHIFT) /* A writer holds the lock */ -#define _QW_WMASK (3U << _QW_SHIFT) /* Writer mask */ -#define _QR_SHIFT 14 /* Reader count shift */ +#define _QW_SHIFT 14 /* Writer flags shift */ +#define _QW_CPUMASK ((1U << _QW_SHIFT) - 1) /* Writer CPU mask */ +#define _QW_WAITING (1U << _QW_SHIFT) /* A writer is waiting */ +#define _QW_LOCKED (3U << _QW_SHIFT) /* A writer holds the lock */ +#define _QW_WMASK (3U << _QW_SHIFT) /* Writer mask */ +#define _QR_SHIFT (_QW_SHIFT + 2) /* Reader count shift */ #define _QR_BIAS (1U << _QR_SHIFT) void queue_read_lock_slowpath(rwlock_t *lock); @@ -36,14 +36,21 @@ void queue_write_lock_slowpath(rwlock_t *lock); static inline bool _is_write_locked_by_me(unsigned int cnts) { - BUILD_BUG_ON(_QW_CPUMASK < NR_CPUS); + BUILD_BUG_ON((_QW_CPUMASK + 1) < NR_CPUS); + BUILD_BUG_ON(NR_CPUS * _QR_BIAS > INT_MAX); return (cnts & _QW_WMASK) == _QW_LOCKED && (cnts & _QW_CPUMASK) == smp_processor_id(); } static inline bool _can_read_lock(unsigned int cnts) { - return !(cnts & _QW_WMASK) || _is_write_locked_by_me(cnts); + /* + * If write locked by the caller, no other readers are possible. + * Not allowing the lock holder to read_lock() another + * INT_MAX >> _QR_SHIFT times ought to be fine. + */ + return cnts <= INT_MAX && + (!(cnts & _QW_WMASK) || _is_write_locked_by_me(cnts)); } /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 07:34:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 07:34:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701773.1096245 (Exim 4.92) (envelope-from ) id 1rtjWB-0003aw-K5; Mon, 08 Apr 2024 07:34:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701773.1096245; Mon, 08 Apr 2024 07:34:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjWB-0003ao-HV; Mon, 08 Apr 2024 07:34:15 +0000 Received: by outflank-mailman (input) for mailman id 701773; Mon, 08 Apr 2024 07:34:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjWA-0003aa-4v for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjWA-0002TW-49 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtjWA-0007Zx-3N for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VmEVp998/7PrE1JR7YY95juohDVpvVNd9vl8iHN0vQ4=; b=Sr9fn91VfIYSCmOvj+4LjeaxSd /IBFE5LFnJj+8oFsHADbXmf++j2rkPN1lmW8rBPl3fIZtrDFT2DBzk2QmDYJThCdCo0PYBqBUCZ9m aod5tmgrbAZHUX+iMi156nYVWVL7FMvsOQWPyVSXScf6ddl3A8oGdQbTT60g8tGF9FLo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libelf: Store maximum PHDR p_align Message-Id: Date: Mon, 08 Apr 2024 07:34:14 +0000 commit 4d3b8669d84f3bc39fff4d03ca86e821ae5b257c Author: Jason Andryuk AuthorDate: Mon Apr 8 09:22:28 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:22:28 2024 +0200 libelf: Store maximum PHDR p_align While parsing the PHDRs, store the maximum p_align value. This may be consulted for moving a PVH image's load address. Signed-off-by: Jason Andryuk Acked-by: Jan Beulich --- xen/common/libelf/libelf-loader.c | 5 +++++ xen/include/xen/libelf.h | 1 + 2 files changed, 6 insertions(+) diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c index 629cc0d3e6..e571ea670e 100644 --- a/xen/common/libelf/libelf-loader.c +++ b/xen/common/libelf/libelf-loader.c @@ -468,6 +468,7 @@ void elf_parse_binary(struct elf_binary *elf) { ELF_HANDLE_DECL(elf_phdr) phdr; uint64_t low = -1, high = 0, paddr, memsz; + uint64_t max_align = 0, palign; unsigned i, count; count = elf_phdr_count(elf); @@ -481,15 +482,19 @@ void elf_parse_binary(struct elf_binary *elf) continue; paddr = elf_uval(elf, phdr, p_paddr); memsz = elf_uval(elf, phdr, p_memsz); + palign = elf_uval(elf, phdr, p_align); elf_msg(elf, "ELF: phdr: paddr=%#" PRIx64 " memsz=%#" PRIx64 "\n", paddr, memsz); if ( low > paddr ) low = paddr; if ( high < paddr + memsz ) high = paddr + memsz; + if ( max_align < palign ) + max_align = palign; } elf->pstart = low; elf->pend = high; + elf->palign = max_align; elf_msg(elf, "ELF: memory: %#" PRIx64 " -> %#" PRIx64 "\n", elf->pstart, elf->pend); } diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h index 1c77e3df31..2d971f958e 100644 --- a/xen/include/xen/libelf.h +++ b/xen/include/xen/libelf.h @@ -196,6 +196,7 @@ struct elf_binary { size_t dest_size; uint64_t pstart; uint64_t pend; + uint64_t palign; uint64_t reloc_offset; uint64_t bsd_symtab_pstart; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 07:34:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 07:34:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701774.1096248 (Exim 4.92) (envelope-from ) id 1rtjWL-0003dB-LO; Mon, 08 Apr 2024 07:34:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701774.1096248; Mon, 08 Apr 2024 07:34:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjWL-0003d3-Iu; Mon, 08 Apr 2024 07:34:25 +0000 Received: by outflank-mailman (input) for mailman id 701774; Mon, 08 Apr 2024 07:34:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjWK-0003cu-7o for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjWK-0002Tm-70 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtjWK-0007am-6L for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iRq9+NvWqpAi7vidmmIgYgkKPklfy0E7utqt4mJphIc=; b=WnT/fuBBJqrsEonih1N2/K/QRh 1nwGKuSMRIC+dM+3Gymol7ExIfxNQzqJeHLgTVhqVjHY7u4dcF8JLuypyruQ0AxJHmgMRmWJwwP9q 35zedpHm+tehkBSIVEZUx++aveFrAXPQ+APl08XqrttuSX1qWN4VM+oW28P2npIyGuJo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/PVH: Support relocatable dom0 kernels Message-Id: Date: Mon, 08 Apr 2024 07:34:24 +0000 commit dfc9fab003785fc533e1e3190e19ddc3101da442 Author: Jason Andryuk AuthorDate: Mon Apr 8 09:22:56 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:22:56 2024 +0200 x86/PVH: Support relocatable dom0 kernels Xen tries to load a PVH dom0 kernel at the fixed guest physical address from the elf headers. For Linux, this defaults to 0x1000000 (16MB), but it can be configured. Unfortunately there exist firmwares that have reserved regions at this address, so Xen fails to load the dom0 kernel since it's not RAM. The PVH entry code is not relocatable - it loads from absolute addresses, which fail when the kernel is loaded at a different address. With a suitably modified kernel, a reloctable entry point is possible. Add XEN_ELFNOTE_PHYS32_RELOC which specifies optional alignment, minimum, and maximum addresses needed for the kernel. The presence of the NOTE indicates the kernel supports a relocatable entry path. Change the loading to check for an acceptable load address. If the kernel is relocatable, support finding an alternate load address. The primary motivation for an explicit align field is that Linux has a configurable CONFIG_PHYSICAL_ALIGN field. This value is present in the bzImage setup header, but not the ELF program headers p_align, which report 2MB even when CONFIG_PHYSICAL_ALIGN is greater. Since a kernel is only considered relocatable if the PHYS32_RELOC elf note is present, the alignment contraints can just be specified within the note instead of searching for an alignment value via a heuristic. Load alignment uses the PHYS32_RELOC note value if specified. Otherwise, the maxmum ELF PHDR p_align value is selected if greater than or equal to PAGE_SIZE. Finally, the fallback default is 2MB. libelf-private.h includes common-macros.h to satisfy the fuzzer build. Link: https://gitlab.com/xen-project/xen/-/issues/180 Signed-off-by: Jason Andryuk Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/dom0_build.c | 108 +++++++++++++++++++++++++++++++++++++ xen/common/libelf/libelf-dominfo.c | 35 ++++++++++++ xen/common/libelf/libelf-private.h | 1 + xen/include/public/elfnote.h | 20 ++++++- xen/include/xen/libelf.h | 4 ++ 5 files changed, 167 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 0ceda4140b..d158f4d241 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -537,6 +537,111 @@ static paddr_t __init find_memory( return INVALID_PADDR; } +static bool __init check_load_address( + const struct domain *d, const struct elf_binary *elf) +{ + paddr_t kernel_start = (uintptr_t)elf->dest_base; + paddr_t kernel_end = kernel_start + elf->dest_size; + unsigned int i; + + /* Relies on a sorted memory map with adjacent entries merged. */ + for ( i = 0; i < d->arch.nr_e820; i++ ) + { + paddr_t start = d->arch.e820[i].addr; + paddr_t end = start + d->arch.e820[i].size; + + if ( start >= kernel_end ) + return false; + + if ( d->arch.e820[i].type == E820_RAM && + start <= kernel_start && + end >= kernel_end ) + return true; + } + + return false; +} + +/* Find an e820 RAM region that fits the kernel at a suitable alignment. */ +static paddr_t __init find_kernel_memory( + const struct domain *d, struct elf_binary *elf, + const struct elf_dom_parms *parms) +{ + paddr_t kernel_size = elf->dest_size; + unsigned int align; + int i; + + if ( parms->phys_align != UNSET_ADDR32 ) + align = parms->phys_align; + else if ( elf->palign >= PAGE_SIZE ) + align = elf->palign; + else + align = MB(2); + + /* Search backwards to find the highest address. */ + for ( i = d->arch.nr_e820 - 1; i >= 0 ; i-- ) + { + paddr_t start = d->arch.e820[i].addr; + paddr_t end = start + d->arch.e820[i].size; + paddr_t kstart, kend; + + if ( d->arch.e820[i].type != E820_RAM || + d->arch.e820[i].size < kernel_size ) + continue; + + if ( start > parms->phys_max ) + continue; + + if ( end - 1 > parms->phys_max ) + end = parms->phys_max + 1; + + kstart = (end - kernel_size) & ~(align - 1); + kend = kstart + kernel_size; + + if ( kstart < parms->phys_min ) + return 0; + + if ( kstart >= start && kend <= end ) + return kstart; + } + + return 0; +} + +/* Check the kernel load address, and adjust if necessary and possible. */ +static bool __init check_and_adjust_load_address( + const struct domain *d, struct elf_binary *elf, struct elf_dom_parms *parms) +{ + paddr_t reloc_base; + + if ( check_load_address(d, elf) ) + return true; + + if ( !parms->phys_reloc ) + { + printk("%pd kernel: Address conflict and not relocatable\n", d); + return false; + } + + reloc_base = find_kernel_memory(d, elf, parms); + if ( !reloc_base ) + { + printk("%pd kernel: Failed find a load address\n", d); + return false; + } + + if ( opt_dom0_verbose ) + printk("%pd kernel: Moving [%p, %p] -> [%"PRIpaddr", %"PRIpaddr"]\n", d, + elf->dest_base, elf->dest_base + elf->dest_size - 1, + reloc_base, reloc_base + elf->dest_size - 1); + + parms->phys_entry = + reloc_base + (parms->phys_entry - (uintptr_t)elf->dest_base); + elf->dest_base = (char *)reloc_base; + + return true; +} + static int __init pvh_load_kernel(struct domain *d, const module_t *image, unsigned long image_headroom, module_t *initrd, void *image_base, @@ -585,6 +690,9 @@ static int __init pvh_load_kernel(struct domain *d, const module_t *image, elf.dest_base = (void *)(parms.virt_kstart - parms.virt_base); elf.dest_size = parms.virt_kend - parms.virt_kstart; + if ( !check_and_adjust_load_address(d, &elf, &parms) ) + return -ENOSPC; + elf_set_vcpu(&elf, v); rc = elf_load_binary(&elf); if ( rc < 0 ) diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c index 0cdb419b8a..260294d0ed 100644 --- a/xen/common/libelf/libelf-dominfo.c +++ b/xen/common/libelf/libelf-dominfo.c @@ -17,6 +17,14 @@ #include "libelf-private.h" +#if defined(__i386__) || defined(__x86_64__) +#define ARCH_PHYS_MIN_DEFAULT 0 +#define ARCH_PHYS_MAX_DEFAULT (GB(4) - 1) +#else +#define ARCH_PHYS_MIN_DEFAULT 0 +#define ARCH_PHYS_MAX_DEFAULT 0 +#endif + /* ------------------------------------------------------------------------ */ /* xen features */ @@ -125,6 +133,7 @@ elf_errorstatus elf_xen_parse_note(struct elf_binary *elf, [XEN_ELFNOTE_SUSPEND_CANCEL] = { "SUSPEND_CANCEL", ELFNOTE_INT }, [XEN_ELFNOTE_MOD_START_PFN] = { "MOD_START_PFN", ELFNOTE_INT }, [XEN_ELFNOTE_PHYS32_ENTRY] = { "PHYS32_ENTRY", ELFNOTE_INT }, + [XEN_ELFNOTE_PHYS32_RELOC] = { "PHYS32_RELOC", ELFNOTE_NAME }, }; /* *INDENT-ON* */ @@ -132,6 +141,7 @@ elf_errorstatus elf_xen_parse_note(struct elf_binary *elf, uint64_t val = 0; unsigned int i; unsigned type = elf_uval(elf, note, type); + unsigned descsz = elf_uval(elf, note, descsz); if ( (type >= sizeof(note_desc) / sizeof(note_desc[0])) || (note_desc[type].name == NULL) ) @@ -228,6 +238,27 @@ elf_errorstatus elf_xen_parse_note(struct elf_binary *elf, case XEN_ELFNOTE_PHYS32_ENTRY: parms->phys_entry = val; break; + + case XEN_ELFNOTE_PHYS32_RELOC: + parms->phys_reloc = true; + + if ( descsz >= 4 ) + { + parms->phys_align = elf_note_numeric_array(elf, note, 4, 0); + elf_msg(elf, " align: %#"PRIx32, parms->phys_align); + } + if ( descsz >= 8 ) + { + parms->phys_min = elf_note_numeric_array(elf, note, 4, 1); + elf_msg(elf, " min: %#"PRIx32, parms->phys_min); + } + if ( descsz >= 12 ) + { + parms->phys_max = elf_note_numeric_array(elf, note, 4, 2); + elf_msg(elf, " max: %#"PRIx32, parms->phys_max); + } + + break; } if ( note_desc[type].type == ELFNOTE_NAME) @@ -543,6 +574,10 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf, parms->p2m_base = UNSET_ADDR; parms->elf_paddr_offset = UNSET_ADDR; parms->phys_entry = UNSET_ADDR32; + parms->phys_align = UNSET_ADDR32; + parms->phys_min = ARCH_PHYS_MIN_DEFAULT; + parms->phys_max = ARCH_PHYS_MAX_DEFAULT; + parms->phys_reloc = false; /* Find and parse elf notes. */ count = elf_phdr_count(elf); diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h index 47db679966..98cac65bc5 100644 --- a/xen/common/libelf/libelf-private.h +++ b/xen/common/libelf/libelf-private.h @@ -71,6 +71,7 @@ #endif #include #include +#include #ifndef FUZZ_NO_LIBXC #include "xenctrl.h" diff --git a/xen/include/public/elfnote.h b/xen/include/public/elfnote.h index 1d84b05f44..2fd8f1b770 100644 --- a/xen/include/public/elfnote.h +++ b/xen/include/public/elfnote.h @@ -196,10 +196,28 @@ */ #define XEN_ELFNOTE_PHYS32_ENTRY 18 +/* + * Physical loading constraints for PVH kernels + * + * The presence of this note indicates the kernel supports relocating itself. + * + * The note may include up to three 32bit values to place constraints on the + * guest physical loading addresses and alignment for a PVH kernel. Values + * are read in the following order: + * - a required start alignment (default 0x200000) + * - a minimum address for the start of the image (default 0; see below) + * - a maximum address for the last byte of the image (default 0xffffffff) + * + * When this note specifies an alignment value, it is used. Otherwise the + * maximum p_align value from loadable ELF Program Headers is used, if it is + * greater than or equal to 4k (0x1000). Otherwise, the default is used. + */ +#define XEN_ELFNOTE_PHYS32_RELOC 19 + /* * The number of the highest elfnote defined. */ -#define XEN_ELFNOTE_MAX XEN_ELFNOTE_PHYS32_ENTRY +#define XEN_ELFNOTE_MAX XEN_ELFNOTE_PHYS32_RELOC /* * System information exported through crash notes. diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h index 2d971f958e..9ac530acc2 100644 --- a/xen/include/xen/libelf.h +++ b/xen/include/xen/libelf.h @@ -426,6 +426,7 @@ struct elf_dom_parms { enum xen_pae_type pae; bool bsd_symtab; bool unmapped_initrd; + bool phys_reloc; uint64_t virt_base; uint64_t virt_entry; uint64_t virt_hypercall; @@ -435,6 +436,9 @@ struct elf_dom_parms { uint32_t f_supported[XENFEAT_NR_SUBMAPS]; uint32_t f_required[XENFEAT_NR_SUBMAPS]; uint32_t phys_entry; + uint32_t phys_align; + uint32_t phys_min; + uint32_t phys_max; /* calculated */ uint64_t virt_kstart; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 07:34:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 07:34:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.701775.1096252 (Exim 4.92) (envelope-from ) id 1rtjWV-0003gC-NH; Mon, 08 Apr 2024 07:34:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 701775.1096252; Mon, 08 Apr 2024 07:34:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjWV-0003g4-Ke; Mon, 08 Apr 2024 07:34:35 +0000 Received: by outflank-mailman (input) for mailman id 701775; Mon, 08 Apr 2024 07:34:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjWU-0003fl-Al for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtjWU-0002Uv-9s for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtjWU-0007bX-9D for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 07:34:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LuBQLORip+WNl9FnRZvGj/gYazXldbE7r5WM74A1IMQ=; b=x50CWtOyXZPPt0VavWZoGrBdsA 5Agpa3Vh8LmcevpwQYBnHkq3cFiWQ4tLqphdZg9zhxltVAdvCRpmDqPTlMb0cRmhj8/GZLLDIjjXu 8uWabg2Jon23bwPqWCltdPd+NhMnt3rGz9ct2u5FiKKcTxxriEu4zT5DeUv8v9qMZxwI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/compiler: address violation of MISRA C Rule 20.9 Message-Id: Date: Mon, 08 Apr 2024 07:34:34 +0000 commit c079823df64c98dd7bb40fe77d9ef410e85a7624 Author: Nicola Vetrini AuthorDate: Mon Apr 8 09:23:15 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:23:15 2024 +0200 xen/compiler: address violation of MISRA C Rule 20.9 The rule states: "All identifiers used in the controlling expression of #if or #elif preprocessing directives shall be #define'd before evaluation". In this case, using defined(identifier) is a MISRA-compliant way to achieve the same effect. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/include/xen/compiler.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index fc87a2edad..179ff23e62 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -30,7 +30,7 @@ #define __weak __attribute__((__weak__)) -#if !CONFIG_CC_IS_CLANG || CONFIG_CLANG_VERSION >= 140000 +#if !defined(CONFIG_CC_IS_CLANG) || CONFIG_CLANG_VERSION >= 140000 # define nocall __attribute__((__error__("Nonstandard ABI"))) #else # define nocall -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 22:33:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 22:33:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702053.1096777 (Exim 4.92) (envelope-from ) id 1rtxXz-0000mD-PJ; Mon, 08 Apr 2024 22:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702053.1096777; Mon, 08 Apr 2024 22:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxXz-0000m6-Mf; Mon, 08 Apr 2024 22:33:03 +0000 Received: by outflank-mailman (input) for mailman id 702053; Mon, 08 Apr 2024 22:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxXx-0000m0-UK for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxXx-0000pA-Qm for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtxXx-0002Py-OZ for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CfUKIHNO1KIJJtDVusHgb6F3vObYBMd3LQEnL6s0MAc=; b=CkWqUAHFUlATIuB1lGGyKRAXyP S7d9YmHZvh77Z/5OrBEvkXlGBHIqEWDyIr4jDmO0gvbvTbPc4c0FWYjZWs8V4DYb/Oc280GJxESeY 1XDS6AnzgMvdUq0/cb3tYb+u3++VzYx1zsd8cLe7jKr1WzThKsvjUWMyXsv79fES6Ke0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/spinlock: add explicit non-recursive locking functions Message-Id: Date: Mon, 08 Apr 2024 22:33:01 +0000 commit 3696a9f27d32f63dec52a073478ddb86ce2fadff Author: Juergen Gross AuthorDate: Mon Apr 8 09:16:23 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:16:23 2024 +0200 xen/spinlock: add explicit non-recursive locking functions In order to prepare a type-safe recursive spinlock structure, add explicitly non-recursive locking functions to be used for non-recursive locking of spinlocks, which are used recursively, too. Signed-off-by: Juergen Gross Acked-by: Jan Beulich Acked-by: Michal Orzel --- xen/arch/arm/mm.c | 4 ++-- xen/arch/x86/domain.c | 12 ++++++------ xen/arch/x86/mm.c | 12 ++++++------ xen/arch/x86/mm/mem_sharing.c | 8 ++++---- xen/arch/x86/mm/p2m-pod.c | 4 ++-- xen/arch/x86/mm/p2m.c | 4 ++-- xen/arch/x86/tboot.c | 4 ++-- xen/common/domctl.c | 4 ++-- xen/common/grant_table.c | 10 +++++----- xen/common/memory.c | 4 ++-- xen/common/numa.c | 4 ++-- xen/common/page_alloc.c | 16 ++++++++-------- xen/drivers/char/console.c | 16 ++++++++-------- xen/include/xen/spinlock.h | 29 +++++++++++++++++++++++------ 14 files changed, 74 insertions(+), 57 deletions(-) diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index b15a18a494..def939172c 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -105,7 +105,7 @@ void share_xen_page_with_guest(struct page_info *page, struct domain *d, if ( page_get_owner(page) == d ) return; - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); /* * The incremented type count pins as writable or read-only. @@ -136,7 +136,7 @@ void share_xen_page_with_guest(struct page_info *page, struct domain *d, page_list_add_tail(page, &d->xenpage_list); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); } int xenmem_add_to_physmap_one( diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index a11c55f921..33a2830d9d 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -212,7 +212,7 @@ void dump_pageframe_info(struct domain *d) { unsigned long total[MASK_EXTR(PGT_type_mask, PGT_type_mask) + 1] = {}; - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_for_each ( page, &d->page_list ) { unsigned int index = MASK_EXTR(page->u.inuse.type_info, @@ -231,13 +231,13 @@ void dump_pageframe_info(struct domain *d) _p(mfn_x(page_to_mfn(page))), page->count_info, page->u.inuse.type_info); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); } if ( is_hvm_domain(d) ) p2m_pod_dump_data(d); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_for_each ( page, &d->xenpage_list ) { @@ -253,7 +253,7 @@ void dump_pageframe_info(struct domain *d) page->count_info, page->u.inuse.type_info); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); } void update_guest_memory_policy(struct vcpu *v, @@ -2448,10 +2448,10 @@ int domain_relinquish_resources(struct domain *d) d->arch.auto_unmask = 0; } - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_splice(&d->arch.relmem_list, &d->page_list); INIT_PAGE_LIST_HEAD(&d->arch.relmem_list); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); PROGRESS(xen): diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 631da8d7d2..9141912ae5 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -482,7 +482,7 @@ void share_xen_page_with_guest(struct page_info *page, struct domain *d, set_gpfn_from_mfn(mfn_x(page_to_mfn(page)), INVALID_M2P_ENTRY); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); /* The incremented type count pins as writable or read-only. */ page->u.inuse.type_info = @@ -502,7 +502,7 @@ void share_xen_page_with_guest(struct page_info *page, struct domain *d, page_list_add_tail(page, &d->xenpage_list); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); } void make_cr3(struct vcpu *v, mfn_t mfn) @@ -3597,11 +3597,11 @@ long do_mmuext_op( { bool drop_ref; - spin_lock(&pg_owner->page_alloc_lock); + nrspin_lock(&pg_owner->page_alloc_lock); drop_ref = (pg_owner->is_dying && test_and_clear_bit(_PGT_pinned, &page->u.inuse.type_info)); - spin_unlock(&pg_owner->page_alloc_lock); + nrspin_unlock(&pg_owner->page_alloc_lock); if ( drop_ref ) { pin_drop: @@ -4424,7 +4424,7 @@ int steal_page( * that it might be upon return from alloc_domheap_pages with * MEMF_no_owner set. */ - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); BUG_ON(page->u.inuse.type_info & (PGT_count_mask | PGT_locked | PGT_pinned)); @@ -4436,7 +4436,7 @@ int steal_page( if ( !(memflags & MEMF_no_refcount) && !domain_adjust_tot_pages(d, -1) ) drop_dom_ref = true; - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); if ( unlikely(drop_dom_ref) ) put_domain(d); diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index f58576c702..da28266ef0 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -740,11 +740,11 @@ static int page_make_private(struct domain *d, struct page_info *page) if ( !get_page(page, dom_cow) ) return -EINVAL; - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); if ( d->is_dying ) { - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); put_page(page); return -EBUSY; } @@ -752,7 +752,7 @@ static int page_make_private(struct domain *d, struct page_info *page) expected_type = (PGT_shared_page | PGT_validated | PGT_locked | 2); if ( page->u.inuse.type_info != expected_type ) { - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); put_page(page); return -EEXIST; } @@ -769,7 +769,7 @@ static int page_make_private(struct domain *d, struct page_info *page) if ( domain_adjust_tot_pages(d, 1) == 1 ) get_knownalive_domain(d); page_list_add_tail(page, &d->page_list); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); put_page(page); diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 674f321cf6..c48ea169b7 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -27,7 +27,7 @@ static always_inline void lock_page_alloc(struct p2m_domain *p2m) { page_alloc_mm_pre_lock(p2m->domain); - spin_lock(&(p2m->domain->page_alloc_lock)); + nrspin_lock(&(p2m->domain->page_alloc_lock)); page_alloc_mm_post_lock(p2m->domain, p2m->domain->arch.page_alloc_unlock_level); } @@ -35,7 +35,7 @@ static always_inline void lock_page_alloc(struct p2m_domain *p2m) static inline void unlock_page_alloc(struct p2m_domain *p2m) { page_alloc_mm_unlock(p2m->domain->arch.page_alloc_unlock_level); - spin_unlock(&(p2m->domain->page_alloc_lock)); + nrspin_unlock(&(p2m->domain->page_alloc_lock)); } /* diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 4c5a79eb53..ce742c12e0 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -2234,7 +2234,7 @@ void audit_p2m(struct domain *d, /* Audit part two: walk the domain's page allocation list, checking * the m2p entries. */ - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_for_each ( page, &d->page_list ) { mfn = mfn_x(page_to_mfn(page)); @@ -2286,7 +2286,7 @@ void audit_p2m(struct domain *d, P2M_PRINTK("OK: mfn=%#lx, gfn=%#lx, p2mfn=%#lx\n", mfn, gfn, mfn_x(p2mfn)); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); pod_unlock(p2m); p2m_unlock(p2m); diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c index 4c254b4e34..ba0700d2d5 100644 --- a/xen/arch/x86/tboot.c +++ b/xen/arch/x86/tboot.c @@ -205,14 +205,14 @@ static void tboot_gen_domain_integrity(const uint8_t key[TB_KEY_SIZE], continue; printk("MACing Domain %u\n", d->domain_id); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_for_each(page, &d->page_list) { void *pg = __map_domain_page(page); vmac_update(pg, PAGE_SIZE, &ctx); unmap_domain_page(pg); } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); if ( is_iommu_enabled(d) && is_vtd ) { diff --git a/xen/common/domctl.c b/xen/common/domctl.c index f2e0e36a17..43b0b074c3 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -622,14 +622,14 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) { uint64_t new_max = op->u.max_mem.max_memkb >> (PAGE_SHIFT - 10); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); /* * NB. We removed a check that new_max >= current tot_pages; this means * that the domain will now be allowed to "ratchet" down to new_max. In * the meantime, while tot > max, all new allocations are disallowed. */ d->max_pages = min(new_max, (uint64_t)(typeof(d->max_pages))-1); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); break; } diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 7708930882..e98e9da520 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -2376,7 +2376,7 @@ gnttab_transfer( mfn = page_to_mfn(page); } - spin_lock(&e->page_alloc_lock); + nrspin_lock(&e->page_alloc_lock); /* * Check that 'e' will accept the page and has reservation @@ -2387,7 +2387,7 @@ gnttab_transfer( unlikely(domain_tot_pages(e) >= e->max_pages) || unlikely(!(e->tot_pages + 1)) ) { - spin_unlock(&e->page_alloc_lock); + nrspin_unlock(&e->page_alloc_lock); if ( e->is_dying ) gdprintk(XENLOG_INFO, "Transferee d%d is dying\n", @@ -2411,7 +2411,7 @@ gnttab_transfer( * safely drop the lock and re-aquire it later to add page to the * pagelist. */ - spin_unlock(&e->page_alloc_lock); + nrspin_unlock(&e->page_alloc_lock); okay = gnttab_prepare_for_transfer(e, d, gop.ref); /* @@ -2427,9 +2427,9 @@ gnttab_transfer( * Need to grab this again to safely free our "reserved" * page in the page total */ - spin_lock(&e->page_alloc_lock); + nrspin_lock(&e->page_alloc_lock); drop_dom_ref = !domain_adjust_tot_pages(e, -1); - spin_unlock(&e->page_alloc_lock); + nrspin_unlock(&e->page_alloc_lock); if ( okay /* i.e. e->is_dying due to the surrounding if() */ ) gdprintk(XENLOG_INFO, "Transferee d%d is now dying\n", diff --git a/xen/common/memory.c b/xen/common/memory.c index b3b05c2ec0..b4593f5f45 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -770,10 +770,10 @@ static long memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg) (1UL << in_chunk_order)) - (j * (1UL << exch.out.extent_order))); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); drop_dom_ref = (dec_count && !domain_adjust_tot_pages(d, -dec_count)); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); if ( drop_dom_ref ) put_domain(d); diff --git a/xen/common/numa.c b/xen/common/numa.c index 6374ba1721..28a09766fa 100644 --- a/xen/common/numa.c +++ b/xen/common/numa.c @@ -719,13 +719,13 @@ static void cf_check dump_numa(unsigned char key) memset(page_num_node, 0, sizeof(page_num_node)); - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_for_each ( page, &d->page_list ) { i = page_to_nid(page); page_num_node[i]++; } - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); for_each_online_node ( i ) printk(" Node %u: %u\n", i, page_num_node[i]); diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index c94834d71b..4d6ce726e3 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -516,7 +516,7 @@ int domain_set_outstanding_pages(struct domain *d, unsigned long pages) * must always take the global heap_lock rather than only in the much * rarer case that d->outstanding_pages is non-zero */ - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); spin_lock(&heap_lock); /* pages==0 means "unset" the claim. */ @@ -562,7 +562,7 @@ int domain_set_outstanding_pages(struct domain *d, unsigned long pages) out: spin_unlock(&heap_lock); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); return ret; } @@ -2348,7 +2348,7 @@ int assign_pages( int rc = 0; unsigned int i; - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); if ( unlikely(d->is_dying) ) { @@ -2430,7 +2430,7 @@ int assign_pages( } out: - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); return rc; } @@ -2909,9 +2909,9 @@ mfn_t acquire_reserved_page(struct domain *d, unsigned int memflags) ASSERT_ALLOC_CONTEXT(); /* Acquire a page from reserved page list(resv_page_list). */ - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page = page_list_remove_head(&d->resv_page_list); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); if ( unlikely(!page) ) return INVALID_MFN; @@ -2930,9 +2930,9 @@ mfn_t acquire_reserved_page(struct domain *d, unsigned int memflags) */ unprepare_staticmem_pages(page, 1, false); fail: - spin_lock(&d->page_alloc_lock); + nrspin_lock(&d->page_alloc_lock); page_list_add_tail(page, &d->resv_page_list); - spin_unlock(&d->page_alloc_lock); + nrspin_unlock(&d->page_alloc_lock); return INVALID_MFN; } #endif diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index e185f80efe..05638e32bb 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -368,9 +368,9 @@ long read_console_ring(struct xen_sysctl_readconsole *op) if ( op->clear ) { - spin_lock_irq(&console_lock); + nrspin_lock_irq(&console_lock); conringc = p - c > conring_size ? p - conring_size : c; - spin_unlock_irq(&console_lock); + nrspin_unlock_irq(&console_lock); } op->count = sofar; @@ -640,7 +640,7 @@ static long guest_console_write(XEN_GUEST_HANDLE_PARAM(char) buffer, if ( is_hardware_domain(cd) ) { /* Use direct console output as it could be interactive */ - spin_lock_irq(&console_lock); + nrspin_lock_irq(&console_lock); console_serial_puts(kbuf, kcount); video_puts(kbuf, kcount); @@ -661,7 +661,7 @@ static long guest_console_write(XEN_GUEST_HANDLE_PARAM(char) buffer, tasklet_schedule(¬ify_dom0_con_ring_tasklet); } - spin_unlock_irq(&console_lock); + nrspin_unlock_irq(&console_lock); } else { @@ -1028,9 +1028,9 @@ void __init console_init_preirq(void) pv_console_set_rx_handler(serial_rx); /* HELLO WORLD --- start-of-day banner text. */ - spin_lock(&console_lock); + nrspin_lock(&console_lock); __putstr(xen_banner()); - spin_unlock(&console_lock); + nrspin_unlock(&console_lock); printk("Xen version %d.%d%s (%s@%s) (%s) %s %s\n", xen_major_version(), xen_minor_version(), xen_extra_version(), xen_compile_by(), xen_compile_domain(), xen_compiler(), @@ -1067,13 +1067,13 @@ void __init console_init_ring(void) } opt_conring_size = PAGE_SIZE << order; - spin_lock_irqsave(&console_lock, flags); + nrspin_lock_irqsave(&console_lock, flags); for ( i = conringc ; i != conringp; i++ ) ring[i & (opt_conring_size - 1)] = conring[i & (conring_size - 1)]; conring = ring; smp_wmb(); /* Allow users of console_force_unlock() to see larger buffer. */ conring_size = opt_conring_size; - spin_unlock_irqrestore(&console_lock, flags); + nrspin_unlock_irqrestore(&console_lock, flags); printk("Allocated console ring of %u KiB.\n", opt_conring_size >> 10); } diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 593cba640e..53a33653f9 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -102,6 +102,9 @@ struct lock_profile_qhead { }; #define LOCK_PROFILE_(lockname) { .name = #lockname, .ptr.lock = &(lockname), } +#define RLOCK_PROFILE_(lockname) { .name = #lockname, \ + .ptr.rlock = &(lockname), \ + .is_rlock = true, } #define LOCK_PROFILE_PTR_(name) \ static struct lock_profile * const lock_profile__##name \ __used_section(".lockprofile.data") = \ @@ -118,10 +121,10 @@ struct lock_profile_qhead { LOCK_PROFILE_PTR_(l) #define DEFINE_RSPINLOCK(l) \ rspinlock_t l = SPIN_LOCK_UNLOCKED_(NULL); \ - static struct lock_profile lock_profile_data__##l = LOCK_PROFILE_(l); \ + static struct lock_profile lock_profile_data__##l = RLOCK_PROFILE_(l); \ LOCK_PROFILE_PTR_(l) -#define spin_lock_init_prof__(s, l, locktype) \ +#define spin_lock_init_prof__(s, l, lockptr, locktype, isr) \ do { \ struct lock_profile *prof; \ prof = xzalloc(struct lock_profile); \ @@ -134,13 +137,16 @@ struct lock_profile_qhead { break; \ } \ prof->name = #l; \ - prof->ptr.lock = &(s)->l; \ + prof->ptr.lockptr = &(s)->l; \ + prof->is_rlock = isr; \ prof->next = (s)->profile_head.elem_q; \ (s)->profile_head.elem_q = prof; \ } while( 0 ) -#define spin_lock_init_prof(s, l) spin_lock_init_prof__(s, l, spinlock_t) -#define rspin_lock_init_prof(s, l) spin_lock_init_prof__(s, l, rspinlock_t) +#define spin_lock_init_prof(s, l) \ + spin_lock_init_prof__(s, l, lock, spinlock_t, false) +#define rspin_lock_init_prof(s, l) \ + spin_lock_init_prof__(s, l, rlock, rspinlock_t, true) void _lock_profile_register_struct( int32_t type, struct lock_profile_qhead *qhead, int32_t idx); @@ -274,7 +280,10 @@ static always_inline void spin_lock_if(bool condition, spinlock_t *l) * reentered recursively on the same CPU. All critical regions that may form * part of a recursively-nested set must be protected by these forms. If there * are any critical regions that cannot form part of such a set, they can use - * standard spin_[un]lock(). + * nrspin_[un]lock(). + * The nrspin_[un]lock() forms act the same way as normal spin_[un]lock() + * calls, but operate on rspinlock_t locks. nrspin_lock() and rspin_lock() + * calls are blocking to each other for a specific lock even on the same cpu. */ bool _rspin_trylock(rspinlock_t *lock); void _rspin_lock(rspinlock_t *lock); @@ -298,4 +307,12 @@ static always_inline void rspin_lock(rspinlock_t *lock) #define rspin_unlock(l) _rspin_unlock(l) #define rspin_unlock_irqrestore(l, f) _rspin_unlock_irqrestore(l, f) +#define nrspin_trylock(l) spin_trylock(l) +#define nrspin_lock(l) spin_lock(l) +#define nrspin_unlock(l) spin_unlock(l) +#define nrspin_lock_irq(l) spin_lock_irq(l) +#define nrspin_unlock_irq(l) spin_unlock_irq(l) +#define nrspin_lock_irqsave(l, f) spin_lock_irqsave(l, f) +#define nrspin_unlock_irqrestore(l, f) spin_unlock_irqrestore(l, f) + #endif /* __SPINLOCK_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 22:33:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 22:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702054.1096781 (Exim 4.92) (envelope-from ) id 1rtxY9-0000pM-Qt; Mon, 08 Apr 2024 22:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702054.1096781; Mon, 08 Apr 2024 22:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxY9-0000pE-OC; Mon, 08 Apr 2024 22:33:13 +0000 Received: by outflank-mailman (input) for mailman id 702054; Mon, 08 Apr 2024 22:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxY7-0000p2-Uy for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxY7-0000pL-U9 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtxY7-0002QS-TD for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6fp7sAvczFJb+mxh5i9H2uWG7YmLpMQCvn3wzMD7Vrk=; b=B+f37IWIQLpMLr7nIT6nBXizKH +F7Ueq+kW+fdUPSok9emom5r3leqPOabyzosE/mTPmhV/CNXiv+LNaesDa/gwGkmBQQXLywEkt6q/ 3yiBHDbGYCUfgPRQNJ5ajx0Zr/+wdUHi2hUI1v5eGwc7Vjn2tKF8rwNUx8aRjmyOVg+o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/spinlock: add another function level Message-Id: Date: Mon, 08 Apr 2024 22:33:11 +0000 commit ee1e1331258e27e42ea85cfa1b5d827ceebf906e Author: Juergen Gross AuthorDate: Mon Apr 8 09:17:47 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:17:47 2024 +0200 xen/spinlock: add another function level Add another function level in spinlock.c hiding the spinlock_t layout from the low level locking code. This is done in preparation of introducing rspinlock_t for recursive locks without having to duplicate all of the locking code. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/common/spinlock.c | 103 +++++++++++++++++++++++++++++---------------- xen/include/xen/spinlock.h | 1 + 2 files changed, 68 insertions(+), 36 deletions(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 874ed762b4..648393d95f 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -261,29 +261,31 @@ void spin_debug_disable(void) #ifdef CONFIG_DEBUG_LOCK_PROFILE +#define LOCK_PROFILE_PAR lock->profile #define LOCK_PROFILE_REL \ - if ( lock->profile ) \ + if ( profile ) \ { \ - lock->profile->time_hold += NOW() - lock->profile->time_locked; \ - lock->profile->lock_cnt++; \ + profile->time_hold += NOW() - profile->time_locked; \ + profile->lock_cnt++; \ } #define LOCK_PROFILE_VAR(var, val) s_time_t var = (val) #define LOCK_PROFILE_BLOCK(var) var = var ? : NOW() #define LOCK_PROFILE_BLKACC(tst, val) \ if ( tst ) \ { \ - lock->profile->time_block += lock->profile->time_locked - (val); \ - lock->profile->block_cnt++; \ + profile->time_block += profile->time_locked - (val); \ + profile->block_cnt++; \ } #define LOCK_PROFILE_GOT(val) \ - if ( lock->profile ) \ + if ( profile ) \ { \ - lock->profile->time_locked = NOW(); \ + profile->time_locked = NOW(); \ LOCK_PROFILE_BLKACC(val, val); \ } #else +#define LOCK_PROFILE_PAR NULL #define LOCK_PROFILE_REL #define LOCK_PROFILE_VAR(var, val) #define LOCK_PROFILE_BLOCK(var) @@ -307,17 +309,18 @@ static always_inline uint16_t observe_head(const spinlock_tickets_t *t) return read_atomic(&t->head); } -static void always_inline spin_lock_common(spinlock_t *lock, +static void always_inline spin_lock_common(spinlock_tickets_t *t, + union lock_debug *debug, + struct lock_profile *profile, void (*cb)(void *data), void *data) { spinlock_tickets_t tickets = SPINLOCK_TICKET_INC; LOCK_PROFILE_VAR(block, 0); - check_lock(&lock->debug, false); + check_lock(debug, false); preempt_disable(); - tickets.head_tail = arch_fetch_and_add(&lock->tickets.head_tail, - tickets.head_tail); - while ( tickets.tail != observe_head(&lock->tickets) ) + tickets.head_tail = arch_fetch_and_add(&t->head_tail, tickets.head_tail); + while ( tickets.tail != observe_head(t) ) { LOCK_PROFILE_BLOCK(block); if ( cb ) @@ -325,18 +328,19 @@ static void always_inline spin_lock_common(spinlock_t *lock, arch_lock_relax(); } arch_lock_acquire_barrier(); - got_lock(&lock->debug); + got_lock(debug); LOCK_PROFILE_GOT(block); } void _spin_lock(spinlock_t *lock) { - spin_lock_common(lock, NULL, NULL); + spin_lock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR, NULL, + NULL); } void _spin_lock_cb(spinlock_t *lock, void (*cb)(void *data), void *data) { - spin_lock_common(lock, cb, data); + spin_lock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR, cb, data); } void _spin_lock_irq(spinlock_t *lock) @@ -355,16 +359,23 @@ unsigned long _spin_lock_irqsave(spinlock_t *lock) return flags; } -void _spin_unlock(spinlock_t *lock) +static void always_inline spin_unlock_common(spinlock_tickets_t *t, + union lock_debug *debug, + struct lock_profile *profile) { LOCK_PROFILE_REL; - rel_lock(&lock->debug); + rel_lock(debug); arch_lock_release_barrier(); - add_sized(&lock->tickets.head, 1); + add_sized(&t->head, 1); arch_lock_signal(); preempt_enable(); } +void _spin_unlock(spinlock_t *lock) +{ + spin_unlock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + void _spin_unlock_irq(spinlock_t *lock) { _spin_unlock(lock); @@ -377,6 +388,11 @@ void _spin_unlock_irqrestore(spinlock_t *lock, unsigned long flags) local_irq_restore(flags); } +static bool always_inline spin_is_locked_common(const spinlock_tickets_t *t) +{ + return t->head != t->tail; +} + int _spin_is_locked(const spinlock_t *lock) { /* @@ -385,57 +401,70 @@ int _spin_is_locked(const spinlock_t *lock) * ASSERT()s and alike. */ return lock->recurse_cpu == SPINLOCK_NO_CPU - ? lock->tickets.head != lock->tickets.tail + ? spin_is_locked_common(&lock->tickets) : lock->recurse_cpu == smp_processor_id(); } -int _spin_trylock(spinlock_t *lock) +static bool always_inline spin_trylock_common(spinlock_tickets_t *t, + union lock_debug *debug, + struct lock_profile *profile) { spinlock_tickets_t old, new; preempt_disable(); - check_lock(&lock->debug, true); - old = observe_lock(&lock->tickets); + check_lock(debug, true); + old = observe_lock(t); if ( old.head != old.tail ) { preempt_enable(); - return 0; + return false; } new = old; new.tail++; - if ( cmpxchg(&lock->tickets.head_tail, - old.head_tail, new.head_tail) != old.head_tail ) + if ( cmpxchg(&t->head_tail, old.head_tail, new.head_tail) != old.head_tail ) { preempt_enable(); - return 0; + return false; } /* * cmpxchg() is a full barrier so no need for an * arch_lock_acquire_barrier(). */ - got_lock(&lock->debug); + got_lock(debug); LOCK_PROFILE_GOT(0); - return 1; + return true; } -void _spin_barrier(spinlock_t *lock) +int _spin_trylock(spinlock_t *lock) +{ + return spin_trylock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + +static void always_inline spin_barrier_common(spinlock_tickets_t *t, + union lock_debug *debug, + struct lock_profile *profile) { spinlock_tickets_t sample; LOCK_PROFILE_VAR(block, NOW()); - check_barrier(&lock->debug); + check_barrier(debug); smp_mb(); - sample = observe_lock(&lock->tickets); + sample = observe_lock(t); if ( sample.head != sample.tail ) { - while ( observe_head(&lock->tickets) == sample.head ) + while ( observe_head(t) == sample.head ) arch_lock_relax(); - LOCK_PROFILE_BLKACC(lock->profile, block); + LOCK_PROFILE_BLKACC(profile, block); } smp_mb(); } +void _spin_barrier(spinlock_t *lock) +{ + spin_barrier_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + bool _rspin_trylock(rspinlock_t *lock) { unsigned int cpu = smp_processor_id(); @@ -448,7 +477,8 @@ bool _rspin_trylock(rspinlock_t *lock) if ( likely(lock->recurse_cpu != cpu) ) { - if ( !_spin_trylock(lock) ) + if ( !spin_trylock_common(&lock->tickets, &lock->debug, + LOCK_PROFILE_PAR) ) return false; lock->recurse_cpu = cpu; } @@ -466,7 +496,8 @@ void _rspin_lock(rspinlock_t *lock) if ( likely(lock->recurse_cpu != cpu) ) { - _spin_lock(lock); + spin_lock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR, NULL, + NULL); lock->recurse_cpu = cpu; } @@ -490,7 +521,7 @@ void _rspin_unlock(rspinlock_t *lock) if ( likely(--lock->recurse_cnt == 0) ) { lock->recurse_cpu = SPINLOCK_NO_CPU; - spin_unlock(lock); + spin_unlock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); } } diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 53a33653f9..8bc4652526 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -165,6 +165,7 @@ extern void cf_check spinlock_profile_reset(unsigned char key); #else struct lock_profile_qhead { }; +struct lock_profile { }; #define SPIN_LOCK_UNLOCKED { \ .recurse_cpu = SPINLOCK_NO_CPU, \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 22:33:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 22:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702055.1096786 (Exim 4.92) (envelope-from ) id 1rtxYJ-0000sN-UW; Mon, 08 Apr 2024 22:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702055.1096786; Mon, 08 Apr 2024 22:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYJ-0000sD-RU; Mon, 08 Apr 2024 22:33:23 +0000 Received: by outflank-mailman (input) for mailman id 702055; Mon, 08 Apr 2024 22:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYI-0000rs-2H for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYI-0000pf-1R for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtxYI-0002Qw-0Q for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tjzhyCSiaJUKplUJkyRYd0HOve0Nx5OWBbb8LyEBVUk=; b=v932NV7Gowx2+S+vUy7F9xryOz Mb0mVn5cMk/LJZvC4F68pzGMfMlOghg72PFes6LYNEcx18ElGp6IcR/XES0zhfbmuIc5dHNQ0cfRg PZ7sIK8vRkU6O0E0Udx1H9OBrl2krtraROMooMxAIpSVOagurWE7Qnn00JTiNXK5vsig=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/spinlock: add missing rspin_is_locked() and rspin_barrier() Message-Id: Date: Mon, 08 Apr 2024 22:33:22 +0000 commit 31be78285c8fed95a921736964bee2781d49168d Author: Juergen Gross AuthorDate: Mon Apr 8 09:18:40 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:18:40 2024 +0200 xen/spinlock: add missing rspin_is_locked() and rspin_barrier() Add rspin_is_locked() and rspin_barrier() in order to prepare differing spinlock_t and rspinlock_t types. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/arch/x86/mm/p2m-pod.c | 2 +- xen/common/domain.c | 2 +- xen/common/page_alloc.c | 2 +- xen/common/spinlock.c | 26 ++++++++++++++++++++------ xen/drivers/char/console.c | 4 ++-- xen/drivers/passthrough/pci.c | 2 +- xen/include/xen/spinlock.h | 4 ++++ 7 files changed, 30 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index c48ea169b7..9750a3a21b 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -374,7 +374,7 @@ int p2m_pod_empty_cache(struct domain *d) /* After this barrier no new PoD activities can happen. */ BUG_ON(!d->is_dying); - spin_barrier(&p2m->pod.lock.lock); + rspin_barrier(&p2m->pod.lock.lock); lock_page_alloc(p2m); diff --git a/xen/common/domain.c b/xen/common/domain.c index ceb44c8266..282c3ab623 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -991,7 +991,7 @@ int domain_kill(struct domain *d) case DOMDYING_alive: domain_pause(d); d->is_dying = DOMDYING_dying; - spin_barrier(&d->domain_lock); + rspin_barrier(&d->domain_lock); argo_destroy(d); vnuma_destroy(d->vnuma); domain_set_outstanding_pages(d, 0); diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index 4d6ce726e3..7c1bdfc046 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -477,7 +477,7 @@ unsigned long domain_adjust_tot_pages(struct domain *d, long pages) { long dom_before, dom_after, dom_claimed, sys_before, sys_after; - ASSERT(spin_is_locked(&d->page_alloc_lock)); + ASSERT(rspin_is_locked(&d->page_alloc_lock)); d->tot_pages += pages; /* diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 648393d95f..6572c76114 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -396,13 +396,10 @@ static bool always_inline spin_is_locked_common(const spinlock_tickets_t *t) int _spin_is_locked(const spinlock_t *lock) { /* - * Recursive locks may be locked by another CPU, yet we return - * "false" here, making this function suitable only for use in - * ASSERT()s and alike. + * This function is suitable only for use in ASSERT()s and alike, as it + * doesn't tell _who_ is holding the lock. */ - return lock->recurse_cpu == SPINLOCK_NO_CPU - ? spin_is_locked_common(&lock->tickets) - : lock->recurse_cpu == smp_processor_id(); + return spin_is_locked_common(&lock->tickets); } static bool always_inline spin_trylock_common(spinlock_tickets_t *t, @@ -465,6 +462,23 @@ void _spin_barrier(spinlock_t *lock) spin_barrier_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); } +bool _rspin_is_locked(const rspinlock_t *lock) +{ + /* + * Recursive locks may be locked by another CPU, yet we return + * "false" here, making this function suitable only for use in + * ASSERT()s and alike. + */ + return lock->recurse_cpu == SPINLOCK_NO_CPU + ? spin_is_locked_common(&lock->tickets) + : lock->recurse_cpu == smp_processor_id(); +} + +void _rspin_barrier(rspinlock_t *lock) +{ + spin_barrier_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + bool _rspin_trylock(rspinlock_t *lock) { unsigned int cpu = smp_processor_id(); diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c index 05638e32bb..2c363d9c1d 100644 --- a/xen/drivers/char/console.c +++ b/xen/drivers/char/console.c @@ -327,7 +327,7 @@ static void cf_check do_dec_thresh(unsigned char key, bool unused) static void conring_puts(const char *str, size_t len) { - ASSERT(spin_is_locked(&console_lock)); + ASSERT(rspin_is_locked(&console_lock)); while ( len-- ) conring[CONRING_IDX_MASK(conringp++)] = *str++; @@ -767,7 +767,7 @@ static void __putstr(const char *str) { size_t len = strlen(str); - ASSERT(spin_is_locked(&console_lock)); + ASSERT(rspin_is_locked(&console_lock)); console_serial_puts(str, len); video_puts(str, len); diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 4fcc7e2cde..5a446d3dce 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -65,7 +65,7 @@ void pcidevs_unlock(void) bool pcidevs_locked(void) { - return !!spin_is_locked(&_pcidevs_lock); + return rspin_is_locked(&_pcidevs_lock); } static struct radix_tree_root pci_segments; diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 8bc4652526..148be1e116 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -297,6 +297,8 @@ void _rspin_lock(rspinlock_t *lock); unsigned long _rspin_lock_irqsave(rspinlock_t *lock); void _rspin_unlock(rspinlock_t *lock); void _rspin_unlock_irqrestore(rspinlock_t *lock, unsigned long flags); +bool _rspin_is_locked(const rspinlock_t *lock); +void _rspin_barrier(rspinlock_t *lock); static always_inline void rspin_lock(rspinlock_t *lock) { @@ -307,6 +309,8 @@ static always_inline void rspin_lock(rspinlock_t *lock) #define rspin_trylock(l) lock_evaluate_nospec(_rspin_trylock(l)) #define rspin_unlock(l) _rspin_unlock(l) #define rspin_unlock_irqrestore(l, f) _rspin_unlock_irqrestore(l, f) +#define rspin_barrier(l) _rspin_barrier(l) +#define rspin_is_locked(l) _rspin_is_locked(l) #define nrspin_trylock(l) spin_trylock(l) #define nrspin_lock(l) spin_lock(l) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 22:33:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 22:33:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702056.1096789 (Exim 4.92) (envelope-from ) id 1rtxYT-000113-Vs; Mon, 08 Apr 2024 22:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702056.1096789; Mon, 08 Apr 2024 22:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYT-00010v-Sz; Mon, 08 Apr 2024 22:33:33 +0000 Received: by outflank-mailman (input) for mailman id 702056; Mon, 08 Apr 2024 22:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYS-0000v0-69 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYS-0000q8-5J for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtxYS-0002RL-3X for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LLrM1EQoHbNkM8Wb8BrkMBZGMpCFT4z1VCK/WhQzRro=; b=HxU90QnhkTJdGieN5LGLbnfl3Q wrEeht7IkF6Nc6vErlzolTC3pcQotnAC4SAYB4xTXE7pOZrqQ8mkcPpYLJQkL/SecvPJzE96vJiei 0MeJa8Q+vWpk+UfBoBScvefh9wmucCHPe5c6l1ECRtSE9Lp6Yc99yLJHf9A/z2rXeawc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/spinlock: split recursive spinlocks from normal ones Message-Id: Date: Mon, 08 Apr 2024 22:33:32 +0000 commit bfbec024b83e2705b40853468e7baa4aac0e7f1f Author: Juergen Gross AuthorDate: Mon Apr 8 09:19:34 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:19:34 2024 +0200 xen/spinlock: split recursive spinlocks from normal ones Recursive and normal spinlocks are sharing the same data structure for representation of the lock. This has two major disadvantages: - it is not clear from the definition of a lock, whether it is intended to be used recursive or not, while a mixture of both usage variants needs to be - in production builds (builds without CONFIG_DEBUG_LOCKS) the needed data size of an ordinary spinlock is 8 bytes instead of 4, due to the additional recursion data needed (associated with that the rwlock data is using 12 instead of only 8 bytes) Fix that by introducing a struct spinlock_recursive for recursive spinlocks only, and switch recursive spinlock functions to require pointers to this new struct. This allows to check the correct usage at build time. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/common/spinlock.c | 50 ++++++++++++++++++++++++++++++++ xen/include/xen/spinlock.h | 72 +++++++++++++++++++++++++++++++++++----------- 2 files changed, 105 insertions(+), 17 deletions(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 6572c76114..5aaca49a61 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -545,6 +545,56 @@ void _rspin_unlock_irqrestore(rspinlock_t *lock, unsigned long flags) local_irq_restore(flags); } +bool _nrspin_trylock(rspinlock_t *lock) +{ + check_lock(&lock->debug, true); + + if ( unlikely(lock->recurse_cpu != SPINLOCK_NO_CPU) ) + return false; + + return spin_trylock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + +void _nrspin_lock(rspinlock_t *lock) +{ + spin_lock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR, NULL, + NULL); +} + +void _nrspin_unlock(rspinlock_t *lock) +{ + spin_unlock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); +} + +void _nrspin_lock_irq(rspinlock_t *lock) +{ + ASSERT(local_irq_is_enabled()); + local_irq_disable(); + _nrspin_lock(lock); +} + +void _nrspin_unlock_irq(rspinlock_t *lock) +{ + _nrspin_unlock(lock); + local_irq_enable(); +} + +unsigned long _nrspin_lock_irqsave(rspinlock_t *lock) +{ + unsigned long flags; + + local_irq_save(flags); + _nrspin_lock(lock); + + return flags; +} + +void _nrspin_unlock_irqrestore(rspinlock_t *lock, unsigned long flags) +{ + _nrspin_unlock(lock); + local_irq_restore(flags); +} + #ifdef CONFIG_DEBUG_LOCK_PROFILE struct lock_profile_anc { diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 148be1e116..f49ba928f0 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -77,8 +77,6 @@ union lock_debug { }; */ struct spinlock; -/* Temporary hack until a dedicated struct rspinlock is existing. */ -#define rspinlock spinlock struct lock_profile { struct lock_profile *next; /* forward link */ @@ -110,6 +108,10 @@ struct lock_profile_qhead { __used_section(".lockprofile.data") = \ &lock_profile_data__##name #define SPIN_LOCK_UNLOCKED_(x) { \ + .debug = LOCK_DEBUG_, \ + .profile = x, \ +} +#define RSPIN_LOCK_UNLOCKED_(x) { \ .recurse_cpu = SPINLOCK_NO_CPU, \ .debug = LOCK_DEBUG_, \ .profile = x, \ @@ -119,8 +121,9 @@ struct lock_profile_qhead { spinlock_t l = SPIN_LOCK_UNLOCKED_(NULL); \ static struct lock_profile lock_profile_data__##l = LOCK_PROFILE_(l); \ LOCK_PROFILE_PTR_(l) +#define RSPIN_LOCK_UNLOCKED RSPIN_LOCK_UNLOCKED_(NULL) #define DEFINE_RSPINLOCK(l) \ - rspinlock_t l = SPIN_LOCK_UNLOCKED_(NULL); \ + rspinlock_t l = RSPIN_LOCK_UNLOCKED_(NULL); \ static struct lock_profile lock_profile_data__##l = RLOCK_PROFILE_(l); \ LOCK_PROFILE_PTR_(l) @@ -145,8 +148,11 @@ struct lock_profile_qhead { #define spin_lock_init_prof(s, l) \ spin_lock_init_prof__(s, l, lock, spinlock_t, false) -#define rspin_lock_init_prof(s, l) \ - spin_lock_init_prof__(s, l, rlock, rspinlock_t, true) +#define rspin_lock_init_prof(s, l) do { \ + spin_lock_init_prof__(s, l, rlock, rspinlock_t, true); \ + (s)->l.recurse_cpu = SPINLOCK_NO_CPU; \ + (s)->l.recurse_cnt = 0; \ + } while (0) void _lock_profile_register_struct( int32_t type, struct lock_profile_qhead *qhead, int32_t idx); @@ -168,11 +174,14 @@ struct lock_profile_qhead { }; struct lock_profile { }; #define SPIN_LOCK_UNLOCKED { \ + .debug = LOCK_DEBUG_, \ +} +#define RSPIN_LOCK_UNLOCKED { \ .recurse_cpu = SPINLOCK_NO_CPU, \ .debug = LOCK_DEBUG_, \ } #define DEFINE_SPINLOCK(l) spinlock_t l = SPIN_LOCK_UNLOCKED -#define DEFINE_RSPINLOCK(l) rspinlock_t l = SPIN_LOCK_UNLOCKED +#define DEFINE_RSPINLOCK(l) rspinlock_t l = RSPIN_LOCK_UNLOCKED #define spin_lock_init_prof(s, l) spin_lock_init(&((s)->l)) #define rspin_lock_init_prof(s, l) rspin_lock_init(&((s)->l)) @@ -193,6 +202,14 @@ typedef union { #define SPINLOCK_TICKET_INC { .head_tail = 0x10000, } typedef struct spinlock { + spinlock_tickets_t tickets; + union lock_debug debug; +#ifdef CONFIG_DEBUG_LOCK_PROFILE + struct lock_profile *profile; +#endif +} spinlock_t; + +typedef struct rspinlock { spinlock_tickets_t tickets; uint16_t recurse_cpu:SPINLOCK_CPU_BITS; #define SPINLOCK_NO_CPU ((1u << SPINLOCK_CPU_BITS) - 1) @@ -203,12 +220,10 @@ typedef struct spinlock { #ifdef CONFIG_DEBUG_LOCK_PROFILE struct lock_profile *profile; #endif -} spinlock_t; - -typedef spinlock_t rspinlock_t; +} rspinlock_t; #define spin_lock_init(l) (*(l) = (spinlock_t)SPIN_LOCK_UNLOCKED) -#define rspin_lock_init(l) (*(l) = (rspinlock_t)SPIN_LOCK_UNLOCKED) +#define rspin_lock_init(l) (*(l) = (rspinlock_t)RSPIN_LOCK_UNLOCKED) void _spin_lock(spinlock_t *lock); void _spin_lock_cb(spinlock_t *lock, void (*cb)(void *data), void *data); @@ -312,12 +327,35 @@ static always_inline void rspin_lock(rspinlock_t *lock) #define rspin_barrier(l) _rspin_barrier(l) #define rspin_is_locked(l) _rspin_is_locked(l) -#define nrspin_trylock(l) spin_trylock(l) -#define nrspin_lock(l) spin_lock(l) -#define nrspin_unlock(l) spin_unlock(l) -#define nrspin_lock_irq(l) spin_lock_irq(l) -#define nrspin_unlock_irq(l) spin_unlock_irq(l) -#define nrspin_lock_irqsave(l, f) spin_lock_irqsave(l, f) -#define nrspin_unlock_irqrestore(l, f) spin_unlock_irqrestore(l, f) +bool _nrspin_trylock(rspinlock_t *lock); +void _nrspin_lock(rspinlock_t *lock); +#define nrspin_lock_irqsave(l, f) \ + ({ \ + BUILD_BUG_ON(sizeof(f) != sizeof(unsigned long)); \ + (f) = _nrspin_lock_irqsave(l); \ + block_lock_speculation(); \ + }) +unsigned long _nrspin_lock_irqsave(rspinlock_t *lock); +void _nrspin_unlock(rspinlock_t *lock); +void _nrspin_lock_irq(rspinlock_t *lock); +void _nrspin_unlock_irq(rspinlock_t *lock); +void _nrspin_unlock_irqrestore(rspinlock_t *lock, unsigned long flags); + +static always_inline void nrspin_lock(rspinlock_t *lock) +{ + _nrspin_lock(lock); + block_lock_speculation(); +} + +static always_inline void nrspin_lock_irq(rspinlock_t *l) +{ + _nrspin_lock_irq(l); + block_lock_speculation(); +} + +#define nrspin_trylock(l) lock_evaluate_nospec(_nrspin_trylock(l)) +#define nrspin_unlock(l) _nrspin_unlock(l) +#define nrspin_unlock_irqrestore(l, f) _nrspin_unlock_irqrestore(l, f) +#define nrspin_unlock_irq(l) _nrspin_unlock_irq(l) #endif /* __SPINLOCK_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 22:33:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 22:33:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702057.1096794 (Exim 4.92) (envelope-from ) id 1rtxYe-00017G-1p; Mon, 08 Apr 2024 22:33:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702057.1096794; Mon, 08 Apr 2024 22:33:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYd-000178-UQ; Mon, 08 Apr 2024 22:33:43 +0000 Received: by outflank-mailman (input) for mailman id 702057; Mon, 08 Apr 2024 22:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYc-00016r-9y for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYc-0000qN-8r for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtxYc-0002Ro-7S for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+KxrXcl2Po7XY2qLjnk1HK5lIV98SirZmEG/HZMkwE0=; b=Yut3MC7OQPxqDJg2yf0gMlHEMZ VpHWqqMOlDNDri0uJRsfxpgRTNhLAgiDrpe6lDDEiwTJSGL9NyiAkmeN2Jr8BbAXOd8ZM1//FUbZF GYCRR7pktEVCAc9MOg+5Grg9JJiT1ou76q2L46/ek+0CkPmKcHuIgykyqtBnErS6Fg9o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/spinlock: let all is_locked and trylock variants return bool Message-Id: Date: Mon, 08 Apr 2024 22:33:42 +0000 commit 0b09531d21ac26f63646159959c3b0a72bd107f8 Author: Juergen Gross AuthorDate: Mon Apr 8 09:20:24 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:20:24 2024 +0200 xen/spinlock: let all is_locked and trylock variants return bool Switch the remaining trylock and is_locked variants to return bool. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/common/spinlock.c | 4 ++-- xen/include/xen/spinlock.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 5aaca49a61..7ccb725171 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -393,7 +393,7 @@ static bool always_inline spin_is_locked_common(const spinlock_tickets_t *t) return t->head != t->tail; } -int _spin_is_locked(const spinlock_t *lock) +bool _spin_is_locked(const spinlock_t *lock) { /* * This function is suitable only for use in ASSERT()s and alike, as it @@ -433,7 +433,7 @@ static bool always_inline spin_trylock_common(spinlock_tickets_t *t, return true; } -int _spin_trylock(spinlock_t *lock) +bool _spin_trylock(spinlock_t *lock) { return spin_trylock_common(&lock->tickets, &lock->debug, LOCK_PROFILE_PAR); } diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index f49ba928f0..3a4092626c 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -234,8 +234,8 @@ void _spin_unlock(spinlock_t *lock); void _spin_unlock_irq(spinlock_t *lock); void _spin_unlock_irqrestore(spinlock_t *lock, unsigned long flags); -int _spin_is_locked(const spinlock_t *lock); -int _spin_trylock(spinlock_t *lock); +bool _spin_is_locked(const spinlock_t *lock); +bool _spin_trylock(spinlock_t *lock); void _spin_barrier(spinlock_t *lock); static always_inline void spin_lock(spinlock_t *l) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 22:33:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 22:33:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702058.1096797 (Exim 4.92) (envelope-from ) id 1rtxYo-00019u-24; Mon, 08 Apr 2024 22:33:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702058.1096797; Mon, 08 Apr 2024 22:33:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYn-00019m-Vs; Mon, 08 Apr 2024 22:33:53 +0000 Received: by outflank-mailman (input) for mailman id 702058; Mon, 08 Apr 2024 22:33:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYm-00019X-Cv for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYm-0000qa-C2 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtxYm-0002SE-B4 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:33:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fN5D6RLrdGFJBHA9X6ljR8NqTwtf7ypkgdbVOm8l6A4=; b=wcnln3xossWgCR7TDCD6DnK0lI uUdzvgQyK8uJ5RVdX620oHywsoRUBuhOIfgbrA2ui00vleMWrREX9vongFvJSCL0PgymO8TcC+TsH +4GIyQ3rNCCMdR4BMgHEsO+3a6HwjeP/vWZE4hnZUE95XAbc57MEWuR8d5JqtT1szxZ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/spinlock: support higher number of cpus Message-Id: Date: Mon, 08 Apr 2024 22:33:52 +0000 commit c286bb93d20c7e49f61d3e8ca006d58d00af0d2e Author: Juergen Gross AuthorDate: Mon Apr 8 09:21:13 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:21:13 2024 +0200 xen/spinlock: support higher number of cpus Allow 16 bits per cpu number, which is the limit imposed by spinlock_tickets_t. This will allow up to 65535 cpus, while increasing only the size of recursive spinlocks in debug builds from 8 to 12 bytes. The current Xen limit of 4095 cpus is imposed by SPINLOCK_CPU_BITS being 12. There are machines available with more cpus than the current Xen limit, so it makes sense to have the possibility to use more cpus. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/common/spinlock.c | 2 ++ xen/include/xen/spinlock.h | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 7ccb725171..5aa9ba6188 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -485,7 +485,9 @@ bool _rspin_trylock(rspinlock_t *lock) /* Don't allow overflow of recurse_cpu field. */ BUILD_BUG_ON(NR_CPUS > SPINLOCK_NO_CPU); + BUILD_BUG_ON(SPINLOCK_CPU_BITS > sizeof(lock->recurse_cpu) * 8); BUILD_BUG_ON(SPINLOCK_RECURSE_BITS < 3); + BUILD_BUG_ON(SPINLOCK_MAX_RECURSE > ((1u << SPINLOCK_RECURSE_BITS) - 1)); check_lock(&lock->debug, true); diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 3a4092626c..db00a24646 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -8,16 +8,16 @@ #include #include -#define SPINLOCK_CPU_BITS 12 +#define SPINLOCK_CPU_BITS 16 #ifdef CONFIG_DEBUG_LOCKS union lock_debug { - uint16_t val; -#define LOCK_DEBUG_INITVAL 0xffff + uint32_t val; +#define LOCK_DEBUG_INITVAL 0xffffffff struct { - uint16_t cpu:SPINLOCK_CPU_BITS; -#define LOCK_DEBUG_PAD_BITS (14 - SPINLOCK_CPU_BITS) - uint16_t :LOCK_DEBUG_PAD_BITS; + unsigned int cpu:SPINLOCK_CPU_BITS; +#define LOCK_DEBUG_PAD_BITS (30 - SPINLOCK_CPU_BITS) + unsigned int :LOCK_DEBUG_PAD_BITS; bool irq_safe:1; bool unseen:1; }; @@ -211,11 +211,11 @@ typedef struct spinlock { typedef struct rspinlock { spinlock_tickets_t tickets; - uint16_t recurse_cpu:SPINLOCK_CPU_BITS; + uint16_t recurse_cpu; #define SPINLOCK_NO_CPU ((1u << SPINLOCK_CPU_BITS) - 1) -#define SPINLOCK_RECURSE_BITS (16 - SPINLOCK_CPU_BITS) - uint16_t recurse_cnt:SPINLOCK_RECURSE_BITS; -#define SPINLOCK_MAX_RECURSE ((1u << SPINLOCK_RECURSE_BITS) - 1) +#define SPINLOCK_RECURSE_BITS 8 + uint8_t recurse_cnt; +#define SPINLOCK_MAX_RECURSE 15 union lock_debug debug; #ifdef CONFIG_DEBUG_LOCK_PROFILE struct lock_profile *profile; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 22:34:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 22:34:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702059.1096801 (Exim 4.92) (envelope-from ) id 1rtxYy-0001Cg-3w; Mon, 08 Apr 2024 22:34:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702059.1096801; Mon, 08 Apr 2024 22:34:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYy-0001CY-10; Mon, 08 Apr 2024 22:34:04 +0000 Received: by outflank-mailman (input) for mailman id 702059; Mon, 08 Apr 2024 22:34:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYw-0001CH-G1 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxYw-0000r0-FE for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtxYw-0002TO-E3 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LuxjQ+Q+wJOjrwWoJ9W+QnCF/gZtw0demRD/C2nXcck=; b=DtbqsXOuIQCTKJWXnjgHwjHbdW k1Q70xlNd87gaQfTtHdIJLd8sbiEaSe8fw6YUiWPWd1GtEbb7VTADY4l2nVElWqLwYvQkl82etZBO uLRdQMb2RKvAVT426uv+oGZ+1hwX/DRW+bq7qZ7VFrB/AK91ZNylPJtS/9Uon+6C7nmU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/rwlock: raise the number of possible cpus Message-Id: Date: Mon, 08 Apr 2024 22:34:02 +0000 commit 77b219f915c54d6029a370c6208ccb1bb965ee1c Author: Juergen Gross AuthorDate: Mon Apr 8 09:21:41 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:21:41 2024 +0200 xen/rwlock: raise the number of possible cpus The rwlock handling is limiting the number of cpus to 4095 today. The main reason is the use of the atomic_t data type for the main lock handling, which needs 2 bits for the locking state (writer waiting or write locked), 12 bits for the id of a possible writer, and a 12 bit counter for readers. The limit isn't 4096 due to an off by one sanity check. The atomic_t data type is 32 bits wide, so in theory 15 bits for the writer's cpu id and 15 bits for the reader count seem to be fine, but via read_trylock() more readers than cpus are possible. This means that it is possible to raise the number of cpus to 16384 without changing the rwlock_t data structure. In order to avoid the reader count wrapping to zero, don't let read_trylock() succeed in case the highest bit of the reader's count is set already. This leaves enough headroom for non-recursive readers to enter without risking a wrap. While at it calculate _QW_CPUMASK and _QR_SHIFT from _QW_SHIFT and add a sanity check for not overflowing the atomic_t data type. Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- xen/include/xen/rwlock.h | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/xen/include/xen/rwlock.h b/xen/include/xen/rwlock.h index 65d88b0ef4..a2e98cad34 100644 --- a/xen/include/xen/rwlock.h +++ b/xen/include/xen/rwlock.h @@ -23,12 +23,12 @@ typedef struct { #define rwlock_init(l) (*(l) = (rwlock_t)RW_LOCK_UNLOCKED) /* Writer states & reader shift and bias. */ -#define _QW_CPUMASK 0xfffU /* Writer CPU mask */ -#define _QW_SHIFT 12 /* Writer flags shift */ -#define _QW_WAITING (1U << _QW_SHIFT) /* A writer is waiting */ -#define _QW_LOCKED (3U << _QW_SHIFT) /* A writer holds the lock */ -#define _QW_WMASK (3U << _QW_SHIFT) /* Writer mask */ -#define _QR_SHIFT 14 /* Reader count shift */ +#define _QW_SHIFT 14 /* Writer flags shift */ +#define _QW_CPUMASK ((1U << _QW_SHIFT) - 1) /* Writer CPU mask */ +#define _QW_WAITING (1U << _QW_SHIFT) /* A writer is waiting */ +#define _QW_LOCKED (3U << _QW_SHIFT) /* A writer holds the lock */ +#define _QW_WMASK (3U << _QW_SHIFT) /* Writer mask */ +#define _QR_SHIFT (_QW_SHIFT + 2) /* Reader count shift */ #define _QR_BIAS (1U << _QR_SHIFT) void queue_read_lock_slowpath(rwlock_t *lock); @@ -36,14 +36,21 @@ void queue_write_lock_slowpath(rwlock_t *lock); static inline bool _is_write_locked_by_me(unsigned int cnts) { - BUILD_BUG_ON(_QW_CPUMASK < NR_CPUS); + BUILD_BUG_ON((_QW_CPUMASK + 1) < NR_CPUS); + BUILD_BUG_ON(NR_CPUS * _QR_BIAS > INT_MAX); return (cnts & _QW_WMASK) == _QW_LOCKED && (cnts & _QW_CPUMASK) == smp_processor_id(); } static inline bool _can_read_lock(unsigned int cnts) { - return !(cnts & _QW_WMASK) || _is_write_locked_by_me(cnts); + /* + * If write locked by the caller, no other readers are possible. + * Not allowing the lock holder to read_lock() another + * INT_MAX >> _QR_SHIFT times ought to be fine. + */ + return cnts <= INT_MAX && + (!(cnts & _QW_WMASK) || _is_write_locked_by_me(cnts)); } /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 22:34:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 22:34:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702060.1096804 (Exim 4.92) (envelope-from ) id 1rtxZ8-0001Fu-6L; Mon, 08 Apr 2024 22:34:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702060.1096804; Mon, 08 Apr 2024 22:34:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxZ8-0001Fm-3o; Mon, 08 Apr 2024 22:34:14 +0000 Received: by outflank-mailman (input) for mailman id 702060; Mon, 08 Apr 2024 22:34:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxZ6-0001Fa-Jn for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxZ6-0000rF-J0 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtxZ6-0002US-HN for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/8iVaf1L1MF5pq66BZJJsxB9wWXxW0/1fNT0REBApIc=; b=P/ZCQjahZypyR2jnY7NtjQIX8u fTXOakKhWWIAJC0BPjC3p1SRmzNG3SjPulbrOjWcLQfYpCr0JOTyfMreuUCTojkKMyl5BB6MMMP8e Wesi+TXzU6gJ/gArInETDiVcmMrXT/7iQ4jAsF09Bsqm+BPJjA0H0eVUqDFF+/xBV1k0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libelf: Store maximum PHDR p_align Message-Id: Date: Mon, 08 Apr 2024 22:34:12 +0000 commit 4d3b8669d84f3bc39fff4d03ca86e821ae5b257c Author: Jason Andryuk AuthorDate: Mon Apr 8 09:22:28 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:22:28 2024 +0200 libelf: Store maximum PHDR p_align While parsing the PHDRs, store the maximum p_align value. This may be consulted for moving a PVH image's load address. Signed-off-by: Jason Andryuk Acked-by: Jan Beulich --- xen/common/libelf/libelf-loader.c | 5 +++++ xen/include/xen/libelf.h | 1 + 2 files changed, 6 insertions(+) diff --git a/xen/common/libelf/libelf-loader.c b/xen/common/libelf/libelf-loader.c index 629cc0d3e6..e571ea670e 100644 --- a/xen/common/libelf/libelf-loader.c +++ b/xen/common/libelf/libelf-loader.c @@ -468,6 +468,7 @@ void elf_parse_binary(struct elf_binary *elf) { ELF_HANDLE_DECL(elf_phdr) phdr; uint64_t low = -1, high = 0, paddr, memsz; + uint64_t max_align = 0, palign; unsigned i, count; count = elf_phdr_count(elf); @@ -481,15 +482,19 @@ void elf_parse_binary(struct elf_binary *elf) continue; paddr = elf_uval(elf, phdr, p_paddr); memsz = elf_uval(elf, phdr, p_memsz); + palign = elf_uval(elf, phdr, p_align); elf_msg(elf, "ELF: phdr: paddr=%#" PRIx64 " memsz=%#" PRIx64 "\n", paddr, memsz); if ( low > paddr ) low = paddr; if ( high < paddr + memsz ) high = paddr + memsz; + if ( max_align < palign ) + max_align = palign; } elf->pstart = low; elf->pend = high; + elf->palign = max_align; elf_msg(elf, "ELF: memory: %#" PRIx64 " -> %#" PRIx64 "\n", elf->pstart, elf->pend); } diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h index 1c77e3df31..2d971f958e 100644 --- a/xen/include/xen/libelf.h +++ b/xen/include/xen/libelf.h @@ -196,6 +196,7 @@ struct elf_binary { size_t dest_size; uint64_t pstart; uint64_t pend; + uint64_t palign; uint64_t reloc_offset; uint64_t bsd_symtab_pstart; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 22:34:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 22:34:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702061.1096808 (Exim 4.92) (envelope-from ) id 1rtxZI-0001IY-7t; Mon, 08 Apr 2024 22:34:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702061.1096808; Mon, 08 Apr 2024 22:34:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxZI-0001IQ-5G; Mon, 08 Apr 2024 22:34:24 +0000 Received: by outflank-mailman (input) for mailman id 702061; Mon, 08 Apr 2024 22:34:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxZG-0001ID-Mm for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxZG-0000rS-Lz for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtxZG-0002V9-LC for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uAfXImwPLXEGjtwzf9D39pJ9Lqj0ozAwGUwfPAFFciU=; b=ph3xNDaFtk58v0OiEg66lQfZHD 1BCt3ezlA4Rv1rdHrXRoo+S9MxH3hPCyPf13nd+XwGt0LVd1nRaB+yTez0720fu1d/LvKFfTPoXT9 5DFdB7NCC+dqlGIj+FyL4OUwT12qGqEz8TN7KlSsYBZa8dttVm3yia7fZLknH3vmVSpo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/PVH: Support relocatable dom0 kernels Message-Id: Date: Mon, 08 Apr 2024 22:34:22 +0000 commit dfc9fab003785fc533e1e3190e19ddc3101da442 Author: Jason Andryuk AuthorDate: Mon Apr 8 09:22:56 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:22:56 2024 +0200 x86/PVH: Support relocatable dom0 kernels Xen tries to load a PVH dom0 kernel at the fixed guest physical address from the elf headers. For Linux, this defaults to 0x1000000 (16MB), but it can be configured. Unfortunately there exist firmwares that have reserved regions at this address, so Xen fails to load the dom0 kernel since it's not RAM. The PVH entry code is not relocatable - it loads from absolute addresses, which fail when the kernel is loaded at a different address. With a suitably modified kernel, a reloctable entry point is possible. Add XEN_ELFNOTE_PHYS32_RELOC which specifies optional alignment, minimum, and maximum addresses needed for the kernel. The presence of the NOTE indicates the kernel supports a relocatable entry path. Change the loading to check for an acceptable load address. If the kernel is relocatable, support finding an alternate load address. The primary motivation for an explicit align field is that Linux has a configurable CONFIG_PHYSICAL_ALIGN field. This value is present in the bzImage setup header, but not the ELF program headers p_align, which report 2MB even when CONFIG_PHYSICAL_ALIGN is greater. Since a kernel is only considered relocatable if the PHYS32_RELOC elf note is present, the alignment contraints can just be specified within the note instead of searching for an alignment value via a heuristic. Load alignment uses the PHYS32_RELOC note value if specified. Otherwise, the maxmum ELF PHDR p_align value is selected if greater than or equal to PAGE_SIZE. Finally, the fallback default is 2MB. libelf-private.h includes common-macros.h to satisfy the fuzzer build. Link: https://gitlab.com/xen-project/xen/-/issues/180 Signed-off-by: Jason Andryuk Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/dom0_build.c | 108 +++++++++++++++++++++++++++++++++++++ xen/common/libelf/libelf-dominfo.c | 35 ++++++++++++ xen/common/libelf/libelf-private.h | 1 + xen/include/public/elfnote.h | 20 ++++++- xen/include/xen/libelf.h | 4 ++ 5 files changed, 167 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index 0ceda4140b..d158f4d241 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -537,6 +537,111 @@ static paddr_t __init find_memory( return INVALID_PADDR; } +static bool __init check_load_address( + const struct domain *d, const struct elf_binary *elf) +{ + paddr_t kernel_start = (uintptr_t)elf->dest_base; + paddr_t kernel_end = kernel_start + elf->dest_size; + unsigned int i; + + /* Relies on a sorted memory map with adjacent entries merged. */ + for ( i = 0; i < d->arch.nr_e820; i++ ) + { + paddr_t start = d->arch.e820[i].addr; + paddr_t end = start + d->arch.e820[i].size; + + if ( start >= kernel_end ) + return false; + + if ( d->arch.e820[i].type == E820_RAM && + start <= kernel_start && + end >= kernel_end ) + return true; + } + + return false; +} + +/* Find an e820 RAM region that fits the kernel at a suitable alignment. */ +static paddr_t __init find_kernel_memory( + const struct domain *d, struct elf_binary *elf, + const struct elf_dom_parms *parms) +{ + paddr_t kernel_size = elf->dest_size; + unsigned int align; + int i; + + if ( parms->phys_align != UNSET_ADDR32 ) + align = parms->phys_align; + else if ( elf->palign >= PAGE_SIZE ) + align = elf->palign; + else + align = MB(2); + + /* Search backwards to find the highest address. */ + for ( i = d->arch.nr_e820 - 1; i >= 0 ; i-- ) + { + paddr_t start = d->arch.e820[i].addr; + paddr_t end = start + d->arch.e820[i].size; + paddr_t kstart, kend; + + if ( d->arch.e820[i].type != E820_RAM || + d->arch.e820[i].size < kernel_size ) + continue; + + if ( start > parms->phys_max ) + continue; + + if ( end - 1 > parms->phys_max ) + end = parms->phys_max + 1; + + kstart = (end - kernel_size) & ~(align - 1); + kend = kstart + kernel_size; + + if ( kstart < parms->phys_min ) + return 0; + + if ( kstart >= start && kend <= end ) + return kstart; + } + + return 0; +} + +/* Check the kernel load address, and adjust if necessary and possible. */ +static bool __init check_and_adjust_load_address( + const struct domain *d, struct elf_binary *elf, struct elf_dom_parms *parms) +{ + paddr_t reloc_base; + + if ( check_load_address(d, elf) ) + return true; + + if ( !parms->phys_reloc ) + { + printk("%pd kernel: Address conflict and not relocatable\n", d); + return false; + } + + reloc_base = find_kernel_memory(d, elf, parms); + if ( !reloc_base ) + { + printk("%pd kernel: Failed find a load address\n", d); + return false; + } + + if ( opt_dom0_verbose ) + printk("%pd kernel: Moving [%p, %p] -> [%"PRIpaddr", %"PRIpaddr"]\n", d, + elf->dest_base, elf->dest_base + elf->dest_size - 1, + reloc_base, reloc_base + elf->dest_size - 1); + + parms->phys_entry = + reloc_base + (parms->phys_entry - (uintptr_t)elf->dest_base); + elf->dest_base = (char *)reloc_base; + + return true; +} + static int __init pvh_load_kernel(struct domain *d, const module_t *image, unsigned long image_headroom, module_t *initrd, void *image_base, @@ -585,6 +690,9 @@ static int __init pvh_load_kernel(struct domain *d, const module_t *image, elf.dest_base = (void *)(parms.virt_kstart - parms.virt_base); elf.dest_size = parms.virt_kend - parms.virt_kstart; + if ( !check_and_adjust_load_address(d, &elf, &parms) ) + return -ENOSPC; + elf_set_vcpu(&elf, v); rc = elf_load_binary(&elf); if ( rc < 0 ) diff --git a/xen/common/libelf/libelf-dominfo.c b/xen/common/libelf/libelf-dominfo.c index 0cdb419b8a..260294d0ed 100644 --- a/xen/common/libelf/libelf-dominfo.c +++ b/xen/common/libelf/libelf-dominfo.c @@ -17,6 +17,14 @@ #include "libelf-private.h" +#if defined(__i386__) || defined(__x86_64__) +#define ARCH_PHYS_MIN_DEFAULT 0 +#define ARCH_PHYS_MAX_DEFAULT (GB(4) - 1) +#else +#define ARCH_PHYS_MIN_DEFAULT 0 +#define ARCH_PHYS_MAX_DEFAULT 0 +#endif + /* ------------------------------------------------------------------------ */ /* xen features */ @@ -125,6 +133,7 @@ elf_errorstatus elf_xen_parse_note(struct elf_binary *elf, [XEN_ELFNOTE_SUSPEND_CANCEL] = { "SUSPEND_CANCEL", ELFNOTE_INT }, [XEN_ELFNOTE_MOD_START_PFN] = { "MOD_START_PFN", ELFNOTE_INT }, [XEN_ELFNOTE_PHYS32_ENTRY] = { "PHYS32_ENTRY", ELFNOTE_INT }, + [XEN_ELFNOTE_PHYS32_RELOC] = { "PHYS32_RELOC", ELFNOTE_NAME }, }; /* *INDENT-ON* */ @@ -132,6 +141,7 @@ elf_errorstatus elf_xen_parse_note(struct elf_binary *elf, uint64_t val = 0; unsigned int i; unsigned type = elf_uval(elf, note, type); + unsigned descsz = elf_uval(elf, note, descsz); if ( (type >= sizeof(note_desc) / sizeof(note_desc[0])) || (note_desc[type].name == NULL) ) @@ -228,6 +238,27 @@ elf_errorstatus elf_xen_parse_note(struct elf_binary *elf, case XEN_ELFNOTE_PHYS32_ENTRY: parms->phys_entry = val; break; + + case XEN_ELFNOTE_PHYS32_RELOC: + parms->phys_reloc = true; + + if ( descsz >= 4 ) + { + parms->phys_align = elf_note_numeric_array(elf, note, 4, 0); + elf_msg(elf, " align: %#"PRIx32, parms->phys_align); + } + if ( descsz >= 8 ) + { + parms->phys_min = elf_note_numeric_array(elf, note, 4, 1); + elf_msg(elf, " min: %#"PRIx32, parms->phys_min); + } + if ( descsz >= 12 ) + { + parms->phys_max = elf_note_numeric_array(elf, note, 4, 2); + elf_msg(elf, " max: %#"PRIx32, parms->phys_max); + } + + break; } if ( note_desc[type].type == ELFNOTE_NAME) @@ -543,6 +574,10 @@ elf_errorstatus elf_xen_parse(struct elf_binary *elf, parms->p2m_base = UNSET_ADDR; parms->elf_paddr_offset = UNSET_ADDR; parms->phys_entry = UNSET_ADDR32; + parms->phys_align = UNSET_ADDR32; + parms->phys_min = ARCH_PHYS_MIN_DEFAULT; + parms->phys_max = ARCH_PHYS_MAX_DEFAULT; + parms->phys_reloc = false; /* Find and parse elf notes. */ count = elf_phdr_count(elf); diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h index 47db679966..98cac65bc5 100644 --- a/xen/common/libelf/libelf-private.h +++ b/xen/common/libelf/libelf-private.h @@ -71,6 +71,7 @@ #endif #include #include +#include #ifndef FUZZ_NO_LIBXC #include "xenctrl.h" diff --git a/xen/include/public/elfnote.h b/xen/include/public/elfnote.h index 1d84b05f44..2fd8f1b770 100644 --- a/xen/include/public/elfnote.h +++ b/xen/include/public/elfnote.h @@ -196,10 +196,28 @@ */ #define XEN_ELFNOTE_PHYS32_ENTRY 18 +/* + * Physical loading constraints for PVH kernels + * + * The presence of this note indicates the kernel supports relocating itself. + * + * The note may include up to three 32bit values to place constraints on the + * guest physical loading addresses and alignment for a PVH kernel. Values + * are read in the following order: + * - a required start alignment (default 0x200000) + * - a minimum address for the start of the image (default 0; see below) + * - a maximum address for the last byte of the image (default 0xffffffff) + * + * When this note specifies an alignment value, it is used. Otherwise the + * maximum p_align value from loadable ELF Program Headers is used, if it is + * greater than or equal to 4k (0x1000). Otherwise, the default is used. + */ +#define XEN_ELFNOTE_PHYS32_RELOC 19 + /* * The number of the highest elfnote defined. */ -#define XEN_ELFNOTE_MAX XEN_ELFNOTE_PHYS32_ENTRY +#define XEN_ELFNOTE_MAX XEN_ELFNOTE_PHYS32_RELOC /* * System information exported through crash notes. diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h index 2d971f958e..9ac530acc2 100644 --- a/xen/include/xen/libelf.h +++ b/xen/include/xen/libelf.h @@ -426,6 +426,7 @@ struct elf_dom_parms { enum xen_pae_type pae; bool bsd_symtab; bool unmapped_initrd; + bool phys_reloc; uint64_t virt_base; uint64_t virt_entry; uint64_t virt_hypercall; @@ -435,6 +436,9 @@ struct elf_dom_parms { uint32_t f_supported[XENFEAT_NR_SUBMAPS]; uint32_t f_required[XENFEAT_NR_SUBMAPS]; uint32_t phys_entry; + uint32_t phys_align; + uint32_t phys_min; + uint32_t phys_max; /* calculated */ uint64_t virt_kstart; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 08 22:34:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 08 Apr 2024 22:34:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702062.1096813 (Exim 4.92) (envelope-from ) id 1rtxZS-0001L1-9V; Mon, 08 Apr 2024 22:34:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702062.1096813; Mon, 08 Apr 2024 22:34:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxZS-0001Ku-6h; Mon, 08 Apr 2024 22:34:34 +0000 Received: by outflank-mailman (input) for mailman id 702062; Mon, 08 Apr 2024 22:34:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxZQ-0001Kj-PU for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtxZQ-0000tU-Ok for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtxZQ-0002WB-O3 for xen-changelog@lists.xenproject.org; Mon, 08 Apr 2024 22:34:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8hk8dgb+0qi/JWYXtUJRRWipvccwJUbU3reYom2OEpE=; b=MDu8emWdlZz1ynYjLEBQWuEiPH Q4Am70yHt6saVIb00q9huL4oDO4FZUSuXd2PB+71fmSv2wA0Jp/ro0M8tfduO3qYdNwyCm+xiQoPs J3QghWcmRi7JI1Zmuqo+c0dxTm3ATyp/YRtMBixScn5kjdV6w3bl4FdDKDWZAU3eI8go=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/compiler: address violation of MISRA C Rule 20.9 Message-Id: Date: Mon, 08 Apr 2024 22:34:32 +0000 commit c079823df64c98dd7bb40fe77d9ef410e85a7624 Author: Nicola Vetrini AuthorDate: Mon Apr 8 09:23:15 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 8 09:23:15 2024 +0200 xen/compiler: address violation of MISRA C Rule 20.9 The rule states: "All identifiers used in the controlling expression of #if or #elif preprocessing directives shall be #define'd before evaluation". In this case, using defined(identifier) is a MISRA-compliant way to achieve the same effect. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/include/xen/compiler.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/xen/compiler.h b/xen/include/xen/compiler.h index fc87a2edad..179ff23e62 100644 --- a/xen/include/xen/compiler.h +++ b/xen/include/xen/compiler.h @@ -30,7 +30,7 @@ #define __weak __attribute__((__weak__)) -#if !CONFIG_CC_IS_CLANG || CONFIG_CLANG_VERSION >= 140000 +#if !defined(CONFIG_CC_IS_CLANG) || CONFIG_CLANG_VERSION >= 140000 # define nocall __attribute__((__error__("Nonstandard ABI"))) #else # define nocall -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 00:22:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 00:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702099.1096907 (Exim 4.92) (envelope-from ) id 1rtzFV-0003OK-4E; Tue, 09 Apr 2024 00:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702099.1096907; Tue, 09 Apr 2024 00:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtzFV-0003OC-1i; Tue, 09 Apr 2024 00:22:05 +0000 Received: by outflank-mailman (input) for mailman id 702099; Tue, 09 Apr 2024 00:22:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtzFT-0003O6-Li for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 00:22:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rtzFT-0003ZF-JF for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 00:22:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rtzFT-0000HW-Hr for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 00:22:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E5Ztofbycp64NyPfvFuKG180/wc2tmKkVUYz7hgMesM=; b=WM6dcNoFD54TRBqjwhaJCtZy+S Eg42eAGAl/9yKqsIYuxYCXkA/A4IBmvPswVKRrI4cJOBfxErHz1XFI/922FcxjVV81yLiXlQ2ooZ+ xs5oKshsqZcDLsr45ZmJBSin7lLxOF/g4jIhOyuLzN6274hq4YwM7rLrFoAyWrRZH9ls=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] drivers: char: Enable OMAP UART driver for TI K3 devices Message-Id: Date: Tue, 09 Apr 2024 00:22:03 +0000 commit 672b26b66ebb5ff3d28c573a6545a08020b27495 Author: Vaishnav Achath AuthorDate: Mon Apr 8 20:33:17 2024 +0530 Commit: Stefano Stabellini CommitDate: Mon Apr 8 17:18:26 2024 -0700 drivers: char: Enable OMAP UART driver for TI K3 devices TI K3 devices (J721E, J721S2, AM62X .etc) have the same variant of UART as OMAP4. Add the compatible used in Linux device tree, "ti,am654-uart" to the OMAP UART dt_match so that the driver can be used with these devices. Also, enable the driver for ARM64 platforms. Signed-off-by: Vaishnav Achath Reviewed-by: Michal Orzel --- xen/drivers/char/Kconfig | 2 +- xen/drivers/char/omap-uart.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/drivers/char/Kconfig b/xen/drivers/char/Kconfig index e18ec3788c..3f836ab301 100644 --- a/xen/drivers/char/Kconfig +++ b/xen/drivers/char/Kconfig @@ -55,7 +55,7 @@ config HAS_EXYNOS4210 config HAS_OMAP bool "Texas Instruments OMAP UART driver" default y - depends on ARM_32 + depends on ARM help This selects the Texas Instruments OMAP UART. If you have a Texas Instruments based CPU, say Y. diff --git a/xen/drivers/char/omap-uart.c b/xen/drivers/char/omap-uart.c index f4368c158c..03b5b66e7a 100644 --- a/xen/drivers/char/omap-uart.c +++ b/xen/drivers/char/omap-uart.c @@ -372,6 +372,7 @@ static int __init omap_uart_init(struct dt_device_node *dev, static const struct dt_device_match omap_uart_dt_match[] __initconst = { DT_MATCH_COMPATIBLE("ti,omap4-uart"), + DT_MATCH_COMPATIBLE("ti,am654-uart"), { /* sentinel */ }, }; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:11:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:11:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702374.1097353 (Exim 4.92) (envelope-from ) id 1ruAJd-00022k-Fx; Tue, 09 Apr 2024 12:11:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702374.1097353; Tue, 09 Apr 2024 12:11:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAJd-00022c-CZ; Tue, 09 Apr 2024 12:11:05 +0000 Received: by outflank-mailman (input) for mailman id 702374; Tue, 09 Apr 2024 12:11:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAJc-00022W-7G for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAJc-0007iB-4y for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruAJc-0005p7-3x for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6SygYsIily6k+nWmYoOpRPYN+92511p6cx+LKsD+eDE=; b=ixnl/kWZCBUu8hVgVM33gjyhXf FFvGiPh5oGBdph4FKnpInD751Iu57oPhm0m6sQyWANqMEPfGQH1XFdDikBLNMaRcOEKOoFtCNNRhz r695ESM+MIjVLt+IHIi+59xxN9/k3XTXwyJ8MjHY1JBJJM8Hw3Dza9B7U3IzvkSBh2jg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Message-Id: Date: Tue, 09 Apr 2024 12:11:04 +0000 commit 6a98383b0877bb66ebfe189da43bf81abe3d7909 Author: Jan Beulich AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:49:40 2024 +0100 x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Hypercalls in particular can be the subject of continuations, and logic there checks updated state against incoming register values. If the guest manufactured a suitable argument register with a non-zero upper half before entering compatibility mode and issuing a hypercall from there, checks in hypercall_xlat_continuation() might trip. Since for HVM we want to also be sure to not hit a corner case in the emulator, initiate the clipping right from the top of {svm,vmx}_vmexit_handler(). Also rename the invoked function, as it no longer does only invalidation of fields. Note that architecturally the upper halves of registers are undefined after a switch between compatibility and 64-bit mode (either direction). Hence once having entered compatibility mode, the guest can't assume the upper half of any register to retain its value. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/hvm/svm/svm.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 6 +++++- xen/arch/x86/include/asm/hvm/hvm.h | 18 +++++++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 6a47c5915c..a745acd903 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2546,7 +2546,8 @@ void asmlinkage svm_vmexit_handler(void) regs->rsp = vmcb->rsp; regs->rflags = vmcb->rflags; - hvm_invalidate_regs_fields(regs); + hvm_sanitize_regs_fields( + regs, !(vmcb_get_efer(vmcb) & EFER_LMA) || !(vmcb->cs.l)); if ( paging_mode_hap(v->domain) ) v->arch.hvm.guest_cr[3] = v->arch.hvm.hw_cr[3] = vmcb_get_cr3(vmcb); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 23bdf0d195..319a37b745 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -4033,6 +4033,7 @@ static void undo_nmis_unblocked_by_iret(void) void asmlinkage vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; + unsigned long cs_ar_bytes = 0; unsigned int vector = 0; struct vcpu *v = current; struct domain *currd = v->domain; @@ -4041,7 +4042,10 @@ void asmlinkage vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(GUEST_RSP, ®s->rsp); __vmread(GUEST_RFLAGS, ®s->rflags); - hvm_invalidate_regs_fields(regs); + if ( hvm_long_mode_active(v) ) + __vmread(GUEST_CS_AR_BYTES, &cs_ar_bytes); + + hvm_sanitize_regs_fields(regs, !(cs_ar_bytes & X86_SEG_AR_CS_LM_ACTIVE)); if ( paging_mode_hap(v->domain) ) { diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 87a6935d97..595253babe 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -569,8 +569,24 @@ static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) ? alternative_call(hvm_funcs.get_insn_bytes, v, buf) : 0); } -static inline void hvm_invalidate_regs_fields(struct cpu_user_regs *regs) +static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, + bool compat) { + if ( compat ) + { + /* Clear GPR upper halves, to counteract guests playing games. */ + regs->rbp = (uint32_t)regs->ebp; + regs->rbx = (uint32_t)regs->ebx; + regs->rax = (uint32_t)regs->eax; + regs->rcx = (uint32_t)regs->ecx; + regs->rdx = (uint32_t)regs->edx; + regs->rsi = (uint32_t)regs->esi; + regs->rdi = (uint32_t)regs->edi; + regs->rip = (uint32_t)regs->eip; + regs->rflags = (uint32_t)regs->eflags; + regs->rsp = (uint32_t)regs->esp; + } + #ifndef NDEBUG regs->error_code = 0xbeef; regs->entry_vector = 0xbeef; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:11:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:11:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702375.1097356 (Exim 4.92) (envelope-from ) id 1ruAJn-00024n-Go; Tue, 09 Apr 2024 12:11:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702375.1097356; Tue, 09 Apr 2024 12:11:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAJn-00024f-E6; Tue, 09 Apr 2024 12:11:15 +0000 Received: by outflank-mailman (input) for mailman id 702375; Tue, 09 Apr 2024 12:11:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAJm-00024X-Af for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAJm-0007iW-9p for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruAJm-0005pk-77 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jlZ2BiErEjN1SCzPFnPsRTsMvqlkWbU6+yaBAxYhwWM=; b=jpP6Ca922FSetbruT46CJyMm7P cIsFqiVcqbPAc4txrlpJSCJ3a2qU8a8N1zJk1MDC39l9Ax03iSOa+mG0WlI6Vp8JN0w1VcIgZBupo hCdpIljEqKtbjj9VzsH0YnIrsDFSskXbq2EMCSWJ3ASCHEIIf5GMt9pomYdQoKDsaHlY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] hypercall_xlat_continuation: Replace BUG_ON with domain_crash Message-Id: Date: Tue, 09 Apr 2024 12:11:14 +0000 commit 9926e692c4afc40bcd66f8416ff6a1e93ce402f6 Author: Bjoern Doebel AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:49:40 2024 +0100 hypercall_xlat_continuation: Replace BUG_ON with domain_crash Instead of crashing the host in case of unexpected hypercall parameters, resort to only crashing the calling domain. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Bjoern Doebel Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/hypercall.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 133e9f221c..d292376b19 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -142,8 +142,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + domain_crash(current->domain, + "multicall (op %lu) bogus continuation arg%u (%#lx)\n", + mcs->call.op, i, nval); } else if ( id && *id == i ) { @@ -155,8 +157,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, mcs->call.args[i] = cval; ++rc; } - else - BUG_ON(mcs->call.args[i] != (unsigned int)mcs->call.args[i]); + else if ( mcs->call.args[i] != (unsigned int)mcs->call.args[i] ) + domain_crash(current->domain, + "multicall (op %lu) bad continuation arg%u (%#lx)\n", + mcs->call.op, i, mcs->call.args[i]); } } else @@ -182,8 +186,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + domain_crash(current->domain, + "hypercall (op %u) bogus continuation arg%u (%#lx)\n", + regs->eax, i, nval); } else if ( id && *id == i ) { @@ -195,8 +201,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, *reg = cval; ++rc; } - else - BUG_ON(*reg != (unsigned int)*reg); + else if ( *reg != (unsigned int)*reg ) + domain_crash(current->domain, + "hypercall (op %u) bad continuation arg%u (%#lx)\n", + regs->eax, i, *reg); } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:11:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:11:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702376.1097360 (Exim 4.92) (envelope-from ) id 1ruAJx-00027J-IT; Tue, 09 Apr 2024 12:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702376.1097360; Tue, 09 Apr 2024 12:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAJx-00027C-Fb; Tue, 09 Apr 2024 12:11:25 +0000 Received: by outflank-mailman (input) for mailman id 702376; Tue, 09 Apr 2024 12:11:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAJw-00026z-OT for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAJw-0007ie-Nb for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruAJw-0005qr-Lq for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FGH/0pwKhv/Eiwp8LAYSMza6PQJ2TT8fTTVOiApoBJk=; b=vrqr/mNXcZ7nWMPy+xrfH3E6IS nao/1K5lToRKLIMQXy4+okaW8PpQSxvVzCYH/EVPrnlI59lRfnXCMvrMOs53Ut544cJb/DJcBnb5A fDLgYJrGcPmdZOACLYrsNCtliTqfxXeyng+3NDXAalXQQtK6KcVJ2xA7sCioeGMV2nTU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Message-Id: Date: Tue, 09 Apr 2024 12:11:24 +0000 commit 429a125dba3083fa68e976d408b2ba430a67f0a5 Author: Jan Beulich AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:49 2024 +0100 x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Hypercalls in particular can be the subject of continuations, and logic there checks updated state against incoming register values. If the guest manufactured a suitable argument register with a non-zero upper half before entering compatibility mode and issuing a hypercall from there, checks in hypercall_xlat_continuation() might trip. Since for HVM we want to also be sure to not hit a corner case in the emulator, initiate the clipping right from the top of {svm,vmx}_vmexit_handler(). Also rename the invoked function, as it no longer does only invalidation of fields. Note that architecturally the upper halves of registers are undefined after a switch between compatibility and 64-bit mode (either direction). Hence once having entered compatibility mode, the guest can't assume the upper half of any register to retain its value. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 6a98383b0877bb66ebfe189da43bf81abe3d7909) --- xen/arch/x86/hvm/svm/svm.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 6 +++++- xen/arch/x86/include/asm/hvm/hvm.h | 18 +++++++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index ff991c82cf..c7bf90062f 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2603,7 +2603,8 @@ void svm_vmexit_handler(void) regs->rsp = vmcb->rsp; regs->rflags = vmcb->rflags; - hvm_invalidate_regs_fields(regs); + hvm_sanitize_regs_fields( + regs, !(vmcb_get_efer(vmcb) & EFER_LMA) || !(vmcb->cs.l)); if ( paging_mode_hap(v->domain) ) v->arch.hvm.guest_cr[3] = v->arch.hvm.hw_cr[3] = vmcb_get_cr3(vmcb); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 28dece7c6b..ae2157953a 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -4041,6 +4041,7 @@ static void undo_nmis_unblocked_by_iret(void) void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; + unsigned long cs_ar_bytes = 0; unsigned int vector = 0; struct vcpu *v = current; struct domain *currd = v->domain; @@ -4049,7 +4050,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(GUEST_RSP, ®s->rsp); __vmread(GUEST_RFLAGS, ®s->rflags); - hvm_invalidate_regs_fields(regs); + if ( hvm_long_mode_active(v) ) + __vmread(GUEST_CS_AR_BYTES, &cs_ar_bytes); + + hvm_sanitize_regs_fields(regs, !(cs_ar_bytes & X86_SEG_AR_CS_LM_ACTIVE)); if ( paging_mode_hap(v->domain) ) { diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 6d53713fc3..e5fa682f85 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -579,8 +579,24 @@ static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) ? alternative_call(hvm_funcs.get_insn_bytes, v, buf) : 0); } -static inline void hvm_invalidate_regs_fields(struct cpu_user_regs *regs) +static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, + bool compat) { + if ( compat ) + { + /* Clear GPR upper halves, to counteract guests playing games. */ + regs->rbp = (uint32_t)regs->ebp; + regs->rbx = (uint32_t)regs->ebx; + regs->rax = (uint32_t)regs->eax; + regs->rcx = (uint32_t)regs->ecx; + regs->rdx = (uint32_t)regs->edx; + regs->rsi = (uint32_t)regs->esi; + regs->rdi = (uint32_t)regs->edi; + regs->rip = (uint32_t)regs->eip; + regs->rflags = (uint32_t)regs->eflags; + regs->rsp = (uint32_t)regs->esp; + } + #ifndef NDEBUG regs->error_code = 0xbeef; regs->entry_vector = 0xbeef; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:11:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:11:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702377.1097364 (Exim 4.92) (envelope-from ) id 1ruAK7-0002AE-Jy; Tue, 09 Apr 2024 12:11:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702377.1097364; Tue, 09 Apr 2024 12:11:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAK7-0002A6-HW; Tue, 09 Apr 2024 12:11:35 +0000 Received: by outflank-mailman (input) for mailman id 702377; Tue, 09 Apr 2024 12:11:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAK6-00029y-RZ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAK6-0007io-Qj for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruAK6-0005rO-Pi for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2ujmeK7leDk5dNRO21LrMRgXakMJhJjAHxewTt61BEI=; b=p4UxOP/gUj/1sKuLVUrETS7Gw5 KBimO1KAqeKTZy0czDcBY5h48dLxA4Mg7VuWEVEwcr3U3d87MxppqNjbxsTPSgpfhruYJMG+Hz6f6 rhFzBSvWkltg/RfQ6qr75p6VObjPmObPO7FEsE6GEkZBXLwh2sc1MmEoj7kIkv723zCI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] hypercall_xlat_continuation: Replace BUG_ON with domain_crash Message-Id: Date: Tue, 09 Apr 2024 12:11:34 +0000 commit 1166467ed300d605529aaf7a7d26c8c92defe36a Author: Bjoern Doebel AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:49 2024 +0100 hypercall_xlat_continuation: Replace BUG_ON with domain_crash Instead of crashing the host in case of unexpected hypercall parameters, resort to only crashing the calling domain. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Bjoern Doebel Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 9926e692c4afc40bcd66f8416ff6a1e93ce402f6) --- xen/arch/x86/hypercall.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 01cd73040d..04b5e9874c 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -140,8 +140,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + domain_crash(current->domain, + "multicall (op %lu) bogus continuation arg%u (%#lx)\n", + mcs->call.op, i, nval); } else if ( id && *id == i ) { @@ -153,8 +155,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, mcs->call.args[i] = cval; ++rc; } - else - BUG_ON(mcs->call.args[i] != (unsigned int)mcs->call.args[i]); + else if ( mcs->call.args[i] != (unsigned int)mcs->call.args[i] ) + domain_crash(current->domain, + "multicall (op %lu) bad continuation arg%u (%#lx)\n", + mcs->call.op, i, mcs->call.args[i]); } } else @@ -180,8 +184,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + domain_crash(current->domain, + "hypercall (op %u) bogus continuation arg%u (%#lx)\n", + regs->eax, i, nval); } else if ( id && *id == i ) { @@ -193,8 +199,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, *reg = cval; ++rc; } - else - BUG_ON(*reg != (unsigned int)*reg); + else if ( *reg != (unsigned int)*reg ) + domain_crash(current->domain, + "hypercall (op %u) bad continuation arg%u (%#lx)\n", + regs->eax, i, *reg); } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:11:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:11:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702378.1097367 (Exim 4.92) (envelope-from ) id 1ruAKI-0002D3-LZ; Tue, 09 Apr 2024 12:11:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702378.1097367; Tue, 09 Apr 2024 12:11:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKI-0002Cv-Iz; Tue, 09 Apr 2024 12:11:46 +0000 Received: by outflank-mailman (input) for mailman id 702378; Tue, 09 Apr 2024 12:11:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKH-0002Cm-8I for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKH-0007jD-7W for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruAKH-0005sf-6X for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n/Aw+R18HxJ8nR/NinMMeB6ra5JnRHYdBMx79Ai9Nh4=; b=HJCPwASX9Kvt6JLYcwayIIsP7O TLOhFj1SWcGm1AwJ/AQYYr4MZJfkJBL8NpJEqEqJvH2y+/SrAkVxTYFTt9lc+s5Jzg+m7wdvpbH/A UvVEDqudK+SO0l6z7ysj2pUzv6U2ltVcKtxOFo47M+o/XHorVGrH/oJucz/71hH5r0og=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] arm/alternatives: Rename alt_instr fields which are used in common code Message-Id: Date: Tue, 09 Apr 2024 12:11:45 +0000 commit 4f7656fe8ed94d07f7de9a4274cd2a47675fb178 Author: Andrew Cooper AuthorDate: Sun Apr 16 01:10:43 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:56:55 2024 +0100 arm/alternatives: Rename alt_instr fields which are used in common code Alternatives auditing for livepatches is currently broken. To fix it, the livepatch code needs to inspect more fields of alt_instr. Rename ARM's fields to match x86's, because: * ARM already exposes alt_offset under the repl name via ALT_REPL_PTR(). * "alt" is ambiguous in a structure entirely about alternatives already. * "repl", being the same width as orig leads to slightly neater code. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini (cherry picked from commit 418cf59c4e29451010d7efb3835b900690d19866) --- xen/arch/arm/alternative.c | 6 +++--- xen/arch/arm/include/asm/alternative.h | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/arm/alternative.c b/xen/arch/arm/alternative.c index f03cd943c6..ef98f37417 100644 --- a/xen/arch/arm/alternative.c +++ b/xen/arch/arm/alternative.c @@ -55,7 +55,7 @@ static bool branch_insn_requires_update(const struct alt_instr *alt, return true; replptr = (unsigned long)ALT_REPL_PTR(alt); - if ( pc >= replptr && pc <= (replptr + alt->alt_len) ) + if ( pc >= replptr && pc <= (replptr + alt->repl_len) ) return false; /* @@ -139,9 +139,9 @@ static int __apply_alternatives(const struct alt_region *region, continue; if ( alt->cpufeature == ARM_CB_PATCH ) - BUG_ON(alt->alt_len != 0); + BUG_ON(alt->repl_len != 0); else - BUG_ON(alt->alt_len != alt->orig_len); + BUG_ON(alt->repl_len != alt->orig_len); origptr = ALT_ORIG_PTR(alt); updptr = (void *)origptr + update_offset; diff --git a/xen/arch/arm/include/asm/alternative.h b/xen/arch/arm/include/asm/alternative.h index 1eb4b60fbb..d3210e82f9 100644 --- a/xen/arch/arm/include/asm/alternative.h +++ b/xen/arch/arm/include/asm/alternative.h @@ -13,16 +13,16 @@ struct alt_instr { s32 orig_offset; /* offset to original instruction */ - s32 alt_offset; /* offset to replacement instruction */ + s32 repl_offset; /* offset to replacement instruction */ u16 cpufeature; /* cpufeature bit set for replacement */ u8 orig_len; /* size of original instruction(s) */ - u8 alt_len; /* size of new instruction(s), <= orig_len */ + u8 repl_len; /* size of new instruction(s), <= orig_len */ }; /* Xen: helpers used by common code. */ #define __ALT_PTR(a,f) ((void *)&(a)->f + (a)->f) #define ALT_ORIG_PTR(a) __ALT_PTR(a, orig_offset) -#define ALT_REPL_PTR(a) __ALT_PTR(a, alt_offset) +#define ALT_REPL_PTR(a) __ALT_PTR(a, repl_offset) typedef void (*alternative_cb_t)(const struct alt_instr *alt, const uint32_t *origptr, uint32_t *updptr, @@ -90,12 +90,12 @@ int apply_alternatives(const struct alt_instr *start, const struct alt_instr *en #include #include -.macro altinstruction_entry orig_offset alt_offset feature orig_len alt_len +.macro altinstruction_entry orig_offset repl_offset feature orig_len repl_len .word \orig_offset - . - .word \alt_offset - . + .word \repl_offset - . .hword \feature .byte \orig_len - .byte \alt_len + .byte \repl_len .endm .macro alternative_insn insn1, insn2, cap, enable = 1 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:11:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:11:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702379.1097372 (Exim 4.92) (envelope-from ) id 1ruAKS-0002G4-NI; Tue, 09 Apr 2024 12:11:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702379.1097372; Tue, 09 Apr 2024 12:11:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKS-0002Fw-KW; Tue, 09 Apr 2024 12:11:56 +0000 Received: by outflank-mailman (input) for mailman id 702379; Tue, 09 Apr 2024 12:11:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKR-0002Fd-BQ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKR-0007jL-Ab for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruAKR-0005tG-9h for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:11:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RT0DeAUGnpSLfSQx+soFliXLyPGUQIryiJUXnamN8To=; b=qKgdSkRGR7RHiVWKekIEEoocUm 6Lu3SyjdhuoO1iPCllmLUjblgN/iHPbmFFN/FP5PvsvNGFXedv/q6dhAOya9ye1HZgCoK4JPHeKyV /UD+jN+6RPo6xZOukY1DZyxWHMtr7AqbG10M7Tl0sJCakzLD8zmkR02WAs1Le8WxkoII=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] xen/livepatch: Fix .altinstructions safety checks Message-Id: Date: Tue, 09 Apr 2024 12:11:55 +0000 commit 1601fa5ac1652ff1d4903160f14c44fae2c668b8 Author: Andrew Cooper AuthorDate: Thu Apr 13 20:56:15 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:56:55 2024 +0100 xen/livepatch: Fix .altinstructions safety checks The prior check has && vs || mixups, making it tautologically false and thus providing no safety at all. There are boundary errors too. First start with a comment describing how the .altinstructions and .altinstr_replacement sections interact, and perform suitable cross-checking. Second, rewrite the alt_instr loop entirely from scratch. Origin sites have non-zero size, and must be fully contained within the livepatches .text section(s). Any non-zero sized replacements must be fully contained within the .altinstr_replacement section. Fixes: f8a10174e8b1 ("xsplice: Add support for alternatives") Signed-off-by: Andrew Cooper Reviewed-by: Ross Lagerwall (cherry picked from commit e74360e4ba4a6b6827a44f8b1b22a0ec4311694a) --- xen/common/livepatch.c | 69 +++++++++++++++++++++++++++++++++++++++----- xen/include/xen/elfstructs.h | 2 ++ 2 files changed, 64 insertions(+), 7 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 28c09ddf58..352639c47f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -816,29 +816,84 @@ static int prepare_payload(struct payload *payload, if ( sec ) { #ifdef CONFIG_HAS_ALTERNATIVE + /* + * (As of April 2023), Alternatives are formed of: + * - An .altinstructions section with an array of struct alt_instr's. + * - An .altinstr_replacement section containing instructions. + * + * An individual alt_instr contains: + * - An orig reference, pointing into .text with a nonzero length + * - A repl reference, pointing into .altinstr_replacement + * + * It is legal to have zero-length replacements, meaning it is legal + * for the .altinstr_replacement section to be empty too. An + * implementation detail means that a zero-length replacement's repl + * reference will still be in the .altinstr_replacement section. + */ + const struct livepatch_elf_sec *repl_sec; struct alt_instr *a, *start, *end; if ( !section_ok(elf, sec, sizeof(*a)) ) return -EINVAL; + /* Tolerate an empty .altinstructions section... */ + if ( sec->sec->sh_size == 0 ) + goto alt_done; + + /* ... but otherwise, there needs to be something to alter... */ + if ( payload->text_size == 0 ) + { + printk(XENLOG_ERR LIVEPATCH "%s Alternatives provided, but no .text\n", + elf->name); + return -EINVAL; + } + + /* ... and something to be altered to. */ + repl_sec = livepatch_elf_sec_by_name(elf, ".altinstr_replacement"); + if ( !repl_sec ) + { + printk(XENLOG_ERR LIVEPATCH "%s .altinstructions provided, but no .altinstr_replacement\n", + elf->name); + return -EINVAL; + } + start = sec->load_addr; end = sec->load_addr + sec->sec->sh_size; for ( a = start; a < end; a++ ) { - const void *instr = ALT_ORIG_PTR(a); - const void *replacement = ALT_REPL_PTR(a); + const void *orig = ALT_ORIG_PTR(a); + const void *repl = ALT_REPL_PTR(a); + + /* orig must be fully within .text. */ + if ( orig < payload->text_addr || + a->orig_len > payload->text_size || + orig + a->orig_len > payload->text_addr + payload->text_size ) + { + printk(XENLOG_ERR LIVEPATCH + "%s Alternative orig %p+%#x outside payload text %p+%#zx\n", + elf->name, orig, a->orig_len, + payload->text_addr, payload->text_size); + return -EINVAL; + } - if ( (instr < region->text_start && instr >= region->text_end) || - (replacement < region->text_start && - replacement >= region->text_end) ) + /* + * repl must be fully within .altinstr_replacement, even if the + * replacement and the section happen to both have zero length. + */ + if ( repl < repl_sec->load_addr || + a->repl_len > repl_sec->sec->sh_size || + repl + a->repl_len > repl_sec->load_addr + repl_sec->sec->sh_size ) { - printk(XENLOG_ERR LIVEPATCH "%s Alt patching outside payload: %p\n", - elf->name, instr); + printk(XENLOG_ERR LIVEPATCH + "%s Alternative repl %p+%#x outside .altinstr_replacement %p+%#"PRIxElfWord"\n", + elf->name, repl, a->repl_len, + repl_sec->load_addr, repl_sec->sec->sh_size); return -EINVAL; } } apply_alternatives(start, end); + alt_done:; #else printk(XENLOG_ERR LIVEPATCH "%s: We don't support alternative patching\n", elf->name); diff --git a/xen/include/xen/elfstructs.h b/xen/include/xen/elfstructs.h index 3124469fae..eb6b87a823 100644 --- a/xen/include/xen/elfstructs.h +++ b/xen/include/xen/elfstructs.h @@ -563,6 +563,7 @@ typedef struct { #if defined(ELFSIZE) && (ELFSIZE == 32) #define PRIxElfAddr PRIx32 #define PRIuElfWord PRIu32 +#define PRIxElfWord PRIx32 #define Elf_Ehdr Elf32_Ehdr #define Elf_Phdr Elf32_Phdr @@ -591,6 +592,7 @@ typedef struct { #elif defined(ELFSIZE) && (ELFSIZE == 64) #define PRIxElfAddr PRIx64 #define PRIuElfWord PRIu64 +#define PRIxElfWord PRIx64 #define Elf_Ehdr Elf64_Ehdr #define Elf_Phdr Elf64_Phdr -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:12:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:12:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702380.1097376 (Exim 4.92) (envelope-from ) id 1ruAKc-0002JK-Pt; Tue, 09 Apr 2024 12:12:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702380.1097376; Tue, 09 Apr 2024 12:12:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKc-0002JC-NF; Tue, 09 Apr 2024 12:12:06 +0000 Received: by outflank-mailman (input) for mailman id 702380; Tue, 09 Apr 2024 12:12:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKb-0002J2-Ej for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKb-0007jh-Ds for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruAKb-0005vy-D1 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oR+gJ2UmwCsSHIAc6ENgZdNqvDWW6ipJb6yTFljFYLQ=; b=D9x6fZ3sSuJjAZY+jMzx3IpuH6 7zdKpGTQwsxM5MQRskDTzShzTPte++Rg+j9KNiqeaXM2T9f+totsEfR+favjQTrZEGrt6yEPv+xiL SP1loWolcZbUGjLoa4kWSbjcryUOl8KzedAGm5s/03KIjXDEw685XJGg+m229h9JTIkE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Message-Id: Date: Tue, 09 Apr 2024 12:12:05 +0000 commit 6462418517abb21775ee775a1275459e70b6e5a1 Author: Jan Beulich AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:56:55 2024 +0100 x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Hypercalls in particular can be the subject of continuations, and logic there checks updated state against incoming register values. If the guest manufactured a suitable argument register with a non-zero upper half before entering compatibility mode and issuing a hypercall from there, checks in hypercall_xlat_continuation() might trip. Since for HVM we want to also be sure to not hit a corner case in the emulator, initiate the clipping right from the top of {svm,vmx}_vmexit_handler(). Also rename the invoked function, as it no longer does only invalidation of fields. Note that architecturally the upper halves of registers are undefined after a switch between compatibility and 64-bit mode (either direction). Hence once having entered compatibility mode, the guest can't assume the upper half of any register to retain its value. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 6a98383b0877bb66ebfe189da43bf81abe3d7909) --- xen/arch/x86/hvm/svm/svm.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 6 +++++- xen/arch/x86/include/asm/hvm/hvm.h | 18 +++++++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 3c17464550..35173502bd 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2626,7 +2626,8 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) regs->rsp = vmcb->rsp; regs->rflags = vmcb->rflags; - hvm_invalidate_regs_fields(regs); + hvm_sanitize_regs_fields( + regs, !(vmcb_get_efer(vmcb) & EFER_LMA) || !(vmcb->cs.l)); if ( paging_mode_hap(v->domain) ) v->arch.hvm.guest_cr[3] = v->arch.hvm.hw_cr[3] = vmcb_get_cr3(vmcb); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 35d391d8e5..fed362bc32 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3981,6 +3981,7 @@ static void undo_nmis_unblocked_by_iret(void) void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; + unsigned long cs_ar_bytes = 0; unsigned int vector = 0; struct vcpu *v = current; struct domain *currd = v->domain; @@ -3989,7 +3990,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(GUEST_RSP, ®s->rsp); __vmread(GUEST_RFLAGS, ®s->rflags); - hvm_invalidate_regs_fields(regs); + if ( hvm_long_mode_active(v) ) + __vmread(GUEST_CS_AR_BYTES, &cs_ar_bytes); + + hvm_sanitize_regs_fields(regs, !(cs_ar_bytes & X86_SEG_AR_CS_LM_ACTIVE)); if ( paging_mode_hap(v->domain) ) { diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 93254651f2..d67565dcb9 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -583,8 +583,24 @@ static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) ? alternative_call(hvm_funcs.get_insn_bytes, v, buf) : 0); } -static inline void hvm_invalidate_regs_fields(struct cpu_user_regs *regs) +static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, + bool compat) { + if ( compat ) + { + /* Clear GPR upper halves, to counteract guests playing games. */ + regs->rbp = (uint32_t)regs->ebp; + regs->rbx = (uint32_t)regs->ebx; + regs->rax = (uint32_t)regs->eax; + regs->rcx = (uint32_t)regs->ecx; + regs->rdx = (uint32_t)regs->edx; + regs->rsi = (uint32_t)regs->esi; + regs->rdi = (uint32_t)regs->edi; + regs->rip = (uint32_t)regs->eip; + regs->rflags = (uint32_t)regs->eflags; + regs->rsp = (uint32_t)regs->esp; + } + #ifndef NDEBUG regs->error_code = 0xbeef; regs->entry_vector = 0xbeef; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:12:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:12:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702381.1097380 (Exim 4.92) (envelope-from ) id 1ruAKm-0002Lq-RE; Tue, 09 Apr 2024 12:12:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702381.1097380; Tue, 09 Apr 2024 12:12:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKm-0002Li-Oh; Tue, 09 Apr 2024 12:12:16 +0000 Received: by outflank-mailman (input) for mailman id 702381; Tue, 09 Apr 2024 12:12:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKl-0002LZ-Hb for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKl-0007jp-Go for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruAKl-0005wk-Fv for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=arTy0P71MzPML/yb+C8ruKpgo3WhyE5DewSWOpbZ9Jo=; b=CCDS426HxJc+nSaxFaAfQl3/YY OYnvl8mnMipP7GN2kpkmOdCaHzwKdV81f8POi6lKRBqEJEZCRpcsinBW7AJKKiMu25yZoyQu4nRKA wHtUnSAtmkjBLp5V6380eT7ur+y75/Nn98iEP3HtF3nrMTIBa6wCeRVmvaFw3LSPmeas=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] hypercall_xlat_continuation: Replace BUG_ON with domain_crash Message-Id: Date: Tue, 09 Apr 2024 12:12:15 +0000 commit b8f39fd4d024ea72c586f1afd233f379c6f6230b Author: Bjoern Doebel AuthorDate: Wed Mar 27 18:30:55 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:56:55 2024 +0100 hypercall_xlat_continuation: Replace BUG_ON with domain_crash Instead of crashing the host in case of unexpected hypercall parameters, resort to only crashing the calling domain. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Bjoern Doebel Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 9926e692c4afc40bcd66f8416ff6a1e93ce402f6) --- xen/arch/x86/hypercall.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 6b73cff9b9..382985f5f4 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -152,8 +152,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bogus continuation arg%u (%#lx)\n", + mcs->call.op, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -165,8 +170,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, mcs->call.args[i] = cval; ++rc; } - else - BUG_ON(mcs->call.args[i] != (unsigned int)mcs->call.args[i]); + else if ( mcs->call.args[i] != (unsigned int)mcs->call.args[i] ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bad continuation arg%u (%#lx)\n", + mcs->call.op, i, mcs->call.args[i]); + domain_crash(current->domain); + } } } else @@ -192,8 +202,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bogus continuation arg%u (%#lx)\n", + regs->eax, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -205,8 +220,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, *reg = cval; ++rc; } - else - BUG_ON(*reg != (unsigned int)*reg); + else if ( *reg != (unsigned int)*reg ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bad continuation arg%u (%#lx)\n", + regs->eax, i, *reg); + domain_crash(current->domain); + } } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:12:27 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:12:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702382.1097384 (Exim 4.92) (envelope-from ) id 1ruAKw-0002OZ-Su; Tue, 09 Apr 2024 12:12:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702382.1097384; Tue, 09 Apr 2024 12:12:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKw-0002OR-Q7; Tue, 09 Apr 2024 12:12:26 +0000 Received: by outflank-mailman (input) for mailman id 702382; Tue, 09 Apr 2024 12:12:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKv-0002OL-Uc for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAKv-0007k0-Tr for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruAKv-0005xd-Sa for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZwRVK/hhf9igbGEoRioNIrbUifcAosHUqS5ylsfFr8Y=; b=x7VA1b7uUMi+0idA+4BTW46FKd CfckZD1VBtKY2eLj01nqd+wfyT2H5fziIea/3CqUJa0uHbNtSnGJQx2JmVgj/TyYwR+d4/quKsA3i lVbecAlm8BTOdI5LM70J3kPA1OT3LEt7LDbJ5ho2UlfelsYJt1K05Se/AK6FLMCzafak=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Message-Id: Date: Tue, 09 Apr 2024 12:12:25 +0000 commit 8d6efd087b34127ef9865afc36093617f15080b6 Author: Jan Beulich AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:36 2024 +0100 x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Hypercalls in particular can be the subject of continuations, and logic there checks updated state against incoming register values. If the guest manufactured a suitable argument register with a non-zero upper half before entering compatibility mode and issuing a hypercall from there, checks in hypercall_xlat_continuation() might trip. Since for HVM we want to also be sure to not hit a corner case in the emulator, initiate the clipping right from the top of {svm,vmx}_vmexit_handler(). Also rename the invoked function, as it no longer does only invalidation of fields. Note that architecturally the upper halves of registers are undefined after a switch between compatibility and 64-bit mode (either direction). Hence once having entered compatibility mode, the guest can't assume the upper half of any register to retain its value. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 6a98383b0877bb66ebfe189da43bf81abe3d7909) --- xen/arch/x86/hvm/svm/svm.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 6 +++++- xen/include/asm-x86/hvm/hvm.h | 18 +++++++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index ba4069f910..ef97926012 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2593,7 +2593,8 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) regs->rsp = vmcb->rsp; regs->rflags = vmcb->rflags; - hvm_invalidate_regs_fields(regs); + hvm_sanitize_regs_fields( + regs, !(vmcb_get_efer(vmcb) & EFER_LMA) || !(vmcb->cs.l)); if ( paging_mode_hap(v->domain) ) v->arch.hvm.guest_cr[3] = v->arch.hvm.hw_cr[3] = vmcb_get_cr3(vmcb); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 6c35812d05..54cb0553c2 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3939,6 +3939,7 @@ static int vmx_handle_apic_write(void) void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; + unsigned long cs_ar_bytes = 0; unsigned int vector = 0, mode; struct vcpu *v = current; struct domain *currd = v->domain; @@ -3947,7 +3948,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(GUEST_RSP, ®s->rsp); __vmread(GUEST_RFLAGS, ®s->rflags); - hvm_invalidate_regs_fields(regs); + if ( hvm_long_mode_active(v) ) + __vmread(GUEST_CS_AR_BYTES, &cs_ar_bytes); + + hvm_sanitize_regs_fields(regs, !(cs_ar_bytes & X86_SEG_AR_CS_LM_ACTIVE)); if ( paging_mode_hap(v->domain) ) { diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index 45b6ebecdc..30eb6559d2 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -579,8 +579,24 @@ static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) ? alternative_call(hvm_funcs.get_insn_bytes, v, buf) : 0); } -static inline void hvm_invalidate_regs_fields(struct cpu_user_regs *regs) +static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, + bool compat) { + if ( compat ) + { + /* Clear GPR upper halves, to counteract guests playing games. */ + regs->rbp = (uint32_t)regs->ebp; + regs->rbx = (uint32_t)regs->ebx; + regs->rax = (uint32_t)regs->eax; + regs->rcx = (uint32_t)regs->ecx; + regs->rdx = (uint32_t)regs->edx; + regs->rsi = (uint32_t)regs->esi; + regs->rdi = (uint32_t)regs->edi; + regs->rip = (uint32_t)regs->eip; + regs->rflags = (uint32_t)regs->eflags; + regs->rsp = (uint32_t)regs->esp; + } + #ifndef NDEBUG regs->error_code = 0xbeef; regs->entry_vector = 0xbeef; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:12:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:12:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702383.1097388 (Exim 4.92) (envelope-from ) id 1ruAL6-0002RD-UF; Tue, 09 Apr 2024 12:12:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702383.1097388; Tue, 09 Apr 2024 12:12:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAL6-0002R3-Rc; Tue, 09 Apr 2024 12:12:36 +0000 Received: by outflank-mailman (input) for mailman id 702383; Tue, 09 Apr 2024 12:12:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAL6-0002Qt-1E for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruAL6-0007k8-0V for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruAL5-0005y6-Vy for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rFHH5nYmOocO9Rojotlm92G2nvSnFH7+BtXy2q6rsc0=; b=AUcLKyZx8bLig92RRrGmerEJ1h RwT/SPv6LABtokWip6VKFVNb7bJ5yGpkM4IR6gtDNar6d8qcj6FRNUvF+obuXOW9Ir/ND4t0vI7M3 fue3qwz9gx8dLfNRmcexa1f6Y10cBy0n07RK7x8CHniZ69+JUldONKNnv0tHh+F6Qwv4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] hypercall_xlat_continuation: Replace BUG_ON with domain_crash Message-Id: Date: Tue, 09 Apr 2024 12:12:35 +0000 commit 9c7c50969fa6c7b1e2d24c2c9dfe528079d72df2 Author: Bjoern Doebel AuthorDate: Wed Mar 27 18:30:55 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:36 2024 +0100 hypercall_xlat_continuation: Replace BUG_ON with domain_crash Instead of crashing the host in case of unexpected hypercall parameters, resort to only crashing the calling domain. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Bjoern Doebel Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 9926e692c4afc40bcd66f8416ff6a1e93ce402f6) --- xen/arch/x86/hypercall.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 2370d31d3f..159e5c630e 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -211,8 +211,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bogus continuation arg%u (%#lx)\n", + mcs->call.op, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -224,8 +229,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, mcs->call.args[i] = cval; ++rc; } - else - BUG_ON(mcs->call.args[i] != (unsigned int)mcs->call.args[i]); + else if ( mcs->call.args[i] != (unsigned int)mcs->call.args[i] ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bad continuation arg%u (%#lx)\n", + mcs->call.op, i, mcs->call.args[i]); + domain_crash(current->domain); + } } } else @@ -251,8 +261,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bogus continuation arg%u (%#lx)\n", + regs->eax, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -264,8 +279,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, *reg = cval; ++rc; } - else - BUG_ON(*reg != (unsigned int)*reg); + else if ( *reg != (unsigned int)*reg ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bad continuation arg%u (%#lx)\n", + regs->eax, i, *reg); + domain_crash(current->domain); + } } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:12:48 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:12:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702384.1097391 (Exim 4.92) (envelope-from ) id 1ruALH-0002U9-VY; Tue, 09 Apr 2024 12:12:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702384.1097391; Tue, 09 Apr 2024 12:12:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruALH-0002U2-T7; Tue, 09 Apr 2024 12:12:47 +0000 Received: by outflank-mailman (input) for mailman id 702384; Tue, 09 Apr 2024 12:12:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruALG-0002Ta-Fz for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruALG-0007kb-FG for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruALG-0005zA-Da for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=28YtsCvo454mq//77Op9ytWFLlpTErRDmftet8eoJs8=; b=CoVzFybNsN1/5+2luxWSTb5J7V SZtG0KRBA7T2mzWFe3C4xOfbEQwBxQALfoQm6DF1Upf6BBwzFxw84jDwgPdI5aUO0yO7yTSivLR16 SME9g3npoTRD7By7pSeBnDlD0sbbqZrzBOPrHE5egDZ2G+RPDb45cUvuaDnI71kx6LnA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Message-Id: Date: Tue, 09 Apr 2024 12:12:46 +0000 commit 1a41979210b7d276824dc4660f4f58a1d6dea3ca Author: Jan Beulich AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:25 2024 +0100 x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Hypercalls in particular can be the subject of continuations, and logic there checks updated state against incoming register values. If the guest manufactured a suitable argument register with a non-zero upper half before entering compatibility mode and issuing a hypercall from there, checks in hypercall_xlat_continuation() might trip. Since for HVM we want to also be sure to not hit a corner case in the emulator, initiate the clipping right from the top of {svm,vmx}_vmexit_handler(). Also rename the invoked function, as it no longer does only invalidation of fields. Note that architecturally the upper halves of registers are undefined after a switch between compatibility and 64-bit mode (either direction). Hence once having entered compatibility mode, the guest can't assume the upper half of any register to retain its value. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 6a98383b0877bb66ebfe189da43bf81abe3d7909) --- xen/arch/x86/hvm/svm/svm.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 6 +++++- xen/include/asm-x86/hvm/hvm.h | 18 +++++++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index ba17bfe97a..0cc5e07f46 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2592,7 +2592,8 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) regs->rsp = vmcb->rsp; regs->rflags = vmcb->rflags; - hvm_invalidate_regs_fields(regs); + hvm_sanitize_regs_fields( + regs, !(vmcb_get_efer(vmcb) & EFER_LMA) || !(vmcb->cs.l)); if ( paging_mode_hap(v->domain) ) v->arch.hvm.guest_cr[3] = v->arch.hvm.hw_cr[3] = vmcb_get_cr3(vmcb); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 54023a9258..8bb4a6e042 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3932,6 +3932,7 @@ static int vmx_handle_apic_write(void) void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; + unsigned long cs_ar_bytes = 0; unsigned int vector = 0, mode; struct vcpu *v = current; struct domain *currd = v->domain; @@ -3940,7 +3941,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(GUEST_RSP, ®s->rsp); __vmread(GUEST_RFLAGS, ®s->rflags); - hvm_invalidate_regs_fields(regs); + if ( hvm_long_mode_active(v) ) + __vmread(GUEST_CS_AR_BYTES, &cs_ar_bytes); + + hvm_sanitize_regs_fields(regs, !(cs_ar_bytes & X86_SEG_AR_CS_LM_ACTIVE)); if ( paging_mode_hap(v->domain) ) { diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index b8dc445550..8e7a6b922d 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -564,8 +564,24 @@ static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) ? alternative_call(hvm_funcs.get_insn_bytes, v, buf) : 0); } -static inline void hvm_invalidate_regs_fields(struct cpu_user_regs *regs) +static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, + bool compat) { + if ( compat ) + { + /* Clear GPR upper halves, to counteract guests playing games. */ + regs->rbp = (uint32_t)regs->ebp; + regs->rbx = (uint32_t)regs->ebx; + regs->rax = (uint32_t)regs->eax; + regs->rcx = (uint32_t)regs->ecx; + regs->rdx = (uint32_t)regs->edx; + regs->rsi = (uint32_t)regs->esi; + regs->rdi = (uint32_t)regs->edi; + regs->rip = (uint32_t)regs->eip; + regs->rflags = (uint32_t)regs->eflags; + regs->rsp = (uint32_t)regs->esp; + } + #ifndef NDEBUG regs->error_code = 0xbeef; regs->entry_vector = 0xbeef; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 12:12:58 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 12:12:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702385.1097395 (Exim 4.92) (envelope-from ) id 1ruALS-0002Y0-2j; Tue, 09 Apr 2024 12:12:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702385.1097395; Tue, 09 Apr 2024 12:12:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruALR-0002Xr-W1; Tue, 09 Apr 2024 12:12:57 +0000 Received: by outflank-mailman (input) for mailman id 702385; Tue, 09 Apr 2024 12:12:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruALQ-0002XX-Ik for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruALQ-0007ki-I4 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruALQ-0005zr-HM for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 12:12:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AvM+q7CH6J08sGo/pneb980yqAraeppXwn9i5rE3zTg=; b=Ivicslry5M1P0bWKxbVmIay5H2 irRzG1YwYWP3OLe+YCkYw/RViO3P6GS5JCWu/aGoAW83qHduwOhhgCTzDoza07lLFqcPO6XBrFcKJ unI4wlRXY3BAi+tEZ9Dx4zHFHmZFdxZYykZjKYvZ/OFkitFKBbhpRh4a6DQDxrjXlkXE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] hypercall_xlat_continuation: Replace BUG_ON with domain_crash Message-Id: Date: Tue, 09 Apr 2024 12:12:56 +0000 commit 65eb8f32b6b82e0268a9d66b49da354bc6698e87 Author: Bjoern Doebel AuthorDate: Wed Mar 27 18:30:55 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:25 2024 +0100 hypercall_xlat_continuation: Replace BUG_ON with domain_crash Instead of crashing the host in case of unexpected hypercall parameters, resort to only crashing the calling domain. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Bjoern Doebel Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 9926e692c4afc40bcd66f8416ff6a1e93ce402f6) --- xen/arch/x86/hypercall.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 791b4c7585..7889729717 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -202,8 +202,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bogus continuation arg%u (%#lx)\n", + mcs->call.op, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -215,8 +220,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, mcs->call.args[i] = cval; ++rc; } - else - BUG_ON(mcs->call.args[i] != (unsigned int)mcs->call.args[i]); + else if ( mcs->call.args[i] != (unsigned int)mcs->call.args[i] ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bad continuation arg%u (%#lx)\n", + mcs->call.op, i, mcs->call.args[i]); + domain_crash(current->domain); + } } } else @@ -242,8 +252,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bogus continuation arg%u (%#lx)\n", + regs->eax, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -255,8 +270,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, *reg = cval; ++rc; } - else - BUG_ON(*reg != (unsigned int)*reg); + else if ( *reg != (unsigned int)*reg ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bad continuation arg%u (%#lx)\n", + regs->eax, i, *reg); + domain_crash(current->domain); + } } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 13:11:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 13:11:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702440.1097440 (Exim 4.92) (envelope-from ) id 1ruBFg-00064C-Pw; Tue, 09 Apr 2024 13:11:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702440.1097440; Tue, 09 Apr 2024 13:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruBFg-000644-N3; Tue, 09 Apr 2024 13:11:04 +0000 Received: by outflank-mailman (input) for mailman id 702440; Tue, 09 Apr 2024 13:11:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruBFf-00063y-Lg for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 13:11:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruBFf-0000SA-JY for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 13:11:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruBFf-0000wc-Gi for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 13:11:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2HaiKxvPUiIN2T0MipCH5reA5bZa2d6qdTYoLNaDoR8=; b=6ozbrglxUpNkZv7L6SNz/Xxm+Y 3PapkUA3yccOdKAAQpbNOWmahrCn/l3zuYk4jtZN+xzwbPbk491LR4FaQVmokbfXEYF5pml+DLtxs Em56gh/aOTHrSZZYMsXoqW+EOJmlkcVeT4M/6ZwS/uwhWl4wiQx6fKk32cPYFgXJOtCQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/alternatives: fix .init section reference in _apply_alternatives() Message-Id: Date: Tue, 09 Apr 2024 13:11:03 +0000 commit 4be1fef1e6572c2be0bd378902ffb62a6e73faeb Author: Roger Pau Monné AuthorDate: Tue Apr 9 14:50:46 2024 +0200 Commit: Andrew Cooper CommitDate: Tue Apr 9 14:05:59 2024 +0100 x86/alternatives: fix .init section reference in _apply_alternatives() The code in _apply_alternatives() will unconditionally attempt to read __initdata_cf_clobber_{start,end} when called as part of applying alternatives to a livepatch payload when Xen is using IBT. That leads to a page-fault as __initdata_cf_clobber_{start,end} living in .init section will have been unmapped by the time a livepatch gets loaded. Fix by adding a check that limits the clobbering of endbr64 instructions to boot time only. Fixes: 37ed5da851b8 ('x86/altcall: Optimise away endbr64 instruction where possible') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper --- xen/arch/x86/alternative.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 21af0e8258..2e7ba6e0b8 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -326,7 +326,7 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, * Clobber endbr64 instructions now that altcall has finished optimising * all indirect branches to direct ones. */ - if ( force && cpu_has_xen_ibt ) + if ( force && cpu_has_xen_ibt && system_state < SYS_STATE_active ) { void *const *val; unsigned int clobbered = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 14:33:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 14:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702478.1097534 (Exim 4.92) (envelope-from ) id 1ruCX2-0008WS-FR; Tue, 09 Apr 2024 14:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702478.1097534; Tue, 09 Apr 2024 14:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruCX2-0008WK-Cr; Tue, 09 Apr 2024 14:33:04 +0000 Received: by outflank-mailman (input) for mailman id 702478; Tue, 09 Apr 2024 14:33:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruCX1-0008WB-Bf for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 14:33:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruCX1-0001s6-9z for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 14:33:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruCX1-0005GM-8Y for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 14:33:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PPK36HC4AWaksZWVGZ4BZ9sUD+MNFhm/jEzNKcC0Q/I=; b=aGG9CZhZBZ6kldS38p/dr1NRfL qzRQbk5p9dIOMtXinm2AtGgb0FWtdTfE2zGbcz7QMle0Li9Ht1bNatwVnVhmZpiCqf2MALUntYCAd M2pf7QiPGui1+Gri0Lu5DrB/9fR8Eq1syYmf1xhbCJASPplp7pN26xt8Hq1LcP0CjvEY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests Message-Id: Date: Tue, 09 Apr 2024 14:33:03 +0000 commit 4b3da946ad7e3452761478ae683da842e7ff20d6 Author: Andrew Cooper AuthorDate: Tue Apr 9 15:03:05 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 15:26:27 2024 +0100 x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests All of these are prediction-mode (i.e. CPL) based. They don't operate as advertised in PV context. Fixes: 4dd676070684 ("x86/spec-ctrl: Expose IPRED_CTRL to guests") Fixes: 478e4787fa64 ("x86/spec-ctrl: Expose RRSBA_CTRL to guests") Fixes: 583f1d095052 ("x86/spec-ctrl: Expose BHI_CTRL to guests") Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- xen/include/public/arch-x86/cpufeatureset.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 3de7c0383f..6bb1ee3b0a 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -311,10 +311,10 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*S MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*S MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(DDP_CTRL, 13*32+ 3) /* MSR_SPEC_CTRL.DDP_DIS_U */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*S MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:11:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:11:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702591.1097708 (Exim 4.92) (envelope-from ) id 1ruEzw-0005nf-5o; Tue, 09 Apr 2024 17:11:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702591.1097708; Tue, 09 Apr 2024 17:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruEzw-0005nX-3N; Tue, 09 Apr 2024 17:11:04 +0000 Received: by outflank-mailman (input) for mailman id 702591; Tue, 09 Apr 2024 17:11:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruEzv-0005nR-IU for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruEzv-0005MM-Gp for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruEzv-0003sm-G3 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=N6/Ykpue8n/C+MqZGMGZi5HIYIvV87sMfKMAcfQzoi0=; b=FMzXXqTZeCIg/EVhTiFx4bWtvx v4mJw8DOX5VakQcs2WDkoZe9J+8rvQfEaCmHXfNyUuTbk0Z4U2VP+sUrWFV33TPpRK9ik+lHavM39 3aDczwfNVlteN+oVDUfzz/4QGlBsvxZbYNEq7SaYf5SdIO0W0rvgI3XDVF8Muww6hRpk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Fix BTC/SRSO mitigations Message-Id: Date: Tue, 09 Apr 2024 17:11:03 +0000 commit 489d93cd0fdd9609ca0414d7efae51c381106dbc Author: Andrew Cooper AuthorDate: Tue Mar 26 22:47:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Fix BTC/SRSO mitigations We were looking for SCF_entry_ibpb in the wrong variable in the top-of-stack block, and xen_spec_ctrl won't have had bit 5 set because Xen doesn't understand SPEC_CTRL_RRSBA_DIS_U yet. This is XSA-455 / CVE-2024-31142. Fixes: 53a570b28569 ("x86/spec-ctrl: Support IBPB-on-entry") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 60b0b00ed0..071b3997b1 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 629518cc69..c19b39d8c2 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -90,7 +90,7 @@ jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) .endif jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:11:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:11:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702596.1097751 (Exim 4.92) (envelope-from ) id 1ruF06-0006aG-7T; Tue, 09 Apr 2024 17:11:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702596.1097751; Tue, 09 Apr 2024 17:11:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF06-0006Zx-1f; Tue, 09 Apr 2024 17:11:14 +0000 Received: by outflank-mailman (input) for mailman id 702596; Tue, 09 Apr 2024 17:11:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF05-0006W7-LA for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF05-0005NK-KQ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF05-0003tW-JY for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lcsdfqAjD1MmaArGQOldEFhgvbg2EHgkP1MwAwgE9NQ=; b=fMuyO8jdLjuaI1UuC4gJloF8Jd gThq1f3h14twb7knOtCMb8Fg2BrpiK3kw128c14WerYXT1zHLbgO38xCZkbBdkhGtX1WU/WucqqLz UmzrPsMICm5yZzBuxtbx8ie8bcAPAJvYGgR+Y3e1lRqOJOvfBw6nb3yA7Gs+I/GUc/Gw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Rename spec_ctrl_flags to scf Message-Id: Date: Tue, 09 Apr 2024 17:11:13 +0000 commit c62673c4334b3372ebd4292a7ac8185357e7ea27 Author: Andrew Cooper AuthorDate: Thu Mar 28 11:57:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Rename spec_ctrl_flags to scf XSA-455 was ultimately caused by having fields with too-similar names. Both {xen,last}_spec_ctrl are fields containing an architectural MSR_SPEC_CTRL value. The spec_ctrl_flags field contains Xen-internal flags. To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which is also the prefix of the constants used by the fields. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 4 ++-- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/include/asm/current.h | 2 +- xen/arch/x86/include/asm/domain.h | 2 +- xen/arch/x86/include/asm/spec_ctrl.h | 16 ++++++++-------- xen/arch/x86/include/asm/spec_ctrl_asm.h | 22 +++++++++++----------- xen/arch/x86/setup.c | 2 +- xen/arch/x86/spec_ctrl.c | 18 +++++++++--------- xen/arch/x86/x86_64/asm-offsets.c | 2 +- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 2 +- 14 files changed, 44 insertions(+), 44 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 861d12aab0..c6fa810a6b 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,7 @@ static int enter_state(u32 state) ci = get_cpu_info(); /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_IST_MASK; + ci->scf &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,7 +290,7 @@ static int enter_state(u32 state) panic("Missing previously available feature(s)\n"); /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); + ci->scf |= (default_scf & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 33a2830d9d..9ab048b462 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2111,10 +2111,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the new spec_ctrl settings. */ - info->spec_ctrl_flags = - (info->spec_ctrl_flags & ~SCF_DOM_MASK) | - (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); + /* Update the top-of-stack block with the new speculation settings. */ + info->scf = + (info->scf & ~SCF_DOM_MASK) | + (nextd->arch.scf & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 071b3997b1..ecd4db4c41 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 1bead826ca..744cc5186a 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -111,7 +111,7 @@ UNLIKELY_END(realmode) BUILD_BUG_ON(SCF_verw & ~0xff) movzbl VCPU_vmx_launched(%rbx), %ecx shl $31, %ecx - movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax + movzbl CPUINFO_scf(%rsp), %eax and $SCF_verw, %eax or %eax, %ecx diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 6b4f004a3d..423d2963f7 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1374,7 +1374,7 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); - if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + if ( !rc && (d->arch.scf & SCF_entry_ibpb) ) rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, VMX_MSR_HOST); diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index 10950f36cc..8ba3574d59 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -57,7 +57,7 @@ struct cpu_info { unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; + uint8_t scf; /* SCF_* */ /* * The following field controls copying of the L4 page table of 64-bit diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h index 4bd78e3a6d..f5daeb182b 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -323,7 +323,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ + uint8_t scf; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 011ab1db27..ee3119e128 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -9,10 +9,10 @@ #define __X86_SPEC_CTRL_H__ /* - * Encoding of: - * cpuinfo.spec_ctrl_flags - * default_spec_ctrl_flags - * domain.spec_ctrl_flags + * Encoding of Xen's speculation control flags in: + * cpuinfo.scf + * default_scf + * domain.scf * * Live settings are in the top-of-stack block, because they need to be * accessable when XPTI is active. Some settings are fixed from boot, some @@ -82,7 +82,7 @@ extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; -extern uint8_t default_spec_ctrl_flags; +extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; @@ -102,7 +102,7 @@ static inline void init_shadow_spec_ctrl_state(void) info->shadow_spec_ctrl = 0; info->xen_spec_ctrl = default_xen_spec_ctrl; - info->spec_ctrl_flags = default_spec_ctrl_flags; + info->scf = default_scf; /* * For least latency, the VERW selector should be a writeable data @@ -126,7 +126,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) */ info->shadow_spec_ctrl = val; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); @@ -175,7 +175,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. */ - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index c19b39d8c2..8d9761cbe6 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -39,7 +39,7 @@ * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow - * boolean in the per cpu spec_ctrl_flags. The synchronous use is: + * boolean in the per cpu scf. The synchronous use is: * * 1) Store guest value in shadow_spec_ctrl * 2) Set the use_shadow boolean @@ -86,11 +86,11 @@ * interrupting Xen. */ .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) .endif jz .L\@_skip @@ -160,8 +160,8 @@ #define STK_REL(field, top_of_stk) ((field) - (top_of_stk)) .macro SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) + scf=STK_REL(CPUINFO_scf, CPUINFO_error_code), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) /* * Requires \scf and \sel as %rsp-relative expressions * Clobbers eflags @@ -216,10 +216,10 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else - andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + andb $~SCF_use_shadow, CPUINFO_scf(%rsp) movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax .endif @@ -238,7 +238,7 @@ mov %eax, CPUINFO_shadow_spec_ctrl(%rsp) /* Set SPEC_CTRL shadowing *before* loading the guest value. */ - orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + orb $SCF_use_shadow, CPUINFO_scf(%rsp) mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx @@ -316,7 +316,7 @@ * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -341,7 +341,7 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx @@ -375,7 +375,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs * Clobbers %rax, %rbx, %rcx, %rdx */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx testb $SCF_ist_sc_msr, %bl jz .L\@_skip_sc_msr diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index a21984b1cc..ac983ddc69 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2056,7 +2056,7 @@ void asmlinkage __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 6a889db70c..4b146bc28a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -57,7 +57,7 @@ static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; uint8_t __ro_after_init default_xen_spec_ctrl; -uint8_t __ro_after_init default_spec_ctrl_flags; +uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; bool __ro_after_init cpu_has_bug_l1tf; @@ -1105,7 +1105,7 @@ static void __init ibpb_calculations(void) * NMI/#MC, so can't interrupt Xen ahead of having already flushed the * BTB. */ - default_spec_ctrl_flags |= SCF_ist_ibpb; + default_scf |= SCF_ist_ibpb; } if ( opt_ibpb_entry_hvm ) setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); @@ -1606,7 +1606,7 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); - d->arch.spec_ctrl_flags = + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | 0; @@ -1711,7 +1711,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1722,7 +1722,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1857,7 +1857,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } /* @@ -1880,7 +1880,7 @@ void __init init_speculation_mitigations(void) * possible rogue RSB speculation. */ if ( !cpu_has_svm ) - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } srso_calculations(hw_smt_enabled); @@ -1893,7 +1893,7 @@ void __init init_speculation_mitigations(void) if ( opt_eager_fpu == -1 ) opt_eager_fpu = should_use_eager_fpu(); - /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ + /* (Re)init BSP state now that default_scf has been calculated. */ init_shadow_spec_ctrl_state(); /* @@ -2166,7 +2166,7 @@ void __init init_speculation_mitigations(void) { info->shadow_spec_ctrl = 0; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); } diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index d8903a3ce9..3fe21c21b9 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -155,7 +155,7 @@ void __dummy__(void) OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); - OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); + OFFSET(CPUINFO_scf, struct cpu_info, scf); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info)); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 631f4f272a..4ccee38905 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -162,8 +162,8 @@ FUNC(compat_restore_all_guest) /* Account for ev/ec having already been popped off the stack. */ SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) + scf=STK_REL(CPUINFO_scf, CPUINFO_rip), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) .Lft0: iretq _ASM_PRE_EXTABLE(.Lft0, handle_exception) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 7d686b7628..6f82cdeeaf 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -701,7 +701,7 @@ UNLIKELY_END(exit_cr3) /* * When the CPU pushed this exception frame, it zero-extended eflags. * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of - * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs, + * scf and ver_sel above eflags, as we can't use any GPRs, * and we're at a random place on the stack, not in a CPUFINFO block. * * Account for ev/ec having already been popped off the stack. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:11:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:11:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702597.1097758 (Exim 4.92) (envelope-from ) id 1ruF0G-0006xu-8G; Tue, 09 Apr 2024 17:11:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702597.1097758; Tue, 09 Apr 2024 17:11:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0G-0006xf-4r; Tue, 09 Apr 2024 17:11:24 +0000 Received: by outflank-mailman (input) for mailman id 702597; Tue, 09 Apr 2024 17:11:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0F-0006x8-Ov for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0F-0005Ne-O9 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF0F-0003u0-Ms for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0SpLIfAQphQjBUZV5PVu6+ZvQ1gOb5WS5RFZKgwoJ2k=; b=J2qhu9ypDBRlR8cz6CiaQEkTh+ nXHZr8zaSxGiKc0ardo1B+N7LGv3xJ+uU5ptICPb9IcgwY82sujbb3DzEPmzm+WOhVBPu9PaVNKkC BnGNY6Rqh9AJDdvSL/fZRexFBYaEPOkHmCRkGt+S34NdAyWOq5F9h6ClWsAuCpUnck8M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Message-Id: Date: Tue, 09 Apr 2024 17:11:23 +0000 commit 94896de1a98c4289fe6fef9e16ef99fc6ef2efc4 Author: Andrew Cooper AuthorDate: Fri Mar 22 11:41:41 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Right now, we have a mix of safety strategies in different blocks, making the logic fragile and hard to follow. Start addressing this by having a safety LFENCE at the end of the blocks, which can be patched out if other safety criteria are met. This will allow us to simplify the sub-blocks. For SPEC_CTRL_ENTRY_FROM_IST, simply leave an LFENCE unconditionally at the end; the IST path is not a fast-path by any stretch of the imagination. For SPEC_CTRL_ENTRY_FROM_INTR, the existing description was incorrect. The IRET #GP path is non-fatal but can occur with the guest's choice of MSR_SPEC_CTRL. It is safe to skip the flush/barrier-like protections when interrupting Xen, but we must run DO_SPEC_CTRL_ENTRY irrespective. This will skip RSB stuffing which was previously unconditional even when interrupting Xen. AFAICT, this is a missing cleanup from commit 3fffaf9c13e9 ("x86/entry: Avoid using alternatives in NMI/#MC paths") where we split the IST entry path out of the main INTR entry path. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- xen/arch/x86/hvm/vmx/entry.S | 1 + xen/arch/x86/include/asm/cpufeatures.h | 4 +++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 27 +++++++++-------- xen/arch/x86/spec_ctrl.c | 52 ++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 744cc5186a..241ec5ce07 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -43,6 +43,7 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 7e8221fd85..6422c66b0f 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -52,5 +52,9 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_BUG_CLFLUSH_MFENCE X86_BUG( 2) /* MFENCE needed to serialise CLFLUSH */ #define X86_BUG_IBPB_NO_RET X86_BUG( 3) /* IBPB doesn't flush the RSB/RAS */ +#define X86_SPEC_NO_LFENCE_ENTRY_PV X86_BUG(16) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_PV. */ +#define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ +#define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 8d9761cbe6..ffa573ef0f 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -261,25 +261,37 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm /* * Used after an exception or maskable interrupt, hitting Xen or PV context. - * There will either be a guest speculation context, or (barring fatal - * exceptions) a well-formed Xen speculation context. + * There will either be a guest speculation context, or a well-formed Xen + * speculation context, with the exception of one case. IRET #GP handling may + * have a guest choice of MSR_SPEC_CTRL. + * + * Therefore, we can skip the flush/barrier-like protections when hitting Xen, + * but we must still run the mode-based protections. */ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rcx, %rdx */ + testb $3, UREGS_cs(%rsp) + jz .L\@_skip + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV +.L\@_skip: ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm /* @@ -348,18 +360,9 @@ movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr - /* Opencoded UNLIKELY_START() with no condition. */ -UNLIKELY_DISPATCH_LABEL(\@_serialise): - .subsection 1 - /* - * In the case that we might need to set SPEC_CTRL.IBRS for safety, we - * need to ensure that an attacker can't poison the `jz .L\@_skip_wrmsr` - * to speculate around the WRMSR. As a result, we need a dispatch - * serialising instruction in the else clause. - */ .L\@_skip_msr_spec_ctrl: + lfence - UNLIKELY_END(\@_serialise) .endm /* diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 4b146bc28a..c2be9889e3 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2142,6 +2142,58 @@ void __init init_speculation_mitigations(void) print_details(thunk); + /* + * With the alternative blocks now chosen, see if we need any other + * adjustments for safety. + * + * We compile the LFENCE in, and patch it out if it's not needed. + * + * Notes: + * - SPEC_CTRL_ENTRY_FROM_SVM doesn't need an LFENCE because it has an + * unconditional STGI. + * - SPEC_CTRL_ENTRY_FROM_IST handles its own safety, without the use of + * alternatives. + * - DO_OVERWRITE_RSB has conditional branches in it, but it's an inline + * sequence. It is considered safe for uarch reasons. + */ + { + /* + * SPEC_CTRL_ENTRY_FROM_PV conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we're not using any prior conditional mitigation, + * then it's safe to drop the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); + + /* + * SPEC_CTRL_ENTRY_FROM_INTR conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we have no protections active in the block that + * is skipped when interrupting guest context, then it's safe to drop + * the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); + + /* + * SPEC_CTRL_ENTRY_FROM_VMX conditional safety + * + * Currently there are no safety actions with conditional branches, so + * no need for the extra safety LFENCE. + */ + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + } + /* * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard * any firmware settings. For performance reasons, when safe to do so, we -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:11:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:11:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702604.1097763 (Exim 4.92) (envelope-from ) id 1ruF0R-0007HK-9r; Tue, 09 Apr 2024 17:11:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702604.1097763; Tue, 09 Apr 2024 17:11:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0R-0007H9-6V; Tue, 09 Apr 2024 17:11:35 +0000 Received: by outflank-mailman (input) for mailman id 702604; Tue, 09 Apr 2024 17:11:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0P-0007EI-Sb for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0P-0005Nv-R4 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF0P-0003uU-QP for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VBdCS6SlZHsz8zGvpSofc0B9ESIpRyq/oJgftwrr5u0=; b=xm6q7c132GxtBTgCvrBPDt7mLX r3NkfT0Xz+xDONoUO1eFrSicfs8DpANbrMVhxZ27e6Z6MI06/zwEfMRQsYcEKvdgkOsOcaHjNuaTv I1CpxcDL0skDH/+LFpeTqKKMcIehC0NJeYqSZ5L47XmaUA359x3CwmynPTiQ4rCovCL0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Message-Id: Date: Tue, 09 Apr 2024 17:11:33 +0000 commit 22390697bf1b4cd3024f2d10893dec3c3ec08a9c Author: Andrew Cooper AuthorDate: Fri Mar 22 15:52:06 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Other SPEC_CTRL_* paths already use %r14 like this, and it will allow for simplifications. All instances of SPEC_CTRL_ENTRY_FROM_PV are followed by a GET_STACK_END() invocation, so this change is only really logic and register shuffling. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/x86_64/compat/entry.S | 4 +++- xen/arch/x86/x86_64/entry.S | 44 +++++++++++++++++++++----------------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 4ccee38905..0a1dad8a50 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,6 +18,8 @@ FUNC(entry_int82) movb $HYPERCALL_VECTOR, EFRAME_entry_vector(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ @@ -25,7 +27,7 @@ FUNC(entry_int82) CR4_PV32_RESTORE /* Clob: ac */ - GET_CURRENT(bx) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov %rsp, %rdi call do_entry_int82 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 6f82cdeeaf..000710f314 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -265,21 +265,22 @@ FUNC(lstar_enter) movb $TRAP_syscall >> 8, EFRAME_entry_vector + 1(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Llstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Llstar_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx testb $TF_kernel_mode,VCPU_thread_flags(%rbx) jz switch_to_kernel @@ -304,23 +305,24 @@ FUNC(cstar_enter) movb $TRAP_syscall >> 8, EFRAME_entry_vector + 1(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lcstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lcstar_cr3_okay: sti CR4_PV32_RESTORE /* Clob: ac */ - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx #ifdef CONFIG_PV32 movq VCPU_domain(%rbx), %rcx @@ -347,23 +349,24 @@ LABEL(sysenter_eflags_saved, 0) movb $TRAP_syscall >> 8, EFRAME_entry_vector + 1(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lsyse_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl @@ -402,17 +405,18 @@ FUNC(entry_int80) movb $0x80, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lint80_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lint80_cr3_okay: sti @@ -422,7 +426,7 @@ UNLIKELY_START(ne, msi_check) call check_for_unexpected_msi UNLIKELY_END(msi_check) - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov VCPU_trap_ctxt(%rbx), %rsi mov VCPU_domain(%rbx), %rax -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:11:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:11:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702615.1097765 (Exim 4.92) (envelope-from ) id 1ruF0b-0007V7-Ad; Tue, 09 Apr 2024 17:11:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702615.1097765; Tue, 09 Apr 2024 17:11:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0b-0007V0-84; Tue, 09 Apr 2024 17:11:45 +0000 Received: by outflank-mailman (input) for mailman id 702615; Tue, 09 Apr 2024 17:11:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0Z-0007TC-Uj for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0Z-0005OI-U0 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF0Z-0003uz-TC for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qyL5TpGGFOIXsr1fbilGXoQvRS6H9C9z6AgOFkqdnw4=; b=B+Y27knrcnXCc1/rzWHK38VmLL 6/Y/9OazceIVRYtH3tQajz2BLKw5yKmvpWUzhQ2k5Hl2ugKTwoYINQ6vtdYASda5MkOAawQuZwNMl O8LM++hVvXBScsvA7PhRGfT0TvYn2VA8TU/Yb9wwPBXVi2N1dPHDbNyERY/nyGJD3zhQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} Message-Id: Date: Tue, 09 Apr 2024 17:11:43 +0000 commit 9607aeb6602b8ed9962404de3f5f90170ffddb66 Author: Andrew Cooper AuthorDate: Fri Mar 22 12:08:02 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} ... as we do in the exit paths too. This will allow simplification to the sub-blocks. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 10 +++++++--- xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++++------ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index ffa573ef0f..9d57478ac5 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -251,9 +251,11 @@ */ .macro SPEC_CTRL_ENTRY_FROM_PV /* - * Requires %rsp=regs/cpuinfo, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs/cpuinfo, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ X86_FEATURE_IBPB_ENTRY_PV @@ -277,8 +279,10 @@ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + testb $3, UREGS_cs(%rsp) jz .L\@_skip diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 0a1dad8a50..a99646c0cd 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,7 +20,7 @@ FUNC(entry_int82) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ sti diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 000710f314..715b0d415a 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -267,7 +267,7 @@ FUNC(lstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -307,7 +307,7 @@ FUNC(cstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -351,7 +351,7 @@ LABEL(sysenter_eflags_saved, 0) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ @@ -407,7 +407,7 @@ FUNC(entry_int80) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -723,7 +723,7 @@ FUNC(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -759,7 +759,7 @@ FUNC(handle_exception, 0) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:11:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:11:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702617.1097770 (Exim 4.92) (envelope-from ) id 1ruF0l-0007gg-CE; Tue, 09 Apr 2024 17:11:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702617.1097770; Tue, 09 Apr 2024 17:11:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0l-0007gY-9Y; Tue, 09 Apr 2024 17:11:55 +0000 Received: by outflank-mailman (input) for mailman id 702617; Tue, 09 Apr 2024 17:11:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0k-0007gC-1O for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0k-0005OT-0d for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF0j-0003vd-W6 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:11:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CZ6VWSgpY2HmnsPEKnyicTPSNbJUJCo1g/U9Cq4LWs8=; b=hw39ELxR7K5fr6C0jMm7o+Pxeu h2k7/0Ecs9zu90XaQbGVHlAk5f1XiMHbTSfXGhGruX1vTjHS2xVHEOvAyheHccaCD0/Qgs0xpPVKT B0H86+3crnhCqrmzTgkdvOEwKkEy01dCyJNQpCUh6Um36CTz9Mnr0YYEgulqn+POkGus=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Simplify DO_COND_IBPB Message-Id: Date: Tue, 09 Apr 2024 17:11:53 +0000 commit 2378d16a931de0e62c03669169989e9437306abe Author: Andrew Cooper AuthorDate: Fri Mar 22 14:33:17 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Simplify DO_COND_IBPB With the prior refactoring, SPEC_CTRL_ENTRY_{PV,INTR} both load SCF into %ebx, and handle the conditional safety including skipping if interrupting Xen. Therefore, we can drop the maybexen parameter and the conditional safety. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 9d57478ac5..5e6d085ec3 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -75,33 +75,21 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ -.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +.macro DO_COND_IBPB /* - * Requires %rsp=regs (also cpuinfo if !maybexen) - * Requires %r14=stack_end (if maybexen), %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rbx=SCF, %rdx=0 + * Clobbers %rax, %rcx * - * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen - * case, we can safely look at UREGS_cs to skip taking the hit when - * interrupting Xen. + * Conditionally issue IBPB if SCF_entry_ibpb is active. */ - .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) - jz .L\@_skip - testb $3, UREGS_cs(%rsp) - .else - testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) - .endif + testb $SCF_entry_ibpb, %bl jz .L\@_skip mov $MSR_PRED_CMD, %ecx mov $PRED_CMD_IBPB, %eax wrmsr - jmp .L\@_done .L\@_skip: - lfence -.L\@_done: .endm .macro DO_OVERWRITE_RSB tmp=rax, xu @@ -256,8 +244,7 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -286,8 +273,7 @@ testb $3, UREGS_cs(%rsp) jz .L\@_skip - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -327,7 +313,7 @@ * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of: - * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_COND_IBPB * DO_OVERWRITE_RSB * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:12:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:12:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702619.1097774 (Exim 4.92) (envelope-from ) id 1ruF0v-0007qf-Dj; Tue, 09 Apr 2024 17:12:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702619.1097774; Tue, 09 Apr 2024 17:12:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0v-0007qY-Ay; Tue, 09 Apr 2024 17:12:05 +0000 Received: by outflank-mailman (input) for mailman id 702619; Tue, 09 Apr 2024 17:12:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0u-0007ov-4Q for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF0u-0005On-3Y for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF0u-0004Bv-2n for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+UjgptsnLu5tzgKTyIQGvjSzzH23gTaOSFS1XOVO1CI=; b=q21LiI2PQN9aYD66bTUq/I6cD0 MkESVljAYlbZ2A5sxpr+TKsZE8pW5oibWAEsgriy8BO8r54vQ0fIrGzNefJ6i5CrnDW0gygCP+kc/ 7dAYlk5wOkSUt+in/FKBUkZjv5iNHVVFKc1phyRRq+H/926p8sFBX8slJOdhbC3s6IPo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* Message-Id: Date: Tue, 09 Apr 2024 17:12:04 +0000 commit 40dea83b75386cb693481cf340024ce093be5c0f Author: Andrew Cooper AuthorDate: Mon Mar 25 11:09:35 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* The complexity is getting out of hand. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 14 ++++++++ xen/arch/x86/hvm/vmx/entry.S | 14 ++++++++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 59 ++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index ecd4db4c41..6c48118dc9 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -100,6 +100,11 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular + * making type-confused RETs safe to use. This is not needed on Zen5 + * and later parts when SRSO_MSR_FIX (BP-SPEC-REDUCE) is in use. + */ .macro svm_vmexit_cond_ibpb testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb @@ -111,8 +116,17 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + /* + * RSB (RAS/RAP) stuffing is to prevents RET predictions following guest + * entries. This is not needed on Zen4 and later, when AutoIBRS is in + * use. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting, making indirect CALLs/JMPs + * safe to use. The guest's setting resides in the VMCB. + */ .macro svm_vmexit_spec_ctrl movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax movzbl CPUINFO_last_spec_ctrl(%rsp), %edx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 241ec5ce07..f52b3f0893 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -34,8 +34,22 @@ ENTRY(vmx_asm_vmexit_handler) mov %rax,VCPU_hvm_guest_cr2(%rbx) /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* + * RSB stuffing is to prevents RET predictions following guest + * entries. This is *not* sufficient to flush all RSB entries on + * parts enumerating eIBRS, although the following restore_spec_ctrl + * does covers us. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting. The guest's value resides in + * the MSR load/save list. For Legacy IBRS, this flushes/inhibits + * indirect predictions and does not flush the RSB. For eIBRS, this + * prevents CALLs/JMPs using predictions learnt at a lower predictor + * mode, and it flushes the RSB. On eIBRS parts that also suffer from + * PBRSB, the prior RSB stuffing suffices to make the RSB safe. + */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 5e6d085ec3..346e131a31 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -244,10 +244,32 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. + */ ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * This is not needed if SMEP is active and the RSB is full-width. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. The + * guest can't change it's value behind Xen's back. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. + */ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV @@ -270,6 +292,14 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * All safety notes the same as SPEC_CTRL_ENTRY_FROM_PV, although there is + * a conditional jump skipping some actions when interrupting Xen. + * + * On Intel parts, the IRET #GP path ends up here with the guest's choice + * of MSR_SPEC_CTRL. + */ + testb $3, UREGS_cs(%rsp) jz .L\@_skip @@ -320,6 +350,19 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. The SVM path takes care of + * Host/Guest interactions prior to clearing GIF, and it's not used on the + * VMX path. + */ test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -329,6 +372,12 @@ .L\@_skip_ibpb: + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * SCF_ist_rsb is active if either PV or HVM protections are needed. The + * VMX path cannot guarantee to make the RSB safe ahead of taking an IST + * vector. + */ test $SCF_ist_rsb, %bl jz .L\@_skip_rsb @@ -336,6 +385,16 @@ .L\@_skip_rsb: + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. PV + * guests can't change their value behind Xen's back. HVM guests have + * their value stored in the MSR load/save list. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. On eIBRS parts that also + * suffer from PBRSB, the prior RSB stuffing suffices to make the RSB + * safe. + */ test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:12:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:12:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702620.1097778 (Exim 4.92) (envelope-from ) id 1ruF15-0007yt-Gd; Tue, 09 Apr 2024 17:12:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702620.1097778; Tue, 09 Apr 2024 17:12:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF15-0007yj-Dn; Tue, 09 Apr 2024 17:12:15 +0000 Received: by outflank-mailman (input) for mailman id 702620; Tue, 09 Apr 2024 17:12:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF14-0007xO-7O for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF14-0005Ox-6j for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF14-00056v-63 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0IVdJ2PBY526kM7NYNl3WjKR0nbclNpAcUX/y/slQ6Y=; b=H3QQ1d2wdnXRHf+npbx2U/0uR1 lBXPsGsPbigd8y94ltnQIawhCYh/kwR2MiP/1Z4bw6pDyFKDRUAUJPpgWA81MFd8dS7yaCwBFiFxV 0SRqnD0idXKWN1YZUhMgTP0Kx19h8lliH7sg3aWOEFKS2FS5wSRaEJoYBr5uAVq6pJvs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/vmx: Add support for virtualize SPEC_CTRL Message-Id: Date: Tue, 09 Apr 2024 17:12:14 +0000 commit 97c5b8b657e41a6645de9d40713b881234417b49 Author: Roger Pau Monne AuthorDate: Thu Feb 15 17:46:53 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/vmx: Add support for virtualize SPEC_CTRL The feature is defined in the tertiary exec control, and is available starting from Sapphire Rapids and Alder Lake CPUs. When enabled, two extra VMCS fields are used: SPEC_CTRL mask and shadow. Bits set in mask are not allowed to be toggled by the guest (either set or clear) and the value in the shadow field is the value the guest expects to be in the SPEC_CTRL register. By using it the hypervisor can force the value of SPEC_CTRL bits behind the guest back without having to trap all accesses to SPEC_CTRL, note that no bits are forced into the guest as part of this patch. It also allows getting rid of SPEC_CTRL in the guest MSR load list, since the value in the shadow field will be loaded by the hardware on vmentry. Signed-off-by: Roger Pau Monné Signed-off-by: Andrew Cooper --- xen/arch/x86/hvm/vmx/vmcs.c | 12 ++++++++++- xen/arch/x86/hvm/vmx/vmx.c | 37 ++++++++++++++++++++++++++------- xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 5 +++++ xen/arch/x86/include/asm/msr.h | 7 +++++-- 4 files changed, 51 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 423d2963f7..9b6dc51f36 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -202,6 +202,7 @@ static void __init vmx_display_features(void) P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); P(cpu_has_vmx_bus_lock_detection, "Bus Lock Detection"); P(cpu_has_vmx_notify_vm_exiting, "Notify VM Exit"); + P(cpu_has_vmx_virt_spec_ctrl, "Virtualize SPEC_CTRL"); #undef P if ( !printed ) @@ -365,7 +366,7 @@ static int vmx_init_vmcs_config(bool bsp) if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) { - uint64_t opt = 0; + uint64_t opt = TERTIARY_EXEC_VIRT_SPEC_CTRL; _vmx_tertiary_exec_control = adjust_vmx_controls2( "Tertiary Exec Control", 0, opt, @@ -1365,6 +1366,12 @@ static int construct_vmcs(struct vcpu *v) if ( cpu_has_vmx_tsc_scaling ) __vmwrite(TSC_MULTIPLIER, d->arch.hvm.tsc_scaling_ratio); + if ( cpu_has_vmx_virt_spec_ctrl ) + { + __vmwrite(SPEC_CTRL_MASK, 0); + __vmwrite(SPEC_CTRL_SHADOW, 0); + } + /* will update HOST & GUEST_CR3 as reqd */ paging_update_paging_modes(v); @@ -2086,6 +2093,9 @@ void vmcs_dump_vcpu(struct vcpu *v) if ( v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY ) printk("InterruptStatus = %04x\n", vmr16(GUEST_INTR_STATUS)); + if ( cpu_has_vmx_virt_spec_ctrl ) + printk("SPEC_CTRL mask = 0x%016lx shadow = 0x%016lx\n", + vmr(SPEC_CTRL_MASK), vmr(SPEC_CTRL_SHADOW)); printk("*** Host State ***\n"); printk("RIP = 0x%016lx (%ps) RSP = 0x%016lx\n", diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 319a37b745..c886331006 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -818,23 +818,28 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored. + * + * If VMX_VIRT_SPEC_CTRL is available, it is activated by default and the + * guest MSR_SPEC_CTRL value lives in the VMCS. Otherwise, it lives in + * the MSR load/save list. */ if ( cp->feat.ibrsb ) { vmx_clear_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); - if ( rc ) - goto out; + if ( !cpu_has_vmx_virt_spec_ctrl ) + { + rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); + if ( rc ) + goto out; + } } else { vmx_set_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); - if ( rc && rc != -ESRCH ) - goto out; - rc = 0; /* Tolerate -ESRCH */ + if ( !cpu_has_vmx_virt_spec_ctrl ) + vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ @@ -2629,6 +2634,10 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - fetched below. */ + break; + rc = vmx_read_guest_msr(v, reg, &val); if ( rc ) { @@ -2652,6 +2661,11 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmread(SPEC_CTRL_SHADOW, &val); + break; + case MSR_IA32_BNDCFGS: __vmread(GUEST_BNDCFGS, &val); break; @@ -2678,6 +2692,10 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - set below. */ + break; + rc = vmx_write_guest_msr(v, reg, val); if ( rc ) { @@ -2698,6 +2716,11 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmwrite(SPEC_CTRL_SHADOW, val); + break; + case MSR_IA32_BNDCFGS: __vmwrite(GUEST_BNDCFGS, val); break; diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index a7dd2eeffc..58140af691 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -270,6 +270,9 @@ extern u32 vmx_secondary_exec_control; #define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) extern uint64_t vmx_tertiary_exec_control; +#define cpu_has_vmx_virt_spec_ctrl \ + (vmx_tertiary_exec_control & TERTIARY_EXEC_VIRT_SPEC_CTRL) + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -436,6 +439,8 @@ enum vmcs_field { XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, TERTIARY_VM_EXEC_CONTROL = 0x00002034, + SPEC_CTRL_MASK = 0x0000204a, + SPEC_CTRL_SHADOW = 0x0000204c, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 1d8ea9f26f..c95330a5a1 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -302,8 +302,11 @@ struct vcpu_msrs * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. * - * For VT-x guests, the guest value is held in the MSR guest load/save - * list. + * For VT-x guests, one of two situations exist: + * + * - If hardware supports virtualized MSR_SPEC_CTRL, it is active by + * default and the guest value lives in the VMCS. + * - Otherwise, the guest value is held in the MSR load/save list. * * For SVM, the guest value lives in the VMCB, and hardware saves/restores * the host value automatically. However, guests run with the OR of the -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:12:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:12:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702621.1097782 (Exim 4.92) (envelope-from ) id 1ruF1F-00085e-IM; Tue, 09 Apr 2024 17:12:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702621.1097782; Tue, 09 Apr 2024 17:12:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1F-00085W-FQ; Tue, 09 Apr 2024 17:12:25 +0000 Received: by outflank-mailman (input) for mailman id 702621; Tue, 09 Apr 2024 17:12:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1E-00084y-Aa for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1E-0005PH-9n for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF1E-0005qt-90 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2tsDCyVxmA28LJMCNrmGpryG3H+4M2iR6jSS5XcSe4U=; b=y4JMtOpRMbLJwSl+GxmiOBZbCL p0AJu7VuScWrqfEbPpZTD74eBqV3ib6YC7FzWh52NOcYWgA6GNg2nAatuYKMDb3tTMP/DznQDLHnM /7/jMjbtiR/c56ZtJG66zWxrKWfcAaHmm065OMdtzPc88FNn+WJd4AMEQX9CpFvuQU1I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Message-Id: Date: Tue, 09 Apr 2024 17:12:24 +0000 commit 45dac88e78e8a2d9d8738eef884fe6730faf9e67 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:43:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Right now, they're all bytes, but MSR_SPEC_CTRL has been steadily gaining new features. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/include/asm/spec_ctrl.h | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 6 +++--- xen/arch/x86/spec_ctrl.c | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 6c48118dc9..6fd9652c04 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -61,14 +61,14 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ .macro svm_vmentry_spec_ctrl mov VCPU_arch_msrs(%rbx), %rax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_last_spec_ctrl(%rsp), %edx mov VCPUMSR_spec_ctrl_raw(%rax), %eax cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM @@ -128,14 +128,14 @@ __UNLIKELY_END(nsvm_hap) * safe to use. The guest's setting resides in the VMCB. */ .macro svm_vmexit_spec_ctrl - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_last_spec_ctrl(%rsp), %edx cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index f52b3f0893..96b3d22080 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -52,7 +52,7 @@ ENTRY(vmx_asm_vmexit_handler) */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax xor %edx, %edx wrmsr .endm diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index 8ba3574d59..4126d03396 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -55,8 +55,8 @@ struct cpu_info { /* See asm/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; - uint8_t xen_spec_ctrl; - uint8_t last_spec_ctrl; + unsigned int xen_spec_ctrl; + unsigned int last_spec_ctrl; uint8_t scf; /* SCF_* */ /* diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index ee3119e128..95dd081f30 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -81,7 +81,7 @@ extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; -extern uint8_t default_xen_spec_ctrl; +extern unsigned int default_xen_spec_ctrl; extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 346e131a31..23b23219de 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -205,10 +205,10 @@ setnz %al not %eax and %al, STACK_CPUINFO_FIELD(scf)(%r14) - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else andb $~SCF_use_shadow, CPUINFO_scf(%rsp) - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax .endif wrmsr @@ -406,7 +406,7 @@ /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr .L\@_skip_msr_spec_ctrl: diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index c2be9889e3..ed52ce3cc5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -56,7 +56,7 @@ static bool __initdata opt_branch_harden = static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __ro_after_init default_xen_spec_ctrl; +unsigned int __ro_after_init default_xen_spec_ctrl; uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:12:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:12:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702622.1097785 (Exim 4.92) (envelope-from ) id 1ruF1P-0008BR-Ja; Tue, 09 Apr 2024 17:12:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702622.1097785; Tue, 09 Apr 2024 17:12:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1P-0008BJ-Gx; Tue, 09 Apr 2024 17:12:35 +0000 Received: by outflank-mailman (input) for mailman id 702622; Tue, 09 Apr 2024 17:12:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1O-0008Ah-DO for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1O-0005PO-Ci for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF1O-0006HO-C3 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3k2dxWmO1oEXkaoCr/vYRAP3z6wMkLyhNxr/nNgKf98=; b=d0ACRCzHj04h/AfUlmmuqDTH1A LjduBNZQwyFhRD3sGXkfuwp73fnQBVZlKGgM/TpTsMUx38ilrJYfFiwPhsEMEupDKc7soDTigU4PD iW8vNYmxTnuQ0FMB6RrgFHcSi2wmpfdtWhposPZH24SQef/VFM2Bof9nv1Wg2YS8TuGs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: Use indirect calls in reset-stack infrastructure Message-Id: Date: Tue, 09 Apr 2024 17:12:34 +0000 commit 8e186f98ce0e35d1754ec9299da41ec98873b65c Author: Andrew Cooper AuthorDate: Fri Dec 22 17:44:48 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86: Use indirect calls in reset-stack infrastructure Mixing up JMP and CALL indirect targets leads a very fun form of speculative type confusion. A target which is expecting to be called CALLed needs a return address on the stack, and an indirect JMP doesn't place one there. An indirect JMP which predicts to a target intending to be CALLed can end up with a RET speculatively executing with a value from the JMPers stack frame. There are several ways get indirect JMPs in Xen. * From tailcall optimisations. These are safe because the compiler has arranged the stack to point at the callee's return address. * From jump tables. These are unsafe, but Xen is built with -fno-jump-tables to work around several compiler issues. * From reset_stack_and_jump_ind(), which is particularly unsafe. Because of the additional stack adjustment made, the value picked up off the stack is regs->r15 of the next vCPU to run. In order to mitigate this type confusion, we want to make all indirect targets be CALL targets, and remove the use of indirect JMP except via tailcall optimisation. Luckily due to XSA-348, all C target functions of reset_stack_and_jump_ind() are noreturn. {svm,vmx}_do_resume() exits via reset_stack_and_jump(); a direct JMP with entirely different prediction properties. idle_loop() is an infinite loop which eventually exits via reset_stack_and_jump_ind() from a new schedule. i.e. These paths are all fine having one extra return address on the stack. This leaves continue_pv_domain(), which is expecting to be a JMP target. Alter it to strip the return address off the stack, which is safe because there isn't actually a RET expecting to return to its caller. This allows us change reset_stack_and_jump_ind() to reset_stack_and_call_ind() in order to mitigate the speculative type confusion. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/x86_64/entry.S | 8 ++++++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 9ab048b462..4f851aa81f 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2127,12 +2127,12 @@ void context_switch(struct vcpu *prev, struct vcpu *next) /* Ensure that the vcpu has an up-to-date time base. */ update_vcpu_system_time(next); - reset_stack_and_jump_ind(nextd->arch.ctxt_switch->tail); + reset_stack_and_call_ind(nextd->arch.ctxt_switch->tail); } void continue_running(struct vcpu *same) { - reset_stack_and_jump_ind(same->domain->arch.ctxt_switch->tail); + reset_stack_and_call_ind(same->domain->arch.ctxt_switch->tail); } int __sync_local_execstate(void) diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index 4126d03396..bcec328c98 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -198,10 +198,10 @@ unsigned long get_stack_dump_bottom (unsigned long sp); switch_stack_and_jump(fn, "jmp %c", "i") /* The constraint may only specify non-call-clobbered registers. */ -#define reset_stack_and_jump_ind(fn) \ +#define reset_stack_and_call_ind(fn) \ ({ \ (void)((fn) == (void (*)(void))NULL); \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b"); \ + switch_stack_and_jump(fn, "INDIRECT_CALL %", "b"); \ }) /* diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 715b0d415a..461bbc3558 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -644,6 +644,14 @@ END(create_bounce_frame) #ifdef CONFIG_PV FUNC(continue_pv_domain) ENDBR64 + + /* + * For speculative type confusion reasons, we're CALLed rather than + * JMPed to. Drop the return address. + */ + add $8, %rsp + ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK + call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:12:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:12:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702626.1097789 (Exim 4.92) (envelope-from ) id 1ruF1Z-0008Fx-L3; Tue, 09 Apr 2024 17:12:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702626.1097789; Tue, 09 Apr 2024 17:12:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1Z-0008Fq-IM; Tue, 09 Apr 2024 17:12:45 +0000 Received: by outflank-mailman (input) for mailman id 702626; Tue, 09 Apr 2024 17:12:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1Y-0008FR-GP for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1Y-0005Pr-Fi for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF1Y-0006Hq-Ez for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HPRi1Be/fN2vVpwYPgM8c1KdsuUPUphVtUcZ4x0c+ns=; b=FojdkiCnam2BB9AgvatfyM3kvB 9HISBcfLlEYh9q/FzLzwI5mSmImw1/y4ntUfkVCPvPVDD1N3WNoSbA5+kaLlVLu9265za6rAJsR5c bl4j7uKu3fb1BdOOmrbfzt0vEYCh2Udlkwa3NC0SQ4/Xz8uM19CwpmBCv7Cox6jU1Z5M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86: Drop INDIRECT_JMP Message-Id: Date: Tue, 09 Apr 2024 17:12:44 +0000 commit 0b66d7ce3c0290eaad28bdafb35200052d012b14 Author: Andrew Cooper AuthorDate: Fri Dec 22 18:01:37 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86: Drop INDIRECT_JMP Indirect JMPs which are not tailcalls can lead to an unwelcome form of speculative type confusion, and we've removed the uses of INDIRECT_JMP to compensate. Remove the temptation to reintroduce new instances. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/asm-defns.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/include/asm/asm-defns.h b/xen/arch/x86/include/asm/asm-defns.h index 0e5f0be768..d55dd3bbc3 100644 --- a/xen/arch/x86/include/asm/asm-defns.h +++ b/xen/arch/x86/include/asm/asm-defns.h @@ -29,10 +29,9 @@ BUG /* Shouldn't return */ .endm -.macro INDIRECT_BRANCH insn:req, arg:req +.macro INDIRECT_CALL arg:req /* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. + * Create an indirect call. arg is a single register. * * With no compiler support, this degrades into a plain indirect call/jmp. * With compiler support, dispatch to the correct __x86_indirect_thunk_* @@ -42,7 +41,7 @@ $done = 0 .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg + call __x86_indirect_thunk_r\reg $done = 1 .exitm .endif @@ -53,19 +52,10 @@ .endif .else - \insn *\arg + call *\arg .endif .endm -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call, \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp, \arg -.endm - #ifdef CONFIG_XEN_IBT # define ENDBR64 endbr64 #else -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:12:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:12:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702628.1097794 (Exim 4.92) (envelope-from ) id 1ruF1j-0008Kj-NO; Tue, 09 Apr 2024 17:12:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702628.1097794; Tue, 09 Apr 2024 17:12:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1j-0008Kb-KL; Tue, 09 Apr 2024 17:12:55 +0000 Received: by outflank-mailman (input) for mailman id 702628; Tue, 09 Apr 2024 17:12:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1i-0008KN-Jg for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1i-0005Py-Ip for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF1i-0006IS-Hv for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:12:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FJeBjS2sx7j81anmNgYC2zKdjAfKqHw7Q/Lk0V5AtPU=; b=G/AgkgzluC4ragNw5C7CLlucbc xxI7C/cB0hDHYFYDrcbr2+kiCOCx9Q1XHeLn7x/DeBR2HCG+lcUizf6KPSNIFzq54KrzdYRH1XzwC rmk8UE/pSt86b9YVxwuLAVJ1bMGlwZrOQPm6Q46qbvL+AX2CWXUNaSRUE8vRSpttTxKo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/tsx: Expose RTM_ALWAYS_ABORT to guests Message-Id: Date: Tue, 09 Apr 2024 17:12:54 +0000 commit c94e2105924347de0d9f32065370e802a20cc829 Author: Andrew Cooper AuthorDate: Sat Apr 6 20:36:54 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/tsx: Expose RTM_ALWAYS_ABORT to guests A TSX Abort is one option mitigate Native-BHI, but a guest kernel doesn't get to see this if Xen has turned RTM off using MSR_TSX_{CTRL,FORCE_ABORT}. Therefore, the meaning of RTM_ALWAYS_ABORT has been adjusted to "XBEGIN won't fault", and it should be exposed to guests so they can make a better decision. Expose it in the max policy for any RTM-capable system. Offer it by default only if RTM has been disabled. Update test-tsx to account for this new meaning. While adjusting the logic in test_guest_policies(), take the opportunity to use feature names (now they're available) to make the logic easier to follow. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- tools/tests/tsx/test-tsx.c | 39 +++++++++++++++++++---------- xen/arch/x86/cpu-policy.c | 20 +++++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 47 insertions(+), 14 deletions(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index b7e1972ce8..5af04953f3 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -311,25 +311,25 @@ static void test_guest_policies(const struct cpu_policy *max, dump_tsx_details(max, "Max:"); dump_tsx_details(def, "Def:"); - if ( ((max->feat.raw[0].d | def->feat.raw[0].d) & - (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | - bitmaskof(X86_FEATURE_SRBDS_CTRL))) || - ((max->arch_caps.raw | def->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) + if ( max->feat.tsx_force_abort || def->feat.tsx_force_abort || + max->feat.srbds_ctrl || def->feat.srbds_ctrl || + max->arch_caps.tsx_ctrl || def->arch_caps.tsx_ctrl ) fail(" Xen-only TSX controls offered to guest\n"); switch ( rtm_behaviour ) { case RTM_UD: - if ( (max->feat.raw[0].b | def->feat.raw[0].b) & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) - fail(" HLE/RTM offered to guests despite not being available\n"); + if ( max->feat.hle || def->feat.hle || + max->feat.rtm || def->feat.rtm || + max->feat.rtm_always_abort || def->feat.rtm_always_abort ) + fail(" HLE/RTM/RTM_AA offered to guests despite not being available\n"); break; case RTM_ABORT: - if ( def->feat.raw[0].b & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) + if ( def->feat.hle || def->feat.rtm ) fail(" HLE/RTM offered to guests by default despite not being usable\n"); + if ( !def->feat.rtm_always_abort ) + fail(" RTM_AA not offered to guests by default despite being available\n"); break; case RTM_OK: @@ -340,6 +340,9 @@ static void test_guest_policies(const struct cpu_policy *max, if ( def->feat.hle ) fail(" Fail: HLE offered in default policy\n"); + + if ( def->feat.rtm && def->feat.rtm_always_abort ) + fail(" Fail: Both RTM and RTM_AA offered in default policy\n"); } static void test_def_max_policies(void) @@ -388,14 +391,13 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.hle || guest_policy.policy.feat.tsx_force_abort || - guest_policy.policy.feat.rtm_always_abort || guest_policy.policy.feat.srbds_ctrl || guest_policy.policy.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); if ( host.policy.feat.rtm ) { - unsigned int _7b0; + unsigned int _7b0, _7d0; /* * If host RTM is available, all combinations of guest flags should be @@ -403,6 +405,8 @@ static void test_guest(struct xen_domctl_createdomain *c) */ _7b0 = (guest_policy.policy.feat.raw[0].b ^= (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM))); + _7d0 = (guest_policy.policy.feat.raw[0].d ^= + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT)); /* Set the new policy. */ rc = xc_cpu_policy_set_domain(xch, domid, &guest_policy); @@ -426,10 +430,17 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.raw[0].b != _7b0 ) { - fail(" Expected CPUID.7[1].b 0x%08x differs from actual 0x%08x\n", + fail(" Expected CPUID.7[0].b 0x%08x differs from actual 0x%08x\n", _7b0, guest_policy.policy.feat.raw[0].b); goto out; } + + if ( guest_policy.policy.feat.raw[0].d != _7d0 ) + { + fail(" Expected CPUID.7[0].d 0x%08x differs from actual 0x%08x\n", + _7d0, guest_policy.policy.feat.raw[0].d); + goto out; + } } out: @@ -514,6 +525,8 @@ static void test_tsx(void) i, errno, strerror(errno)); } + dump_tsx_details(&host.policy, "Host:"); + rc = xc_physinfo(xch, &physinfo); if ( rc ) return fail("Failed to obtain physinfo: %d - %s\n", diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index 5952ff20e6..4b6d962763 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -462,6 +462,21 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) */ __set_bit(X86_FEATURE_HTT, fs); __set_bit(X86_FEATURE_CMP_LEGACY, fs); + + /* + * To mitigate Native-BHI, one option is to use a TSX Abort on capable + * systems. This is safe even if RTM has been disabled for other reasons + * via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel doesn't get to + * know this type of information. + * + * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to instead + * mean "XBEGIN won't fault". This is enough for a guest kernel to make + * an informed choice WRT mitigating Native-BHI. + * + * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT. + */ + if ( test_bit(X86_FEATURE_RTM, fs) ) + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -534,9 +549,14 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) * function as expected, but is technically compatible with the ISA. * * Do not advertise RTM to guests by default if it won't actually work. + * Instead, advertise RTM_ALWAYS_ABORT indicating that TSX Aborts are safe + * to use, e.g. for mitigating Native-BHI. */ if ( rtm_disabled ) + { __clear_bit(X86_FEATURE_RTM, fs); + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); + } } static void __init guest_common_feature_adjustments(uint32_t *fs) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 6bb1ee3b0a..53f13dec31 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -264,7 +264,7 @@ XEN_CPUFEATURE(FSRM, 9*32+ 4) /*A Fast Short REP MOVS */ XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a VP2INTERSECT{D,Q} insns */ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A VERW clears microarchitectural buffers */ -XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! June 2021 TSX defeaturing in microcode. */ +XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! RTM disabled (but XBEGIN wont fault) */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*A SERIALIZE insn */ XEN_CPUFEATURE(HYBRID, 9*32+15) /* Heterogeneous platform */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:13:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:13:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702630.1097798 (Exim 4.92) (envelope-from ) id 1ruF1t-0008PU-Pq; Tue, 09 Apr 2024 17:13:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702630.1097798; Tue, 09 Apr 2024 17:13:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1t-0008PN-NQ; Tue, 09 Apr 2024 17:13:05 +0000 Received: by outflank-mailman (input) for mailman id 702630; Tue, 09 Apr 2024 17:13:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1s-0008Oy-N0 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF1s-0005QJ-ML for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF1s-0006J5-LT for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qY0CllYULT7G8MsbYtVFW98pLREPxORQqMj7no6XXkc=; b=3J9B6EgWPVbiBoisqwJ9NI4xZn IQOQGev4OyyYEIihmRj5i2IzPFMAQsTatSVozVs4vp2CjbOGyr6QAizmGYDWBkiFqOIZULKDR9ODE visFq8Ui5VjnzWau3v//twe27778Ak/nUL8EQHtyKi3jbhMLybAx/tvqh4cWC+8H4g20=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Message-Id: Date: Tue, 09 Apr 2024 17:13:04 +0000 commit 62a1106415c5e8a49b45147ca84d54a58d471343 Author: Andrew Cooper AuthorDate: Tue Mar 26 19:01:37 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Introduce a "bhi-dis-s" boolean to match the other options we have for MSR_SPEC_CTRL values. Also introduce bhi_calculations(). Use BHI_DIS_S whenever possible. Guests which are levelled to be migration compatible with older CPUs can't see BHI_DIS_S, and Xen must fill in the difference to make the guest safe. Use the virt MSR_SPEC_CTRL infrastructure to force BHI_DIS_S behind the guest's back. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/include/asm/spec_ctrl.h | 1 + xen/arch/x86/spec_ctrl.c | 24 +++++++++++++++++++++++- 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 14cafb462a..b87e7ebc35 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2377,7 +2377,8 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). > {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, -> unpriv-mmio,gds-mit,div-scrub,lock-harden}= ]` +> unpriv-mmio,gds-mit,div-scrub,lock-harden, +> bhi-dis-s}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2458,6 +2459,11 @@ option can be used to force or prevent Xen using the feature itself. By default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by default. +On hardware supporting BHI_DIS_S (Branch History Injection Disable +Supervisor), the `bhi-dis-s=` option can be used to force or prevent Xen using +the feature itself. By default Xen will use BHI_DIS_S on hardware susceptible +to Branch History Injection. + On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` option can be used to force (the default) or prevent Xen from issuing branch prediction barriers on vcpu context switches. diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index c886331006..0935762378 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -48,6 +48,7 @@ #include #include #include +#include #include static bool __initdata opt_force_ept; @@ -842,6 +843,22 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } + if ( cpu_has_vmx_virt_spec_ctrl ) + { + /* + * If we're on BHI_DIS_S capable hardware, the short loop sequence is + * not sufficient to mitigate Native-BHI. If the VM can't see it + * (i.e. it's levelled with older hardware), force it behind the + * guests back for safey. + * + * Because there's not a real Host/Guest split of the MSR_SPEC_CTRL + * value, this only works as expected when Xen is using BHI_DIS_S too. + */ + bool force_bhi_dis_s = opt_bhi_dis_s && !cp->feat.bhi_ctrl; + + __vmwrite(SPEC_CTRL_MASK, force_bhi_dis_s ? SPEC_CTRL_BHI_DIS_S : 0); + } + /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ if ( cp->feat.ibrsb || cp->extd.ibpb ) vmx_clear_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 95dd081f30..b2d2c25842 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -77,6 +77,7 @@ static always_inline void spec_ctrl_new_guest_context(void) extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; +extern int8_t opt_bhi_dis_s; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ed52ce3cc5..a5096ab4fb 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -47,6 +47,7 @@ static int8_t __initdata opt_ibrs = -1; static int8_t __initdata opt_stibp = -1; bool __ro_after_init opt_ssbd; static int8_t __initdata opt_psfd = -1; +int8_t __ro_after_init opt_bhi_dis_s = -1; int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; int8_t __ro_after_init opt_eager_fpu = -1; @@ -269,6 +270,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ssbd = val; else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) opt_psfd = val; + else if ( (val = parse_boolean("bhi-dis-s", s, ss)) >= 0 ) + opt_bhi_dis_s = val; /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) @@ -524,7 +527,7 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : @@ -542,6 +545,8 @@ static void __init print_details(enum ind_thunk thunk) (!boot_cpu_has(X86_FEATURE_PSFD) && !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", + !boot_cpu_has(X86_FEATURE_BHI_CTRL) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_BHI_DIS_S) ? " BHI_DIS_S+" : " BHI_DIS_S-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -1596,6 +1601,21 @@ static void __init gds_calculations(void) } } +/* + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + */ +static void __init bhi_calculations(void) +{ + if ( opt_bhi_dis_s == -1 ) + opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + + if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) + opt_bhi_dis_s = false; + + if ( opt_bhi_dis_s ) + default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; +} + void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); @@ -2140,6 +2160,8 @@ void __init init_speculation_mitigations(void) gds_calculations(); + bhi_calculations(); + print_details(thunk); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:13:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:13:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702632.1097804 (Exim 4.92) (envelope-from ) id 1ruF23-0008V5-Su; Tue, 09 Apr 2024 17:13:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702632.1097804; Tue, 09 Apr 2024 17:13:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF23-0008Uv-P2; Tue, 09 Apr 2024 17:13:15 +0000 Received: by outflank-mailman (input) for mailman id 702632; Tue, 09 Apr 2024 17:13:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF22-0008Uf-QD for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF22-0005QN-PT for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF22-0006Jp-Of for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RthevqimB6ZSJXGj7jXqOeGIdccHRv7B3fbaz1f3MOo=; b=yvHvn+/tSdYjKkD64Pk5wHDdSZ tB5pFGVR6SGNjVm6Tn3RFEvga4GZVQZxyMX/Q7+9KF/XLSxg6VAJr28QsYLkuSa4arG1SMyFfrVvY 0XVV95d7VH2QMMEtSksCAB02x4ghEn/eKcZkeXzh8X0sHswhxqHpAQ+SyM4HTLICeUA4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Software BHB-clearing sequences Message-Id: Date: Tue, 09 Apr 2024 17:13:14 +0000 commit 954c983abceee97bf5f6230b9ae164f2c49a9aa9 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Software BHB-clearing sequences Implement clear_bhb_{tsx,loops}() as per the BHI guidance. The loops variant is set up as the "short" sequence. Introduce SCF_entry_bhb and extend SPEC_CTRL_ENTRY_* with a conditional call to selected clearing routine. Note that due to a limitation in the ALTERNATIVE capability, the TEST/JZ can't be included alongside a CALL in a single alternative block. This is going to require further work to untangle. The BHB sequences (if used) must be after the restoration of Xen's MSR_SPEC_CTRL value, which must be accounted for when judging whether it is safe to skip the safety LFENCEs. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- xen/arch/x86/Makefile | 1 + xen/arch/x86/bhb-thunk.S | 94 ++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/vmx/entry.S | 12 ++++ xen/arch/x86/include/asm/cpufeature.h | 3 + xen/arch/x86/include/asm/cpufeatures.h | 3 + xen/arch/x86/include/asm/spec_ctrl.h | 3 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++++ xen/arch/x86/spec_ctrl.c | 39 +++++++------ 8 files changed, 167 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 26d8740529..d902fb7acc 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -15,6 +15,7 @@ alternative-y := alternative.init.o alternative-$(CONFIG_LIVEPATCH) := obj-bin-y += $(alternative-y) obj-y += apic.o +obj-y += bhb-thunk.o obj-y += bitops.o obj-bin-y += bzimage.init.o obj-bin-y += clear_page.o diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S new file mode 100644 index 0000000000..b3f2cb3cb6 --- /dev/null +++ b/xen/arch/x86/bhb-thunk.S @@ -0,0 +1,94 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Branch History Injection clearing sequences. + * + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + * + * Copyright (c) 2023, 2024 XenServer. + */ + .file __FILE__ + +#include + + .section .text.entry, "ax", @progbits + +/* + * Clear the Branch History Buffer using a TSX Abort. + * + * Any TSX Abort has a side effect of clearing the BHB, even when TSX is + * disabled for e.g. TAA mitigation reasons. + */ +FUNC(clear_bhb_tsx) + .byte 0xc7, 0xf8; .long 1f - 0f /* xbegin 1f */ +0: .byte 0xc6, 0xf8, 0 /* xabort $0 */ + int3 +1: + ret +END(clear_bhb_tsx) + +/* + * Clear the Branch History Buffer using the software sequence. + * + * Clobbers: %eax, %ecx + * + * This executes a specific number of taken branches, sufficient to displace + * all prior entries in the history tracker, therefore removing prior + * influence on subsequent BTB lookups. + * + * Structurally, it looks like this: + * + * call 1 + * call 2 + * ... 5x jmp loop + * call 2 + * ... 5x jmp loop + * ... 5x call2's deep + * + * ret + * ret + * ret + * ret + * + * The CALL/RETs are necessary to prevent the Loop Stream Detector from + * interfering. The alignment is for performance and not safety. + * + * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire + * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + */ +FUNC(clear_bhb_loops) + mov $5, %ecx + + call 1f + jmp 5f + int3 + + .align 64 +1: call 2f + ret + int3 + + .align 64 +2: mov $5, %eax + +3: jmp 4f + int3 + +4: sub $1, %eax + jnz 3b + + sub $1, %ecx + jnz 1b + + ret +5: + /* + * The Intel sequence has an LFENCE here. The purpose is to ensure + * that all prior branches have executed, before dispatching a + * subsequent indirect branch. + * + * Xen's SPEC_CTRL_ENTRY_* blocks have safety LFENCEs at the end when + * protections are active, which suffices for this purpose. + */ + + ret +END(clear_bhb_loops) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 96b3d22080..7233e771d8 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -57,6 +57,18 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, CPUINFO_scf(%rsp) + jz .L_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 9bc553681f..743f11f989 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -235,6 +235,9 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) +#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ + boot_cpu_has(X86_SPEC_BHB_LOOPS)) + enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 6422c66b0f..bada8912e0 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -56,5 +56,8 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ #define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ +#define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ +#define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index b2d2c25842..72347ef2b9 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -24,6 +24,7 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_entry_bhb (1 << 6) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -42,7 +43,7 @@ * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb | SCF_entry_bhb) #ifndef __ASSEMBLY__ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 23b23219de..729a830411 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -273,6 +273,17 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm @@ -311,6 +322,13 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm @@ -411,6 +429,18 @@ .L\@_skip_msr_spec_ctrl: + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + lfence .endm diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a5096ab4fb..589feeee24 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2182,38 +2182,43 @@ void __init init_speculation_mitigations(void) /* * SPEC_CTRL_ENTRY_FROM_PV conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we're not using any prior conditional mitigation, - * then it's safe to drop the LFENCE. + * Otherwise, DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we do have it, or we're not using any + * prior conditional block, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); /* * SPEC_CTRL_ENTRY_FROM_INTR conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we have no protections active in the block that - * is skipped when interrupting guest context, then it's safe to drop - * the LFENCE. + * Otherwise DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we have it, or we have no protections + * active in the block that is skipped when interrupting guest + * context, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && - !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); /* * SPEC_CTRL_ENTRY_FROM_VMX conditional safety * - * Currently there are no safety actions with conditional branches, so - * no need for the extra safety LFENCE. + * A BHB sequence, if used, is the only conditional action, so if we + * don't have it, we don't need the safety LFENCE. */ - setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + if ( !cpu_has_bhb_seq ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:13:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:13:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702634.1097805 (Exim 4.92) (envelope-from ) id 1ruF2D-00006q-TM; Tue, 09 Apr 2024 17:13:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702634.1097805; Tue, 09 Apr 2024 17:13:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2D-00006j-Qb; Tue, 09 Apr 2024 17:13:25 +0000 Received: by outflank-mailman (input) for mailman id 702634; Tue, 09 Apr 2024 17:13:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2C-00006T-TD for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2C-0005QU-SV for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF2C-0006KS-Rp for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=o45lq9HON3pb+xYPzx8SDeRbg//JnY6HylREM1W5x0A=; b=24E+BEY6+S6pPkXLpR5CaUL0yN 3Q1mFEO2lNXLwOxa/LuEeo/qzvf7Ldprr37OXk2jm0nylTvDOBCd6AmnTG9O/gZrx70NSVfWq8qKf LSdENjzqVkAGF87KxYZtafXDGuzn1TfEfVdiX6EPbvjv35dT7yhWrlk1Te5WquNrbZu4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Wire up the Native-BHI software sequences Message-Id: Date: Tue, 09 Apr 2024 17:13:24 +0000 commit 689ad48ce9cf4c38297cd126e7e003a1c13a3b9d Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Wire up the Native-BHI software sequences In the absence of BHI_DIS_S, mitigating Native-BHI requires the use of a software sequence. Introduce a new bhb-seq= option to select between avaialble sequences and bhb-entry= to control the per-PV/HVM actions like we have for other blocks. Activate the short sequence by default for PV and HVM guests on affected hardware if BHI_DIS_S isn't present. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- docs/misc/xen-command-line.pandoc | 25 +++++-- xen/arch/x86/spec_ctrl.c | 145 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 157 insertions(+), 13 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index b87e7ebc35..c8b0cb091e 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2374,8 +2374,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, > bhi-dis-s}= ]` @@ -2400,10 +2401,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=` and `ibpb-entry=` options -offer fine grained control over the primitives by Xen. These impact Xen's -ability to protect itself, and/or Xen's ability to virtualise support for -guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=`, `ibpb-entry=` and `bhb-entry=` +options offer fine grained control over the primitives by Xen. These impact +Xen's ability to protect itself, and/or Xen's ability to virtualise support +for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2429,6 +2430,12 @@ guests to use. Return Stack Overflow if appropriate microcode has been loaded, but for performance reasons dom0 is unprotected by default. If it is necessary to protect dom0 too, boot with `spec-ctrl=ibpb-entry`. +* `bhb-entry=` offers control over whether BHB-clearing (Branch History + Buffer) sequences are used on entry to Xen. This is used by default on + hardware vulnerable to Branch History Injection, when the BHI_DIS_S control + is not available (see `bhi-dis-s`). The choice of scrubbing sequence can be + selected using the `bhb-seq=` option. If it is necessary to protect dom0 + too, boot with `spec-ctrl=bhb-entry`. If Xen was compiled with `CONFIG_INDIRECT_THUNK` support, `bti-thunk=` can be used to select which of the thunks gets patched into the @@ -2436,6 +2443,12 @@ used to select which of the thunks gets patched into the (generally preferred), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and `lfence` (an `lfence; jmp *%reg` gadget). +On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing +sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` +options in order to mitigate Branch History Injection on affected hardware. +The default sequence is `short`, with `tsx` as an alternative available +capable hardware that can be opted in to. + On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. If Xen is not using IBRS itself, functionality is still set up so IBRS can be diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 589feeee24..d362544f34 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -33,6 +33,16 @@ static int8_t __ro_after_init opt_ibpb_entry_pv = -1; static int8_t __ro_after_init opt_ibpb_entry_hvm = -1; static bool __ro_after_init opt_ibpb_entry_dom0; +static int8_t __ro_after_init opt_bhb_entry_pv = -1; +static int8_t __ro_after_init opt_bhb_entry_hvm = -1; +static bool __ro_after_init opt_bhb_entry_dom0; +static enum bhb_thunk { + BHB_DEFAULT, + BHB_NONE, + BHB_TSX, + BHB_SHORT, +} opt_bhb_seq __initdata; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -116,8 +126,12 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ibpb_entry_pv = 0; opt_ibpb_entry_hvm = 0; opt_ibpb_entry_dom0 = false; + opt_bhb_entry_pv = 0; + opt_bhb_entry_hvm = 0; + opt_bhb_entry_dom0 = false; opt_thunk = THUNK_JMP; + opt_bhb_seq = BHB_NONE; opt_ibrs = 0; opt_ibpb_ctxt_switch = false; opt_ssbd = false; @@ -146,6 +160,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_pv = val; opt_verw_pv = val; opt_ibpb_entry_pv = val; + opt_bhb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { @@ -153,6 +168,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_verw_hvm = val; opt_ibpb_entry_hvm = val; + opt_bhb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -240,6 +256,28 @@ static int __init cf_check parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("bhb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_bhb_entry_pv = opt_bhb_entry_hvm = + opt_bhb_entry_dom0 = val; + break; + + case -2: + s += strlen("bhb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_bhb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_bhb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -260,6 +298,19 @@ static int __init cf_check parse_spec_ctrl(const char *s) else rc = -EINVAL; } + else if ( !strncmp(s, "bhb-seq=", 8) ) + { + s += strlen("bhb-seq="); + + if ( !cmdline_strcmp(s, "none") ) + opt_bhb_seq = BHB_NONE; + else if ( !cmdline_strcmp(s, "tsx") ) + opt_bhb_seq = BHB_TSX; + else if ( !cmdline_strcmp(s, "short") ) + opt_bhb_seq = BHB_SHORT; + else + rc = -EINVAL; + } /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) @@ -527,12 +578,16 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%s%s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : thunk == THUNK_LFENCE ? "LFENCE, " : thunk == THUNK_JMP ? "JMP, " : "?, ", + opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", + opt_bhb_seq == BHB_NONE ? "" : + opt_bhb_seq == BHB_TSX ? "TSX, " : + opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -571,11 +626,11 @@ static void __init print_details(enum ind_thunk thunk) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - amd_virt_spec_ctrl || + cpu_has_bhb_seq || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -583,20 +638,23 @@ static void __init print_details(enum ind_thunk thunk) boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -1604,16 +1662,85 @@ static void __init gds_calculations(void) /* * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html */ +static bool __init cpu_has_bug_bhi(void) +{ + /* BHI is only known to affect Intel Family 6 processors at this time. */ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return false; + + if ( boot_cpu_has(X86_FEATURE_BHI_NO) ) + return false; + + if ( cpu_has_hypervisor ) + return true; /* TODO: how to figure out out if we're really eIBRS levelled out? */ + + return cpu_has_eibrs; +} + static void __init bhi_calculations(void) { + bool has_bhi = cpu_has_bug_bhi(); + + /* + * To mitigate BHI, we want to use BHI_DIS_S wherever possible, or the + * short sequence otherwise. Other forms are available on request. + * + * We are repsonsbile for performing default-conversion on opt_bhi_dis_s + * and opt_bhb_seq, irrespective of succeptibility to BHI. + */ + if ( opt_bhi_dis_s == -1 ) - opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + opt_bhi_dis_s = has_bhi; if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) opt_bhi_dis_s = false; if ( opt_bhi_dis_s ) default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; + + if ( opt_bhb_seq == BHB_DEFAULT ) + { + /* + * If we're using BHI_DIS_S, or we're not succeptable, don't activate + * the thunks. + */ + if ( !has_bhi || opt_bhi_dis_s ) + opt_bhb_seq = BHB_NONE; + else + opt_bhb_seq = BHB_SHORT; + } + + /* + * We can use the TSX even if it's disabled for e.g. TAA reasons. + * However, fall back to the loop sequence if there is no trace of RTM at + * all, as XBEGIN will #UD. + */ + if ( opt_bhb_seq == BHB_TSX && !cpu_has_rtm && !cpu_has_rtm_always_abort && + !cpu_has_tsx_force_abort ) + opt_bhb_seq = BHB_SHORT; + + /* + * Only activate SCF_entry_bhb by for guests if a sequence is in place. + */ + if ( opt_bhb_entry_pv == -1 ) + opt_bhb_entry_pv = has_bhi && opt_bhb_seq != BHB_NONE; + if ( opt_bhb_entry_hvm == -1 ) + opt_bhb_entry_hvm = has_bhi && opt_bhb_seq != BHB_NONE; + + switch ( opt_bhb_seq ) + { + case BHB_SHORT: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); + break; + + case BHB_TSX: + setup_force_cpu_cap(X86_SPEC_BHB_TSX); + break; + + default: + break; + } } void spec_ctrl_init_domain(struct domain *d) @@ -1626,9 +1753,13 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); + bool bhb = ((pv ? opt_bhb_entry_pv : opt_bhb_entry_hvm) && + (d->domain_id != 0 || opt_bhb_entry_dom0)); + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | + (bhb ? SCF_entry_bhb : 0) | 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:13:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:13:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702635.1097810 (Exim 4.92) (envelope-from ) id 1ruF2O-0000CB-0A; Tue, 09 Apr 2024 17:13:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702635.1097810; Tue, 09 Apr 2024 17:13:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2N-0000C1-Td; Tue, 09 Apr 2024 17:13:35 +0000 Received: by outflank-mailman (input) for mailman id 702635; Tue, 09 Apr 2024 17:13:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2N-0000Bh-0R for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2M-0005QY-Vv for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF2M-0006Ku-Uv for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NkGT5RCQb/xYwx9o2Mz603jhepm7GwZ844VLLrAV15Y=; b=nXciltmbUYnAsx+9gJMiXBZ/0r dmydXbwbaON8qvQz9Y3r3uwJRa8R0nBWE1dxWs2V8URWuUkl2PBTxj3BeJqW2TZutuQ8c1uHk13E6 3au/A7Cd04P0lMVI6Ur+gV/2daenxKkRe7S4DWenK1qQaqEuSXBc9E5ZP60I71o+X8HQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec-ctrl: Support the "long" BHB loop sequence Message-Id: Date: Tue, 09 Apr 2024 17:13:34 +0000 commit d5887c0decbd90e798b24ed696628645b04632fb Author: Andrew Cooper AuthorDate: Fri Mar 22 19:29:34 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Support the "long" BHB loop sequence Out of an abudnance of caution, implement the long loop too, and allowing for it to be opted in to. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- docs/misc/xen-command-line.pandoc | 4 ++-- xen/arch/x86/bhb-thunk.S | 8 ++++++-- xen/arch/x86/include/asm/cpufeatures.h | 1 + xen/arch/x86/spec_ctrl.c | 10 +++++++++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index c8b0cb091e..e760f3266e 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2375,7 +2375,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, > {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx|long, > {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, @@ -2447,7 +2447,7 @@ On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` options in order to mitigate Branch History Injection on affected hardware. The default sequence is `short`, with `tsx` as an alternative available -capable hardware that can be opted in to. +capable hardware, and `long` that can be opted in to. On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S index b3f2cb3cb6..678c00c5d0 100644 --- a/xen/arch/x86/bhb-thunk.S +++ b/xen/arch/x86/bhb-thunk.S @@ -54,9 +54,13 @@ END(clear_bhb_tsx) * * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + * + * The "long" sequence (12 and 7) is for Alder Lake / Sapphire Rapids + * (i.e. Golden Cove and/or Gracemont cores). However, such CPUs are expected + * to use BHI_DIS_S in preference. */ FUNC(clear_bhb_loops) - mov $5, %ecx + ALTERNATIVE "mov $5, %ecx", "mov $12, %ecx", X86_SPEC_BHB_LOOPS_LONG call 1f jmp 5f @@ -68,7 +72,7 @@ FUNC(clear_bhb_loops) int3 .align 64 -2: mov $5, %eax +2: ALTERNATIVE "mov $5, %eax", "mov $7, %eax", X86_SPEC_BHB_LOOPS_LONG 3: jmp 4f int3 diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index bada8912e0..ba3df174b7 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -58,6 +58,7 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ #define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ +#define X86_SPEC_BHB_LOOPS_LONG X86_BUG(21) /* Upgrade clear_bhb_loops to the "long" sequence. */ /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index d362544f34..dd01e30844 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -41,6 +41,7 @@ static enum bhb_thunk { BHB_NONE, BHB_TSX, BHB_SHORT, + BHB_LONG, } opt_bhb_seq __initdata; /* Cmdline controls for Xen's speculative settings. */ @@ -308,6 +309,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_bhb_seq = BHB_TSX; else if ( !cmdline_strcmp(s, "short") ) opt_bhb_seq = BHB_SHORT; + else if ( !cmdline_strcmp(s, "long") ) + opt_bhb_seq = BHB_LONG; else rc = -EINVAL; } @@ -587,7 +590,8 @@ static void __init print_details(enum ind_thunk thunk) opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", opt_bhb_seq == BHB_NONE ? "" : opt_bhb_seq == BHB_TSX ? "TSX, " : - opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", + opt_bhb_seq == BHB_SHORT ? "SHORT, " : + opt_bhb_seq == BHB_LONG ? "LONG, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -1730,6 +1734,10 @@ static void __init bhi_calculations(void) switch ( opt_bhb_seq ) { + case BHB_LONG: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS_LONG); + fallthrough; + case BHB_SHORT: setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); break; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:13:47 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:13:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702636.1097813 (Exim 4.92) (envelope-from ) id 1ruF2Z-0000Gm-1d; Tue, 09 Apr 2024 17:13:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702636.1097813; Tue, 09 Apr 2024 17:13:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2Y-0000Ge-V8; Tue, 09 Apr 2024 17:13:46 +0000 Received: by outflank-mailman (input) for mailman id 702636; Tue, 09 Apr 2024 17:13:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2X-0000G7-NQ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2X-0005Qv-Mj for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF2X-0006QB-Lz for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IYummHxfBr24W4+1luKNOFpBEHq7IvVxS5aWrXGsS+Y=; b=wKpe8nR8Dg4v7qE2Gw0+ocMdLQ TS0lWPLAksUL5LQLO/CSC6UMzNwQJfBKiXoSpVpm39l6QraN/03KyzEeqQCRF18rfGXFJtezzQeRY S/WN/VAytg+CvLa/C2YDD94Eg1tAR82auL3qAJGO+DodUuKb9zc83leR8diwp+V95aoI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Fix BTC/SRSO mitigations Message-Id: Date: Tue, 09 Apr 2024 17:13:45 +0000 commit 6d4055b9a5d1d800d7f0e5584b9a0213bf25cd8b Author: Andrew Cooper AuthorDate: Tue Mar 26 22:47:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Fix BTC/SRSO mitigations We were looking for SCF_entry_ibpb in the wrong variable in the top-of-stack block, and xen_spec_ctrl won't have had bit 5 set because Xen doesn't understand SPEC_CTRL_RRSBA_DIS_U yet. This is XSA-455 / CVE-2024-31142. Fixes: 53a570b28569 ("x86/spec-ctrl: Support IBPB-on-entry") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index c52528fed4..5f31d71698 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 13acebc75d..3c9aa56301 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -90,7 +90,7 @@ jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) .endif jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:13:57 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:13:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702637.1097818 (Exim 4.92) (envelope-from ) id 1ruF2j-0000Kq-2v; Tue, 09 Apr 2024 17:13:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702637.1097818; Tue, 09 Apr 2024 17:13:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2j-0000Ki-0K; Tue, 09 Apr 2024 17:13:57 +0000 Received: by outflank-mailman (input) for mailman id 702637; Tue, 09 Apr 2024 17:13:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2h-0000KF-QD for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2h-0005R4-PO for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF2h-0006Qn-On for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:13:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7g25moeBuNEVFGMZ1rZnROuQYwuf3k5hcnVzrC6i2TU=; b=ExpVkQ+nY8egoGX9sZu+y24Wbj AFkjJhQ4zLUWAOhZzF1DwU7vIdR4q6Q3lkHtZX3N11oNkjnoej4DOlmbAiE4nwo07edu87SbTUZba vm4gzHc+GNXvx6KuPYrcAAfBxr641ISV3j6r2pmxYZDZVamJdRTHtJxWV+Kh7ruHDC34=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/APIC: finish genapic conversion to altcall Message-Id: Date: Tue, 09 Apr 2024 17:13:55 +0000 commit 6b8ee350885c20673585953719210d415ee96a4a Author: Jan Beulich AuthorDate: Wed Jan 17 10:41:52 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/APIC: finish genapic conversion to altcall While .probe() doesn't need fiddling with for being run only very early, init_apic_ldr() wants converting too despite not being on a frequently executed path: This way all pre-filled struct genapic instances can become __initconst_cf_clobber, thus allowing to eliminate 15 more ENDBR during the 2nd phase of alternatives patching. While fiddling with section annotations here, also move "genapic" itself to .data.ro_after_init. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit b1cc53753cba4c3253f2e1093a3a6a9a828314bf) --- xen/arch/x86/genapic/bigsmp.c | 2 +- xen/arch/x86/genapic/default.c | 2 +- xen/arch/x86/genapic/probe.c | 2 +- xen/arch/x86/genapic/x2apic.c | 6 +++--- xen/arch/x86/include/asm/mach-generic/mach_apic.h | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/genapic/bigsmp.c b/xen/arch/x86/genapic/bigsmp.c index 2000383ab0..7219ec53b0 100644 --- a/xen/arch/x86/genapic/bigsmp.c +++ b/xen/arch/x86/genapic/bigsmp.c @@ -41,7 +41,7 @@ static int __init cf_check probe_bigsmp(void) return def_to_bigsmp; } -const struct genapic __initconstrel apic_bigsmp = { +const struct genapic __initconst_cf_clobber apic_bigsmp = { APIC_INIT("bigsmp", probe_bigsmp), GENAPIC_PHYS }; diff --git a/xen/arch/x86/genapic/default.c b/xen/arch/x86/genapic/default.c index 2c63c1f917..a968836a18 100644 --- a/xen/arch/x86/genapic/default.c +++ b/xen/arch/x86/genapic/default.c @@ -14,7 +14,7 @@ #include /* should be called last. */ -const struct genapic __initconstrel apic_default = { +const struct genapic __initconst_cf_clobber apic_default = { APIC_INIT("default", NULL), GENAPIC_FLAT }; diff --git a/xen/arch/x86/genapic/probe.c b/xen/arch/x86/genapic/probe.c index ad57912f50..10ceeae4d2 100644 --- a/xen/arch/x86/genapic/probe.c +++ b/xen/arch/x86/genapic/probe.c @@ -16,7 +16,7 @@ #include #include -struct genapic __read_mostly genapic; +struct genapic __ro_after_init genapic; static const struct genapic *const __initconstrel apic_probe[] = { &apic_bigsmp, diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c index b88c7a96fe..371dd100c7 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c @@ -158,7 +158,7 @@ static void cf_check send_IPI_mask_x2apic_cluster( local_irq_restore(flags); } -static const struct genapic __initconstrel apic_x2apic_phys = { +static const struct genapic __initconst_cf_clobber apic_x2apic_phys = { APIC_INIT("x2apic_phys", NULL), .int_delivery_mode = dest_Fixed, .int_dest_mode = 0 /* physical delivery */, @@ -169,7 +169,7 @@ static const struct genapic __initconstrel apic_x2apic_phys = { .send_IPI_self = send_IPI_self_x2apic }; -static const struct genapic __initconstrel apic_x2apic_cluster = { +static const struct genapic __initconst_cf_clobber apic_x2apic_cluster = { APIC_INIT("x2apic_cluster", NULL), .int_delivery_mode = dest_LowestPrio, .int_dest_mode = 1 /* logical delivery */, @@ -187,7 +187,7 @@ static const struct genapic __initconstrel apic_x2apic_cluster = { * IPIs to be more efficiently delivered by not having to perform an ICR write * for each target CPU. */ -static const struct genapic __initconstrel apic_x2apic_mixed = { +static const struct genapic __initconst_cf_clobber apic_x2apic_mixed = { APIC_INIT("x2apic_mixed", NULL), /* diff --git a/xen/arch/x86/include/asm/mach-generic/mach_apic.h b/xen/arch/x86/include/asm/mach-generic/mach_apic.h index cf8b31b6e0..c0d8b232c9 100644 --- a/xen/arch/x86/include/asm/mach-generic/mach_apic.h +++ b/xen/arch/x86/include/asm/mach-generic/mach_apic.h @@ -10,7 +10,7 @@ #define INT_DELIVERY_MODE (genapic.int_delivery_mode) #define INT_DEST_MODE (genapic.int_dest_mode) #define TARGET_CPUS ((const typeof(cpu_online_map) *)&cpu_online_map) -#define init_apic_ldr (genapic.init_apic_ldr) +#define init_apic_ldr() alternative_vcall(genapic.init_apic_ldr) #define cpu_mask_to_apicid(mask) ({ \ /* \ * There are a number of places where the address of a local variable \ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:14:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:14:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702638.1097822 (Exim 4.92) (envelope-from ) id 1ruF2t-0000OC-4j; Tue, 09 Apr 2024 17:14:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702638.1097822; Tue, 09 Apr 2024 17:14:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2t-0000O3-1m; Tue, 09 Apr 2024 17:14:07 +0000 Received: by outflank-mailman (input) for mailman id 702638; Tue, 09 Apr 2024 17:14:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2r-0000Nm-TM for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF2r-0005RP-SY for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF2r-0006Rr-Rd for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DdC35ArIiLa5Ud4sH70xBIGR5wqUsKcOJtkmCFEq5Jk=; b=pTqrsj/kTqfb7L/WNSr+0x4geO I9WN5mHobzPujI84Xxu8GR7SBGSYriqyIIcfD7seoHb9ukyfLlhDb5hT/+w5E3+BdaJYxJ1/h1CcP PFEDEi6Pw37sFk0MW8HqIlVMSskZCnj/JwXe6crD9VCQ+h7oncn8V95W/k57ejpt3PPU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] cpufreq: finish conversion to altcall Message-Id: Date: Tue, 09 Apr 2024 17:14:05 +0000 commit a44c2c9f89e53e6691b42217fb34d985b28f3cf0 Author: Jan Beulich AuthorDate: Wed Jan 17 10:42:27 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 cpufreq: finish conversion to altcall Even functions used on infrequently executed paths want converting: This way all pre-filled struct cpufreq_driver instances can become __initconst_cf_clobber, thus allowing to eliminate another 15 ENDBR during the 2nd phase of alternatives patching. For acpi-cpufreq's optionally populated .get hook make sure alternatives patching can actually see the pointer. See also the code comment. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit 467ae515caee491e9b6ae1da8b9b98d094955822) --- xen/arch/x86/acpi/cpufreq/cpufreq.c | 17 ++++++++++++++++- xen/arch/x86/acpi/cpufreq/hwp.c | 4 ++-- xen/arch/x86/acpi/cpufreq/powernow.c | 3 ++- xen/drivers/acpi/pmstat.c | 3 ++- xen/drivers/cpufreq/cpufreq.c | 6 +++--- xen/drivers/cpufreq/utility.c | 6 +++--- 6 files changed, 28 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/acpi/cpufreq/cpufreq.c b/xen/arch/x86/acpi/cpufreq/cpufreq.c index 61b62c370a..2b6ef99678 100644 --- a/xen/arch/x86/acpi/cpufreq/cpufreq.c +++ b/xen/arch/x86/acpi/cpufreq/cpufreq.c @@ -625,12 +625,14 @@ static int cf_check acpi_cpufreq_cpu_exit(struct cpufreq_policy *policy) return 0; } -static const struct cpufreq_driver __initconstrel acpi_cpufreq_driver = { +static const struct cpufreq_driver __initconst_cf_clobber +acpi_cpufreq_driver = { .name = "acpi-cpufreq", .verify = acpi_cpufreq_verify, .target = acpi_cpufreq_target, .init = acpi_cpufreq_cpu_init, .exit = acpi_cpufreq_cpu_exit, + .get = get_cur_freq_on_cpu, }; static int __init cf_check cpufreq_driver_init(void) @@ -675,6 +677,19 @@ static int __init cf_check cpufreq_driver_init(void) } presmp_initcall(cpufreq_driver_init); +static int __init cf_check cpufreq_driver_late_init(void) +{ + /* + * While acpi_cpufreq_driver wants to unconditionally have all hooks + * populated for __initconst_cf_clobber to have as much of an effect as + * possible, zap the .get hook here (but not in cpufreq_driver_init()), + * until acpi_cpufreq_cpu_init() knows whether it's wanted / needed. + */ + cpufreq_driver.get = NULL; + return 0; +} +__initcall(cpufreq_driver_late_init); + int cpufreq_cpu_init(unsigned int cpuid) { int ret; diff --git a/xen/arch/x86/acpi/cpufreq/hwp.c b/xen/arch/x86/acpi/cpufreq/hwp.c index 620149243d..e61212803e 100644 --- a/xen/arch/x86/acpi/cpufreq/hwp.c +++ b/xen/arch/x86/acpi/cpufreq/hwp.c @@ -513,8 +513,8 @@ static int cf_check hwp_cpufreq_update(int cpuid, struct cpufreq_policy *policy) return per_cpu(hwp_drv_data, cpuid)->ret; } -static const struct cpufreq_driver __initconstrel hwp_cpufreq_driver = -{ +static const struct cpufreq_driver __initconst_cf_clobber +hwp_cpufreq_driver = { .name = XEN_HWP_DRIVER_NAME, .verify = hwp_cpufreq_verify, .target = hwp_cpufreq_target, diff --git a/xen/arch/x86/acpi/cpufreq/powernow.c b/xen/arch/x86/acpi/cpufreq/powernow.c index 8e0784b69c..8a27ee82a5 100644 --- a/xen/arch/x86/acpi/cpufreq/powernow.c +++ b/xen/arch/x86/acpi/cpufreq/powernow.c @@ -317,7 +317,8 @@ static int cf_check powernow_cpufreq_cpu_exit(struct cpufreq_policy *policy) return 0; } -static const struct cpufreq_driver __initconstrel powernow_cpufreq_driver = { +static const struct cpufreq_driver __initconst_cf_clobber +powernow_cpufreq_driver = { .name = "powernow", .verify = powernow_cpufreq_verify, .target = powernow_cpufreq_target, diff --git a/xen/drivers/acpi/pmstat.c b/xen/drivers/acpi/pmstat.c index 85097d463c..803971bdb0 100644 --- a/xen/drivers/acpi/pmstat.c +++ b/xen/drivers/acpi/pmstat.c @@ -240,7 +240,8 @@ static int get_cpufreq_para(struct xen_sysctl_pm_op *op) return ret; op->u.get_para.cpuinfo_cur_freq = - cpufreq_driver.get ? cpufreq_driver.get(op->cpuid) : policy->cur; + cpufreq_driver.get ? alternative_call(cpufreq_driver.get, op->cpuid) + : policy->cur; op->u.get_para.cpuinfo_max_freq = policy->cpuinfo.max_freq; op->u.get_para.cpuinfo_min_freq = policy->cpuinfo.min_freq; op->u.get_para.turbo_enabled = cpufreq_get_turbo_status(op->cpuid); diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c index 6e5c400849..ce9468a60b 100644 --- a/xen/drivers/cpufreq/cpufreq.c +++ b/xen/drivers/cpufreq/cpufreq.c @@ -278,7 +278,7 @@ int cpufreq_add_cpu(unsigned int cpu) policy->cpu = cpu; per_cpu(cpufreq_cpu_policy, cpu) = policy; - ret = cpufreq_driver.init(policy); + ret = alternative_call(cpufreq_driver.init, policy); if (ret) { free_cpumask_var(policy->cpus); xfree(policy); @@ -337,7 +337,7 @@ err1: cpumask_clear_cpu(cpu, cpufreq_dom->map); if (cpumask_empty(policy->cpus)) { - cpufreq_driver.exit(policy); + alternative_call(cpufreq_driver.exit, policy); free_cpumask_var(policy->cpus); xfree(policy); } @@ -401,7 +401,7 @@ int cpufreq_del_cpu(unsigned int cpu) cpumask_clear_cpu(cpu, cpufreq_dom->map); if (cpumask_empty(policy->cpus)) { - cpufreq_driver.exit(policy); + alternative_call(cpufreq_driver.exit, policy); free_cpumask_var(policy->cpus); xfree(policy); } diff --git a/xen/drivers/cpufreq/utility.c b/xen/drivers/cpufreq/utility.c index 6831f62851..dbf8985969 100644 --- a/xen/drivers/cpufreq/utility.c +++ b/xen/drivers/cpufreq/utility.c @@ -413,7 +413,7 @@ int cpufreq_update_turbo(int cpuid, int new_state) policy->turbo = new_state; if (cpufreq_driver.update) { - ret = cpufreq_driver.update(cpuid, policy); + ret = alternative_call(cpufreq_driver.update, cpuid, policy); if (ret) policy->turbo = curr_state; } @@ -449,7 +449,7 @@ int __cpufreq_set_policy(struct cpufreq_policy *data, return -EINVAL; /* verify the cpu speed can be set within this limit */ - ret = cpufreq_driver.verify(policy); + ret = alternative_call(cpufreq_driver.verify, policy); if (ret) return ret; @@ -457,7 +457,7 @@ int __cpufreq_set_policy(struct cpufreq_policy *data, data->max = policy->max; data->limits = policy->limits; if (cpufreq_driver.setpolicy) - return cpufreq_driver.setpolicy(data); + return alternative_call(cpufreq_driver.setpolicy, data); if (policy->governor != data->governor) { /* save old, working values */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:14:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:14:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702639.1097826 (Exim 4.92) (envelope-from ) id 1ruF33-0000R7-6B; Tue, 09 Apr 2024 17:14:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702639.1097826; Tue, 09 Apr 2024 17:14:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF33-0000Qz-3F; Tue, 09 Apr 2024 17:14:17 +0000 Received: by outflank-mailman (input) for mailman id 702639; Tue, 09 Apr 2024 17:14:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF32-0000Qm-04 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF31-0005RY-Vf for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF31-0006SV-Uq for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2pPSfGXpKXhV4lx9KltKhPzgSgu9qEDegtrNMKaDRqM=; b=ZlxdimJ3gGAyTtsUxi0m6RiJsh 9eDXyF9utjlflzizOtUBjPwuve1+8pVQZWjbDC04YY2r+qqEkFihkfdkOIMNyJnbkoX5mOZ4atmbX ZlrWjupL4fWT3CJmnSGRbVhowQGrobeA151nwNXc4S3LUi9o7F+TlysC7onQ07iFOFYY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/HPET: avoid an indirect call Message-Id: Date: Tue, 09 Apr 2024 17:14:15 +0000 commit ba951c5f29fb95f4688fbc52c78aafba6a7cfc4f Author: Jan Beulich AuthorDate: Wed Jan 17 10:43:02 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/HPET: avoid an indirect call When this code was written, indirect branches still weren't considered much of a problem (besides being a little slower). Instead of a function pointer, pass a boolean to _disable_pit_irq(), thus allowing to eliminate two ENDBR (one of them in .text). Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 730d2637a8e5b98dc8e4e366179b4cedc496b3ad) --- xen/arch/x86/hpet.c | 4 ++-- xen/arch/x86/include/asm/hpet.h | 4 ++-- xen/arch/x86/time.c | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 79c07f6a9e..317ef63fb5 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -563,7 +563,7 @@ static void cf_check handle_rtc_once(uint8_t index, uint8_t value) } } -void __init cf_check hpet_broadcast_init(void) +void __init hpet_broadcast_init(void) { u64 hpet_rate = hpet_setup(); u32 hpet_id, cfg; @@ -634,7 +634,7 @@ void __init cf_check hpet_broadcast_init(void) hpet_events->flags = HPET_EVT_LEGACY; } -void cf_check hpet_broadcast_resume(void) +void hpet_broadcast_resume(void) { u32 cfg; unsigned int i, n; diff --git a/xen/arch/x86/include/asm/hpet.h b/xen/arch/x86/include/asm/hpet.h index 9919f74730..f343fe4740 100644 --- a/xen/arch/x86/include/asm/hpet.h +++ b/xen/arch/x86/include/asm/hpet.h @@ -89,8 +89,8 @@ void hpet_disable_legacy_replacement_mode(void); * Temporarily use an HPET event counter for timer interrupt handling, * rather than using the LAPIC timer. Used for Cx state entry. */ -void cf_check hpet_broadcast_init(void); -void cf_check hpet_broadcast_resume(void); +void hpet_broadcast_init(void); +void hpet_broadcast_resume(void); void cf_check hpet_broadcast_enter(void); void cf_check hpet_broadcast_exit(void); int hpet_broadcast_is_available(void); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 6d33edd0ad..34ddb9633f 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -2427,7 +2427,7 @@ void __init early_time_init(void) } /* keep pit enabled for pit_broadcast working while cpuidle enabled */ -static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) +static int _disable_pit_irq(bool init) { int ret = 1; @@ -2442,13 +2442,13 @@ static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) */ if ( cpuidle_using_deep_cstate() && !boot_cpu_has(X86_FEATURE_ARAT) ) { - hpet_broadcast_setup(); + init ? hpet_broadcast_init() : hpet_broadcast_resume(); if ( !hpet_broadcast_is_available() ) { if ( xen_cpuidle > 0 ) { - printk("%ps() failed, turning to PIT broadcast\n", - hpet_broadcast_setup); + printk("hpet_broadcast_%s() failed, turning to PIT broadcast\n", + init ? "init" : "resume"); return -1; } ret = 0; @@ -2465,7 +2465,7 @@ static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) static int __init cf_check disable_pit_irq(void) { - if ( !_disable_pit_irq(hpet_broadcast_init) ) + if ( !_disable_pit_irq(true) ) { xen_cpuidle = 0; printk("CPUIDLE: disabled due to no HPET. " @@ -2526,7 +2526,7 @@ int time_resume(void) resume_platform_timer(); - if ( !_disable_pit_irq(hpet_broadcast_resume) ) + if ( !_disable_pit_irq(false) ) BUG(); init_percpu_time(); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:14:27 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:14:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702640.1097830 (Exim 4.92) (envelope-from ) id 1ruF3D-0000V0-9E; Tue, 09 Apr 2024 17:14:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702640.1097830; Tue, 09 Apr 2024 17:14:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3D-0000Ur-67; Tue, 09 Apr 2024 17:14:27 +0000 Received: by outflank-mailman (input) for mailman id 702640; Tue, 09 Apr 2024 17:14:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3C-0000Uc-2x for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3C-0005Rp-2F for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF3C-0006Sw-1Z for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6d3oyVLLZruZP2ZFPiafNno6vzvxaY/xIxITCV+xsSc=; b=Ud5M63601/j5NXaui/GVGTj5+W DM8qDqUcsLBpM1IzoU8U7E4zht/dKIQ/kiJCkQqgvaYd8uo8UTtU4Y4pDM65LYxnq4N2vcjaWnF+G nyQBdVkNXJanYF2ws/MTQQ8Jr9dh20PkaNj0VZ+mqdGEpe7zmFlk8vNd5eTsLIDw0nns=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] core-parking: use alternative_call() Message-Id: Date: Tue, 09 Apr 2024 17:14:26 +0000 commit 5c5d4eeee4d36686fca0d807d816173339294189 Author: Jan Beulich AuthorDate: Mon Jan 22 13:38:24 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 core-parking: use alternative_call() This way we can arrange for core_parking_{performance,power}()'s ENDBR to also be zapped. For the decision to be taken before the 2nd alternative patching pass, the initcall needs to become a pre-SMP one, though. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 1bc07ebcac3b1bb2a378732bc0f9a19940e76faf) --- xen/common/core_parking.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index c4f01291c0..a970ffeab8 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -30,10 +30,11 @@ static DEFINE_SPINLOCK(accounting_lock); static uint32_t cur_idle_nums; static unsigned int core_parking_cpunum[NR_CPUS] = {[0 ... NR_CPUS-1] = -1}; -static const struct cp_policy { +struct cp_policy { char name[30]; unsigned int (*next)(unsigned int event); -} *__read_mostly core_parking_policy; +}; +static struct cp_policy __ro_after_init core_parking_policy; static enum core_parking_controller { POWER_FIRST, @@ -175,12 +176,13 @@ long cf_check core_parking_helper(void *data) unsigned int cpu; int ret = 0; - if ( !core_parking_policy ) + if ( !core_parking_policy.next ) return -EINVAL; while ( cur_idle_nums < idle_nums ) { - cpu = core_parking_policy->next(CORE_PARKING_INCREMENT); + cpu = alternative_call(core_parking_policy.next, + CORE_PARKING_INCREMENT); ret = cpu_down(cpu); if ( ret ) return ret; @@ -193,7 +195,8 @@ long cf_check core_parking_helper(void *data) while ( cur_idle_nums > idle_nums ) { - cpu = core_parking_policy->next(CORE_PARKING_DECREMENT); + cpu = alternative_call(core_parking_policy.next, + CORE_PARKING_DECREMENT); ret = cpu_up(cpu); if ( ret ) return ret; @@ -239,12 +242,12 @@ uint32_t get_cur_idle_nums(void) return cur_idle_nums; } -static const struct cp_policy power_first = { +static const struct cp_policy __initconst_cf_clobber power_first = { .name = "power", .next = core_parking_power, }; -static const struct cp_policy performance_first = { +static const struct cp_policy __initconst_cf_clobber performance_first = { .name = "performance", .next = core_parking_performance, }; @@ -254,7 +257,7 @@ static int __init register_core_parking_policy(const struct cp_policy *policy) if ( !policy || !policy->next ) return -EINVAL; - core_parking_policy = policy; + core_parking_policy = *policy; return 0; } @@ -269,4 +272,4 @@ static int __init cf_check core_parking_init(void) return ret; } -__initcall(core_parking_init); +presmp_initcall(core_parking_init); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:14:37 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:14:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702644.1097834 (Exim 4.92) (envelope-from ) id 1ruF3N-0000az-AZ; Tue, 09 Apr 2024 17:14:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702644.1097834; Tue, 09 Apr 2024 17:14:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3N-0000as-7i; Tue, 09 Apr 2024 17:14:37 +0000 Received: by outflank-mailman (input) for mailman id 702644; Tue, 09 Apr 2024 17:14:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3M-0000ae-5z for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3M-0005TU-5F for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF3M-0006TV-4U for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HfARQg7scUo7Cj6aiGGo9TxDVN3x0eIl1y8uPoGl6Ts=; b=MhHtzYgsBB5LajkDmiUpkV6c/N NBQ5IswTWnzyhqnQFfYYtFWU3quQqDJw4glBeUArzrCTWRer/k6RCEDuaoEMunTUgX/CeDde7XA9C EIoqdL3a95Hpc6ciesdsPpuL8ntW00Yc/aKoI7CB0iVzTAWWXmIcTlh/qIJHUVEgn9jE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/MTRR: avoid several indirect calls Message-Id: Date: Tue, 09 Apr 2024 17:14:36 +0000 commit a2922d8097ecd8a778c871d5477c22620282bc03 Author: Jan Beulich AuthorDate: Mon Jan 22 13:39:23 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/MTRR: avoid several indirect calls The use of (supposedly) vendor-specific hooks is a relic from the days when Xen was still possible to build as 32-bit binary. There's no expectation that a new need for such an abstraction would arise. Convert mttr_if to a mere boolean and all prior calls through it to direct ones, thus allowing to eliminate 6 ENDBR from .text. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit e9e0eb30d4d6565b411499ca826718b4b9acab68) --- xen/arch/x86/cpu/mtrr/generic.c | 26 +++++---------- xen/arch/x86/cpu/mtrr/main.c | 66 ++++++++++++++------------------------- xen/arch/x86/cpu/mtrr/mtrr.h | 37 ++++++---------------- xen/arch/x86/platform_hypercall.c | 2 +- 4 files changed, 40 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generic.c index 660ae26c23..5e2d06980b 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -287,7 +287,7 @@ static void set_fixed_range(int msr, bool *changed, unsigned int *msrwords) } } -int cf_check generic_get_free_region( +int mtrr_get_free_region( unsigned long base, unsigned long size, int replace_reg) /* [SUMMARY] Get a free MTRR. The starting (base) address of the region. @@ -303,14 +303,14 @@ int cf_check generic_get_free_region( if (replace_reg >= 0 && replace_reg < max) return replace_reg; for (i = 0; i < max; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (lsize == 0) return i; } return -ENOSPC; } -static void cf_check generic_get_mtrr( +void mtrr_get( unsigned int reg, unsigned long *base, unsigned long *size, mtrr_type *type) { uint64_t _mask, _base; @@ -500,7 +500,7 @@ static void post_set(bool pge) spin_unlock(&set_atomicity_lock); } -static void cf_check generic_set_all(void) +void mtrr_set_all(void) { unsigned long mask, count; unsigned long flags; @@ -523,7 +523,7 @@ static void cf_check generic_set_all(void) } } -static void cf_check generic_set_mtrr( +void mtrr_set( unsigned int reg, unsigned long base, unsigned long size, mtrr_type type) /* [SUMMARY] Set variable MTRR register on the local CPU. The register to set. @@ -567,7 +567,7 @@ static void cf_check generic_set_mtrr( local_irq_restore(flags); } -int cf_check generic_validate_add_page( +int mtrr_validate_add_page( unsigned long base, unsigned long size, unsigned int type) { unsigned long lbase, last; @@ -586,21 +586,9 @@ int cf_check generic_validate_add_page( } -static int cf_check generic_have_wrcomb(void) +bool mtrr_have_wrcomb(void) { unsigned long config; rdmsrl(MSR_MTRRcap, config); return (config & (1ULL << 10)); } - -/* generic structure... - */ -const struct mtrr_ops generic_mtrr_ops = { - .use_intel_if = true, - .set_all = generic_set_all, - .get = generic_get_mtrr, - .get_free_region = generic_get_free_region, - .set = generic_set_mtrr, - .validate_add_page = generic_validate_add_page, - .have_wrcomb = generic_have_wrcomb, -}; diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index 2946003b84..55a4da54a7 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -57,7 +57,7 @@ static DEFINE_MUTEX(mtrr_mutex); u64 __read_mostly size_or_mask; u64 __read_mostly size_and_mask; -const struct mtrr_ops *__read_mostly mtrr_if = NULL; +static bool __ro_after_init mtrr_if; static void set_mtrr(unsigned int reg, unsigned long base, unsigned long size, mtrr_type type); @@ -78,23 +78,12 @@ static const char *mtrr_attrib_to_str(int x) return (x <= 6) ? mtrr_strings[x] : "?"; } -/* Returns non-zero if we have the write-combining memory type */ -static int have_wrcomb(void) -{ - return (mtrr_if->have_wrcomb ? mtrr_if->have_wrcomb() : 0); -} - /* This function returns the number of variable MTRRs */ static void __init set_num_var_ranges(void) { - unsigned long config = 0; - - if (use_intel()) { - rdmsrl(MSR_MTRRcap, config); - } else if (is_cpu(AMD)) - config = 2; - else if (is_cpu(CENTAUR)) - config = 8; + unsigned long config; + + rdmsrl(MSR_MTRRcap, config); num_var_ranges = MASK_EXTR(config, MTRRcap_VCNT); } @@ -149,10 +138,10 @@ static void cf_check ipi_handler(void *info) if (data->smp_reg == ~0U) /* update all mtrr registers */ /* At the cpu hot-add time this will reinitialize mtrr * registres on the existing cpus. It is ok. */ - mtrr_if->set_all(); + mtrr_set_all(); else /* single mtrr register update */ - mtrr_if->set(data->smp_reg, data->smp_base, - data->smp_size, data->smp_type); + mtrr_set(data->smp_reg, data->smp_base, + data->smp_size, data->smp_type); atomic_dec(&data->count); while(atomic_read(&data->gate)) @@ -198,10 +187,9 @@ static inline int types_compatible(mtrr_type type1, mtrr_type type2) { * of CPUs. As each CPU disables interrupts, it'll decrement it once. We wait * until it hits 0 and proceed. We set the data.gate flag and reset data.count. * Meanwhile, they are waiting for that flag to be set. Once it's set, each - * CPU goes through the transition of updating MTRRs. The CPU vendors may each do it - * differently, so we call mtrr_if->set() callback and let them take care of it. - * When they're done, they again decrement data->count and wait for data.gate to - * be reset. + * CPU goes through the transition of updating MTRRs. + * When mtrr_set() is done, they again decrement data->count and wait for + * data.gate to be reset. * When we finish, we wait for data.count to hit 0 and toggle the data.gate flag. * Everyone then enables interrupts and we all continue on. * @@ -251,9 +239,9 @@ static void set_mtrr(unsigned int reg, unsigned long base, if (reg == ~0U) /* update all mtrr registers */ /* at boot or resume time, this will reinitialize the mtrrs on * the bp. It is ok. */ - mtrr_if->set_all(); + mtrr_set_all(); else /* update the single mtrr register */ - mtrr_if->set(reg,base,size,type); + mtrr_set(reg, base, size, type); /* wait for the others */ while (atomic_read(&data.count)) @@ -319,7 +307,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, if (!mtrr_if) return -ENXIO; - if ((error = mtrr_if->validate_add_page(base,size,type))) + if ((error = mtrr_validate_add_page(base, size, type))) return error; if (type >= MTRR_NUM_TYPES) { @@ -328,7 +316,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, } /* If the type is WC, check that this processor supports it */ - if ((type == X86_MT_WC) && !have_wrcomb()) { + if ((type == X86_MT_WC) && mtrr_have_wrcomb()) { printk(KERN_WARNING "mtrr: your processor doesn't support write-combining\n"); return -EOPNOTSUPP; @@ -350,7 +338,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, /* Search for existing MTRR */ mutex_lock(&mtrr_mutex); for (i = 0; i < num_var_ranges; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (!lsize || base > lbase + lsize - 1 || base + size - 1 < lbase) continue; /* At this point we know there is some kind of overlap/enclosure */ @@ -385,7 +373,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, goto out; } /* Search for an empty MTRR */ - i = mtrr_if->get_free_region(base, size, replace); + i = mtrr_get_free_region(base, size, replace); if (i >= 0) { set_mtrr(i, base, size, type); if (likely(replace < 0)) @@ -494,7 +482,7 @@ int mtrr_del_page(int reg, unsigned long base, unsigned long size) if (reg < 0) { /* Search for existing MTRR */ for (i = 0; i < max; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (lbase == base && lsize == size) { reg = i; break; @@ -510,7 +498,7 @@ int mtrr_del_page(int reg, unsigned long base, unsigned long size) printk(KERN_WARNING "mtrr: register: %d too big\n", reg); goto out; } - mtrr_if->get(reg, &lbase, &lsize, <ype); + mtrr_get(reg, &lbase, &lsize, <ype); if (lsize < 1) { printk(KERN_WARNING "mtrr: MTRR %d not used\n", reg); goto out; @@ -568,7 +556,7 @@ struct mtrr_value { void __init mtrr_bp_init(void) { if (cpu_has_mtrr) { - mtrr_if = &generic_mtrr_ops; + mtrr_if = true; size_or_mask = ~((1ULL << (paddr_bits - PAGE_SHIFT)) - 1); size_and_mask = ~size_or_mask & 0xfffff00000ULL; } @@ -576,14 +564,13 @@ void __init mtrr_bp_init(void) if (mtrr_if) { set_num_var_ranges(); init_table(); - if (use_intel()) - get_mtrr_state(); + get_mtrr_state(); } } void mtrr_ap_init(void) { - if (!mtrr_if || !use_intel() || hold_mtrr_updates_on_aps) + if (!mtrr_if || hold_mtrr_updates_on_aps) return; /* * Ideally we should hold mtrr_mutex here to avoid mtrr entries changed, @@ -612,32 +599,25 @@ void mtrr_save_state(void) void mtrr_aps_sync_begin(void) { - if (!use_intel()) - return; hold_mtrr_updates_on_aps = 1; } void mtrr_aps_sync_end(void) { - if (!use_intel()) - return; set_mtrr(~0U, 0, 0, 0); hold_mtrr_updates_on_aps = 0; } void mtrr_bp_restore(void) { - if (!use_intel()) - return; - mtrr_if->set_all(); + mtrr_set_all(); } static int __init cf_check mtrr_init_finialize(void) { if (!mtrr_if) return 0; - if (use_intel()) - mtrr_state_warn(); + mtrr_state_warn(); return 0; } __initcall(mtrr_init_finialize); diff --git a/xen/arch/x86/cpu/mtrr/mtrr.h b/xen/arch/x86/cpu/mtrr/mtrr.h index c7fd44daab..a9741e0cb0 100644 --- a/xen/arch/x86/cpu/mtrr/mtrr.h +++ b/xen/arch/x86/cpu/mtrr/mtrr.h @@ -6,40 +6,21 @@ #define MTRR_CHANGE_MASK_VARIABLE 0x02 #define MTRR_CHANGE_MASK_DEFTYPE 0x04 - -struct mtrr_ops { - u32 vendor; - bool use_intel_if; -// void (*init)(void); - void (*set)(unsigned int reg, unsigned long base, - unsigned long size, mtrr_type type); - void (*set_all)(void); - - void (*get)(unsigned int reg, unsigned long *base, - unsigned long *size, mtrr_type * type); - int (*get_free_region)(unsigned long base, unsigned long size, - int replace_reg); - int (*validate_add_page)(unsigned long base, unsigned long size, - unsigned int type); - int (*have_wrcomb)(void); -}; - -int cf_check generic_get_free_region( +void mtrr_get( + unsigned int reg, unsigned long *base, unsigned long *size, + mtrr_type *type); +void mtrr_set( + unsigned int reg, unsigned long base, unsigned long size, mtrr_type type); +void mtrr_set_all(void); +int mtrr_get_free_region( unsigned long base, unsigned long size, int replace_reg); -int cf_check generic_validate_add_page( +int mtrr_validate_add_page( unsigned long base, unsigned long size, unsigned int type); - -extern const struct mtrr_ops generic_mtrr_ops; +bool mtrr_have_wrcomb(void); void get_mtrr_state(void); -extern void set_mtrr_ops(const struct mtrr_ops *); - extern u64 size_or_mask, size_and_mask; -extern const struct mtrr_ops *mtrr_if; - -#define is_cpu(vnd) (mtrr_if && mtrr_if->vendor == X86_VENDOR_##vnd) -#define use_intel() (mtrr_if && mtrr_if->use_intel_if) extern unsigned int num_var_ranges; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 9469de9045..f2fcd8afaf 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -299,7 +299,7 @@ ret_t do_platform_op( ret = -EINVAL; if ( op->u.read_memtype.reg < num_var_ranges ) { - mtrr_if->get(op->u.read_memtype.reg, &mfn, &nr_mfns, &type); + mtrr_get(op->u.read_memtype.reg, &mfn, &nr_mfns, &type); op->u.read_memtype.mfn = mfn; op->u.read_memtype.nr_mfns = nr_mfns; op->u.read_memtype.type = type; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:14:48 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:14:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702645.1097838 (Exim 4.92) (envelope-from ) id 1ruF3Y-0000e0-C0; Tue, 09 Apr 2024 17:14:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702645.1097838; Tue, 09 Apr 2024 17:14:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3Y-0000ds-9Q; Tue, 09 Apr 2024 17:14:48 +0000 Received: by outflank-mailman (input) for mailman id 702645; Tue, 09 Apr 2024 17:14:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3W-0000dZ-94 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3W-0005Tu-8L for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF3W-0006UR-7b for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=k/TsXd/Aio3TyEPma+tHCYJbctzhykKfc1fai6pH7s8=; b=qV8nQAiLv3yCS9PeuAG0PUIW/1 aU9nlSW209i0JvgvOTrETI8ewwqIqvaNuTvOBFHuLPYPsfm+zYPvbBfWrVc6ntpKrOQhoGr5uRvWf jZyyYhbrd0KiWNQTvnOSOcdvPLWAU3XJLg/fcR//Umlo9oO8VBmdVHUQvvBFPnQa4eVE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/PV: avoid indirect call for I/O emulation quirk hook Message-Id: Date: Tue, 09 Apr 2024 17:14:46 +0000 commit b06cf0701adf9ebc7ca00c386f11b798c8416715 Author: Jan Beulich AuthorDate: Mon Jan 22 13:40:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/PV: avoid indirect call for I/O emulation quirk hook This way ioemul_handle_proliant_quirk() won't need ENDBR anymore. While touching this code, also - arrange for it to not be built at all when !PV, - add "const" to the last function parameter and bring the definition in sync with the declaration (for Misra). Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 1212af3e8c4d3a1350046d4fe0ca3b97b51e67de) --- xen/arch/x86/Makefile | 2 +- xen/arch/x86/include/asm/io.h | 10 +++++++--- xen/arch/x86/ioport_emulate.c | 9 ++++----- xen/arch/x86/pv/emul-priv-op.c | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index f3abdf9cd1..9f326b9e32 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -45,7 +45,7 @@ obj-$(CONFIG_LIVEPATCH) += alternative.o livepatch.o obj-y += msi.o obj-y += msr.o obj-$(CONFIG_INDIRECT_THUNK) += indirect-thunk.o -obj-y += ioport_emulate.o +obj-$(CONFIG_PV) += ioport_emulate.o obj-y += irq.o obj-$(CONFIG_KEXEC) += machine_kexec.o obj-y += mm.o x86_64/mm.o diff --git a/xen/arch/x86/include/asm/io.h b/xen/arch/x86/include/asm/io.h index 8c8a15bd06..9b19d2d389 100644 --- a/xen/arch/x86/include/asm/io.h +++ b/xen/arch/x86/include/asm/io.h @@ -47,10 +47,14 @@ __OUT(b,"b",char) __OUT(w,"w",short) __OUT(l,,int) -/* Function pointer used to handle platform specific I/O port emulation. */ +/* + * Boolean indicator and function used to handle platform specific I/O port + * emulation. + */ #define IOEMUL_QUIRK_STUB_BYTES 9 +extern bool ioemul_handle_quirk; struct cpu_user_regs; -extern unsigned int (*ioemul_handle_quirk)( - uint8_t opcode, char *io_emul_stub, struct cpu_user_regs *regs); +unsigned int ioemul_handle_proliant_quirk( + uint8_t opcode, char *io_emul_stub, const struct cpu_user_regs *regs); #endif diff --git a/xen/arch/x86/ioport_emulate.c b/xen/arch/x86/ioport_emulate.c index 6caeb3d470..0c1e389bc8 100644 --- a/xen/arch/x86/ioport_emulate.c +++ b/xen/arch/x86/ioport_emulate.c @@ -8,11 +8,10 @@ #include #include -unsigned int (*__read_mostly ioemul_handle_quirk)( - uint8_t opcode, char *io_emul_stub, struct cpu_user_regs *regs); +bool __ro_after_init ioemul_handle_quirk; -static unsigned int cf_check ioemul_handle_proliant_quirk( - u8 opcode, char *io_emul_stub, struct cpu_user_regs *regs) +unsigned int ioemul_handle_proliant_quirk( + uint8_t opcode, char *io_emul_stub, const struct cpu_user_regs *regs) { static const char stub[] = { 0x9c, /* pushf */ @@ -103,7 +102,7 @@ static const struct dmi_system_id __initconstrel ioport_quirks_tbl[] = { static int __init cf_check ioport_quirks_init(void) { if ( dmi_check_system(ioport_quirks_tbl) ) - ioemul_handle_quirk = ioemul_handle_proliant_quirk; + ioemul_handle_quirk = true; return 0; } diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 0d9f84f458..f101510a1b 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -112,7 +112,7 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, /* Some platforms might need to quirk the stub for specific inputs. */ if ( unlikely(ioemul_handle_quirk) ) { - quirk_bytes = ioemul_handle_quirk(opcode, p, ctxt->ctxt.regs); + quirk_bytes = ioemul_handle_proliant_quirk(opcode, p, ctxt->ctxt.regs); p += quirk_bytes; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:14:58 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:14:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702646.1097842 (Exim 4.92) (envelope-from ) id 1ruF3i-0000n2-Dw; Tue, 09 Apr 2024 17:14:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702646.1097842; Tue, 09 Apr 2024 17:14:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3i-0000mu-At; Tue, 09 Apr 2024 17:14:58 +0000 Received: by outflank-mailman (input) for mailman id 702646; Tue, 09 Apr 2024 17:14:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3g-0000me-C3 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3g-0005U1-BN for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF3g-0006Us-Ah for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:14:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tGV70K5buiFHtr4GGjJ2ajlCsmYTZime5hlDgsHcBAw=; b=lpqkugQozhLrco4K07wD6brFhk tIo34sX1cAi8ig7gua7yvvA4lFc5TZRlkBcqdno/vP7rcwnNOyRetJzwE7VTcbioPDX7Wquk571xv qo0m+ZiR73635tRHsfHezmnkd1asLEOkvu9/LuNBMQj/VdB0nqGMKVBBcKAQkGjorqhM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/MCE: separate BSP-only initialization Message-Id: Date: Tue, 09 Apr 2024 17:14:56 +0000 commit 9fdbcd84d333c5aabef75e88c8e381a3c2661e48 Author: Jan Beulich AuthorDate: Mon Jan 22 13:40:32 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/MCE: separate BSP-only initialization Several function pointers are registered over and over again, when setting them once on the BSP suffices. Arrange for this in the vendor init functions and mark involved registration functions __init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 9f58616ddb1cc1870399de2202fafc7bf0d61694) --- xen/arch/x86/cpu/mcheck/mcaction.c | 2 +- xen/arch/x86/cpu/mcheck/mce.c | 15 ++++++--------- xen/arch/x86/cpu/mcheck/mce.h | 2 +- xen/arch/x86/cpu/mcheck/mce_amd.c | 20 +++++++++++++------- xen/arch/x86/cpu/mcheck/mce_intel.c | 10 +++++++--- 5 files changed, 28 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mcaction.c b/xen/arch/x86/cpu/mcheck/mcaction.c index f4f265c1bc..695fb61d7d 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.c +++ b/xen/arch/x86/cpu/mcheck/mcaction.c @@ -29,7 +29,7 @@ mci_action_add_pageoffline(int bank, struct mc_info *mi, mce_check_addr_t mc_check_addr = NULL; -void mce_register_addrcheck(mce_check_addr_t cbfunc) +void __init mce_register_addrcheck(mce_check_addr_t cbfunc) { mc_check_addr = cbfunc; } diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 6141b7eb9c..57044f7804 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -84,7 +84,7 @@ static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs) static x86_mce_vector_t _machine_check_vector = unexpected_machine_check; -void x86_mce_vector_register(x86_mce_vector_t hdlr) +void __init x86_mce_vector_register(x86_mce_vector_t hdlr) { _machine_check_vector = hdlr; } @@ -107,7 +107,7 @@ void do_machine_check(const struct cpu_user_regs *regs) */ static x86_mce_callback_t mc_callback_bank_extended = NULL; -void x86_mce_callback_register(x86_mce_callback_t cbfunc) +void __init x86_mce_callback_register(x86_mce_callback_t cbfunc) { mc_callback_bank_extended = cbfunc; } @@ -118,7 +118,7 @@ void x86_mce_callback_register(x86_mce_callback_t cbfunc) */ static mce_recoverable_t mc_recoverable_scan = NULL; -void mce_recoverable_register(mce_recoverable_t cbfunc) +void __init mce_recoverable_register(mce_recoverable_t cbfunc) { mc_recoverable_scan = cbfunc; } @@ -181,7 +181,7 @@ static void mcabank_clear(int banknum) */ static mce_need_clearbank_t mc_need_clearbank_scan = NULL; -void mce_need_clearbank_register(mce_need_clearbank_t cbfunc) +void __init mce_need_clearbank_register(mce_need_clearbank_t cbfunc) { mc_need_clearbank_scan = cbfunc; } @@ -798,7 +798,7 @@ void mcheck_init(struct cpuinfo_x86 *c, bool bsp) { case X86_VENDOR_AMD: case X86_VENDOR_HYGON: - inited = amd_mcheck_init(c); + inited = amd_mcheck_init(c, bsp); break; case X86_VENDOR_INTEL: @@ -1912,11 +1912,8 @@ static void cf_check mce_softirq(void) * will help to collect and log those MCE errors. * Round2: Do all MCE processing logic as normal. */ -void mce_handler_init(void) +void __init mce_handler_init(void) { - if ( smp_processor_id() != 0 ) - return; - /* callback register, do we really need so many callback? */ /* mce handler data initialization */ spin_lock_init(&mce_logout_lock); diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index b6fc9c3617..f2f70a0bb8 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -43,7 +43,7 @@ extern uint8_t cmci_apic_vector; extern bool lmce_support; /* Init functions */ -enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *c); +enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp); enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp); void amd_nonfatal_mcheck_init(struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c b/xen/arch/x86/cpu/mcheck/mce_amd.c index 72f3feeaee..c8891de84d 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.c +++ b/xen/arch/x86/cpu/mcheck/mce_amd.c @@ -272,7 +272,7 @@ int vmce_amd_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) } enum mcheck_type -amd_mcheck_init(const struct cpuinfo_x86 *c) +amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp) { uint32_t i; enum mcequirk_amd_flags quirkflag = 0; @@ -282,9 +282,12 @@ amd_mcheck_init(const struct cpuinfo_x86 *c) /* Assume that machine check support is available. * The minimum provided support is at least the K8. */ - mce_handler_init(); - x86_mce_vector_register(mcheck_cmn_handler); - mce_need_clearbank_register(amd_need_clearbank_scan); + if ( bsp ) + { + mce_handler_init(); + x86_mce_vector_register(mcheck_cmn_handler); + mce_need_clearbank_register(amd_need_clearbank_scan); + } for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -324,9 +327,12 @@ amd_mcheck_init(const struct cpuinfo_x86 *c) ppin_msr = MSR_AMD_PPIN; } - x86_mce_callback_register(amd_f10_handler); - mce_recoverable_register(mc_amd_recoverable_scan); - mce_register_addrcheck(mc_amd_addrcheck); + if ( bsp ) + { + x86_mce_callback_register(amd_f10_handler); + mce_recoverable_register(mc_amd_recoverable_scan); + mce_register_addrcheck(mc_amd_addrcheck); + } return c->x86_vendor == X86_VENDOR_HYGON ? mcheck_hygon : mcheck_amd_famXX; diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index 4045c6591d..84619aadd3 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -820,7 +820,7 @@ static void intel_mce_post_reset(void) return; } -static void intel_init_mce(void) +static void intel_init_mce(bool bsp) { uint64_t msr_content; int i; @@ -846,6 +846,9 @@ static void intel_init_mce(void) if ( firstbank ) /* if cmci enabled, firstbank = 0 */ wrmsrl(MSR_IA32_MC0_STATUS, 0x0ULL); + if ( !bsp ) + return; + x86_mce_vector_register(mcheck_cmn_handler); mce_recoverable_register(intel_recoverable_scan); mce_need_clearbank_register(intel_need_clearbank_scan); @@ -985,9 +988,10 @@ enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp) intel_init_mca(c); - mce_handler_init(); + if ( bsp ) + mce_handler_init(); - intel_init_mce(); + intel_init_mce(bsp); intel_init_cmci(c); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:15:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:15:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702647.1097845 (Exim 4.92) (envelope-from ) id 1ruF3s-0000zW-HL; Tue, 09 Apr 2024 17:15:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702647.1097845; Tue, 09 Apr 2024 17:15:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3s-0000zP-Eu; Tue, 09 Apr 2024 17:15:08 +0000 Received: by outflank-mailman (input) for mailman id 702647; Tue, 09 Apr 2024 17:15:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3q-0000zB-Et for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF3q-0005Ud-EE for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF3q-0006Va-Dc for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=extgI+l3sZQIfJhL3gPnY39GlfLAQirpqvU7PFS2lZU=; b=lDtBLPeu21KkIKGFS2jC2kjlRI P2Oie2FH8IPcroxtDe079dVRhFGNw6PZAcCPbiFlZRjWE2Dl4j+/y5TxrrX39ZDTZik4yYoO4z66J p92cvg3oFbYP9zc3BJJAZM8cSpd424C/j1Quu0YGNJPfW1UofxGmRf4UQXOwQuTSWDTs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/MCE: switch some callback invocations to altcall Message-Id: Date: Tue, 09 Apr 2024 17:15:06 +0000 commit f7bd03b6080b1601730fd702a449399aa8e6942c Author: Jan Beulich AuthorDate: Mon Jan 22 13:41:07 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/MCE: switch some callback invocations to altcall While not performance critical, these hook invocations still would better be converted: This way all pre-filled (and newly introduced) struct mce_callback instances can become __initconst_cf_clobber, thus allowing to eliminate another 9 ENDBR during the 2nd phase of alternatives patching. While this means registering callbacks a little earlier, doing so is perhaps even advantageous, for having pointers be non-NULL earlier on. Only one set of callbacks would only ever be registered anyway, and neither of the respective initialization function can (subsequently) fail. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 85ba4d050f9f3c4286164f21660ae88435b7e83c) --- xen/arch/x86/cpu/mcheck/mcaction.c | 10 ++---- xen/arch/x86/cpu/mcheck/mcaction.h | 5 --- xen/arch/x86/cpu/mcheck/mce.c | 71 ++++++++++-------------------------- xen/arch/x86/cpu/mcheck/mce.h | 72 +++++++++++++++++++------------------ xen/arch/x86/cpu/mcheck/mce_amd.c | 26 +++++++------- xen/arch/x86/cpu/mcheck/mce_intel.c | 14 ++++---- 6 files changed, 80 insertions(+), 118 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mcaction.c b/xen/arch/x86/cpu/mcheck/mcaction.c index 695fb61d7d..bf7a0de965 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.c +++ b/xen/arch/x86/cpu/mcheck/mcaction.c @@ -27,13 +27,6 @@ mci_action_add_pageoffline(int bank, struct mc_info *mi, return rec; } -mce_check_addr_t mc_check_addr = NULL; - -void __init mce_register_addrcheck(mce_check_addr_t cbfunc) -{ - mc_check_addr = cbfunc; -} - void mc_memerr_dhandler(struct mca_binfo *binfo, enum mce_result *result, @@ -48,7 +41,8 @@ mc_memerr_dhandler(struct mca_binfo *binfo, int vmce_vcpuid; unsigned int mc_vcpuid; - if ( !mc_check_addr(bank->mc_status, bank->mc_misc, MC_ADDR_PHYSICAL) ) + if ( !alternative_call(mce_callbacks.check_addr, bank->mc_status, + bank->mc_misc, MC_ADDR_PHYSICAL) ) { dprintk(XENLOG_WARNING, "No physical address provided for memory error\n"); diff --git a/xen/arch/x86/cpu/mcheck/mcaction.h b/xen/arch/x86/cpu/mcheck/mcaction.h index 5cbe558fb0..6c79498cd2 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.h +++ b/xen/arch/x86/cpu/mcheck/mcaction.h @@ -12,9 +12,4 @@ mc_memerr_dhandler(struct mca_binfo *binfo, #define MC_ADDR_PHYSICAL 0 #define MC_ADDR_VIRTUAL 1 -typedef bool (*mce_check_addr_t)(uint64_t status, uint64_t misc, int addr_type); -extern void mce_register_addrcheck(mce_check_addr_t); - -extern mce_check_addr_t mc_check_addr; - #endif diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 57044f7804..b07eb95dc2 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -82,47 +82,21 @@ static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs) fatal_trap(regs, 1); } -static x86_mce_vector_t _machine_check_vector = unexpected_machine_check; - -void __init x86_mce_vector_register(x86_mce_vector_t hdlr) -{ - _machine_check_vector = hdlr; -} +struct mce_callbacks __ro_after_init mce_callbacks = { + .handler = unexpected_machine_check, +}; +static const typeof(mce_callbacks.handler) __initconst_cf_clobber __used + default_handler = unexpected_machine_check; /* Call the installed machine check handler for this CPU setup. */ void do_machine_check(const struct cpu_user_regs *regs) { mce_enter(); - _machine_check_vector(regs); + alternative_vcall(mce_callbacks.handler, regs); mce_exit(); } -/* - * Init machine check callback handler - * It is used to collect additional information provided by newer - * CPU families/models without the need to duplicate the whole handler. - * This avoids having many handlers doing almost nearly the same and each - * with its own tweaks ands bugs. - */ -static x86_mce_callback_t mc_callback_bank_extended = NULL; - -void __init x86_mce_callback_register(x86_mce_callback_t cbfunc) -{ - mc_callback_bank_extended = cbfunc; -} - -/* - * Machine check recoverable judgement callback handler - * It is used to judge whether an UC error is recoverable by software - */ -static mce_recoverable_t mc_recoverable_scan = NULL; - -void __init mce_recoverable_register(mce_recoverable_t cbfunc) -{ - mc_recoverable_scan = cbfunc; -} - struct mca_banks *mcabanks_alloc(unsigned int nr) { struct mca_banks *mb; @@ -173,19 +147,6 @@ static void mcabank_clear(int banknum) mca_wrmsr(MSR_IA32_MCx_STATUS(banknum), 0x0ULL); } -/* - * Judging whether to Clear Machine Check error bank callback handler - * According to Intel latest MCA OS Recovery Writer's Guide, - * whether the error MCA bank needs to be cleared is decided by the mca_source - * and MCi_status bit value. - */ -static mce_need_clearbank_t mc_need_clearbank_scan = NULL; - -void __init mce_need_clearbank_register(mce_need_clearbank_t cbfunc) -{ - mc_need_clearbank_scan = cbfunc; -} - /* * mce_logout_lock should only be used in the trap handler, * while MCIP has not been cleared yet in the global status @@ -226,7 +187,8 @@ static void mca_init_bank(enum mca_source who, struct mc_info *mi, int bank) if ( (mib->mc_status & MCi_STATUS_MISCV) && (mib->mc_status & MCi_STATUS_ADDRV) && - (mc_check_addr(mib->mc_status, mib->mc_misc, MC_ADDR_PHYSICAL)) && + alternative_call(mce_callbacks.check_addr, mib->mc_status, + mib->mc_misc, MC_ADDR_PHYSICAL) && (who == MCA_POLLER || who == MCA_CMCI_HANDLER) && (mfn_valid(_mfn(paddr_to_pfn(mib->mc_addr)))) ) { @@ -326,7 +288,7 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, * If no mc_recovery_scan callback handler registered, * this error is not recoverable */ - recover = mc_recoverable_scan ? 1 : 0; + recover = mce_callbacks.recoverable_scan; for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -343,8 +305,9 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, * decide whether to clear bank by MCi_STATUS bit value such as * OVER/UC/EN/PCC/S/AR */ - if ( mc_need_clearbank_scan ) - need_clear = mc_need_clearbank_scan(who, status); + if ( mce_callbacks.need_clearbank_scan ) + need_clear = alternative_call(mce_callbacks.need_clearbank_scan, + who, status); /* * If this is the first bank with valid MCA DATA, then @@ -380,12 +343,12 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, if ( recover && uc ) /* uc = true, recover = true, we need not panic. */ - recover = mc_recoverable_scan(status); + recover = alternative_call(mce_callbacks.recoverable_scan, status); mca_init_bank(who, mci, i); - if ( mc_callback_bank_extended ) - mc_callback_bank_extended(mci, i, status); + if ( mce_callbacks.info_collect ) + alternative_vcall(mce_callbacks.info_collect, mci, i, status); /* By default, need_clear = true */ if ( who != MCA_MCE_SCAN && need_clear ) @@ -1912,9 +1875,11 @@ static void cf_check mce_softirq(void) * will help to collect and log those MCE errors. * Round2: Do all MCE processing logic as normal. */ -void __init mce_handler_init(void) +void __init mce_handler_init(const struct mce_callbacks *cb) { /* callback register, do we really need so many callback? */ + mce_callbacks = *cb; + /* mce handler data initialization */ spin_lock_init(&mce_logout_lock); open_softirq(MACHINE_CHECK_SOFTIRQ, mce_softirq); diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index f2f70a0bb8..7f26afae23 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -63,20 +63,12 @@ void x86_mc_get_cpu_info(unsigned cpu, uint32_t *chipid, uint16_t *coreid, unsigned *ncores, unsigned *ncores_active, unsigned *nthreads); -/* Register a handler for machine check exceptions. */ -typedef void (*x86_mce_vector_t)(const struct cpu_user_regs *regs); -extern void x86_mce_vector_register(x86_mce_vector_t hdlr); - /* * Common generic MCE handler that implementations may nominate * via x86_mce_vector_register. */ void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs); -/* Register a handler for judging whether mce is recoverable. */ -typedef bool (*mce_recoverable_t)(uint64_t status); -extern void mce_recoverable_register(mce_recoverable_t cbfunc); - /* Read an MSR, checking for an interposed value first */ extern struct intpose_ent *intpose_lookup(unsigned int cpu_nr, uint64_t msr, uint64_t *valp); @@ -137,30 +129,6 @@ extern mctelem_cookie_t mcheck_mca_logout(enum mca_source who, struct mca_summary *sp, struct mca_banks *clear_bank); -/* - * Register callbacks to be made during bank telemetry logout. - * Those callbacks are only available to those machine check handlers - * that call to the common mcheck_cmn_handler or who use the common - * telemetry logout function mcheck_mca_logout in error polling. - */ - -/* Register a handler for judging whether the bank need to be cleared */ -typedef bool (*mce_need_clearbank_t)(enum mca_source who, u64 status); -extern void mce_need_clearbank_register(mce_need_clearbank_t cbfunc); - -/* - * Register a callback to collect additional information (typically non- - * architectural) provided by newer CPU families/models without the need - * to duplicate the whole handler resulting in various handlers each with - * its own tweaks and bugs. The callback receives an struct mc_info pointer - * which it can use with x86_mcinfo_reserve to add additional telemetry, - * the current MCA bank number we are reading telemetry from, and the - * MCi_STATUS value for that bank. - */ -typedef struct mcinfo_extended *(*x86_mce_callback_t) - (struct mc_info *, uint16_t, uint64_t); -extern void x86_mce_callback_register(x86_mce_callback_t cbfunc); - void *x86_mcinfo_reserve(struct mc_info *mi, unsigned int size, unsigned int type); void x86_mcinfo_dump(struct mc_info *mi); @@ -201,8 +169,44 @@ static inline int mce_bank_msr(const struct vcpu *v, uint32_t msr) return 0; } -/* MC softirq */ -void mce_handler_init(void); +struct mce_callbacks { + void (*handler)(const struct cpu_user_regs *regs); + bool (*check_addr)(uint64_t status, uint64_t misc, int addr_type); + + /* Handler for judging whether mce is recoverable. */ + bool (*recoverable_scan)(uint64_t status); + + /* + * Callbacks to be made during bank telemetry logout. + * They are only available to those machine check handlers + * that call to the common mcheck_cmn_handler or who use the common + * telemetry logout function mcheck_mca_logout in error polling. + */ + + /* + * Judging whether to Clear Machine Check error bank callback handler. + * According to Intel latest MCA OS Recovery Writer's Guide, whether + * the error MCA bank needs to be cleared is decided by the mca_source + * and MCi_status bit value. + */ + bool (*need_clearbank_scan)(enum mca_source who, u64 status); + + /* + * Callback to collect additional information (typically non- + * architectural) provided by newer CPU families/models without the need + * to duplicate the whole handler resulting in various handlers each with + * its own tweaks and bugs. The callback receives an struct mc_info pointer + * which it can use with x86_mcinfo_reserve to add additional telemetry, + * the current MCA bank number we are reading telemetry from, and the + * MCi_STATUS value for that bank. + */ + struct mcinfo_extended *(*info_collect) + (struct mc_info *mi, uint16_t bank, uint64_t status); +}; + +extern struct mce_callbacks mce_callbacks; + +void mce_handler_init(const struct mce_callbacks *cb); extern const struct mca_error_handler *mce_dhandlers; extern const struct mca_error_handler *mce_uhandlers; diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c b/xen/arch/x86/cpu/mcheck/mce_amd.c index c8891de84d..3318b8204f 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.c +++ b/xen/arch/x86/cpu/mcheck/mce_amd.c @@ -271,6 +271,19 @@ int vmce_amd_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) return 1; } +static const struct mce_callbacks __initconst_cf_clobber k8_callbacks = { + .handler = mcheck_cmn_handler, + .need_clearbank_scan = amd_need_clearbank_scan, +}; + +static const struct mce_callbacks __initconst_cf_clobber k10_callbacks = { + .handler = mcheck_cmn_handler, + .check_addr = mc_amd_addrcheck, + .recoverable_scan = mc_amd_recoverable_scan, + .need_clearbank_scan = amd_need_clearbank_scan, + .info_collect = amd_f10_handler, +}; + enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp) { @@ -283,11 +296,7 @@ amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp) /* Assume that machine check support is available. * The minimum provided support is at least the K8. */ if ( bsp ) - { - mce_handler_init(); - x86_mce_vector_register(mcheck_cmn_handler); - mce_need_clearbank_register(amd_need_clearbank_scan); - } + mce_handler_init(c->x86 == 0xf ? &k8_callbacks : &k10_callbacks); for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -327,13 +336,6 @@ amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp) ppin_msr = MSR_AMD_PPIN; } - if ( bsp ) - { - x86_mce_callback_register(amd_f10_handler); - mce_recoverable_register(mc_amd_recoverable_scan); - mce_register_addrcheck(mc_amd_addrcheck); - } - return c->x86_vendor == X86_VENDOR_HYGON ? mcheck_hygon : mcheck_amd_famXX; } diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index 84619aadd3..a99f9cce9d 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -849,11 +849,6 @@ static void intel_init_mce(bool bsp) if ( !bsp ) return; - x86_mce_vector_register(mcheck_cmn_handler); - mce_recoverable_register(intel_recoverable_scan); - mce_need_clearbank_register(intel_need_clearbank_scan); - mce_register_addrcheck(intel_checkaddr); - mce_dhandlers = intel_mce_dhandlers; mce_dhandler_num = ARRAY_SIZE(intel_mce_dhandlers); mce_uhandlers = intel_mce_uhandlers; @@ -963,6 +958,13 @@ static int cf_check cpu_callback( return notifier_from_errno(rc); } +static const struct mce_callbacks __initconst_cf_clobber intel_callbacks = { + .handler = mcheck_cmn_handler, + .check_addr = intel_checkaddr, + .recoverable_scan = intel_recoverable_scan, + .need_clearbank_scan = intel_need_clearbank_scan, +}; + static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; @@ -989,7 +991,7 @@ enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp) intel_init_mca(c); if ( bsp ) - mce_handler_init(); + mce_handler_init(&intel_callbacks); intel_init_mce(bsp); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:15:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:15:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702649.1097849 (Exim 4.92) (envelope-from ) id 1ruF41-00013w-Iy; Tue, 09 Apr 2024 17:15:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702649.1097849; Tue, 09 Apr 2024 17:15:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF41-00013p-GR; Tue, 09 Apr 2024 17:15:17 +0000 Received: by outflank-mailman (input) for mailman id 702649; Tue, 09 Apr 2024 17:15:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF40-00013e-Hx for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF40-0005Uk-HD for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF40-0006W8-GZ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y0AoijvdhnSjaTtjDLrAGydkFpTr3pqg42OfzihfmYA=; b=YGvCiXaYC9tue7lNm9D2i/Z8wg vF4hdZyEljb7GqBYDKdREFiFnyE6CnKQgrq2RVeX689EtdixOxYIafrY/K1uoNnCvDc0ZzcayA0KI SR7FLJGLAIOHA9vIuN4lJZdtcU02p2nrWZs8PZHBOTveBJq3ny/gzNkDBm24yhEqThoo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] IRQ: generalize [gs]et_irq_regs() Message-Id: Date: Tue, 09 Apr 2024 17:15:16 +0000 commit 1fe30f552a1e7e5fb71afa8078ea5b075f8a390f Author: Jan Beulich AuthorDate: Tue Jan 23 12:03:23 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 IRQ: generalize [gs]et_irq_regs() Move functions (and their data) to common code, and invoke the functions on Arm as well. This is in preparation of dropping the register parameters from handler functions. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Julien Grall (cherry picked from commit f67bddf3bccd99a5fee968c3b3f288db6a57d3be) --- xen/arch/arm/irq.c | 2 ++ xen/arch/x86/include/asm/irq.h | 21 --------------------- xen/arch/x86/irq.c | 2 -- xen/common/irq.c | 2 ++ xen/include/xen/irq.h | 21 +++++++++++++++++++++ 5 files changed, 25 insertions(+), 23 deletions(-) diff --git a/xen/arch/arm/irq.c b/xen/arch/arm/irq.c index 1f05ecdee5..ae69fb4aeb 100644 --- a/xen/arch/arm/irq.c +++ b/xen/arch/arm/irq.c @@ -221,6 +221,7 @@ void do_IRQ(struct cpu_user_regs *regs, unsigned int irq, int is_fiq) { struct irq_desc *desc = irq_to_desc(irq); struct irqaction *action; + struct cpu_user_regs *old_regs = set_irq_regs(regs); perfc_incr(irqs); @@ -288,6 +289,7 @@ out: out_no_end: spin_unlock(&desc->lock); irq_exit(); + set_irq_regs(old_regs); } void release_irq(unsigned int irq, const void *dev_id) diff --git a/xen/arch/x86/include/asm/irq.h b/xen/arch/x86/include/asm/irq.h index 465ab39bb0..d7fb8ec7e8 100644 --- a/xen/arch/x86/include/asm/irq.h +++ b/xen/arch/x86/include/asm/irq.h @@ -70,27 +70,6 @@ extern bool opt_noirqbalance; extern int opt_irq_vector_map; -/* - * Per-cpu current frame pointer - the location of the last exception frame on - * the stack - */ -DECLARE_PER_CPU(struct cpu_user_regs *, __irq_regs); - -static inline struct cpu_user_regs *get_irq_regs(void) -{ - return this_cpu(__irq_regs); -} - -static inline struct cpu_user_regs *set_irq_regs(struct cpu_user_regs *new_regs) -{ - struct cpu_user_regs *old_regs, **pp_regs = &this_cpu(__irq_regs); - - old_regs = *pp_regs; - *pp_regs = new_regs; - return old_regs; -} - - #define platform_legacy_irq(irq) ((irq) < 16) void cf_check event_check_interrupt(struct cpu_user_regs *regs); diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 16d9fceba1..e07006391a 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -53,8 +53,6 @@ static DEFINE_SPINLOCK(vector_lock); DEFINE_PER_CPU(vector_irq_t, vector_irq); -DEFINE_PER_CPU(struct cpu_user_regs *, __irq_regs); - static LIST_HEAD(irq_ratelimit_list); static DEFINE_SPINLOCK(irq_ratelimit_lock); static struct timer irq_ratelimit_timer; diff --git a/xen/common/irq.c b/xen/common/irq.c index 727cf8bd22..236cf171e2 100644 --- a/xen/common/irq.c +++ b/xen/common/irq.c @@ -1,6 +1,8 @@ #include #include +DEFINE_PER_CPU(struct cpu_user_regs *, irq_regs); + int init_one_irq_desc(struct irq_desc *desc) { int err; diff --git a/xen/include/xen/irq.h b/xen/include/xen/irq.h index 58d462e8e6..65083135e1 100644 --- a/xen/include/xen/irq.h +++ b/xen/include/xen/irq.h @@ -131,6 +131,27 @@ void cf_check irq_actor_none(struct irq_desc *desc); #define irq_disable_none irq_actor_none #define irq_enable_none irq_actor_none +/* + * Per-cpu interrupted context register state - the inner-most interrupt frame + * on the stack. + */ +DECLARE_PER_CPU(struct cpu_user_regs *, irq_regs); + +static inline struct cpu_user_regs *get_irq_regs(void) +{ + return this_cpu(irq_regs); +} + +static inline struct cpu_user_regs *set_irq_regs(struct cpu_user_regs *new_regs) +{ + struct cpu_user_regs *old_regs, **pp_regs = &this_cpu(irq_regs); + + old_regs = *pp_regs; + *pp_regs = new_regs; + + return old_regs; +} + struct domain; struct vcpu; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:15:27 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:15:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702650.1097854 (Exim 4.92) (envelope-from ) id 1ruF4B-00017H-L0; Tue, 09 Apr 2024 17:15:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702650.1097854; Tue, 09 Apr 2024 17:15:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4B-000179-I3; Tue, 09 Apr 2024 17:15:27 +0000 Received: by outflank-mailman (input) for mailman id 702650; Tue, 09 Apr 2024 17:15:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4A-00016p-L5 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4A-0005V1-KC for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF4A-0006Wk-JY for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vQpWvadzM+xWeSFnEnnB/M4Sj11HUAVOPl0Ah8j6nc0=; b=WBf/ndCbv6cqQh2fq/fAkUatdA YAN9N0G99+JKga45vAcQVH1RTjNCGfFOG4U9USoXPax/tzV8sV5huObOO5rrvjQagpafrssDQRt8T S45zD1QB1BvI5cvXmOJHtSM7yLJN8gqLeTML0+pn1XxuGnlxOAno44XKYr1eLOYWVwLo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Expose IPRED_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:15:26 +0000 commit fa7f2f9a8618f849380d203c7f18cc8ab12df5fa Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:58 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Expose IPRED_CTRL to guests The CPUID feature bit signals the presence of the IPRED_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 4dd6760706848de30f7c8b5f83462b9bcb070c91) --- xen/arch/x86/msr.c | 6 ++++-- xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index c33dc78cd8..54d3752e93 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -309,8 +309,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) /* * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have - * separate CPUID features for this functionality, but only set will be - * active. + * separate CPUID features for some of this functionality, but only one + * vendors-worth will be active on a single host. */ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) { @@ -324,6 +324,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | (psfd ? SPEC_CTRL_PSFD : 0) | + (cp->feat.ipred_ctrl + ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index f3f745ef61..8b7e7d29eb 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -300,7 +300,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /* MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /* MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(DDP_CTRL, 13*32+ 3) /* MSR_SPEC_CTRL.DDP_DIS_U */ XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 9aa59ffdb1..18f0693d33 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -318,7 +318,8 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS], + IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, + IPRED_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, AUTO_IBRS, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:15:37 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:15:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702652.1097858 (Exim 4.92) (envelope-from ) id 1ruF4L-0001BR-MV; Tue, 09 Apr 2024 17:15:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702652.1097858; Tue, 09 Apr 2024 17:15:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4L-0001BJ-JW; Tue, 09 Apr 2024 17:15:37 +0000 Received: by outflank-mailman (input) for mailman id 702652; Tue, 09 Apr 2024 17:15:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4K-0001BD-Ns for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4K-0005V8-N9 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF4K-0006X9-MS for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ANOAmiX8P1mnkvYdnkYMVj1UIJSa7V6Pp0cZ/qW1c/U=; b=Qh7y+6oxcELUCPKrmL4n2/miXe 79A+0BTb6DVUDfGINOIgzWwsj8UcY5vAmFSiFecoJ73djdTnpCfkjYPtA/uHN9FHTH8KftYJRiBKN vg8ECF1ySjj3VTL/LZKLsx2VYtoVVSdiQzTPwrbTSKhl7DrWDkWFk12m9VcO6kJ5FlSQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Expose RRSBA_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:15:36 +0000 commit a5463998291c40f6ff3ed17cc3fdcbc0d28baf68 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:59 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Expose RRSBA_CTRL to guests The CPUID feature bit signals the presence of the RRSBA_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 478e4787fa64b621061177a7843c452e9a19916d) --- xen/arch/x86/msr.c | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 54d3752e93..d42f5bd6ef 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -326,6 +326,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) (psfd ? SPEC_CTRL_PSFD : 0) | (cp->feat.ipred_ctrl ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | + (cp->feat.rrsba_ctrl + ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 8b7e7d29eb..c6e614f478 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -301,7 +301,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /* MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(DDP_CTRL, 13*32+ 3) /* MSR_SPEC_CTRL.DDP_DIS_U */ XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 18f0693d33..8edb1ea10b 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -319,7 +319,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL], + IPRED_CTRL, RRSBA_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, AUTO_IBRS, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:15:47 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:15:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702653.1097862 (Exim 4.92) (envelope-from ) id 1ruF4V-0001Es-Oy; Tue, 09 Apr 2024 17:15:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702653.1097862; Tue, 09 Apr 2024 17:15:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4V-0001El-MR; Tue, 09 Apr 2024 17:15:47 +0000 Received: by outflank-mailman (input) for mailman id 702653; Tue, 09 Apr 2024 17:15:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4U-0001Ec-Qi for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4U-0005VV-Q6 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF4U-0006XZ-PS for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OMJ8NrTKMJFKZRiC/SzIv4/H3Y8o/EQ4lHhjdV2+/jc=; b=GXxr5HKYWv+pbyVgYuhQIRffSs j5QOfIdmxFXHcKhdcYjhiMOafxv8/FBKeCnqSgesNmvGN6lJPtYr1X8yAugP9doSdnIeg9RxJBMia 5DdnaMcRfqr+923/RyMPSG9InTbTIKirBEH6nYHtR3Lgn4QR7A7U0j/XN+F+IFo3IWqE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Expose BHI_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:15:46 +0000 commit 0f6696a78059d4442515c6a80ff73db7b336c0c1 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:14:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Expose BHI_CTRL to guests The CPUID feature bit signals the presence of the BHI_DIS_S control in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 583f1d0950529f3517b1741c2b21a028a82ba831) --- xen/arch/x86/msr.c | 1 + xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index d42f5bd6ef..9babd441f9 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -328,6 +328,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | (cp->feat.rrsba_ctrl ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | + (cp->feat.bhi_ctrl ? SPEC_CTRL_BHI_DIS_S : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index c6e614f478..8b2744788d 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -303,7 +303,7 @@ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(DDP_CTRL, 13*32+ 3) /* MSR_SPEC_CTRL.DDP_DIS_U */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 8edb1ea10b..02dd45a5ed 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -319,7 +319,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL, RRSBA_CTRL], + IPRED_CTRL, RRSBA_CTRL, BHI_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, AUTO_IBRS, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:15:57 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:15:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702655.1097866 (Exim 4.92) (envelope-from ) id 1ruF4f-0001IV-QX; Tue, 09 Apr 2024 17:15:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702655.1097866; Tue, 09 Apr 2024 17:15:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4f-0001IO-O0; Tue, 09 Apr 2024 17:15:57 +0000 Received: by outflank-mailman (input) for mailman id 702655; Tue, 09 Apr 2024 17:15:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4e-0001IG-Tn for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4e-0005Vc-T0 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF4e-0006Y6-SG for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:15:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7BNJzWgoSXmWAZNty16hMOkin94acWibdiEsEICxH+c=; b=Y4bIaa+8mVP6YAeAaljP+zkxsk AQBhBG6bgE1Z2ndNIkiEFXrYu7n+nEAM2mM8kEe4T9jm0Cq5TAxRxh4kbbKNXEFrKwjJE4Q9Wwpub F7aY27wnLIUU+QBxINzk02MHE2jJMUph33KDhCQdyky5bbE9hgIlp1Z3qm23f3hj/xSE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86: arrange for ENDBR zapping from _ctxt_switch_masking() Message-Id: Date: Tue, 09 Apr 2024 17:15:56 +0000 commit b6fad02a54da8c38a316eeebab22152f29ee0218 Author: Jan Beulich AuthorDate: Mon Feb 5 10:44:46 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86: arrange for ENDBR zapping from _ctxt_switch_masking() While altcall is already used for them, the functions want announcing in .init.rodata.cf_clobber, even if the resulting static variables aren't otherwise used. While doing this also move ctxt_switch_masking to .data.ro_after_init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 044168fa3a65b6542bda5c21e373742de1bd5980) --- xen/arch/x86/cpu/amd.c | 5 +++++ xen/arch/x86/cpu/common.c | 2 +- xen/arch/x86/cpu/intel.c | 5 +++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index d43288ae97..808cda46bc 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -258,6 +258,11 @@ static void cf_check amd_ctxt_switch_masking(const struct vcpu *next) #undef LAZY } +#ifdef CONFIG_XEN_IBT /* Announce the function to ENDBR clobbering logic. */ +static const typeof(ctxt_switch_masking) __initconst_cf_clobber __used csm = + amd_ctxt_switch_masking; +#endif + /* * Mask the features and extended features returned by CPUID. Parameters are * set from the boot line via two methods: diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 51509fece0..61e5e52151 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -119,7 +119,7 @@ static const struct cpu_dev default_cpu = { static const struct cpu_dev *this_cpu = &default_cpu; static DEFINE_PER_CPU(uint64_t, msr_misc_features); -void (* __read_mostly ctxt_switch_masking)(const struct vcpu *next); +void (* __ro_after_init ctxt_switch_masking)(const struct vcpu *next); bool __init probe_cpuid_faulting(void) { diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index aef8e4506c..19466b89e8 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -220,6 +220,11 @@ static void cf_check intel_ctxt_switch_masking(const struct vcpu *next) #undef LAZY } +#ifdef CONFIG_XEN_IBT /* Announce the function to ENDBR clobbering logic. */ +static const typeof(ctxt_switch_masking) __initconst_cf_clobber __used csm = + intel_ctxt_switch_masking; +#endif + /* * opt_cpuid_mask_ecx/edx: cpuid.1[ecx, edx] feature mask. * For example, E8400[Intel Core 2 Duo Processor series] ecx = 0x0008E3FD, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:16:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:16:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702656.1097870 (Exim 4.92) (envelope-from ) id 1ruF4p-0001LQ-SN; Tue, 09 Apr 2024 17:16:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702656.1097870; Tue, 09 Apr 2024 17:16:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4p-0001LI-PT; Tue, 09 Apr 2024 17:16:07 +0000 Received: by outflank-mailman (input) for mailman id 702656; Tue, 09 Apr 2024 17:16:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4p-0001L4-1u for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4o-0005Vw-Vw for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF4o-0006ZM-VB for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n8UZTFH9keBo5pQAFOOmh/jEWey2h8UA9fCIjmu1o6Y=; b=zEKTbZrydCTyT3GGQmF7g/rf8c lKJ0FDCJosOzJEoTvY4WH6DFGYwRPCspCUMD5uE3VV4ajwk2ICJ7MqGkCb4CXj6WQJ/T496fXZNGG AKNUSThOb+7LChIIJPY52+7tTQS/f20BFNcwcNRV4j/iGxwM4lOsbTsg4RDnsjIOX0b8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/guest: finish conversion to altcall Message-Id: Date: Tue, 09 Apr 2024 17:16:06 +0000 commit 8a8c6262814171a295008d15a153c88c3c10616b Author: Jan Beulich AuthorDate: Mon Feb 5 10:45:31 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/guest: finish conversion to altcall While .setup() and .e820_fixup() don't need fiddling with for being run only very early, both .ap_setup() and .resume() want converting too: This way both pre-filled struct hypervisor_ops instances can become __initconst_cf_clobber, thus allowing to eliminate up to 5 more ENDBR (configuration dependent) during the 2nd phase of alternatives patching. While fiddling with section annotations here, also move "ops" itself to .data.ro_after_init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Acked-by: Paul Durrant (cherry picked from commit e931edccc53c9dd6e9a505ad0ff3a03d985669bc) --- xen/arch/x86/guest/hyperv/hyperv.c | 2 +- xen/arch/x86/guest/hypervisor.c | 6 +++--- xen/arch/x86/guest/xen/xen.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/guest/hyperv/hyperv.c b/xen/arch/x86/guest/hyperv/hyperv.c index 912099564e..6989af38f1 100644 --- a/xen/arch/x86/guest/hyperv/hyperv.c +++ b/xen/arch/x86/guest/hyperv/hyperv.c @@ -207,7 +207,7 @@ static int cf_check flush_tlb( return hyperv_flush_tlb(mask, va, flags); } -static const struct hypervisor_ops __initconstrel ops = { +static const struct hypervisor_ops __initconst_cf_clobber ops = { .name = "Hyper-V", .setup = setup, .ap_setup = ap_setup, diff --git a/xen/arch/x86/guest/hypervisor.c b/xen/arch/x86/guest/hypervisor.c index e0b046cc6c..ac80e83245 100644 --- a/xen/arch/x86/guest/hypervisor.c +++ b/xen/arch/x86/guest/hypervisor.c @@ -13,7 +13,7 @@ #include #include -static struct hypervisor_ops __read_mostly ops; +static struct hypervisor_ops __ro_after_init ops; const char *__init hypervisor_probe(void) { @@ -49,7 +49,7 @@ void __init hypervisor_setup(void) int hypervisor_ap_setup(void) { if ( ops.ap_setup ) - return ops.ap_setup(); + return alternative_call(ops.ap_setup); return 0; } @@ -57,7 +57,7 @@ int hypervisor_ap_setup(void) void hypervisor_resume(void) { if ( ops.resume ) - ops.resume(); + alternative_vcall(ops.resume); } void __init hypervisor_e820_fixup(void) diff --git a/xen/arch/x86/guest/xen/xen.c b/xen/arch/x86/guest/xen/xen.c index 2eed32fe46..44a689d439 100644 --- a/xen/arch/x86/guest/xen/xen.c +++ b/xen/arch/x86/guest/xen/xen.c @@ -318,7 +318,7 @@ static int cf_check flush_tlb( return xen_hypercall_hvm_op(HVMOP_flush_tlbs, NULL); } -static const struct hypervisor_ops __initconstrel ops = { +static const struct hypervisor_ops __initconst_cf_clobber ops = { .name = "Xen", .setup = setup, .ap_setup = ap_setup, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:16:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:16:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702658.1097874 (Exim 4.92) (envelope-from ) id 1ruF4z-0001OD-Tb; Tue, 09 Apr 2024 17:16:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702658.1097874; Tue, 09 Apr 2024 17:16:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4z-0001O5-Qu; Tue, 09 Apr 2024 17:16:17 +0000 Received: by outflank-mailman (input) for mailman id 702658; Tue, 09 Apr 2024 17:16:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4z-0001Nv-3j for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF4z-0005W9-2r for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF4z-0006aD-22 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=23muehr/vJqbAOY0ChfS2sQqKTEDdqTI/zie9kD6z8A=; b=1pw7RKOR6/FNt/5/+KnDZWk6MY HdkLAHkDw0O93c528gVScDoj7LqAqNTyW5fqFezbZK5iSpVNrOHXQkCxlTYXL7aKlJdkHc8m4C4u9 zR+QKtGFKyWY75mMelwBPbI00f330bL+Gm2RdJLh61y4T8OT5mzTQtgO/u11ZgYfc7fs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/CPU: convert vendor hook invocations to altcall Message-Id: Date: Tue, 09 Apr 2024 17:16:17 +0000 commit 4c2208d06cd03e54f97b98b4449dc717fc1dcee5 Author: Jan Beulich AuthorDate: Mon Feb 5 10:48:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/CPU: convert vendor hook invocations to altcall While not performance critical, these hook invocations still want converting: This way all pre-filled struct cpu_dev instances can become __initconst_cf_clobber, thus allowing to eliminate further 8 ENDBR during the 2nd phase of alternatives patching (besides moving previously resident data to .init.*). Since all use sites need touching anyway, take the opportunity and also address a Misra C:2012 Rule 5.5 violation: Rename the this_cpu static variable. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit 660f8a75013c947fbe5358a640032a1f9f1eece5) --- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/cpu/centaur.c | 2 +- xen/arch/x86/cpu/common.c | 24 ++++++++++++------------ xen/arch/x86/cpu/hygon.c | 2 +- xen/arch/x86/cpu/intel.c | 2 +- xen/arch/x86/cpu/shanghai.c | 2 +- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 808cda46bc..ab92333673 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -1307,7 +1307,7 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) amd_log_freq(c); } -const struct cpu_dev amd_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber amd_cpu_dev = { .c_early_init = early_init_amd, .c_init = init_amd, }; diff --git a/xen/arch/x86/cpu/centaur.c b/xen/arch/x86/cpu/centaur.c index eac49d78db..750168d1e8 100644 --- a/xen/arch/x86/cpu/centaur.c +++ b/xen/arch/x86/cpu/centaur.c @@ -54,6 +54,6 @@ static void cf_check init_centaur(struct cpuinfo_x86 *c) init_c3(c); } -const struct cpu_dev centaur_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber centaur_cpu_dev = { .c_init = init_centaur, }; diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 61e5e52151..26eed2ade1 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -113,10 +113,10 @@ static void cf_check default_init(struct cpuinfo_x86 * c) __clear_bit(X86_FEATURE_SEP, c->x86_capability); } -static const struct cpu_dev default_cpu = { +static const struct cpu_dev __initconst_cf_clobber __used default_cpu = { .c_init = default_init, }; -static const struct cpu_dev *this_cpu = &default_cpu; +static struct cpu_dev __ro_after_init actual_cpu; static DEFINE_PER_CPU(uint64_t, msr_misc_features); void (* __ro_after_init ctxt_switch_masking)(const struct vcpu *next); @@ -336,12 +336,13 @@ void __init early_cpu_init(bool verbose) c->x86_vendor = x86_cpuid_lookup_vendor(ebx, ecx, edx); switch (c->x86_vendor) { - case X86_VENDOR_INTEL: this_cpu = &intel_cpu_dev; break; - case X86_VENDOR_AMD: this_cpu = &amd_cpu_dev; break; - case X86_VENDOR_CENTAUR: this_cpu = ¢aur_cpu_dev; break; - case X86_VENDOR_SHANGHAI: this_cpu = &shanghai_cpu_dev; break; - case X86_VENDOR_HYGON: this_cpu = &hygon_cpu_dev; break; + case X86_VENDOR_INTEL: actual_cpu = intel_cpu_dev; break; + case X86_VENDOR_AMD: actual_cpu = amd_cpu_dev; break; + case X86_VENDOR_CENTAUR: actual_cpu = centaur_cpu_dev; break; + case X86_VENDOR_SHANGHAI: actual_cpu = shanghai_cpu_dev; break; + case X86_VENDOR_HYGON: actual_cpu = hygon_cpu_dev; break; default: + actual_cpu = default_cpu; if (!verbose) break; printk(XENLOG_ERR @@ -448,8 +449,8 @@ static void generic_identify(struct cpuinfo_x86 *c) if (c->extended_cpuid_level >= 0x80000021) c->x86_capability[FEATURESET_e21a] = cpuid_eax(0x80000021); - if (this_cpu->c_early_init) - this_cpu->c_early_init(c); + if (actual_cpu.c_early_init) + alternative_vcall(actual_cpu.c_early_init, c); /* c_early_init() may have adjusted cpuid levels/features. Reread. */ c->cpuid_level = cpuid_eax(0); @@ -546,9 +547,8 @@ void identify_cpu(struct cpuinfo_x86 *c) * At the end of this section, c->x86_capability better * indicate the features this CPU genuinely supports! */ - if (this_cpu->c_init) - this_cpu->c_init(c); - + if (actual_cpu.c_init) + alternative_vcall(actual_cpu.c_init, c); /* * The vendor-specific functions might have changed features. Now diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 42029f2145..f7508cc8fc 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -87,7 +87,7 @@ static void cf_check init_hygon(struct cpuinfo_x86 *c) amd_log_freq(c); } -const struct cpu_dev hygon_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber hygon_cpu_dev = { .c_early_init = early_init_amd, .c_init = init_hygon, }; diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 19466b89e8..deb7b70464 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -603,7 +603,7 @@ static void cf_check init_intel(struct cpuinfo_x86 *c) setup_clear_cpu_cap(X86_FEATURE_CLWB); } -const struct cpu_dev intel_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber intel_cpu_dev = { .c_early_init = early_init_intel, .c_init = init_intel, }; diff --git a/xen/arch/x86/cpu/shanghai.c b/xen/arch/x86/cpu/shanghai.c index 95ae544f8c..910f2c32f3 100644 --- a/xen/arch/x86/cpu/shanghai.c +++ b/xen/arch/x86/cpu/shanghai.c @@ -15,6 +15,6 @@ static void cf_check init_shanghai(struct cpuinfo_x86 *c) init_intel_cacheinfo(c); } -const struct cpu_dev shanghai_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber shanghai_cpu_dev = { .c_init = init_shanghai, }; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:16:28 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:16:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702659.1097878 (Exim 4.92) (envelope-from ) id 1ruF59-0001R9-VT; Tue, 09 Apr 2024 17:16:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702659.1097878; Tue, 09 Apr 2024 17:16:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF59-0001Qz-SO; Tue, 09 Apr 2024 17:16:27 +0000 Received: by outflank-mailman (input) for mailman id 702659; Tue, 09 Apr 2024 17:16:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF59-0001Qp-7D for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF59-0005WG-6J for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF59-0006ac-5Q for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Al6KhQGCy2AMebxIzFvZeF6GOezgFt33pcZ0rzGtXLI=; b=ldyWTN9+XZiA1UKOOkaD1JCnJw /pMw158i8RmNrld7PwJ0tzccVJ/OdOt/zWWiZZEDio68FaSUNY8RgSXlTB8d42Ka/EnQp2GT3khRP 3uyHX/W+/6EwfnU8gJeL7IM6nsHU3Qdh373+kqiztw6uunyDOLIsqYYQuZ5NcxfR+4N0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] VMX: tertiary execution control infrastructure Message-Id: Date: Tue, 09 Apr 2024 17:16:27 +0000 commit 594dd0920f7eb6614fd5a7aab150db05f39572f3 Author: Jan Beulich AuthorDate: Wed Feb 7 13:46:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 VMX: tertiary execution control infrastructure This is a prereq to enabling e.g. the MSRLIST feature. Note that the PROCBASED_CTLS3 MSR is different from other VMX feature reporting MSRs, in that all 64 bits report allowed 1-settings. vVMX code is left alone, though, for the time being. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 878159bf259bfbd7a40312829f1ea0ce1f6645e2) --- xen/arch/x86/hvm/vmx/vmcs.c | 57 +++++++++++++++++++++++++++++---- xen/arch/x86/hvm/vmx/vmx.c | 6 ++++ xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 13 ++++++++ xen/arch/x86/include/asm/hvm/vmx/vmx.h | 1 + xen/arch/x86/include/asm/msr-index.h | 1 + 5 files changed, 72 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index e382aa16c5..04d32b18fd 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -164,6 +164,7 @@ static int cf_check parse_ept_param_runtime(const char *s) u32 vmx_pin_based_exec_control __read_mostly; u32 vmx_cpu_based_exec_control __read_mostly; u32 vmx_secondary_exec_control __read_mostly; +uint64_t vmx_tertiary_exec_control __read_mostly; u32 vmx_vmexit_control __read_mostly; u32 vmx_vmentry_control __read_mostly; u64 vmx_ept_vpid_cap __read_mostly; @@ -229,10 +230,32 @@ static u32 adjust_vmx_controls( return ctl; } -static bool_t cap_check(const char *name, u32 expected, u32 saw) +static uint64_t adjust_vmx_controls2( + const char *name, uint64_t ctl_min, uint64_t ctl_opt, unsigned int msr, + bool *mismatch) +{ + uint64_t vmx_msr, ctl = ctl_min | ctl_opt; + + rdmsrl(msr, vmx_msr); + + ctl &= vmx_msr; /* bit == 0 ==> must be zero */ + + /* Ensure minimum (required) set of control bits are supported. */ + if ( ctl_min & ~ctl ) + { + *mismatch = true; + printk("VMX: CPU%u has insufficient %s (%#lx; requires %#lx)\n", + smp_processor_id(), name, ctl, ctl_min); + } + + return ctl; +} + +static bool cap_check( + const char *name, unsigned long expected, unsigned long saw) { if ( saw != expected ) - printk("VMX %s: saw %#x expected %#x\n", name, saw, expected); + printk("VMX %s: saw %#lx expected %#lx\n", name, saw, expected); return saw != expected; } @@ -242,6 +265,7 @@ static int vmx_init_vmcs_config(bool bsp) u32 _vmx_pin_based_exec_control; u32 _vmx_cpu_based_exec_control; u32 _vmx_secondary_exec_control = 0; + uint64_t _vmx_tertiary_exec_control = 0; u64 _vmx_ept_vpid_cap = 0; u64 _vmx_misc_cap = 0; u32 _vmx_vmexit_control; @@ -275,7 +299,8 @@ static int vmx_init_vmcs_config(bool bsp) opt = (CPU_BASED_ACTIVATE_MSR_BITMAP | CPU_BASED_TPR_SHADOW | CPU_BASED_MONITOR_TRAP_FLAG | - CPU_BASED_ACTIVATE_SECONDARY_CONTROLS); + CPU_BASED_ACTIVATE_SECONDARY_CONTROLS | + CPU_BASED_ACTIVATE_TERTIARY_CONTROLS); _vmx_cpu_based_exec_control = adjust_vmx_controls( "CPU-Based Exec Control", min, opt, MSR_IA32_VMX_PROCBASED_CTLS, &mismatch); @@ -339,6 +364,15 @@ static int vmx_init_vmcs_config(bool bsp) MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); } + if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) + { + uint64_t opt = 0; + + _vmx_tertiary_exec_control = adjust_vmx_controls2( + "Tertiary Exec Control", 0, opt, + MSR_IA32_VMX_PROCBASED_CTLS3, &mismatch); + } + /* The IA32_VMX_EPT_VPID_CAP MSR exists only when EPT or VPID available */ if ( _vmx_secondary_exec_control & (SECONDARY_EXEC_ENABLE_EPT | SECONDARY_EXEC_ENABLE_VPID) ) @@ -469,6 +503,7 @@ static int vmx_init_vmcs_config(bool bsp) vmx_pin_based_exec_control = _vmx_pin_based_exec_control; vmx_cpu_based_exec_control = _vmx_cpu_based_exec_control; vmx_secondary_exec_control = _vmx_secondary_exec_control; + vmx_tertiary_exec_control = _vmx_tertiary_exec_control; vmx_ept_vpid_cap = _vmx_ept_vpid_cap; vmx_vmexit_control = _vmx_vmexit_control; vmx_vmentry_control = _vmx_vmentry_control; @@ -504,6 +539,9 @@ static int vmx_init_vmcs_config(bool bsp) mismatch |= cap_check( "Secondary Exec Control", vmx_secondary_exec_control, _vmx_secondary_exec_control); + mismatch |= cap_check( + "Tertiary Exec Control", + vmx_tertiary_exec_control, _vmx_tertiary_exec_control); mismatch |= cap_check( "VMExit Control", vmx_vmexit_control, _vmx_vmexit_control); @@ -1082,6 +1120,7 @@ static int construct_vmcs(struct vcpu *v) v->arch.hvm.vmx.exec_control |= CPU_BASED_RDTSC_EXITING; v->arch.hvm.vmx.secondary_exec_control = vmx_secondary_exec_control; + v->arch.hvm.vmx.tertiary_exec_control = vmx_tertiary_exec_control; /* * Disable features which we don't want active by default: @@ -1136,6 +1175,10 @@ static int construct_vmcs(struct vcpu *v) __vmwrite(SECONDARY_VM_EXEC_CONTROL, v->arch.hvm.vmx.secondary_exec_control); + if ( cpu_has_vmx_tertiary_exec_control ) + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); + /* MSR access bitmap. */ if ( cpu_has_vmx_msr_bitmap ) { @@ -2071,10 +2114,12 @@ void vmcs_dump_vcpu(struct vcpu *v) vmr(HOST_PERF_GLOBAL_CTRL)); printk("*** Control State ***\n"); - printk("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n", + printk("PinBased=%08x CPUBased=%08x\n", vmr32(PIN_BASED_VM_EXEC_CONTROL), - vmr32(CPU_BASED_VM_EXEC_CONTROL), - vmr32(SECONDARY_VM_EXEC_CONTROL)); + vmr32(CPU_BASED_VM_EXEC_CONTROL)); + printk("SecondaryExec=%08x TertiaryExec=%016lx\n", + vmr32(SECONDARY_VM_EXEC_CONTROL), + vmr(TERTIARY_VM_EXEC_CONTROL)); printk("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl, vmexit_ctl); printk("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n", vmr32(EXCEPTION_BITMAP), diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index ae2157953a..b37c7bbcd2 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -760,6 +760,12 @@ void vmx_update_secondary_exec_control(struct vcpu *v) v->arch.hvm.vmx.secondary_exec_control); } +void vmx_update_tertiary_exec_control(const struct vcpu *v) +{ + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); +} + void vmx_update_exception_bitmap(struct vcpu *v) { u32 bitmap = unlikely(v->arch.hvm.vmx.vmx_realmode) diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index 8de9977eb3..68e9e3bf79 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -114,6 +114,7 @@ struct vmx_vcpu { /* Cache of cpu execution control. */ u32 exec_control; u32 secondary_exec_control; + uint64_t tertiary_exec_control; u32 exception_bitmap; uint64_t shadow_gs; @@ -196,6 +197,7 @@ void vmx_vmcs_reload(struct vcpu *v); #define CPU_BASED_RDTSC_EXITING 0x00001000 #define CPU_BASED_CR3_LOAD_EXITING 0x00008000 #define CPU_BASED_CR3_STORE_EXITING 0x00010000 +#define CPU_BASED_ACTIVATE_TERTIARY_CONTROLS 0x00020000 #define CPU_BASED_CR8_LOAD_EXITING 0x00080000 #define CPU_BASED_CR8_STORE_EXITING 0x00100000 #define CPU_BASED_TPR_SHADOW 0x00200000 @@ -260,6 +262,14 @@ extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_NOTIFY_VM_EXITING 0x80000000 extern u32 vmx_secondary_exec_control; +#define TERTIARY_EXEC_LOADIWKEY_EXITING BIT(0, UL) +#define TERTIARY_EXEC_ENABLE_HLAT BIT(1, UL) +#define TERTIARY_EXEC_EPT_PAGING_WRITE BIT(2, UL) +#define TERTIARY_EXEC_GUEST_PAGING_VERIFY BIT(3, UL) +#define TERTIARY_EXEC_IPI_VIRT BIT(4, UL) +#define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) +extern uint64_t vmx_tertiary_exec_control; + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -296,6 +306,8 @@ extern u64 vmx_ept_vpid_cap; (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_MSR_BITMAP) #define cpu_has_vmx_secondary_exec_control \ (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) +#define cpu_has_vmx_tertiary_exec_control \ + (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS) #define cpu_has_vmx_ept \ (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) #define cpu_has_vmx_dt_exiting \ @@ -423,6 +435,7 @@ enum vmcs_field { VIRT_EXCEPTION_INFO = 0x0000202a, XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, + TERTIARY_VM_EXEC_CONTROL = 0x00002034, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h index c84acc221d..9d603e0bb4 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -81,6 +81,7 @@ void vmx_realmode(struct cpu_user_regs *regs); void vmx_update_exception_bitmap(struct vcpu *v); void vmx_update_cpu_exec_control(struct vcpu *v); void vmx_update_secondary_exec_control(struct vcpu *v); +void vmx_update_tertiary_exec_control(const struct vcpu *v); #define POSTED_INTR_ON 0 #define POSTED_INTR_SN 1 diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 85ef28a612..b1d4dfd261 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -349,6 +349,7 @@ #define MSR_IA32_VMX_TRUE_EXIT_CTLS 0x48f #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 #define MSR_IA32_VMX_VMFUNC 0x491 +#define MSR_IA32_VMX_PROCBASED_CTLS3 0x492 /* K7/K8 MSRs. Not complete. See the architecture manual for a more complete list. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:16:38 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:16:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702660.1097882 (Exim 4.92) (envelope-from ) id 1ruF5K-0001UU-1a; Tue, 09 Apr 2024 17:16:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702660.1097882; Tue, 09 Apr 2024 17:16:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5J-0001UM-VF; Tue, 09 Apr 2024 17:16:37 +0000 Received: by outflank-mailman (input) for mailman id 702660; Tue, 09 Apr 2024 17:16:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5J-0001U3-A0 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5J-0005WR-9C for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF5J-0006b1-8X for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AQymZZpa3q6KsTF//WwWsfYifLFwetCqN3ElIiY36as=; b=EixvJbnhGvc1uwqdQbFqQGnx1e l4S6ruB5q63t1dGkF654HaKGI7z2yQ8jT8rDDQoPCUKjYgTjYDopEuQz8LyStZ6LEJJN/xM5MjOZa RxofVkC+It450A+36RZ1OgGU7+ADIYsrAurhtWIStZlbExjOERFTHXHEi1zizKQCQYfM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Move __read_mostly data into __ro_after_init Message-Id: Date: Tue, 09 Apr 2024 17:16:37 +0000 commit 125b1a7808ce9b5bc828dd22d5edbfa5c92d98a4 Author: Andrew Cooper AuthorDate: Thu Mar 28 12:38:32 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Move __read_mostly data into __ro_after_init These variables predate the introduction of __ro_after_init, but all qualify. Update them to be consistent with the rest of the file. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 7a09966e7b2823b70f6d56d0cf66c11124f4a3c1) --- xen/arch/x86/spec_ctrl.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 5dfc4ed69e..41c8174507 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -49,18 +49,18 @@ bool __ro_after_init opt_ssbd; static int8_t __initdata opt_psfd = -1; int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; -int8_t __read_mostly opt_eager_fpu = -1; -int8_t __read_mostly opt_l1d_flush = -1; +int8_t __ro_after_init opt_eager_fpu = -1; +int8_t __ro_after_init opt_l1d_flush = -1; static bool __initdata opt_branch_harden = IS_ENABLED(CONFIG_SPECULATIVE_HARDEN_BRANCH); static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __read_mostly default_xen_spec_ctrl; -uint8_t __read_mostly default_spec_ctrl_flags; +uint8_t __ro_after_init default_xen_spec_ctrl; +uint8_t __ro_after_init default_spec_ctrl_flags; -paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; -bool __read_mostly cpu_has_bug_l1tf; +paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; +bool __ro_after_init cpu_has_bug_l1tf; static unsigned int __initdata l1d_maxphysaddr; static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ @@ -316,8 +316,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) } custom_param("spec-ctrl", parse_spec_ctrl); -int8_t __read_mostly opt_xpti_hwdom = -1; -int8_t __read_mostly opt_xpti_domu = -1; +int8_t __ro_after_init opt_xpti_hwdom = -1; +int8_t __ro_after_init opt_xpti_domu = -1; static __init void xpti_init_default(void) { @@ -381,8 +381,8 @@ static int __init cf_check parse_xpti(const char *s) } custom_param("xpti", parse_xpti); -int8_t __read_mostly opt_pv_l1tf_hwdom = -1; -int8_t __read_mostly opt_pv_l1tf_domu = -1; +int8_t __ro_after_init opt_pv_l1tf_hwdom = -1; +int8_t __ro_after_init opt_pv_l1tf_domu = -1; static int __init cf_check parse_pv_l1tf(const char *s) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:16:48 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:16:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702661.1097886 (Exim 4.92) (envelope-from ) id 1ruF5U-0001XD-2w; Tue, 09 Apr 2024 17:16:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702661.1097886; Tue, 09 Apr 2024 17:16:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5U-0001X5-0N; Tue, 09 Apr 2024 17:16:48 +0000 Received: by outflank-mailman (input) for mailman id 702661; Tue, 09 Apr 2024 17:16:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5T-0001Wu-Cs for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5T-0005Wr-CD for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF5T-0006bS-BK for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LUoADQugD0IU1X/QyDqIvqm3OYrhY/79/c7OMQGiKTQ=; b=3nK130V4D++uSt5lo8UWM18dJx 711qIA1y5Tm1yv+9QJqQF+fdmWcWGcCu8XkgngkL+qVGKw3wbLaGi3kJ3oK8TcBdr5v4Nxu4ozjPS icGr30f+Y0p1MCYs+TZnaEYIwYpRRt9/vMsVIqYVw40iCx0LTdT9+LHEW8lqkpWHULQ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch Message-Id: Date: Tue, 09 Apr 2024 17:16:47 +0000 commit 855e261337aab70c904ab5908b67daf8ad80b1a0 Author: Andrew Cooper AuthorDate: Wed Apr 3 17:43:42 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch It turns out there is something wonky on some but not all CPUs with MSR_TSX_FORCE_ABORT. The presence of RTM_ALWAYS_ABORT causes Xen to think it's safe to offer HLE/RTM to guests, but in this case, XBEGIN instructions genuinely #UD. Spot this case and try to back out as cleanly as we can. Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich (cherry picked from commit b33f191e3ca99458fdcea1cb5a29dfa4965d1604) --- xen/arch/x86/tsx.c | 55 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 50d8059f23..fbdd05971c 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -1,5 +1,6 @@ #include #include +#include #include /* @@ -9,6 +10,7 @@ * -1 => Default, altered to 0/1 (if unspecified) by: * - TAA heuristics/settings for speculative safety * - "TSX vs PCR3" select for TSX memory ordering safety + * -2 => Implicit tsx=0 (from RTM_ALWAYS_ABORT vs RTM mismatch) * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) * * This is arranged such that the bottom bit encodes whether TSX is actually @@ -114,11 +116,50 @@ void tsx_init(void) if ( cpu_has_tsx_force_abort ) { + uint64_t val; + /* - * On an early TSX-enable Skylake part subject to the memory + * On an early TSX-enabled Skylake part subject to the memory * ordering erratum, with at least the March 2019 microcode. */ + rdmsrl(MSR_TSX_FORCE_ABORT, val); + + /* + * At the time of writing (April 2024), it was discovered that + * some parts (e.g. CoffeeLake 8th Gen, 06-9e-0a, ucode 0xf6) + * advertise RTM_ALWAYS_ABORT, but XBEGIN instructions #UD. Other + * similar parts (e.g. KabyLake Xeon-E3, 06-9e-09, ucode 0xf8) + * operate as expected. + * + * In this case: + * - RTM_ALWAYS_ABORT and MSR_TSX_FORCE_ABORT are enumerated. + * - XBEGIN instructions genuinely #UD. + * - MSR_TSX_FORCE_ABORT appears to be write-discard and fails to + * hold its value. + * - HLE and RTM are not enumerated, despite + * MSR_TSX_FORCE_ABORT.TSX_CPUID_CLEAR being clear. + * + * Spot RTM being unavailable without CLEAR_CPUID being set, and + * treat it as if no TSX is available at all. This will prevent + * Xen from thinking it's safe to offer HLE/RTM to VMs. + */ + if ( val == 0 && cpu_has_rtm_always_abort && !cpu_has_rtm ) + { + printk(XENLOG_ERR + "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RTM_ALWAYS_ABORT vs RTM mismatch\n", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_mask, this_cpu(cpu_sig).rev); + + setup_clear_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + setup_clear_cpu_cap(X86_FEATURE_TSX_FORCE_ABORT); + + if ( opt_tsx < 0 ) + opt_tsx = -2; + + goto done_probe; + } + /* * Probe for the June 2021 microcode which de-features TSX on * client parts. (Note - this is a subset of parts impacted by @@ -128,15 +169,8 @@ void tsx_init(void) * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. */ - if ( !has_rtm_always_abort ) - { - uint64_t val; - - rdmsrl(MSR_TSX_FORCE_ABORT, val); - - if ( val & TSX_ENABLE_RTM ) - has_rtm_always_abort = true; - } + if ( val & TSX_ENABLE_RTM ) + has_rtm_always_abort = true; /* * If no explicit tsx= option is provided, pick a default. @@ -191,6 +225,7 @@ void tsx_init(void) setup_force_cpu_cap(X86_FEATURE_RTM); } } + done_probe: /* * Note: MSR_TSX_CTRL is enumerated on TSX-enabled MDS_NO and later parts. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:16:58 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:16:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702662.1097890 (Exim 4.92) (envelope-from ) id 1ruF5e-0001a6-4U; Tue, 09 Apr 2024 17:16:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702662.1097890; Tue, 09 Apr 2024 17:16:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5e-0001Zx-1j; Tue, 09 Apr 2024 17:16:58 +0000 Received: by outflank-mailman (input) for mailman id 702662; Tue, 09 Apr 2024 17:16:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5d-0001Zp-Fo for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5d-0005Wz-Ez for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF5d-0006br-EH for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:16:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lMIPz6VXBrR9aEzHp1hSDvtXoj3VIMixniZEWy9C/zc=; b=sszNaP50BgZTd3OO9/+9IPUsr0 zSCvVQth4vrDcytXyC7CEWg2+qrcFUEylzRc78PEWf5chdyC9sOMY+Sb4v6kDpsyiZ5RrzsFi7FAr vy2eYm9WYcUuO2NcRinKhqdW6dbJqIq6OBv/3dc4VZzt1UW/uasw2zFCltPV/jtS+whA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/alternatives: fix .init section reference in _apply_alternatives() Message-Id: Date: Tue, 09 Apr 2024 17:16:57 +0000 commit a482be921144493a344d9ec0a904ccb71657506f Author: Roger Pau Monné AuthorDate: Tue Apr 9 14:50:46 2024 +0200 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/alternatives: fix .init section reference in _apply_alternatives() The code in _apply_alternatives() will unconditionally attempt to read __initdata_cf_clobber_{start,end} when called as part of applying alternatives to a livepatch payload when Xen is using IBT. That leads to a page-fault as __initdata_cf_clobber_{start,end} living in .init section will have been unmapped by the time a livepatch gets loaded. Fix by adding a check that limits the clobbering of endbr64 instructions to boot time only. Fixes: 37ed5da851b8 ('x86/altcall: Optimise away endbr64 instruction where possible') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper (cherry picked from commit 4be1fef1e6572c2be0bd378902ffb62a6e73faeb) --- xen/arch/x86/alternative.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 21af0e8258..2e7ba6e0b8 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -326,7 +326,7 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, * Clobber endbr64 instructions now that altcall has finished optimising * all indirect branches to direct ones. */ - if ( force && cpu_has_xen_ibt ) + if ( force && cpu_has_xen_ibt && system_state < SYS_STATE_active ) { void *const *val; unsigned int clobbered = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:17:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:17:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702664.1097894 (Exim 4.92) (envelope-from ) id 1ruF5o-0001dZ-60; Tue, 09 Apr 2024 17:17:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702664.1097894; Tue, 09 Apr 2024 17:17:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5o-0001dR-35; Tue, 09 Apr 2024 17:17:08 +0000 Received: by outflank-mailman (input) for mailman id 702664; Tue, 09 Apr 2024 17:17:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5n-0001dE-Ik for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5n-0005XM-Hx for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF5n-0006dy-HB for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KFXsOK2eYSUxWPr2EJYZDhxYpBke96NbILjk8VKW044=; b=xQ78qRkh+s+Bi3TaPqIiCufCkO ZyZFYFQGkrVBpQraZIl1jT8JhRqwam89NM7fw3XPGW33c2OPFvxwG0nWC9dc8Hjo4NGYbq9HY/prx BiLBWZyWBQ3vdl8hbhI4zUIbCVGU3jLbKIhgB8NOAeEJsaBZXb2ESF7M84i/9OCLOSr4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests Message-Id: Date: Tue, 09 Apr 2024 17:17:07 +0000 commit 32cdecf1c380db99cbf6934f051da04c20e74689 Author: Andrew Cooper AuthorDate: Tue Apr 9 15:03:05 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests All of these are prediction-mode (i.e. CPL) based. They don't operate as advertised in PV context. Fixes: 4dd676070684 ("x86/spec-ctrl: Expose IPRED_CTRL to guests") Fixes: 478e4787fa64 ("x86/spec-ctrl: Expose RRSBA_CTRL to guests") Fixes: 583f1d095052 ("x86/spec-ctrl: Expose BHI_CTRL to guests") Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 4b3da946ad7e3452761478ae683da842e7ff20d6) --- xen/include/public/arch-x86/cpufeatureset.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 8b2744788d..74d44fa431 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -300,10 +300,10 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*S MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*S MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(DDP_CTRL, 13*32+ 3) /* MSR_SPEC_CTRL.DDP_DIS_U */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*S MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:17:19 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:17:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702666.1097898 (Exim 4.92) (envelope-from ) id 1ruF5z-0001gU-7d; Tue, 09 Apr 2024 17:17:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702666.1097898; Tue, 09 Apr 2024 17:17:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5z-0001gM-4Y; Tue, 09 Apr 2024 17:17:19 +0000 Received: by outflank-mailman (input) for mailman id 702666; Tue, 09 Apr 2024 17:17:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5x-0001g3-MS for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF5x-0005XU-Lc for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF5x-0006eR-Km for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=T2PPiOssSNre4lFGJ5yC3UzzSxOnVSk290X/SFl8qyE=; b=sp9Tfl0oU+z/U5FOMMhUDfFKwO QDJttldts5+jXY2lF24t77mUChm1iLLECHZlnVh5dov+RP7f20C4QHJnOLo/I9cZLtyY6Bmtwd+oA imTOelR+7MKygkLlWttNCmaMKJD+LikTLKLJn5QW0NONJvswjzo+h8dONfHAGLokEhE4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Rename spec_ctrl_flags to scf Message-Id: Date: Tue, 09 Apr 2024 17:17:17 +0000 commit 57e5cab3decda418f89028de9f5854abd83c3c06 Author: Andrew Cooper AuthorDate: Thu Mar 28 11:57:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Rename spec_ctrl_flags to scf XSA-455 was ultimately caused by having fields with too-similar names. Both {xen,last}_spec_ctrl are fields containing an architectural MSR_SPEC_CTRL value. The spec_ctrl_flags field contains Xen-internal flags. To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which is also the prefix of the constants used by the fields. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit c62673c4334b3372ebd4292a7ac8185357e7ea27) --- xen/arch/x86/acpi/power.c | 4 ++-- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/include/asm/current.h | 2 +- xen/arch/x86/include/asm/domain.h | 2 +- xen/arch/x86/include/asm/spec_ctrl.h | 16 ++++++++-------- xen/arch/x86/include/asm/spec_ctrl_asm.h | 22 +++++++++++----------- xen/arch/x86/setup.c | 2 +- xen/arch/x86/spec_ctrl.c | 18 +++++++++--------- xen/arch/x86/x86_64/asm-offsets.c | 2 +- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 2 +- 14 files changed, 44 insertions(+), 44 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 81233738b1..f6ab522690 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,7 @@ static int enter_state(u32 state) ci = get_cpu_info(); /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_IST_MASK; + ci->scf &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,7 +290,7 @@ static int enter_state(u32 state) panic("Missing previously available feature(s)\n"); /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); + ci->scf |= (default_scf & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 3712e36df9..13912f907b 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2109,10 +2109,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the new spec_ctrl settings. */ - info->spec_ctrl_flags = - (info->spec_ctrl_flags & ~SCF_DOM_MASK) | - (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); + /* Update the top-of-stack block with the new speculation settings. */ + info->scf = + (info->scf & ~SCF_DOM_MASK) | + (nextd->arch.scf & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 5f31d71698..56a5865c29 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 1bead826ca..744cc5186a 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -111,7 +111,7 @@ UNLIKELY_END(realmode) BUILD_BUG_ON(SCF_verw & ~0xff) movzbl VCPU_vmx_launched(%rbx), %ecx shl $31, %ecx - movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax + movzbl CPUINFO_scf(%rsp), %eax and $SCF_verw, %eax or %eax, %ecx diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 04d32b18fd..4b6ca7c193 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1376,7 +1376,7 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); - if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + if ( !rc && (d->arch.scf & SCF_entry_ibpb) ) rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, VMX_MSR_HOST); diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index da5e152a10..9cc8d8e3d4 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -57,7 +57,7 @@ struct cpu_info { unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; + uint8_t scf; /* SCF_* */ /* * The following field controls copying of the L4 page table of 64-bit diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h index 619e667938..237510fed3 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -324,7 +324,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ + uint8_t scf; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 011ab1db27..ee3119e128 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -9,10 +9,10 @@ #define __X86_SPEC_CTRL_H__ /* - * Encoding of: - * cpuinfo.spec_ctrl_flags - * default_spec_ctrl_flags - * domain.spec_ctrl_flags + * Encoding of Xen's speculation control flags in: + * cpuinfo.scf + * default_scf + * domain.scf * * Live settings are in the top-of-stack block, because they need to be * accessable when XPTI is active. Some settings are fixed from boot, some @@ -82,7 +82,7 @@ extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; -extern uint8_t default_spec_ctrl_flags; +extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; @@ -102,7 +102,7 @@ static inline void init_shadow_spec_ctrl_state(void) info->shadow_spec_ctrl = 0; info->xen_spec_ctrl = default_xen_spec_ctrl; - info->spec_ctrl_flags = default_spec_ctrl_flags; + info->scf = default_scf; /* * For least latency, the VERW selector should be a writeable data @@ -126,7 +126,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) */ info->shadow_spec_ctrl = val; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); @@ -175,7 +175,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. */ - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 3c9aa56301..f593c5d621 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -39,7 +39,7 @@ * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow - * boolean in the per cpu spec_ctrl_flags. The synchronous use is: + * boolean in the per cpu scf. The synchronous use is: * * 1) Store guest value in shadow_spec_ctrl * 2) Set the use_shadow boolean @@ -86,11 +86,11 @@ * interrupting Xen. */ .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) .endif jz .L\@_skip @@ -160,8 +160,8 @@ #define STK_REL(field, top_of_stk) ((field) - (top_of_stk)) .macro SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) + scf=STK_REL(CPUINFO_scf, CPUINFO_error_code), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) /* * Requires \scf and \sel as %rsp-relative expressions * Clobbers eflags @@ -216,10 +216,10 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else - andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + andb $~SCF_use_shadow, CPUINFO_scf(%rsp) movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax .endif @@ -238,7 +238,7 @@ mov %eax, CPUINFO_shadow_spec_ctrl(%rsp) /* Set SPEC_CTRL shadowing *before* loading the guest value. */ - orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + orb $SCF_use_shadow, CPUINFO_scf(%rsp) mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx @@ -316,7 +316,7 @@ * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -341,7 +341,7 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx @@ -375,7 +375,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs * Clobbers %rax, %rbx, %rcx, %rdx */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx testb $SCF_ist_sc_msr, %bl jz .L\@_skip_sc_msr diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index a3d3f797bb..25017b5d96 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2034,7 +2034,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 41c8174507..af13b32672 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -57,7 +57,7 @@ static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; uint8_t __ro_after_init default_xen_spec_ctrl; -uint8_t __ro_after_init default_spec_ctrl_flags; +uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; bool __ro_after_init cpu_has_bug_l1tf; @@ -1105,7 +1105,7 @@ static void __init ibpb_calculations(void) * NMI/#MC, so can't interrupt Xen ahead of having already flushed the * BTB. */ - default_spec_ctrl_flags |= SCF_ist_ibpb; + default_scf |= SCF_ist_ibpb; } if ( opt_ibpb_entry_hvm ) setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); @@ -1606,7 +1606,7 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); - d->arch.spec_ctrl_flags = + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | 0; @@ -1711,7 +1711,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1722,7 +1722,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1857,7 +1857,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } /* @@ -1880,7 +1880,7 @@ void __init init_speculation_mitigations(void) * possible rogue RSB speculation. */ if ( !cpu_has_svm ) - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } srso_calculations(hw_smt_enabled); @@ -1893,7 +1893,7 @@ void __init init_speculation_mitigations(void) if ( opt_eager_fpu == -1 ) opt_eager_fpu = should_use_eager_fpu(); - /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ + /* (Re)init BSP state now that default_scf has been calculated. */ init_shadow_spec_ctrl_state(); /* @@ -2166,7 +2166,7 @@ void __init init_speculation_mitigations(void) { info->shadow_spec_ctrl = 0; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); } diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 85c7d0c989..9aa0970a18 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -154,7 +154,7 @@ void __dummy__(void) OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); - OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); + OFFSET(CPUINFO_scf, struct cpu_info, scf); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info)); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 3bbe3a79a5..375dba9ad3 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -164,8 +164,8 @@ ENTRY(compat_restore_all_guest) /* Account for ev/ec having already been popped off the stack. */ SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) + scf=STK_REL(CPUINFO_scf, CPUINFO_rip), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) .Lft0: iretq _ASM_PRE_EXTABLE(.Lft0, handle_exception) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 2c7512130f..4e49ef259a 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -692,7 +692,7 @@ UNLIKELY_END(exit_cr3) /* * When the CPU pushed this exception frame, it zero-extended eflags. * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of - * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs, + * scf and ver_sel above eflags, as we can't use any GPRs, * and we're at a random place on the stack, not in a CPUFINFO block. * * Account for ev/ec having already been popped off the stack. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:17:29 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:17:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702667.1097901 (Exim 4.92) (envelope-from ) id 1ruF69-0001jG-B6; Tue, 09 Apr 2024 17:17:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702667.1097901; Tue, 09 Apr 2024 17:17:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF69-0001j8-8I; Tue, 09 Apr 2024 17:17:29 +0000 Received: by outflank-mailman (input) for mailman id 702667; Tue, 09 Apr 2024 17:17:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF67-0001iy-QG for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF67-0005Xf-PX for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF67-0006es-Nv for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=12n56bfkLahnt4IixUNcy+1FWhNQTw5BmYGzMkrP6Vk=; b=x/+Nxk57Ul1XAumpGe6N0M3NZp DYZXry+nWDjE53qclhmRbrNdVJ5NKUCnVhyp3peP2UI6v/O2YiwGo8PIxclyXh98d3ceM9Dylm6fW l0TgrjdKRQI0J8IRvVCtJo8INIdId0eFjnS4ETq5S5x3bCuLBzsgsQ+ERScgWv7OiVOs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Message-Id: Date: Tue, 09 Apr 2024 17:17:27 +0000 commit e382cddcc289af75a51f277a06628c59ac7e2930 Author: Andrew Cooper AuthorDate: Fri Mar 22 11:41:41 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Right now, we have a mix of safety strategies in different blocks, making the logic fragile and hard to follow. Start addressing this by having a safety LFENCE at the end of the blocks, which can be patched out if other safety criteria are met. This will allow us to simplify the sub-blocks. For SPEC_CTRL_ENTRY_FROM_IST, simply leave an LFENCE unconditionally at the end; the IST path is not a fast-path by any stretch of the imagination. For SPEC_CTRL_ENTRY_FROM_INTR, the existing description was incorrect. The IRET #GP path is non-fatal but can occur with the guest's choice of MSR_SPEC_CTRL. It is safe to skip the flush/barrier-like protections when interrupting Xen, but we must run DO_SPEC_CTRL_ENTRY irrespective. This will skip RSB stuffing which was previously unconditional even when interrupting Xen. AFAICT, this is a missing cleanup from commit 3fffaf9c13e9 ("x86/entry: Avoid using alternatives in NMI/#MC paths") where we split the IST entry path out of the main INTR entry path. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 94896de1a98c4289fe6fef9e16ef99fc6ef2efc4) --- xen/arch/x86/hvm/vmx/entry.S | 1 + xen/arch/x86/include/asm/cpufeatures.h | 4 +++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 27 +++++++++-------- xen/arch/x86/spec_ctrl.c | 52 ++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 744cc5186a..241ec5ce07 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -43,6 +43,7 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 7e8221fd85..6422c66b0f 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -52,5 +52,9 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_BUG_CLFLUSH_MFENCE X86_BUG( 2) /* MFENCE needed to serialise CLFLUSH */ #define X86_BUG_IBPB_NO_RET X86_BUG( 3) /* IBPB doesn't flush the RSB/RAS */ +#define X86_SPEC_NO_LFENCE_ENTRY_PV X86_BUG(16) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_PV. */ +#define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ +#define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index f593c5d621..aa8c5e3c33 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -261,25 +261,37 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm /* * Used after an exception or maskable interrupt, hitting Xen or PV context. - * There will either be a guest speculation context, or (barring fatal - * exceptions) a well-formed Xen speculation context. + * There will either be a guest speculation context, or a well-formed Xen + * speculation context, with the exception of one case. IRET #GP handling may + * have a guest choice of MSR_SPEC_CTRL. + * + * Therefore, we can skip the flush/barrier-like protections when hitting Xen, + * but we must still run the mode-based protections. */ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rcx, %rdx */ + testb $3, UREGS_cs(%rsp) + jz .L\@_skip + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV +.L\@_skip: ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm /* @@ -348,18 +360,9 @@ movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr - /* Opencoded UNLIKELY_START() with no condition. */ -UNLIKELY_DISPATCH_LABEL(\@_serialise): - .subsection 1 - /* - * In the case that we might need to set SPEC_CTRL.IBRS for safety, we - * need to ensure that an attacker can't poison the `jz .L\@_skip_wrmsr` - * to speculate around the WRMSR. As a result, we need a dispatch - * serialising instruction in the else clause. - */ .L\@_skip_msr_spec_ctrl: + lfence - UNLIKELY_END(\@_serialise) .endm /* diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index af13b32672..b59f2f5425 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2142,6 +2142,58 @@ void __init init_speculation_mitigations(void) print_details(thunk); + /* + * With the alternative blocks now chosen, see if we need any other + * adjustments for safety. + * + * We compile the LFENCE in, and patch it out if it's not needed. + * + * Notes: + * - SPEC_CTRL_ENTRY_FROM_SVM doesn't need an LFENCE because it has an + * unconditional STGI. + * - SPEC_CTRL_ENTRY_FROM_IST handles its own safety, without the use of + * alternatives. + * - DO_OVERWRITE_RSB has conditional branches in it, but it's an inline + * sequence. It is considered safe for uarch reasons. + */ + { + /* + * SPEC_CTRL_ENTRY_FROM_PV conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we're not using any prior conditional mitigation, + * then it's safe to drop the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); + + /* + * SPEC_CTRL_ENTRY_FROM_INTR conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we have no protections active in the block that + * is skipped when interrupting guest context, then it's safe to drop + * the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); + + /* + * SPEC_CTRL_ENTRY_FROM_VMX conditional safety + * + * Currently there are no safety actions with conditional branches, so + * no need for the extra safety LFENCE. + */ + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + } + /* * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard * any firmware settings. For performance reasons, when safe to do so, we -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:17:39 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:17:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702668.1097908 (Exim 4.92) (envelope-from ) id 1ruF6J-0001mC-DD; Tue, 09 Apr 2024 17:17:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702668.1097908; Tue, 09 Apr 2024 17:17:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6J-0001m3-9k; Tue, 09 Apr 2024 17:17:39 +0000 Received: by outflank-mailman (input) for mailman id 702668; Tue, 09 Apr 2024 17:17:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6H-0001lo-TF for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6H-0005Xm-SW for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF6H-0006fH-Rm for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=28uRWaqDSSqrKDVsTFhnuM22UDrymS8h8bMWCM37/Xc=; b=CBSo7tVXUUoxV8vWF/O/GmL0qA BxHTxNhUmDgPUSqijSt0IQ1s2zitLlffJsdgzLjIEZXbZCFup/HQlqobhba491nTczYf5ILI5Pxho p2B2DJpTqRbuIT2PXoa9BZ0uLoawYm+TSv7fMtHUHRhD/Ir8AQVBkK4COcJZUmhpjpao=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Message-Id: Date: Tue, 09 Apr 2024 17:17:37 +0000 commit 9bc337497cd39e68b899f21d600a6fc64bd5e7f8 Author: Andrew Cooper AuthorDate: Fri Mar 22 15:52:06 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Other SPEC_CTRL_* paths already use %r14 like this, and it will allow for simplifications. All instances of SPEC_CTRL_ENTRY_FROM_PV are followed by a GET_STACK_END() invocation, so this change is only really logic and register shuffling. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22390697bf1b4cd3024f2d10893dec3c3ec08a9c) --- xen/arch/x86/x86_64/compat/entry.S | 4 +++- xen/arch/x86/x86_64/entry.S | 44 +++++++++++++++++++++----------------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 375dba9ad3..98ea4f5a4a 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,6 +18,8 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, EFRAME_entry_vector(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ @@ -25,7 +27,7 @@ ENTRY(entry_int82) CR4_PV32_RESTORE - GET_CURRENT(bx) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov %rsp, %rdi call do_entry_int82 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 4e49ef259a..405281fa25 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -266,21 +266,22 @@ ENTRY(lstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Llstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Llstar_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx testb $TF_kernel_mode,VCPU_thread_flags(%rbx) jz switch_to_kernel @@ -303,23 +304,24 @@ ENTRY(cstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lcstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lcstar_cr3_okay: sti CR4_PV32_RESTORE - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx #ifdef CONFIG_PV32 movq VCPU_domain(%rbx), %rcx @@ -344,23 +346,24 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lsyse_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl @@ -398,17 +401,18 @@ ENTRY(int80_direct_trap) movl $0x80, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lint80_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lint80_cr3_okay: sti @@ -418,7 +422,7 @@ UNLIKELY_START(ne, msi_check) call check_for_unexpected_msi UNLIKELY_END(msi_check) - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov VCPU_trap_ctxt(%rbx), %rsi mov VCPU_domain(%rbx), %rax -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:17:49 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:17:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702669.1097911 (Exim 4.92) (envelope-from ) id 1ruF6T-0001p4-Ek; Tue, 09 Apr 2024 17:17:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702669.1097911; Tue, 09 Apr 2024 17:17:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6T-0001ov-BF; Tue, 09 Apr 2024 17:17:49 +0000 Received: by outflank-mailman (input) for mailman id 702669; Tue, 09 Apr 2024 17:17:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6S-0001oi-01 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6R-0005YD-VU for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF6R-0006fj-Ul for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HlT2GPjrkgDe2Rn3JRrlI6dXcMX7mkymgAhwO/8exFs=; b=4OR0dltiRrfrx7G56YmHYFNRfQ wNA9vrsU8kBwtNuYWoMCZZe957DQSse4upv214PFoU7CAl3sRJY0gyHoffxUj3eWrdvsfc29XpUSq 8amBVV0hZa1HQPxNM2m91BhyPieSkKN7a6WG0yEneMP4iheqYhTvd7678V202EQBVHUQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} Message-Id: Date: Tue, 09 Apr 2024 17:17:47 +0000 commit 5b28a4af1f3b98a9f2e69c868a178cac0afff7ec Author: Andrew Cooper AuthorDate: Fri Mar 22 12:08:02 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} ... as we do in the exit paths too. This will allow simplification to the sub-blocks. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9607aeb6602b8ed9962404de3f5f90170ffddb66) --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 10 +++++++--- xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++++------ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index aa8c5e3c33..667ec7ffe0 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -251,9 +251,11 @@ */ .macro SPEC_CTRL_ENTRY_FROM_PV /* - * Requires %rsp=regs/cpuinfo, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs/cpuinfo, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ X86_FEATURE_IBPB_ENTRY_PV @@ -277,8 +279,10 @@ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + testb $3, UREGS_cs(%rsp) jz .L\@_skip diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 98ea4f5a4a..3c544e9a14 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,7 +20,7 @@ ENTRY(entry_int82) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ sti diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 405281fa25..1d7344117b 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -268,7 +268,7 @@ ENTRY(lstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -306,7 +306,7 @@ ENTRY(cstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -348,7 +348,7 @@ GLOBAL(sysenter_eflags_saved) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ @@ -403,7 +403,7 @@ ENTRY(int80_direct_trap) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -713,7 +713,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -747,7 +747,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:17:59 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:17:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702670.1097914 (Exim 4.92) (envelope-from ) id 1ruF6d-0001ru-G0; Tue, 09 Apr 2024 17:17:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702670.1097914; Tue, 09 Apr 2024 17:17:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6d-0001rl-Ch; Tue, 09 Apr 2024 17:17:59 +0000 Received: by outflank-mailman (input) for mailman id 702670; Tue, 09 Apr 2024 17:17:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6c-0001rb-2p for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6c-0005YK-29 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF6c-0006gM-1O for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:17:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KVkJoHHMVVnYkdnhDmmNR2RhHg3HWNDwggqYZu6X5Qs=; b=xjiIqmwypX9ICnxmpQbmP3Eqiv llVwQGeB0/D/7VT4cGKepsHNRPm8YvnFJP93HdGy8jXS4+yYdYqJf/LrR+AwxdVSjDXtcEjO2hRI4 VMW2KtOgUOzztYYZAfoZx53UuUj/iqtLuwBBXTGgnK2sOahYD5KDAy58/os36J3msGzU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Simplify DO_COND_IBPB Message-Id: Date: Tue, 09 Apr 2024 17:17:58 +0000 commit ccc6603b79749e45cbe638939fbb609342f440dd Author: Andrew Cooper AuthorDate: Fri Mar 22 14:33:17 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Simplify DO_COND_IBPB With the prior refactoring, SPEC_CTRL_ENTRY_{PV,INTR} both load SCF into %ebx, and handle the conditional safety including skipping if interrupting Xen. Therefore, we can drop the maybexen parameter and the conditional safety. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 2378d16a931de0e62c03669169989e9437306abe) --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 667ec7ffe0..c80717e421 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -75,33 +75,21 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ -.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +.macro DO_COND_IBPB /* - * Requires %rsp=regs (also cpuinfo if !maybexen) - * Requires %r14=stack_end (if maybexen), %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rbx=SCF, %rdx=0 + * Clobbers %rax, %rcx * - * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen - * case, we can safely look at UREGS_cs to skip taking the hit when - * interrupting Xen. + * Conditionally issue IBPB if SCF_entry_ibpb is active. */ - .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) - jz .L\@_skip - testb $3, UREGS_cs(%rsp) - .else - testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) - .endif + testb $SCF_entry_ibpb, %bl jz .L\@_skip mov $MSR_PRED_CMD, %ecx mov $PRED_CMD_IBPB, %eax wrmsr - jmp .L\@_done .L\@_skip: - lfence -.L\@_done: .endm .macro DO_OVERWRITE_RSB tmp=rax xu @@ -256,8 +244,7 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -286,8 +273,7 @@ testb $3, UREGS_cs(%rsp) jz .L\@_skip - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -327,7 +313,7 @@ * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of: - * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_COND_IBPB * DO_OVERWRITE_RSB * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:18:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:18:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702671.1097918 (Exim 4.92) (envelope-from ) id 1ruF6n-0001wh-Ij; Tue, 09 Apr 2024 17:18:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702671.1097918; Tue, 09 Apr 2024 17:18:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6n-0001wZ-Fy; Tue, 09 Apr 2024 17:18:09 +0000 Received: by outflank-mailman (input) for mailman id 702671; Tue, 09 Apr 2024 17:18:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6m-0001us-6k for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6m-0005Ye-5w for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF6m-0006hN-4M for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y5AQRCqxzwbqkJLbEOZNNAIKe0o3HV6IqSeiz7XuDNo=; b=NqiyTHXQ2XaSFEESSiHKXc0vGe fbJKxL8orGGcQNoyrGBstN9Z/Z4ENvEb748yHPrAYGf/Rq4qH9sMOj0rNV0s1X05Re3jT9FjPXq75 WfyqV23tH8aNaQPJjPAE/QxCnGjOfdsEzl5f1Ma+UONueLPziXkMRpLmH/OlLGeCOqGc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* Message-Id: Date: Tue, 09 Apr 2024 17:18:08 +0000 commit a6cefb26866eac4d2f3ebdc54a7d0add4019900d Author: Andrew Cooper AuthorDate: Mon Mar 25 11:09:35 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* The complexity is getting out of hand. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 40dea83b75386cb693481cf340024ce093be5c0f) --- xen/arch/x86/hvm/svm/entry.S | 14 ++++++++ xen/arch/x86/hvm/vmx/entry.S | 14 ++++++++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 59 ++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 56a5865c29..9f15d9fb70 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -100,6 +100,11 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular + * making type-confused RETs safe to use. This is not needed on Zen5 + * and later parts when SRSO_MSR_FIX (BP-SPEC-REDUCE) is in use. + */ .macro svm_vmexit_cond_ibpb testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb @@ -111,8 +116,17 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + /* + * RSB (RAS/RAP) stuffing is to prevents RET predictions following guest + * entries. This is not needed on Zen4 and later, when AutoIBRS is in + * use. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting, making indirect CALLs/JMPs + * safe to use. The guest's setting resides in the VMCB. + */ .macro svm_vmexit_spec_ctrl movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax movzbl CPUINFO_last_spec_ctrl(%rsp), %edx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 241ec5ce07..f52b3f0893 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -34,8 +34,22 @@ ENTRY(vmx_asm_vmexit_handler) mov %rax,VCPU_hvm_guest_cr2(%rbx) /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* + * RSB stuffing is to prevents RET predictions following guest + * entries. This is *not* sufficient to flush all RSB entries on + * parts enumerating eIBRS, although the following restore_spec_ctrl + * does covers us. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting. The guest's value resides in + * the MSR load/save list. For Legacy IBRS, this flushes/inhibits + * indirect predictions and does not flush the RSB. For eIBRS, this + * prevents CALLs/JMPs using predictions learnt at a lower predictor + * mode, and it flushes the RSB. On eIBRS parts that also suffer from + * PBRSB, the prior RSB stuffing suffices to make the RSB safe. + */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index c80717e421..e380c0579b 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -244,10 +244,32 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. + */ ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * This is not needed if SMEP is active and the RSB is full-width. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. The + * guest can't change it's value behind Xen's back. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. + */ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV @@ -270,6 +292,14 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * All safety notes the same as SPEC_CTRL_ENTRY_FROM_PV, although there is + * a conditional jump skipping some actions when interrupting Xen. + * + * On Intel parts, the IRET #GP path ends up here with the guest's choice + * of MSR_SPEC_CTRL. + */ + testb $3, UREGS_cs(%rsp) jz .L\@_skip @@ -320,6 +350,19 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. The SVM path takes care of + * Host/Guest interactions prior to clearing GIF, and it's not used on the + * VMX path. + */ test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -329,6 +372,12 @@ .L\@_skip_ibpb: + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * SCF_ist_rsb is active if either PV or HVM protections are needed. The + * VMX path cannot guarantee to make the RSB safe ahead of taking an IST + * vector. + */ test $SCF_ist_rsb, %bl jz .L\@_skip_rsb @@ -336,6 +385,16 @@ .L\@_skip_rsb: + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. PV + * guests can't change their value behind Xen's back. HVM guests have + * their value stored in the MSR load/save list. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. On eIBRS parts that also + * suffer from PBRSB, the prior RSB stuffing suffices to make the RSB + * safe. + */ test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:18:19 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:18:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702672.1097921 (Exim 4.92) (envelope-from ) id 1ruF6x-0001zQ-KG; Tue, 09 Apr 2024 17:18:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702672.1097921; Tue, 09 Apr 2024 17:18:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6x-0001zI-Hb; Tue, 09 Apr 2024 17:18:19 +0000 Received: by outflank-mailman (input) for mailman id 702672; Tue, 09 Apr 2024 17:18:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6w-0001z7-AC for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF6w-0005Yl-9N for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF6w-0006hy-8b for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a9lNuos3jnw8M8/SDorRhLeGwb0v7tcwAtP7h8HKkII=; b=0X+EuUnykeFDnbFv9e6eGdzRi4 RxiCql9899E+JTELnjvq4dCmADZe+F0yTjC2dBEVfLBp+VirKoWuu4iFIm/Cg2X6PVhrXxZd+Jior q/u1KU63yN3R4bpMd3beRyr7W1Uw5rpYi7uUgkXRj0tClvkE2ZiYRjlolxCOOZtiVFpg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/vmx: Add support for virtualize SPEC_CTRL Message-Id: Date: Tue, 09 Apr 2024 17:18:18 +0000 commit fb12e8d8f7e2a8694b048057f6398f9bdd85be62 Author: Roger Pau Monne AuthorDate: Thu Feb 15 17:46:53 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/vmx: Add support for virtualize SPEC_CTRL The feature is defined in the tertiary exec control, and is available starting from Sapphire Rapids and Alder Lake CPUs. When enabled, two extra VMCS fields are used: SPEC_CTRL mask and shadow. Bits set in mask are not allowed to be toggled by the guest (either set or clear) and the value in the shadow field is the value the guest expects to be in the SPEC_CTRL register. By using it the hypervisor can force the value of SPEC_CTRL bits behind the guest back without having to trap all accesses to SPEC_CTRL, note that no bits are forced into the guest as part of this patch. It also allows getting rid of SPEC_CTRL in the guest MSR load list, since the value in the shadow field will be loaded by the hardware on vmentry. Signed-off-by: Roger Pau Monné Signed-off-by: Andrew Cooper (cherry picked from commit 97c5b8b657e41a6645de9d40713b881234417b49) --- xen/arch/x86/hvm/vmx/vmcs.c | 12 ++++++++++- xen/arch/x86/hvm/vmx/vmx.c | 37 ++++++++++++++++++++++++++------- xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 5 +++++ xen/arch/x86/include/asm/msr.h | 7 +++++-- 4 files changed, 51 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 4b6ca7c193..317522caf8 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -203,6 +203,7 @@ static void __init vmx_display_features(void) P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); P(cpu_has_vmx_bus_lock_detection, "Bus Lock Detection"); P(cpu_has_vmx_notify_vm_exiting, "Notify VM Exit"); + P(cpu_has_vmx_virt_spec_ctrl, "Virtualize SPEC_CTRL"); #undef P if ( !printed ) @@ -366,7 +367,7 @@ static int vmx_init_vmcs_config(bool bsp) if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) { - uint64_t opt = 0; + uint64_t opt = TERTIARY_EXEC_VIRT_SPEC_CTRL; _vmx_tertiary_exec_control = adjust_vmx_controls2( "Tertiary Exec Control", 0, opt, @@ -1367,6 +1368,12 @@ static int construct_vmcs(struct vcpu *v) if ( cpu_has_vmx_tsc_scaling ) __vmwrite(TSC_MULTIPLIER, d->arch.hvm.tsc_scaling_ratio); + if ( cpu_has_vmx_virt_spec_ctrl ) + { + __vmwrite(SPEC_CTRL_MASK, 0); + __vmwrite(SPEC_CTRL_SHADOW, 0); + } + /* will update HOST & GUEST_CR3 as reqd */ paging_update_paging_modes(v); @@ -2089,6 +2096,9 @@ void vmcs_dump_vcpu(struct vcpu *v) if ( v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY ) printk("InterruptStatus = %04x\n", vmr16(GUEST_INTR_STATUS)); + if ( cpu_has_vmx_virt_spec_ctrl ) + printk("SPEC_CTRL mask = 0x%016lx shadow = 0x%016lx\n", + vmr(SPEC_CTRL_MASK), vmr(SPEC_CTRL_SHADOW)); printk("*** Host State ***\n"); printk("RIP = 0x%016lx (%ps) RSP = 0x%016lx\n", diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index b37c7bbcd2..ab7e8e219c 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -818,23 +818,28 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored. + * + * If VMX_VIRT_SPEC_CTRL is available, it is activated by default and the + * guest MSR_SPEC_CTRL value lives in the VMCS. Otherwise, it lives in + * the MSR load/save list. */ if ( cp->feat.ibrsb ) { vmx_clear_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); - if ( rc ) - goto out; + if ( !cpu_has_vmx_virt_spec_ctrl ) + { + rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); + if ( rc ) + goto out; + } } else { vmx_set_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); - if ( rc && rc != -ESRCH ) - goto out; - rc = 0; /* Tolerate -ESRCH */ + if ( !cpu_has_vmx_virt_spec_ctrl ) + vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ @@ -2636,6 +2641,10 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - fetched below. */ + break; + rc = vmx_read_guest_msr(v, reg, &val); if ( rc ) { @@ -2659,6 +2668,11 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmread(SPEC_CTRL_SHADOW, &val); + break; + case MSR_IA32_BNDCFGS: __vmread(GUEST_BNDCFGS, &val); break; @@ -2685,6 +2699,10 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - set below. */ + break; + rc = vmx_write_guest_msr(v, reg, val); if ( rc ) { @@ -2705,6 +2723,11 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmwrite(SPEC_CTRL_SHADOW, val); + break; + case MSR_IA32_BNDCFGS: __vmwrite(GUEST_BNDCFGS, val); break; diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index 68e9e3bf79..0878bf616f 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -270,6 +270,9 @@ extern u32 vmx_secondary_exec_control; #define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) extern uint64_t vmx_tertiary_exec_control; +#define cpu_has_vmx_virt_spec_ctrl \ + (vmx_tertiary_exec_control & TERTIARY_EXEC_VIRT_SPEC_CTRL) + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -436,6 +439,8 @@ enum vmcs_field { XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, TERTIARY_VM_EXEC_CONTROL = 0x00002034, + SPEC_CTRL_MASK = 0x0000204a, + SPEC_CTRL_SHADOW = 0x0000204c, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 1d8ea9f26f..c95330a5a1 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -302,8 +302,11 @@ struct vcpu_msrs * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. * - * For VT-x guests, the guest value is held in the MSR guest load/save - * list. + * For VT-x guests, one of two situations exist: + * + * - If hardware supports virtualized MSR_SPEC_CTRL, it is active by + * default and the guest value lives in the VMCS. + * - Otherwise, the guest value is held in the MSR load/save list. * * For SVM, the guest value lives in the VMCB, and hardware saves/restores * the host value automatically. However, guests run with the OR of the -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:18:29 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:18:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702673.1097926 (Exim 4.92) (envelope-from ) id 1ruF77-00024s-M1; Tue, 09 Apr 2024 17:18:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702673.1097926; Tue, 09 Apr 2024 17:18:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF77-00024k-JC; Tue, 09 Apr 2024 17:18:29 +0000 Received: by outflank-mailman (input) for mailman id 702673; Tue, 09 Apr 2024 17:18:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF76-00024c-DE for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF76-0005Ys-CZ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF76-0006iR-Bl for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R25QEFrM4gREszQQt2jjZfZI+Dsy77gBd/WJrWDDfjA=; b=TTXhJuJlKtOjBtiuTi/nurzhK6 4hnDJCFXeHknQzEpXrFnuel9xsfwTA1QK5zR0BZ/zBnmLc0qi8rTF6mO9ourB4wcP4/F+sCGZfjbt am/3+Rr9eQcrigRs4IJwTd9KWE5U2zKmxTU2E1QAfSQDFpp54N2JMVKXXyeyz4Ok5+No=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Message-Id: Date: Tue, 09 Apr 2024 17:18:28 +0000 commit 40a679548008aec65b729bf829f76390a028fe90 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:43:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Right now, they're all bytes, but MSR_SPEC_CTRL has been steadily gaining new features. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 45dac88e78e8a2d9d8738eef884fe6730faf9e67) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/include/asm/spec_ctrl.h | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 6 +++--- xen/arch/x86/spec_ctrl.c | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 9f15d9fb70..5f318629b4 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -61,14 +61,14 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ .macro svm_vmentry_spec_ctrl mov VCPU_arch_msrs(%rbx), %rax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_last_spec_ctrl(%rsp), %edx mov VCPUMSR_spec_ctrl_raw(%rax), %eax cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM @@ -128,14 +128,14 @@ __UNLIKELY_END(nsvm_hap) * safe to use. The guest's setting resides in the VMCB. */ .macro svm_vmexit_spec_ctrl - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_last_spec_ctrl(%rsp), %edx cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index f52b3f0893..96b3d22080 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -52,7 +52,7 @@ ENTRY(vmx_asm_vmexit_handler) */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax xor %edx, %edx wrmsr .endm diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index 9cc8d8e3d4..ba82b413e2 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -55,8 +55,8 @@ struct cpu_info { /* See asm/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; - uint8_t xen_spec_ctrl; - uint8_t last_spec_ctrl; + unsigned int xen_spec_ctrl; + unsigned int last_spec_ctrl; uint8_t scf; /* SCF_* */ /* diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index ee3119e128..95dd081f30 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -81,7 +81,7 @@ extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; -extern uint8_t default_xen_spec_ctrl; +extern unsigned int default_xen_spec_ctrl; extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index e380c0579b..f697d17616 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -205,10 +205,10 @@ setnz %al not %eax and %al, STACK_CPUINFO_FIELD(scf)(%r14) - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else andb $~SCF_use_shadow, CPUINFO_scf(%rsp) - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax .endif wrmsr @@ -406,7 +406,7 @@ /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr .L\@_skip_msr_spec_ctrl: diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b59f2f5425..0e53589f0e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -56,7 +56,7 @@ static bool __initdata opt_branch_harden = static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __ro_after_init default_xen_spec_ctrl; +unsigned int __ro_after_init default_xen_spec_ctrl; uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:18:39 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:18:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702674.1097929 (Exim 4.92) (envelope-from ) id 1ruF7H-00027a-NQ; Tue, 09 Apr 2024 17:18:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702674.1097929; Tue, 09 Apr 2024 17:18:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7H-00027S-Ki; Tue, 09 Apr 2024 17:18:39 +0000 Received: by outflank-mailman (input) for mailman id 702674; Tue, 09 Apr 2024 17:18:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7G-00027L-GH for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7G-0005Z0-FW for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF7G-0006ir-Et for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5c8SeCp0ti6gE5A6JAaa8AvkQ87VMWCmpLGNpcpedEc=; b=npo3ZQaWQnW7T3bpLLp5mPgPy7 5XWOrxh9N+V6h1+UYm9nFBrpYUFILTFxmUELrdFIommOp+fykeUDe3BPx7LAB+QnPgbG3d/XDueor wIzeYEjwiQeQ0ha/NPKbhEN17agM+YLZ6hQWII8Yixx/KGjTMtD6ux7FD9gVoI5ejPsY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86: Use indirect calls in reset-stack infrastructure Message-Id: Date: Tue, 09 Apr 2024 17:18:38 +0000 commit 9fd732d18d564001227c98ca8fa5da8eb348ede5 Author: Andrew Cooper AuthorDate: Fri Dec 22 17:44:48 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86: Use indirect calls in reset-stack infrastructure Mixing up JMP and CALL indirect targets leads a very fun form of speculative type confusion. A target which is expecting to be called CALLed needs a return address on the stack, and an indirect JMP doesn't place one there. An indirect JMP which predicts to a target intending to be CALLed can end up with a RET speculatively executing with a value from the JMPers stack frame. There are several ways get indirect JMPs in Xen. * From tailcall optimisations. These are safe because the compiler has arranged the stack to point at the callee's return address. * From jump tables. These are unsafe, but Xen is built with -fno-jump-tables to work around several compiler issues. * From reset_stack_and_jump_ind(), which is particularly unsafe. Because of the additional stack adjustment made, the value picked up off the stack is regs->r15 of the next vCPU to run. In order to mitigate this type confusion, we want to make all indirect targets be CALL targets, and remove the use of indirect JMP except via tailcall optimisation. Luckily due to XSA-348, all C target functions of reset_stack_and_jump_ind() are noreturn. {svm,vmx}_do_resume() exits via reset_stack_and_jump(); a direct JMP with entirely different prediction properties. idle_loop() is an infinite loop which eventually exits via reset_stack_and_jump_ind() from a new schedule. i.e. These paths are all fine having one extra return address on the stack. This leaves continue_pv_domain(), which is expecting to be a JMP target. Alter it to strip the return address off the stack, which is safe because there isn't actually a RET expecting to return to its caller. This allows us change reset_stack_and_jump_ind() to reset_stack_and_call_ind() in order to mitigate the speculative type confusion. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8e186f98ce0e35d1754ec9299da41ec98873b65c) --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/x86_64/entry.S | 8 ++++++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 13912f907b..307446273a 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2125,12 +2125,12 @@ void context_switch(struct vcpu *prev, struct vcpu *next) /* Ensure that the vcpu has an up-to-date time base. */ update_vcpu_system_time(next); - reset_stack_and_jump_ind(nextd->arch.ctxt_switch->tail); + reset_stack_and_call_ind(nextd->arch.ctxt_switch->tail); } void continue_running(struct vcpu *same) { - reset_stack_and_jump_ind(same->domain->arch.ctxt_switch->tail); + reset_stack_and_call_ind(same->domain->arch.ctxt_switch->tail); } int __sync_local_execstate(void) diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index ba82b413e2..2f723bcf1b 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -196,10 +196,10 @@ unsigned long get_stack_dump_bottom (unsigned long sp); switch_stack_and_jump(fn, "jmp %c", "i") /* The constraint may only specify non-call-clobbered registers. */ -#define reset_stack_and_jump_ind(fn) \ +#define reset_stack_and_call_ind(fn) \ ({ \ (void)((fn) == (void (*)(void))NULL); \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b"); \ + switch_stack_and_jump(fn, "INDIRECT_CALL %", "b"); \ }) /* diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 1d7344117b..ad7dd3b23b 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -637,6 +637,14 @@ ENTRY(dom_crash_sync_extable) #ifdef CONFIG_PV ENTRY(continue_pv_domain) ENDBR64 + + /* + * For speculative type confusion reasons, we're CALLed rather than + * JMPed to. Drop the return address. + */ + add $8, %rsp + ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK + call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:18:49 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:18:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702676.1097934 (Exim 4.92) (envelope-from ) id 1ruF7R-0002FN-Qh; Tue, 09 Apr 2024 17:18:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702676.1097934; Tue, 09 Apr 2024 17:18:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7R-0002FF-OA; Tue, 09 Apr 2024 17:18:49 +0000 Received: by outflank-mailman (input) for mailman id 702676; Tue, 09 Apr 2024 17:18:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7Q-0002C9-JA for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7Q-0005ZS-II for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF7Q-0006jc-Hg for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ycX+qJWv02a7aSXrt7WphYTn+E4feHZEJKKwcSluHG8=; b=XkXKSA0V0pcvORK5Z0hAN2J3t1 3hD5uFbWDLN4jCvhjqPiKg7OZmllhT4cgjqjLAkso4QQHDX9eJIDNBk74hQskJb3hCXbJm4lB2f5n XZwnM1xd8azz1sliwLdEV56c9vkW4x2fZbrjuHLFhnMyndWho7PNmk7uXAfI/NurdaE4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86: Drop INDIRECT_JMP Message-Id: Date: Tue, 09 Apr 2024 17:18:48 +0000 commit 62844c4415f50e01ab46fa8bedc127cc098aa77b Author: Andrew Cooper AuthorDate: Fri Dec 22 18:01:37 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86: Drop INDIRECT_JMP Indirect JMPs which are not tailcalls can lead to an unwelcome form of speculative type confusion, and we've removed the uses of INDIRECT_JMP to compensate. Remove the temptation to reintroduce new instances. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0b66d7ce3c0290eaad28bdafb35200052d012b14) --- xen/arch/x86/include/asm/asm-defns.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/include/asm/asm-defns.h b/xen/arch/x86/include/asm/asm-defns.h index 9a7073ced5..d55dd3bbc3 100644 --- a/xen/arch/x86/include/asm/asm-defns.h +++ b/xen/arch/x86/include/asm/asm-defns.h @@ -29,10 +29,9 @@ BUG /* Shouldn't return */ .endm -.macro INDIRECT_BRANCH insn:req arg:req +.macro INDIRECT_CALL arg:req /* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. + * Create an indirect call. arg is a single register. * * With no compiler support, this degrades into a plain indirect call/jmp. * With compiler support, dispatch to the correct __x86_indirect_thunk_* @@ -42,7 +41,7 @@ $done = 0 .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg + call __x86_indirect_thunk_r\reg $done = 1 .exitm .endif @@ -53,19 +52,10 @@ .endif .else - \insn *\arg + call *\arg .endif .endm -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp \arg -.endm - #ifdef CONFIG_XEN_IBT # define ENDBR64 endbr64 #else -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:18:59 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:18:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702677.1097937 (Exim 4.92) (envelope-from ) id 1ruF7b-0002J1-S7; Tue, 09 Apr 2024 17:18:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702677.1097937; Tue, 09 Apr 2024 17:18:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7b-0002Iv-PY; Tue, 09 Apr 2024 17:18:59 +0000 Received: by outflank-mailman (input) for mailman id 702677; Tue, 09 Apr 2024 17:18:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7a-0002In-M0 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7a-0005ZZ-LG for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF7a-0006k7-KY for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:18:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=j3mjDj1jRYUT38Bm7AUnBsslX+R3szzK4WJBlyE2D0U=; b=f6F+KdXJMhu4NIPt5AUpIOvwF8 3AjCoB59H+j80amI25x47gjauzwwX6sd+OQq5u4q8SU4vzb/XaO6m3nr9Pwc6GJvrGm81BQTE+PW8 d22eo/KFTWbiCsTQEzxBEveqtzyTze8kW/dt7TtNU6ZNlFEKFfp3peGlLAmki4l3PNhE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/tsx: Expose RTM_ALWAYS_ABORT to guests Message-Id: Date: Tue, 09 Apr 2024 17:18:58 +0000 commit 2be76f201814bd91a289d991e47746ca22c80c31 Author: Andrew Cooper AuthorDate: Sat Apr 6 20:36:54 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/tsx: Expose RTM_ALWAYS_ABORT to guests A TSX Abort is one option mitigate Native-BHI, but a guest kernel doesn't get to see this if Xen has turned RTM off using MSR_TSX_{CTRL,FORCE_ABORT}. Therefore, the meaning of RTM_ALWAYS_ABORT has been adjusted to "XBEGIN won't fault", and it should be exposed to guests so they can make a better decision. Expose it in the max policy for any RTM-capable system. Offer it by default only if RTM has been disabled. Update test-tsx to account for this new meaning. While adjusting the logic in test_guest_policies(), take the opportunity to use feature names (now they're available) to make the logic easier to follow. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c94e2105924347de0d9f32065370e802a20cc829) --- tools/tests/tsx/test-tsx.c | 39 +++++++++++++++++++---------- xen/arch/x86/cpu-policy.c | 20 +++++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 47 insertions(+), 14 deletions(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index b7e1972ce8..5af04953f3 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -311,25 +311,25 @@ static void test_guest_policies(const struct cpu_policy *max, dump_tsx_details(max, "Max:"); dump_tsx_details(def, "Def:"); - if ( ((max->feat.raw[0].d | def->feat.raw[0].d) & - (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | - bitmaskof(X86_FEATURE_SRBDS_CTRL))) || - ((max->arch_caps.raw | def->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) + if ( max->feat.tsx_force_abort || def->feat.tsx_force_abort || + max->feat.srbds_ctrl || def->feat.srbds_ctrl || + max->arch_caps.tsx_ctrl || def->arch_caps.tsx_ctrl ) fail(" Xen-only TSX controls offered to guest\n"); switch ( rtm_behaviour ) { case RTM_UD: - if ( (max->feat.raw[0].b | def->feat.raw[0].b) & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) - fail(" HLE/RTM offered to guests despite not being available\n"); + if ( max->feat.hle || def->feat.hle || + max->feat.rtm || def->feat.rtm || + max->feat.rtm_always_abort || def->feat.rtm_always_abort ) + fail(" HLE/RTM/RTM_AA offered to guests despite not being available\n"); break; case RTM_ABORT: - if ( def->feat.raw[0].b & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) + if ( def->feat.hle || def->feat.rtm ) fail(" HLE/RTM offered to guests by default despite not being usable\n"); + if ( !def->feat.rtm_always_abort ) + fail(" RTM_AA not offered to guests by default despite being available\n"); break; case RTM_OK: @@ -340,6 +340,9 @@ static void test_guest_policies(const struct cpu_policy *max, if ( def->feat.hle ) fail(" Fail: HLE offered in default policy\n"); + + if ( def->feat.rtm && def->feat.rtm_always_abort ) + fail(" Fail: Both RTM and RTM_AA offered in default policy\n"); } static void test_def_max_policies(void) @@ -388,14 +391,13 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.hle || guest_policy.policy.feat.tsx_force_abort || - guest_policy.policy.feat.rtm_always_abort || guest_policy.policy.feat.srbds_ctrl || guest_policy.policy.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); if ( host.policy.feat.rtm ) { - unsigned int _7b0; + unsigned int _7b0, _7d0; /* * If host RTM is available, all combinations of guest flags should be @@ -403,6 +405,8 @@ static void test_guest(struct xen_domctl_createdomain *c) */ _7b0 = (guest_policy.policy.feat.raw[0].b ^= (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM))); + _7d0 = (guest_policy.policy.feat.raw[0].d ^= + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT)); /* Set the new policy. */ rc = xc_cpu_policy_set_domain(xch, domid, &guest_policy); @@ -426,10 +430,17 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.raw[0].b != _7b0 ) { - fail(" Expected CPUID.7[1].b 0x%08x differs from actual 0x%08x\n", + fail(" Expected CPUID.7[0].b 0x%08x differs from actual 0x%08x\n", _7b0, guest_policy.policy.feat.raw[0].b); goto out; } + + if ( guest_policy.policy.feat.raw[0].d != _7d0 ) + { + fail(" Expected CPUID.7[0].d 0x%08x differs from actual 0x%08x\n", + _7d0, guest_policy.policy.feat.raw[0].d); + goto out; + } } out: @@ -514,6 +525,8 @@ static void test_tsx(void) i, errno, strerror(errno)); } + dump_tsx_details(&host.policy, "Host:"); + rc = xc_physinfo(xch, &physinfo); if ( rc ) return fail("Failed to obtain physinfo: %d - %s\n", diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index 85064e4a36..a822800f52 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -475,6 +475,21 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) */ __set_bit(X86_FEATURE_HTT, fs); __set_bit(X86_FEATURE_CMP_LEGACY, fs); + + /* + * To mitigate Native-BHI, one option is to use a TSX Abort on capable + * systems. This is safe even if RTM has been disabled for other reasons + * via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel doesn't get to + * know this type of information. + * + * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to instead + * mean "XBEGIN won't fault". This is enough for a guest kernel to make + * an informed choice WRT mitigating Native-BHI. + * + * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT. + */ + if ( test_bit(X86_FEATURE_RTM, fs) ) + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -547,9 +562,14 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) * function as expected, but is technically compatible with the ISA. * * Do not advertise RTM to guests by default if it won't actually work. + * Instead, advertise RTM_ALWAYS_ABORT indicating that TSX Aborts are safe + * to use, e.g. for mitigating Native-BHI. */ if ( rtm_disabled ) + { __clear_bit(X86_FEATURE_RTM, fs); + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); + } } static void __init guest_common_feature_adjustments(uint32_t *fs) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 74d44fa431..2dd8018f24 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -263,7 +263,7 @@ XEN_CPUFEATURE(FSRM, 9*32+ 4) /*A Fast Short REP MOVS */ XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a VP2INTERSECT{D,Q} insns */ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A VERW clears microarchitectural buffers */ -XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! June 2021 TSX defeaturing in microcode. */ +XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! RTM disabled (but XBEGIN wont fault) */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*A SERIALIZE insn */ XEN_CPUFEATURE(HYBRID, 9*32+15) /* Heterogeneous platform */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:19:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:19:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702678.1097942 (Exim 4.92) (envelope-from ) id 1ruF7l-0002M2-Tj; Tue, 09 Apr 2024 17:19:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702678.1097942; Tue, 09 Apr 2024 17:19:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7l-0002Lu-Qy; Tue, 09 Apr 2024 17:19:09 +0000 Received: by outflank-mailman (input) for mailman id 702678; Tue, 09 Apr 2024 17:19:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7k-0002Lh-PF for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7k-0005Zt-Oc for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF7k-0006kf-Nn for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sZTVwClUDfaI95pRVMZreFSKnkYBZY08rfY2M8sTx9k=; b=gi/AOtCUcGDLzy9rwmLgzgTeqT yAMZ3RCCXYgVuL5uKJB044zOhahNZSXRAeo/xpEf5Da1VXIO5IfNYx55tLU6Y4mbprbtKEQAuZWk/ 9ciAhcGDU3s7pGQOQpXWHnrL/5yXlvzOM9oo4v26qDXhOW4SweM8KBmSs2pSc+x4OACc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Message-Id: Date: Tue, 09 Apr 2024 17:19:08 +0000 commit 73a4229807c3b237a0b6d2e03d0301d3725b8f1d Author: Andrew Cooper AuthorDate: Tue Mar 26 19:01:37 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Introduce a "bhi-dis-s" boolean to match the other options we have for MSR_SPEC_CTRL values. Also introduce bhi_calculations(). Use BHI_DIS_S whenever possible. Guests which are levelled to be migration compatible with older CPUs can't see BHI_DIS_S, and Xen must fill in the difference to make the guest safe. Use the virt MSR_SPEC_CTRL infrastructure to force BHI_DIS_S behind the guest's back. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 62a1106415c5e8a49b45147ca84d54a58d471343) --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/include/asm/spec_ctrl.h | 1 + xen/arch/x86/spec_ctrl.c | 24 +++++++++++++++++++++++- 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 3f9f916718..4637dba916 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2373,7 +2373,8 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). > {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, -> unpriv-mmio,gds-mit,div-scrub,lock-harden}= ]` +> unpriv-mmio,gds-mit,div-scrub,lock-harden, +> bhi-dis-s}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2454,6 +2455,11 @@ option can be used to force or prevent Xen using the feature itself. By default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by default. +On hardware supporting BHI_DIS_S (Branch History Injection Disable +Supervisor), the `bhi-dis-s=` option can be used to force or prevent Xen using +the feature itself. By default Xen will use BHI_DIS_S on hardware susceptible +to Branch History Injection. + On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` option can be used to force (the default) or prevent Xen from issuing branch prediction barriers on vcpu context switches. diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index ab7e8e219c..f410e509de 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -48,6 +48,7 @@ #include #include #include +#include #include static bool_t __initdata opt_force_ept; @@ -842,6 +843,22 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } + if ( cpu_has_vmx_virt_spec_ctrl ) + { + /* + * If we're on BHI_DIS_S capable hardware, the short loop sequence is + * not sufficient to mitigate Native-BHI. If the VM can't see it + * (i.e. it's levelled with older hardware), force it behind the + * guests back for safey. + * + * Because there's not a real Host/Guest split of the MSR_SPEC_CTRL + * value, this only works as expected when Xen is using BHI_DIS_S too. + */ + bool force_bhi_dis_s = opt_bhi_dis_s && !cp->feat.bhi_ctrl; + + __vmwrite(SPEC_CTRL_MASK, force_bhi_dis_s ? SPEC_CTRL_BHI_DIS_S : 0); + } + /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ if ( cp->feat.ibrsb || cp->extd.ibpb ) vmx_clear_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 95dd081f30..b2d2c25842 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -77,6 +77,7 @@ static always_inline void spec_ctrl_new_guest_context(void) extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; +extern int8_t opt_bhi_dis_s; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0e53589f0e..6a1eb14cdf 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -47,6 +47,7 @@ static int8_t __initdata opt_ibrs = -1; static int8_t __initdata opt_stibp = -1; bool __ro_after_init opt_ssbd; static int8_t __initdata opt_psfd = -1; +int8_t __ro_after_init opt_bhi_dis_s = -1; int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; int8_t __ro_after_init opt_eager_fpu = -1; @@ -269,6 +270,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ssbd = val; else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) opt_psfd = val; + else if ( (val = parse_boolean("bhi-dis-s", s, ss)) >= 0 ) + opt_bhi_dis_s = val; /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) @@ -524,7 +527,7 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : @@ -542,6 +545,8 @@ static void __init print_details(enum ind_thunk thunk) (!boot_cpu_has(X86_FEATURE_PSFD) && !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", + !boot_cpu_has(X86_FEATURE_BHI_CTRL) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_BHI_DIS_S) ? " BHI_DIS_S+" : " BHI_DIS_S-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -1596,6 +1601,21 @@ static void __init gds_calculations(void) } } +/* + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + */ +static void __init bhi_calculations(void) +{ + if ( opt_bhi_dis_s == -1 ) + opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + + if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) + opt_bhi_dis_s = false; + + if ( opt_bhi_dis_s ) + default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; +} + void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); @@ -2140,6 +2160,8 @@ void __init init_speculation_mitigations(void) gds_calculations(); + bhi_calculations(); + print_details(thunk); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:19:21 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:19:21 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702679.1097946 (Exim 4.92) (envelope-from ) id 1ruF7w-0002OR-VN; Tue, 09 Apr 2024 17:19:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702679.1097946; Tue, 09 Apr 2024 17:19:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7w-0002OJ-SW; Tue, 09 Apr 2024 17:19:20 +0000 Received: by outflank-mailman (input) for mailman id 702679; Tue, 09 Apr 2024 17:19:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7u-0002OA-SR for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF7u-0005a2-Rf for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF7u-0006lA-Qt for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+WdBKhg8jrLOXA/xOStYwlD2gN7nuMkzSF0ihzF8xL4=; b=jIws1U0yeOnPRSURtUFi+QR26o svdToHhXOiZ7uPsYiQ52KXe/nK9VgdSpkwBAAlxeR8RFTC58miCfcUr0PV96W3PSlMOcTt89kuJLD lCf9rVoYsGf7pouRO1f8IinGsWWznqt3iVXUbf/NypclJ5OdltUKpbb2SNAyLCUY9bBA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Software BHB-clearing sequences Message-Id: Date: Tue, 09 Apr 2024 17:19:18 +0000 commit 72a357f4fa4e26fd7bc7dff0fdf1174caf90624e Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Software BHB-clearing sequences Implement clear_bhb_{tsx,loops}() as per the BHI guidance. The loops variant is set up as the "short" sequence. Introduce SCF_entry_bhb and extend SPEC_CTRL_ENTRY_* with a conditional call to selected clearing routine. Note that due to a limitation in the ALTERNATIVE capability, the TEST/JZ can't be included alongside a CALL in a single alternative block. This is going to require further work to untangle. The BHB sequences (if used) must be after the restoration of Xen's MSR_SPEC_CTRL value, which must be accounted for when judging whether it is safe to skip the safety LFENCEs. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 954c983abceee97bf5f6230b9ae164f2c49a9aa9) --- xen/arch/x86/Makefile | 1 + xen/arch/x86/bhb-thunk.S | 98 ++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/vmx/entry.S | 12 ++++ xen/arch/x86/include/asm/cpufeature.h | 3 + xen/arch/x86/include/asm/cpufeatures.h | 3 + xen/arch/x86/include/asm/spec_ctrl.h | 3 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++++ xen/arch/x86/spec_ctrl.c | 39 +++++++------ 8 files changed, 171 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 9f326b9e32..85b3f85608 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -15,6 +15,7 @@ alternative-y := alternative.init.o alternative-$(CONFIG_LIVEPATCH) := obj-bin-y += $(alternative-y) obj-y += apic.o +obj-y += bhb-thunk.o obj-y += bitops.o obj-bin-y += bzimage.init.o obj-bin-y += clear_page.o diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S new file mode 100644 index 0000000000..f52cfb9bc2 --- /dev/null +++ b/xen/arch/x86/bhb-thunk.S @@ -0,0 +1,98 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Branch History Injection clearing sequences. + * + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + * + * Copyright (c) 2023, 2024 XenServer. + */ + .file __FILE__ + +#include + + .section .text.entry, "ax", @progbits + +/* + * Clear the Branch History Buffer using a TSX Abort. + * + * Any TSX Abort has a side effect of clearing the BHB, even when TSX is + * disabled for e.g. TAA mitigation reasons. + */ +ENTRY(clear_bhb_tsx) + .byte 0xc7, 0xf8; .long 1f - 0f /* xbegin 1f */ +0: .byte 0xc6, 0xf8, 0 /* xabort $0 */ + int3 +1: + ret + + .size clear_bhb_tsx, . - clear_bhb_tsx + .type clear_bhb_tsx, @function + +/* + * Clear the Branch History Buffer using the software sequence. + * + * Clobbers: %eax, %ecx + * + * This executes a specific number of taken branches, sufficient to displace + * all prior entries in the history tracker, therefore removing prior + * influence on subsequent BTB lookups. + * + * Structurally, it looks like this: + * + * call 1 + * call 2 + * ... 5x jmp loop + * call 2 + * ... 5x jmp loop + * ... 5x call2's deep + * + * ret + * ret + * ret + * ret + * + * The CALL/RETs are necessary to prevent the Loop Stream Detector from + * interfering. The alignment is for performance and not safety. + * + * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire + * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + */ +ENTRY(clear_bhb_loops) + mov $5, %ecx + + call 1f + jmp 5f + int3 + + .align 64 +1: call 2f + ret + int3 + + .align 64 +2: mov $5, %eax + +3: jmp 4f + int3 + +4: sub $1, %eax + jnz 3b + + sub $1, %ecx + jnz 1b + + ret +5: + /* + * The Intel sequence has an LFENCE here. The purpose is to ensure + * that all prior branches have executed, before dispatching a + * subsequent indirect branch. + * + * Xen's SPEC_CTRL_ENTRY_* blocks have safety LFENCEs at the end when + * protections are active, which suffices for this purpose. + */ + + ret + + .size clear_bhb_loops, . - clear_bhb_loops + .type clear_bhb_loops, @function diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 96b3d22080..7233e771d8 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -57,6 +57,18 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, CPUINFO_scf(%rsp) + jz .L_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 3c57f55de0..7a312c485e 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -228,6 +228,9 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) +#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ + boot_cpu_has(X86_SPEC_BHB_LOOPS)) + enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 6422c66b0f..bada8912e0 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -56,5 +56,8 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ #define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ +#define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ +#define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index b2d2c25842..72347ef2b9 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -24,6 +24,7 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_entry_bhb (1 << 6) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -42,7 +43,7 @@ * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb | SCF_entry_bhb) #ifndef __ASSEMBLY__ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index f697d17616..989ff67db5 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -273,6 +273,17 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm @@ -311,6 +322,13 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm @@ -411,6 +429,18 @@ .L\@_skip_msr_spec_ctrl: + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + lfence .endm diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 6a1eb14cdf..131127d856 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2182,38 +2182,43 @@ void __init init_speculation_mitigations(void) /* * SPEC_CTRL_ENTRY_FROM_PV conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we're not using any prior conditional mitigation, - * then it's safe to drop the LFENCE. + * Otherwise, DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we do have it, or we're not using any + * prior conditional block, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); /* * SPEC_CTRL_ENTRY_FROM_INTR conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we have no protections active in the block that - * is skipped when interrupting guest context, then it's safe to drop - * the LFENCE. + * Otherwise DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we have it, or we have no protections + * active in the block that is skipped when interrupting guest + * context, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && - !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); /* * SPEC_CTRL_ENTRY_FROM_VMX conditional safety * - * Currently there are no safety actions with conditional branches, so - * no need for the extra safety LFENCE. + * A BHB sequence, if used, is the only conditional action, so if we + * don't have it, we don't need the safety LFENCE. */ - setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + if ( !cpu_has_bhb_seq ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:19:31 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:19:31 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702680.1097950 (Exim 4.92) (envelope-from ) id 1ruF87-0002Sh-1z; Tue, 09 Apr 2024 17:19:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702680.1097950; Tue, 09 Apr 2024 17:19:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF86-0002Sa-VN; Tue, 09 Apr 2024 17:19:30 +0000 Received: by outflank-mailman (input) for mailman id 702680; Tue, 09 Apr 2024 17:19:29 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF84-0002R1-Vf for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF84-0005bh-Uu for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF84-0006mC-U1 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MJyDjTCf2H7plzQb2TlWyq+P/UGjBFBR2/nnkNgDgoc=; b=7NV2YOkxtHZdnGUvKisvb0wL1r Xl9dn+Xp209aWhvp5lQvj7hocY0NJ6jTH2ITnlukpjZgY28n2WzJW1QuQsZOF0jnt4n3FQ4xZ+2vR tMmQqjoevmcWYip/NaeEWTCLxgwYc6U3DAyZV+Hl1tUY6tpCVIWEwq8FOs5KiWURrgNM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Wire up the Native-BHI software sequences Message-Id: Date: Tue, 09 Apr 2024 17:19:28 +0000 commit 9be85b14aa7d174bfa5978cbbebf0fb3dc909f13 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Wire up the Native-BHI software sequences In the absence of BHI_DIS_S, mitigating Native-BHI requires the use of a software sequence. Introduce a new bhb-seq= option to select between avaialble sequences and bhb-entry= to control the per-PV/HVM actions like we have for other blocks. Activate the short sequence by default for PV and HVM guests on affected hardware if BHI_DIS_S isn't present. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 689ad48ce9cf4c38297cd126e7e003a1c13a3b9d) --- docs/misc/xen-command-line.pandoc | 25 +++++-- xen/arch/x86/spec_ctrl.c | 145 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 157 insertions(+), 13 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 4637dba916..e551996e1c 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2370,8 +2370,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, > bhi-dis-s}= ]` @@ -2396,10 +2397,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=` and `ibpb-entry=` options -offer fine grained control over the primitives by Xen. These impact Xen's -ability to protect itself, and/or Xen's ability to virtualise support for -guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=`, `ibpb-entry=` and `bhb-entry=` +options offer fine grained control over the primitives by Xen. These impact +Xen's ability to protect itself, and/or Xen's ability to virtualise support +for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2425,6 +2426,12 @@ guests to use. Return Stack Overflow if appropriate microcode has been loaded, but for performance reasons dom0 is unprotected by default. If it is necessary to protect dom0 too, boot with `spec-ctrl=ibpb-entry`. +* `bhb-entry=` offers control over whether BHB-clearing (Branch History + Buffer) sequences are used on entry to Xen. This is used by default on + hardware vulnerable to Branch History Injection, when the BHI_DIS_S control + is not available (see `bhi-dis-s`). The choice of scrubbing sequence can be + selected using the `bhb-seq=` option. If it is necessary to protect dom0 + too, boot with `spec-ctrl=bhb-entry`. If Xen was compiled with `CONFIG_INDIRECT_THUNK` support, `bti-thunk=` can be used to select which of the thunks gets patched into the @@ -2432,6 +2439,12 @@ used to select which of the thunks gets patched into the (generally preferred), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and `lfence` (an `lfence; jmp *%reg` gadget). +On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing +sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` +options in order to mitigate Branch History Injection on affected hardware. +The default sequence is `short`, with `tsx` as an alternative available +capable hardware that can be opted in to. + On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. If Xen is not using IBRS itself, functionality is still set up so IBRS can be diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 131127d856..5ea04b48fa 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -33,6 +33,16 @@ static int8_t __ro_after_init opt_ibpb_entry_pv = -1; static int8_t __ro_after_init opt_ibpb_entry_hvm = -1; static bool __ro_after_init opt_ibpb_entry_dom0; +static int8_t __ro_after_init opt_bhb_entry_pv = -1; +static int8_t __ro_after_init opt_bhb_entry_hvm = -1; +static bool __ro_after_init opt_bhb_entry_dom0; +static enum bhb_thunk { + BHB_DEFAULT, + BHB_NONE, + BHB_TSX, + BHB_SHORT, +} opt_bhb_seq __initdata; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -116,8 +126,12 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ibpb_entry_pv = 0; opt_ibpb_entry_hvm = 0; opt_ibpb_entry_dom0 = false; + opt_bhb_entry_pv = 0; + opt_bhb_entry_hvm = 0; + opt_bhb_entry_dom0 = false; opt_thunk = THUNK_JMP; + opt_bhb_seq = BHB_NONE; opt_ibrs = 0; opt_ibpb_ctxt_switch = false; opt_ssbd = false; @@ -146,6 +160,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_pv = val; opt_verw_pv = val; opt_ibpb_entry_pv = val; + opt_bhb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { @@ -153,6 +168,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_verw_hvm = val; opt_ibpb_entry_hvm = val; + opt_bhb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -240,6 +256,28 @@ static int __init cf_check parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("bhb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_bhb_entry_pv = opt_bhb_entry_hvm = + opt_bhb_entry_dom0 = val; + break; + + case -2: + s += strlen("bhb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_bhb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_bhb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -260,6 +298,19 @@ static int __init cf_check parse_spec_ctrl(const char *s) else rc = -EINVAL; } + else if ( !strncmp(s, "bhb-seq=", 8) ) + { + s += strlen("bhb-seq="); + + if ( !cmdline_strcmp(s, "none") ) + opt_bhb_seq = BHB_NONE; + else if ( !cmdline_strcmp(s, "tsx") ) + opt_bhb_seq = BHB_TSX; + else if ( !cmdline_strcmp(s, "short") ) + opt_bhb_seq = BHB_SHORT; + else + rc = -EINVAL; + } /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) @@ -527,12 +578,16 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%s%s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : thunk == THUNK_LFENCE ? "LFENCE, " : thunk == THUNK_JMP ? "JMP, " : "?, ", + opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", + opt_bhb_seq == BHB_NONE ? "" : + opt_bhb_seq == BHB_TSX ? "TSX, " : + opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -571,11 +626,11 @@ static void __init print_details(enum ind_thunk thunk) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - amd_virt_spec_ctrl || + cpu_has_bhb_seq || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -583,20 +638,23 @@ static void __init print_details(enum ind_thunk thunk) boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -1604,16 +1662,85 @@ static void __init gds_calculations(void) /* * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html */ +static bool __init cpu_has_bug_bhi(void) +{ + /* BHI is only known to affect Intel Family 6 processors at this time. */ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return false; + + if ( boot_cpu_has(X86_FEATURE_BHI_NO) ) + return false; + + if ( cpu_has_hypervisor ) + return true; /* TODO: how to figure out out if we're really eIBRS levelled out? */ + + return cpu_has_eibrs; +} + static void __init bhi_calculations(void) { + bool has_bhi = cpu_has_bug_bhi(); + + /* + * To mitigate BHI, we want to use BHI_DIS_S wherever possible, or the + * short sequence otherwise. Other forms are available on request. + * + * We are repsonsbile for performing default-conversion on opt_bhi_dis_s + * and opt_bhb_seq, irrespective of succeptibility to BHI. + */ + if ( opt_bhi_dis_s == -1 ) - opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + opt_bhi_dis_s = has_bhi; if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) opt_bhi_dis_s = false; if ( opt_bhi_dis_s ) default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; + + if ( opt_bhb_seq == BHB_DEFAULT ) + { + /* + * If we're using BHI_DIS_S, or we're not succeptable, don't activate + * the thunks. + */ + if ( !has_bhi || opt_bhi_dis_s ) + opt_bhb_seq = BHB_NONE; + else + opt_bhb_seq = BHB_SHORT; + } + + /* + * We can use the TSX even if it's disabled for e.g. TAA reasons. + * However, fall back to the loop sequence if there is no trace of RTM at + * all, as XBEGIN will #UD. + */ + if ( opt_bhb_seq == BHB_TSX && !cpu_has_rtm && !cpu_has_rtm_always_abort && + !cpu_has_tsx_force_abort ) + opt_bhb_seq = BHB_SHORT; + + /* + * Only activate SCF_entry_bhb by for guests if a sequence is in place. + */ + if ( opt_bhb_entry_pv == -1 ) + opt_bhb_entry_pv = has_bhi && opt_bhb_seq != BHB_NONE; + if ( opt_bhb_entry_hvm == -1 ) + opt_bhb_entry_hvm = has_bhi && opt_bhb_seq != BHB_NONE; + + switch ( opt_bhb_seq ) + { + case BHB_SHORT: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); + break; + + case BHB_TSX: + setup_force_cpu_cap(X86_SPEC_BHB_TSX); + break; + + default: + break; + } } void spec_ctrl_init_domain(struct domain *d) @@ -1626,9 +1753,13 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); + bool bhb = ((pv ? opt_bhb_entry_pv : opt_bhb_entry_hvm) && + (d->domain_id != 0 || opt_bhb_entry_dom0)); + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | + (bhb ? SCF_entry_bhb : 0) | 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:19:41 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:19:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702682.1097954 (Exim 4.92) (envelope-from ) id 1ruF8H-0002Wn-3U; Tue, 09 Apr 2024 17:19:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702682.1097954; Tue, 09 Apr 2024 17:19:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8H-0002Wg-0n; Tue, 09 Apr 2024 17:19:41 +0000 Received: by outflank-mailman (input) for mailman id 702682; Tue, 09 Apr 2024 17:19:39 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8F-0002WP-2R for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:39 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8F-0005bp-1i for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:39 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF8F-0006mi-12 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:39 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wvNqdZjbxkFYpbeHVlDN0wnRiC9Ny2VLeqYJLfSC9so=; b=bgbOp3IRHO1L7ZOdgz2J6aimbf cibo0ywAGfsvQb8iwowcG2k/dfZrO6uiGquvsw8rimNsdg65/fO+oR+ljdJ05oHkdMbW8y5sgwWOm ghkQa2W1zEbNhbaG90E6hy+If/nbsMGCln+IRFDg5ZpDo4+Jkq5ZNqKGkW8UsucT9NUI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec-ctrl: Support the "long" BHB loop sequence Message-Id: Date: Tue, 09 Apr 2024 17:19:39 +0000 commit 40f2c69ad8f255aa93c1fc7c4d82577d32924ab1 Author: Andrew Cooper AuthorDate: Fri Mar 22 19:29:34 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Support the "long" BHB loop sequence Out of an abudnance of caution, implement the long loop too, and allowing for it to be opted in to. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit d5887c0decbd90e798b24ed696628645b04632fb) --- docs/misc/xen-command-line.pandoc | 4 ++-- xen/arch/x86/bhb-thunk.S | 8 ++++++-- xen/arch/x86/include/asm/cpufeatures.h | 1 + xen/arch/x86/spec_ctrl.c | 10 +++++++++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index e551996e1c..10a09bbf23 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2371,7 +2371,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, > {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx|long, > {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, @@ -2443,7 +2443,7 @@ On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` options in order to mitigate Branch History Injection on affected hardware. The default sequence is `short`, with `tsx` as an alternative available -capable hardware that can be opted in to. +capable hardware, and `long` that can be opted in to. On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S index f52cfb9bc2..7e866784f7 100644 --- a/xen/arch/x86/bhb-thunk.S +++ b/xen/arch/x86/bhb-thunk.S @@ -56,9 +56,13 @@ ENTRY(clear_bhb_tsx) * * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + * + * The "long" sequence (12 and 7) is for Alder Lake / Sapphire Rapids + * (i.e. Golden Cove and/or Gracemont cores). However, such CPUs are expected + * to use BHI_DIS_S in preference. */ ENTRY(clear_bhb_loops) - mov $5, %ecx + ALTERNATIVE "mov $5, %ecx", "mov $12, %ecx", X86_SPEC_BHB_LOOPS_LONG call 1f jmp 5f @@ -70,7 +74,7 @@ ENTRY(clear_bhb_loops) int3 .align 64 -2: mov $5, %eax +2: ALTERNATIVE "mov $5, %eax", "mov $7, %eax", X86_SPEC_BHB_LOOPS_LONG 3: jmp 4f int3 diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index bada8912e0..ba3df174b7 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -58,6 +58,7 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ #define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ +#define X86_SPEC_BHB_LOOPS_LONG X86_BUG(21) /* Upgrade clear_bhb_loops to the "long" sequence. */ /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 5ea04b48fa..ba4349a024 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -41,6 +41,7 @@ static enum bhb_thunk { BHB_NONE, BHB_TSX, BHB_SHORT, + BHB_LONG, } opt_bhb_seq __initdata; /* Cmdline controls for Xen's speculative settings. */ @@ -308,6 +309,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_bhb_seq = BHB_TSX; else if ( !cmdline_strcmp(s, "short") ) opt_bhb_seq = BHB_SHORT; + else if ( !cmdline_strcmp(s, "long") ) + opt_bhb_seq = BHB_LONG; else rc = -EINVAL; } @@ -587,7 +590,8 @@ static void __init print_details(enum ind_thunk thunk) opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", opt_bhb_seq == BHB_NONE ? "" : opt_bhb_seq == BHB_TSX ? "TSX, " : - opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", + opt_bhb_seq == BHB_SHORT ? "SHORT, " : + opt_bhb_seq == BHB_LONG ? "LONG, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -1730,6 +1734,10 @@ static void __init bhi_calculations(void) switch ( opt_bhb_seq ) { + case BHB_LONG: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS_LONG); + fallthrough; + case BHB_SHORT: setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); break; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:19:51 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:19:51 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702683.1097957 (Exim 4.92) (envelope-from ) id 1ruF8R-0002fN-4v; Tue, 09 Apr 2024 17:19:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702683.1097957; Tue, 09 Apr 2024 17:19:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8R-0002ep-2Q; Tue, 09 Apr 2024 17:19:51 +0000 Received: by outflank-mailman (input) for mailman id 702683; Tue, 09 Apr 2024 17:19:49 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8P-0002ar-5C for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:49 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8P-0005cC-4Y for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:49 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF8P-0006nF-3p for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:49 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HK8HHZxQ3ENvJFmKyVYNGm94I0TM6k8s8PxcPYlAKHo=; b=4bU1AYeAv1Rl2GJNvcyt6zZu4y u9HizHuJyKWvlf+KGoucglIxFnp25M0WwV8wAWE0her66wlJe2/LHJ2M+6WpyFZzmC6H9ALGS8uDj gycc3+it6ihEXtDLkhUAHlAjHKzThNDBA+D7e/d7/S+hQc+YCahJjvUGvDXHVkg7nntc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] Update Xen version to 4.18.2 Message-Id: Date: Tue, 09 Apr 2024 17:19:49 +0000 commit b2863e468e8119664be6f741e894eaf8783c4391 Author: Andrew Cooper AuthorDate: Wed Mar 27 18:23:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 Update Xen version to 4.18.2 Signed-off-by: Andrew Cooper --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index affeef69da..657f6fa4e3 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -6,7 +6,7 @@ this-makefile := $(call lastword,$(MAKEFILE_LIST)) # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 18 -export XEN_EXTRAVERSION ?= .2-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .2$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:20:01 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:20:01 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702684.1097963 (Exim 4.92) (envelope-from ) id 1ruF8b-0002ix-7F; Tue, 09 Apr 2024 17:20:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702684.1097963; Tue, 09 Apr 2024 17:20:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8b-0002iG-3s; Tue, 09 Apr 2024 17:20:01 +0000 Received: by outflank-mailman (input) for mailman id 702684; Tue, 09 Apr 2024 17:19:59 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8Z-0002hn-7s for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:59 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8Z-0005cO-7E for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:59 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF8Z-0006nf-6a for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:19:59 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hdx0sDc4SsFTgJSr3u+BGX5EA0JD683yItF2+OJXjv4=; b=Fa5iiZuuUrZVXrkELqV52brb7t CFvFw6/4sKv7yHkVfFmRgD3VqXtRS4yUEil7egX6zvJ06NjwhBg6sklscHnVNv1r2OnV9/ZP65s1F LyQHk07WsgMfhkapJYrIGZGIClKnxMRcGxQyOkGRQg93NTcVew2YGUQgtXFSL45LzFoc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] Update CHANGELOG.md with 4.18.2 line Message-Id: Date: Tue, 09 Apr 2024 17:19:59 +0000 commit d152a0424677d8b78e00ed1270a583c5dafff16f Author: George Dunlap AuthorDate: Tue Apr 9 16:43:04 2024 +0100 Commit: George Dunlap CommitDate: Tue Apr 9 16:43:04 2024 +0100 Update CHANGELOG.md with 4.18.2 line Signed-off-by: George Dunlap --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5aa01dae5d..fa54d59df1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ Notable changes to Xen will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) +## [4.18.2](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.18.2) + ## [4.18.1](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.18.1) ### Added -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:20:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:20:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702686.1097967 (Exim 4.92) (envelope-from ) id 1ruF8l-0003go-98; Tue, 09 Apr 2024 17:20:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702686.1097967; Tue, 09 Apr 2024 17:20:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8l-0003gg-5G; Tue, 09 Apr 2024 17:20:11 +0000 Received: by outflank-mailman (input) for mailman id 702686; Tue, 09 Apr 2024 17:20:10 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8j-0003gV-Vp for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:09 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8j-0005ci-V6 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:09 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF8j-0006u0-UO for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:09 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kjVUi5ugmPHT5iHvJF2fLApzzhXtIHB5i0j7P0hsjzc=; b=giEOX9hlx6lvJsXe8jlXyJX8Ii 2n5g/DfWG5saHaP19l0vqavFi/upPF9mbDT4NjM81gP5IFHlyVIoL+JwMG40lbBnw/ZBX5XhSgt7v KyTm+WKviiesKSHh08y76BC1bMXSEG7Y1T+cFkcUm5Gr9jyDQx4EdKKHa0ctO5tuW/ko=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Fix BTC/SRSO mitigations Message-Id: Date: Tue, 09 Apr 2024 17:20:09 +0000 commit 19887194865cff7d87650c323d5c6b185dfe3ddc Author: Andrew Cooper AuthorDate: Tue Mar 26 22:47:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 x86/spec-ctrl: Fix BTC/SRSO mitigations We were looking for SCF_entry_ibpb in the wrong variable in the top-of-stack block, and xen_spec_ctrl won't have had bit 5 set because Xen doesn't understand SPEC_CTRL_RRSBA_DIS_U yet. This is XSA-455 / CVE-2024-31142. Fixes: 53a570b28569 ("x86/spec-ctrl: Support IBPB-on-entry") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 934f12cf5c..c19e964bc6 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -103,7 +103,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 97a97b2b82..e85db1a329 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -102,7 +102,7 @@ jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) .endif jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:20:21 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:20:21 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702687.1097971 (Exim 4.92) (envelope-from ) id 1ruF8v-0003kc-Bw; Tue, 09 Apr 2024 17:20:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702687.1097971; Tue, 09 Apr 2024 17:20:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8v-0003kQ-8K; Tue, 09 Apr 2024 17:20:21 +0000 Received: by outflank-mailman (input) for mailman id 702687; Tue, 09 Apr 2024 17:20:20 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8u-0003kC-2k for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:20 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF8u-0005cv-1z for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:20 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF8u-0006ub-1A for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:20 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=59/QjlHILULJFm8TWv+huEUs/yGt8QPk2F8vNZIoa4M=; b=DmQ+YABJapULOKyetaNSQ11QGW UK30bsLv/ZcmtKsYzjRd4v6FxhJMbSrTqNkvSXkW0THO3gDZUkMSdFUfVRcrD5f6+bWRlgKB94HLs G5gDj8jFUZ57DCDHB6sC4pScvWYtPQE4gHqWRIh9GPp9YBtVjg8Mb3P78UmGW+m0BT4s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/APIC: finish genapic conversion to altcall Message-Id: Date: Tue, 09 Apr 2024 17:20:20 +0000 commit 88d5e21e165351feef0f17157005dece78275cea Author: Jan Beulich AuthorDate: Wed Jan 17 10:41:52 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 x86/APIC: finish genapic conversion to altcall While .probe() doesn't need fiddling with for being run only very early, init_apic_ldr() wants converting too despite not being on a frequently executed path: This way all pre-filled struct genapic instances can become __initconst_cf_clobber, thus allowing to eliminate 15 more ENDBR during the 2nd phase of alternatives patching. While fiddling with section annotations here, also move "genapic" itself to .data.ro_after_init. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit b1cc53753cba4c3253f2e1093a3a6a9a828314bf) --- xen/arch/x86/genapic/bigsmp.c | 2 +- xen/arch/x86/genapic/default.c | 2 +- xen/arch/x86/genapic/probe.c | 2 +- xen/arch/x86/genapic/x2apic.c | 6 +++--- xen/arch/x86/include/asm/mach-generic/mach_apic.h | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/genapic/bigsmp.c b/xen/arch/x86/genapic/bigsmp.c index 2000383ab0..7219ec53b0 100644 --- a/xen/arch/x86/genapic/bigsmp.c +++ b/xen/arch/x86/genapic/bigsmp.c @@ -41,7 +41,7 @@ static int __init cf_check probe_bigsmp(void) return def_to_bigsmp; } -const struct genapic __initconstrel apic_bigsmp = { +const struct genapic __initconst_cf_clobber apic_bigsmp = { APIC_INIT("bigsmp", probe_bigsmp), GENAPIC_PHYS }; diff --git a/xen/arch/x86/genapic/default.c b/xen/arch/x86/genapic/default.c index 2c63c1f917..a968836a18 100644 --- a/xen/arch/x86/genapic/default.c +++ b/xen/arch/x86/genapic/default.c @@ -14,7 +14,7 @@ #include /* should be called last. */ -const struct genapic __initconstrel apic_default = { +const struct genapic __initconst_cf_clobber apic_default = { APIC_INIT("default", NULL), GENAPIC_FLAT }; diff --git a/xen/arch/x86/genapic/probe.c b/xen/arch/x86/genapic/probe.c index ad57912f50..10ceeae4d2 100644 --- a/xen/arch/x86/genapic/probe.c +++ b/xen/arch/x86/genapic/probe.c @@ -16,7 +16,7 @@ #include #include -struct genapic __read_mostly genapic; +struct genapic __ro_after_init genapic; static const struct genapic *const __initconstrel apic_probe[] = { &apic_bigsmp, diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c index c64038adaa..eba09d7719 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c @@ -169,7 +169,7 @@ static void cf_check send_IPI_mask_x2apic_cluster( local_irq_restore(flags); } -static const struct genapic __initconstrel apic_x2apic_phys = { +static const struct genapic __initconst_cf_clobber apic_x2apic_phys = { APIC_INIT("x2apic_phys", NULL), .int_delivery_mode = dest_Fixed, .int_dest_mode = 0 /* physical delivery */, @@ -180,7 +180,7 @@ static const struct genapic __initconstrel apic_x2apic_phys = { .send_IPI_self = send_IPI_self_x2apic }; -static const struct genapic __initconstrel apic_x2apic_cluster = { +static const struct genapic __initconst_cf_clobber apic_x2apic_cluster = { APIC_INIT("x2apic_cluster", NULL), .int_delivery_mode = dest_LowestPrio, .int_dest_mode = 1 /* logical delivery */, @@ -198,7 +198,7 @@ static const struct genapic __initconstrel apic_x2apic_cluster = { * IPIs to be more efficiently delivered by not having to perform an ICR write * for each target CPU. */ -static const struct genapic __initconstrel apic_x2apic_mixed = { +static const struct genapic __initconst_cf_clobber apic_x2apic_mixed = { APIC_INIT("x2apic_mixed", NULL), /* diff --git a/xen/arch/x86/include/asm/mach-generic/mach_apic.h b/xen/arch/x86/include/asm/mach-generic/mach_apic.h index b6f6361c60..d9e02f0bc4 100644 --- a/xen/arch/x86/include/asm/mach-generic/mach_apic.h +++ b/xen/arch/x86/include/asm/mach-generic/mach_apic.h @@ -13,7 +13,7 @@ #define INT_DELIVERY_MODE (genapic.int_delivery_mode) #define INT_DEST_MODE (genapic.int_dest_mode) #define TARGET_CPUS ((const typeof(cpu_online_map) *)&cpu_online_map) -#define init_apic_ldr (genapic.init_apic_ldr) +#define init_apic_ldr() alternative_vcall(genapic.init_apic_ldr) #define cpu_mask_to_apicid(mask) ({ \ /* \ * There are a number of places where the address of a local variable \ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:20:31 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:20:31 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702688.1097973 (Exim 4.92) (envelope-from ) id 1ruF95-0003n0-CY; Tue, 09 Apr 2024 17:20:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702688.1097973; Tue, 09 Apr 2024 17:20:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF95-0003ms-A0; Tue, 09 Apr 2024 17:20:31 +0000 Received: by outflank-mailman (input) for mailman id 702688; Tue, 09 Apr 2024 17:20:30 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF94-0003mi-6T for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:30 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF94-0005d3-5C for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:30 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF94-0006vH-4S for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:30 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=woIeOmoCNzeiR67qqsUglv6kRslc5dzi8pm0hNQwmPI=; b=nu7Jfdlg709gKEfswKoKavBSSm ysStlXr5TxMQ+/unE5hV0fi9BbjM1Ht1SwbFPsCwVxprZbKm/IPLouOh1b9UVOVRY+CLxJdkGZh4w MpOVEoSJEtZ14ubaRkrbYM6UmAEivoZPaVDQ6FeittUMinz5PzaUmXoe7EO4P9mDek6Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] cpufreq: finish conversion to altcall Message-Id: Date: Tue, 09 Apr 2024 17:20:30 +0000 commit 653560e02d40c480d08032f3cf1e450db79f5d71 Author: Jan Beulich AuthorDate: Wed Jan 17 10:42:27 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 cpufreq: finish conversion to altcall Even functions used on infrequently executed paths want converting: This way all pre-filled struct cpufreq_driver instances can become __initconst_cf_clobber, thus allowing to eliminate another 15 ENDBR during the 2nd phase of alternatives patching. For acpi-cpufreq's optionally populated .get hook make sure alternatives patching can actually see the pointer. See also the code comment. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit 467ae515caee491e9b6ae1da8b9b98d094955822) --- xen/arch/x86/acpi/cpufreq/cpufreq.c | 17 ++++++++++++++++- xen/arch/x86/acpi/cpufreq/powernow.c | 3 ++- xen/drivers/acpi/pmstat.c | 3 ++- xen/drivers/cpufreq/cpufreq.c | 6 +++--- xen/drivers/cpufreq/utility.c | 6 +++--- 5 files changed, 26 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/acpi/cpufreq/cpufreq.c b/xen/arch/x86/acpi/cpufreq/cpufreq.c index c27cbb2304..5786943cfb 100644 --- a/xen/arch/x86/acpi/cpufreq/cpufreq.c +++ b/xen/arch/x86/acpi/cpufreq/cpufreq.c @@ -622,12 +622,14 @@ static int cf_check acpi_cpufreq_cpu_exit(struct cpufreq_policy *policy) return 0; } -static const struct cpufreq_driver __initconstrel acpi_cpufreq_driver = { +static const struct cpufreq_driver __initconst_cf_clobber +acpi_cpufreq_driver = { .name = "acpi-cpufreq", .verify = acpi_cpufreq_verify, .target = acpi_cpufreq_target, .init = acpi_cpufreq_cpu_init, .exit = acpi_cpufreq_cpu_exit, + .get = get_cur_freq_on_cpu, }; static int __init cf_check cpufreq_driver_init(void) @@ -653,6 +655,19 @@ static int __init cf_check cpufreq_driver_init(void) } presmp_initcall(cpufreq_driver_init); +static int __init cf_check cpufreq_driver_late_init(void) +{ + /* + * While acpi_cpufreq_driver wants to unconditionally have all hooks + * populated for __initconst_cf_clobber to have as much of an effect as + * possible, zap the .get hook here (but not in cpufreq_driver_init()), + * until acpi_cpufreq_cpu_init() knows whether it's wanted / needed. + */ + cpufreq_driver.get = NULL; + return 0; +} +__initcall(cpufreq_driver_late_init); + int cpufreq_cpu_init(unsigned int cpuid) { int ret; diff --git a/xen/arch/x86/acpi/cpufreq/powernow.c b/xen/arch/x86/acpi/cpufreq/powernow.c index d4c7dcd5d9..497bf24470 100644 --- a/xen/arch/x86/acpi/cpufreq/powernow.c +++ b/xen/arch/x86/acpi/cpufreq/powernow.c @@ -317,7 +317,8 @@ static int cf_check powernow_cpufreq_cpu_exit(struct cpufreq_policy *policy) return 0; } -static const struct cpufreq_driver __initconstrel powernow_cpufreq_driver = { +static const struct cpufreq_driver __initconst_cf_clobber +powernow_cpufreq_driver = { .name = "powernow", .verify = powernow_cpufreq_verify, .target = powernow_cpufreq_target, diff --git a/xen/drivers/acpi/pmstat.c b/xen/drivers/acpi/pmstat.c index 1bae635101..0c51c220a7 100644 --- a/xen/drivers/acpi/pmstat.c +++ b/xen/drivers/acpi/pmstat.c @@ -255,7 +255,8 @@ static int get_cpufreq_para(struct xen_sysctl_pm_op *op) return ret; op->u.get_para.cpuinfo_cur_freq = - cpufreq_driver.get ? cpufreq_driver.get(op->cpuid) : policy->cur; + cpufreq_driver.get ? alternative_call(cpufreq_driver.get, op->cpuid) + : policy->cur; op->u.get_para.cpuinfo_max_freq = policy->cpuinfo.max_freq; op->u.get_para.cpuinfo_min_freq = policy->cpuinfo.min_freq; op->u.get_para.scaling_cur_freq = policy->cur; diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c index a94520ee57..daa399bbec 100644 --- a/xen/drivers/cpufreq/cpufreq.c +++ b/xen/drivers/cpufreq/cpufreq.c @@ -240,7 +240,7 @@ int cpufreq_add_cpu(unsigned int cpu) policy->cpu = cpu; per_cpu(cpufreq_cpu_policy, cpu) = policy; - ret = cpufreq_driver.init(policy); + ret = alternative_call(cpufreq_driver.init, policy); if (ret) { free_cpumask_var(policy->cpus); xfree(policy); @@ -299,7 +299,7 @@ err1: cpumask_clear_cpu(cpu, cpufreq_dom->map); if (cpumask_empty(policy->cpus)) { - cpufreq_driver.exit(policy); + alternative_call(cpufreq_driver.exit, policy); free_cpumask_var(policy->cpus); xfree(policy); } @@ -363,7 +363,7 @@ int cpufreq_del_cpu(unsigned int cpu) cpumask_clear_cpu(cpu, cpufreq_dom->map); if (cpumask_empty(policy->cpus)) { - cpufreq_driver.exit(policy); + alternative_call(cpufreq_driver.exit, policy); free_cpumask_var(policy->cpus); xfree(policy); } diff --git a/xen/drivers/cpufreq/utility.c b/xen/drivers/cpufreq/utility.c index 9eb7ecedcd..ec7072078c 100644 --- a/xen/drivers/cpufreq/utility.c +++ b/xen/drivers/cpufreq/utility.c @@ -412,7 +412,7 @@ int cpufreq_update_turbo(int cpuid, int new_state) policy->turbo = new_state; if (cpufreq_driver.update) { - ret = cpufreq_driver.update(cpuid, policy); + ret = alternative_call(cpufreq_driver.update, cpuid, policy); if (ret) policy->turbo = curr_state; } @@ -448,7 +448,7 @@ int __cpufreq_set_policy(struct cpufreq_policy *data, return -EINVAL; /* verify the cpu speed can be set within this limit */ - ret = cpufreq_driver.verify(policy); + ret = alternative_call(cpufreq_driver.verify, policy); if (ret) return ret; @@ -456,7 +456,7 @@ int __cpufreq_set_policy(struct cpufreq_policy *data, data->max = policy->max; data->limits = policy->limits; if (cpufreq_driver.setpolicy) - return cpufreq_driver.setpolicy(data); + return alternative_call(cpufreq_driver.setpolicy, data); if (policy->governor != data->governor) { /* save old, working values */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:20:41 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:20:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702689.1097978 (Exim 4.92) (envelope-from ) id 1ruF9F-0003qv-Ec; Tue, 09 Apr 2024 17:20:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702689.1097978; Tue, 09 Apr 2024 17:20:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9F-0003qo-Ba; Tue, 09 Apr 2024 17:20:41 +0000 Received: by outflank-mailman (input) for mailman id 702689; Tue, 09 Apr 2024 17:20:40 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9E-0003qc-8q for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:40 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9E-0005dA-8B for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:40 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF9E-0006vj-7V for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:40 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7X5BdlqJi6f1kFKicOR9/uB9r0T1Ou3dlCTTCz5YCT4=; b=HUudF1Il0iJdLZIjC58ylO3g+L 9OEwBd1FUvaM1p7TRrQHZ6BwLyNpfLjD5nEoMgon/TECH6rPGfvGib71JFyfNka0dcUKN7KibvLd7 24+oTQ7mEf18iwGD1Fq281xT6SBsfbBStAip4YvJz2NiyCXc4si3NlAUnWfhlbX3prqI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/HPET: avoid an indirect call Message-Id: Date: Tue, 09 Apr 2024 17:20:40 +0000 commit 06c81ea90c18c71725f51dfff79d4c4396b53d6c Author: Jan Beulich AuthorDate: Wed Jan 17 10:43:02 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 x86/HPET: avoid an indirect call When this code was written, indirect branches still weren't considered much of a problem (besides being a little slower). Instead of a function pointer, pass a boolean to _disable_pit_irq(), thus allowing to eliminate two ENDBR (one of them in .text). Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 730d2637a8e5b98dc8e4e366179b4cedc496b3ad) --- xen/arch/x86/hpet.c | 4 ++-- xen/arch/x86/include/asm/hpet.h | 4 ++-- xen/arch/x86/time.c | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index bc164dd82c..50d788cb6e 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -563,7 +563,7 @@ static void cf_check handle_rtc_once(uint8_t index, uint8_t value) } } -void __init cf_check hpet_broadcast_init(void) +void __init hpet_broadcast_init(void) { u64 hpet_rate = hpet_setup(); u32 hpet_id, cfg; @@ -634,7 +634,7 @@ void __init cf_check hpet_broadcast_init(void) hpet_events->flags = HPET_EVT_LEGACY; } -void cf_check hpet_broadcast_resume(void) +void hpet_broadcast_resume(void) { u32 cfg; unsigned int i, n; diff --git a/xen/arch/x86/include/asm/hpet.h b/xen/arch/x86/include/asm/hpet.h index 9919f74730..f343fe4740 100644 --- a/xen/arch/x86/include/asm/hpet.h +++ b/xen/arch/x86/include/asm/hpet.h @@ -89,8 +89,8 @@ void hpet_disable_legacy_replacement_mode(void); * Temporarily use an HPET event counter for timer interrupt handling, * rather than using the LAPIC timer. Used for Cx state entry. */ -void cf_check hpet_broadcast_init(void); -void cf_check hpet_broadcast_resume(void); +void hpet_broadcast_init(void); +void hpet_broadcast_resume(void); void cf_check hpet_broadcast_enter(void); void cf_check hpet_broadcast_exit(void); int hpet_broadcast_is_available(void); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index b664ae4c83..4d1766284f 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -2288,7 +2288,7 @@ void __init early_time_init(void) } /* keep pit enabled for pit_broadcast working while cpuidle enabled */ -static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) +static int _disable_pit_irq(bool init) { int ret = 1; @@ -2303,13 +2303,13 @@ static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) */ if ( cpuidle_using_deep_cstate() && !boot_cpu_has(X86_FEATURE_ARAT) ) { - hpet_broadcast_setup(); + init ? hpet_broadcast_init() : hpet_broadcast_resume(); if ( !hpet_broadcast_is_available() ) { if ( xen_cpuidle > 0 ) { - printk("%ps() failed, turning to PIT broadcast\n", - hpet_broadcast_setup); + printk("hpet_broadcast_%s() failed, turning to PIT broadcast\n", + init ? "init" : "resume"); return -1; } ret = 0; @@ -2326,7 +2326,7 @@ static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) static int __init cf_check disable_pit_irq(void) { - if ( !_disable_pit_irq(hpet_broadcast_init) ) + if ( !_disable_pit_irq(true) ) { xen_cpuidle = 0; printk("CPUIDLE: disabled due to no HPET. " @@ -2387,7 +2387,7 @@ int time_resume(void) resume_platform_timer(); - if ( !_disable_pit_irq(hpet_broadcast_resume) ) + if ( !_disable_pit_irq(false) ) BUG(); init_percpu_time(); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:20:51 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:20:51 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702691.1097983 (Exim 4.92) (envelope-from ) id 1ruF9P-0003yP-Gz; Tue, 09 Apr 2024 17:20:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702691.1097983; Tue, 09 Apr 2024 17:20:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9P-0003yG-DG; Tue, 09 Apr 2024 17:20:51 +0000 Received: by outflank-mailman (input) for mailman id 702691; Tue, 09 Apr 2024 17:20:50 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9O-0003xr-C3 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:50 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9O-0005db-BJ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:50 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF9O-0006wr-AQ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:20:50 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eOb2gl5clB6WOTBqq5pvj6rtAu+1yTSMlZ/Zi8w304A=; b=hrGV8ZAPYQ/L7l9TzHpOlHNjDO AzfcaHmaxUBG5nZ7mGjGnKFeOO7OiAl8oO4DMx2pmb0DmPxWxjYUK71lhpswtbJTLoaCnDbDNDVQc YVbpqkHsdW+sXnEF2IrSH1NXmIprewL8Ku1v6CkUjALqL6vH1d/HmsWOWmUZIzV2/yxo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] core-parking: use alternative_call() Message-Id: Date: Tue, 09 Apr 2024 17:20:50 +0000 commit f4efbcf156fb408dcedf1fc88d3be595ec722ad0 Author: Jan Beulich AuthorDate: Mon Jan 22 13:38:24 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 core-parking: use alternative_call() This way we can arrange for core_parking_{performance,power}()'s ENDBR to also be zapped. For the decision to be taken before the 2nd alternative patching pass, the initcall needs to become a pre-SMP one, though. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 1bc07ebcac3b1bb2a378732bc0f9a19940e76faf) --- xen/common/core_parking.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index c4f01291c0..a970ffeab8 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -30,10 +30,11 @@ static DEFINE_SPINLOCK(accounting_lock); static uint32_t cur_idle_nums; static unsigned int core_parking_cpunum[NR_CPUS] = {[0 ... NR_CPUS-1] = -1}; -static const struct cp_policy { +struct cp_policy { char name[30]; unsigned int (*next)(unsigned int event); -} *__read_mostly core_parking_policy; +}; +static struct cp_policy __ro_after_init core_parking_policy; static enum core_parking_controller { POWER_FIRST, @@ -175,12 +176,13 @@ long cf_check core_parking_helper(void *data) unsigned int cpu; int ret = 0; - if ( !core_parking_policy ) + if ( !core_parking_policy.next ) return -EINVAL; while ( cur_idle_nums < idle_nums ) { - cpu = core_parking_policy->next(CORE_PARKING_INCREMENT); + cpu = alternative_call(core_parking_policy.next, + CORE_PARKING_INCREMENT); ret = cpu_down(cpu); if ( ret ) return ret; @@ -193,7 +195,8 @@ long cf_check core_parking_helper(void *data) while ( cur_idle_nums > idle_nums ) { - cpu = core_parking_policy->next(CORE_PARKING_DECREMENT); + cpu = alternative_call(core_parking_policy.next, + CORE_PARKING_DECREMENT); ret = cpu_up(cpu); if ( ret ) return ret; @@ -239,12 +242,12 @@ uint32_t get_cur_idle_nums(void) return cur_idle_nums; } -static const struct cp_policy power_first = { +static const struct cp_policy __initconst_cf_clobber power_first = { .name = "power", .next = core_parking_power, }; -static const struct cp_policy performance_first = { +static const struct cp_policy __initconst_cf_clobber performance_first = { .name = "performance", .next = core_parking_performance, }; @@ -254,7 +257,7 @@ static int __init register_core_parking_policy(const struct cp_policy *policy) if ( !policy || !policy->next ) return -EINVAL; - core_parking_policy = policy; + core_parking_policy = *policy; return 0; } @@ -269,4 +272,4 @@ static int __init cf_check core_parking_init(void) return ret; } -__initcall(core_parking_init); +presmp_initcall(core_parking_init); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:21:01 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:21:01 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702692.1097986 (Exim 4.92) (envelope-from ) id 1ruF9Z-00042N-He; Tue, 09 Apr 2024 17:21:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702692.1097986; Tue, 09 Apr 2024 17:21:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9Z-00042F-Ef; Tue, 09 Apr 2024 17:21:01 +0000 Received: by outflank-mailman (input) for mailman id 702692; Tue, 09 Apr 2024 17:21:00 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9Y-000427-FB for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:00 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9Y-0005dj-ED for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:00 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF9Y-0006xG-DW for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:00 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7qEgijMS1vtyQNa1grCxXQeWNs/WqPuuPpvc7myk/UA=; b=yXmAULJqc+LZUN2rNJTMP18HH0 1HcCfXUKv/J1eVDMkc6Y5xQXxQaSN+V9EwxZ5jUCQb/MXKv3AVGqXZrf7+kEzRBZwAQm7w9muT5S3 TzwTKFKq/WcDh3wg78XNbJK3kY8UuEpPi+u/NnroD/RNlJdYNLssMKXFArI+OESNvLFo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/MTRR: avoid several indirect calls Message-Id: Date: Tue, 09 Apr 2024 17:21:00 +0000 commit aed8192f578fb02111f57eca0868c2262ada1341 Author: Jan Beulich AuthorDate: Mon Jan 22 13:39:23 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 x86/MTRR: avoid several indirect calls The use of (supposedly) vendor-specific hooks is a relic from the days when Xen was still possible to build as 32-bit binary. There's no expectation that a new need for such an abstraction would arise. Convert mttr_if to a mere boolean and all prior calls through it to direct ones, thus allowing to eliminate 6 ENDBR from .text. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit e9e0eb30d4d6565b411499ca826718b4b9acab68) --- xen/arch/x86/cpu/mtrr/generic.c | 26 +++++---------- xen/arch/x86/cpu/mtrr/main.c | 66 ++++++++++++++------------------------- xen/arch/x86/cpu/mtrr/mtrr.h | 37 ++++++---------------- xen/arch/x86/platform_hypercall.c | 2 +- 4 files changed, 40 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generic.c index 47aaf76226..837d3250f1 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -287,7 +287,7 @@ static void set_fixed_range(int msr, bool *changed, unsigned int *msrwords) } } -int cf_check generic_get_free_region( +int mtrr_get_free_region( unsigned long base, unsigned long size, int replace_reg) /* [SUMMARY] Get a free MTRR. The starting (base) address of the region. @@ -303,14 +303,14 @@ int cf_check generic_get_free_region( if (replace_reg >= 0 && replace_reg < max) return replace_reg; for (i = 0; i < max; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (lsize == 0) return i; } return -ENOSPC; } -static void cf_check generic_get_mtrr( +void mtrr_get( unsigned int reg, unsigned long *base, unsigned long *size, mtrr_type *type) { uint64_t _mask, _base; @@ -500,7 +500,7 @@ static void post_set(bool pge) spin_unlock(&set_atomicity_lock); } -static void cf_check generic_set_all(void) +void mtrr_set_all(void) { unsigned long mask, count; unsigned long flags; @@ -523,7 +523,7 @@ static void cf_check generic_set_all(void) } } -static void cf_check generic_set_mtrr( +void mtrr_set( unsigned int reg, unsigned long base, unsigned long size, mtrr_type type) /* [SUMMARY] Set variable MTRR register on the local CPU. The register to set. @@ -567,7 +567,7 @@ static void cf_check generic_set_mtrr( local_irq_restore(flags); } -int cf_check generic_validate_add_page( +int mtrr_validate_add_page( unsigned long base, unsigned long size, unsigned int type) { unsigned long lbase, last; @@ -586,21 +586,9 @@ int cf_check generic_validate_add_page( } -static int cf_check generic_have_wrcomb(void) +bool mtrr_have_wrcomb(void) { unsigned long config; rdmsrl(MSR_MTRRcap, config); return (config & (1ULL << 10)); } - -/* generic structure... - */ -const struct mtrr_ops generic_mtrr_ops = { - .use_intel_if = true, - .set_all = generic_set_all, - .get = generic_get_mtrr, - .get_free_region = generic_get_free_region, - .set = generic_set_mtrr, - .validate_add_page = generic_validate_add_page, - .have_wrcomb = generic_have_wrcomb, -}; diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index 4e01c8d6f9..dee59ea168 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -57,7 +57,7 @@ static DEFINE_MUTEX(mtrr_mutex); u64 __read_mostly size_or_mask; u64 __read_mostly size_and_mask; -const struct mtrr_ops *__read_mostly mtrr_if = NULL; +static bool __ro_after_init mtrr_if; static void set_mtrr(unsigned int reg, unsigned long base, unsigned long size, mtrr_type type); @@ -78,23 +78,12 @@ static const char *mtrr_attrib_to_str(int x) return (x <= 6) ? mtrr_strings[x] : "?"; } -/* Returns non-zero if we have the write-combining memory type */ -static int have_wrcomb(void) -{ - return (mtrr_if->have_wrcomb ? mtrr_if->have_wrcomb() : 0); -} - /* This function returns the number of variable MTRRs */ static void __init set_num_var_ranges(void) { - unsigned long config = 0; - - if (use_intel()) { - rdmsrl(MSR_MTRRcap, config); - } else if (is_cpu(AMD)) - config = 2; - else if (is_cpu(CENTAUR)) - config = 8; + unsigned long config; + + rdmsrl(MSR_MTRRcap, config); num_var_ranges = MASK_EXTR(config, MTRRcap_VCNT); } @@ -149,10 +138,10 @@ static void cf_check ipi_handler(void *info) if (data->smp_reg == ~0U) /* update all mtrr registers */ /* At the cpu hot-add time this will reinitialize mtrr * registres on the existing cpus. It is ok. */ - mtrr_if->set_all(); + mtrr_set_all(); else /* single mtrr register update */ - mtrr_if->set(data->smp_reg, data->smp_base, - data->smp_size, data->smp_type); + mtrr_set(data->smp_reg, data->smp_base, + data->smp_size, data->smp_type); atomic_dec(&data->count); while(atomic_read(&data->gate)) @@ -198,10 +187,9 @@ static inline int types_compatible(mtrr_type type1, mtrr_type type2) { * of CPUs. As each CPU disables interrupts, it'll decrement it once. We wait * until it hits 0 and proceed. We set the data.gate flag and reset data.count. * Meanwhile, they are waiting for that flag to be set. Once it's set, each - * CPU goes through the transition of updating MTRRs. The CPU vendors may each do it - * differently, so we call mtrr_if->set() callback and let them take care of it. - * When they're done, they again decrement data->count and wait for data.gate to - * be reset. + * CPU goes through the transition of updating MTRRs. + * When mtrr_set() is done, they again decrement data->count and wait for + * data.gate to be reset. * When we finish, we wait for data.count to hit 0 and toggle the data.gate flag. * Everyone then enables interrupts and we all continue on. * @@ -251,9 +239,9 @@ static void set_mtrr(unsigned int reg, unsigned long base, if (reg == ~0U) /* update all mtrr registers */ /* at boot or resume time, this will reinitialize the mtrrs on * the bp. It is ok. */ - mtrr_if->set_all(); + mtrr_set_all(); else /* update the single mtrr register */ - mtrr_if->set(reg,base,size,type); + mtrr_set(reg, base, size, type); /* wait for the others */ while (atomic_read(&data.count)) @@ -319,7 +307,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, if (!mtrr_if) return -ENXIO; - if ((error = mtrr_if->validate_add_page(base,size,type))) + if ((error = mtrr_validate_add_page(base, size, type))) return error; if (type >= MTRR_NUM_TYPES) { @@ -328,7 +316,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, } /* If the type is WC, check that this processor supports it */ - if ((type == MTRR_TYPE_WRCOMB) && !have_wrcomb()) { + if ((type == MTRR_TYPE_WRCOMB) && mtrr_have_wrcomb()) { printk(KERN_WARNING "mtrr: your processor doesn't support write-combining\n"); return -EOPNOTSUPP; @@ -350,7 +338,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, /* Search for existing MTRR */ mutex_lock(&mtrr_mutex); for (i = 0; i < num_var_ranges; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (!lsize || base > lbase + lsize - 1 || base + size - 1 < lbase) continue; /* At this point we know there is some kind of overlap/enclosure */ @@ -385,7 +373,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, goto out; } /* Search for an empty MTRR */ - i = mtrr_if->get_free_region(base, size, replace); + i = mtrr_get_free_region(base, size, replace); if (i >= 0) { set_mtrr(i, base, size, type); if (likely(replace < 0)) @@ -494,7 +482,7 @@ int mtrr_del_page(int reg, unsigned long base, unsigned long size) if (reg < 0) { /* Search for existing MTRR */ for (i = 0; i < max; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (lbase == base && lsize == size) { reg = i; break; @@ -510,7 +498,7 @@ int mtrr_del_page(int reg, unsigned long base, unsigned long size) printk(KERN_WARNING "mtrr: register: %d too big\n", reg); goto out; } - mtrr_if->get(reg, &lbase, &lsize, <ype); + mtrr_get(reg, &lbase, &lsize, <ype); if (lsize < 1) { printk(KERN_WARNING "mtrr: MTRR %d not used\n", reg); goto out; @@ -568,7 +556,7 @@ struct mtrr_value { void __init mtrr_bp_init(void) { if (cpu_has_mtrr) { - mtrr_if = &generic_mtrr_ops; + mtrr_if = true; size_or_mask = ~((1ULL << (paddr_bits - PAGE_SHIFT)) - 1); size_and_mask = ~size_or_mask & 0xfffff00000ULL; } @@ -576,14 +564,13 @@ void __init mtrr_bp_init(void) if (mtrr_if) { set_num_var_ranges(); init_table(); - if (use_intel()) - get_mtrr_state(); + get_mtrr_state(); } } void mtrr_ap_init(void) { - if (!mtrr_if || !use_intel() || hold_mtrr_updates_on_aps) + if (!mtrr_if || hold_mtrr_updates_on_aps) return; /* * Ideally we should hold mtrr_mutex here to avoid mtrr entries changed, @@ -612,32 +599,25 @@ void mtrr_save_state(void) void mtrr_aps_sync_begin(void) { - if (!use_intel()) - return; hold_mtrr_updates_on_aps = 1; } void mtrr_aps_sync_end(void) { - if (!use_intel()) - return; set_mtrr(~0U, 0, 0, 0); hold_mtrr_updates_on_aps = 0; } void mtrr_bp_restore(void) { - if (!use_intel()) - return; - mtrr_if->set_all(); + mtrr_set_all(); } static int __init cf_check mtrr_init_finialize(void) { if (!mtrr_if) return 0; - if (use_intel()) - mtrr_state_warn(); + mtrr_state_warn(); return 0; } __initcall(mtrr_init_finialize); diff --git a/xen/arch/x86/cpu/mtrr/mtrr.h b/xen/arch/x86/cpu/mtrr/mtrr.h index c7fd44daab..a9741e0cb0 100644 --- a/xen/arch/x86/cpu/mtrr/mtrr.h +++ b/xen/arch/x86/cpu/mtrr/mtrr.h @@ -6,40 +6,21 @@ #define MTRR_CHANGE_MASK_VARIABLE 0x02 #define MTRR_CHANGE_MASK_DEFTYPE 0x04 - -struct mtrr_ops { - u32 vendor; - bool use_intel_if; -// void (*init)(void); - void (*set)(unsigned int reg, unsigned long base, - unsigned long size, mtrr_type type); - void (*set_all)(void); - - void (*get)(unsigned int reg, unsigned long *base, - unsigned long *size, mtrr_type * type); - int (*get_free_region)(unsigned long base, unsigned long size, - int replace_reg); - int (*validate_add_page)(unsigned long base, unsigned long size, - unsigned int type); - int (*have_wrcomb)(void); -}; - -int cf_check generic_get_free_region( +void mtrr_get( + unsigned int reg, unsigned long *base, unsigned long *size, + mtrr_type *type); +void mtrr_set( + unsigned int reg, unsigned long base, unsigned long size, mtrr_type type); +void mtrr_set_all(void); +int mtrr_get_free_region( unsigned long base, unsigned long size, int replace_reg); -int cf_check generic_validate_add_page( +int mtrr_validate_add_page( unsigned long base, unsigned long size, unsigned int type); - -extern const struct mtrr_ops generic_mtrr_ops; +bool mtrr_have_wrcomb(void); void get_mtrr_state(void); -extern void set_mtrr_ops(const struct mtrr_ops *); - extern u64 size_or_mask, size_and_mask; -extern const struct mtrr_ops *mtrr_if; - -#define is_cpu(vnd) (mtrr_if && mtrr_if->vendor == X86_VENDOR_##vnd) -#define use_intel() (mtrr_if && mtrr_if->use_intel_if) extern unsigned int num_var_ranges; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index e7deee2268..27a799161a 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -299,7 +299,7 @@ ret_t do_platform_op( ret = -EINVAL; if ( op->u.read_memtype.reg < num_var_ranges ) { - mtrr_if->get(op->u.read_memtype.reg, &mfn, &nr_mfns, &type); + mtrr_get(op->u.read_memtype.reg, &mfn, &nr_mfns, &type); op->u.read_memtype.mfn = mfn; op->u.read_memtype.nr_mfns = nr_mfns; op->u.read_memtype.type = type; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:21:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:21:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702693.1097990 (Exim 4.92) (envelope-from ) id 1ruF9j-00048P-Kl; Tue, 09 Apr 2024 17:21:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702693.1097990; Tue, 09 Apr 2024 17:21:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9j-00048H-I5; Tue, 09 Apr 2024 17:21:11 +0000 Received: by outflank-mailman (input) for mailman id 702693; Tue, 09 Apr 2024 17:21:10 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9i-000487-Jy for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:10 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9i-0005e9-HC for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:10 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF9i-0006xw-GR for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:10 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=V6YtSh+iiDvISG2LAzzlbzR00tADIn7c/fLfTt2F9cg=; b=BFvx2iMjMIsZ2s77hT7XD+anUQ ydvwEWBPTij8+xqLAU0urCgbfpLScvk1xB49poSlEXM0yiwfrEIyzqgyoXywtsosJIykB3nUQgCoG /nBrPAsgu4jpVqRlhBDXdcbmr74KqQcbEURN946swfQDaCecRJiKtwB6+V+Npfpmk4Xw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/PV: avoid indirect call for I/O emulation quirk hook Message-Id: Date: Tue, 09 Apr 2024 17:21:10 +0000 commit 796959c8bd04672cb93ccbb1bc2f79e35209e30b Author: Jan Beulich AuthorDate: Mon Jan 22 13:40:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 x86/PV: avoid indirect call for I/O emulation quirk hook This way ioemul_handle_proliant_quirk() won't need ENDBR anymore. While touching this code, also - arrange for it to not be built at all when !PV, - add "const" to the last function parameter and bring the definition in sync with the declaration (for Misra). Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 1212af3e8c4d3a1350046d4fe0ca3b97b51e67de) --- xen/arch/x86/Makefile | 2 +- xen/arch/x86/include/asm/io.h | 10 +++++++--- xen/arch/x86/ioport_emulate.c | 9 ++++----- xen/arch/x86/pv/emul-priv-op.c | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index f213a6b56a..cb9d952659 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -43,7 +43,7 @@ obj-$(CONFIG_LIVEPATCH) += alternative.o livepatch.o obj-y += msi.o obj-y += msr.o obj-$(CONFIG_INDIRECT_THUNK) += indirect-thunk.o -obj-y += ioport_emulate.o +obj-$(CONFIG_PV) += ioport_emulate.o obj-y += irq.o obj-$(CONFIG_KEXEC) += machine_kexec.o obj-y += mm.o x86_64/mm.o diff --git a/xen/arch/x86/include/asm/io.h b/xen/arch/x86/include/asm/io.h index 92b784a861..9b19d2d389 100644 --- a/xen/arch/x86/include/asm/io.h +++ b/xen/arch/x86/include/asm/io.h @@ -47,10 +47,14 @@ __OUT(b,"b",char) __OUT(w,"w",short) __OUT(l,,int) -/* Function pointer used to handle platform specific I/O port emulation. */ +/* + * Boolean indicator and function used to handle platform specific I/O port + * emulation. + */ #define IOEMUL_QUIRK_STUB_BYTES 9 +extern bool ioemul_handle_quirk; struct cpu_user_regs; -extern unsigned int (*ioemul_handle_quirk)( - u8 opcode, char *io_emul_stub, struct cpu_user_regs *regs); +unsigned int ioemul_handle_proliant_quirk( + uint8_t opcode, char *io_emul_stub, const struct cpu_user_regs *regs); #endif diff --git a/xen/arch/x86/ioport_emulate.c b/xen/arch/x86/ioport_emulate.c index 6caeb3d470..0c1e389bc8 100644 --- a/xen/arch/x86/ioport_emulate.c +++ b/xen/arch/x86/ioport_emulate.c @@ -8,11 +8,10 @@ #include #include -unsigned int (*__read_mostly ioemul_handle_quirk)( - uint8_t opcode, char *io_emul_stub, struct cpu_user_regs *regs); +bool __ro_after_init ioemul_handle_quirk; -static unsigned int cf_check ioemul_handle_proliant_quirk( - u8 opcode, char *io_emul_stub, struct cpu_user_regs *regs) +unsigned int ioemul_handle_proliant_quirk( + uint8_t opcode, char *io_emul_stub, const struct cpu_user_regs *regs) { static const char stub[] = { 0x9c, /* pushf */ @@ -103,7 +102,7 @@ static const struct dmi_system_id __initconstrel ioport_quirks_tbl[] = { static int __init cf_check ioport_quirks_init(void) { if ( dmi_check_system(ioport_quirks_tbl) ) - ioemul_handle_quirk = ioemul_handle_proliant_quirk; + ioemul_handle_quirk = true; return 0; } diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 2c94beb10e..e429dfa4f0 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -124,7 +124,7 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, /* Some platforms might need to quirk the stub for specific inputs. */ if ( unlikely(ioemul_handle_quirk) ) { - quirk_bytes = ioemul_handle_quirk(opcode, p, ctxt->ctxt.regs); + quirk_bytes = ioemul_handle_proliant_quirk(opcode, p, ctxt->ctxt.regs); p += quirk_bytes; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:21:21 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:21:21 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702694.1097993 (Exim 4.92) (envelope-from ) id 1ruF9t-0004B1-Md; Tue, 09 Apr 2024 17:21:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702694.1097993; Tue, 09 Apr 2024 17:21:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9t-0004An-Jb; Tue, 09 Apr 2024 17:21:21 +0000 Received: by outflank-mailman (input) for mailman id 702694; Tue, 09 Apr 2024 17:21:20 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9s-0004Ag-Ky for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:20 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruF9s-0005eI-KG for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:20 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruF9s-0006yL-JT for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:20 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f1uo2jXA02OoeOIFSpAH+rPkHe+NsHs4pz2S/sB1JHw=; b=fYMjVAOQzcuXmM4lUEZhbnZoAr HZ05BRaXkYiSUTWzZiNo4fSGClCrJkYmpv9haDkLkygQs581Il+hnIyi0AjqDC6q3iu4LTTbMfK4N f7E3WfB5wDen7vH4csqvnyl4V26cI1hyNJ8//HO1QCezRGNWV2nlUpkdBRBRye6pS8+s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/MCE: separate BSP-only initialization Message-Id: Date: Tue, 09 Apr 2024 17:21:20 +0000 commit 2268aacc4324f6010058c2e3bbb214a280dc8078 Author: Jan Beulich AuthorDate: Mon Jan 22 13:40:32 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/MCE: separate BSP-only initialization Several function pointers are registered over and over again, when setting them once on the BSP suffices. Arrange for this in the vendor init functions and mark involved registration functions __init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 9f58616ddb1cc1870399de2202fafc7bf0d61694) --- xen/arch/x86/cpu/mcheck/mcaction.c | 2 +- xen/arch/x86/cpu/mcheck/mce.c | 15 ++++++--------- xen/arch/x86/cpu/mcheck/mce.h | 2 +- xen/arch/x86/cpu/mcheck/mce_amd.c | 20 +++++++++++++------- xen/arch/x86/cpu/mcheck/mce_intel.c | 10 +++++++--- 5 files changed, 28 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mcaction.c b/xen/arch/x86/cpu/mcheck/mcaction.c index f4f265c1bc..695fb61d7d 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.c +++ b/xen/arch/x86/cpu/mcheck/mcaction.c @@ -29,7 +29,7 @@ mci_action_add_pageoffline(int bank, struct mc_info *mi, mce_check_addr_t mc_check_addr = NULL; -void mce_register_addrcheck(mce_check_addr_t cbfunc) +void __init mce_register_addrcheck(mce_check_addr_t cbfunc) { mc_check_addr = cbfunc; } diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index f68e31b643..0b164e2027 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -84,7 +84,7 @@ static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs) static x86_mce_vector_t _machine_check_vector = unexpected_machine_check; -void x86_mce_vector_register(x86_mce_vector_t hdlr) +void __init x86_mce_vector_register(x86_mce_vector_t hdlr) { _machine_check_vector = hdlr; } @@ -107,7 +107,7 @@ void do_machine_check(const struct cpu_user_regs *regs) */ static x86_mce_callback_t mc_callback_bank_extended = NULL; -void x86_mce_callback_register(x86_mce_callback_t cbfunc) +void __init x86_mce_callback_register(x86_mce_callback_t cbfunc) { mc_callback_bank_extended = cbfunc; } @@ -118,7 +118,7 @@ void x86_mce_callback_register(x86_mce_callback_t cbfunc) */ static mce_recoverable_t mc_recoverable_scan = NULL; -void mce_recoverable_register(mce_recoverable_t cbfunc) +void __init mce_recoverable_register(mce_recoverable_t cbfunc) { mc_recoverable_scan = cbfunc; } @@ -182,7 +182,7 @@ static void mcabank_clear(int banknum) */ static mce_need_clearbank_t mc_need_clearbank_scan = NULL; -void mce_need_clearbank_register(mce_need_clearbank_t cbfunc) +void __init mce_need_clearbank_register(mce_need_clearbank_t cbfunc) { mc_need_clearbank_scan = cbfunc; } @@ -799,7 +799,7 @@ void mcheck_init(struct cpuinfo_x86 *c, bool bsp) { case X86_VENDOR_AMD: case X86_VENDOR_HYGON: - inited = amd_mcheck_init(c); + inited = amd_mcheck_init(c, bsp); break; case X86_VENDOR_INTEL: @@ -1913,11 +1913,8 @@ static void cf_check mce_softirq(void) * will help to collect and log those MCE errors. * Round2: Do all MCE processing logic as normal. */ -void mce_handler_init(void) +void __init mce_handler_init(void) { - if ( smp_processor_id() != 0 ) - return; - /* callback register, do we really need so many callback? */ /* mce handler data initialization */ spin_lock_init(&mce_logout_lock); diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index bea08bdc74..10ed059f7c 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -44,7 +44,7 @@ extern uint8_t cmci_apic_vector; extern bool lmce_support; /* Init functions */ -enum mcheck_type amd_mcheck_init(struct cpuinfo_x86 *c); +enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp); enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp); void amd_nonfatal_mcheck_init(struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c b/xen/arch/x86/cpu/mcheck/mce_amd.c index d7ae8919df..cf80e1a275 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.c +++ b/xen/arch/x86/cpu/mcheck/mce_amd.c @@ -284,7 +284,7 @@ int vmce_amd_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) } enum mcheck_type -amd_mcheck_init(struct cpuinfo_x86 *ci) +amd_mcheck_init(const struct cpuinfo_x86 *ci, bool bsp) { uint32_t i; enum mcequirk_amd_flags quirkflag = 0; @@ -294,9 +294,12 @@ amd_mcheck_init(struct cpuinfo_x86 *ci) /* Assume that machine check support is available. * The minimum provided support is at least the K8. */ - mce_handler_init(); - x86_mce_vector_register(mcheck_cmn_handler); - mce_need_clearbank_register(amd_need_clearbank_scan); + if ( bsp ) + { + mce_handler_init(); + x86_mce_vector_register(mcheck_cmn_handler); + mce_need_clearbank_register(amd_need_clearbank_scan); + } for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -336,9 +339,12 @@ amd_mcheck_init(struct cpuinfo_x86 *ci) ppin_msr = MSR_AMD_PPIN; } - x86_mce_callback_register(amd_f10_handler); - mce_recoverable_register(mc_amd_recoverable_scan); - mce_register_addrcheck(mc_amd_addrcheck); + if ( bsp ) + { + x86_mce_callback_register(amd_f10_handler); + mce_recoverable_register(mc_amd_recoverable_scan); + mce_register_addrcheck(mc_amd_addrcheck); + } return ci->x86_vendor == X86_VENDOR_HYGON ? mcheck_hygon : mcheck_amd_famXX; diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index ce7678f242..837a8c6d0c 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -814,7 +814,7 @@ static void intel_mce_post_reset(void) return; } -static void intel_init_mce(void) +static void intel_init_mce(bool bsp) { uint64_t msr_content; int i; @@ -840,6 +840,9 @@ static void intel_init_mce(void) if ( firstbank ) /* if cmci enabled, firstbank = 0 */ wrmsrl(MSR_IA32_MC0_STATUS, 0x0ULL); + if ( !bsp ) + return; + x86_mce_vector_register(mcheck_cmn_handler); mce_recoverable_register(intel_recoverable_scan); mce_need_clearbank_register(intel_need_clearbank_scan); @@ -979,9 +982,10 @@ enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp) intel_init_mca(c); - mce_handler_init(); + if ( bsp ) + mce_handler_init(); - intel_init_mce(); + intel_init_mce(bsp); intel_init_cmci(c); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:21:31 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:21:31 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702695.1097998 (Exim 4.92) (envelope-from ) id 1ruFA3-0004Dl-OA; Tue, 09 Apr 2024 17:21:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702695.1097998; Tue, 09 Apr 2024 17:21:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFA3-0004Db-LJ; Tue, 09 Apr 2024 17:21:31 +0000 Received: by outflank-mailman (input) for mailman id 702695; Tue, 09 Apr 2024 17:21:30 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFA2-0004DS-Ny for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:30 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFA2-0005eS-NG for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:30 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFA2-0006yo-Mb for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:30 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ppDK9Zx68Qau5QwBGvlIKCX67wQ+g2/U3OoDM9FUpko=; b=HjNtVXws/2pFuVcYSxJ+dXJwtB 3emOt5+/0n9NovVrntExZ7JhQ5SvHr9BIDzOA1C6WUwp8m2YoQ7xqPMM7JfPy2cKNZzBM6XcsYiOc a4/jicQx94jNXwF9Bp/uKYqZOc9uuhirJV7rIv5GS++p8XL/TZjSGT6jTDr2Jk9xKH5I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/MCE: switch some callback invocations to altcall Message-Id: Date: Tue, 09 Apr 2024 17:21:30 +0000 commit 90275d1cbfa3cbb2380028753349bcb6bc6f0717 Author: Jan Beulich AuthorDate: Mon Jan 22 13:41:07 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/MCE: switch some callback invocations to altcall While not performance critical, these hook invocations still would better be converted: This way all pre-filled (and newly introduced) struct mce_callback instances can become __initconst_cf_clobber, thus allowing to eliminate another 9 ENDBR during the 2nd phase of alternatives patching. While this means registering callbacks a little earlier, doing so is perhaps even advantageous, for having pointers be non-NULL earlier on. Only one set of callbacks would only ever be registered anyway, and neither of the respective initialization function can (subsequently) fail. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 85ba4d050f9f3c4286164f21660ae88435b7e83c) --- xen/arch/x86/cpu/mcheck/mcaction.c | 10 ++---- xen/arch/x86/cpu/mcheck/mcaction.h | 5 --- xen/arch/x86/cpu/mcheck/mce.c | 71 ++++++++++-------------------------- xen/arch/x86/cpu/mcheck/mce.h | 72 +++++++++++++++++++------------------ xen/arch/x86/cpu/mcheck/mce_amd.c | 26 +++++++------- xen/arch/x86/cpu/mcheck/mce_intel.c | 14 ++++---- 6 files changed, 80 insertions(+), 118 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mcaction.c b/xen/arch/x86/cpu/mcheck/mcaction.c index 695fb61d7d..bf7a0de965 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.c +++ b/xen/arch/x86/cpu/mcheck/mcaction.c @@ -27,13 +27,6 @@ mci_action_add_pageoffline(int bank, struct mc_info *mi, return rec; } -mce_check_addr_t mc_check_addr = NULL; - -void __init mce_register_addrcheck(mce_check_addr_t cbfunc) -{ - mc_check_addr = cbfunc; -} - void mc_memerr_dhandler(struct mca_binfo *binfo, enum mce_result *result, @@ -48,7 +41,8 @@ mc_memerr_dhandler(struct mca_binfo *binfo, int vmce_vcpuid; unsigned int mc_vcpuid; - if ( !mc_check_addr(bank->mc_status, bank->mc_misc, MC_ADDR_PHYSICAL) ) + if ( !alternative_call(mce_callbacks.check_addr, bank->mc_status, + bank->mc_misc, MC_ADDR_PHYSICAL) ) { dprintk(XENLOG_WARNING, "No physical address provided for memory error\n"); diff --git a/xen/arch/x86/cpu/mcheck/mcaction.h b/xen/arch/x86/cpu/mcheck/mcaction.h index 5cbe558fb0..6c79498cd2 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.h +++ b/xen/arch/x86/cpu/mcheck/mcaction.h @@ -12,9 +12,4 @@ mc_memerr_dhandler(struct mca_binfo *binfo, #define MC_ADDR_PHYSICAL 0 #define MC_ADDR_VIRTUAL 1 -typedef bool (*mce_check_addr_t)(uint64_t status, uint64_t misc, int addr_type); -extern void mce_register_addrcheck(mce_check_addr_t); - -extern mce_check_addr_t mc_check_addr; - #endif diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 0b164e2027..5b7b85a0b5 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -82,47 +82,21 @@ static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs) fatal_trap(regs, 1); } -static x86_mce_vector_t _machine_check_vector = unexpected_machine_check; - -void __init x86_mce_vector_register(x86_mce_vector_t hdlr) -{ - _machine_check_vector = hdlr; -} +struct mce_callbacks __ro_after_init mce_callbacks = { + .handler = unexpected_machine_check, +}; +static const typeof(mce_callbacks.handler) __initconst_cf_clobber __used + default_handler = unexpected_machine_check; /* Call the installed machine check handler for this CPU setup. */ void do_machine_check(const struct cpu_user_regs *regs) { mce_enter(); - _machine_check_vector(regs); + alternative_vcall(mce_callbacks.handler, regs); mce_exit(); } -/* - * Init machine check callback handler - * It is used to collect additional information provided by newer - * CPU families/models without the need to duplicate the whole handler. - * This avoids having many handlers doing almost nearly the same and each - * with its own tweaks ands bugs. - */ -static x86_mce_callback_t mc_callback_bank_extended = NULL; - -void __init x86_mce_callback_register(x86_mce_callback_t cbfunc) -{ - mc_callback_bank_extended = cbfunc; -} - -/* - * Machine check recoverable judgement callback handler - * It is used to judge whether an UC error is recoverable by software - */ -static mce_recoverable_t mc_recoverable_scan = NULL; - -void __init mce_recoverable_register(mce_recoverable_t cbfunc) -{ - mc_recoverable_scan = cbfunc; -} - struct mca_banks *mcabanks_alloc(unsigned int nr_mce_banks) { struct mca_banks *mb; @@ -174,19 +148,6 @@ static void mcabank_clear(int banknum) mca_wrmsr(MSR_IA32_MCx_STATUS(banknum), 0x0ULL); } -/* - * Judging whether to Clear Machine Check error bank callback handler - * According to Intel latest MCA OS Recovery Writer's Guide, - * whether the error MCA bank needs to be cleared is decided by the mca_source - * and MCi_status bit value. - */ -static mce_need_clearbank_t mc_need_clearbank_scan = NULL; - -void __init mce_need_clearbank_register(mce_need_clearbank_t cbfunc) -{ - mc_need_clearbank_scan = cbfunc; -} - /* * mce_logout_lock should only be used in the trap handler, * while MCIP has not been cleared yet in the global status @@ -227,7 +188,8 @@ static void mca_init_bank(enum mca_source who, struct mc_info *mi, int bank) if ( (mib->mc_status & MCi_STATUS_MISCV) && (mib->mc_status & MCi_STATUS_ADDRV) && - (mc_check_addr(mib->mc_status, mib->mc_misc, MC_ADDR_PHYSICAL)) && + alternative_call(mce_callbacks.check_addr, mib->mc_status, + mib->mc_misc, MC_ADDR_PHYSICAL) && (who == MCA_POLLER || who == MCA_CMCI_HANDLER) && (mfn_valid(_mfn(paddr_to_pfn(mib->mc_addr)))) ) { @@ -327,7 +289,7 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, * If no mc_recovery_scan callback handler registered, * this error is not recoverable */ - recover = mc_recoverable_scan ? 1 : 0; + recover = mce_callbacks.recoverable_scan; for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -344,8 +306,9 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, * decide whether to clear bank by MCi_STATUS bit value such as * OVER/UC/EN/PCC/S/AR */ - if ( mc_need_clearbank_scan ) - need_clear = mc_need_clearbank_scan(who, status); + if ( mce_callbacks.need_clearbank_scan ) + need_clear = alternative_call(mce_callbacks.need_clearbank_scan, + who, status); /* * If this is the first bank with valid MCA DATA, then @@ -381,12 +344,12 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, if ( recover && uc ) /* uc = true, recover = true, we need not panic. */ - recover = mc_recoverable_scan(status); + recover = alternative_call(mce_callbacks.recoverable_scan, status); mca_init_bank(who, mci, i); - if ( mc_callback_bank_extended ) - mc_callback_bank_extended(mci, i, status); + if ( mce_callbacks.info_collect ) + alternative_vcall(mce_callbacks.info_collect, mci, i, status); /* By default, need_clear = true */ if ( who != MCA_MCE_SCAN && need_clear ) @@ -1913,9 +1876,11 @@ static void cf_check mce_softirq(void) * will help to collect and log those MCE errors. * Round2: Do all MCE processing logic as normal. */ -void __init mce_handler_init(void) +void __init mce_handler_init(const struct mce_callbacks *cb) { /* callback register, do we really need so many callback? */ + mce_callbacks = *cb; + /* mce handler data initialization */ spin_lock_init(&mce_logout_lock); open_softirq(MACHINE_CHECK_SOFTIRQ, mce_softirq); diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index 10ed059f7c..6bd25d4101 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -62,20 +62,12 @@ void noreturn mc_panic(char *s); void x86_mc_get_cpu_info(unsigned, uint32_t *, uint16_t *, uint16_t *, uint32_t *, uint32_t *, uint32_t *, uint32_t *); -/* Register a handler for machine check exceptions. */ -typedef void (*x86_mce_vector_t)(const struct cpu_user_regs *regs); -extern void x86_mce_vector_register(x86_mce_vector_t); - /* * Common generic MCE handler that implementations may nominate * via x86_mce_vector_register. */ void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs); -/* Register a handler for judging whether mce is recoverable. */ -typedef bool (*mce_recoverable_t)(uint64_t status); -extern void mce_recoverable_register(mce_recoverable_t); - /* Read an MSR, checking for an interposed value first */ extern struct intpose_ent *intpose_lookup(unsigned int, uint64_t, uint64_t *); @@ -134,30 +126,6 @@ extern void mcheck_mca_clearbanks(struct mca_banks *); extern mctelem_cookie_t mcheck_mca_logout(enum mca_source, struct mca_banks *, struct mca_summary *, struct mca_banks *); -/* - * Register callbacks to be made during bank telemetry logout. - * Those callbacks are only available to those machine check handlers - * that call to the common mcheck_cmn_handler or who use the common - * telemetry logout function mcheck_mca_logout in error polling. - */ - -/* Register a handler for judging whether the bank need to be cleared */ -typedef bool (*mce_need_clearbank_t)(enum mca_source who, u64 status); -extern void mce_need_clearbank_register(mce_need_clearbank_t); - -/* - * Register a callback to collect additional information (typically non- - * architectural) provided by newer CPU families/models without the need - * to duplicate the whole handler resulting in various handlers each with - * its own tweaks and bugs. The callback receives an struct mc_info pointer - * which it can use with x86_mcinfo_reserve to add additional telemetry, - * the current MCA bank number we are reading telemetry from, and the - * MCi_STATUS value for that bank. - */ -typedef struct mcinfo_extended *(*x86_mce_callback_t) - (struct mc_info *, uint16_t, uint64_t); -extern void x86_mce_callback_register(x86_mce_callback_t); - void *x86_mcinfo_reserve(struct mc_info *mi, unsigned int size, unsigned int type); void x86_mcinfo_dump(struct mc_info *mi); @@ -198,8 +166,44 @@ static inline int mce_bank_msr(const struct vcpu *v, uint32_t msr) return 0; } -/* MC softirq */ -void mce_handler_init(void); +struct mce_callbacks { + void (*handler)(const struct cpu_user_regs *regs); + bool (*check_addr)(uint64_t status, uint64_t misc, int addr_type); + + /* Handler for judging whether mce is recoverable. */ + bool (*recoverable_scan)(uint64_t status); + + /* + * Callbacks to be made during bank telemetry logout. + * They are only available to those machine check handlers + * that call to the common mcheck_cmn_handler or who use the common + * telemetry logout function mcheck_mca_logout in error polling. + */ + + /* + * Judging whether to Clear Machine Check error bank callback handler. + * According to Intel latest MCA OS Recovery Writer's Guide, whether + * the error MCA bank needs to be cleared is decided by the mca_source + * and MCi_status bit value. + */ + bool (*need_clearbank_scan)(enum mca_source who, u64 status); + + /* + * Callback to collect additional information (typically non- + * architectural) provided by newer CPU families/models without the need + * to duplicate the whole handler resulting in various handlers each with + * its own tweaks and bugs. The callback receives an struct mc_info pointer + * which it can use with x86_mcinfo_reserve to add additional telemetry, + * the current MCA bank number we are reading telemetry from, and the + * MCi_STATUS value for that bank. + */ + struct mcinfo_extended *(*info_collect) + (struct mc_info *mi, uint16_t bank, uint64_t status); +}; + +extern struct mce_callbacks mce_callbacks; + +void mce_handler_init(const struct mce_callbacks *cb); extern const struct mca_error_handler *mce_dhandlers; extern const struct mca_error_handler *mce_uhandlers; diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c b/xen/arch/x86/cpu/mcheck/mce_amd.c index cf80e1a275..f401f54fab 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.c +++ b/xen/arch/x86/cpu/mcheck/mce_amd.c @@ -283,6 +283,19 @@ int vmce_amd_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) return 1; } +static const struct mce_callbacks __initconst_cf_clobber k8_callbacks = { + .handler = mcheck_cmn_handler, + .need_clearbank_scan = amd_need_clearbank_scan, +}; + +static const struct mce_callbacks __initconst_cf_clobber k10_callbacks = { + .handler = mcheck_cmn_handler, + .check_addr = mc_amd_addrcheck, + .recoverable_scan = mc_amd_recoverable_scan, + .need_clearbank_scan = amd_need_clearbank_scan, + .info_collect = amd_f10_handler, +}; + enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *ci, bool bsp) { @@ -295,11 +308,7 @@ amd_mcheck_init(const struct cpuinfo_x86 *ci, bool bsp) /* Assume that machine check support is available. * The minimum provided support is at least the K8. */ if ( bsp ) - { - mce_handler_init(); - x86_mce_vector_register(mcheck_cmn_handler); - mce_need_clearbank_register(amd_need_clearbank_scan); - } + mce_handler_init(ci->x86 == 0xf ? &k8_callbacks : &k10_callbacks); for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -339,13 +348,6 @@ amd_mcheck_init(const struct cpuinfo_x86 *ci, bool bsp) ppin_msr = MSR_AMD_PPIN; } - if ( bsp ) - { - x86_mce_callback_register(amd_f10_handler); - mce_recoverable_register(mc_amd_recoverable_scan); - mce_register_addrcheck(mc_amd_addrcheck); - } - return ci->x86_vendor == X86_VENDOR_HYGON ? mcheck_hygon : mcheck_amd_famXX; } diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index 837a8c6d0c..dc7e1e61a6 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -843,11 +843,6 @@ static void intel_init_mce(bool bsp) if ( !bsp ) return; - x86_mce_vector_register(mcheck_cmn_handler); - mce_recoverable_register(intel_recoverable_scan); - mce_need_clearbank_register(intel_need_clearbank_scan); - mce_register_addrcheck(intel_checkaddr); - mce_dhandlers = intel_mce_dhandlers; mce_dhandler_num = ARRAY_SIZE(intel_mce_dhandlers); mce_uhandlers = intel_mce_uhandlers; @@ -957,6 +952,13 @@ static int cf_check cpu_callback( return !rc ? NOTIFY_DONE : notifier_from_errno(rc); } +static const struct mce_callbacks __initconst_cf_clobber intel_callbacks = { + .handler = mcheck_cmn_handler, + .check_addr = intel_checkaddr, + .recoverable_scan = intel_recoverable_scan, + .need_clearbank_scan = intel_need_clearbank_scan, +}; + static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; @@ -983,7 +985,7 @@ enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp) intel_init_mca(c); if ( bsp ) - mce_handler_init(); + mce_handler_init(&intel_callbacks); intel_init_mce(bsp); -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:21:41 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:21:41 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702696.1098002 (Exim 4.92) (envelope-from ) id 1ruFAD-0004Gr-RM; Tue, 09 Apr 2024 17:21:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702696.1098002; Tue, 09 Apr 2024 17:21:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAD-0004Gj-On; Tue, 09 Apr 2024 17:21:41 +0000 Received: by outflank-mailman (input) for mailman id 702696; Tue, 09 Apr 2024 17:21:40 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAC-0004Gb-R9 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:40 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAC-0005eZ-QV for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:40 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFAC-0006zF-Pq for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:40 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zXy3xwTZb2SBaMOtr8ZrzlFT/S8ldhwr9fC7VuTAKGw=; b=AhwnLKXSzPcFwK8CtGP+ZvXHaj +tTQxEPYxkPbjz0TmrKKb5LG1hVMIphQXAG7j8i9UOy1KldA9yeHtydd5/RmS8sUsetp/nA/9yAS4 vnFe6n2Fke/VWCNsMXUtYg8O0uVj4dpWU3GkYph+ffgElQGXEPQ1P/BpqO8mw6Cajrcc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] IRQ: generalize [gs]et_irq_regs() Message-Id: Date: Tue, 09 Apr 2024 17:21:40 +0000 commit e356ac136aac6cddf26f0287112813a9344a8aed Author: Jan Beulich AuthorDate: Tue Jan 23 12:03:23 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 IRQ: generalize [gs]et_irq_regs() Move functions (and their data) to common code, and invoke the functions on Arm as well. This is in preparation of dropping the register parameters from handler functions. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Julien Grall (cherry picked from commit f67bddf3bccd99a5fee968c3b3f288db6a57d3be) --- xen/arch/arm/irq.c | 2 ++ xen/arch/x86/include/asm/irq.h | 21 --------------------- xen/arch/x86/irq.c | 2 -- xen/common/irq.c | 2 ++ xen/include/xen/irq.h | 21 +++++++++++++++++++++ 5 files changed, 25 insertions(+), 23 deletions(-) diff --git a/xen/arch/arm/irq.c b/xen/arch/arm/irq.c index fd0c15fffd..8649c636a3 100644 --- a/xen/arch/arm/irq.c +++ b/xen/arch/arm/irq.c @@ -229,6 +229,7 @@ void do_IRQ(struct cpu_user_regs *regs, unsigned int irq, int is_fiq) { struct irq_desc *desc = irq_to_desc(irq); struct irqaction *action; + struct cpu_user_regs *old_regs = set_irq_regs(regs); perfc_incr(irqs); @@ -296,6 +297,7 @@ out: out_no_end: spin_unlock(&desc->lock); irq_exit(); + set_irq_regs(old_regs); } void release_irq(unsigned int irq, const void *dev_id) diff --git a/xen/arch/x86/include/asm/irq.h b/xen/arch/x86/include/asm/irq.h index 823d627fd0..26850e5077 100644 --- a/xen/arch/x86/include/asm/irq.h +++ b/xen/arch/x86/include/asm/irq.h @@ -70,27 +70,6 @@ extern bool opt_noirqbalance; extern int opt_irq_vector_map; -/* - * Per-cpu current frame pointer - the location of the last exception frame on - * the stack - */ -DECLARE_PER_CPU(struct cpu_user_regs *, __irq_regs); - -static inline struct cpu_user_regs *get_irq_regs(void) -{ - return this_cpu(__irq_regs); -} - -static inline struct cpu_user_regs *set_irq_regs(struct cpu_user_regs *new_regs) -{ - struct cpu_user_regs *old_regs, **pp_regs = &this_cpu(__irq_regs); - - old_regs = *pp_regs; - *pp_regs = new_regs; - return old_regs; -} - - #define platform_legacy_irq(irq) ((irq) < 16) void cf_check event_check_interrupt(struct cpu_user_regs *regs); diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 51b4837cd3..abd6f577dd 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -53,8 +53,6 @@ static DEFINE_SPINLOCK(vector_lock); DEFINE_PER_CPU(vector_irq_t, vector_irq); -DEFINE_PER_CPU(struct cpu_user_regs *, __irq_regs); - static LIST_HEAD(irq_ratelimit_list); static DEFINE_SPINLOCK(irq_ratelimit_lock); static struct timer irq_ratelimit_timer; diff --git a/xen/common/irq.c b/xen/common/irq.c index 727cf8bd22..236cf171e2 100644 --- a/xen/common/irq.c +++ b/xen/common/irq.c @@ -1,6 +1,8 @@ #include #include +DEFINE_PER_CPU(struct cpu_user_regs *, irq_regs); + int init_one_irq_desc(struct irq_desc *desc) { int err; diff --git a/xen/include/xen/irq.h b/xen/include/xen/irq.h index 300625e56d..c93ef31a9c 100644 --- a/xen/include/xen/irq.h +++ b/xen/include/xen/irq.h @@ -130,6 +130,27 @@ void cf_check irq_actor_none(struct irq_desc *); #define irq_disable_none irq_actor_none #define irq_enable_none irq_actor_none +/* + * Per-cpu interrupted context register state - the inner-most interrupt frame + * on the stack. + */ +DECLARE_PER_CPU(struct cpu_user_regs *, irq_regs); + +static inline struct cpu_user_regs *get_irq_regs(void) +{ + return this_cpu(irq_regs); +} + +static inline struct cpu_user_regs *set_irq_regs(struct cpu_user_regs *new_regs) +{ + struct cpu_user_regs *old_regs, **pp_regs = &this_cpu(irq_regs); + + old_regs = *pp_regs; + *pp_regs = new_regs; + + return old_regs; +} + struct domain; struct vcpu; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:21:52 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:21:52 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702697.1098006 (Exim 4.92) (envelope-from ) id 1ruFAN-0004Oc-TD; Tue, 09 Apr 2024 17:21:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702697.1098006; Tue, 09 Apr 2024 17:21:51 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAN-0004OU-QF; Tue, 09 Apr 2024 17:21:51 +0000 Received: by outflank-mailman (input) for mailman id 702697; Tue, 09 Apr 2024 17:21:50 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAM-0004OH-UN for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:50 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAM-0005ew-Td for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:50 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFAM-0006zi-Sj for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:21:50 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Mjw6HdT7W4HtrM6Fh8aCrVJITLBjGBrYGm/O6fmG+Ug=; b=DNN590aKtJHH7G2eLUEb+IklmX QlMJC7uuBvX/Ms7l5XB2Tn/UMeqYfmYt3pHbLCAR3qYZluJkicafjmKuP46N+T2fuO/QsSm+fOJzt HWnWoAoDQa/9nk0WlVl5qNKFYAuU+LviG5NhNCSAvZzG+J8Tc2U9rXFAwReZz62CGN7I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Expose IPRED_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:21:50 +0000 commit 68468e5b0ff7f82518de6de8b74187f86a9b6e22 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:58 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Expose IPRED_CTRL to guests The CPUID feature bit signals the presence of the IPRED_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 4dd6760706848de30f7c8b5f83462b9bcb070c91) --- xen/arch/x86/msr.c | 6 ++++-- xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index f7192c1ddf..ac01553598 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -316,8 +316,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) /* * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have - * separate CPUID features for this functionality, but only set will be - * active. + * separate CPUID features for some of this functionality, but only one + * vendors-worth will be active on a single host. */ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) { @@ -331,6 +331,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | (psfd ? SPEC_CTRL_PSFD : 0) | + (cp->feat.ipred_ctrl + ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index bc971f3c6f..8708b934a0 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -295,7 +295,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /* MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /* MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 636ff44c8b..9d1e47cfcd 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -318,7 +318,8 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS], + IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, + IPRED_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:22:02 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:22:02 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702698.1098010 (Exim 4.92) (envelope-from ) id 1ruFAX-0004T6-UX; Tue, 09 Apr 2024 17:22:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702698.1098010; Tue, 09 Apr 2024 17:22:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAX-0004Sy-Rd; Tue, 09 Apr 2024 17:22:01 +0000 Received: by outflank-mailman (input) for mailman id 702698; Tue, 09 Apr 2024 17:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAX-0004Si-0z for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAX-0005f5-0N for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFAW-00070O-Vx for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:00 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lTXZFO2NeF5LL0xeNJZb7eG/FbtG+gVH6a3uo4VmUjg=; b=Sq7gnav1SWjp4ADj/EIBUr0F6p LXuSUaBaKwMSj9ZuzBxqbEKLx181UeLsWEAN56ve+SUi3HYgzl3JaVTFM9dhe6AHNPAOoHjYu0GiH BUQ8ATJReWG/lb3aP3J+S5iOyyYMS76azUnxHltKPVwLiF9ya5BkPWPk760pjBCIZA4M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Expose RRSBA_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:22:00 +0000 commit b7559a0488ac286d92a09fc00614207b32abb72d Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:59 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Expose RRSBA_CTRL to guests The CPUID feature bit signals the presence of the RRSBA_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 478e4787fa64b621061177a7843c452e9a19916d) --- xen/arch/x86/msr.c | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index ac01553598..615314f1e1 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -333,6 +333,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) (psfd ? SPEC_CTRL_PSFD : 0) | (cp->feat.ipred_ctrl ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | + (cp->feat.rrsba_ctrl + ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 8708b934a0..0e1581cdac 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -296,7 +296,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /* MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 9d1e47cfcd..09acb9764c 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -319,7 +319,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL], + IPRED_CTRL, RRSBA_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:22:12 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702701.1098014 (Exim 4.92) (envelope-from ) id 1ruFAh-0004Yk-Vl; Tue, 09 Apr 2024 17:22:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702701.1098014; Tue, 09 Apr 2024 17:22:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAh-0004Yb-T1; Tue, 09 Apr 2024 17:22:11 +0000 Received: by outflank-mailman (input) for mailman id 702701; Tue, 09 Apr 2024 17:22:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAh-0004YN-4F for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAh-0005fb-3Z for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFAh-000732-2Y for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7rp6NrtfV9PucZ0n+yA+jJwl6baohU0PSVsFgvJ3cAw=; b=apC6AuKF1B2KkejFrjfX/gC6Xj BjuVirKn2e3+5oDtWDNItNu2fmEBXIK5oKqTVCzsMV/oh3ufjmXKKeNUB+UcBHnS66j/o4EDIf2FD ozZRik4Fvd0RY9yTkRAluNwquxvzFX2t7ItedEHt0bZrGVn4YNmLVs0mHuPEEL3qLOrQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Expose BHI_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:22:11 +0000 commit 363745e52dc758bdfb2fd42d32f12276c80ed447 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:14:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Expose BHI_CTRL to guests The CPUID feature bit signals the presence of the BHI_DIS_S control in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 583f1d0950529f3517b1741c2b21a028a82ba831) --- xen/arch/x86/msr.c | 1 + xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 615314f1e1..51e6744e8f 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -335,6 +335,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | (cp->feat.rrsba_ctrl ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | + (cp->feat.bhi_ctrl ? SPEC_CTRL_BHI_DIS_S : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 0e1581cdac..51f238683c 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -297,7 +297,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 09acb9764c..a7c2ba3e5d 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -319,7 +319,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL, RRSBA_CTRL], + IPRED_CTRL, RRSBA_CTRL, BHI_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:22:22 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:22:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702702.1098018 (Exim 4.92) (envelope-from ) id 1ruFAs-0004e9-13; Tue, 09 Apr 2024 17:22:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702702.1098018; Tue, 09 Apr 2024 17:22:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAr-0004e1-UR; Tue, 09 Apr 2024 17:22:21 +0000 Received: by outflank-mailman (input) for mailman id 702702; Tue, 09 Apr 2024 17:22:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAr-0004dr-7G for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFAr-0005fi-6T for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFAr-00073g-5n for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RNYLeo3JtQyRiwF6fVOSSLy6VNjsh0m5Q3maivDmd/k=; b=IcftTbBV+LXVXrO2ccM8ih/zxx Hm8FgTj2VvVLRthQhL8YPVOWLAP3TDT3ErA8lv8xlkPyBz8VripJhRdzVjyuwTyBgqy2s0yGdbb0P VDsE1pfdc6g4YsMwAAO2x3emv4CnLgqsTXCv0LX8wfy0VPQHHRSuqQWRkAUAI0tryzWc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86: arrange for ENDBR zapping from _ctxt_switch_masking() Message-Id: Date: Tue, 09 Apr 2024 17:22:21 +0000 commit f2947a0da348eafc72e166dea14983f6d7c8300e Author: Jan Beulich AuthorDate: Mon Feb 5 10:44:46 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86: arrange for ENDBR zapping from _ctxt_switch_masking() While altcall is already used for them, the functions want announcing in .init.rodata.cf_clobber, even if the resulting static variables aren't otherwise used. While doing this also move ctxt_switch_masking to .data.ro_after_init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 044168fa3a65b6542bda5c21e373742de1bd5980) --- xen/arch/x86/cpu/amd.c | 5 +++++ xen/arch/x86/cpu/common.c | 2 +- xen/arch/x86/cpu/intel.c | 5 +++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 3d85e9797d..d5e9ad7598 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -258,6 +258,11 @@ static void cf_check amd_ctxt_switch_masking(const struct vcpu *next) #undef LAZY } +#ifdef CONFIG_XEN_IBT /* Announce the function to ENDBR clobbering logic. */ +static const typeof(ctxt_switch_masking) __initconst_cf_clobber __used csm = + amd_ctxt_switch_masking; +#endif + /* * Mask the features and extended features returned by CPUID. Parameters are * set from the boot line via two methods: diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 54ea7fa831..60e472da26 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -121,7 +121,7 @@ static const struct cpu_dev default_cpu = { static const struct cpu_dev *this_cpu = &default_cpu; static DEFINE_PER_CPU(uint64_t, msr_misc_features); -void (* __read_mostly ctxt_switch_masking)(const struct vcpu *next); +void (* __ro_after_init ctxt_switch_masking)(const struct vcpu *next); bool __init probe_cpuid_faulting(void) { diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 96723b5d44..532e845f66 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -220,6 +220,11 @@ static void cf_check intel_ctxt_switch_masking(const struct vcpu *next) #undef LAZY } +#ifdef CONFIG_XEN_IBT /* Announce the function to ENDBR clobbering logic. */ +static const typeof(ctxt_switch_masking) __initconst_cf_clobber __used csm = + intel_ctxt_switch_masking; +#endif + /* * opt_cpuid_mask_ecx/edx: cpuid.1[ecx, edx] feature mask. * For example, E8400[Intel Core 2 Duo Processor series] ecx = 0x0008E3FD, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:22:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:22:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702706.1098021 (Exim 4.92) (envelope-from ) id 1ruFB3-0004k7-2T; Tue, 09 Apr 2024 17:22:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702706.1098021; Tue, 09 Apr 2024 17:22:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFB2-0004jt-Vz; Tue, 09 Apr 2024 17:22:32 +0000 Received: by outflank-mailman (input) for mailman id 702706; Tue, 09 Apr 2024 17:22:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFB1-0004jb-AH for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFB1-0005ft-9Y for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFB1-00074E-8e for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pOACRqKtaFkVqFoJ+HajpiXRs4mQ0MwgBfIOK8qF+j4=; b=J6lDU3qW7ljWwmx4PO55Crxa7d Ajn3bnHPMbOxr1Vyqk+lH6hG7wOhFezD5OrzF/vzBmDAsGDxSWrxVrKWogjCxXralDyS/MPWEP940 EJTr2e7XRs8o2p9ZYm2hAeAuOMVk3xh+edg0xJNPhcmww9nAx+RLF0QEVBgPF0jAgxLY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/guest: finish conversion to altcall Message-Id: Date: Tue, 09 Apr 2024 17:22:31 +0000 commit d11255f909e4b77ae1d1aa7e928cdfca5964a574 Author: Jan Beulich AuthorDate: Mon Feb 5 10:45:31 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/guest: finish conversion to altcall While .setup() and .e820_fixup() don't need fiddling with for being run only very early, both .ap_setup() and .resume() want converting too: This way both pre-filled struct hypervisor_ops instances can become __initconst_cf_clobber, thus allowing to eliminate up to 5 more ENDBR (configuration dependent) during the 2nd phase of alternatives patching. While fiddling with section annotations here, also move "ops" itself to .data.ro_after_init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Acked-by: Paul Durrant (cherry picked from commit e931edccc53c9dd6e9a505ad0ff3a03d985669bc) --- xen/arch/x86/guest/hyperv/hyperv.c | 2 +- xen/arch/x86/guest/hypervisor.c | 6 +++--- xen/arch/x86/guest/xen/xen.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/guest/hyperv/hyperv.c b/xen/arch/x86/guest/hyperv/hyperv.c index b101ba3080..5c58a0c457 100644 --- a/xen/arch/x86/guest/hyperv/hyperv.c +++ b/xen/arch/x86/guest/hyperv/hyperv.c @@ -219,7 +219,7 @@ static int cf_check flush_tlb( return hyperv_flush_tlb(mask, va, flags); } -static const struct hypervisor_ops __initconstrel ops = { +static const struct hypervisor_ops __initconst_cf_clobber ops = { .name = "Hyper-V", .setup = setup, .ap_setup = ap_setup, diff --git a/xen/arch/x86/guest/hypervisor.c b/xen/arch/x86/guest/hypervisor.c index 366af1d650..c3e10c3586 100644 --- a/xen/arch/x86/guest/hypervisor.c +++ b/xen/arch/x86/guest/hypervisor.c @@ -25,7 +25,7 @@ #include #include -static struct hypervisor_ops __read_mostly ops; +static struct hypervisor_ops __ro_after_init ops; const char *__init hypervisor_probe(void) { @@ -61,7 +61,7 @@ void __init hypervisor_setup(void) int hypervisor_ap_setup(void) { if ( ops.ap_setup ) - return ops.ap_setup(); + return alternative_call(ops.ap_setup); return 0; } @@ -69,7 +69,7 @@ int hypervisor_ap_setup(void) void hypervisor_resume(void) { if ( ops.resume ) - ops.resume(); + alternative_vcall(ops.resume); } void __init hypervisor_e820_fixup(struct e820map *e820) diff --git a/xen/arch/x86/guest/xen/xen.c b/xen/arch/x86/guest/xen/xen.c index 9c2defaa66..c4cb16df38 100644 --- a/xen/arch/x86/guest/xen/xen.c +++ b/xen/arch/x86/guest/xen/xen.c @@ -330,7 +330,7 @@ static int cf_check flush_tlb( return xen_hypercall_hvm_op(HVMOP_flush_tlbs, NULL); } -static const struct hypervisor_ops __initconstrel ops = { +static const struct hypervisor_ops __initconst_cf_clobber ops = { .name = "Xen", .setup = setup, .ap_setup = ap_setup, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:22:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:22:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702708.1098026 (Exim 4.92) (envelope-from ) id 1ruFBD-0004p2-59; Tue, 09 Apr 2024 17:22:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702708.1098026; Tue, 09 Apr 2024 17:22:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBD-0004os-2b; Tue, 09 Apr 2024 17:22:43 +0000 Received: by outflank-mailman (input) for mailman id 702708; Tue, 09 Apr 2024 17:22:41 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBB-0004oZ-DR for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:41 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBB-0005gN-Ci for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFBB-00074g-Bn for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LzbV9R7XeoqQtm3UZPTZwjfRnW9jeeksFoAFaoY/mpk=; b=ZG2C8bE9Ene53PQEOr1eeGbijT CoyaPaKOisQRhHjfNme8MyqPIeoPVx/qkraYQ2kwhQhvXjZjBcJRwKJLPb56M+ivjYUqWZ2qptVMB DqbAtIucaFKU6pAE/4YkXgRlMuzt6B5Ml5KTt0qZJYCfUGbq8w4ERQz1kIChlHIEuAQM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/CPU: convert vendor hook invocations to altcall Message-Id: Date: Tue, 09 Apr 2024 17:22:41 +0000 commit 6b899fe735d040356ead7170e0fe10f6668624d0 Author: Jan Beulich AuthorDate: Mon Feb 5 10:48:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/CPU: convert vendor hook invocations to altcall While not performance critical, these hook invocations still want converting: This way all pre-filled struct cpu_dev instances can become __initconst_cf_clobber, thus allowing to eliminate further 8 ENDBR during the 2nd phase of alternatives patching (besides moving previously resident data to .init.*). Since all use sites need touching anyway, take the opportunity and also address a Misra C:2012 Rule 5.5 violation: Rename the this_cpu static variable. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit 660f8a75013c947fbe5358a640032a1f9f1eece5) --- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/cpu/centaur.c | 2 +- xen/arch/x86/cpu/common.c | 24 ++++++++++++------------ xen/arch/x86/cpu/hygon.c | 2 +- xen/arch/x86/cpu/intel.c | 2 +- xen/arch/x86/cpu/shanghai.c | 2 +- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index d5e9ad7598..2838725bab 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -1286,7 +1286,7 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) amd_log_freq(c); } -const struct cpu_dev amd_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber amd_cpu_dev = { .c_early_init = early_init_amd, .c_init = init_amd, }; diff --git a/xen/arch/x86/cpu/centaur.c b/xen/arch/x86/cpu/centaur.c index eac49d78db..750168d1e8 100644 --- a/xen/arch/x86/cpu/centaur.c +++ b/xen/arch/x86/cpu/centaur.c @@ -54,6 +54,6 @@ static void cf_check init_centaur(struct cpuinfo_x86 *c) init_c3(c); } -const struct cpu_dev centaur_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber centaur_cpu_dev = { .c_init = init_centaur, }; diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 60e472da26..88855f5773 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -115,10 +115,10 @@ static void cf_check default_init(struct cpuinfo_x86 * c) __clear_bit(X86_FEATURE_SEP, c->x86_capability); } -static const struct cpu_dev default_cpu = { +static const struct cpu_dev __initconst_cf_clobber __used default_cpu = { .c_init = default_init, }; -static const struct cpu_dev *this_cpu = &default_cpu; +static struct cpu_dev __ro_after_init actual_cpu; static DEFINE_PER_CPU(uint64_t, msr_misc_features); void (* __ro_after_init ctxt_switch_masking)(const struct vcpu *next); @@ -343,12 +343,13 @@ void __init early_cpu_init(void) c->x86_vendor = x86_cpuid_lookup_vendor(ebx, ecx, edx); switch (c->x86_vendor) { - case X86_VENDOR_INTEL: this_cpu = &intel_cpu_dev; break; - case X86_VENDOR_AMD: this_cpu = &amd_cpu_dev; break; - case X86_VENDOR_CENTAUR: this_cpu = ¢aur_cpu_dev; break; - case X86_VENDOR_SHANGHAI: this_cpu = &shanghai_cpu_dev; break; - case X86_VENDOR_HYGON: this_cpu = &hygon_cpu_dev; break; + case X86_VENDOR_INTEL: actual_cpu = intel_cpu_dev; break; + case X86_VENDOR_AMD: actual_cpu = amd_cpu_dev; break; + case X86_VENDOR_CENTAUR: actual_cpu = centaur_cpu_dev; break; + case X86_VENDOR_SHANGHAI: actual_cpu = shanghai_cpu_dev; break; + case X86_VENDOR_HYGON: actual_cpu = hygon_cpu_dev; break; default: + actual_cpu = default_cpu; printk(XENLOG_ERR "Unrecognised or unsupported CPU vendor '%.12s'\n", c->x86_vendor_id); @@ -434,8 +435,8 @@ static void generic_identify(struct cpuinfo_x86 *c) c->apicid = phys_pkg_id((ebx >> 24) & 0xFF, 0); c->phys_proc_id = c->apicid; - if (this_cpu->c_early_init) - this_cpu->c_early_init(c); + if (actual_cpu.c_early_init) + alternative_vcall(actual_cpu.c_early_init, c); /* c_early_init() may have adjusted cpuid levels/features. Reread. */ c->cpuid_level = cpuid_eax(0); @@ -540,9 +541,8 @@ void identify_cpu(struct cpuinfo_x86 *c) * At the end of this section, c->x86_capability better * indicate the features this CPU genuinely supports! */ - if (this_cpu->c_init) - this_cpu->c_init(c); - + if (actual_cpu.c_init) + alternative_vcall(actual_cpu.c_init, c); if (c == &boot_cpu_data && !opt_pku) setup_clear_cpu_cap(X86_FEATURE_PKU); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 361eb6fd41..0c7c97ebb7 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -88,7 +88,7 @@ static void cf_check init_hygon(struct cpuinfo_x86 *c) amd_log_freq(c); } -const struct cpu_dev hygon_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber hygon_cpu_dev = { .c_early_init = early_init_amd, .c_init = init_hygon, }; diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 532e845f66..2d439e0bd2 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -598,7 +598,7 @@ static void cf_check init_intel(struct cpuinfo_x86 *c) setup_clear_cpu_cap(X86_FEATURE_CLWB); } -const struct cpu_dev intel_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber intel_cpu_dev = { .c_early_init = early_init_intel, .c_init = init_intel, }; diff --git a/xen/arch/x86/cpu/shanghai.c b/xen/arch/x86/cpu/shanghai.c index 95ae544f8c..910f2c32f3 100644 --- a/xen/arch/x86/cpu/shanghai.c +++ b/xen/arch/x86/cpu/shanghai.c @@ -15,6 +15,6 @@ static void cf_check init_shanghai(struct cpuinfo_x86 *c) init_intel_cacheinfo(c); } -const struct cpu_dev shanghai_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber shanghai_cpu_dev = { .c_init = init_shanghai, }; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:22:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:22:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702709.1098030 (Exim 4.92) (envelope-from ) id 1ruFBN-0004sK-6e; Tue, 09 Apr 2024 17:22:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702709.1098030; Tue, 09 Apr 2024 17:22:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBN-0004sA-48; Tue, 09 Apr 2024 17:22:53 +0000 Received: by outflank-mailman (input) for mailman id 702709; Tue, 09 Apr 2024 17:22:51 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBL-0004rw-Ge for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:51 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBL-0005gU-Ft for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:51 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFBL-000758-FD for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:22:51 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gwypibScqWnhg1CB8muB4krtotCKgD+XpISgkra9dxw=; b=Oril/T6r1gHDXq4c+IQAtQY4eq tvK0BfrokrNMqpsPHHTboe1gPIUFnbhHfhK4kuc9WMMRBT09+TRkrS0Lpq9BMN+izV3+oeZPWVN4w /skavWZ3T6kWNSZpFByyZufNVq8L+ExNlXgJsGctBmZonQdIrKPFp8gZAUWRePpbZZ1o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] VMX: tertiary execution control infrastructure Message-Id: Date: Tue, 09 Apr 2024 17:22:51 +0000 commit 91c2a92231af71a50557c65e32e2f838ae3aed14 Author: Jan Beulich AuthorDate: Wed Feb 7 13:46:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 VMX: tertiary execution control infrastructure This is a prereq to enabling e.g. the MSRLIST feature. Note that the PROCBASED_CTLS3 MSR is different from other VMX feature reporting MSRs, in that all 64 bits report allowed 1-settings. vVMX code is left alone, though, for the time being. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 878159bf259bfbd7a40312829f1ea0ce1f6645e2) --- xen/arch/x86/hvm/vmx/vmcs.c | 57 +++++++++++++++++++++++++++++---- xen/arch/x86/hvm/vmx/vmx.c | 6 ++++ xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 13 ++++++++ xen/arch/x86/include/asm/hvm/vmx/vmx.h | 1 + xen/arch/x86/include/asm/msr-index.h | 1 + 5 files changed, 72 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index b5ecc51b43..49d51fb524 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -176,6 +176,7 @@ static int cf_check parse_ept_param_runtime(const char *s) u32 vmx_pin_based_exec_control __read_mostly; u32 vmx_cpu_based_exec_control __read_mostly; u32 vmx_secondary_exec_control __read_mostly; +uint64_t vmx_tertiary_exec_control __read_mostly; u32 vmx_vmexit_control __read_mostly; u32 vmx_vmentry_control __read_mostly; u64 vmx_ept_vpid_cap __read_mostly; @@ -241,10 +242,32 @@ static u32 adjust_vmx_controls( return ctl; } -static bool_t cap_check(const char *name, u32 expected, u32 saw) +static uint64_t adjust_vmx_controls2( + const char *name, uint64_t ctl_min, uint64_t ctl_opt, unsigned int msr, + bool *mismatch) +{ + uint64_t vmx_msr, ctl = ctl_min | ctl_opt; + + rdmsrl(msr, vmx_msr); + + ctl &= vmx_msr; /* bit == 0 ==> must be zero */ + + /* Ensure minimum (required) set of control bits are supported. */ + if ( ctl_min & ~ctl ) + { + *mismatch = true; + printk("VMX: CPU%u has insufficient %s (%#lx; requires %#lx)\n", + smp_processor_id(), name, ctl, ctl_min); + } + + return ctl; +} + +static bool cap_check( + const char *name, unsigned long expected, unsigned long saw) { if ( saw != expected ) - printk("VMX %s: saw %#x expected %#x\n", name, saw, expected); + printk("VMX %s: saw %#lx expected %#lx\n", name, saw, expected); return saw != expected; } @@ -254,6 +277,7 @@ static int vmx_init_vmcs_config(bool bsp) u32 _vmx_pin_based_exec_control; u32 _vmx_cpu_based_exec_control; u32 _vmx_secondary_exec_control = 0; + uint64_t _vmx_tertiary_exec_control = 0; u64 _vmx_ept_vpid_cap = 0; u64 _vmx_misc_cap = 0; u32 _vmx_vmexit_control; @@ -287,7 +311,8 @@ static int vmx_init_vmcs_config(bool bsp) opt = (CPU_BASED_ACTIVATE_MSR_BITMAP | CPU_BASED_TPR_SHADOW | CPU_BASED_MONITOR_TRAP_FLAG | - CPU_BASED_ACTIVATE_SECONDARY_CONTROLS); + CPU_BASED_ACTIVATE_SECONDARY_CONTROLS | + CPU_BASED_ACTIVATE_TERTIARY_CONTROLS); _vmx_cpu_based_exec_control = adjust_vmx_controls( "CPU-Based Exec Control", min, opt, MSR_IA32_VMX_PROCBASED_CTLS, &mismatch); @@ -351,6 +376,15 @@ static int vmx_init_vmcs_config(bool bsp) MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); } + if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) + { + uint64_t opt = 0; + + _vmx_tertiary_exec_control = adjust_vmx_controls2( + "Tertiary Exec Control", 0, opt, + MSR_IA32_VMX_PROCBASED_CTLS3, &mismatch); + } + /* The IA32_VMX_EPT_VPID_CAP MSR exists only when EPT or VPID available */ if ( _vmx_secondary_exec_control & (SECONDARY_EXEC_ENABLE_EPT | SECONDARY_EXEC_ENABLE_VPID) ) @@ -481,6 +515,7 @@ static int vmx_init_vmcs_config(bool bsp) vmx_pin_based_exec_control = _vmx_pin_based_exec_control; vmx_cpu_based_exec_control = _vmx_cpu_based_exec_control; vmx_secondary_exec_control = _vmx_secondary_exec_control; + vmx_tertiary_exec_control = _vmx_tertiary_exec_control; vmx_ept_vpid_cap = _vmx_ept_vpid_cap; vmx_vmexit_control = _vmx_vmexit_control; vmx_vmentry_control = _vmx_vmentry_control; @@ -516,6 +551,9 @@ static int vmx_init_vmcs_config(bool bsp) mismatch |= cap_check( "Secondary Exec Control", vmx_secondary_exec_control, _vmx_secondary_exec_control); + mismatch |= cap_check( + "Tertiary Exec Control", + vmx_tertiary_exec_control, _vmx_tertiary_exec_control); mismatch |= cap_check( "VMExit Control", vmx_vmexit_control, _vmx_vmexit_control); @@ -1092,6 +1130,7 @@ static int construct_vmcs(struct vcpu *v) v->arch.hvm.vmx.exec_control |= CPU_BASED_RDTSC_EXITING; v->arch.hvm.vmx.secondary_exec_control = vmx_secondary_exec_control; + v->arch.hvm.vmx.tertiary_exec_control = vmx_tertiary_exec_control; /* * Disable features which we don't want active by default: @@ -1146,6 +1185,10 @@ static int construct_vmcs(struct vcpu *v) __vmwrite(SECONDARY_VM_EXEC_CONTROL, v->arch.hvm.vmx.secondary_exec_control); + if ( cpu_has_vmx_tertiary_exec_control ) + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); + /* MSR access bitmap. */ if ( cpu_has_vmx_msr_bitmap ) { @@ -2069,10 +2112,12 @@ void vmcs_dump_vcpu(struct vcpu *v) vmr(HOST_PERF_GLOBAL_CTRL)); printk("*** Control State ***\n"); - printk("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n", + printk("PinBased=%08x CPUBased=%08x\n", vmr32(PIN_BASED_VM_EXEC_CONTROL), - vmr32(CPU_BASED_VM_EXEC_CONTROL), - vmr32(SECONDARY_VM_EXEC_CONTROL)); + vmr32(CPU_BASED_VM_EXEC_CONTROL)); + printk("SecondaryExec=%08x TertiaryExec=%016lx\n", + vmr32(SECONDARY_VM_EXEC_CONTROL), + vmr(TERTIARY_VM_EXEC_CONTROL)); printk("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl, vmexit_ctl); printk("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n", vmr32(EXCEPTION_BITMAP), diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index fed362bc32..26b6e4ca61 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -725,6 +725,12 @@ void vmx_update_secondary_exec_control(struct vcpu *v) v->arch.hvm.vmx.secondary_exec_control); } +void vmx_update_tertiary_exec_control(const struct vcpu *v) +{ + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); +} + void vmx_update_exception_bitmap(struct vcpu *v) { u32 bitmap = unlikely(v->arch.hvm.vmx.vmx_realmode) diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index 0af021d5f5..bbb0966fc3 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -125,6 +125,7 @@ struct vmx_vcpu { /* Cache of cpu execution control. */ u32 exec_control; u32 secondary_exec_control; + uint64_t tertiary_exec_control; u32 exception_bitmap; uint64_t shadow_gs; @@ -207,6 +208,7 @@ void vmx_vmcs_reload(struct vcpu *v); #define CPU_BASED_RDTSC_EXITING 0x00001000 #define CPU_BASED_CR3_LOAD_EXITING 0x00008000 #define CPU_BASED_CR3_STORE_EXITING 0x00010000 +#define CPU_BASED_ACTIVATE_TERTIARY_CONTROLS 0x00020000 #define CPU_BASED_CR8_LOAD_EXITING 0x00080000 #define CPU_BASED_CR8_STORE_EXITING 0x00100000 #define CPU_BASED_TPR_SHADOW 0x00200000 @@ -271,6 +273,14 @@ extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_NOTIFY_VM_EXITING 0x80000000 extern u32 vmx_secondary_exec_control; +#define TERTIARY_EXEC_LOADIWKEY_EXITING BIT(0, UL) +#define TERTIARY_EXEC_ENABLE_HLAT BIT(1, UL) +#define TERTIARY_EXEC_EPT_PAGING_WRITE BIT(2, UL) +#define TERTIARY_EXEC_GUEST_PAGING_VERIFY BIT(3, UL) +#define TERTIARY_EXEC_IPI_VIRT BIT(4, UL) +#define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) +extern uint64_t vmx_tertiary_exec_control; + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -307,6 +317,8 @@ extern u64 vmx_ept_vpid_cap; (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_MSR_BITMAP) #define cpu_has_vmx_secondary_exec_control \ (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) +#define cpu_has_vmx_tertiary_exec_control \ + (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS) #define cpu_has_vmx_ept \ (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) #define cpu_has_vmx_dt_exiting \ @@ -430,6 +442,7 @@ enum vmcs_field { VIRT_EXCEPTION_INFO = 0x0000202a, XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, + TERTIARY_VM_EXEC_CONTROL = 0x00002034, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h index 8e1e42ac47..4ff19488ea 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -102,6 +102,7 @@ void vmx_update_debug_state(struct vcpu *v); void vmx_update_exception_bitmap(struct vcpu *v); void vmx_update_cpu_exec_control(struct vcpu *v); void vmx_update_secondary_exec_control(struct vcpu *v); +void vmx_update_tertiary_exec_control(const struct vcpu *v); #define POSTED_INTR_ON 0 #define POSTED_INTR_SN 1 diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 9b5f67711f..521079191a 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -327,6 +327,7 @@ #define MSR_IA32_VMX_TRUE_EXIT_CTLS 0x48f #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 #define MSR_IA32_VMX_VMFUNC 0x491 +#define MSR_IA32_VMX_PROCBASED_CTLS3 0x492 /* K7/K8 MSRs. Not complete. See the architecture manual for a more complete list. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:23:03 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:23:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702710.1098034 (Exim 4.92) (envelope-from ) id 1ruFBX-0004ui-8D; Tue, 09 Apr 2024 17:23:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702710.1098034; Tue, 09 Apr 2024 17:23:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBX-0004uY-5b; Tue, 09 Apr 2024 17:23:03 +0000 Received: by outflank-mailman (input) for mailman id 702710; Tue, 09 Apr 2024 17:23:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBV-0004uL-KQ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBV-0005gr-Jh for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFBV-00075g-I8 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tAOXsx2s2v3m92eIB/8KBMwvNJq7andCnmh7VGmhVzo=; b=swhoR4YIjDvwkfU3ssYvtkOfmB OBvPc0PcjbJOqBUl9sGtqFfgUNKKlik4Vo0BNQQz1ZGIy185xV7GMlQYx50SQwLfc6pCJY08xKNAH /+07K+ZVU/JbcEtZf9aoNXHor8waiBh/JjvCJG/jM5zlepbX/fgXrNruIADej+uYkDzI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Move __read_mostly data into __ro_after_init Message-Id: Date: Tue, 09 Apr 2024 17:23:01 +0000 commit a0bd738f9cd158306e046c7a6f3726128219e4eb Author: Andrew Cooper AuthorDate: Thu Mar 28 12:38:32 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Move __read_mostly data into __ro_after_init These variables predate the introduction of __ro_after_init, but all qualify. Update them to be consistent with the rest of the file. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 7a09966e7b2823b70f6d56d0cf66c11124f4a3c1) --- xen/arch/x86/spec_ctrl.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ac21af2c5c..0a2de88593 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -61,18 +61,18 @@ bool __ro_after_init opt_ssbd; int8_t __initdata opt_psfd = -1; int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; -int8_t __read_mostly opt_eager_fpu = -1; -int8_t __read_mostly opt_l1d_flush = -1; +int8_t __ro_after_init opt_eager_fpu = -1; +int8_t __ro_after_init opt_l1d_flush = -1; static bool __initdata opt_branch_harden = IS_ENABLED(CONFIG_SPECULATIVE_HARDEN_BRANCH); static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __read_mostly default_xen_spec_ctrl; -uint8_t __read_mostly default_spec_ctrl_flags; +uint8_t __ro_after_init default_xen_spec_ctrl; +uint8_t __ro_after_init default_spec_ctrl_flags; -paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; -bool __read_mostly cpu_has_bug_l1tf; +paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; +bool __ro_after_init cpu_has_bug_l1tf; static unsigned int __initdata l1d_maxphysaddr; static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ @@ -328,8 +328,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) } custom_param("spec-ctrl", parse_spec_ctrl); -int8_t __read_mostly opt_xpti_hwdom = -1; -int8_t __read_mostly opt_xpti_domu = -1; +int8_t __ro_after_init opt_xpti_hwdom = -1; +int8_t __ro_after_init opt_xpti_domu = -1; static __init void xpti_init_default(void) { @@ -393,8 +393,8 @@ static int __init cf_check parse_xpti(const char *s) } custom_param("xpti", parse_xpti); -int8_t __read_mostly opt_pv_l1tf_hwdom = -1; -int8_t __read_mostly opt_pv_l1tf_domu = -1; +int8_t __ro_after_init opt_pv_l1tf_hwdom = -1; +int8_t __ro_after_init opt_pv_l1tf_domu = -1; static int __init cf_check parse_pv_l1tf(const char *s) { -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:23:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:23:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702711.1098037 (Exim 4.92) (envelope-from ) id 1ruFBh-00051n-9u; Tue, 09 Apr 2024 17:23:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702711.1098037; Tue, 09 Apr 2024 17:23:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBh-00051f-76; Tue, 09 Apr 2024 17:23:13 +0000 Received: by outflank-mailman (input) for mailman id 702711; Tue, 09 Apr 2024 17:23:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBf-00051M-NE for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBf-0005gy-MZ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFBf-00076K-Lm for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iYq4xIsA6dXy0T8BykDji8T0UuMex0up/eLa/mfmRhY=; b=SH0uoQIacZcWJHR5vaVXUkAAdU sHGRBq8J7rwJluiM/yffh/6ob/dCXZZqeRq5y2Q5/TZShAbRXdxER4lU69+vyUUj17YL3NOFybHSy S3En0eJaG/dhf/oNLKqifvj6Gj2zPRKE7hpXxkaqc1XNBpsWx3SYUqrfMkqMMTmtFYhY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch Message-Id: Date: Tue, 09 Apr 2024 17:23:11 +0000 commit 81ebc5abe77223783da0ae567408d8addebd83a7 Author: Andrew Cooper AuthorDate: Wed Apr 3 17:43:42 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch It turns out there is something wonky on some but not all CPUs with MSR_TSX_FORCE_ABORT. The presence of RTM_ALWAYS_ABORT causes Xen to think it's safe to offer HLE/RTM to guests, but in this case, XBEGIN instructions genuinely #UD. Spot this case and try to back out as cleanly as we can. Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich (cherry picked from commit b33f191e3ca99458fdcea1cb5a29dfa4965d1604) --- xen/arch/x86/tsx.c | 55 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 80c6f4cedd..a019400c96 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -1,5 +1,6 @@ #include #include +#include #include /* @@ -9,6 +10,7 @@ * -1 => Default, altered to 0/1 (if unspecified) by: * - TAA heuristics/settings for speculative safety * - "TSX vs PCR3" select for TSX memory ordering safety + * -2 => Implicit tsx=0 (from RTM_ALWAYS_ABORT vs RTM mismatch) * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) * * This is arranged such that the bottom bit encodes whether TSX is actually @@ -122,11 +124,50 @@ void tsx_init(void) if ( cpu_has_tsx_force_abort ) { + uint64_t val; + /* - * On an early TSX-enable Skylake part subject to the memory + * On an early TSX-enabled Skylake part subject to the memory * ordering erratum, with at least the March 2019 microcode. */ + rdmsrl(MSR_TSX_FORCE_ABORT, val); + + /* + * At the time of writing (April 2024), it was discovered that + * some parts (e.g. CoffeeLake 8th Gen, 06-9e-0a, ucode 0xf6) + * advertise RTM_ALWAYS_ABORT, but XBEGIN instructions #UD. Other + * similar parts (e.g. KabyLake Xeon-E3, 06-9e-09, ucode 0xf8) + * operate as expected. + * + * In this case: + * - RTM_ALWAYS_ABORT and MSR_TSX_FORCE_ABORT are enumerated. + * - XBEGIN instructions genuinely #UD. + * - MSR_TSX_FORCE_ABORT appears to be write-discard and fails to + * hold its value. + * - HLE and RTM are not enumerated, despite + * MSR_TSX_FORCE_ABORT.TSX_CPUID_CLEAR being clear. + * + * Spot RTM being unavailable without CLEAR_CPUID being set, and + * treat it as if no TSX is available at all. This will prevent + * Xen from thinking it's safe to offer HLE/RTM to VMs. + */ + if ( val == 0 && cpu_has_rtm_always_abort && !cpu_has_rtm ) + { + printk(XENLOG_ERR + "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RTM_ALWAYS_ABORT vs RTM mismatch\n", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_mask, this_cpu(cpu_sig).rev); + + setup_clear_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + setup_clear_cpu_cap(X86_FEATURE_TSX_FORCE_ABORT); + + if ( opt_tsx < 0 ) + opt_tsx = -2; + + goto done_probe; + } + /* * Probe for the June 2021 microcode which de-features TSX on * client parts. (Note - this is a subset of parts impacted by @@ -136,15 +177,8 @@ void tsx_init(void) * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. */ - if ( !has_rtm_always_abort ) - { - uint64_t val; - - rdmsrl(MSR_TSX_FORCE_ABORT, val); - - if ( val & TSX_ENABLE_RTM ) - has_rtm_always_abort = true; - } + if ( val & TSX_ENABLE_RTM ) + has_rtm_always_abort = true; /* * If no explicit tsx= option is provided, pick a default. @@ -199,6 +233,7 @@ void tsx_init(void) setup_force_cpu_cap(X86_FEATURE_RTM); } } + done_probe: /* * Note: MSR_TSX_CTRL is enumerated on TSX-enabled MDS_NO and later parts. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:23:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:23:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702712.1098042 (Exim 4.92) (envelope-from ) id 1ruFBr-00056U-D4; Tue, 09 Apr 2024 17:23:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702712.1098042; Tue, 09 Apr 2024 17:23:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBr-00056K-AK; Tue, 09 Apr 2024 17:23:23 +0000 Received: by outflank-mailman (input) for mailman id 702712; Tue, 09 Apr 2024 17:23:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBp-000565-Py for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBp-0005hN-PI for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFBp-00076q-Oc for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eskW1ziNB9HwVo799wmX6wLClfltKyXbgQTIrwanmfE=; b=1197gxtUp4Yl5Pajens5/CzRBy N1I5dMPJ7R6ZvptuHrqNz6EREIzgNo2VKdtIkQkzyQytZGj5STwpSNu8P4/6i06JrGVdaUFsf64mU 482s6d9eB/jHDsllUj+/9zWOOHh3qrxrsrGHm7cqmOyrAsHjqyJWS4zg8cIxmhEG+ulU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/alternatives: fix .init section reference in _apply_alternatives() Message-Id: Date: Tue, 09 Apr 2024 17:23:21 +0000 commit e60fc805d8a2ee2822dc96715bca44ebed135a8c Author: Roger Pau Monné AuthorDate: Tue Apr 9 14:50:46 2024 +0200 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/alternatives: fix .init section reference in _apply_alternatives() The code in _apply_alternatives() will unconditionally attempt to read __initdata_cf_clobber_{start,end} when called as part of applying alternatives to a livepatch payload when Xen is using IBT. That leads to a page-fault as __initdata_cf_clobber_{start,end} living in .init section will have been unmapped by the time a livepatch gets loaded. Fix by adding a check that limits the clobbering of endbr64 instructions to boot time only. Fixes: 37ed5da851b8 ('x86/altcall: Optimise away endbr64 instruction where possible') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper (cherry picked from commit 4be1fef1e6572c2be0bd378902ffb62a6e73faeb) --- xen/arch/x86/alternative.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 1d59dffc46..8356414be7 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -338,7 +338,7 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, * Clobber endbr64 instructions now that altcall has finished optimising * all indirect branches to direct ones. */ - if ( force && cpu_has_xen_ibt ) + if ( force && cpu_has_xen_ibt && system_state < SYS_STATE_active ) { void *const *val; unsigned int clobbered = 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:23:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:23:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702713.1098046 (Exim 4.92) (envelope-from ) id 1ruFC1-00059U-EJ; Tue, 09 Apr 2024 17:23:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702713.1098046; Tue, 09 Apr 2024 17:23:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFC1-00059M-Bh; Tue, 09 Apr 2024 17:23:33 +0000 Received: by outflank-mailman (input) for mailman id 702713; Tue, 09 Apr 2024 17:23:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBz-00058n-Su for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFBz-0005hU-S9 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFBz-00077Q-RV for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Wp7SnKtWULlEniS1LAtEDKTdNstAWtRfpqDGO7YPVEM=; b=3bAs6m6wsR4Bo2gCcx3ieaU6Cu 9LbgviLIIrrsJP+21aUP81cH6RjV0UbKjQF4XZAxHcgQv45hnfeH899Nj8Q2/ARPnQLZrhHG2JDmz 0aYrfC7sv+LgKsP+KN4Ze4Hm4gEcqo3rsdj0jNNsWVhW0j8aEgDY3WnyId3imACHqKrs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests Message-Id: Date: Tue, 09 Apr 2024 17:23:31 +0000 commit d2b179ba6e308769f1b37637d1c746c3dbf55cc0 Author: Andrew Cooper AuthorDate: Tue Apr 9 15:03:05 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests All of these are prediction-mode (i.e. CPL) based. They don't operate as advertised in PV context. Fixes: 4dd676070684 ("x86/spec-ctrl: Expose IPRED_CTRL to guests") Fixes: 478e4787fa64 ("x86/spec-ctrl: Expose RRSBA_CTRL to guests") Fixes: 583f1d095052 ("x86/spec-ctrl: Expose BHI_CTRL to guests") Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 4b3da946ad7e3452761478ae683da842e7ff20d6) --- xen/include/public/arch-x86/cpufeatureset.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 51f238683c..63c8ac8486 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -295,9 +295,9 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*S MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*S MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*S MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:23:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:23:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702714.1098050 (Exim 4.92) (envelope-from ) id 1ruFCB-0005FD-G1; Tue, 09 Apr 2024 17:23:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702714.1098050; Tue, 09 Apr 2024 17:23:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCB-0005F6-DB; Tue, 09 Apr 2024 17:23:43 +0000 Received: by outflank-mailman (input) for mailman id 702714; Tue, 09 Apr 2024 17:23:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFC9-0005Eq-WE for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFC9-0005hr-VY for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFC9-000781-Uv for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ivF2x06oLSsEVuy1px7D8nsCJHkpoUrVgZOG04bx1zs=; b=6y867JhFBOueGDfrNr96O+Qdpa AEMWY3q7Kckq6cCnTJcmiKXZvEkZfWnOxY/rqJgeNqAVvAhecz997xhHgbhM7ic664ieCk0mkj6Si BIcCMRn3275A1iszdTe+tKXmI2hl1fogGtIjSOot3XETXoh/WWXim7qhPR3UBe9iKhv0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Rename spec_ctrl_flags to scf Message-Id: Date: Tue, 09 Apr 2024 17:23:41 +0000 commit 164c69bcee159b6f5c9f58d49fd3b715be75146f Author: Andrew Cooper AuthorDate: Thu Mar 28 11:57:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Rename spec_ctrl_flags to scf XSA-455 was ultimately caused by having fields with too-similar names. Both {xen,last}_spec_ctrl are fields containing an architectural MSR_SPEC_CTRL value. The spec_ctrl_flags field contains Xen-internal flags. To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which is also the prefix of the constants used by the fields. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit c62673c4334b3372ebd4292a7ac8185357e7ea27) --- xen/arch/x86/acpi/power.c | 4 ++-- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/include/asm/current.h | 2 +- xen/arch/x86/include/asm/domain.h | 2 +- xen/arch/x86/include/asm/spec_ctrl.h | 16 ++++++++-------- xen/arch/x86/include/asm/spec_ctrl_asm.h | 22 +++++++++++----------- xen/arch/x86/setup.c | 2 +- xen/arch/x86/spec_ctrl.c | 18 +++++++++--------- xen/arch/x86/x86_64/asm-offsets.c | 2 +- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 2 +- 14 files changed, 44 insertions(+), 44 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index b76f673acb..5cddb0f0f6 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,7 @@ static int enter_state(u32 state) ci = get_cpu_info(); /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_IST_MASK; + ci->scf &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,7 +290,7 @@ static int enter_state(u32 state) panic("Missing previously available feature(s)\n"); /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); + ci->scf |= (default_scf & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index aca9fa310c..228763b5e9 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2096,10 +2096,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the new spec_ctrl settings. */ - info->spec_ctrl_flags = - (info->spec_ctrl_flags & ~SCF_DOM_MASK) | - (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); + /* Update the top-of-stack block with the new speculation settings. */ + info->scf = + (info->scf & ~SCF_DOM_MASK) | + (nextd->arch.scf & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index c19e964bc6..0264e0bac2 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -103,7 +103,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index cdde76e138..4ee529c57a 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -111,7 +111,7 @@ UNLIKELY_END(realmode) BUILD_BUG_ON(SCF_verw & ~0xff) movzbl VCPU_vmx_launched(%rbx), %ecx shl $31, %ecx - movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax + movzbl CPUINFO_scf(%rsp), %eax and $SCF_verw, %eax or %eax, %ecx diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 49d51fb524..f0fb4874b8 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1386,7 +1386,7 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); - if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + if ( !rc && (d->arch.scf & SCF_entry_ibpb) ) rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, VMX_MSR_HOST); diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index da5e152a10..9cc8d8e3d4 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -57,7 +57,7 @@ struct cpu_info { unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; + uint8_t scf; /* SCF_* */ /* * The following field controls copying of the L4 page table of 64-bit diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h index 5293c0cde4..f90a268b01 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -324,7 +324,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ + uint8_t scf; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index a431fea587..8fc350abe2 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -21,10 +21,10 @@ #define __X86_SPEC_CTRL_H__ /* - * Encoding of: - * cpuinfo.spec_ctrl_flags - * default_spec_ctrl_flags - * domain.spec_ctrl_flags + * Encoding of Xen's speculation control flags in: + * cpuinfo.scf + * default_scf + * domain.scf * * Live settings are in the top-of-stack block, because they need to be * accessable when XPTI is active. Some settings are fixed from boot, some @@ -94,7 +94,7 @@ extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; -extern uint8_t default_spec_ctrl_flags; +extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; @@ -114,7 +114,7 @@ static inline void init_shadow_spec_ctrl_state(void) info->shadow_spec_ctrl = 0; info->xen_spec_ctrl = default_xen_spec_ctrl; - info->spec_ctrl_flags = default_spec_ctrl_flags; + info->scf = default_scf; /* * For least latency, the VERW selector should be a writeable data @@ -138,7 +138,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) */ info->shadow_spec_ctrl = val; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); @@ -187,7 +187,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. */ - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index e85db1a329..8c488be048 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -51,7 +51,7 @@ * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow - * boolean in the per cpu spec_ctrl_flags. The synchronous use is: + * boolean in the per cpu scf. The synchronous use is: * * 1) Store guest value in shadow_spec_ctrl * 2) Set the use_shadow boolean @@ -98,11 +98,11 @@ * interrupting Xen. */ .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) .endif jz .L\@_skip @@ -172,8 +172,8 @@ #define STK_REL(field, top_of_stk) ((field) - (top_of_stk)) .macro SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) + scf=STK_REL(CPUINFO_scf, CPUINFO_error_code), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) /* * Requires \scf and \sel as %rsp-relative expressions * Clobbers eflags @@ -228,10 +228,10 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else - andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + andb $~SCF_use_shadow, CPUINFO_scf(%rsp) movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax .endif @@ -250,7 +250,7 @@ mov %eax, CPUINFO_shadow_spec_ctrl(%rsp) /* Set SPEC_CTRL shadowing *before* loading the guest value. */ - orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + orb $SCF_use_shadow, CPUINFO_scf(%rsp) mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx @@ -328,7 +328,7 @@ * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -353,7 +353,7 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx @@ -387,7 +387,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs * Clobbers %rax, %rbx, %rcx, %rdx */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx testb $SCF_ist_sc_msr, %bl jz .L\@_skip_sc_msr diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 0c00ea875d..d47f156711 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1984,7 +1984,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0a2de88593..ab81ad457b 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -69,7 +69,7 @@ static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; uint8_t __ro_after_init default_xen_spec_ctrl; -uint8_t __ro_after_init default_spec_ctrl_flags; +uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; bool __ro_after_init cpu_has_bug_l1tf; @@ -1117,7 +1117,7 @@ static void __init ibpb_calculations(void) * NMI/#MC, so can't interrupt Xen ahead of having already flushed the * BTB. */ - default_spec_ctrl_flags |= SCF_ist_ibpb; + default_scf |= SCF_ist_ibpb; } if ( opt_ibpb_entry_hvm ) setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); @@ -1618,7 +1618,7 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); - d->arch.spec_ctrl_flags = + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | 0; @@ -1723,7 +1723,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1734,7 +1734,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1869,7 +1869,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } /* @@ -1892,7 +1892,7 @@ void __init init_speculation_mitigations(void) * possible rogue RSB speculation. */ if ( !cpu_has_svm ) - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } srso_calculations(hw_smt_enabled); @@ -1905,7 +1905,7 @@ void __init init_speculation_mitigations(void) if ( opt_eager_fpu == -1 ) opt_eager_fpu = should_use_eager_fpu(); - /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ + /* (Re)init BSP state now that default_scf has been calculated. */ init_shadow_spec_ctrl_state(); /* @@ -2178,7 +2178,7 @@ void __init init_speculation_mitigations(void) { info->shadow_spec_ctrl = 0; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); } diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 4cd5938d7b..fba82d6436 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -154,7 +154,7 @@ void __dummy__(void) OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); - OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); + OFFSET(CPUINFO_scf, struct cpu_info, scf); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info)); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 3b2fbcd873..fab85eb733 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -164,8 +164,8 @@ ENTRY(compat_restore_all_guest) /* Account for ev/ec having already been popped off the stack. */ SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) + scf=STK_REL(CPUINFO_scf, CPUINFO_rip), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) .Lft0: iretq _ASM_PRE_EXTABLE(.Lft0, handle_exception) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index ef517e2945..50fc048834 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -692,7 +692,7 @@ UNLIKELY_END(exit_cr3) /* * When the CPU pushed this exception frame, it zero-extended eflags. * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of - * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs, + * scf and ver_sel above eflags, as we can't use any GPRs, * and we're at a random place on the stack, not in a CPUFINFO block. * * Account for ev/ec having already been popped off the stack. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:23:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:23:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702715.1098053 (Exim 4.92) (envelope-from ) id 1ruFCL-0005QT-HM; Tue, 09 Apr 2024 17:23:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702715.1098053; Tue, 09 Apr 2024 17:23:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCL-0005QL-El; Tue, 09 Apr 2024 17:23:53 +0000 Received: by outflank-mailman (input) for mailman id 702715; Tue, 09 Apr 2024 17:23:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCK-0005Of-32 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCK-0005i0-2M for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFCK-00078o-1i for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:23:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MyVH5Fkew3QlpH7Z6MSjTGwzs2MwovWRyvERX8mB/Pc=; b=BztnVZ3NkjVVBTvUuToWbYSrn+ tp38rMumpylBSpmh58INFg4DUPuSLyB910Ay4t69kmqF6Ar8BYF9y8kavoHDZg6OwerPeCR763SAt 1o4XkElP+TrfZByyb2/BSCuU5NxqYm/DmCuAyFtHuEmtXRtnutzR5UmqFAYUP+XRW6ec=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Message-Id: Date: Tue, 09 Apr 2024 17:23:52 +0000 commit 05f6fe7c39fe0c44807a51f6aa1d8ee1a38de197 Author: Andrew Cooper AuthorDate: Fri Mar 22 11:41:41 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Right now, we have a mix of safety strategies in different blocks, making the logic fragile and hard to follow. Start addressing this by having a safety LFENCE at the end of the blocks, which can be patched out if other safety criteria are met. This will allow us to simplify the sub-blocks. For SPEC_CTRL_ENTRY_FROM_IST, simply leave an LFENCE unconditionally at the end; the IST path is not a fast-path by any stretch of the imagination. For SPEC_CTRL_ENTRY_FROM_INTR, the existing description was incorrect. The IRET #GP path is non-fatal but can occur with the guest's choice of MSR_SPEC_CTRL. It is safe to skip the flush/barrier-like protections when interrupting Xen, but we must run DO_SPEC_CTRL_ENTRY irrespective. This will skip RSB stuffing which was previously unconditional even when interrupting Xen. AFAICT, this is a missing cleanup from commit 3fffaf9c13e9 ("x86/entry: Avoid using alternatives in NMI/#MC paths") where we split the IST entry path out of the main INTR entry path. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 94896de1a98c4289fe6fef9e16ef99fc6ef2efc4) --- xen/arch/x86/hvm/vmx/entry.S | 1 + xen/arch/x86/include/asm/cpufeatures.h | 4 +++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 27 +++++++++-------- xen/arch/x86/spec_ctrl.c | 52 ++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 4ee529c57a..8d5b683879 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -43,6 +43,7 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 7e8221fd85..6422c66b0f 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -52,5 +52,9 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_BUG_CLFLUSH_MFENCE X86_BUG( 2) /* MFENCE needed to serialise CLFLUSH */ #define X86_BUG_IBPB_NO_RET X86_BUG( 3) /* IBPB doesn't flush the RSB/RAS */ +#define X86_SPEC_NO_LFENCE_ENTRY_PV X86_BUG(16) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_PV. */ +#define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ +#define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 8c488be048..e58e5110d9 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -273,25 +273,37 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm /* * Used after an exception or maskable interrupt, hitting Xen or PV context. - * There will either be a guest speculation context, or (barring fatal - * exceptions) a well-formed Xen speculation context. + * There will either be a guest speculation context, or a well-formed Xen + * speculation context, with the exception of one case. IRET #GP handling may + * have a guest choice of MSR_SPEC_CTRL. + * + * Therefore, we can skip the flush/barrier-like protections when hitting Xen, + * but we must still run the mode-based protections. */ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rcx, %rdx */ + testb $3, UREGS_cs(%rsp) + jz .L\@_skip + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV +.L\@_skip: ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm /* @@ -360,18 +372,9 @@ movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr - /* Opencoded UNLIKELY_START() with no condition. */ -UNLIKELY_DISPATCH_LABEL(\@_serialise): - .subsection 1 - /* - * In the case that we might need to set SPEC_CTRL.IBRS for safety, we - * need to ensure that an attacker can't poison the `jz .L\@_skip_wrmsr` - * to speculate around the WRMSR. As a result, we need a dispatch - * serialising instruction in the else clause. - */ .L\@_skip_msr_spec_ctrl: + lfence - UNLIKELY_END(\@_serialise) .endm /* diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ab81ad457b..2b22deb891 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2154,6 +2154,58 @@ void __init init_speculation_mitigations(void) print_details(thunk); + /* + * With the alternative blocks now chosen, see if we need any other + * adjustments for safety. + * + * We compile the LFENCE in, and patch it out if it's not needed. + * + * Notes: + * - SPEC_CTRL_ENTRY_FROM_SVM doesn't need an LFENCE because it has an + * unconditional STGI. + * - SPEC_CTRL_ENTRY_FROM_IST handles its own safety, without the use of + * alternatives. + * - DO_OVERWRITE_RSB has conditional branches in it, but it's an inline + * sequence. It is considered safe for uarch reasons. + */ + { + /* + * SPEC_CTRL_ENTRY_FROM_PV conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we're not using any prior conditional mitigation, + * then it's safe to drop the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); + + /* + * SPEC_CTRL_ENTRY_FROM_INTR conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we have no protections active in the block that + * is skipped when interrupting guest context, then it's safe to drop + * the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); + + /* + * SPEC_CTRL_ENTRY_FROM_VMX conditional safety + * + * Currently there are no safety actions with conditional branches, so + * no need for the extra safety LFENCE. + */ + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + } + /* * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard * any firmware settings. For performance reasons, when safe to do so, we -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:24:03 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:24:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702716.1098058 (Exim 4.92) (envelope-from ) id 1ruFCV-0005Tf-LM; Tue, 09 Apr 2024 17:24:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702716.1098058; Tue, 09 Apr 2024 17:24:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCV-0005TY-IL; Tue, 09 Apr 2024 17:24:03 +0000 Received: by outflank-mailman (input) for mailman id 702716; Tue, 09 Apr 2024 17:24:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCU-0005TK-62 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCU-0005iL-5L for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFCU-00079t-4c for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TKomKT7zrva0RszU+LnOvm7CPurMMO7D24C6bStg1sE=; b=qS7HqQJ+uTAxNFZBLdbSB1mTNP hAav2q9EL2MK5uKsXk0uOVut0LGf5Y7uSnNyhuOBvlRpmhfijysVvZvdZz9klncf52zL/O4/TLBsr 8h+YFfJjl1Hi9AoQ1xF2KP2gTQLMreelKOcaUKZgFvxsy6iCsIvFyvbiru3E8g5KrKis=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Message-Id: Date: Tue, 09 Apr 2024 17:24:02 +0000 commit 687691733f4834b7edfd52cae6339d43257a19b3 Author: Andrew Cooper AuthorDate: Fri Mar 22 15:52:06 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Other SPEC_CTRL_* paths already use %r14 like this, and it will allow for simplifications. All instances of SPEC_CTRL_ENTRY_FROM_PV are followed by a GET_STACK_END() invocation, so this change is only really logic and register shuffling. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22390697bf1b4cd3024f2d10893dec3c3ec08a9c) --- xen/arch/x86/x86_64/compat/entry.S | 4 +++- xen/arch/x86/x86_64/entry.S | 44 +++++++++++++++++++++----------------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index fab85eb733..a32b95f7c3 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,6 +18,8 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, EFRAME_entry_vector(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ @@ -25,7 +27,7 @@ ENTRY(entry_int82) CR4_PV32_RESTORE - GET_CURRENT(bx) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov %rsp, %rdi call do_entry_int82 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 50fc048834..78c00bdd19 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -266,21 +266,22 @@ ENTRY(lstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Llstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Llstar_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx testb $TF_kernel_mode,VCPU_thread_flags(%rbx) jz switch_to_kernel @@ -303,23 +304,24 @@ ENTRY(cstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lcstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lcstar_cr3_okay: sti CR4_PV32_RESTORE - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx #ifdef CONFIG_PV32 movq VCPU_domain(%rbx), %rcx @@ -344,23 +346,24 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lsyse_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl @@ -398,17 +401,18 @@ ENTRY(int80_direct_trap) movl $0x80, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lint80_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lint80_cr3_okay: sti @@ -418,7 +422,7 @@ UNLIKELY_START(ne, msi_check) call check_for_unexpected_msi UNLIKELY_END(msi_check) - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov VCPU_trap_ctxt(%rbx), %rsi mov VCPU_domain(%rbx), %rax -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:24:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:24:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702717.1098062 (Exim 4.92) (envelope-from ) id 1ruFCf-0005i9-MR; Tue, 09 Apr 2024 17:24:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702717.1098062; Tue, 09 Apr 2024 17:24:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCf-0005i1-Jq; Tue, 09 Apr 2024 17:24:13 +0000 Received: by outflank-mailman (input) for mailman id 702717; Tue, 09 Apr 2024 17:24:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCe-0005gT-93 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCe-0005iU-8K for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFCe-0007Ac-7V for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HqokoR/LIE1ZKAjDNbAjhNEk/mWcvecede6cCC+F42A=; b=0nlWho7n1YtJOMsv3275qPJkLX CL2TMMm0iKkpArz6e04xZOuvmOcSW7Z6Qo2TBw66A3ch6Cr4eT1CRASXFOub1j3i1qPGXMUbogYjz T/RX8OKuChiKFMSXRy8zjoesl3OzX6Z94DEwOOsYiVZI0X3kAAs2hNva8Fo/eetcGeKQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} Message-Id: Date: Tue, 09 Apr 2024 17:24:12 +0000 commit d2313bd20d36a452e0b4906da4814149a18e5acf Author: Andrew Cooper AuthorDate: Fri Mar 22 12:08:02 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} ... as we do in the exit paths too. This will allow simplification to the sub-blocks. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9607aeb6602b8ed9962404de3f5f90170ffddb66) --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 10 +++++++--- xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++++------ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index e58e5110d9..67f6963e8d 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -263,9 +263,11 @@ */ .macro SPEC_CTRL_ENTRY_FROM_PV /* - * Requires %rsp=regs/cpuinfo, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs/cpuinfo, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ X86_FEATURE_IBPB_ENTRY_PV @@ -289,8 +291,10 @@ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + testb $3, UREGS_cs(%rsp) jz .L\@_skip diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index a32b95f7c3..ff462a92e0 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,7 +20,7 @@ ENTRY(entry_int82) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ sti diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 78c00bdd19..801d241337 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -268,7 +268,7 @@ ENTRY(lstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -306,7 +306,7 @@ ENTRY(cstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -348,7 +348,7 @@ GLOBAL(sysenter_eflags_saved) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ @@ -403,7 +403,7 @@ ENTRY(int80_direct_trap) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -713,7 +713,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -747,7 +747,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:24:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:24:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702718.1098067 (Exim 4.92) (envelope-from ) id 1ruFCp-0005xV-Om; Tue, 09 Apr 2024 17:24:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702718.1098067; Tue, 09 Apr 2024 17:24:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCp-0005xN-LK; Tue, 09 Apr 2024 17:24:23 +0000 Received: by outflank-mailman (input) for mailman id 702718; Tue, 09 Apr 2024 17:24:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCo-0005wk-Cq for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCo-0005ib-C3 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFCo-0007Bo-AO for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sh1KPL8GgDrRGjByxXeblQDG+ouU736ECHRDDFybyWM=; b=2vQ+En4QsJfdyvFpXGbRpxYULg Gh0nZBVSDCKI+2O758vKaOMIu6xyQkUt8lh51VVVK9u/Hu8fvSCAvYlUBHTyhQJ5s8FB8TicNrwgM bpU4pOBbUaOkTju7D0Rx8nVhov2LFDDGZXi7ZVBIknCJN7If2xiCpxFcuZn9NBL154cI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Simplify DO_COND_IBPB Message-Id: Date: Tue, 09 Apr 2024 17:24:22 +0000 commit b73f37b91ce05c28cb998ef4870198922fa2b17c Author: Andrew Cooper AuthorDate: Fri Mar 22 14:33:17 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Simplify DO_COND_IBPB With the prior refactoring, SPEC_CTRL_ENTRY_{PV,INTR} both load SCF into %ebx, and handle the conditional safety including skipping if interrupting Xen. Therefore, we can drop the maybexen parameter and the conditional safety. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 2378d16a931de0e62c03669169989e9437306abe) --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 67f6963e8d..8d171ecca2 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -87,33 +87,21 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ -.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +.macro DO_COND_IBPB /* - * Requires %rsp=regs (also cpuinfo if !maybexen) - * Requires %r14=stack_end (if maybexen), %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rbx=SCF, %rdx=0 + * Clobbers %rax, %rcx * - * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen - * case, we can safely look at UREGS_cs to skip taking the hit when - * interrupting Xen. + * Conditionally issue IBPB if SCF_entry_ibpb is active. */ - .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) - jz .L\@_skip - testb $3, UREGS_cs(%rsp) - .else - testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) - .endif + testb $SCF_entry_ibpb, %bl jz .L\@_skip mov $MSR_PRED_CMD, %ecx mov $PRED_CMD_IBPB, %eax wrmsr - jmp .L\@_done .L\@_skip: - lfence -.L\@_done: .endm .macro DO_OVERWRITE_RSB tmp=rax xu @@ -268,8 +256,7 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -298,8 +285,7 @@ testb $3, UREGS_cs(%rsp) jz .L\@_skip - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -339,7 +325,7 @@ * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of: - * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_COND_IBPB * DO_OVERWRITE_RSB * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:24:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:24:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702719.1098071 (Exim 4.92) (envelope-from ) id 1ruFCz-00060M-Ps; Tue, 09 Apr 2024 17:24:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702719.1098071; Tue, 09 Apr 2024 17:24:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCz-00060E-Mw; Tue, 09 Apr 2024 17:24:33 +0000 Received: by outflank-mailman (input) for mailman id 702719; Tue, 09 Apr 2024 17:24:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCy-0005zw-Fa for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFCy-0005kF-Er for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFCy-0007Cp-EC for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O2tKixxZTwusLaz0eTYcs+mUAyrKAYaBWBuMvvqjOXs=; b=uCofdhJ2h6VKc9EycQ0X80paHv ebuSgJrMOs5ty464Y1RL06kvW1qCsfBpalWl18Q459z0Fcx/R4u4ozGaVn1sOV+NoncZX5l8hE1NF BJL0tWib8JIlGvaeFQgQk0Lo5oKnlI6KEjguQpGy4dKZIjome4F3U7yuXuewckMVhD6g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* Message-Id: Date: Tue, 09 Apr 2024 17:24:32 +0000 commit 046f90e1b5c72ebc609eb1629c80cf5e077da02b Author: Andrew Cooper AuthorDate: Mon Mar 25 11:09:35 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* The complexity is getting out of hand. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 40dea83b75386cb693481cf340024ce093be5c0f) --- xen/arch/x86/hvm/svm/entry.S | 14 ++++++++ xen/arch/x86/hvm/vmx/entry.S | 14 ++++++++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 59 ++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 0264e0bac2..58d8a1bffa 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -102,6 +102,11 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular + * making type-confused RETs safe to use. This is not needed on Zen5 + * and later parts when SRSO_MSR_FIX (BP-SPEC-REDUCE) is in use. + */ .macro svm_vmexit_cond_ibpb testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb @@ -113,8 +118,17 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + /* + * RSB (RAS/RAP) stuffing is to prevents RET predictions following guest + * entries. This is not needed on Zen4 and later, when AutoIBRS is in + * use. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting, making indirect CALLs/JMPs + * safe to use. The guest's setting resides in the VMCB. + */ .macro svm_vmexit_spec_ctrl movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax movzbl CPUINFO_last_spec_ctrl(%rsp), %edx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 8d5b683879..008d76a6e1 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -34,8 +34,22 @@ ENTRY(vmx_asm_vmexit_handler) mov %rax,VCPU_hvm_guest_cr2(%rbx) /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* + * RSB stuffing is to prevents RET predictions following guest + * entries. This is *not* sufficient to flush all RSB entries on + * parts enumerating eIBRS, although the following restore_spec_ctrl + * does covers us. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting. The guest's value resides in + * the MSR load/save list. For Legacy IBRS, this flushes/inhibits + * indirect predictions and does not flush the RSB. For eIBRS, this + * prevents CALLs/JMPs using predictions learnt at a lower predictor + * mode, and it flushes the RSB. On eIBRS parts that also suffer from + * PBRSB, the prior RSB stuffing suffices to make the RSB safe. + */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 8d171ecca2..9531d046d7 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -256,10 +256,32 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. + */ ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * This is not needed if SMEP is active and the RSB is full-width. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. The + * guest can't change it's value behind Xen's back. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. + */ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV @@ -282,6 +304,14 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * All safety notes the same as SPEC_CTRL_ENTRY_FROM_PV, although there is + * a conditional jump skipping some actions when interrupting Xen. + * + * On Intel parts, the IRET #GP path ends up here with the guest's choice + * of MSR_SPEC_CTRL. + */ + testb $3, UREGS_cs(%rsp) jz .L\@_skip @@ -332,6 +362,19 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. The SVM path takes care of + * Host/Guest interactions prior to clearing GIF, and it's not used on the + * VMX path. + */ test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -341,6 +384,12 @@ .L\@_skip_ibpb: + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * SCF_ist_rsb is active if either PV or HVM protections are needed. The + * VMX path cannot guarantee to make the RSB safe ahead of taking an IST + * vector. + */ test $SCF_ist_rsb, %bl jz .L\@_skip_rsb @@ -348,6 +397,16 @@ .L\@_skip_rsb: + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. PV + * guests can't change their value behind Xen's back. HVM guests have + * their value stored in the MSR load/save list. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. On eIBRS parts that also + * suffer from PBRSB, the prior RSB stuffing suffices to make the RSB + * safe. + */ test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:24:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:24:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702720.1098074 (Exim 4.92) (envelope-from ) id 1ruFD9-00062x-RB; Tue, 09 Apr 2024 17:24:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702720.1098074; Tue, 09 Apr 2024 17:24:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFD9-00062m-OK; Tue, 09 Apr 2024 17:24:43 +0000 Received: by outflank-mailman (input) for mailman id 702720; Tue, 09 Apr 2024 17:24:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFD8-00062c-Ir for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFD8-0005kg-I9 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFD8-0007DT-HO for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XNl99TKT2Y5UQcSOV8/Bv81xZJnd+eL+uEfgQWzx3fA=; b=bWfdxLuYgVMpGm+uRzwK0BGOhW 3hQRX8jOe4GEy4kvhWeIWozc3MsnmZ4ahK7pZoi0AKSB/tR72jujEmpoWbmcDhi2goMuj8SATf6Ls NF/yGeCXol9baOIhTgtY74Qad19u1aVom9pvoRPqVRZXJFi+w1YzIzj9eN7c53/Plxdk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/vmx: Add support for virtualize SPEC_CTRL Message-Id: Date: Tue, 09 Apr 2024 17:24:42 +0000 commit 587298a707ea6c9afd3565a1f68fd43bc21038e9 Author: Roger Pau Monne AuthorDate: Thu Feb 15 17:46:53 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/vmx: Add support for virtualize SPEC_CTRL The feature is defined in the tertiary exec control, and is available starting from Sapphire Rapids and Alder Lake CPUs. When enabled, two extra VMCS fields are used: SPEC_CTRL mask and shadow. Bits set in mask are not allowed to be toggled by the guest (either set or clear) and the value in the shadow field is the value the guest expects to be in the SPEC_CTRL register. By using it the hypervisor can force the value of SPEC_CTRL bits behind the guest back without having to trap all accesses to SPEC_CTRL, note that no bits are forced into the guest as part of this patch. It also allows getting rid of SPEC_CTRL in the guest MSR load list, since the value in the shadow field will be loaded by the hardware on vmentry. Signed-off-by: Roger Pau Monné Signed-off-by: Andrew Cooper (cherry picked from commit 97c5b8b657e41a6645de9d40713b881234417b49) --- xen/arch/x86/hvm/vmx/vmcs.c | 12 ++++++++++- xen/arch/x86/hvm/vmx/vmx.c | 37 ++++++++++++++++++++++++++------- xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 5 +++++ xen/arch/x86/include/asm/msr.h | 7 +++++-- 4 files changed, 51 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index f0fb4874b8..11464c60ed 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -215,6 +215,7 @@ static void __init vmx_display_features(void) P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); P(cpu_has_vmx_bus_lock_detection, "Bus Lock Detection"); P(cpu_has_vmx_notify_vm_exiting, "Notify VM Exit"); + P(cpu_has_vmx_virt_spec_ctrl, "Virtualize SPEC_CTRL"); #undef P if ( !printed ) @@ -378,7 +379,7 @@ static int vmx_init_vmcs_config(bool bsp) if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) { - uint64_t opt = 0; + uint64_t opt = TERTIARY_EXEC_VIRT_SPEC_CTRL; _vmx_tertiary_exec_control = adjust_vmx_controls2( "Tertiary Exec Control", 0, opt, @@ -1377,6 +1378,12 @@ static int construct_vmcs(struct vcpu *v) if ( cpu_has_vmx_tsc_scaling ) __vmwrite(TSC_MULTIPLIER, d->arch.hvm.tsc_scaling_ratio); + if ( cpu_has_vmx_virt_spec_ctrl ) + { + __vmwrite(SPEC_CTRL_MASK, 0); + __vmwrite(SPEC_CTRL_SHADOW, 0); + } + /* will update HOST & GUEST_CR3 as reqd */ paging_update_paging_modes(v); @@ -2087,6 +2094,9 @@ void vmcs_dump_vcpu(struct vcpu *v) if ( v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY ) printk("InterruptStatus = %04x\n", vmr16(GUEST_INTR_STATUS)); + if ( cpu_has_vmx_virt_spec_ctrl ) + printk("SPEC_CTRL mask = 0x%016lx shadow = 0x%016lx\n", + vmr(SPEC_CTRL_MASK), vmr(SPEC_CTRL_SHADOW)); printk("*** Host State ***\n"); printk("RIP = 0x%016lx (%ps) RSP = 0x%016lx\n", diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 26b6e4ca61..38d6d78607 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -759,23 +759,28 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored. + * + * If VMX_VIRT_SPEC_CTRL is available, it is activated by default and the + * guest MSR_SPEC_CTRL value lives in the VMCS. Otherwise, it lives in + * the MSR load/save list. */ if ( cp->feat.ibrsb ) { vmx_clear_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); - if ( rc ) - goto out; + if ( !cpu_has_vmx_virt_spec_ctrl ) + { + rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); + if ( rc ) + goto out; + } } else { vmx_set_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); - if ( rc && rc != -ESRCH ) - goto out; - rc = 0; /* Tolerate -ESRCH */ + if ( !cpu_has_vmx_virt_spec_ctrl ) + vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ @@ -2592,6 +2597,10 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - fetched below. */ + break; + rc = vmx_read_guest_msr(v, reg, &val); if ( rc ) { @@ -2612,6 +2621,11 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmread(SPEC_CTRL_SHADOW, &val); + break; + case MSR_IA32_BNDCFGS: __vmread(GUEST_BNDCFGS, &val); break; @@ -2636,6 +2650,10 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - set below. */ + break; + rc = vmx_write_guest_msr(v, reg, val); if ( rc ) { @@ -2650,6 +2668,11 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmwrite(SPEC_CTRL_SHADOW, val); + break; + case MSR_IA32_BNDCFGS: __vmwrite(GUEST_BNDCFGS, val); break; diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index bbb0966fc3..63074a49c0 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -281,6 +281,9 @@ extern u32 vmx_secondary_exec_control; #define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) extern uint64_t vmx_tertiary_exec_control; +#define cpu_has_vmx_virt_spec_ctrl \ + (vmx_tertiary_exec_control & TERTIARY_EXEC_VIRT_SPEC_CTRL) + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -443,6 +446,8 @@ enum vmcs_field { XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, TERTIARY_VM_EXEC_CONTROL = 0x00002034, + SPEC_CTRL_MASK = 0x0000204a, + SPEC_CTRL_SHADOW = 0x0000204c, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index adda736efc..0309b7dfbe 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -290,8 +290,11 @@ struct vcpu_msrs * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. * - * For VT-x guests, the guest value is held in the MSR guest load/save - * list. + * For VT-x guests, one of two situations exist: + * + * - If hardware supports virtualized MSR_SPEC_CTRL, it is active by + * default and the guest value lives in the VMCS. + * - Otherwise, the guest value is held in the MSR load/save list. * * For SVM, the guest value lives in the VMCB, and hardware saves/restores * the host value automatically. However, guests run with the OR of the -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:24:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:24:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702721.1098078 (Exim 4.92) (envelope-from ) id 1ruFDJ-00066K-V3; Tue, 09 Apr 2024 17:24:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702721.1098078; Tue, 09 Apr 2024 17:24:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDJ-00066C-SU; Tue, 09 Apr 2024 17:24:53 +0000 Received: by outflank-mailman (input) for mailman id 702721; Tue, 09 Apr 2024 17:24:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDI-000663-M7 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDI-0005kn-LP for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFDI-0007Dz-KZ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:24:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rod3MdA/pgBMRf0qrXUPJX4KYzQ8YXbinQwJFFEnhk4=; b=m9Fds3yCzjM65rsQZDWqJnhdWu QoE8nQKalT9C0Eg+Zco6ngsWiU8vWOkmx0rzHtwUj1Jt5PTfbYLspAxwEMtbJ1X8gHpcU9Bd3tbMs 5AAQ/Vk6kLF5nYIyVNh/78mKGCSVMx4ih+R1ovPVGZG3o357/tkZ4gWWzUZX7XhrkJ88=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Message-Id: Date: Tue, 09 Apr 2024 17:24:52 +0000 commit e32ff92de8905f35b7e0e44b53100271b5992ce2 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:43:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Right now, they're all bytes, but MSR_SPEC_CTRL has been steadily gaining new features. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 45dac88e78e8a2d9d8738eef884fe6730faf9e67) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/include/asm/spec_ctrl.h | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 6 +++--- xen/arch/x86/spec_ctrl.c | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 58d8a1bffa..8779856fb5 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -63,14 +63,14 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ .macro svm_vmentry_spec_ctrl mov VCPU_arch_msrs(%rbx), %rax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_last_spec_ctrl(%rsp), %edx mov VCPUMSR_spec_ctrl_raw(%rax), %eax cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM @@ -130,14 +130,14 @@ __UNLIKELY_END(nsvm_hap) * safe to use. The guest's setting resides in the VMCB. */ .macro svm_vmexit_spec_ctrl - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_last_spec_ctrl(%rsp), %edx cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 008d76a6e1..9250eb1839 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -52,7 +52,7 @@ ENTRY(vmx_asm_vmexit_handler) */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax xor %edx, %edx wrmsr .endm diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index 9cc8d8e3d4..ba82b413e2 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -55,8 +55,8 @@ struct cpu_info { /* See asm/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; - uint8_t xen_spec_ctrl; - uint8_t last_spec_ctrl; + unsigned int xen_spec_ctrl; + unsigned int last_spec_ctrl; uint8_t scf; /* SCF_* */ /* diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 8fc350abe2..7048e5ee21 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -93,7 +93,7 @@ extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; -extern uint8_t default_xen_spec_ctrl; +extern unsigned int default_xen_spec_ctrl; extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 9531d046d7..d232172159 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -217,10 +217,10 @@ setnz %al not %eax and %al, STACK_CPUINFO_FIELD(scf)(%r14) - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else andb $~SCF_use_shadow, CPUINFO_scf(%rsp) - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax .endif wrmsr @@ -418,7 +418,7 @@ /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr .L\@_skip_msr_spec_ctrl: diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2b22deb891..5ccd82f161 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -68,7 +68,7 @@ static bool __initdata opt_branch_harden = static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __ro_after_init default_xen_spec_ctrl; +unsigned int __ro_after_init default_xen_spec_ctrl; uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:25:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:25:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702722.1098082 (Exim 4.92) (envelope-from ) id 1ruFDU-00069I-0h; Tue, 09 Apr 2024 17:25:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702722.1098082; Tue, 09 Apr 2024 17:25:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDT-00069A-U9; Tue, 09 Apr 2024 17:25:03 +0000 Received: by outflank-mailman (input) for mailman id 702722; Tue, 09 Apr 2024 17:25:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDS-00068y-PK for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDS-0005l9-OZ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFDS-0007Ej-Nj for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8muin5uGHxkuoZk00aARdoUiW6cz+nQW7DF6FUQTjtI=; b=4f1WsPuVXwm2HrDSsnYHPX98Bs CP5iG8kz15Fm3P8MudJgQYkecOSOgy2uW+gPJJ4b1x4wmvOlGfstfAx1EmgfjIREeyJtJwlr2e6j2 rH0R9mxCdZMtFWkgzBNt0DH4ZmjKiOR5t/Ogacg6V0buNn9Rjp+9/Boe0t5R9p7jyD14=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86: Use indirect calls in reset-stack infrastructure Message-Id: Date: Tue, 09 Apr 2024 17:25:02 +0000 commit e2a2cfb4ddf05a76e072ea84172d6a83ba392d20 Author: Andrew Cooper AuthorDate: Fri Dec 22 17:44:48 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86: Use indirect calls in reset-stack infrastructure Mixing up JMP and CALL indirect targets leads a very fun form of speculative type confusion. A target which is expecting to be called CALLed needs a return address on the stack, and an indirect JMP doesn't place one there. An indirect JMP which predicts to a target intending to be CALLed can end up with a RET speculatively executing with a value from the JMPers stack frame. There are several ways get indirect JMPs in Xen. * From tailcall optimisations. These are safe because the compiler has arranged the stack to point at the callee's return address. * From jump tables. These are unsafe, but Xen is built with -fno-jump-tables to work around several compiler issues. * From reset_stack_and_jump_ind(), which is particularly unsafe. Because of the additional stack adjustment made, the value picked up off the stack is regs->r15 of the next vCPU to run. In order to mitigate this type confusion, we want to make all indirect targets be CALL targets, and remove the use of indirect JMP except via tailcall optimisation. Luckily due to XSA-348, all C target functions of reset_stack_and_jump_ind() are noreturn. {svm,vmx}_do_resume() exits via reset_stack_and_jump(); a direct JMP with entirely different prediction properties. idle_loop() is an infinite loop which eventually exits via reset_stack_and_jump_ind() from a new schedule. i.e. These paths are all fine having one extra return address on the stack. This leaves continue_pv_domain(), which is expecting to be a JMP target. Alter it to strip the return address off the stack, which is safe because there isn't actually a RET expecting to return to its caller. This allows us change reset_stack_and_jump_ind() to reset_stack_and_call_ind() in order to mitigate the speculative type confusion. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8e186f98ce0e35d1754ec9299da41ec98873b65c) --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/x86_64/entry.S | 8 ++++++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 228763b5e9..5dbd1d8a12 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2112,12 +2112,12 @@ void context_switch(struct vcpu *prev, struct vcpu *next) /* Ensure that the vcpu has an up-to-date time base. */ update_vcpu_system_time(next); - reset_stack_and_jump_ind(nextd->arch.ctxt_switch->tail); + reset_stack_and_call_ind(nextd->arch.ctxt_switch->tail); } void continue_running(struct vcpu *same) { - reset_stack_and_jump_ind(same->domain->arch.ctxt_switch->tail); + reset_stack_and_call_ind(same->domain->arch.ctxt_switch->tail); } int __sync_local_execstate(void) diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index ba82b413e2..2f723bcf1b 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -196,10 +196,10 @@ unsigned long get_stack_dump_bottom (unsigned long sp); switch_stack_and_jump(fn, "jmp %c", "i") /* The constraint may only specify non-call-clobbered registers. */ -#define reset_stack_and_jump_ind(fn) \ +#define reset_stack_and_call_ind(fn) \ ({ \ (void)((fn) == (void (*)(void))NULL); \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b"); \ + switch_stack_and_jump(fn, "INDIRECT_CALL %", "b"); \ }) /* diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 801d241337..9c256746ba 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -637,6 +637,14 @@ ENTRY(dom_crash_sync_extable) #ifdef CONFIG_PV ENTRY(continue_pv_domain) ENDBR64 + + /* + * For speculative type confusion reasons, we're CALLed rather than + * JMPed to. Drop the return address. + */ + add $8, %rsp + ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK + call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:25:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:25:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702723.1098086 (Exim 4.92) (envelope-from ) id 1ruFDe-0006Ba-22; Tue, 09 Apr 2024 17:25:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702723.1098086; Tue, 09 Apr 2024 17:25:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDd-0006BS-Vd; Tue, 09 Apr 2024 17:25:13 +0000 Received: by outflank-mailman (input) for mailman id 702723; Tue, 09 Apr 2024 17:25:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDc-0006BG-SS for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDc-0005lD-Rc for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFDc-0007FP-Qt for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=u/+8zq95CfCBSTCSCt04OuxHP3/NlGAZY59aPkL8yvw=; b=6P+LSL5KMH60ifChJNR7Z7MR6u jFJYIV5eIcQ22V113OTSjeilglR1aWd/F44GEwozfvWb07wsGfkK4w8yYr7VFAofqQdILXy9lfMoP +vyKd/XUnd2+fYP6XR92sZm/GUSS5dyTDZE3o812QyGigVELxeH48ogmIojQNMzrqu10=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86: Drop INDIRECT_JMP Message-Id: Date: Tue, 09 Apr 2024 17:25:12 +0000 commit 801e251556c374ce3e84ca776f211e00431932ef Author: Andrew Cooper AuthorDate: Fri Dec 22 18:01:37 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86: Drop INDIRECT_JMP Indirect JMPs which are not tailcalls can lead to an unwelcome form of speculative type confusion, and we've removed the uses of INDIRECT_JMP to compensate. Remove the temptation to reintroduce new instances. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0b66d7ce3c0290eaad28bdafb35200052d012b14) --- xen/arch/x86/include/asm/asm-defns.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/include/asm/asm-defns.h b/xen/arch/x86/include/asm/asm-defns.h index 8bd9007731..7e22fcb9c0 100644 --- a/xen/arch/x86/include/asm/asm-defns.h +++ b/xen/arch/x86/include/asm/asm-defns.h @@ -20,10 +20,9 @@ .byte 0x0f, 0x01, 0xdd .endm -.macro INDIRECT_BRANCH insn:req arg:req +.macro INDIRECT_CALL arg:req /* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. + * Create an indirect call. arg is a single register. * * With no compiler support, this degrades into a plain indirect call/jmp. * With compiler support, dispatch to the correct __x86_indirect_thunk_* @@ -33,7 +32,7 @@ $done = 0 .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg + call __x86_indirect_thunk_r\reg $done = 1 .exitm .endif @@ -44,19 +43,10 @@ .endif .else - \insn *\arg + call *\arg .endif .endm -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp \arg -.endm - #ifdef CONFIG_XEN_IBT # define ENDBR64 endbr64 #else -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:25:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:25:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702724.1098091 (Exim 4.92) (envelope-from ) id 1ruFDo-0006EG-3o; Tue, 09 Apr 2024 17:25:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702724.1098091; Tue, 09 Apr 2024 17:25:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDo-0006E6-0o; Tue, 09 Apr 2024 17:25:24 +0000 Received: by outflank-mailman (input) for mailman id 702724; Tue, 09 Apr 2024 17:25:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDm-0006E0-VA for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDm-0005lN-UR for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFDm-0007G0-Tq for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=l9RN90qqXeM8S79jSebMsE9rloDX2NryZoOhaE8b4Uo=; b=S1GUP4Sdt/yoPyVtLv9QeEd8QG NPiXVrFsisSu5SAAh/GxLJ3bGVmw1FAccOMeKNzOimCXicZ4OmBvqsyJgBQI1ZGkpsaUs8Ypue+81 vgBigUVS64K6Vkv07i2XKp6/lCKV55GbstLmgf8LH2C/Up+TF5gviI22rbfC9uxziILU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/tsx: Expose RTM_ALWAYS_ABORT to guests Message-Id: Date: Tue, 09 Apr 2024 17:25:22 +0000 commit 02a424a7a8be13f6f85eb4fa2f43100b8e76f760 Author: Andrew Cooper AuthorDate: Sat Apr 6 20:36:54 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/tsx: Expose RTM_ALWAYS_ABORT to guests A TSX Abort is one option mitigate Native-BHI, but a guest kernel doesn't get to see this if Xen has turned RTM off using MSR_TSX_{CTRL,FORCE_ABORT}. Therefore, the meaning of RTM_ALWAYS_ABORT has been adjusted to "XBEGIN won't fault", and it should be exposed to guests so they can make a better decision. Expose it in the max policy for any RTM-capable system. Offer it by default only if RTM has been disabled. Update test-tsx to account for this new meaning. While adjusting the logic in test_guest_policies(), take the opportunity to use feature names (now they're available) to make the logic easier to follow. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c94e2105924347de0d9f32065370e802a20cc829) --- tools/tests/tsx/test-tsx.c | 39 +++++++++++++++++++---------- xen/arch/x86/cpu-policy.c | 20 +++++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 47 insertions(+), 14 deletions(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index 0f4ea5f9c4..fab5c9a367 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -311,25 +311,25 @@ static void test_guest_policies(const struct cpu_policy *max, dump_tsx_details(max, "Max:"); dump_tsx_details(def, "Def:"); - if ( ((max->feat.raw[0].d | def->feat.raw[0].d) & - (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | - bitmaskof(X86_FEATURE_SRBDS_CTRL))) || - ((max->arch_caps.raw | def->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) + if ( max->feat.tsx_force_abort || def->feat.tsx_force_abort || + max->feat.srbds_ctrl || def->feat.srbds_ctrl || + max->arch_caps.tsx_ctrl || def->arch_caps.tsx_ctrl ) fail(" Xen-only TSX controls offered to guest\n"); switch ( rtm_behaviour ) { case RTM_UD: - if ( (max->feat.raw[0].b | def->feat.raw[0].b) & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) - fail(" HLE/RTM offered to guests despite not being available\n"); + if ( max->feat.hle || def->feat.hle || + max->feat.rtm || def->feat.rtm || + max->feat.rtm_always_abort || def->feat.rtm_always_abort ) + fail(" HLE/RTM/RTM_AA offered to guests despite not being available\n"); break; case RTM_ABORT: - if ( def->feat.raw[0].b & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) + if ( def->feat.hle || def->feat.rtm ) fail(" HLE/RTM offered to guests by default despite not being usable\n"); + if ( !def->feat.rtm_always_abort ) + fail(" RTM_AA not offered to guests by default despite being available\n"); break; case RTM_OK: @@ -340,6 +340,9 @@ static void test_guest_policies(const struct cpu_policy *max, if ( def->feat.hle ) fail(" Fail: HLE offered in default policy\n"); + + if ( def->feat.rtm && def->feat.rtm_always_abort ) + fail(" Fail: Both RTM and RTM_AA offered in default policy\n"); } static void test_def_max_policies(void) @@ -388,14 +391,13 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.hle || guest_policy.policy.feat.tsx_force_abort || - guest_policy.policy.feat.rtm_always_abort || guest_policy.policy.feat.srbds_ctrl || guest_policy.policy.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); if ( host.policy.feat.rtm ) { - unsigned int _7b0; + unsigned int _7b0, _7d0; /* * If host RTM is available, all combinations of guest flags should be @@ -403,6 +405,8 @@ static void test_guest(struct xen_domctl_createdomain *c) */ _7b0 = (guest_policy.policy.feat.raw[0].b ^= (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM))); + _7d0 = (guest_policy.policy.feat.raw[0].d ^= + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT)); /* Set the new policy. */ rc = xc_cpu_policy_set_domain(xch, domid, &guest_policy); @@ -426,10 +430,17 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.raw[0].b != _7b0 ) { - fail(" Expected CPUID.7[1].b 0x%08x differs from actual 0x%08x\n", + fail(" Expected CPUID.7[0].b 0x%08x differs from actual 0x%08x\n", _7b0, guest_policy.policy.feat.raw[0].b); goto out; } + + if ( guest_policy.policy.feat.raw[0].d != _7d0 ) + { + fail(" Expected CPUID.7[0].d 0x%08x differs from actual 0x%08x\n", + _7d0, guest_policy.policy.feat.raw[0].d); + goto out; + } } out: @@ -514,6 +525,8 @@ static void test_tsx(void) i, errno, strerror(errno)); } + dump_tsx_details(&host.policy, "Host:"); + rc = xc_physinfo(xch, &physinfo); if ( rc ) return fail("Failed to obtain physinfo: %d - %s\n", diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index 24acd12ce2..e44de3cfcb 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -468,6 +468,21 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) */ __set_bit(X86_FEATURE_HTT, fs); __set_bit(X86_FEATURE_CMP_LEGACY, fs); + + /* + * To mitigate Native-BHI, one option is to use a TSX Abort on capable + * systems. This is safe even if RTM has been disabled for other reasons + * via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel doesn't get to + * know this type of information. + * + * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to instead + * mean "XBEGIN won't fault". This is enough for a guest kernel to make + * an informed choice WRT mitigating Native-BHI. + * + * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT. + */ + if ( test_bit(X86_FEATURE_RTM, fs) ) + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -540,9 +555,14 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) * function as expected, but is technically compatible with the ISA. * * Do not advertise RTM to guests by default if it won't actually work. + * Instead, advertise RTM_ALWAYS_ABORT indicating that TSX Aborts are safe + * to use, e.g. for mitigating Native-BHI. */ if ( rtm_disabled ) + { __clear_bit(X86_FEATURE_RTM, fs); + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); + } } static void __init guest_common_feature_adjustments(uint32_t *fs) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 63c8ac8486..0004fd4bf5 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -261,7 +261,7 @@ XEN_CPUFEATURE(FSRM, 9*32+ 4) /*A Fast Short REP MOVS */ XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a VP2INTERSECT{D,Q} insns */ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A VERW clears microarchitectural buffers */ -XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! June 2021 TSX defeaturing in microcode. */ +XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! RTM disabled (but XBEGIN wont fault) */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*A SERIALIZE insn */ XEN_CPUFEATURE(HYBRID, 9*32+15) /* Heterogeneous platform */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:25:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:25:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702725.1098094 (Exim 4.92) (envelope-from ) id 1ruFDy-0006IL-4w; Tue, 09 Apr 2024 17:25:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702725.1098094; Tue, 09 Apr 2024 17:25:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDy-0006IE-2F; Tue, 09 Apr 2024 17:25:34 +0000 Received: by outflank-mailman (input) for mailman id 702725; Tue, 09 Apr 2024 17:25:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDx-0006I3-2T for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFDx-0005lV-1a for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFDx-0007GS-0q for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0+MNp13h/D0z9HHuIZ3FeuY38q+S2V2u8Xx03RY+MSs=; b=67IjNuhO+IP5Eh50xOzBy+GvZV cYCqjap2woQJXthDz1ljIbwkBOxj7vgmzBbvLlhV45pVOj96OyfOlSlS+41sRCKz1o3m4JUvq0afN kCsBITbeN0gEnTDoy1HRILn7EnDKGnn9Utq24MsNDJy+QJi+l81Sm9f/dVZSYTbpYRm0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Message-Id: Date: Tue, 09 Apr 2024 17:25:33 +0000 commit 7d3ad6775d59ad292c3b6431e8eb73e10d191298 Author: Andrew Cooper AuthorDate: Tue Mar 26 19:01:37 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Introduce a "bhi-dis-s" boolean to match the other options we have for MSR_SPEC_CTRL values. Also introduce bhi_calculations(). Use BHI_DIS_S whenever possible. Guests which are levelled to be migration compatible with older CPUs can't see BHI_DIS_S, and Xen must fill in the difference to make the guest safe. Use the virt MSR_SPEC_CTRL infrastructure to force BHI_DIS_S behind the guest's back. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 62a1106415c5e8a49b45147ca84d54a58d471343) --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/include/asm/spec_ctrl.h | 1 + xen/arch/x86/spec_ctrl.c | 24 +++++++++++++++++++++++- 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index e1d56407dd..0b0abf8983 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2327,7 +2327,8 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). > {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, -> unpriv-mmio,gds-mit,div-scrub,lock-harden}= ]` +> unpriv-mmio,gds-mit,div-scrub,lock-harden, +> bhi-dis-s}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2408,6 +2409,11 @@ option can be used to force or prevent Xen using the feature itself. By default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by default. +On hardware supporting BHI_DIS_S (Branch History Injection Disable +Supervisor), the `bhi-dis-s=` option can be used to force or prevent Xen using +the feature itself. By default Xen will use BHI_DIS_S on hardware susceptible +to Branch History Injection. + On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` option can be used to force (the default) or prevent Xen from issuing branch prediction barriers on vcpu context switches. diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 38d6d78607..e5259ed034 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -58,6 +58,7 @@ #include #include #include +#include #include static bool_t __initdata opt_force_ept; @@ -783,6 +784,22 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } + if ( cpu_has_vmx_virt_spec_ctrl ) + { + /* + * If we're on BHI_DIS_S capable hardware, the short loop sequence is + * not sufficient to mitigate Native-BHI. If the VM can't see it + * (i.e. it's levelled with older hardware), force it behind the + * guests back for safey. + * + * Because there's not a real Host/Guest split of the MSR_SPEC_CTRL + * value, this only works as expected when Xen is using BHI_DIS_S too. + */ + bool force_bhi_dis_s = opt_bhi_dis_s && !cp->feat.bhi_ctrl; + + __vmwrite(SPEC_CTRL_MASK, force_bhi_dis_s ? SPEC_CTRL_BHI_DIS_S : 0); + } + /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ if ( cp->feat.ibrsb || cp->extd.ibpb ) vmx_clear_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 7048e5ee21..617209202b 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -89,6 +89,7 @@ static always_inline void spec_ctrl_new_guest_context(void) extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; +extern int8_t opt_bhi_dis_s; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 5ccd82f161..085e37525d 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -59,6 +59,7 @@ static int8_t __initdata opt_ibrs = -1; int8_t __initdata opt_stibp = -1; bool __ro_after_init opt_ssbd; int8_t __initdata opt_psfd = -1; +int8_t __ro_after_init opt_bhi_dis_s = -1; int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; int8_t __ro_after_init opt_eager_fpu = -1; @@ -281,6 +282,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ssbd = val; else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) opt_psfd = val; + else if ( (val = parse_boolean("bhi-dis-s", s, ss)) >= 0 ) + opt_bhi_dis_s = val; /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) @@ -536,7 +539,7 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : @@ -554,6 +557,8 @@ static void __init print_details(enum ind_thunk thunk) (!boot_cpu_has(X86_FEATURE_PSFD) && !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", + !boot_cpu_has(X86_FEATURE_BHI_CTRL) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_BHI_DIS_S) ? " BHI_DIS_S+" : " BHI_DIS_S-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -1608,6 +1613,21 @@ static void __init gds_calculations(void) } } +/* + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + */ +static void __init bhi_calculations(void) +{ + if ( opt_bhi_dis_s == -1 ) + opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + + if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) + opt_bhi_dis_s = false; + + if ( opt_bhi_dis_s ) + default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; +} + void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); @@ -2152,6 +2172,8 @@ void __init init_speculation_mitigations(void) gds_calculations(); + bhi_calculations(); + print_details(thunk); /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:25:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:25:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702726.1098098 (Exim 4.92) (envelope-from ) id 1ruFE8-0006Mv-7y; Tue, 09 Apr 2024 17:25:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702726.1098098; Tue, 09 Apr 2024 17:25:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFE8-0006Mo-5M; Tue, 09 Apr 2024 17:25:44 +0000 Received: by outflank-mailman (input) for mailman id 702726; Tue, 09 Apr 2024 17:25:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFE7-0006Me-5N for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFE7-0005lp-4h for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFE7-0007Gr-3w for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jC/Uixf/ZDPG50Ttxt3oPEQeIF1ebVAqariEUBkW1Mo=; b=dNMpYL8TkW0I3WBIe2N5lSpGR+ WybIzeP9/ORwmJjjFqsjTpfutsp6X4K6lRd5zGxtST8d7eNGNlLL+nke9LACpRm36dIHjPizfNtOv iYw0kHpCNORkQ0G4x+IkW8A1RF6v0yT3KY+UjI4JowNbFX4hEBH/r+O9PhMYQgap02kM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Software BHB-clearing sequences Message-Id: Date: Tue, 09 Apr 2024 17:25:43 +0000 commit 4abd50dc17ced2e1221226b7893c437acbbd0d1b Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Software BHB-clearing sequences Implement clear_bhb_{tsx,loops}() as per the BHI guidance. The loops variant is set up as the "short" sequence. Introduce SCF_entry_bhb and extend SPEC_CTRL_ENTRY_* with a conditional call to selected clearing routine. Note that due to a limitation in the ALTERNATIVE capability, the TEST/JZ can't be included alongside a CALL in a single alternative block. This is going to require further work to untangle. The BHB sequences (if used) must be after the restoration of Xen's MSR_SPEC_CTRL value, which must be accounted for when judging whether it is safe to skip the safety LFENCEs. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 954c983abceee97bf5f6230b9ae164f2c49a9aa9) --- xen/arch/x86/Makefile | 1 + xen/arch/x86/bhb-thunk.S | 98 ++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/vmx/entry.S | 12 ++++ xen/arch/x86/include/asm/cpufeature.h | 3 + xen/arch/x86/include/asm/cpufeatures.h | 3 + xen/arch/x86/include/asm/spec_ctrl.h | 3 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++++ xen/arch/x86/spec_ctrl.c | 39 +++++++------ 8 files changed, 171 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index cb9d952659..6a070a8cf8 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -14,6 +14,7 @@ alternative-y := alternative.init.o alternative-$(CONFIG_LIVEPATCH) := obj-bin-y += $(alternative-y) obj-y += apic.o +obj-y += bhb-thunk.o obj-y += bitops.o obj-bin-y += bzimage.init.o obj-bin-y += clear_page.o diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S new file mode 100644 index 0000000000..f52cfb9bc2 --- /dev/null +++ b/xen/arch/x86/bhb-thunk.S @@ -0,0 +1,98 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Branch History Injection clearing sequences. + * + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + * + * Copyright (c) 2023, 2024 XenServer. + */ + .file __FILE__ + +#include + + .section .text.entry, "ax", @progbits + +/* + * Clear the Branch History Buffer using a TSX Abort. + * + * Any TSX Abort has a side effect of clearing the BHB, even when TSX is + * disabled for e.g. TAA mitigation reasons. + */ +ENTRY(clear_bhb_tsx) + .byte 0xc7, 0xf8; .long 1f - 0f /* xbegin 1f */ +0: .byte 0xc6, 0xf8, 0 /* xabort $0 */ + int3 +1: + ret + + .size clear_bhb_tsx, . - clear_bhb_tsx + .type clear_bhb_tsx, @function + +/* + * Clear the Branch History Buffer using the software sequence. + * + * Clobbers: %eax, %ecx + * + * This executes a specific number of taken branches, sufficient to displace + * all prior entries in the history tracker, therefore removing prior + * influence on subsequent BTB lookups. + * + * Structurally, it looks like this: + * + * call 1 + * call 2 + * ... 5x jmp loop + * call 2 + * ... 5x jmp loop + * ... 5x call2's deep + * + * ret + * ret + * ret + * ret + * + * The CALL/RETs are necessary to prevent the Loop Stream Detector from + * interfering. The alignment is for performance and not safety. + * + * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire + * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + */ +ENTRY(clear_bhb_loops) + mov $5, %ecx + + call 1f + jmp 5f + int3 + + .align 64 +1: call 2f + ret + int3 + + .align 64 +2: mov $5, %eax + +3: jmp 4f + int3 + +4: sub $1, %eax + jnz 3b + + sub $1, %ecx + jnz 1b + + ret +5: + /* + * The Intel sequence has an LFENCE here. The purpose is to ensure + * that all prior branches have executed, before dispatching a + * subsequent indirect branch. + * + * Xen's SPEC_CTRL_ENTRY_* blocks have safety LFENCEs at the end when + * protections are active, which suffices for this purpose. + */ + + ret + + .size clear_bhb_loops, . - clear_bhb_loops + .type clear_bhb_loops, @function diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 9250eb1839..1092d1918c 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -57,6 +57,18 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, CPUINFO_scf(%rsp) + jz .L_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index a6b8af1296..b24d535080 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -181,6 +181,9 @@ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) +#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ + boot_cpu_has(X86_SPEC_BHB_LOOPS)) + enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 6422c66b0f..bada8912e0 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -56,5 +56,8 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ #define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ +#define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ +#define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 617209202b..4439a1b243 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -36,6 +36,7 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_entry_bhb (1 << 6) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -54,7 +55,7 @@ * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb | SCF_entry_bhb) #ifndef __ASSEMBLY__ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index d232172159..1d7c4f4a68 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -285,6 +285,17 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm @@ -323,6 +334,13 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm @@ -423,6 +441,18 @@ .L\@_skip_msr_spec_ctrl: + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + lfence .endm diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 085e37525d..546199fabe 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2194,38 +2194,43 @@ void __init init_speculation_mitigations(void) /* * SPEC_CTRL_ENTRY_FROM_PV conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we're not using any prior conditional mitigation, - * then it's safe to drop the LFENCE. + * Otherwise, DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we do have it, or we're not using any + * prior conditional block, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); /* * SPEC_CTRL_ENTRY_FROM_INTR conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we have no protections active in the block that - * is skipped when interrupting guest context, then it's safe to drop - * the LFENCE. + * Otherwise DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we have it, or we have no protections + * active in the block that is skipped when interrupting guest + * context, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && - !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); /* * SPEC_CTRL_ENTRY_FROM_VMX conditional safety * - * Currently there are no safety actions with conditional branches, so - * no need for the extra safety LFENCE. + * A BHB sequence, if used, is the only conditional action, so if we + * don't have it, we don't need the safety LFENCE. */ - setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + if ( !cpu_has_bhb_seq ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:25:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:25:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702727.1098102 (Exim 4.92) (envelope-from ) id 1ruFEI-0006Px-AB; Tue, 09 Apr 2024 17:25:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702727.1098102; Tue, 09 Apr 2024 17:25:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEI-0006Pq-6z; Tue, 09 Apr 2024 17:25:54 +0000 Received: by outflank-mailman (input) for mailman id 702727; Tue, 09 Apr 2024 17:25:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEH-0006Pd-8X for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEH-0005lt-7i for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFEH-0007HH-74 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:25:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CBTfVhc4mBgh1q+N+OjfTiyEvLTEDp7GzxSNurLVThI=; b=N0wD17GT2cKCRUdzu1Ql5mAr0v rhl/mUlYI8q0Kuhbg14MPGos6+FHB28cNajRnjC3ni0rf+LpYHj7H1tuIphYX4jIYPZhYMpACwMA/ /T0ieetw0tl/E/rAybF0q2CRaFpO5oxcUvDI6TFPpfodfTUCWQXoZ0e0+Q5TV6K9EhCk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Wire up the Native-BHI software sequences Message-Id: Date: Tue, 09 Apr 2024 17:25:53 +0000 commit eab897caca018c126f925247e4c9fd4aac54afdb Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Wire up the Native-BHI software sequences In the absence of BHI_DIS_S, mitigating Native-BHI requires the use of a software sequence. Introduce a new bhb-seq= option to select between avaialble sequences and bhb-entry= to control the per-PV/HVM actions like we have for other blocks. Activate the short sequence by default for PV and HVM guests on affected hardware if BHI_DIS_S isn't present. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 689ad48ce9cf4c38297cd126e7e003a1c13a3b9d) --- docs/misc/xen-command-line.pandoc | 25 +++++-- xen/arch/x86/spec_ctrl.c | 145 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 157 insertions(+), 13 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 0b0abf8983..0bd0588097 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2324,8 +2324,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, > bhi-dis-s}= ]` @@ -2350,10 +2351,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=` and `ibpb-entry=` options -offer fine grained control over the primitives by Xen. These impact Xen's -ability to protect itself, and/or Xen's ability to virtualise support for -guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=`, `ibpb-entry=` and `bhb-entry=` +options offer fine grained control over the primitives by Xen. These impact +Xen's ability to protect itself, and/or Xen's ability to virtualise support +for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2379,6 +2380,12 @@ guests to use. Return Stack Overflow if appropriate microcode has been loaded, but for performance reasons dom0 is unprotected by default. If it is necessary to protect dom0 too, boot with `spec-ctrl=ibpb-entry`. +* `bhb-entry=` offers control over whether BHB-clearing (Branch History + Buffer) sequences are used on entry to Xen. This is used by default on + hardware vulnerable to Branch History Injection, when the BHI_DIS_S control + is not available (see `bhi-dis-s`). The choice of scrubbing sequence can be + selected using the `bhb-seq=` option. If it is necessary to protect dom0 + too, boot with `spec-ctrl=bhb-entry`. If Xen was compiled with `CONFIG_INDIRECT_THUNK` support, `bti-thunk=` can be used to select which of the thunks gets patched into the @@ -2386,6 +2393,12 @@ used to select which of the thunks gets patched into the (generally preferred), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and `lfence` (an `lfence; jmp *%reg` gadget). +On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing +sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` +options in order to mitigate Branch History Injection on affected hardware. +The default sequence is `short`, with `tsx` as an alternative available +capable hardware that can be opted in to. + On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. If Xen is not using IBRS itself, functionality is still set up so IBRS can be diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 546199fabe..b53e9c4e7a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -45,6 +45,16 @@ static int8_t __ro_after_init opt_ibpb_entry_pv = -1; static int8_t __ro_after_init opt_ibpb_entry_hvm = -1; static bool __ro_after_init opt_ibpb_entry_dom0; +static int8_t __ro_after_init opt_bhb_entry_pv = -1; +static int8_t __ro_after_init opt_bhb_entry_hvm = -1; +static bool __ro_after_init opt_bhb_entry_dom0; +static enum bhb_thunk { + BHB_DEFAULT, + BHB_NONE, + BHB_TSX, + BHB_SHORT, +} opt_bhb_seq __initdata; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -128,8 +138,12 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ibpb_entry_pv = 0; opt_ibpb_entry_hvm = 0; opt_ibpb_entry_dom0 = false; + opt_bhb_entry_pv = 0; + opt_bhb_entry_hvm = 0; + opt_bhb_entry_dom0 = false; opt_thunk = THUNK_JMP; + opt_bhb_seq = BHB_NONE; opt_ibrs = 0; opt_ibpb_ctxt_switch = false; opt_ssbd = false; @@ -158,6 +172,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_pv = val; opt_verw_pv = val; opt_ibpb_entry_pv = val; + opt_bhb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { @@ -165,6 +180,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_verw_hvm = val; opt_ibpb_entry_hvm = val; + opt_bhb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -252,6 +268,28 @@ static int __init cf_check parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("bhb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_bhb_entry_pv = opt_bhb_entry_hvm = + opt_bhb_entry_dom0 = val; + break; + + case -2: + s += strlen("bhb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_bhb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_bhb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -272,6 +310,19 @@ static int __init cf_check parse_spec_ctrl(const char *s) else rc = -EINVAL; } + else if ( !strncmp(s, "bhb-seq=", 8) ) + { + s += strlen("bhb-seq="); + + if ( !cmdline_strcmp(s, "none") ) + opt_bhb_seq = BHB_NONE; + else if ( !cmdline_strcmp(s, "tsx") ) + opt_bhb_seq = BHB_TSX; + else if ( !cmdline_strcmp(s, "short") ) + opt_bhb_seq = BHB_SHORT; + else + rc = -EINVAL; + } /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) @@ -539,12 +590,16 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%s%s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : thunk == THUNK_LFENCE ? "LFENCE, " : thunk == THUNK_JMP ? "JMP, " : "?, ", + opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", + opt_bhb_seq == BHB_NONE ? "" : + opt_bhb_seq == BHB_TSX ? "TSX, " : + opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -583,11 +638,11 @@ static void __init print_details(enum ind_thunk thunk) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - amd_virt_spec_ctrl || + cpu_has_bhb_seq || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -595,20 +650,23 @@ static void __init print_details(enum ind_thunk thunk) boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -1616,16 +1674,85 @@ static void __init gds_calculations(void) /* * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html */ +static bool __init cpu_has_bug_bhi(void) +{ + /* BHI is only known to affect Intel Family 6 processors at this time. */ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return false; + + if ( boot_cpu_has(X86_FEATURE_BHI_NO) ) + return false; + + if ( cpu_has_hypervisor ) + return true; /* TODO: how to figure out out if we're really eIBRS levelled out? */ + + return cpu_has_eibrs; +} + static void __init bhi_calculations(void) { + bool has_bhi = cpu_has_bug_bhi(); + + /* + * To mitigate BHI, we want to use BHI_DIS_S wherever possible, or the + * short sequence otherwise. Other forms are available on request. + * + * We are repsonsbile for performing default-conversion on opt_bhi_dis_s + * and opt_bhb_seq, irrespective of succeptibility to BHI. + */ + if ( opt_bhi_dis_s == -1 ) - opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + opt_bhi_dis_s = has_bhi; if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) opt_bhi_dis_s = false; if ( opt_bhi_dis_s ) default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; + + if ( opt_bhb_seq == BHB_DEFAULT ) + { + /* + * If we're using BHI_DIS_S, or we're not succeptable, don't activate + * the thunks. + */ + if ( !has_bhi || opt_bhi_dis_s ) + opt_bhb_seq = BHB_NONE; + else + opt_bhb_seq = BHB_SHORT; + } + + /* + * We can use the TSX even if it's disabled for e.g. TAA reasons. + * However, fall back to the loop sequence if there is no trace of RTM at + * all, as XBEGIN will #UD. + */ + if ( opt_bhb_seq == BHB_TSX && !cpu_has_rtm && !cpu_has_rtm_always_abort && + !cpu_has_tsx_force_abort ) + opt_bhb_seq = BHB_SHORT; + + /* + * Only activate SCF_entry_bhb by for guests if a sequence is in place. + */ + if ( opt_bhb_entry_pv == -1 ) + opt_bhb_entry_pv = has_bhi && opt_bhb_seq != BHB_NONE; + if ( opt_bhb_entry_hvm == -1 ) + opt_bhb_entry_hvm = has_bhi && opt_bhb_seq != BHB_NONE; + + switch ( opt_bhb_seq ) + { + case BHB_SHORT: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); + break; + + case BHB_TSX: + setup_force_cpu_cap(X86_SPEC_BHB_TSX); + break; + + default: + break; + } } void spec_ctrl_init_domain(struct domain *d) @@ -1638,9 +1765,13 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); + bool bhb = ((pv ? opt_bhb_entry_pv : opt_bhb_entry_hvm) && + (d->domain_id != 0 || opt_bhb_entry_dom0)); + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | + (bhb ? SCF_entry_bhb : 0) | 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:26:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:26:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702728.1098106 (Exim 4.92) (envelope-from ) id 1ruFES-0006TM-D3; Tue, 09 Apr 2024 17:26:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702728.1098106; Tue, 09 Apr 2024 17:26:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFES-0006TF-A6; Tue, 09 Apr 2024 17:26:04 +0000 Received: by outflank-mailman (input) for mailman id 702728; Tue, 09 Apr 2024 17:26:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFER-0006T0-BP for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFER-0005mE-Ai for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFER-0007IO-A1 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+xcJXfY5sxldfeGnB0w7kvWf0zsEXaG/Y7OesyXffQo=; b=pQW0qtkCmAv+4sw42ROnG5fn/F 5LJhjGBiiPiAd3iNJHc6xiABecMWXN8rrmMGGQZVK6W4SmAO4IE6WVg6f5tEPjSdigBZt7Amtp6gJ zPKq1LZeFAxG7kBHYuZUo44NbsK1+CK3QpGebF4gsheVnhCoES/V4r7V7k7nj2JEAdg0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec-ctrl: Support the "long" BHB loop sequence Message-Id: Date: Tue, 09 Apr 2024 17:26:03 +0000 commit 60859cc99033beb84da035fb1664ce6e9b698bc6 Author: Andrew Cooper AuthorDate: Fri Mar 22 19:29:34 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Support the "long" BHB loop sequence Out of an abudnance of caution, implement the long loop too, and allowing for it to be opted in to. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit d5887c0decbd90e798b24ed696628645b04632fb) --- docs/misc/xen-command-line.pandoc | 4 ++-- xen/arch/x86/bhb-thunk.S | 8 ++++++-- xen/arch/x86/include/asm/cpufeatures.h | 1 + xen/arch/x86/spec_ctrl.c | 10 +++++++++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 0bd0588097..fba5a8221b 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2325,7 +2325,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, > {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx|long, > {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, @@ -2397,7 +2397,7 @@ On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` options in order to mitigate Branch History Injection on affected hardware. The default sequence is `short`, with `tsx` as an alternative available -capable hardware that can be opted in to. +capable hardware, and `long` that can be opted in to. On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S index f52cfb9bc2..7e866784f7 100644 --- a/xen/arch/x86/bhb-thunk.S +++ b/xen/arch/x86/bhb-thunk.S @@ -56,9 +56,13 @@ ENTRY(clear_bhb_tsx) * * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + * + * The "long" sequence (12 and 7) is for Alder Lake / Sapphire Rapids + * (i.e. Golden Cove and/or Gracemont cores). However, such CPUs are expected + * to use BHI_DIS_S in preference. */ ENTRY(clear_bhb_loops) - mov $5, %ecx + ALTERNATIVE "mov $5, %ecx", "mov $12, %ecx", X86_SPEC_BHB_LOOPS_LONG call 1f jmp 5f @@ -70,7 +74,7 @@ ENTRY(clear_bhb_loops) int3 .align 64 -2: mov $5, %eax +2: ALTERNATIVE "mov $5, %eax", "mov $7, %eax", X86_SPEC_BHB_LOOPS_LONG 3: jmp 4f int3 diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index bada8912e0..ba3df174b7 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -58,6 +58,7 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ #define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ +#define X86_SPEC_BHB_LOOPS_LONG X86_BUG(21) /* Upgrade clear_bhb_loops to the "long" sequence. */ /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b53e9c4e7a..7697f9ad3f 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -53,6 +53,7 @@ static enum bhb_thunk { BHB_NONE, BHB_TSX, BHB_SHORT, + BHB_LONG, } opt_bhb_seq __initdata; /* Cmdline controls for Xen's speculative settings. */ @@ -320,6 +321,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_bhb_seq = BHB_TSX; else if ( !cmdline_strcmp(s, "short") ) opt_bhb_seq = BHB_SHORT; + else if ( !cmdline_strcmp(s, "long") ) + opt_bhb_seq = BHB_LONG; else rc = -EINVAL; } @@ -599,7 +602,8 @@ static void __init print_details(enum ind_thunk thunk) opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", opt_bhb_seq == BHB_NONE ? "" : opt_bhb_seq == BHB_TSX ? "TSX, " : - opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", + opt_bhb_seq == BHB_SHORT ? "SHORT, " : + opt_bhb_seq == BHB_LONG ? "LONG, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -1742,6 +1746,10 @@ static void __init bhi_calculations(void) switch ( opt_bhb_seq ) { + case BHB_LONG: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS_LONG); + fallthrough; + case BHB_SHORT: setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); break; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:26:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:26:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702729.1098110 (Exim 4.92) (envelope-from ) id 1ruFEc-0006X9-EU; Tue, 09 Apr 2024 17:26:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702729.1098110; Tue, 09 Apr 2024 17:26:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEc-0006X1-Bo; Tue, 09 Apr 2024 17:26:14 +0000 Received: by outflank-mailman (input) for mailman id 702729; Tue, 09 Apr 2024 17:26:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEb-0006Ws-EK for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEb-0005mR-DU for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFEb-0007In-Cm for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iRx1MrujkPicrI1RCCsCe+XA5s/ylHcoHdvfvCiELu4=; b=rjQjTYGac3K8T57IjuK5X7ggOw Y3OD6hpgo8dItblHIclqJZGF37eOlzTqbEivrnTiykqqbP05EL6m3hZMGZK1CpQhsJrL7ONUtyqW5 7SF4stxysi9vDaJs0/F/poA0lZD4Q5QaN/BMq61kHkoOhuCezIiKOKDjzsaj5cvGhhaM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] Update Xen version to 4.17.4 Message-Id: Date: Tue, 09 Apr 2024 17:26:13 +0000 commit ddc6fc980aca7b02fb7feeb9e737cb52249274d0 Author: Andrew Cooper AuthorDate: Wed Mar 27 18:23:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 Update Xen version to 4.17.4 Signed-off-by: Andrew Cooper --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index bac3684a36..6f9c407332 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -6,7 +6,7 @@ this-makefile := $(call lastword,$(MAKEFILE_LIST)) # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 17 -export XEN_EXTRAVERSION ?= .4-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .4$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:26:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:26:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702730.1098116 (Exim 4.92) (envelope-from ) id 1ruFEm-0006Za-Gs; Tue, 09 Apr 2024 17:26:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702730.1098116; Tue, 09 Apr 2024 17:26:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEm-0006ZS-DT; Tue, 09 Apr 2024 17:26:24 +0000 Received: by outflank-mailman (input) for mailman id 702730; Tue, 09 Apr 2024 17:26:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEl-0006ZF-Gv for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEl-0005mZ-G9 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFEl-0007JC-FW for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ktIAMrQaHHuAQXuab8+v9T8NgeCUftRLqM+7YPk1pZk=; b=yV6k2SjdfbtF3ZL+Z3a6eUok4+ h9bSFP/a5jqfsh4zxjMOjjKfTa+8qEzKnNGhZD9rnT4/EpwqPI1de1OTiZX1fJjmmQB2Mp0TyI8c2 mM7lEXM2cKRUERF3zQieXuKLMFtA+rAqDLWeuFvDDTomhZAEAqCCwjUOeN8wOOrnp4B0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] Release: Update CHANGELOG.md Message-Id: Date: Tue, 09 Apr 2024 17:26:23 +0000 commit d530627aaa9b6e03c7f911434bb342fca3d13300 Author: George Dunlap AuthorDate: Tue Apr 9 16:48:56 2024 +0100 Commit: George Dunlap CommitDate: Tue Apr 9 16:48:56 2024 +0100 Release: Update CHANGELOG.md Signed-off-by: George Dunlap --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 40bbe1d94f..c0018e17cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ Notable changes to Xen will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) +## [4.17.4](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.17.4) + ## [4.17.3](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.17.3) ### Changed -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:26:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:26:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702731.1098118 (Exim 4.92) (envelope-from ) id 1ruFEx-0006dX-Hq; Tue, 09 Apr 2024 17:26:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702731.1098118; Tue, 09 Apr 2024 17:26:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEx-0006dP-Et; Tue, 09 Apr 2024 17:26:35 +0000 Received: by outflank-mailman (input) for mailman id 702731; Tue, 09 Apr 2024 17:26:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEw-0006dH-4R for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFEw-0005mj-3m for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFEw-0007NG-34 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hFGEMsiB0+JCaNYeaITGqhYHIMzZHHQ1aZwifjozDFI=; b=ggewDU8D2k7Nig+ID8j+VXT/Mp LdOPhMWg4RNe12QWD0ZelMBCqs5xHPCBpS8Ipslz1FFxq0w2ssCF2wkBgAXU0gd7Didj7f1uN3V+w NTYbFWLnEqsPS6VvSj7Fdgnk9oj2h6Vj3zzFrycgXhDbfw/4Nb3xwTXBidVqYPh4R1AM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Fix BTC/SRSO mitigations Message-Id: Date: Tue, 09 Apr 2024 17:26:34 +0000 commit 28f5ceb0b19b13a7c0ebd125c587e469490ab872 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:47:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Fix BTC/SRSO mitigations We were looking for SCF_entry_ibpb in the wrong variable in the top-of-stack block, and xen_spec_ctrl won't have had bit 5 set because Xen doesn't understand SPEC_CTRL_RRSBA_DIS_U yet. This is XSA-455 / CVE-2024-31142. Fixes: 53a570b28569 ("x86/spec-ctrl: Support IBPB-on-entry") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index ad5ca50c12..d1ca530315 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 6e7725c11f..9416483c0b 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -102,7 +102,7 @@ jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) .endif jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:26:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:26:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702732.1098121 (Exim 4.92) (envelope-from ) id 1ruFF7-0006gE-Ir; Tue, 09 Apr 2024 17:26:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702732.1098121; Tue, 09 Apr 2024 17:26:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFF7-0006g8-GL; Tue, 09 Apr 2024 17:26:45 +0000 Received: by outflank-mailman (input) for mailman id 702732; Tue, 09 Apr 2024 17:26:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFF6-0006fu-7N for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFF6-0005n9-6j for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFF6-0007Nf-60 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Bsvmf2nHmmqtDgUWch5e6qpfipNWATFL9N29dy0DmxM=; b=2hDH83mqhk9sFAvsLt2xJeyun7 2zKLV4C9lGVSNJ2A/bARi/KTj28WxRs73EUIFNIF8J+b2UYhxktvxKk6eECiTTriGwzQtztBr6gDA AelQZVsfDYbk33D46gxhGK5I8mWnuSgcWl6qAIgjKMH8lOyW6vDExgQaL4aObcSnqlLo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Expose IPRED_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:26:44 +0000 commit c5d815f0dd830b24be8a088e286a166f79f8bb73 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:58 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Expose IPRED_CTRL to guests The CPUID feature bit signals the presence of the IPRED_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 4dd6760706848de30f7c8b5f83462b9bcb070c91) --- tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/msr.c | 6 ++++-- xen/include/asm-x86/msr-index.h | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 3 ++- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 0c792679e5..e59e17c722 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -212,7 +212,7 @@ static const char *const str_7d1[32] = static const char *const str_7d2[32] = { - [ 0] = "intel-psfd", + [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 22f86f2785..91b7402fba 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -306,8 +306,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) /* * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have - * separate CPUID features for this functionality, but only set will be - * active. + * separate CPUID features for some of this functionality, but only one + * vendors-worth will be active on a single host. */ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) { @@ -321,6 +321,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | (psfd ? SPEC_CTRL_PSFD : 0) | + (cp->feat.ipred_ctrl + ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index eb6295d8a7..cab836c88f 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -36,6 +36,8 @@ #define SPEC_CTRL_IBRS (_AC(1, ULL) << 0) #define SPEC_CTRL_STIBP (_AC(1, ULL) << 1) #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) +#define SPEC_CTRL_IPRED_DIS_U (_AC(1, ULL) << 3) +#define SPEC_CTRL_IPRED_DIS_S (_AC(1, ULL) << 4) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 7a9d8d05d3..96601c5c20 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -307,6 +307,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 3ad9263221..f68e3ff875 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -317,7 +317,8 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS], + IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, + IPRED_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:26:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:26:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702733.1098125 (Exim 4.92) (envelope-from ) id 1ruFFH-0006j7-KY; Tue, 09 Apr 2024 17:26:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702733.1098125; Tue, 09 Apr 2024 17:26:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFH-0006iz-Hq; Tue, 09 Apr 2024 17:26:55 +0000 Received: by outflank-mailman (input) for mailman id 702733; Tue, 09 Apr 2024 17:26:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFG-0006ir-AV for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFG-0005nH-9o for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFFG-0007O6-8u for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:26:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MOFlrLRLGgpC3wJCutN9N+GPpeuKvuXp9jokHqGQh44=; b=g5PboF6kCtqY33qy2r9e7p0psw VsQiwaS8mVAetpXSW0BhYS/7hRnAnc/OJUNPApbVHlSf/Lfkyj2Y6eELZ2zcfRwslmKlD3w49/JXV e7eBjKrRzMNcRCmFH9CE7PCqUDeVsGItCsUEaOwTmtYN50lVODR+v1jBgEhn60lQW+ts=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Expose RRSBA_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:26:54 +0000 commit 657f8b47577404071a619d84ad1dceb5f28f2025 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:59 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Expose RRSBA_CTRL to guests The CPUID feature bit signals the presence of the RRSBA_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 478e4787fa64b621061177a7843c452e9a19916d) --- tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 ++ xen/include/asm-x86/msr-index.h | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 5 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index e59e17c722..9b3378fca7 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -213,6 +213,7 @@ static const char *const str_7d1[32] = static const char *const str_7d2[32] = { [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", + [ 2] = "rrsba-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 91b7402fba..0000d4a4c2 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -323,6 +323,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) (psfd ? SPEC_CTRL_PSFD : 0) | (cp->feat.ipred_ctrl ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | + (cp->feat.rrsba_ctrl + ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index cab836c88f..2380d19558 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -38,6 +38,8 @@ #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) #define SPEC_CTRL_IPRED_DIS_U (_AC(1, ULL) << 3) #define SPEC_CTRL_IPRED_DIS_S (_AC(1, ULL) << 4) +#define SPEC_CTRL_RRSBA_DIS_U (_AC(1, ULL) << 5) +#define SPEC_CTRL_RRSBA_DIS_S (_AC(1, ULL) << 6) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 96601c5c20..f4563212d6 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -308,6 +308,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index f68e3ff875..a1742094a9 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -318,7 +318,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL], + IPRED_CTRL, RRSBA_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:27:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:27:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702734.1098130 (Exim 4.92) (envelope-from ) id 1ruFFR-0006mU-NE; Tue, 09 Apr 2024 17:27:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702734.1098130; Tue, 09 Apr 2024 17:27:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFR-0006mN-Kc; Tue, 09 Apr 2024 17:27:05 +0000 Received: by outflank-mailman (input) for mailman id 702734; Tue, 09 Apr 2024 17:27:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFQ-0006mD-Db for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFQ-0005nd-Co for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFFQ-0007QD-CA for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e0z6QPBvafwKtwKZhGVFR4SO2LQJW+MeN0wqcwu73iM=; b=jaRT71iidfkEoU3MLCBQ9K+RI8 /BUEWAYcOTTE7cEzGEE73+2BE2V7d4vEuli7rqL0P+PwP1TGJ/UjTqkYiIsAScMtEdufnL961TXZK Ue2MlePM+1fIwElfUWXpZooC7IXM/OUTHIyjz/RscsdQY2cTgvFECHiUJ00oSP0JLVeA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Expose BHI_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:27:04 +0000 commit 40d05ac943b8102ac32ee85912a89f9eaf46e850 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:14:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Expose BHI_CTRL to guests The CPUID feature bit signals the presence of the BHI_DIS_S control in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 583f1d0950529f3517b1741c2b21a028a82ba831) --- tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 1 + xen/include/asm-x86/msr-index.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 5 files changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 9b3378fca7..700870f2f9 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -214,6 +214,7 @@ static const char *const str_7d2[32] = { [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", [ 2] = "rrsba-ctrl", + [ 4] = "bhi-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 0000d4a4c2..4e67381d9a 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -325,6 +325,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | (cp->feat.rrsba_ctrl ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | + (cp->feat.bhi_ctrl ? SPEC_CTRL_BHI_DIS_S : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 2380d19558..75775452a3 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -41,6 +41,7 @@ #define SPEC_CTRL_RRSBA_DIS_U (_AC(1, ULL) << 5) #define SPEC_CTRL_RRSBA_DIS_S (_AC(1, ULL) << 6) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) +#define SPEC_CTRL_BHI_DIS_S (_AC(1, ULL) << 10) #define MSR_PRED_CMD 0x00000049 #define PRED_CMD_IBPB (_AC(1, ULL) << 0) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index f4563212d6..e440b1d07c 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -309,6 +309,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index a1742094a9..c4811ad319 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -318,7 +318,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL, RRSBA_CTRL], + IPRED_CTRL, RRSBA_CTRL, BHI_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:27:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:27:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702735.1098134 (Exim 4.92) (envelope-from ) id 1ruFFb-0006pJ-P6; Tue, 09 Apr 2024 17:27:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702735.1098134; Tue, 09 Apr 2024 17:27:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFb-0006pC-MH; Tue, 09 Apr 2024 17:27:15 +0000 Received: by outflank-mailman (input) for mailman id 702735; Tue, 09 Apr 2024 17:27:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFa-0006p1-Go for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFa-0005nn-G6 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFFa-0007Qt-FN for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VN0TvIjjEFnfRk6Y5sWxVkRJXD7ZgAFlg/m1Quy9miY=; b=m85xm931lmHv7dCj/89BTytDyF k/yTf/nG6vBy99CK51v7xqtlPuwa55dP2SPhPxPZXDNgj0FN5ZsW01IWMxGjSFJ8aTWKIPyyLEDi9 g/YFtreoCH0yF97MhOl6Lue6VejkUg/WM+CMc06iDGwjAp9e7X1SldoUGAWebgjMrY4U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] VMX: tertiary execution control infrastructure Message-Id: Date: Tue, 09 Apr 2024 17:27:14 +0000 commit 24178feda5e90085d34a5b2c70ff66c7671518d1 Author: Jan Beulich AuthorDate: Wed Feb 7 13:46:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 VMX: tertiary execution control infrastructure This is a prereq to enabling e.g. the MSRLIST feature. Note that the PROCBASED_CTLS3 MSR is different from other VMX feature reporting MSRs, in that all 64 bits report allowed 1-settings. vVMX code is left alone, though, for the time being. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 878159bf259bfbd7a40312829f1ea0ce1f6645e2) --- xen/arch/x86/hvm/vmx/vmcs.c | 57 ++++++++++++++++++++++++++++++++++---- xen/arch/x86/hvm/vmx/vmx.c | 6 ++++ xen/include/asm-x86/hvm/vmx/vmcs.h | 13 +++++++++ xen/include/asm-x86/hvm/vmx/vmx.h | 1 + xen/include/asm-x86/msr-index.h | 1 + 5 files changed, 72 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index c2a1d7280d..3402a65cec 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -173,6 +173,7 @@ static int parse_ept_param_runtime(const char *s) u32 vmx_pin_based_exec_control __read_mostly; u32 vmx_cpu_based_exec_control __read_mostly; u32 vmx_secondary_exec_control __read_mostly; +uint64_t vmx_tertiary_exec_control __read_mostly; u32 vmx_vmexit_control __read_mostly; u32 vmx_vmentry_control __read_mostly; u64 vmx_ept_vpid_cap __read_mostly; @@ -236,10 +237,32 @@ static u32 adjust_vmx_controls( return ctl; } -static bool_t cap_check(const char *name, u32 expected, u32 saw) +static uint64_t adjust_vmx_controls2( + const char *name, uint64_t ctl_min, uint64_t ctl_opt, unsigned int msr, + bool *mismatch) +{ + uint64_t vmx_msr, ctl = ctl_min | ctl_opt; + + rdmsrl(msr, vmx_msr); + + ctl &= vmx_msr; /* bit == 0 ==> must be zero */ + + /* Ensure minimum (required) set of control bits are supported. */ + if ( ctl_min & ~ctl ) + { + *mismatch = true; + printk("VMX: CPU%u has insufficient %s (%#lx; requires %#lx)\n", + smp_processor_id(), name, ctl, ctl_min); + } + + return ctl; +} + +static bool cap_check( + const char *name, unsigned long expected, unsigned long saw) { if ( saw != expected ) - printk("VMX %s: saw %#x expected %#x\n", name, saw, expected); + printk("VMX %s: saw %#lx expected %#lx\n", name, saw, expected); return saw != expected; } @@ -249,6 +272,7 @@ static int vmx_init_vmcs_config(bool bsp) u32 _vmx_pin_based_exec_control; u32 _vmx_cpu_based_exec_control; u32 _vmx_secondary_exec_control = 0; + uint64_t _vmx_tertiary_exec_control = 0; u64 _vmx_ept_vpid_cap = 0; u64 _vmx_misc_cap = 0; u32 _vmx_vmexit_control; @@ -282,7 +306,8 @@ static int vmx_init_vmcs_config(bool bsp) opt = (CPU_BASED_ACTIVATE_MSR_BITMAP | CPU_BASED_TPR_SHADOW | CPU_BASED_MONITOR_TRAP_FLAG | - CPU_BASED_ACTIVATE_SECONDARY_CONTROLS); + CPU_BASED_ACTIVATE_SECONDARY_CONTROLS | + CPU_BASED_ACTIVATE_TERTIARY_CONTROLS); _vmx_cpu_based_exec_control = adjust_vmx_controls( "CPU-Based Exec Control", min, opt, MSR_IA32_VMX_PROCBASED_CTLS, &mismatch); @@ -343,6 +368,15 @@ static int vmx_init_vmcs_config(bool bsp) MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); } + if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) + { + uint64_t opt = 0; + + _vmx_tertiary_exec_control = adjust_vmx_controls2( + "Tertiary Exec Control", 0, opt, + MSR_IA32_VMX_PROCBASED_CTLS3, &mismatch); + } + /* The IA32_VMX_EPT_VPID_CAP MSR exists only when EPT or VPID available */ if ( _vmx_secondary_exec_control & (SECONDARY_EXEC_ENABLE_EPT | SECONDARY_EXEC_ENABLE_VPID) ) @@ -473,6 +507,7 @@ static int vmx_init_vmcs_config(bool bsp) vmx_pin_based_exec_control = _vmx_pin_based_exec_control; vmx_cpu_based_exec_control = _vmx_cpu_based_exec_control; vmx_secondary_exec_control = _vmx_secondary_exec_control; + vmx_tertiary_exec_control = _vmx_tertiary_exec_control; vmx_ept_vpid_cap = _vmx_ept_vpid_cap; vmx_vmexit_control = _vmx_vmexit_control; vmx_vmentry_control = _vmx_vmentry_control; @@ -508,6 +543,9 @@ static int vmx_init_vmcs_config(bool bsp) mismatch |= cap_check( "Secondary Exec Control", vmx_secondary_exec_control, _vmx_secondary_exec_control); + mismatch |= cap_check( + "Tertiary Exec Control", + vmx_tertiary_exec_control, _vmx_tertiary_exec_control); mismatch |= cap_check( "VMExit Control", vmx_vmexit_control, _vmx_vmexit_control); @@ -1084,6 +1122,7 @@ static int construct_vmcs(struct vcpu *v) v->arch.hvm.vmx.exec_control |= CPU_BASED_RDTSC_EXITING; v->arch.hvm.vmx.secondary_exec_control = vmx_secondary_exec_control; + v->arch.hvm.vmx.tertiary_exec_control = vmx_tertiary_exec_control; /* * Disable features which we don't want active by default: @@ -1152,6 +1191,10 @@ static int construct_vmcs(struct vcpu *v) __vmwrite(SECONDARY_VM_EXEC_CONTROL, v->arch.hvm.vmx.secondary_exec_control); + if ( cpu_has_vmx_tertiary_exec_control ) + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); + /* MSR access bitmap. */ if ( cpu_has_vmx_msr_bitmap ) { @@ -2071,10 +2114,12 @@ void vmcs_dump_vcpu(struct vcpu *v) vmr(HOST_PERF_GLOBAL_CTRL)); printk("*** Control State ***\n"); - printk("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n", + printk("PinBased=%08x CPUBased=%08x\n", vmr32(PIN_BASED_VM_EXEC_CONTROL), - vmr32(CPU_BASED_VM_EXEC_CONTROL), - vmr32(SECONDARY_VM_EXEC_CONTROL)); + vmr32(CPU_BASED_VM_EXEC_CONTROL)); + printk("SecondaryExec=%08x TertiaryExec=%016lx\n", + vmr32(SECONDARY_VM_EXEC_CONTROL), + vmr(TERTIARY_VM_EXEC_CONTROL)); printk("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl, vmexit_ctl); printk("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n", vmr32(EXCEPTION_BITMAP), diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 54cb0553c2..2cbed4b21e 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -723,6 +723,12 @@ void vmx_update_secondary_exec_control(struct vcpu *v) v->arch.hvm.vmx.secondary_exec_control); } +void vmx_update_tertiary_exec_control(const struct vcpu *v) +{ + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); +} + void vmx_update_exception_bitmap(struct vcpu *v) { u32 bitmap = unlikely(v->arch.hvm.vmx.vmx_realmode) diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 8073af323b..9b246b802b 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -125,6 +125,7 @@ struct vmx_vcpu { /* Cache of cpu execution control. */ u32 exec_control; u32 secondary_exec_control; + uint64_t tertiary_exec_control; u32 exception_bitmap; uint64_t shadow_gs; @@ -207,6 +208,7 @@ void vmx_vmcs_reload(struct vcpu *v); #define CPU_BASED_RDTSC_EXITING 0x00001000 #define CPU_BASED_CR3_LOAD_EXITING 0x00008000 #define CPU_BASED_CR3_STORE_EXITING 0x00010000 +#define CPU_BASED_ACTIVATE_TERTIARY_CONTROLS 0x00020000 #define CPU_BASED_CR8_LOAD_EXITING 0x00080000 #define CPU_BASED_CR8_STORE_EXITING 0x00100000 #define CPU_BASED_TPR_SHADOW 0x00200000 @@ -269,6 +271,14 @@ extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_TSC_SCALING 0x02000000 extern u32 vmx_secondary_exec_control; +#define TERTIARY_EXEC_LOADIWKEY_EXITING BIT(0, UL) +#define TERTIARY_EXEC_ENABLE_HLAT BIT(1, UL) +#define TERTIARY_EXEC_EPT_PAGING_WRITE BIT(2, UL) +#define TERTIARY_EXEC_GUEST_PAGING_VERIFY BIT(3, UL) +#define TERTIARY_EXEC_IPI_VIRT BIT(4, UL) +#define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) +extern uint64_t vmx_tertiary_exec_control; + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -304,6 +314,8 @@ extern u64 vmx_ept_vpid_cap; (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_MSR_BITMAP) #define cpu_has_vmx_secondary_exec_control \ (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) +#define cpu_has_vmx_tertiary_exec_control \ + (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS) #define cpu_has_vmx_ept \ (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) #define cpu_has_vmx_dt_exiting \ @@ -423,6 +435,7 @@ enum vmcs_field { VIRT_EXCEPTION_INFO = 0x0000202a, XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, + TERTIARY_VM_EXEC_CONTROL = 0x00002034, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h index 85530d2e0e..5053cdb2c2 100644 --- a/xen/include/asm-x86/hvm/vmx/vmx.h +++ b/xen/include/asm-x86/hvm/vmx/vmx.h @@ -102,6 +102,7 @@ void vmx_update_debug_state(struct vcpu *v); void vmx_update_exception_bitmap(struct vcpu *v); void vmx_update_cpu_exec_control(struct vcpu *v); void vmx_update_secondary_exec_control(struct vcpu *v); +void vmx_update_tertiary_exec_control(const struct vcpu *v); #define POSTED_INTR_ON 0 #define POSTED_INTR_SN 1 diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 75775452a3..9e3291b198 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -317,6 +317,7 @@ #define MSR_IA32_VMX_TRUE_EXIT_CTLS 0x48f #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 #define MSR_IA32_VMX_VMFUNC 0x491 +#define MSR_IA32_VMX_PROCBASED_CTLS3 0x492 /* K7/K8 MSRs. Not complete. See the architecture manual for a more complete list. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:27:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:27:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702736.1098138 (Exim 4.92) (envelope-from ) id 1ruFFl-0006tL-Qu; Tue, 09 Apr 2024 17:27:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702736.1098138; Tue, 09 Apr 2024 17:27:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFl-0006tD-O2; Tue, 09 Apr 2024 17:27:25 +0000 Received: by outflank-mailman (input) for mailman id 702736; Tue, 09 Apr 2024 17:27:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFk-0006sz-Jd for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFk-0005ny-Iw for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFFk-0007RI-IA for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2nfrj/CmYaJ91NPgWQCbarGJDGg9KPiEhvDRdSPEr4g=; b=RwWlf9L4V+HPc7l7r+gu+CcqCP NTOo+1o1ZcVSaazAitJOTW3vespkGbnU80i5VEbAl9qD08mVVBSLFGP2Es0hSDb45n8qiKoTF/u9W BFe4PzR5vyHFAEST9Fz+JfwvRJFKfluEcpTwRS/ZbCAIUYnxZs3gLIIJVG4ues+S9BKY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch Message-Id: Date: Tue, 09 Apr 2024 17:27:24 +0000 commit 681edf55641513b789adea6fe219c9b75634f659 Author: Andrew Cooper AuthorDate: Wed Apr 3 17:43:42 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch It turns out there is something wonky on some but not all CPUs with MSR_TSX_FORCE_ABORT. The presence of RTM_ALWAYS_ABORT causes Xen to think it's safe to offer HLE/RTM to guests, but in this case, XBEGIN instructions genuinely #UD. Spot this case and try to back out as cleanly as we can. Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich (cherry picked from commit b33f191e3ca99458fdcea1cb5a29dfa4965d1604) --- xen/arch/x86/tsx.c | 55 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 287812ec2b..2eb797e352 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -1,5 +1,6 @@ #include #include +#include #include /* @@ -9,6 +10,7 @@ * -1 => Default, altered to 0/1 (if unspecified) by: * - TAA heuristics/settings for speculative safety * - "TSX vs PCR3" select for TSX memory ordering safety + * -2 => Implicit tsx=0 (from RTM_ALWAYS_ABORT vs RTM mismatch) * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) * * This is arranged such that the bottom bit encodes whether TSX is actually @@ -122,11 +124,50 @@ void tsx_init(void) if ( cpu_has_tsx_force_abort ) { + uint64_t val; + /* - * On an early TSX-enable Skylake part subject to the memory + * On an early TSX-enabled Skylake part subject to the memory * ordering erratum, with at least the March 2019 microcode. */ + rdmsrl(MSR_TSX_FORCE_ABORT, val); + + /* + * At the time of writing (April 2024), it was discovered that + * some parts (e.g. CoffeeLake 8th Gen, 06-9e-0a, ucode 0xf6) + * advertise RTM_ALWAYS_ABORT, but XBEGIN instructions #UD. Other + * similar parts (e.g. KabyLake Xeon-E3, 06-9e-09, ucode 0xf8) + * operate as expected. + * + * In this case: + * - RTM_ALWAYS_ABORT and MSR_TSX_FORCE_ABORT are enumerated. + * - XBEGIN instructions genuinely #UD. + * - MSR_TSX_FORCE_ABORT appears to be write-discard and fails to + * hold its value. + * - HLE and RTM are not enumerated, despite + * MSR_TSX_FORCE_ABORT.TSX_CPUID_CLEAR being clear. + * + * Spot RTM being unavailable without CLEAR_CPUID being set, and + * treat it as if no TSX is available at all. This will prevent + * Xen from thinking it's safe to offer HLE/RTM to VMs. + */ + if ( val == 0 && cpu_has_rtm_always_abort && !cpu_has_rtm ) + { + printk(XENLOG_ERR + "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RTM_ALWAYS_ABORT vs RTM mismatch\n", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_mask, this_cpu(cpu_sig).rev); + + setup_clear_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + setup_clear_cpu_cap(X86_FEATURE_TSX_FORCE_ABORT); + + if ( opt_tsx < 0 ) + opt_tsx = -2; + + goto done_probe; + } + /* * Probe for the June 2021 microcode which de-features TSX on * client parts. (Note - this is a subset of parts impacted by @@ -136,15 +177,8 @@ void tsx_init(void) * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. */ - if ( !has_rtm_always_abort ) - { - uint64_t val; - - rdmsrl(MSR_TSX_FORCE_ABORT, val); - - if ( val & TSX_ENABLE_RTM ) - has_rtm_always_abort = true; - } + if ( val & TSX_ENABLE_RTM ) + has_rtm_always_abort = true; /* * If no explicit tsx= option is provided, pick a default. @@ -199,6 +233,7 @@ void tsx_init(void) setup_force_cpu_cap(X86_FEATURE_RTM); } } + done_probe: /* * Note: MSR_TSX_CTRL is enumerated on TSX-enabled MDS_NO and later parts. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:27:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:27:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702737.1098142 (Exim 4.92) (envelope-from ) id 1ruFFv-0006wk-SB; Tue, 09 Apr 2024 17:27:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702737.1098142; Tue, 09 Apr 2024 17:27:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFv-0006wc-PX; Tue, 09 Apr 2024 17:27:35 +0000 Received: by outflank-mailman (input) for mailman id 702737; Tue, 09 Apr 2024 17:27:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFu-0006wW-MO for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFFu-0005o6-Lm for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFFu-0007Ri-Ky for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ztrQu84U9OgBDnRRAfZnE17NKHXTkZWjNUc5FJ63yrI=; b=Ov4B6ReCzyi9/CsFXTo2azoh35 CVuH72UrEE4w3bHxnlaIUgDqp+FLTHksIj+wEdYKDbnkneJTD7Ti0QDZxwaWiU4ZHev1iHLLeJ2tc spiqV3x+H23Epd1miTcKYzyvVST5pzkhbGV8PK8Wn7cBxcQcTrlUbQsVoxN2/ziheotY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] xen/wait: Remove indirect jump Message-Id: Date: Tue, 09 Apr 2024 17:27:34 +0000 commit 4682088e8f884d92eaec70409408b66b49b6d990 Author: Andrew Cooper AuthorDate: Fri Oct 22 16:07:07 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 xen/wait: Remove indirect jump There is no need for this to be an indirect jump at all. Execution always returns to a specific location, so use a direct jump instead. Use a named label for the jump. As both 1 and 2 have disappeared as labels, rename 3 to skip to better describe its purpose. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit f03567bd7e8efc0f667a67905862e6047babdb7a) --- xen/common/wait.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/xen/common/wait.c b/xen/common/wait.c index 24716e7676..9276d76464 100644 --- a/xen/common/wait.c +++ b/xen/common/wait.c @@ -144,18 +144,16 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) "push %%r8; push %%r9; push %%r10; push %%r11;" "push %%r12; push %%r13; push %%r14; push %%r15;" - "call 1f;" - "1: addq $2f-1b,(%%rsp);" "sub %%esp,%%ecx;" "cmp %3,%%ecx;" - "ja 3f;" + "ja .L_skip;" "mov %%rsp,%%rsi;" /* check_wakeup_from_wait() longjmp()'s to this point. */ - "2: rep movsb;" + ".L_wq_resume: rep movsb;" "mov %%rsp,%%rsi;" - "3: pop %%rax;" + ".L_skip:" "pop %%r15; pop %%r14; pop %%r13; pop %%r12;" "pop %%r11; pop %%r10; pop %%r9; pop %%r8;" "pop %%rbp; pop %%rdx; pop %%rbx; pop %%rax" @@ -204,15 +202,14 @@ void check_wakeup_from_wait(void) } /* - * Hand-rolled longjmp(). Returns to the pointer on the top of - * wqv->stack, and lands on a `rep movs` instruction. All other GPRs are - * restored from the stack, so are available for use here. + * Hand-rolled longjmp(). Returns to __prepare_to_wait(), and lands on a + * `rep movs` instruction. All other GPRs are restored from the stack, so + * are available for use here. */ asm volatile ( - "mov %1,%%"__OP"sp; INDIRECT_JMP %[ip]" + "mov %1,%%"__OP"sp; jmp .L_wq_resume;" : : "S" (wqv->stack), "D" (wqv->esp), - "c" ((char *)get_cpu_info() - (char *)wqv->esp), - [ip] "r" (*(unsigned long *)wqv->stack) + "c" ((char *)get_cpu_info() - (char *)wqv->esp) : "memory" ); unreachable(); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:27:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:27:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702738.1098145 (Exim 4.92) (envelope-from ) id 1ruFG5-00070K-VA; Tue, 09 Apr 2024 17:27:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702738.1098145; Tue, 09 Apr 2024 17:27:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFG5-00070D-SM; Tue, 09 Apr 2024 17:27:45 +0000 Received: by outflank-mailman (input) for mailman id 702738; Tue, 09 Apr 2024 17:27:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFG4-0006zp-P6 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFG4-0005oW-OU for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFG4-0007S8-Nr for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0zI29hCd9DcXTiUuTgXi7krmw/xhuWqFRFitoAB+NYs=; b=OU356xZH+dI3k2Cu7ccPkVMp8J 6Lqp1cCGqwwn91CyS+jmOGC+awRrJ3z4D8u9ogGDQrGCGde0CeftlObvDrw4epzwrBV85MaUfqzSc M+MEMTyUhHWAbEPC1q00r+iAsG4XFI+3LHrmGlUDMoSm53SyfMOs1XKXTd2m0VCDzOX4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests Message-Id: Date: Tue, 09 Apr 2024 17:27:44 +0000 commit 3e2504256174495cec7fc2288bc7619ae162b699 Author: Andrew Cooper AuthorDate: Tue Apr 9 15:03:05 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests All of these are prediction-mode (i.e. CPL) based. They don't operate as advertised in PV context. Fixes: 4dd676070684 ("x86/spec-ctrl: Expose IPRED_CTRL to guests") Fixes: 478e4787fa64 ("x86/spec-ctrl: Expose RRSBA_CTRL to guests") Fixes: 583f1d095052 ("x86/spec-ctrl: Expose BHI_CTRL to guests") Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 4b3da946ad7e3452761478ae683da842e7ff20d6) --- xen/include/public/arch-x86/cpufeatureset.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index e440b1d07c..5a694e040d 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -307,9 +307,9 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*S MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*S MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*S MSR_SPEC_CTRL.BHI_DIS_S */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:27:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:27:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702739.1098149 (Exim 4.92) (envelope-from ) id 1ruFGG-00074P-04; Tue, 09 Apr 2024 17:27:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702739.1098149; Tue, 09 Apr 2024 17:27:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGF-00074I-Tm; Tue, 09 Apr 2024 17:27:55 +0000 Received: by outflank-mailman (input) for mailman id 702739; Tue, 09 Apr 2024 17:27:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGE-000749-Rz for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGE-0005od-RE for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFGE-0007Sz-QW for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:27:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5a9AuMOeZzSHK0IGclDXT+9ggF3UgB1WRkE8tkhxOeE=; b=6IL7OAyNnaL3/+On4AzcCMM+Nb Db7CL83WNCNZZunxCKaWnvPklrq17aIIzXeBrfIkFB36sGp0gmwRGR6x76mrNT+KQ24dpEgQGn2+6 W+xRvHFMjTpj0aaOzLUslzd/qH9fNRmnwguV+htYTHjhM/RrZk2n1ZCtNpcVZto5ilow=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional Message-Id: Date: Tue, 09 Apr 2024 17:27:54 +0000 commit 7db6066d2c4e9facc5095f0681b16bf15ca3a597 Author: Andrew Cooper AuthorDate: Mon Jul 18 14:15:08 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional The logic was written this way out of an abundance of caution, but the reality is that AMD parts don't currently have the RAS-flushing side effect, nor do they intend to gain it. This removes one WRMSR from the VMExit path by default on Zen2 systems. Fixes: 614cec7d79d7 ("x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c16a9eda77b2089206d5bc39ab6488c3793e11bf) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index d1ca530315..1974eaff97 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -114,15 +114,15 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl - /* - * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] - * flushing side effect. - */ - mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:28:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:28:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702740.1098155 (Exim 4.92) (envelope-from ) id 1ruFGQ-000791-2R; Tue, 09 Apr 2024 17:28:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702740.1098155; Tue, 09 Apr 2024 17:28:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGP-00078t-VH; Tue, 09 Apr 2024 17:28:05 +0000 Received: by outflank-mailman (input) for mailman id 702740; Tue, 09 Apr 2024 17:28:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGO-00078H-VP for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGO-0005ox-Ue for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFGO-0007Tw-Tu for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NM/VohDqxZuqyyhQ9pSQ/hhLpg8T/uOPC5HuF76r6L0=; b=ln2uKKE5q4dinzKXlvbcg2KjgQ Kiwcyd9pgjay8z7pCL/h/ibsJJ8P9Q4xiaT5yTDitsI994aTmO8fTcJblhpZzdMWhR7oWJ0rjdUxl ZydEh0yEjgMHp8TiM1qA30e/oHSk4WHmGVvc5v1kWSa/ooSukn0LHPoniGmLj6DBGaE0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Rename spec_ctrl_flags to scf Message-Id: Date: Tue, 09 Apr 2024 17:28:04 +0000 commit 72103ce234f6f147c20751ae86531ac9b4af921a Author: Andrew Cooper AuthorDate: Thu Mar 28 11:57:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Rename spec_ctrl_flags to scf XSA-455 was ultimately caused by having fields with too-similar names. Both {xen,last}_spec_ctrl are fields containing an architectural MSR_SPEC_CTRL value. The spec_ctrl_flags field contains Xen-internal flags. To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which is also the prefix of the constants used by the fields. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit c62673c4334b3372ebd4292a7ac8185357e7ea27) --- xen/arch/x86/acpi/power.c | 4 ++-- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/setup.c | 2 +- xen/arch/x86/spec_ctrl.c | 18 +++++++++--------- xen/arch/x86/x86_64/asm-offsets.c | 2 +- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 2 +- xen/include/asm-x86/current.h | 2 +- xen/include/asm-x86/domain.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 16 ++++++++-------- xen/include/asm-x86/spec_ctrl_asm.h | 22 +++++++++++----------- 14 files changed, 44 insertions(+), 44 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 1a7baeebe6..4d6650f407 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,7 @@ static int enter_state(u32 state) ci = get_cpu_info(); /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_IST_MASK; + ci->scf &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,7 +290,7 @@ static int enter_state(u32 state) panic("Missing previously available feature(s)\n"); /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); + ci->scf |= (default_scf & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index d5101ff1a6..440f518328 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2092,10 +2092,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the new spec_ctrl settings. */ - info->spec_ctrl_flags = - (info->spec_ctrl_flags & ~SCF_DOM_MASK) | - (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); + /* Update the top-of-stack block with the new speculation settings. */ + info->scf = + (info->scf & ~SCF_DOM_MASK) | + (nextd->arch.scf & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 1974eaff97..73c35bc27d 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index cdde76e138..4ee529c57a 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -111,7 +111,7 @@ UNLIKELY_END(realmode) BUILD_BUG_ON(SCF_verw & ~0xff) movzbl VCPU_vmx_launched(%rbx), %ecx shl $31, %ecx - movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax + movzbl CPUINFO_scf(%rsp), %eax and $SCF_verw, %eax or %eax, %ecx diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 3402a65cec..c5ef01f936 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1388,7 +1388,7 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); - if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + if ( !rc && (d->arch.scf & SCF_entry_ibpb) ) rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, VMX_MSR_HOST); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 5c72cd914a..d39056249e 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2032,7 +2032,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0a7af22a9b..68d505cab5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,7 @@ static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; uint8_t __read_mostly default_xen_spec_ctrl; -uint8_t __read_mostly default_spec_ctrl_flags; +uint8_t __read_mostly default_scf; paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; bool __read_mostly cpu_has_bug_l1tf; @@ -1081,7 +1081,7 @@ static void __init ibpb_calculations(void) * NMI/#MC, so can't interrupt Xen ahead of having already flushed the * BTB. */ - default_spec_ctrl_flags |= SCF_ist_ibpb; + default_scf |= SCF_ist_ibpb; } if ( opt_ibpb_entry_hvm ) setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); @@ -1582,7 +1582,7 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); - d->arch.spec_ctrl_flags = + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | 0; @@ -1687,7 +1687,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1698,7 +1698,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1828,7 +1828,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } /* @@ -1851,7 +1851,7 @@ void __init init_speculation_mitigations(void) * possible rogue RSB speculation. */ if ( !cpu_has_svm ) - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } srso_calculations(hw_smt_enabled); @@ -1864,7 +1864,7 @@ void __init init_speculation_mitigations(void) if ( opt_eager_fpu == -1 ) opt_eager_fpu = should_use_eager_fpu(); - /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ + /* (Re)init BSP state now that default_scf has been calculated. */ init_shadow_spec_ctrl_state(); /* @@ -2137,7 +2137,7 @@ void __init init_speculation_mitigations(void) { info->shadow_spec_ctrl = 0; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); } diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 4cd5938d7b..fba82d6436 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -154,7 +154,7 @@ void __dummy__(void) OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); - OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); + OFFSET(CPUINFO_scf, struct cpu_info, scf); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info)); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 3b2fbcd873..fab85eb733 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -164,8 +164,8 @@ ENTRY(compat_restore_all_guest) /* Account for ev/ec having already been popped off the stack. */ SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) + scf=STK_REL(CPUINFO_scf, CPUINFO_rip), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) .Lft0: iretq _ASM_PRE_EXTABLE(.Lft0, handle_exception) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 9b1fa9ed19..029b1efaac 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -683,7 +683,7 @@ UNLIKELY_END(exit_cr3) /* * When the CPU pushed this exception frame, it zero-extended eflags. * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of - * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs, + * scf and ver_sel above eflags, as we can't use any GPRs, * and we're at a random place on the stack, not in a CPUFINFO block. * * Account for ev/ec having already been popped off the stack. diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 8ea4aecc5e..138ad63165 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -57,7 +57,7 @@ struct cpu_info { unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; + uint8_t scf; /* SCF_* */ /* * The following field controls copying of the L4 page table of 64-bit diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index 92937d9d73..147604fce9 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -319,7 +319,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ + uint8_t scf; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index a431fea587..8fc350abe2 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -21,10 +21,10 @@ #define __X86_SPEC_CTRL_H__ /* - * Encoding of: - * cpuinfo.spec_ctrl_flags - * default_spec_ctrl_flags - * domain.spec_ctrl_flags + * Encoding of Xen's speculation control flags in: + * cpuinfo.scf + * default_scf + * domain.scf * * Live settings are in the top-of-stack block, because they need to be * accessable when XPTI is active. Some settings are fixed from boot, some @@ -94,7 +94,7 @@ extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; -extern uint8_t default_spec_ctrl_flags; +extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; @@ -114,7 +114,7 @@ static inline void init_shadow_spec_ctrl_state(void) info->shadow_spec_ctrl = 0; info->xen_spec_ctrl = default_xen_spec_ctrl; - info->spec_ctrl_flags = default_spec_ctrl_flags; + info->scf = default_scf; /* * For least latency, the VERW selector should be a writeable data @@ -138,7 +138,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) */ info->shadow_spec_ctrl = val; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); @@ -187,7 +187,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. */ - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9416483c0b..6e8b447fa5 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -51,7 +51,7 @@ * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow - * boolean in the per cpu spec_ctrl_flags. The synchronous use is: + * boolean in the per cpu scf. The synchronous use is: * * 1) Store guest value in shadow_spec_ctrl * 2) Set the use_shadow boolean @@ -98,11 +98,11 @@ * interrupting Xen. */ .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) .endif jz .L\@_skip @@ -177,8 +177,8 @@ #define STK_REL(field, top_of_stk) ((field) - (top_of_stk)) .macro SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) + scf=STK_REL(CPUINFO_scf, CPUINFO_error_code), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) /* * Requires \scf and \sel as %rsp-relative expressions * Clobbers eflags @@ -233,10 +233,10 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else - andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + andb $~SCF_use_shadow, CPUINFO_scf(%rsp) movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax .endif @@ -255,7 +255,7 @@ mov %eax, CPUINFO_shadow_spec_ctrl(%rsp) /* Set SPEC_CTRL shadowing *before* loading the guest value. */ - orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + orb $SCF_use_shadow, CPUINFO_scf(%rsp) mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx @@ -333,7 +333,7 @@ * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -358,7 +358,7 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx @@ -392,7 +392,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs * Clobbers %rax, %rbx, %rcx, %rdx */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx testb $SCF_ist_sc_msr, %bl jz .L\@_skip_sc_msr -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:28:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:28:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702741.1098158 (Exim 4.92) (envelope-from ) id 1ruFGb-0007HA-3M; Tue, 09 Apr 2024 17:28:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702741.1098158; Tue, 09 Apr 2024 17:28:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGb-0007H2-0V; Tue, 09 Apr 2024 17:28:17 +0000 Received: by outflank-mailman (input) for mailman id 702741; Tue, 09 Apr 2024 17:28:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGZ-0007GN-2E for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGZ-0005p4-1N for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFGZ-0007UO-0c for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ILsAERlm+0nPu4XkzOFrHyslgPC1tU63Khgae2F376E=; b=qsW0DFL1uuUOfrygu42muQkCYx 0DJS64/xZe5fHzl0miWwM1rahVzzOwfUigluOlHW0wQk2bWt4bkLL+B+e8IIMY5+wptEWxvR2+8gC lUGcRzAav3WmKB8KESfSRlUaSaeHgt8UMWeGMsC9XkBEWuErv1BqL3s7+Ql9h/Sxwsgw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Message-Id: Date: Tue, 09 Apr 2024 17:28:15 +0000 commit a8bb8926fd046cd7fa880a057b2675f33c1bfe77 Author: Andrew Cooper AuthorDate: Fri Mar 22 11:41:41 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Right now, we have a mix of safety strategies in different blocks, making the logic fragile and hard to follow. Start addressing this by having a safety LFENCE at the end of the blocks, which can be patched out if other safety criteria are met. This will allow us to simplify the sub-blocks. For SPEC_CTRL_ENTRY_FROM_IST, simply leave an LFENCE unconditionally at the end; the IST path is not a fast-path by any stretch of the imagination. For SPEC_CTRL_ENTRY_FROM_INTR, the existing description was incorrect. The IRET #GP path is non-fatal but can occur with the guest's choice of MSR_SPEC_CTRL. It is safe to skip the flush/barrier-like protections when interrupting Xen, but we must run DO_SPEC_CTRL_ENTRY irrespective. This will skip RSB stuffing which was previously unconditional even when interrupting Xen. AFAICT, this is a missing cleanup from commit 3fffaf9c13e9 ("x86/entry: Avoid using alternatives in NMI/#MC paths") where we split the IST entry path out of the main INTR entry path. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 94896de1a98c4289fe6fef9e16ef99fc6ef2efc4) --- xen/arch/x86/hvm/vmx/entry.S | 1 + xen/arch/x86/spec_ctrl.c | 52 +++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/cpufeatures.h | 4 +++ xen/include/asm-x86/spec_ctrl_asm.h | 27 ++++++++++--------- 4 files changed, 72 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 4ee529c57a..8d5b683879 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -43,6 +43,7 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 68d505cab5..695830fc25 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2113,6 +2113,58 @@ void __init init_speculation_mitigations(void) print_details(thunk); + /* + * With the alternative blocks now chosen, see if we need any other + * adjustments for safety. + * + * We compile the LFENCE in, and patch it out if it's not needed. + * + * Notes: + * - SPEC_CTRL_ENTRY_FROM_SVM doesn't need an LFENCE because it has an + * unconditional STGI. + * - SPEC_CTRL_ENTRY_FROM_IST handles its own safety, without the use of + * alternatives. + * - DO_OVERWRITE_RSB has conditional branches in it, but it's an inline + * sequence. It is considered safe for uarch reasons. + */ + { + /* + * SPEC_CTRL_ENTRY_FROM_PV conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we're not using any prior conditional mitigation, + * then it's safe to drop the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); + + /* + * SPEC_CTRL_ENTRY_FROM_INTR conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we have no protections active in the block that + * is skipped when interrupting guest context, then it's safe to drop + * the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); + + /* + * SPEC_CTRL_ENTRY_FROM_VMX conditional safety + * + * Currently there are no safety actions with conditional branches, so + * no need for the extra safety LFENCE. + */ + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + } + /* * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard * any firmware settings. For performance reasons, when safe to do so, we diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 7e8221fd85..6422c66b0f 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -52,5 +52,9 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_BUG_CLFLUSH_MFENCE X86_BUG( 2) /* MFENCE needed to serialise CLFLUSH */ #define X86_BUG_IBPB_NO_RET X86_BUG( 3) /* IBPB doesn't flush the RSB/RAS */ +#define X86_SPEC_NO_LFENCE_ENTRY_PV X86_BUG(16) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_PV. */ +#define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ +#define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 6e8b447fa5..d536a79f28 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -278,25 +278,37 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm /* * Used after an exception or maskable interrupt, hitting Xen or PV context. - * There will either be a guest speculation context, or (barring fatal - * exceptions) a well-formed Xen speculation context. + * There will either be a guest speculation context, or a well-formed Xen + * speculation context, with the exception of one case. IRET #GP handling may + * have a guest choice of MSR_SPEC_CTRL. + * + * Therefore, we can skip the flush/barrier-like protections when hitting Xen, + * but we must still run the mode-based protections. */ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rcx, %rdx */ + testb $3, UREGS_cs(%rsp) + jz .L\@_skip + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV +.L\@_skip: ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm /* @@ -365,18 +377,9 @@ movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr - /* Opencoded UNLIKELY_START() with no condition. */ -UNLIKELY_DISPATCH_LABEL(\@_serialise): - .subsection 1 - /* - * In the case that we might need to set SPEC_CTRL.IBRS for safety, we - * need to ensure that an attacker can't poison the `jz .L\@_skip_wrmsr` - * to speculate around the WRMSR. As a result, we need a dispatch - * serialising instruction in the else clause. - */ .L\@_skip_msr_spec_ctrl: + lfence - UNLIKELY_END(\@_serialise) .endm /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:28:27 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:28:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702742.1098162 (Exim 4.92) (envelope-from ) id 1ruFGl-0007Ke-75; Tue, 09 Apr 2024 17:28:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702742.1098162; Tue, 09 Apr 2024 17:28:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGl-0007KW-4D; Tue, 09 Apr 2024 17:28:27 +0000 Received: by outflank-mailman (input) for mailman id 702742; Tue, 09 Apr 2024 17:28:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGj-0007KJ-5D for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGj-0005pC-4S for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFGj-0007Uq-3e for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JXgMQQHhzUwqokPsnz7xM5VuQ8KKXqn0xqnjjwXkHuI=; b=U/OPEnEKiaM2huc8tQi9gSqTmf +ndUqKZrRUcdmWSBziXYPPHD4dQmW3G5i9XWgTtyiiQ01pxfm9dWQiEbwXThxVHlW/i8Cgb7O4Thb LkAxxu5kqvSPyuV/5u/J6hHToJ1uZGMvq4gYlieivkUJpq5W7joLqJmQwg2KrbZ6LCcs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Message-Id: Date: Tue, 09 Apr 2024 17:28:25 +0000 commit 7b56af4be474b6adcb4d9d1fc1fe92bf7eebcae5 Author: Andrew Cooper AuthorDate: Fri Mar 22 15:52:06 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Other SPEC_CTRL_* paths already use %r14 like this, and it will allow for simplifications. All instances of SPEC_CTRL_ENTRY_FROM_PV are followed by a GET_STACK_END() invocation, so this change is only really logic and register shuffling. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22390697bf1b4cd3024f2d10893dec3c3ec08a9c) --- xen/arch/x86/x86_64/compat/entry.S | 4 +++- xen/arch/x86/x86_64/entry.S | 44 +++++++++++++++++++++----------------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index fab85eb733..a32b95f7c3 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,6 +18,8 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, EFRAME_entry_vector(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ @@ -25,7 +27,7 @@ ENTRY(entry_int82) CR4_PV32_RESTORE - GET_CURRENT(bx) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov %rsp, %rdi call do_entry_int82 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 029b1efaac..c52229d032 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -266,21 +266,22 @@ ENTRY(lstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Llstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Llstar_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx testb $TF_kernel_mode,VCPU_thread_flags(%rbx) jz switch_to_kernel @@ -303,23 +304,24 @@ ENTRY(cstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lcstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lcstar_cr3_okay: sti CR4_PV32_RESTORE - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx #ifdef CONFIG_PV32 movq VCPU_domain(%rbx), %rcx @@ -344,23 +346,24 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lsyse_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl @@ -398,17 +401,18 @@ ENTRY(int80_direct_trap) movl $0x80, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lint80_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lint80_cr3_okay: sti @@ -418,7 +422,7 @@ UNLIKELY_START(ne, msi_check) call check_for_unexpected_msi UNLIKELY_END(msi_check) - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov VCPU_trap_ctxt(%rbx), %rsi mov VCPU_domain(%rbx), %rax -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:28:37 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:28:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702743.1098165 (Exim 4.92) (envelope-from ) id 1ruFGv-0007Oo-8I; Tue, 09 Apr 2024 17:28:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702743.1098165; Tue, 09 Apr 2024 17:28:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGv-0007Og-5h; Tue, 09 Apr 2024 17:28:37 +0000 Received: by outflank-mailman (input) for mailman id 702743; Tue, 09 Apr 2024 17:28:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGt-0007OP-8M for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFGt-0005pJ-7a for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFGt-0007VF-6j for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=INiq2NQrDdFzthRlKlIHt3elx3VWnwTF/35UUohBa3A=; b=oZz8yfK4xjJPnvkfprgT0nlpzT FOoHsp0LWleMtt5lT6TtMDTR20KbFqnJJ/Mm8V+1CcVeOb6QM9Ku6vxqFphNx1zG98n1A863ZgiYv PsWNb0JtfStsk5/D+ztNN6122olm1drhisfdQ5vQB8zeGCe55aPkA1D1rDjQcJTrQtT8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} Message-Id: Date: Tue, 09 Apr 2024 17:28:35 +0000 commit 6107fa01870e33ab59969f5f21f959352a3670d5 Author: Andrew Cooper AuthorDate: Fri Mar 22 12:08:02 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} ... as we do in the exit paths too. This will allow simplification to the sub-blocks. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9607aeb6602b8ed9962404de3f5f90170ffddb66) --- xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++++------ xen/include/asm-x86/spec_ctrl_asm.h | 10 +++++++--- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index a32b95f7c3..ff462a92e0 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,7 +20,7 @@ ENTRY(entry_int82) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ sti diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index c52229d032..09f143354e 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -268,7 +268,7 @@ ENTRY(lstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -306,7 +306,7 @@ ENTRY(cstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -348,7 +348,7 @@ GLOBAL(sysenter_eflags_saved) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ @@ -403,7 +403,7 @@ ENTRY(int80_direct_trap) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -704,7 +704,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -738,7 +738,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index d536a79f28..de6a6e4ff1 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -268,9 +268,11 @@ */ .macro SPEC_CTRL_ENTRY_FROM_PV /* - * Requires %rsp=regs/cpuinfo, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs/cpuinfo, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ X86_FEATURE_IBPB_ENTRY_PV @@ -294,8 +296,10 @@ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + testb $3, UREGS_cs(%rsp) jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:28:47 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:28:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702744.1098170 (Exim 4.92) (envelope-from ) id 1ruFH5-0007Sd-9s; Tue, 09 Apr 2024 17:28:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702744.1098170; Tue, 09 Apr 2024 17:28:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFH5-0007SU-79; Tue, 09 Apr 2024 17:28:47 +0000 Received: by outflank-mailman (input) for mailman id 702744; Tue, 09 Apr 2024 17:28:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFH3-0007SG-BO for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFH3-0005pj-Ah for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFH3-0007Vs-9j for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZROGJLknW4uR6LICXnqhYgype0LbRew9fsF7bmsnva0=; b=bbC+323P391BAFd14mWUg6Swon sTtBD0bXQGkmqCM5bKuSMheHnk32Pm9QN0CupCKlmc/SNLiPPqzQ6G096ZZtgauekau+v7eGPZslP 604Ox+T51jaSoVP9K/arvUYY30cqmr4+kIVTvOZtiMIPixF8HxF5JNCVIBhbUIkQiFbA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Simplify DO_COND_IBPB Message-Id: Date: Tue, 09 Apr 2024 17:28:45 +0000 commit 7efe5a0eee0e4f593c064b7f1b106acc74d8c7f9 Author: Andrew Cooper AuthorDate: Fri Mar 22 14:33:17 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Simplify DO_COND_IBPB With the prior refactoring, SPEC_CTRL_ENTRY_{PV,INTR} both load SCF into %ebx, and handle the conditional safety including skipping if interrupting Xen. Therefore, we can drop the maybexen parameter and the conditional safety. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 2378d16a931de0e62c03669169989e9437306abe) --- xen/include/asm-x86/spec_ctrl_asm.h | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index de6a6e4ff1..89edcf62fd 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -87,33 +87,21 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ -.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +.macro DO_COND_IBPB /* - * Requires %rsp=regs (also cpuinfo if !maybexen) - * Requires %r14=stack_end (if maybexen), %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rbx=SCF, %rdx=0 + * Clobbers %rax, %rcx * - * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen - * case, we can safely look at UREGS_cs to skip taking the hit when - * interrupting Xen. + * Conditionally issue IBPB if SCF_entry_ibpb is active. */ - .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) - jz .L\@_skip - testb $3, UREGS_cs(%rsp) - .else - testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) - .endif + testb $SCF_entry_ibpb, %bl jz .L\@_skip mov $MSR_PRED_CMD, %ecx mov $PRED_CMD_IBPB, %eax wrmsr - jmp .L\@_done .L\@_skip: - lfence -.L\@_done: .endm .macro DO_OVERWRITE_RSB tmp=rax xu @@ -273,8 +261,7 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -303,8 +290,7 @@ testb $3, UREGS_cs(%rsp) jz .L\@_skip - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -344,7 +330,7 @@ * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of: - * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_COND_IBPB * DO_OVERWRITE_RSB * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:28:57 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:28:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702745.1098175 (Exim 4.92) (envelope-from ) id 1ruFHF-0007YC-CH; Tue, 09 Apr 2024 17:28:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702745.1098175; Tue, 09 Apr 2024 17:28:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHF-0007Y4-8Y; Tue, 09 Apr 2024 17:28:57 +0000 Received: by outflank-mailman (input) for mailman id 702745; Tue, 09 Apr 2024 17:28:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHD-0007W2-EI for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHD-0005ps-DY for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFHD-0007WI-Cr for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:28:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PGA3fd/yI2OyqQmMmfxkhsSQMQyXAkMQxbGTAtOKkXk=; b=RYTKRsAOl/M7Hbzf6XLODxyqz3 8ugCEHs6KPbpzXYiv2mREHEZom5a8p5yP9TfaHKftz8sxdNCuUnYpL4Sdnd+/EROAzj1VPSegUGNO w3USFJeKyy10ZUwd5ngvnTiS6Y8y+FeHFmtiL7VwZ57uIvKLxCU9dncUZ7vzML9eHHwQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* Message-Id: Date: Tue, 09 Apr 2024 17:28:55 +0000 commit ec8f105f9c7744408ddea6b320d55703f9e0f522 Author: Andrew Cooper AuthorDate: Mon Mar 25 11:09:35 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* The complexity is getting out of hand. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 40dea83b75386cb693481cf340024ce093be5c0f) --- xen/arch/x86/hvm/svm/entry.S | 14 +++++++++ xen/arch/x86/hvm/vmx/entry.S | 14 +++++++++ xen/include/asm-x86/spec_ctrl_asm.h | 59 +++++++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 73c35bc27d..19a148ee32 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -100,6 +100,11 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular + * making type-confused RETs safe to use. This is not needed on Zen5 + * and later parts when SRSO_MSR_FIX (BP-SPEC-REDUCE) is in use. + */ .macro svm_vmexit_cond_ibpb testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb @@ -111,8 +116,17 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + /* + * RSB (RAS/RAP) stuffing is to prevents RET predictions following guest + * entries. This is not needed on Zen4 and later, when AutoIBRS is in + * use. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting, making indirect CALLs/JMPs + * safe to use. The guest's setting resides in the VMCB. + */ .macro svm_vmexit_spec_ctrl movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax movzbl CPUINFO_last_spec_ctrl(%rsp), %edx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 8d5b683879..008d76a6e1 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -34,8 +34,22 @@ ENTRY(vmx_asm_vmexit_handler) mov %rax,VCPU_hvm_guest_cr2(%rbx) /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* + * RSB stuffing is to prevents RET predictions following guest + * entries. This is *not* sufficient to flush all RSB entries on + * parts enumerating eIBRS, although the following restore_spec_ctrl + * does covers us. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting. The guest's value resides in + * the MSR load/save list. For Legacy IBRS, this flushes/inhibits + * indirect predictions and does not flush the RSB. For eIBRS, this + * prevents CALLs/JMPs using predictions learnt at a lower predictor + * mode, and it flushes the RSB. On eIBRS parts that also suffer from + * PBRSB, the prior RSB stuffing suffices to make the RSB safe. + */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 89edcf62fd..1cc20e37c2 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -261,10 +261,32 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. + */ ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * This is not needed if SMEP is active and the RSB is full-width. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. The + * guest can't change it's value behind Xen's back. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. + */ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV @@ -287,6 +309,14 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * All safety notes the same as SPEC_CTRL_ENTRY_FROM_PV, although there is + * a conditional jump skipping some actions when interrupting Xen. + * + * On Intel parts, the IRET #GP path ends up here with the guest's choice + * of MSR_SPEC_CTRL. + */ + testb $3, UREGS_cs(%rsp) jz .L\@_skip @@ -337,6 +367,19 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. The SVM path takes care of + * Host/Guest interactions prior to clearing GIF, and it's not used on the + * VMX path. + */ test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -346,6 +389,12 @@ .L\@_skip_ibpb: + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * SCF_ist_rsb is active if either PV or HVM protections are needed. The + * VMX path cannot guarantee to make the RSB safe ahead of taking an IST + * vector. + */ test $SCF_ist_rsb, %bl jz .L\@_skip_rsb @@ -353,6 +402,16 @@ .L\@_skip_rsb: + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. PV + * guests can't change their value behind Xen's back. HVM guests have + * their value stored in the MSR load/save list. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. On eIBRS parts that also + * suffer from PBRSB, the prior RSB stuffing suffices to make the RSB + * safe. + */ test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:29:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:29:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702746.1098179 (Exim 4.92) (envelope-from ) id 1ruFHP-0007as-D4; Tue, 09 Apr 2024 17:29:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702746.1098179; Tue, 09 Apr 2024 17:29:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHP-0007ak-A3; Tue, 09 Apr 2024 17:29:07 +0000 Received: by outflank-mailman (input) for mailman id 702746; Tue, 09 Apr 2024 17:29:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHN-0007aY-IO for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHN-0005q9-Hc for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFHN-0007Wy-G2 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+uMfh04EasuxZl1/JAxdP6PpPKnKm+45Ye8pC7gr7D0=; b=N2WpeFBrdsE2QR2Jk9fKD4g74B 9E+5iQNk7s40UKCa14CAaR9QUwhdecCQoOy96U577oBih/NzZrtn81XeRJZHLAPt1R0G+KAS8ttyH j6Uys5NIkGCQQ/PWborGe8bTQLIF7AqitNkcwLjJ60bmTr3ogi+k0vvoz1xKippMt/xI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/vmx: Add support for virtualize SPEC_CTRL Message-Id: Date: Tue, 09 Apr 2024 17:29:05 +0000 commit 295bf24af77c0556fe023ce727734fd27226b37c Author: Roger Pau Monne AuthorDate: Thu Feb 15 17:46:53 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/vmx: Add support for virtualize SPEC_CTRL The feature is defined in the tertiary exec control, and is available starting from Sapphire Rapids and Alder Lake CPUs. When enabled, two extra VMCS fields are used: SPEC_CTRL mask and shadow. Bits set in mask are not allowed to be toggled by the guest (either set or clear) and the value in the shadow field is the value the guest expects to be in the SPEC_CTRL register. By using it the hypervisor can force the value of SPEC_CTRL bits behind the guest back without having to trap all accesses to SPEC_CTRL, note that no bits are forced into the guest as part of this patch. It also allows getting rid of SPEC_CTRL in the guest MSR load list, since the value in the shadow field will be loaded by the hardware on vmentry. Signed-off-by: Roger Pau Monné Signed-off-by: Andrew Cooper (cherry picked from commit 97c5b8b657e41a6645de9d40713b881234417b49) --- xen/arch/x86/hvm/vmx/vmcs.c | 12 ++++++++- xen/arch/x86/hvm/vmx/vmx.c | 55 ++++++++++++++++++++++++++++++++------ xen/include/asm-x86/hvm/vmx/vmcs.h | 5 ++++ xen/include/asm-x86/msr.h | 7 +++-- 4 files changed, 68 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index c5ef01f936..806604358b 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -210,6 +210,7 @@ static void __init vmx_display_features(void) P(cpu_has_vmx_virt_exceptions, "Virtualisation Exceptions"); P(cpu_has_vmx_pml, "Page Modification Logging"); P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); + P(cpu_has_vmx_virt_spec_ctrl, "Virtualize SPEC_CTRL"); #undef P if ( !printed ) @@ -370,7 +371,7 @@ static int vmx_init_vmcs_config(bool bsp) if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) { - uint64_t opt = 0; + uint64_t opt = TERTIARY_EXEC_VIRT_SPEC_CTRL; _vmx_tertiary_exec_control = adjust_vmx_controls2( "Tertiary Exec Control", 0, opt, @@ -1379,6 +1380,12 @@ static int construct_vmcs(struct vcpu *v) if ( cpu_has_vmx_tsc_scaling ) __vmwrite(TSC_MULTIPLIER, d->arch.hvm.tsc_scaling_ratio); + if ( cpu_has_vmx_virt_spec_ctrl ) + { + __vmwrite(SPEC_CTRL_MASK, 0); + __vmwrite(SPEC_CTRL_SHADOW, 0); + } + /* will update HOST & GUEST_CR3 as reqd */ paging_update_paging_modes(v); @@ -2089,6 +2096,9 @@ void vmcs_dump_vcpu(struct vcpu *v) if ( v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY ) printk("InterruptStatus = %04x\n", vmr16(GUEST_INTR_STATUS)); + if ( cpu_has_vmx_virt_spec_ctrl ) + printk("SPEC_CTRL mask = 0x%016lx shadow = 0x%016lx\n", + vmr(SPEC_CTRL_MASK), vmr(SPEC_CTRL_SHADOW)); printk("*** Host State ***\n"); printk("RIP = 0x%016lx (%ps) RSP = 0x%016lx\n", diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 2cbed4b21e..c86aeeafb2 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -757,23 +757,28 @@ static void vmx_cpuid_policy_changed(struct vcpu *v) /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored. + * + * If VMX_VIRT_SPEC_CTRL is available, it is activated by default and the + * guest MSR_SPEC_CTRL value lives in the VMCS. Otherwise, it lives in + * the MSR load/save list. */ if ( cp->feat.ibrsb ) { vmx_clear_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); - if ( rc ) - goto out; + if ( !cpu_has_vmx_virt_spec_ctrl ) + { + rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); + if ( rc ) + goto out; + } } else { vmx_set_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); - if ( rc && rc != -ESRCH ) - goto out; - rc = 0; /* Tolerate -ESRCH */ + if ( !cpu_has_vmx_virt_spec_ctrl ) + vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ @@ -2583,9 +2588,14 @@ static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) uint64_t val = 0; int rc; + /* Logic which doesn't require remote VMCS acquisition. */ switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - fetched below. */ + break; + rc = vmx_read_guest_msr(v, reg, &val); if ( rc ) { @@ -2594,13 +2604,26 @@ static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) domain_crash(d); } return val; + } + + /* Logic which maybe requires remote VMCS acquisition. */ + vmx_vmcs_enter(v); + switch ( reg ) + { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmread(SPEC_CTRL_SHADOW, &val); + break; default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); domain_crash(d); - return 0; + break; } + vmx_vmcs_exit(v); + + return val; } static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) @@ -2608,9 +2631,14 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) struct domain *d = v->domain; int rc; + /* Logic which doesn't require remote VMCS acquisition. */ switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - set below. */ + break; + rc = vmx_write_guest_msr(v, reg, val); if ( rc ) { @@ -2619,12 +2647,23 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) domain_crash(d); } break; + } + + /* Logic which maybe requires remote VMCS acquisition. */ + vmx_vmcs_enter(v); + switch ( reg ) + { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmwrite(SPEC_CTRL_SHADOW, val); + break; default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); domain_crash(d); } + vmx_vmcs_exit(v); } static struct hvm_function_table __initdata vmx_function_table = { diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 9b246b802b..2b4de99ed4 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -279,6 +279,9 @@ extern u32 vmx_secondary_exec_control; #define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) extern uint64_t vmx_tertiary_exec_control; +#define cpu_has_vmx_virt_spec_ctrl \ + (vmx_tertiary_exec_control & TERTIARY_EXEC_VIRT_SPEC_CTRL) + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -436,6 +439,8 @@ enum vmcs_field { XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, TERTIARY_VM_EXEC_CONTROL = 0x00002034, + SPEC_CTRL_MASK = 0x0000204a, + SPEC_CTRL_SHADOW = 0x0000204c, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index c37b9e771b..a7ad9bd189 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -289,8 +289,11 @@ struct vcpu_msrs * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. * - * For VT-x guests, the guest value is held in the MSR guest load/save - * list. + * For VT-x guests, one of two situations exist: + * + * - If hardware supports virtualized MSR_SPEC_CTRL, it is active by + * default and the guest value lives in the VMCS. + * - Otherwise, the guest value is held in the MSR load/save list. * * For SVM, the guest value lives in the VMCB, and hardware saves/restores * the host value automatically. However, guests run with the OR of the -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:29:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:29:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702747.1098182 (Exim 4.92) (envelope-from ) id 1ruFHY-0007eu-GP; Tue, 09 Apr 2024 17:29:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702747.1098182; Tue, 09 Apr 2024 17:29:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHY-0007em-Dm; Tue, 09 Apr 2024 17:29:16 +0000 Received: by outflank-mailman (input) for mailman id 702747; Tue, 09 Apr 2024 17:29:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHX-0007eb-LU for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHX-0005qF-Kf for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFHX-0007XV-Jy for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n6ig/L+icrrleUShoMHQOHWxe9Mi/7Eh5o83Aps62Xs=; b=udd3w++BhSQFl7CXoYlm6Fc/+c X6bGnjJU4PhrdDL09PhPeQrNPjy/LsglpPx6d+tFiqRNaC9kvuZ7v/SdkmQHPuEPJhh9U5oCj49FY vXtekR7R8FSFQmrihesOwTKWmYuIJ9QkfJVmRQ7cLMfp6kl/LACtwvMhDhkrZEIEZOf0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Message-Id: Date: Tue, 09 Apr 2024 17:29:15 +0000 commit cc6d74c001c57c6722c7084d6fa3468bae419150 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:43:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Right now, they're all bytes, but MSR_SPEC_CTRL has been steadily gaining new features. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 45dac88e78e8a2d9d8738eef884fe6730faf9e67) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/spec_ctrl.c | 2 +- xen/include/asm-x86/current.h | 4 ++-- xen/include/asm-x86/spec_ctrl.h | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 19a148ee32..badfed87ae 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -61,14 +61,14 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ .macro svm_vmentry_spec_ctrl mov VCPU_arch_msrs(%rbx), %rax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_last_spec_ctrl(%rsp), %edx mov VCPUMSR_spec_ctrl_raw(%rax), %eax cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM @@ -128,14 +128,14 @@ __UNLIKELY_END(nsvm_hap) * safe to use. The guest's setting resides in the VMCB. */ .macro svm_vmexit_spec_ctrl - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_last_spec_ctrl(%rsp), %edx cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 008d76a6e1..9250eb1839 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -52,7 +52,7 @@ ENTRY(vmx_asm_vmexit_handler) */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax xor %edx, %edx wrmsr .endm diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 695830fc25..18e0f87df7 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -66,7 +66,7 @@ static bool __initdata opt_branch_harden = true; static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __read_mostly default_xen_spec_ctrl; +unsigned int __read_mostly default_xen_spec_ctrl; uint8_t __read_mostly default_scf; paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 138ad63165..2641573d52 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -55,8 +55,8 @@ struct cpu_info { /* See asm-x86/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; - uint8_t xen_spec_ctrl; - uint8_t last_spec_ctrl; + unsigned int xen_spec_ctrl; + unsigned int last_spec_ctrl; uint8_t scf; /* SCF_* */ /* diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 8fc350abe2..7048e5ee21 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -93,7 +93,7 @@ extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; -extern uint8_t default_xen_spec_ctrl; +extern unsigned int default_xen_spec_ctrl; extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 1cc20e37c2..ccaa3d3506 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -222,10 +222,10 @@ setnz %al not %eax and %al, STACK_CPUINFO_FIELD(scf)(%r14) - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else andb $~SCF_use_shadow, CPUINFO_scf(%rsp) - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax .endif wrmsr @@ -423,7 +423,7 @@ /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr .L\@_skip_msr_spec_ctrl: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:29:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:29:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702748.1098185 (Exim 4.92) (envelope-from ) id 1ruFHi-0007hF-Hq; Tue, 09 Apr 2024 17:29:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702748.1098185; Tue, 09 Apr 2024 17:29:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHi-0007h8-FE; Tue, 09 Apr 2024 17:29:26 +0000 Received: by outflank-mailman (input) for mailman id 702748; Tue, 09 Apr 2024 17:29:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHh-0007h2-OE for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHh-0005qN-NX for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFHh-0007YG-Mt for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=da2/tvoFTWCjtYzcVowXPEG1eDHsExU9dvws4aTt9Po=; b=leGYq6SLu4+stJfegsNdBsyXqL UEHFPTd58wQ9CL/v0f5tv5Sej1XzXFza6toQKLi215+6g5BgXLY7G2gw+SZv7zGHPwbhcUgOcm4IZ iOB5KwtIW8+pY1LenKuZptEbUi0lhM3bNkOfuvKxzkAA0M07Z1d3CnMERw7inQV8J+CI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86: Use indirect calls in reset-stack infrastructure Message-Id: Date: Tue, 09 Apr 2024 17:29:25 +0000 commit 25a496fd22b7ef3b808c0dda35c4610ef41ef632 Author: Andrew Cooper AuthorDate: Fri Dec 22 17:44:48 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86: Use indirect calls in reset-stack infrastructure Mixing up JMP and CALL indirect targets leads a very fun form of speculative type confusion. A target which is expecting to be called CALLed needs a return address on the stack, and an indirect JMP doesn't place one there. An indirect JMP which predicts to a target intending to be CALLed can end up with a RET speculatively executing with a value from the JMPers stack frame. There are several ways get indirect JMPs in Xen. * From tailcall optimisations. These are safe because the compiler has arranged the stack to point at the callee's return address. * From jump tables. These are unsafe, but Xen is built with -fno-jump-tables to work around several compiler issues. * From reset_stack_and_jump_ind(), which is particularly unsafe. Because of the additional stack adjustment made, the value picked up off the stack is regs->r15 of the next vCPU to run. In order to mitigate this type confusion, we want to make all indirect targets be CALL targets, and remove the use of indirect JMP except via tailcall optimisation. Luckily due to XSA-348, all C target functions of reset_stack_and_jump_ind() are noreturn. {svm,vmx}_do_resume() exits via reset_stack_and_jump(); a direct JMP with entirely different prediction properties. idle_loop() is an infinite loop which eventually exits via reset_stack_and_jump_ind() from a new schedule. i.e. These paths are all fine having one extra return address on the stack. This leaves continue_pv_domain(), which is expecting to be a JMP target. Alter it to strip the return address off the stack, which is safe because there isn't actually a RET expecting to return to its caller. This allows us change reset_stack_and_jump_ind() to reset_stack_and_call_ind() in order to mitigate the speculative type confusion. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8e186f98ce0e35d1754ec9299da41ec98873b65c) --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/x86_64/entry.S | 8 ++++++++ xen/include/asm-x86/current.h | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 440f518328..1d44f6fc07 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2108,12 +2108,12 @@ void context_switch(struct vcpu *prev, struct vcpu *next) /* Ensure that the vcpu has an up-to-date time base. */ update_vcpu_system_time(next); - reset_stack_and_jump_ind(nextd->arch.ctxt_switch->tail); + reset_stack_and_call_ind(nextd->arch.ctxt_switch->tail); } void continue_running(struct vcpu *same) { - reset_stack_and_jump_ind(same->domain->arch.ctxt_switch->tail); + reset_stack_and_call_ind(same->domain->arch.ctxt_switch->tail); } int __sync_local_execstate(void) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 09f143354e..67ca00dbe1 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -637,6 +637,14 @@ ENTRY(dom_crash_sync_extable) #ifdef CONFIG_PV ENTRY(continue_pv_domain) ENDBR64 + + /* + * For speculative type confusion reasons, we're CALLed rather than + * JMPed to. Drop the return address. + */ + add $8, %rsp + ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK + call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 2641573d52..a0e7dbeaf9 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -197,8 +197,8 @@ unsigned long get_stack_dump_bottom (unsigned long sp); switch_stack_and_jump(fn, "jmp %c", "i") /* The constraint may only specify non-call-clobbered registers. */ -#define reset_stack_and_jump_ind(fn) \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b") +#define reset_stack_and_call_ind(fn) \ + switch_stack_and_jump(fn, "INDIRECT_CALL %", "b") /* * Which VCPU's state is currently running on each CPU? -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:29:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:29:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702749.1098190 (Exim 4.92) (envelope-from ) id 1ruFHs-0007kK-JQ; Tue, 09 Apr 2024 17:29:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702749.1098190; Tue, 09 Apr 2024 17:29:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHs-0007kC-Gv; Tue, 09 Apr 2024 17:29:36 +0000 Received: by outflank-mailman (input) for mailman id 702749; Tue, 09 Apr 2024 17:29:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHr-0007k2-Rh for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFHr-0005s2-Qw for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFHr-0007Yn-PY for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PpteZT1LoFOybU5JkkQDW+WEKabAEj3/Btwh0Xdi9cQ=; b=dinqZ5ukzS92+RbsvCphF0NJYd JXmobVm7GXQU1kztXchqUtC0VRNPwKshyWJVmHnDstUEufEvCrjmMEe2rZGYO5qzrOFcY9SWZ4DUA a3lbmsU4NJ9alE5xL2GbopIUIeFNlJpEa+BDTaCWMtcm80Rc+f/8gmaixvBR6hrToGgI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86: Drop INDIRECT_JMP Message-Id: Date: Tue, 09 Apr 2024 17:29:35 +0000 commit 21113031fc0db5ff3de8bfb7a441f06e169a931b Author: Andrew Cooper AuthorDate: Fri Dec 22 18:01:37 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86: Drop INDIRECT_JMP Indirect JMPs which are not tailcalls can lead to an unwelcome form of speculative type confusion, and we've removed the uses of INDIRECT_JMP to compensate. Remove the temptation to reintroduce new instances. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0b66d7ce3c0290eaad28bdafb35200052d012b14) --- xen/include/asm-x86/asm-defns.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/xen/include/asm-x86/asm-defns.h b/xen/include/asm-x86/asm-defns.h index 8bd9007731..7e22fcb9c0 100644 --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -20,10 +20,9 @@ .byte 0x0f, 0x01, 0xdd .endm -.macro INDIRECT_BRANCH insn:req arg:req +.macro INDIRECT_CALL arg:req /* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. + * Create an indirect call. arg is a single register. * * With no compiler support, this degrades into a plain indirect call/jmp. * With compiler support, dispatch to the correct __x86_indirect_thunk_* @@ -33,7 +32,7 @@ $done = 0 .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg + call __x86_indirect_thunk_r\reg $done = 1 .exitm .endif @@ -44,19 +43,10 @@ .endif .else - \insn *\arg + call *\arg .endif .endm -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp \arg -.endm - #ifdef CONFIG_XEN_IBT # define ENDBR64 endbr64 #else -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:29:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:29:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702750.1098193 (Exim 4.92) (envelope-from ) id 1ruFI2-0007o6-Kr; Tue, 09 Apr 2024 17:29:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702750.1098193; Tue, 09 Apr 2024 17:29:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFI2-0007ny-IN; Tue, 09 Apr 2024 17:29:46 +0000 Received: by outflank-mailman (input) for mailman id 702750; Tue, 09 Apr 2024 17:29:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFI1-0007ns-Ul for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFI1-0005sM-Tx for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFI1-0007ZJ-T8 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jdk9KVSHCtVsjXg+MutRqGwd8GjOZCmI/FvYoZgqOn0=; b=pgtlK//l7R+lWhQvdr62OSN8NG x+hU/PyZdWXJn8hAgAbWBcn99RZ+kp+ukNruKii9qXoI4bUPuJckvcOU6KS1+e+/EA9b13pfM3Snd gZ3NWhHpX94KX9TcmUnOUPpW0RNsQYqY7Ssipc7uksdKA0sn/JydBcNW0KWi+5tS1JCw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/tsx: Expose RTM_ALWAYS_ABORT to guests Message-Id: Date: Tue, 09 Apr 2024 17:29:45 +0000 commit cf630e30dc4267d6b14ae95d345c8e3bb638ca82 Author: Andrew Cooper AuthorDate: Sat Apr 6 20:36:54 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/tsx: Expose RTM_ALWAYS_ABORT to guests A TSX Abort is one option mitigate Native-BHI, but a guest kernel doesn't get to see this if Xen has turned RTM off using MSR_TSX_{CTRL,FORCE_ABORT}. Therefore, the meaning of RTM_ALWAYS_ABORT has been adjusted to "XBEGIN won't fault", and it should be exposed to guests so they can make a better decision. Expose it in the max policy for any RTM-capable system. Offer it by default only if RTM has been disabled. Update test-tsx to account for this new meaning. While adjusting the logic in test_guest_policies(), take the opportunity to use feature names (now they're available) to make the logic easier to follow. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c94e2105924347de0d9f32065370e802a20cc829) --- tools/tests/tsx/test-tsx.c | 39 +++++++++++++++++++---------- xen/arch/x86/cpu-policy.c | 20 +++++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 47 insertions(+), 14 deletions(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index 0f4ea5f9c4..fab5c9a367 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -311,25 +311,25 @@ static void test_guest_policies(const struct cpu_policy *max, dump_tsx_details(max, "Max:"); dump_tsx_details(def, "Def:"); - if ( ((max->feat.raw[0].d | def->feat.raw[0].d) & - (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | - bitmaskof(X86_FEATURE_SRBDS_CTRL))) || - ((max->arch_caps.raw | def->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) + if ( max->feat.tsx_force_abort || def->feat.tsx_force_abort || + max->feat.srbds_ctrl || def->feat.srbds_ctrl || + max->arch_caps.tsx_ctrl || def->arch_caps.tsx_ctrl ) fail(" Xen-only TSX controls offered to guest\n"); switch ( rtm_behaviour ) { case RTM_UD: - if ( (max->feat.raw[0].b | def->feat.raw[0].b) & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) - fail(" HLE/RTM offered to guests despite not being available\n"); + if ( max->feat.hle || def->feat.hle || + max->feat.rtm || def->feat.rtm || + max->feat.rtm_always_abort || def->feat.rtm_always_abort ) + fail(" HLE/RTM/RTM_AA offered to guests despite not being available\n"); break; case RTM_ABORT: - if ( def->feat.raw[0].b & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) + if ( def->feat.hle || def->feat.rtm ) fail(" HLE/RTM offered to guests by default despite not being usable\n"); + if ( !def->feat.rtm_always_abort ) + fail(" RTM_AA not offered to guests by default despite being available\n"); break; case RTM_OK: @@ -340,6 +340,9 @@ static void test_guest_policies(const struct cpu_policy *max, if ( def->feat.hle ) fail(" Fail: HLE offered in default policy\n"); + + if ( def->feat.rtm && def->feat.rtm_always_abort ) + fail(" Fail: Both RTM and RTM_AA offered in default policy\n"); } static void test_def_max_policies(void) @@ -388,14 +391,13 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.hle || guest_policy.policy.feat.tsx_force_abort || - guest_policy.policy.feat.rtm_always_abort || guest_policy.policy.feat.srbds_ctrl || guest_policy.policy.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); if ( host.policy.feat.rtm ) { - unsigned int _7b0; + unsigned int _7b0, _7d0; /* * If host RTM is available, all combinations of guest flags should be @@ -403,6 +405,8 @@ static void test_guest(struct xen_domctl_createdomain *c) */ _7b0 = (guest_policy.policy.feat.raw[0].b ^= (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM))); + _7d0 = (guest_policy.policy.feat.raw[0].d ^= + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT)); /* Set the new policy. */ rc = xc_cpu_policy_set_domain(xch, domid, &guest_policy); @@ -426,10 +430,17 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.raw[0].b != _7b0 ) { - fail(" Expected CPUID.7[1].b 0x%08x differs from actual 0x%08x\n", + fail(" Expected CPUID.7[0].b 0x%08x differs from actual 0x%08x\n", _7b0, guest_policy.policy.feat.raw[0].b); goto out; } + + if ( guest_policy.policy.feat.raw[0].d != _7d0 ) + { + fail(" Expected CPUID.7[0].d 0x%08x differs from actual 0x%08x\n", + _7d0, guest_policy.policy.feat.raw[0].d); + goto out; + } } out: @@ -514,6 +525,8 @@ static void test_tsx(void) i, errno, strerror(errno)); } + dump_tsx_details(&host.policy, "Host:"); + rc = xc_physinfo(xch, &physinfo); if ( rc ) return fail("Failed to obtain physinfo: %d - %s\n", diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index c872afda3e..109b003538 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -457,6 +457,21 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) raw_cpu_policy.feat.clwb ) __set_bit(X86_FEATURE_CLWB, fs); } + + /* + * To mitigate Native-BHI, one option is to use a TSX Abort on capable + * systems. This is safe even if RTM has been disabled for other reasons + * via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel doesn't get to + * know this type of information. + * + * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to instead + * mean "XBEGIN won't fault". This is enough for a guest kernel to make + * an informed choice WRT mitigating Native-BHI. + * + * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT. + */ + if ( test_bit(X86_FEATURE_RTM, fs) ) + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -517,9 +532,14 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) * function as expected, but is technically compatible with the ISA. * * Do not advertise RTM to guests by default if it won't actually work. + * Instead, advertise RTM_ALWAYS_ABORT indicating that TSX Aborts are safe + * to use, e.g. for mitigating Native-BHI. */ if ( rtm_disabled ) + { __clear_bit(X86_FEATURE_RTM, fs); + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); + } } static void __init guest_common_feature_adjustments(uint32_t *fs) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 5a694e040d..855029aabd 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -276,7 +276,7 @@ XEN_CPUFEATURE(FSRM, 9*32+ 4) /*A Fast Short REP MOVS */ XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a VP2INTERSECT{D,Q} insns */ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A VERW clears microarchitectural buffers */ -XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! June 2021 TSX defeaturing in microcode. */ +XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! RTM disabled (but XBEGIN wont fault) */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*a SERIALIZE insn */ XEN_CPUFEATURE(HYBRID, 9*32+15) /* Heterogeneous platform */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:29:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:29:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702751.1098200 (Exim 4.92) (envelope-from ) id 1ruFIC-0007sS-No; Tue, 09 Apr 2024 17:29:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702751.1098200; Tue, 09 Apr 2024 17:29:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIC-0007sL-Js; Tue, 09 Apr 2024 17:29:56 +0000 Received: by outflank-mailman (input) for mailman id 702751; Tue, 09 Apr 2024 17:29:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIC-0007sB-1h for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIC-0005sT-11 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFIC-0007Zi-0J for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:29:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3guTN9EngS/iMLLxTNSpH+dbq4mua78r+WRlKosxjI0=; b=fvCfdpN3mbH6wzqgFFbHQ/IAZ7 UJBZqVYxJhLF3tIPXAucdiBVZS2C7Lza/xGBNFbNitDW8XpVaQ4UEOVHtHft+mv6khRExT3WQLlgX IZZrNEZwHtiJX0WW2P5FGMVZtIk2z/w9ZYezm4CGcz+UkX0l/XwwL2ca6bqFGUx9y+Xc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Message-Id: Date: Tue, 09 Apr 2024 17:29:56 +0000 commit 028ef7630704f0c7254f5cd0ea5ffbacf92267f2 Author: Andrew Cooper AuthorDate: Tue Mar 26 19:01:37 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Introduce a "bhi-dis-s" boolean to match the other options we have for MSR_SPEC_CTRL values. Also introduce bhi_calculations(). Use BHI_DIS_S whenever possible. Guests which are levelled to be migration compatible with older CPUs can't see BHI_DIS_S, and Xen must fill in the difference to make the guest safe. Use the virt MSR_SPEC_CTRL infrastructure to force BHI_DIS_S behind the guest's back. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 62a1106415c5e8a49b45147ca84d54a58d471343) --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/spec_ctrl.c | 24 +++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl.h | 1 + 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 33c32cfc1c..63f19b9c85 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2263,7 +2263,8 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). > {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, -> unpriv-mmio,gds-mit,div-scrub,lock-harden}= ]` +> unpriv-mmio,gds-mit,div-scrub,lock-harden, +> bhi-dis-s}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2342,6 +2343,11 @@ option can be used to force or prevent Xen using the feature itself. By default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by default. +On hardware supporting BHI_DIS_S (Branch History Injection Disable +Supervisor), the `bhi-dis-s=` option can be used to force or prevent Xen using +the feature itself. By default Xen will use BHI_DIS_S on hardware susceptible +to Branch History Injection. + On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` option can be used to force (the default) or prevent Xen from issuing branch prediction barriers on vcpu context switches. diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index c86aeeafb2..0041fdc88b 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -58,6 +58,7 @@ #include #include #include +#include #include static bool_t __initdata opt_force_ept; @@ -781,6 +782,22 @@ static void vmx_cpuid_policy_changed(struct vcpu *v) vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } + if ( cpu_has_vmx_virt_spec_ctrl ) + { + /* + * If we're on BHI_DIS_S capable hardware, the short loop sequence is + * not sufficient to mitigate Native-BHI. If the VM can't see it + * (i.e. it's levelled with older hardware), force it behind the + * guests back for safey. + * + * Because there's not a real Host/Guest split of the MSR_SPEC_CTRL + * value, this only works as expected when Xen is using BHI_DIS_S too. + */ + bool force_bhi_dis_s = opt_bhi_dis_s && !cp->feat.bhi_ctrl; + + __vmwrite(SPEC_CTRL_MASK, force_bhi_dis_s ? SPEC_CTRL_BHI_DIS_S : 0); + } + /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ if ( cp->feat.ibrsb || cp->extd.ibpb ) vmx_clear_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 18e0f87df7..2e890c5d54 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -58,6 +58,7 @@ static int8_t __initdata opt_ibrs = -1; int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; +int8_t __read_mostly opt_bhi_dis_s = -1; int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; @@ -274,6 +275,8 @@ static int __init parse_spec_ctrl(const char *s) opt_ssbd = val; else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) opt_psfd = val; + else if ( (val = parse_boolean("bhi-dis-s", s, ss)) >= 0 ) + opt_bhi_dis_s = val; /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) @@ -508,7 +511,7 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -525,6 +528,8 @@ static void __init print_details(enum ind_thunk thunk) (!boot_cpu_has(X86_FEATURE_PSFD) && !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", + !boot_cpu_has(X86_FEATURE_BHI_CTRL) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_BHI_DIS_S) ? " BHI_DIS_S+" : " BHI_DIS_S-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -1572,6 +1577,21 @@ static void __init gds_calculations(void) } } +/* + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + */ +static void __init bhi_calculations(void) +{ + if ( opt_bhi_dis_s == -1 ) + opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + + if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) + opt_bhi_dis_s = false; + + if ( opt_bhi_dis_s ) + default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; +} + void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); @@ -2111,6 +2131,8 @@ void __init init_speculation_mitigations(void) gds_calculations(); + bhi_calculations(); + print_details(thunk); /* diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 7048e5ee21..617209202b 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -89,6 +89,7 @@ static always_inline void spec_ctrl_new_guest_context(void) extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; +extern int8_t opt_bhi_dis_s; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:30:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:30:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702752.1098203 (Exim 4.92) (envelope-from ) id 1ruFIM-0000M8-QI; Tue, 09 Apr 2024 17:30:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702752.1098203; Tue, 09 Apr 2024 17:30:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIM-0000M0-Mw; Tue, 09 Apr 2024 17:30:06 +0000 Received: by outflank-mailman (input) for mailman id 702752; Tue, 09 Apr 2024 17:30:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIM-0000Lq-56 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIM-0005t2-4H for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFIM-0007ai-3S for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yFzCyjUc6BllTLhJAeDS5VDPiGU5R4H6PORtklhDikg=; b=WuehFZ2lJopllkiAkoTeqk8LS1 B1XrmfvsyaKEP9CPxdd/stXQUx7Wz4xyiI8o4P3IUlP5DiSxkRSxCv5WfBXND+Ic3UCfVm5IPrnu5 l7KkLcKLqzwlJZXHGUcgpGEHob6YYoNsr+5p6OANafrRKPl8OXtI9/tYfzNkbgj/MBFM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Software BHB-clearing sequences Message-Id: Date: Tue, 09 Apr 2024 17:30:06 +0000 commit 4e7d75c4a5e841cec840010edbc6dfcf3c8a7b61 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Software BHB-clearing sequences Implement clear_bhb_{tsx,loops}() as per the BHI guidance. The loops variant is set up as the "short" sequence. Introduce SCF_entry_bhb and extend SPEC_CTRL_ENTRY_* with a conditional call to selected clearing routine. Note that due to a limitation in the ALTERNATIVE capability, the TEST/JZ can't be included alongside a CALL in a single alternative block. This is going to require further work to untangle. The BHB sequences (if used) must be after the restoration of Xen's MSR_SPEC_CTRL value, which must be accounted for when judging whether it is safe to skip the safety LFENCEs. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 954c983abceee97bf5f6230b9ae164f2c49a9aa9) --- xen/arch/x86/Makefile | 1 + xen/arch/x86/bhb-thunk.S | 98 +++++++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/vmx/entry.S | 12 +++++ xen/arch/x86/spec_ctrl.c | 39 ++++++++------- xen/include/asm-x86/cpufeature.h | 3 ++ xen/include/asm-x86/cpufeatures.h | 3 ++ xen/include/asm-x86/spec_ctrl.h | 3 +- xen/include/asm-x86/spec_ctrl_asm.h | 30 ++++++++++++ 8 files changed, 171 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index eb63e54d93..70c596df6b 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -12,6 +12,7 @@ alternative-y := alternative.init.o alternative-$(CONFIG_LIVEPATCH) := obj-bin-y += $(alternative-y) obj-y += apic.o +obj-y += bhb-thunk.o obj-y += bitops.o obj-bin-y += bzimage.init.o obj-bin-y += clear_page.o diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S new file mode 100644 index 0000000000..f52cfb9bc2 --- /dev/null +++ b/xen/arch/x86/bhb-thunk.S @@ -0,0 +1,98 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Branch History Injection clearing sequences. + * + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + * + * Copyright (c) 2023, 2024 XenServer. + */ + .file __FILE__ + +#include + + .section .text.entry, "ax", @progbits + +/* + * Clear the Branch History Buffer using a TSX Abort. + * + * Any TSX Abort has a side effect of clearing the BHB, even when TSX is + * disabled for e.g. TAA mitigation reasons. + */ +ENTRY(clear_bhb_tsx) + .byte 0xc7, 0xf8; .long 1f - 0f /* xbegin 1f */ +0: .byte 0xc6, 0xf8, 0 /* xabort $0 */ + int3 +1: + ret + + .size clear_bhb_tsx, . - clear_bhb_tsx + .type clear_bhb_tsx, @function + +/* + * Clear the Branch History Buffer using the software sequence. + * + * Clobbers: %eax, %ecx + * + * This executes a specific number of taken branches, sufficient to displace + * all prior entries in the history tracker, therefore removing prior + * influence on subsequent BTB lookups. + * + * Structurally, it looks like this: + * + * call 1 + * call 2 + * ... 5x jmp loop + * call 2 + * ... 5x jmp loop + * ... 5x call2's deep + * + * ret + * ret + * ret + * ret + * + * The CALL/RETs are necessary to prevent the Loop Stream Detector from + * interfering. The alignment is for performance and not safety. + * + * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire + * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + */ +ENTRY(clear_bhb_loops) + mov $5, %ecx + + call 1f + jmp 5f + int3 + + .align 64 +1: call 2f + ret + int3 + + .align 64 +2: mov $5, %eax + +3: jmp 4f + int3 + +4: sub $1, %eax + jnz 3b + + sub $1, %ecx + jnz 1b + + ret +5: + /* + * The Intel sequence has an LFENCE here. The purpose is to ensure + * that all prior branches have executed, before dispatching a + * subsequent indirect branch. + * + * Xen's SPEC_CTRL_ENTRY_* blocks have safety LFENCEs at the end when + * protections are active, which suffices for this purpose. + */ + + ret + + .size clear_bhb_loops, . - clear_bhb_loops + .type clear_bhb_loops, @function diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 9250eb1839..1092d1918c 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -57,6 +57,18 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, CPUINFO_scf(%rsp) + jz .L_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2e890c5d54..2b0597938b 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2153,38 +2153,43 @@ void __init init_speculation_mitigations(void) /* * SPEC_CTRL_ENTRY_FROM_PV conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we're not using any prior conditional mitigation, - * then it's safe to drop the LFENCE. + * Otherwise, DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we do have it, or we're not using any + * prior conditional block, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); /* * SPEC_CTRL_ENTRY_FROM_INTR conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we have no protections active in the block that - * is skipped when interrupting guest context, then it's safe to drop - * the LFENCE. + * Otherwise DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we have it, or we have no protections + * active in the block that is skipped when interrupting guest + * context, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && - !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); /* * SPEC_CTRL_ENTRY_FROM_VMX conditional safety * - * Currently there are no safety actions with conditional branches, so - * no need for the extra safety LFENCE. + * A BHB sequence, if used, is the only conditional action, so if we + * don't have it, we don't need the safety LFENCE. */ - setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + if ( !cpu_has_bhb_seq ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } /* diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 1869732bcb..3935c0ad4a 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -177,6 +177,9 @@ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) +#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ + boot_cpu_has(X86_SPEC_BHB_LOOPS)) + enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 6422c66b0f..bada8912e0 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -56,5 +56,8 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ #define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ +#define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ +#define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 617209202b..4439a1b243 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -36,6 +36,7 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_entry_bhb (1 << 6) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -54,7 +55,7 @@ * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb | SCF_entry_bhb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index ccaa3d3506..3e1ef34606 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -290,6 +290,17 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm @@ -328,6 +339,13 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm @@ -428,6 +446,18 @@ .L\@_skip_msr_spec_ctrl: + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + lfence .endm -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:30:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:30:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702753.1098206 (Exim 4.92) (envelope-from ) id 1ruFIW-0000Ob-RE; Tue, 09 Apr 2024 17:30:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702753.1098206; Tue, 09 Apr 2024 17:30:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIW-0000OU-OS; Tue, 09 Apr 2024 17:30:16 +0000 Received: by outflank-mailman (input) for mailman id 702753; Tue, 09 Apr 2024 17:30:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIW-0000OJ-8i for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIW-0005t6-7v for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFIW-0007bR-72 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nqjIxePulJ9wG8hxK7Tbq3rX55fjOF83ccqtdb7933E=; b=2aJEkcUzKQldS2/LqWahMK+i/D b6BprMqWYC+aHn9JwGKaxwCicf2MnrQwceid39q066b045LkYO5dghGKho+ItcORI+DdUqJlZYcOq C7+2+BwxSWV1gGU6d9yk+hH2hIamH6E5BpYpBqXFo4sixvJyC/NemlOfhKNYgLX1uK5c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Wire up the Native-BHI software sequences Message-Id: Date: Tue, 09 Apr 2024 17:30:16 +0000 commit 27f9a778bd2538f06d02fd79f3381ff0a27f4987 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Wire up the Native-BHI software sequences In the absence of BHI_DIS_S, mitigating Native-BHI requires the use of a software sequence. Introduce a new bhb-seq= option to select between avaialble sequences and bhb-entry= to control the per-PV/HVM actions like we have for other blocks. Activate the short sequence by default for PV and HVM guests on affected hardware if BHI_DIS_S isn't present. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 689ad48ce9cf4c38297cd126e7e003a1c13a3b9d) --- docs/misc/xen-command-line.pandoc | 25 +++++-- xen/arch/x86/spec_ctrl.c | 144 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 157 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 63f19b9c85..98fcfa3fa8 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2260,8 +2260,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, > bhi-dis-s}= ]` @@ -2286,10 +2287,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=` and `ibpb-entry=` options -offer fine grained control over the primitives by Xen. These impact Xen's -ability to protect itself, and/or Xen's ability to virtualise support for -guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=`, `ibpb-entry=` and `bhb-entry=` +options offer fine grained control over the primitives by Xen. These impact +Xen's ability to protect itself, and/or Xen's ability to virtualise support +for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2315,6 +2316,12 @@ guests to use. Return Stack Overflow if appropriate microcode has been loaded, but for performance reasons dom0 is unprotected by default. If it is necessary to protect dom0 too, boot with `spec-ctrl=ibpb-entry`. +* `bhb-entry=` offers control over whether BHB-clearing (Branch History + Buffer) sequences are used on entry to Xen. This is used by default on + hardware vulnerable to Branch History Injection, when the BHI_DIS_S control + is not available (see `bhi-dis-s`). The choice of scrubbing sequence can be + selected using the `bhb-seq=` option. If it is necessary to protect dom0 + too, boot with `spec-ctrl=bhb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` @@ -2322,6 +2329,12 @@ locations. The default thunk is `retpoline` (generally preferred), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and `lfence` (an `lfence; jmp *%reg` gadget). +On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing +sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` +options in order to mitigate Branch History Injection on affected hardware. +The default sequence is `short`, with `tsx` as an alternative available +capable hardware that can be opted in to. + On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. If Xen is not using IBRS itself, functionality is still set up so IBRS can be diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2b0597938b..4e6f18d0e1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -44,6 +44,16 @@ static int8_t __read_mostly opt_ibpb_entry_pv = -1; static int8_t __read_mostly opt_ibpb_entry_hvm = -1; static bool __read_mostly opt_ibpb_entry_dom0; +static int8_t __read_mostly opt_bhb_entry_pv = -1; +static int8_t __read_mostly opt_bhb_entry_hvm = -1; +static bool __read_mostly opt_bhb_entry_dom0; +static enum bhb_thunk { + BHB_DEFAULT, + BHB_NONE, + BHB_TSX, + BHB_SHORT, +} opt_bhb_seq __initdata; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -126,8 +136,12 @@ static int __init parse_spec_ctrl(const char *s) opt_ibpb_entry_pv = 0; opt_ibpb_entry_hvm = 0; opt_ibpb_entry_dom0 = false; + opt_bhb_entry_pv = 0; + opt_bhb_entry_hvm = 0; + opt_bhb_entry_dom0 = false; opt_thunk = THUNK_JMP; + opt_bhb_seq = BHB_NONE; opt_ibrs = 0; opt_ibpb_ctxt_switch = false; opt_ssbd = false; @@ -156,6 +170,7 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_pv = val; opt_verw_pv = val; opt_ibpb_entry_pv = val; + opt_bhb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { @@ -163,6 +178,7 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_verw_hvm = val; opt_ibpb_entry_hvm = val; + opt_bhb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -250,6 +266,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("bhb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_bhb_entry_pv = opt_bhb_entry_hvm = + opt_bhb_entry_dom0 = val; + break; + + case -2: + s += strlen("bhb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_bhb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_bhb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -265,6 +303,19 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + else if ( !strncmp(s, "bhb-seq=", 8) ) + { + s += strlen("bhb-seq="); + + if ( !cmdline_strcmp(s, "none") ) + opt_bhb_seq = BHB_NONE; + else if ( !cmdline_strcmp(s, "tsx") ) + opt_bhb_seq = BHB_TSX; + else if ( !cmdline_strcmp(s, "short") ) + opt_bhb_seq = BHB_SHORT; + else + rc = -EINVAL; + } /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) @@ -511,11 +562,15 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", + opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", + opt_bhb_seq == BHB_NONE ? "" : + opt_bhb_seq == BHB_TSX ? "TSX, " : + opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -554,29 +609,33 @@ static void __init print_details(enum ind_thunk thunk) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -1580,16 +1639,85 @@ static void __init gds_calculations(void) /* * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html */ +static bool __init cpu_has_bug_bhi(void) +{ + /* BHI is only known to affect Intel Family 6 processors at this time. */ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return false; + + if ( boot_cpu_has(X86_FEATURE_BHI_NO) ) + return false; + + if ( cpu_has_hypervisor ) + return true; /* TODO: how to figure out out if we're really eIBRS levelled out? */ + + return cpu_has_eibrs; +} + static void __init bhi_calculations(void) { + bool has_bhi = cpu_has_bug_bhi(); + + /* + * To mitigate BHI, we want to use BHI_DIS_S wherever possible, or the + * short sequence otherwise. Other forms are available on request. + * + * We are repsonsbile for performing default-conversion on opt_bhi_dis_s + * and opt_bhb_seq, irrespective of succeptibility to BHI. + */ + if ( opt_bhi_dis_s == -1 ) - opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + opt_bhi_dis_s = has_bhi; if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) opt_bhi_dis_s = false; if ( opt_bhi_dis_s ) default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; + + if ( opt_bhb_seq == BHB_DEFAULT ) + { + /* + * If we're using BHI_DIS_S, or we're not succeptable, don't activate + * the thunks. + */ + if ( !has_bhi || opt_bhi_dis_s ) + opt_bhb_seq = BHB_NONE; + else + opt_bhb_seq = BHB_SHORT; + } + + /* + * We can use the TSX even if it's disabled for e.g. TAA reasons. + * However, fall back to the loop sequence if there is no trace of RTM at + * all, as XBEGIN will #UD. + */ + if ( opt_bhb_seq == BHB_TSX && !cpu_has_rtm && !cpu_has_rtm_always_abort && + !cpu_has_tsx_force_abort ) + opt_bhb_seq = BHB_SHORT; + + /* + * Only activate SCF_entry_bhb by for guests if a sequence is in place. + */ + if ( opt_bhb_entry_pv == -1 ) + opt_bhb_entry_pv = has_bhi && opt_bhb_seq != BHB_NONE; + if ( opt_bhb_entry_hvm == -1 ) + opt_bhb_entry_hvm = has_bhi && opt_bhb_seq != BHB_NONE; + + switch ( opt_bhb_seq ) + { + case BHB_SHORT: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); + break; + + case BHB_TSX: + setup_force_cpu_cap(X86_SPEC_BHB_TSX); + break; + + default: + break; + } } void spec_ctrl_init_domain(struct domain *d) @@ -1602,9 +1730,13 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); + bool bhb = ((pv ? opt_bhb_entry_pv : opt_bhb_entry_hvm) && + (d->domain_id != 0 || opt_bhb_entry_dom0)); + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | + (bhb ? SCF_entry_bhb : 0) | 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:30:28 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:30:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702754.1098210 (Exim 4.92) (envelope-from ) id 1ruFIh-0000SA-Tx; Tue, 09 Apr 2024 17:30:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702754.1098210; Tue, 09 Apr 2024 17:30:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIh-0000S2-RT; Tue, 09 Apr 2024 17:30:27 +0000 Received: by outflank-mailman (input) for mailman id 702754; Tue, 09 Apr 2024 17:30:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIg-0000Ro-C4 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIg-0005tG-BD for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFIg-0007by-AO for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ej21dWL0Zsx1JH4hlM2uuSf2Q8cmN3vB3mrMKOfKSB0=; b=dg+rsMiifytP6No03ZHv/L2WBu tefZy2a9hKqEs9LGS5OQnxnHNT0IL6V7F+XT30v5ZjNzbO9+SHvi+lMju1TGoC9YDlyKLL1Pg/n6e G+85T5H9sOLaf3VWPJYJ6eHdKUg9HSPW5EUhRL9TKWIQGMkT6XQnol/5GZ4hYDeSWFuE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec-ctrl: Support the "long" BHB loop sequence Message-Id: Date: Tue, 09 Apr 2024 17:30:26 +0000 commit fb263ffc1f7fc1975dc072a5ebbd9d6e9021337a Author: Andrew Cooper AuthorDate: Fri Mar 22 19:29:34 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Support the "long" BHB loop sequence Out of an abudnance of caution, implement the long loop too, and allowing for it to be opted in to. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit d5887c0decbd90e798b24ed696628645b04632fb) --- docs/misc/xen-command-line.pandoc | 4 ++-- xen/arch/x86/bhb-thunk.S | 8 ++++++-- xen/arch/x86/spec_ctrl.c | 10 +++++++++- xen/include/asm-x86/cpufeatures.h | 1 + 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 98fcfa3fa8..2703e5986f 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2261,7 +2261,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, > {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx|long, > {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, @@ -2333,7 +2333,7 @@ On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` options in order to mitigate Branch History Injection on affected hardware. The default sequence is `short`, with `tsx` as an alternative available -capable hardware that can be opted in to. +capable hardware, and `long` that can be opted in to. On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S index f52cfb9bc2..7e866784f7 100644 --- a/xen/arch/x86/bhb-thunk.S +++ b/xen/arch/x86/bhb-thunk.S @@ -56,9 +56,13 @@ ENTRY(clear_bhb_tsx) * * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + * + * The "long" sequence (12 and 7) is for Alder Lake / Sapphire Rapids + * (i.e. Golden Cove and/or Gracemont cores). However, such CPUs are expected + * to use BHI_DIS_S in preference. */ ENTRY(clear_bhb_loops) - mov $5, %ecx + ALTERNATIVE "mov $5, %ecx", "mov $12, %ecx", X86_SPEC_BHB_LOOPS_LONG call 1f jmp 5f @@ -70,7 +74,7 @@ ENTRY(clear_bhb_loops) int3 .align 64 -2: mov $5, %eax +2: ALTERNATIVE "mov $5, %eax", "mov $7, %eax", X86_SPEC_BHB_LOOPS_LONG 3: jmp 4f int3 diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 4e6f18d0e1..34e174754b 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -52,6 +52,7 @@ static enum bhb_thunk { BHB_NONE, BHB_TSX, BHB_SHORT, + BHB_LONG, } opt_bhb_seq __initdata; /* Cmdline controls for Xen's speculative settings. */ @@ -313,6 +314,8 @@ static int __init parse_spec_ctrl(const char *s) opt_bhb_seq = BHB_TSX; else if ( !cmdline_strcmp(s, "short") ) opt_bhb_seq = BHB_SHORT; + else if ( !cmdline_strcmp(s, "long") ) + opt_bhb_seq = BHB_LONG; else rc = -EINVAL; } @@ -570,7 +573,8 @@ static void __init print_details(enum ind_thunk thunk) opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", opt_bhb_seq == BHB_NONE ? "" : opt_bhb_seq == BHB_TSX ? "TSX, " : - opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", + opt_bhb_seq == BHB_SHORT ? "SHORT, " : + opt_bhb_seq == BHB_LONG ? "LONG, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -1707,6 +1711,10 @@ static void __init bhi_calculations(void) switch ( opt_bhb_seq ) { + case BHB_LONG: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS_LONG); + fallthrough; + case BHB_SHORT: setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); break; diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index bada8912e0..ba3df174b7 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -58,6 +58,7 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ #define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ +#define X86_SPEC_BHB_LOOPS_LONG X86_BUG(21) /* Upgrade clear_bhb_loops to the "long" sequence. */ /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:30:38 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:30:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702755.1098214 (Exim 4.92) (envelope-from ) id 1ruFIr-0000Y8-Vf; Tue, 09 Apr 2024 17:30:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702755.1098214; Tue, 09 Apr 2024 17:30:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIr-0000Y0-Sw; Tue, 09 Apr 2024 17:30:37 +0000 Received: by outflank-mailman (input) for mailman id 702755; Tue, 09 Apr 2024 17:30:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIq-0000Xp-Ep for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFIq-0005tK-E1 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFIq-0007cy-DK for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Q6STYWGKR/L2n2IDPPYrf98QSVQ7aDYXkOvp+dYIoFQ=; b=FMaVfhJEsyPyMkNGoNMiubVC4d 7mvA7U6+++4IbgaVvxsdMu2VuP1uXgsaey0IKrz9VKRKFMm3RUAENXSmodfz2XTf8nyjrdb0JUDei Dc6Rfve3tvtJIHQIkd4HvIzz/Wy0dCe3kGhBLNiacp1k+Tckbx4fifJpKZddppOvAW5s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] Update Xen version to 4.16.6 Message-Id: Date: Tue, 09 Apr 2024 17:30:36 +0000 commit 4b33780de790bd438dd7cbb6143b410d94f0f049 Author: Andrew Cooper AuthorDate: Wed Mar 27 18:23:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 Update Xen version to 4.16.6 Signed-off-by: Andrew Cooper --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index 78db742049..cd10d93c0b 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 16 -export XEN_EXTRAVERSION ?= .5$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .6$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:30:48 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:30:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702756.1098217 (Exim 4.92) (envelope-from ) id 1ruFJ2-0000bc-1P; Tue, 09 Apr 2024 17:30:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702756.1098217; Tue, 09 Apr 2024 17:30:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJ1-0000bU-UX; Tue, 09 Apr 2024 17:30:47 +0000 Received: by outflank-mailman (input) for mailman id 702756; Tue, 09 Apr 2024 17:30:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJ1-0000bG-2Q for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJ1-0005th-1i for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFJ1-0007gh-0l for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FxKg9W5/YNcUQWo/HqzE7a5Xv3ZtM7y0a3x3GLdzoG8=; b=VSOYSzH+wawNaIdrOclvm8uI9r YlsF9MaJSrpuzh4xPvtUblrAtNpSUgCJriyRjRVCK50ivdPIFDoQvtQaTRrKLN4sn8ttWTBP+kNdC 5yh9wNo1ldyhNc1H5QRk4Ii1zApC54Q/oImgt+0Dea7m9ht6i5ih92SGt0BrZONsOhEQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Fix BTC/SRSO mitigations Message-Id: Date: Tue, 09 Apr 2024 17:30:47 +0000 commit 6672d8ceae4acf0e0ef7dc7002e6146d10507c37 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:47:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:31 2024 +0100 x86/spec-ctrl: Fix BTC/SRSO mitigations We were looking for SCF_entry_ibpb in the wrong variable in the top-of-stack block, and xen_spec_ctrl won't have had bit 5 set because Xen doesn't understand SPEC_CTRL_RRSBA_DIS_U yet. This is XSA-455 / CVE-2024-31142. Fixes: 53a570b28569 ("x86/spec-ctrl: Support IBPB-on-entry") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index ad5ca50c12..d1ca530315 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9650a3aca7..9704a22d5b 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -102,7 +102,7 @@ jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) .endif jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:30:58 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:30:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702757.1098222 (Exim 4.92) (envelope-from ) id 1ruFJC-0000ec-2b; Tue, 09 Apr 2024 17:30:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702757.1098222; Tue, 09 Apr 2024 17:30:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJB-0000eU-WA; Tue, 09 Apr 2024 17:30:57 +0000 Received: by outflank-mailman (input) for mailman id 702757; Tue, 09 Apr 2024 17:30:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJB-0000eL-5P for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJB-0005tl-4g for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFJB-0007h8-3y for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:30:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=N6ichu/f6TYGSYx2L9MxQXW0HAv4SzmoBJJO+WqWyhU=; b=Ys3+DIs83UC/ZZvaZeeZkbu75f NY6D9+kHftCkC0xOz13lI/ywq8YCRkxZgncQu/Uw4pXoHQoD5NhHSaO0FcwnZPiVKOXYwbbKAocL1 TkQfzsKX6wmC7b2oCweR/PMCRQbVEV6WupYN85l3TlUv+z6N1Hu+4ddnHQYGAkBR/2kQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Expose IPRED_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:30:57 +0000 commit 2a33c31e4affbca0651599e3b204a01ce7b48a3e Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:58 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:31 2024 +0100 x86/spec-ctrl: Expose IPRED_CTRL to guests The CPUID feature bit signals the presence of the IPRED_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 4dd6760706848de30f7c8b5f83462b9bcb070c91) --- tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/msr.c | 6 ++++-- xen/include/asm-x86/msr-index.h | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 3 ++- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 3faf1e4304..dcb90e364f 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -206,7 +206,7 @@ static const char *const str_7d1[32] = static const char *const str_7d2[32] = { - [ 0] = "intel-psfd", + [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 22f86f2785..91b7402fba 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -306,8 +306,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) /* * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have - * separate CPUID features for this functionality, but only set will be - * active. + * separate CPUID features for some of this functionality, but only one + * vendors-worth will be active on a single host. */ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) { @@ -321,6 +321,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | (psfd ? SPEC_CTRL_PSFD : 0) | + (cp->feat.ipred_ctrl + ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 17abfa0e4a..f7f44b85d2 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -36,6 +36,8 @@ #define SPEC_CTRL_IBRS (_AC(1, ULL) << 0) #define SPEC_CTRL_STIBP (_AC(1, ULL) << 1) #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) +#define SPEC_CTRL_IPRED_DIS_U (_AC(1, ULL) << 3) +#define SPEC_CTRL_IPRED_DIS_S (_AC(1, ULL) << 4) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index e027a31d67..d80618c21c 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -301,6 +301,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index c255bf4305..b5018ea234 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -315,7 +315,8 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS], + IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, + IPRED_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:31:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:31:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702758.1098225 (Exim 4.92) (envelope-from ) id 1ruFJM-0000hS-3l; Tue, 09 Apr 2024 17:31:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702758.1098225; Tue, 09 Apr 2024 17:31:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJM-0000hL-1K; Tue, 09 Apr 2024 17:31:08 +0000 Received: by outflank-mailman (input) for mailman id 702758; Tue, 09 Apr 2024 17:31:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJL-0000h4-8C for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJL-0005u6-7X for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFJL-0007hu-6t for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a+AmVVW9pogCm7lJn5ZdM+2l2y1X4SuGLZVo0+rj6Vc=; b=nGuFsnu/Q0nZlHsqxrGV/o77l6 GYLXrGnpOLSwP6GsfX1Tslm/DHr0pAqBTX/LyH/bDxDiZHL54SJNPZ3gP8GnYGERPMKFBivdn6vD+ 8jPAGFixdB+FpZf0fLFKFXH5hrZOLLOKn8xCen1xS8WnXC5KA0LhR/tWrdxKAOgDvTgE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Expose RRSBA_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:31:07 +0000 commit bc7f292b554137cfab1a70dd06a78e8ba0f3d01a Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:59 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:31 2024 +0100 x86/spec-ctrl: Expose RRSBA_CTRL to guests The CPUID feature bit signals the presence of the RRSBA_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 478e4787fa64b621061177a7843c452e9a19916d) --- tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 ++ xen/include/asm-x86/msr-index.h | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 5 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index dcb90e364f..350a7fdc45 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -207,6 +207,7 @@ static const char *const str_7d1[32] = static const char *const str_7d2[32] = { [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", + [ 2] = "rrsba-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 91b7402fba..0000d4a4c2 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -323,6 +323,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) (psfd ? SPEC_CTRL_PSFD : 0) | (cp->feat.ipred_ctrl ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | + (cp->feat.rrsba_ctrl + ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index f7f44b85d2..b6c77049c4 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -38,6 +38,8 @@ #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) #define SPEC_CTRL_IPRED_DIS_U (_AC(1, ULL) << 3) #define SPEC_CTRL_IPRED_DIS_S (_AC(1, ULL) << 4) +#define SPEC_CTRL_RRSBA_DIS_U (_AC(1, ULL) << 5) +#define SPEC_CTRL_RRSBA_DIS_S (_AC(1, ULL) << 6) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index d80618c21c..0d333ae0b6 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -302,6 +302,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index b5018ea234..6fc4392654 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -316,7 +316,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL], + IPRED_CTRL, RRSBA_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:31:20 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:31:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702759.1098229 (Exim 4.92) (envelope-from ) id 1ruFJW-0000lN-5f; Tue, 09 Apr 2024 17:31:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702759.1098229; Tue, 09 Apr 2024 17:31:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJW-0000lG-2q; Tue, 09 Apr 2024 17:31:18 +0000 Received: by outflank-mailman (input) for mailman id 702759; Tue, 09 Apr 2024 17:31:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJV-0000l8-CD for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJV-0005uG-Ae for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFJV-0007if-9m for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xsqm9dBZXqniR72DBA1/MXx3TGbnV1QtENgzFeLj/qI=; b=2dJMqrwdrLCtwtjUQ1gd9S35Dd f6G31xap1tXQPMgh4ZxpE31gdgxUlSS9D9yjWSvEblJxa2uBYy2YFALC+e02VwvNA6DjA2q+7Gcc7 XoPG4IbESYmk6erPK0j39s6TOHl4aL0Ijwxa/RvdFyuetDMXoKc8nEDMellj3leLwpEU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Expose BHI_CTRL to guests Message-Id: Date: Tue, 09 Apr 2024 17:31:17 +0000 commit 0f640366e5f8fa43ed464c56d00ef960824c9611 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:14:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:31 2024 +0100 x86/spec-ctrl: Expose BHI_CTRL to guests The CPUID feature bit signals the presence of the BHI_DIS_S control in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 583f1d0950529f3517b1741c2b21a028a82ba831) --- tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 1 + xen/include/asm-x86/msr-index.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 5 files changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 350a7fdc45..6af86ba798 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -208,6 +208,7 @@ static const char *const str_7d2[32] = { [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", [ 2] = "rrsba-ctrl", + [ 4] = "bhi-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 0000d4a4c2..4e67381d9a 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -325,6 +325,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | (cp->feat.rrsba_ctrl ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | + (cp->feat.bhi_ctrl ? SPEC_CTRL_BHI_DIS_S : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index b6c77049c4..5433ee199d 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -41,6 +41,7 @@ #define SPEC_CTRL_RRSBA_DIS_U (_AC(1, ULL) << 5) #define SPEC_CTRL_RRSBA_DIS_S (_AC(1, ULL) << 6) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) +#define SPEC_CTRL_BHI_DIS_S (_AC(1, ULL) << 10) #define MSR_PRED_CMD 0x00000049 #define PRED_CMD_IBPB (_AC(1, ULL) << 0) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 0d333ae0b6..6e9fbcc38c 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -303,6 +303,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 6fc4392654..564477b392 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -316,7 +316,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL, RRSBA_CTRL], + IPRED_CTRL, RRSBA_CTRL, BHI_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:31:28 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:31:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702760.1098234 (Exim 4.92) (envelope-from ) id 1ruFJg-0000oL-8W; Tue, 09 Apr 2024 17:31:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702760.1098234; Tue, 09 Apr 2024 17:31:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJg-0000oE-5s; Tue, 09 Apr 2024 17:31:28 +0000 Received: by outflank-mailman (input) for mailman id 702760; Tue, 09 Apr 2024 17:31:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJf-0000o3-EW for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJf-0005uN-Dp for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFJf-0007j7-D9 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f6VJEdioXf9lIq5kceOyB6fGxYGog3TcACKDjhxsy2A=; b=XNpXsu9SB/GSUVISyTRkAQV88O gm0LALTPnBgp32YmhPE9ib0hYdnb166Lbt0jynZ7uDOum0X4ERVrdwdhZoerf7NybYhHwGGcoWTpD yLwEEcp/XcN5NfZr0B3lsjepjKw8FvUlYSBAY4uU7+pWQE10HVvhIiH0/b3ffzzakndM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] VMX: tertiary execution control infrastructure Message-Id: Date: Tue, 09 Apr 2024 17:31:27 +0000 commit 97a6db38f364e7e2b5f906e46b753815e1dcbef7 Author: Jan Beulich AuthorDate: Wed Feb 7 13:46:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 VMX: tertiary execution control infrastructure This is a prereq to enabling e.g. the MSRLIST feature. Note that the PROCBASED_CTLS3 MSR is different from other VMX feature reporting MSRs, in that all 64 bits report allowed 1-settings. vVMX code is left alone, though, for the time being. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 878159bf259bfbd7a40312829f1ea0ce1f6645e2) --- xen/arch/x86/hvm/vmx/vmcs.c | 57 ++++++++++++++++++++++++++++++++++---- xen/arch/x86/hvm/vmx/vmx.c | 6 ++++ xen/include/asm-x86/hvm/vmx/vmcs.h | 13 +++++++++ xen/include/asm-x86/hvm/vmx/vmx.h | 1 + xen/include/asm-x86/msr-index.h | 1 + 5 files changed, 72 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 237b13459d..888239ce0f 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -173,6 +173,7 @@ static int parse_ept_param_runtime(const char *s) u32 vmx_pin_based_exec_control __read_mostly; u32 vmx_cpu_based_exec_control __read_mostly; u32 vmx_secondary_exec_control __read_mostly; +uint64_t vmx_tertiary_exec_control __read_mostly; u32 vmx_vmexit_control __read_mostly; u32 vmx_vmentry_control __read_mostly; u64 vmx_ept_vpid_cap __read_mostly; @@ -236,10 +237,32 @@ static u32 adjust_vmx_controls( return ctl; } -static bool_t cap_check(const char *name, u32 expected, u32 saw) +static uint64_t adjust_vmx_controls2( + const char *name, uint64_t ctl_min, uint64_t ctl_opt, unsigned int msr, + bool *mismatch) +{ + uint64_t vmx_msr, ctl = ctl_min | ctl_opt; + + rdmsrl(msr, vmx_msr); + + ctl &= vmx_msr; /* bit == 0 ==> must be zero */ + + /* Ensure minimum (required) set of control bits are supported. */ + if ( ctl_min & ~ctl ) + { + *mismatch = true; + printk("VMX: CPU%u has insufficient %s (%#lx; requires %#lx)\n", + smp_processor_id(), name, ctl, ctl_min); + } + + return ctl; +} + +static bool cap_check( + const char *name, unsigned long expected, unsigned long saw) { if ( saw != expected ) - printk("VMX %s: saw %#x expected %#x\n", name, saw, expected); + printk("VMX %s: saw %#lx expected %#lx\n", name, saw, expected); return saw != expected; } @@ -249,6 +272,7 @@ static int vmx_init_vmcs_config(bool bsp) u32 _vmx_pin_based_exec_control; u32 _vmx_cpu_based_exec_control; u32 _vmx_secondary_exec_control = 0; + uint64_t _vmx_tertiary_exec_control = 0; u64 _vmx_ept_vpid_cap = 0; u64 _vmx_misc_cap = 0; u32 _vmx_vmexit_control; @@ -282,7 +306,8 @@ static int vmx_init_vmcs_config(bool bsp) opt = (CPU_BASED_ACTIVATE_MSR_BITMAP | CPU_BASED_TPR_SHADOW | CPU_BASED_MONITOR_TRAP_FLAG | - CPU_BASED_ACTIVATE_SECONDARY_CONTROLS); + CPU_BASED_ACTIVATE_SECONDARY_CONTROLS | + CPU_BASED_ACTIVATE_TERTIARY_CONTROLS); _vmx_cpu_based_exec_control = adjust_vmx_controls( "CPU-Based Exec Control", min, opt, MSR_IA32_VMX_PROCBASED_CTLS, &mismatch); @@ -343,6 +368,15 @@ static int vmx_init_vmcs_config(bool bsp) MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); } + if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) + { + uint64_t opt = 0; + + _vmx_tertiary_exec_control = adjust_vmx_controls2( + "Tertiary Exec Control", 0, opt, + MSR_IA32_VMX_PROCBASED_CTLS3, &mismatch); + } + /* The IA32_VMX_EPT_VPID_CAP MSR exists only when EPT or VPID available */ if ( _vmx_secondary_exec_control & (SECONDARY_EXEC_ENABLE_EPT | SECONDARY_EXEC_ENABLE_VPID) ) @@ -473,6 +507,7 @@ static int vmx_init_vmcs_config(bool bsp) vmx_pin_based_exec_control = _vmx_pin_based_exec_control; vmx_cpu_based_exec_control = _vmx_cpu_based_exec_control; vmx_secondary_exec_control = _vmx_secondary_exec_control; + vmx_tertiary_exec_control = _vmx_tertiary_exec_control; vmx_ept_vpid_cap = _vmx_ept_vpid_cap; vmx_vmexit_control = _vmx_vmexit_control; vmx_vmentry_control = _vmx_vmentry_control; @@ -508,6 +543,9 @@ static int vmx_init_vmcs_config(bool bsp) mismatch |= cap_check( "Secondary Exec Control", vmx_secondary_exec_control, _vmx_secondary_exec_control); + mismatch |= cap_check( + "Tertiary Exec Control", + vmx_tertiary_exec_control, _vmx_tertiary_exec_control); mismatch |= cap_check( "VMExit Control", vmx_vmexit_control, _vmx_vmexit_control); @@ -1084,6 +1122,7 @@ static int construct_vmcs(struct vcpu *v) v->arch.hvm.vmx.exec_control |= CPU_BASED_RDTSC_EXITING; v->arch.hvm.vmx.secondary_exec_control = vmx_secondary_exec_control; + v->arch.hvm.vmx.tertiary_exec_control = vmx_tertiary_exec_control; /* * Disable features which we don't want active by default: @@ -1152,6 +1191,10 @@ static int construct_vmcs(struct vcpu *v) __vmwrite(SECONDARY_VM_EXEC_CONTROL, v->arch.hvm.vmx.secondary_exec_control); + if ( cpu_has_vmx_tertiary_exec_control ) + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); + /* MSR access bitmap. */ if ( cpu_has_vmx_msr_bitmap ) { @@ -2071,10 +2114,12 @@ void vmcs_dump_vcpu(struct vcpu *v) vmr(HOST_PERF_GLOBAL_CTRL)); printk("*** Control State ***\n"); - printk("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n", + printk("PinBased=%08x CPUBased=%08x\n", vmr32(PIN_BASED_VM_EXEC_CONTROL), - vmr32(CPU_BASED_VM_EXEC_CONTROL), - vmr32(SECONDARY_VM_EXEC_CONTROL)); + vmr32(CPU_BASED_VM_EXEC_CONTROL)); + printk("SecondaryExec=%08x TertiaryExec=%016lx\n", + vmr32(SECONDARY_VM_EXEC_CONTROL), + vmr(TERTIARY_VM_EXEC_CONTROL)); printk("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl, vmexit_ctl); printk("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n", vmr32(EXCEPTION_BITMAP), diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 8bb4a6e042..a7f9fefa8c 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -584,6 +584,12 @@ void vmx_update_secondary_exec_control(struct vcpu *v) v->arch.hvm.vmx.secondary_exec_control); } +void vmx_update_tertiary_exec_control(const struct vcpu *v) +{ + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); +} + void vmx_update_exception_bitmap(struct vcpu *v) { u32 bitmap = unlikely(v->arch.hvm.vmx.vmx_realmode) diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 8073af323b..9b246b802b 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -125,6 +125,7 @@ struct vmx_vcpu { /* Cache of cpu execution control. */ u32 exec_control; u32 secondary_exec_control; + uint64_t tertiary_exec_control; u32 exception_bitmap; uint64_t shadow_gs; @@ -207,6 +208,7 @@ void vmx_vmcs_reload(struct vcpu *v); #define CPU_BASED_RDTSC_EXITING 0x00001000 #define CPU_BASED_CR3_LOAD_EXITING 0x00008000 #define CPU_BASED_CR3_STORE_EXITING 0x00010000 +#define CPU_BASED_ACTIVATE_TERTIARY_CONTROLS 0x00020000 #define CPU_BASED_CR8_LOAD_EXITING 0x00080000 #define CPU_BASED_CR8_STORE_EXITING 0x00100000 #define CPU_BASED_TPR_SHADOW 0x00200000 @@ -269,6 +271,14 @@ extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_TSC_SCALING 0x02000000 extern u32 vmx_secondary_exec_control; +#define TERTIARY_EXEC_LOADIWKEY_EXITING BIT(0, UL) +#define TERTIARY_EXEC_ENABLE_HLAT BIT(1, UL) +#define TERTIARY_EXEC_EPT_PAGING_WRITE BIT(2, UL) +#define TERTIARY_EXEC_GUEST_PAGING_VERIFY BIT(3, UL) +#define TERTIARY_EXEC_IPI_VIRT BIT(4, UL) +#define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) +extern uint64_t vmx_tertiary_exec_control; + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -304,6 +314,8 @@ extern u64 vmx_ept_vpid_cap; (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_MSR_BITMAP) #define cpu_has_vmx_secondary_exec_control \ (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) +#define cpu_has_vmx_tertiary_exec_control \ + (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS) #define cpu_has_vmx_ept \ (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) #define cpu_has_vmx_dt_exiting \ @@ -423,6 +435,7 @@ enum vmcs_field { VIRT_EXCEPTION_INFO = 0x0000202a, XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, + TERTIARY_VM_EXEC_CONTROL = 0x00002034, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h index 534e9fc221..a651cb3465 100644 --- a/xen/include/asm-x86/hvm/vmx/vmx.h +++ b/xen/include/asm-x86/hvm/vmx/vmx.h @@ -103,6 +103,7 @@ void vmx_update_debug_state(struct vcpu *v); void vmx_update_exception_bitmap(struct vcpu *v); void vmx_update_cpu_exec_control(struct vcpu *v); void vmx_update_secondary_exec_control(struct vcpu *v); +void vmx_update_tertiary_exec_control(const struct vcpu *v); #define POSTED_INTR_ON 0 #define POSTED_INTR_SN 1 diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 5433ee199d..7fd9864a2e 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -312,6 +312,7 @@ #define MSR_IA32_VMX_TRUE_EXIT_CTLS 0x48f #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 #define MSR_IA32_VMX_VMFUNC 0x491 +#define MSR_IA32_VMX_PROCBASED_CTLS3 0x492 /* K7/K8 MSRs. Not complete. See the architecture manual for a more complete list. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:31:39 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:31:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702761.1098238 (Exim 4.92) (envelope-from ) id 1ruFJr-0000re-9r; Tue, 09 Apr 2024 17:31:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702761.1098238; Tue, 09 Apr 2024 17:31:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJr-0000rX-7P; Tue, 09 Apr 2024 17:31:39 +0000 Received: by outflank-mailman (input) for mailman id 702761; Tue, 09 Apr 2024 17:31:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJp-0000rG-HV for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJp-0005uU-Gr for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFJp-0007jW-GA for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kqK7MyRfRQErnXtjxuLd/0bZ46hzpn12KZ0AkPjUeuY=; b=DQLv05zeXU6azPBOLxqxLmgUtp vMLZnfN6hoGLVYaYvSIt0oPC/Pi8M36haUJkgrg0ExFFrM2HS4wrC/fiS0jxmcgh312hH0+k2Nn51 LS8aIcukggb13lumFgYjtqMg9uPYzLp+ZkS8m03VCYy4x1FHbjoltTSR8/NbwNN//lGk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch Message-Id: Date: Tue, 09 Apr 2024 17:31:37 +0000 commit eb4b730ac68af4009913a97674837f587ae39957 Author: Andrew Cooper AuthorDate: Wed Apr 3 17:43:42 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch It turns out there is something wonky on some but not all CPUs with MSR_TSX_FORCE_ABORT. The presence of RTM_ALWAYS_ABORT causes Xen to think it's safe to offer HLE/RTM to guests, but in this case, XBEGIN instructions genuinely #UD. Spot this case and try to back out as cleanly as we can. Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich (cherry picked from commit b33f191e3ca99458fdcea1cb5a29dfa4965d1604) --- xen/arch/x86/tsx.c | 55 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 287812ec2b..2eb797e352 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -1,5 +1,6 @@ #include #include +#include #include /* @@ -9,6 +10,7 @@ * -1 => Default, altered to 0/1 (if unspecified) by: * - TAA heuristics/settings for speculative safety * - "TSX vs PCR3" select for TSX memory ordering safety + * -2 => Implicit tsx=0 (from RTM_ALWAYS_ABORT vs RTM mismatch) * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) * * This is arranged such that the bottom bit encodes whether TSX is actually @@ -122,11 +124,50 @@ void tsx_init(void) if ( cpu_has_tsx_force_abort ) { + uint64_t val; + /* - * On an early TSX-enable Skylake part subject to the memory + * On an early TSX-enabled Skylake part subject to the memory * ordering erratum, with at least the March 2019 microcode. */ + rdmsrl(MSR_TSX_FORCE_ABORT, val); + + /* + * At the time of writing (April 2024), it was discovered that + * some parts (e.g. CoffeeLake 8th Gen, 06-9e-0a, ucode 0xf6) + * advertise RTM_ALWAYS_ABORT, but XBEGIN instructions #UD. Other + * similar parts (e.g. KabyLake Xeon-E3, 06-9e-09, ucode 0xf8) + * operate as expected. + * + * In this case: + * - RTM_ALWAYS_ABORT and MSR_TSX_FORCE_ABORT are enumerated. + * - XBEGIN instructions genuinely #UD. + * - MSR_TSX_FORCE_ABORT appears to be write-discard and fails to + * hold its value. + * - HLE and RTM are not enumerated, despite + * MSR_TSX_FORCE_ABORT.TSX_CPUID_CLEAR being clear. + * + * Spot RTM being unavailable without CLEAR_CPUID being set, and + * treat it as if no TSX is available at all. This will prevent + * Xen from thinking it's safe to offer HLE/RTM to VMs. + */ + if ( val == 0 && cpu_has_rtm_always_abort && !cpu_has_rtm ) + { + printk(XENLOG_ERR + "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RTM_ALWAYS_ABORT vs RTM mismatch\n", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_mask, this_cpu(cpu_sig).rev); + + setup_clear_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + setup_clear_cpu_cap(X86_FEATURE_TSX_FORCE_ABORT); + + if ( opt_tsx < 0 ) + opt_tsx = -2; + + goto done_probe; + } + /* * Probe for the June 2021 microcode which de-features TSX on * client parts. (Note - this is a subset of parts impacted by @@ -136,15 +177,8 @@ void tsx_init(void) * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. */ - if ( !has_rtm_always_abort ) - { - uint64_t val; - - rdmsrl(MSR_TSX_FORCE_ABORT, val); - - if ( val & TSX_ENABLE_RTM ) - has_rtm_always_abort = true; - } + if ( val & TSX_ENABLE_RTM ) + has_rtm_always_abort = true; /* * If no explicit tsx= option is provided, pick a default. @@ -199,6 +233,7 @@ void tsx_init(void) setup_force_cpu_cap(X86_FEATURE_RTM); } } + done_probe: /* * Note: MSR_TSX_CTRL is enumerated on TSX-enabled MDS_NO and later parts. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:31:49 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:31:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702762.1098242 (Exim 4.92) (envelope-from ) id 1ruFK1-0000uD-BW; Tue, 09 Apr 2024 17:31:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702762.1098242; Tue, 09 Apr 2024 17:31:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFK1-0000u5-8r; Tue, 09 Apr 2024 17:31:49 +0000 Received: by outflank-mailman (input) for mailman id 702762; Tue, 09 Apr 2024 17:31:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJz-0000tr-KG for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFJz-0005ur-Jb for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFJz-0007k6-Is for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ujJllRTWa1Y3vxXZcxuqJAuTeTzEfXUW3KYfXN/80cg=; b=nmWYP+V6CJrEmTENoto+jMubUT XkJFd2SanieAFDQkCOQO0e7hUqIY5D0e1aFNvIWXRzD9pVGp7J0xzo3vTrDOB7lWMVA++fQhdJnIz j35+iD/5ueTrWNdsyjANRMoe9K+eZzBh52VdhZxSHTswcpXJCJGbQUnRxe9iVV/ksHz8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] xen/wait: Remove indirect jump Message-Id: Date: Tue, 09 Apr 2024 17:31:47 +0000 commit 1e37e4d2c0e78108e06a6661ea82b785dc5a58fe Author: Andrew Cooper AuthorDate: Fri Oct 22 16:07:07 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 xen/wait: Remove indirect jump There is no need for this to be an indirect jump at all. Execution always returns to a specific location, so use a direct jump instead. Use a named label for the jump. As both 1 and 2 have disappeared as labels, rename 3 to skip to better describe its purpose. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit f03567bd7e8efc0f667a67905862e6047babdb7a) --- xen/common/wait.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/xen/common/wait.c b/xen/common/wait.c index 24716e7676..9276d76464 100644 --- a/xen/common/wait.c +++ b/xen/common/wait.c @@ -144,18 +144,16 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) "push %%r8; push %%r9; push %%r10; push %%r11;" "push %%r12; push %%r13; push %%r14; push %%r15;" - "call 1f;" - "1: addq $2f-1b,(%%rsp);" "sub %%esp,%%ecx;" "cmp %3,%%ecx;" - "ja 3f;" + "ja .L_skip;" "mov %%rsp,%%rsi;" /* check_wakeup_from_wait() longjmp()'s to this point. */ - "2: rep movsb;" + ".L_wq_resume: rep movsb;" "mov %%rsp,%%rsi;" - "3: pop %%rax;" + ".L_skip:" "pop %%r15; pop %%r14; pop %%r13; pop %%r12;" "pop %%r11; pop %%r10; pop %%r9; pop %%r8;" "pop %%rbp; pop %%rdx; pop %%rbx; pop %%rax" @@ -204,15 +202,14 @@ void check_wakeup_from_wait(void) } /* - * Hand-rolled longjmp(). Returns to the pointer on the top of - * wqv->stack, and lands on a `rep movs` instruction. All other GPRs are - * restored from the stack, so are available for use here. + * Hand-rolled longjmp(). Returns to __prepare_to_wait(), and lands on a + * `rep movs` instruction. All other GPRs are restored from the stack, so + * are available for use here. */ asm volatile ( - "mov %1,%%"__OP"sp; INDIRECT_JMP %[ip]" + "mov %1,%%"__OP"sp; jmp .L_wq_resume;" : : "S" (wqv->stack), "D" (wqv->esp), - "c" ((char *)get_cpu_info() - (char *)wqv->esp), - [ip] "r" (*(unsigned long *)wqv->stack) + "c" ((char *)get_cpu_info() - (char *)wqv->esp) : "memory" ); unreachable(); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:31:59 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:31:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702763.1098246 (Exim 4.92) (envelope-from ) id 1ruFKB-0000xE-Cv; Tue, 09 Apr 2024 17:31:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702763.1098246; Tue, 09 Apr 2024 17:31:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKB-0000x6-AL; Tue, 09 Apr 2024 17:31:59 +0000 Received: by outflank-mailman (input) for mailman id 702763; Tue, 09 Apr 2024 17:31:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFK9-0000wu-NH for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFK9-0005uz-MV for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFK9-0007ko-Lo for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:31:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MRJc77UtKQq0l4EHXgUTHYSKhtPlcdVGpRxUcJb7vnk=; b=eYue2y0gZOYgbfEVco05y9YV6V Duz5R/Wkb1bPPU5inmLn87vYA185CF3wNbpnCjSlUmwdEjBG9IEpZ0X0qzVD1xFb+te64Hl+p5s7E fZL5QKy2sIl8Wu/k5nLrWITnuKetb+6qg2XTyyRInc2SQtPMa1x263SbaBAxu0UoU/4c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests Message-Id: Date: Tue, 09 Apr 2024 17:31:57 +0000 commit 13e7c5a9f1b4a6fab563a5994487fc60778073d5 Author: Andrew Cooper AuthorDate: Tue Apr 9 15:03:05 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests All of these are prediction-mode (i.e. CPL) based. They don't operate as advertised in PV context. Fixes: 4dd676070684 ("x86/spec-ctrl: Expose IPRED_CTRL to guests") Fixes: 478e4787fa64 ("x86/spec-ctrl: Expose RRSBA_CTRL to guests") Fixes: 583f1d095052 ("x86/spec-ctrl: Expose BHI_CTRL to guests") Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 4b3da946ad7e3452761478ae683da842e7ff20d6) --- xen/include/public/arch-x86/cpufeatureset.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 6e9fbcc38c..0139c1a81f 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -301,9 +301,9 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*S MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*S MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*S MSR_SPEC_CTRL.BHI_DIS_S */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:32:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:32:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702764.1098250 (Exim 4.92) (envelope-from ) id 1ruFKL-00011F-En; Tue, 09 Apr 2024 17:32:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702764.1098250; Tue, 09 Apr 2024 17:32:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKL-000116-Bl; Tue, 09 Apr 2024 17:32:09 +0000 Received: by outflank-mailman (input) for mailman id 702764; Tue, 09 Apr 2024 17:32:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKJ-00010p-Q6 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKJ-0005vN-PO for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFKJ-0007nV-Od for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xS2BVw8hmnVztmZGg0OGXC4duOzad+fHWsVPNpTDh4I=; b=gsgwvwlp1jta2VpIzyl4WQ+Clg nQwlyVHcQOZQdKhTzvM1Iz7eaPwrdgr15adSsdkQixTftl2ZaLFO6bZ3PnhyJsHa5Mg/xnR7A6BbV 5ntQVmiQd/rBwAEmf8InY6bcZ5smUkU57jR/MjelxCaJwvCrpAJ79R78jkFRC87p8mgY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional Message-Id: Date: Tue, 09 Apr 2024 17:32:07 +0000 commit 3fbd85d08734214aa48a003e3430b8ada0c232e4 Author: Andrew Cooper AuthorDate: Mon Jul 18 14:15:08 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional The logic was written this way out of an abundance of caution, but the reality is that AMD parts don't currently have the RAS-flushing side effect, nor do they intend to gain it. This removes one WRMSR from the VMExit path by default on Zen2 systems. Fixes: 614cec7d79d7 ("x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c16a9eda77b2089206d5bc39ab6488c3793e11bf) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index d1ca530315..1974eaff97 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -114,15 +114,15 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl - /* - * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] - * flushing side effect. - */ - mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:32:19 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:32:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702765.1098254 (Exim 4.92) (envelope-from ) id 1ruFKV-000173-Hc; Tue, 09 Apr 2024 17:32:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702765.1098254; Tue, 09 Apr 2024 17:32:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKV-00016v-Er; Tue, 09 Apr 2024 17:32:19 +0000 Received: by outflank-mailman (input) for mailman id 702765; Tue, 09 Apr 2024 17:32:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKT-00016Y-Tj for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKT-0005vU-T0 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFKT-0007ny-SA for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dK+JFGAlPwPBPKBF3FZCv+QX2teo6tNPPkQg2sLKsik=; b=pvAi1nPr1/IR0ZNACLmEi89PM/ Q3CI8roxglNuBeGVgwNe7ZK5fqK+IINHt6BfyRnBbTML+IfundOYwaU2A6IZY4JLCfrrFKBEyoMGz dKhf9i/322pvV5RuAfy5tu/utuAKOjVb9V5bXz3tEWkjJHdaE1nyf8HyLxUVQP8dvck0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Rename spec_ctrl_flags to scf Message-Id: Date: Tue, 09 Apr 2024 17:32:17 +0000 commit bd436736f7350f302144c12ec82e3256c9872d8a Author: Andrew Cooper AuthorDate: Thu Mar 28 11:57:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Rename spec_ctrl_flags to scf XSA-455 was ultimately caused by having fields with too-similar names. Both {xen,last}_spec_ctrl are fields containing an architectural MSR_SPEC_CTRL value. The spec_ctrl_flags field contains Xen-internal flags. To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which is also the prefix of the constants used by the fields. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit c62673c4334b3372ebd4292a7ac8185357e7ea27) --- xen/arch/x86/acpi/power.c | 4 ++-- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/setup.c | 2 +- xen/arch/x86/spec_ctrl.c | 18 +++++++++--------- xen/arch/x86/x86_64/asm-offsets.c | 2 +- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 2 +- xen/include/asm-x86/current.h | 2 +- xen/include/asm-x86/domain.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 16 ++++++++-------- xen/include/asm-x86/spec_ctrl_asm.h | 22 +++++++++++----------- 14 files changed, 44 insertions(+), 44 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 1a7baeebe6..4d6650f407 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,7 @@ static int enter_state(u32 state) ci = get_cpu_info(); /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_IST_MASK; + ci->scf &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,7 +290,7 @@ static int enter_state(u32 state) panic("Missing previously available feature(s)\n"); /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); + ci->scf |= (default_scf & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 711e52f75f..684d105862 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2069,10 +2069,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the new spec_ctrl settings. */ - info->spec_ctrl_flags = - (info->spec_ctrl_flags & ~SCF_DOM_MASK) | - (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); + /* Update the top-of-stack block with the new speculation settings. */ + info->scf = + (info->scf & ~SCF_DOM_MASK) | + (nextd->arch.scf & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 1974eaff97..73c35bc27d 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index cdde76e138..4ee529c57a 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -111,7 +111,7 @@ UNLIKELY_END(realmode) BUILD_BUG_ON(SCF_verw & ~0xff) movzbl VCPU_vmx_launched(%rbx), %ecx shl $31, %ecx - movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax + movzbl CPUINFO_scf(%rsp), %eax and $SCF_verw, %eax or %eax, %ecx diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 888239ce0f..0c87966f2a 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1388,7 +1388,7 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); - if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + if ( !rc && (d->arch.scf & SCF_entry_ibpb) ) rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, VMX_MSR_HOST); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 63156eaf26..c32b835fe5 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1994,7 +1994,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b24c36c99e..34a83e8ce1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,7 @@ static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; uint8_t __read_mostly default_xen_spec_ctrl; -uint8_t __read_mostly default_spec_ctrl_flags; +uint8_t __read_mostly default_scf; paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; static bool __initdata cpu_has_bug_l1tf; @@ -1052,7 +1052,7 @@ static void __init ibpb_calculations(void) * NMI/#MC, so can't interrupt Xen ahead of having already flushed the * BTB. */ - default_spec_ctrl_flags |= SCF_ist_ibpb; + default_scf |= SCF_ist_ibpb; } if ( opt_ibpb_entry_hvm ) setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); @@ -1553,7 +1553,7 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); - d->arch.spec_ctrl_flags = + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | 0; @@ -1658,7 +1658,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1669,7 +1669,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1756,7 +1756,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } /* @@ -1779,7 +1779,7 @@ void __init init_speculation_mitigations(void) * possible rogue RSB speculation. */ if ( !cpu_has_svm ) - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } srso_calculations(hw_smt_enabled); @@ -1792,7 +1792,7 @@ void __init init_speculation_mitigations(void) if ( opt_eager_fpu == -1 ) opt_eager_fpu = should_use_eager_fpu(); - /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ + /* (Re)init BSP state now that default_scf has been calculated. */ init_shadow_spec_ctrl_state(); /* @@ -2064,7 +2064,7 @@ void __init init_speculation_mitigations(void) { info->shadow_spec_ctrl = 0; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); } diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index e3a38ae967..73fd42889d 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -152,7 +152,7 @@ void __dummy__(void) OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); - OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); + OFFSET(CPUINFO_scf, struct cpu_info, scf); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info)); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index becc7f1bb2..add2616954 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -168,8 +168,8 @@ ENTRY(compat_restore_all_guest) /* Account for ev/ec having already been popped off the stack. */ SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) + scf=STK_REL(CPUINFO_scf, CPUINFO_rip), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) .Lft0: iretq _ASM_PRE_EXTABLE(.Lft0, handle_exception) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index d855d4d1d7..f5d36f835e 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -626,7 +626,7 @@ UNLIKELY_END(exit_cr3) /* * When the CPU pushed this exception frame, it zero-extended eflags. * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of - * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs, + * scf and ver_sel above eflags, as we can't use any GPRs, * and we're at a random place on the stack, not in a CPUFINFO block. * * Account for ev/ec having already been popped off the stack. diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 8ea4aecc5e..138ad63165 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -57,7 +57,7 @@ struct cpu_info { unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; + uint8_t scf; /* SCF_* */ /* * The following field controls copying of the L4 page table of 64-bit diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index e2ad2957ee..7901cfd6c6 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -319,7 +319,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ + uint8_t scf; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index e400ff2273..dfe7b37795 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -21,10 +21,10 @@ #define __X86_SPEC_CTRL_H__ /* - * Encoding of: - * cpuinfo.spec_ctrl_flags - * default_spec_ctrl_flags - * domain.spec_ctrl_flags + * Encoding of Xen's speculation control flags in: + * cpuinfo.scf + * default_scf + * domain.scf * * Live settings are in the top-of-stack block, because they need to be * accessable when XPTI is active. Some settings are fixed from boot, some @@ -95,7 +95,7 @@ extern bool opt_branch_harden; extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; -extern uint8_t default_spec_ctrl_flags; +extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; @@ -114,7 +114,7 @@ static inline void init_shadow_spec_ctrl_state(void) info->shadow_spec_ctrl = 0; info->xen_spec_ctrl = default_xen_spec_ctrl; - info->spec_ctrl_flags = default_spec_ctrl_flags; + info->scf = default_scf; /* * For least latency, the VERW selector should be a writeable data @@ -138,7 +138,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) */ info->shadow_spec_ctrl = val; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); @@ -172,7 +172,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. */ - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9704a22d5b..d015e2df5f 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -51,7 +51,7 @@ * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow - * boolean in the per cpu spec_ctrl_flags. The synchronous use is: + * boolean in the per cpu scf. The synchronous use is: * * 1) Store guest value in shadow_spec_ctrl * 2) Set the use_shadow boolean @@ -98,11 +98,11 @@ * interrupting Xen. */ .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) .endif jz .L\@_skip @@ -172,8 +172,8 @@ #define STK_REL(field, top_of_stk) ((field) - (top_of_stk)) .macro SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) + scf=STK_REL(CPUINFO_scf, CPUINFO_error_code), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) /* * Requires \scf and \sel as %rsp-relative expressions * Clobbers eflags @@ -228,10 +228,10 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else - andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + andb $~SCF_use_shadow, CPUINFO_scf(%rsp) movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax .endif @@ -250,7 +250,7 @@ mov %eax, CPUINFO_shadow_spec_ctrl(%rsp) /* Set SPEC_CTRL shadowing *before* loading the guest value. */ - orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + orb $SCF_use_shadow, CPUINFO_scf(%rsp) mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx @@ -328,7 +328,7 @@ * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -353,7 +353,7 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx @@ -387,7 +387,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs * Clobbers %rax, %rbx, %rcx, %rdx */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx testb $SCF_ist_sc_msr, %bl jz .L\@_skip_sc_msr -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:32:29 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:32:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702766.1098258 (Exim 4.92) (envelope-from ) id 1ruFKf-0001Ap-J1; Tue, 09 Apr 2024 17:32:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702766.1098258; Tue, 09 Apr 2024 17:32:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKf-0001Ah-GJ; Tue, 09 Apr 2024 17:32:29 +0000 Received: by outflank-mailman (input) for mailman id 702766; Tue, 09 Apr 2024 17:32:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKe-0001AV-0c for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKd-0005vg-W7 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFKd-0007oT-VG for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sf5j2LJ4uy1dO68UpXyX3HjEuBp05700rbXz+RlMris=; b=YOEynA2CJOprysMWmgRZzpWG55 OhJtrb7y/RBsSEDYPvL9FeQoxcluAkJVeaa5KNPMjH5UmmTZUC1zsE5m580L6yNjyIY3wtO0SjEqh H2nB4lolHmIk73OH8WJHdp7XhEWNVHR+cpF4pomC5CqH/JWp/lZnVZFOkCYP5CKdNUzY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Message-Id: Date: Tue, 09 Apr 2024 17:32:27 +0000 commit 0cf958a47f1486ca911d16bf294a37f6b6f93667 Author: Andrew Cooper AuthorDate: Fri Mar 22 11:41:41 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Right now, we have a mix of safety strategies in different blocks, making the logic fragile and hard to follow. Start addressing this by having a safety LFENCE at the end of the blocks, which can be patched out if other safety criteria are met. This will allow us to simplify the sub-blocks. For SPEC_CTRL_ENTRY_FROM_IST, simply leave an LFENCE unconditionally at the end; the IST path is not a fast-path by any stretch of the imagination. For SPEC_CTRL_ENTRY_FROM_INTR, the existing description was incorrect. The IRET #GP path is non-fatal but can occur with the guest's choice of MSR_SPEC_CTRL. It is safe to skip the flush/barrier-like protections when interrupting Xen, but we must run DO_SPEC_CTRL_ENTRY irrespective. This will skip RSB stuffing which was previously unconditional even when interrupting Xen. AFAICT, this is a missing cleanup from commit 3fffaf9c13e9 ("x86/entry: Avoid using alternatives in NMI/#MC paths") where we split the IST entry path out of the main INTR entry path. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 94896de1a98c4289fe6fef9e16ef99fc6ef2efc4) --- xen/arch/x86/hvm/vmx/entry.S | 1 + xen/arch/x86/spec_ctrl.c | 52 +++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/cpufeatures.h | 4 +++ xen/include/asm-x86/spec_ctrl_asm.h | 27 ++++++++++--------- 4 files changed, 72 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 4ee529c57a..8d5b683879 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -43,6 +43,7 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 34a83e8ce1..d2fef8d1ba 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2040,6 +2040,58 @@ void __init init_speculation_mitigations(void) print_details(thunk); + /* + * With the alternative blocks now chosen, see if we need any other + * adjustments for safety. + * + * We compile the LFENCE in, and patch it out if it's not needed. + * + * Notes: + * - SPEC_CTRL_ENTRY_FROM_SVM doesn't need an LFENCE because it has an + * unconditional STGI. + * - SPEC_CTRL_ENTRY_FROM_IST handles its own safety, without the use of + * alternatives. + * - DO_OVERWRITE_RSB has conditional branches in it, but it's an inline + * sequence. It is considered safe for uarch reasons. + */ + { + /* + * SPEC_CTRL_ENTRY_FROM_PV conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we're not using any prior conditional mitigation, + * then it's safe to drop the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); + + /* + * SPEC_CTRL_ENTRY_FROM_INTR conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we have no protections active in the block that + * is skipped when interrupting guest context, then it's safe to drop + * the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); + + /* + * SPEC_CTRL_ENTRY_FROM_VMX conditional safety + * + * Currently there are no safety actions with conditional branches, so + * no need for the extra safety LFENCE. + */ + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + } + /* * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard * any firmware settings. For performance reasons, when safe to do so, we diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 24a182d37f..0ca203530d 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -51,5 +51,9 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_BUG_CLFLUSH_MFENCE X86_BUG( 2) /* MFENCE needed to serialise CLFLUSH */ #define X86_BUG_IBPB_NO_RET X86_BUG( 3) /* IBPB doesn't flush the RSB/RAS */ +#define X86_SPEC_NO_LFENCE_ENTRY_PV X86_BUG(16) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_PV. */ +#define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ +#define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index d015e2df5f..150159e782 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -273,25 +273,37 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm /* * Used after an exception or maskable interrupt, hitting Xen or PV context. - * There will either be a guest speculation context, or (barring fatal - * exceptions) a well-formed Xen speculation context. + * There will either be a guest speculation context, or a well-formed Xen + * speculation context, with the exception of one case. IRET #GP handling may + * have a guest choice of MSR_SPEC_CTRL. + * + * Therefore, we can skip the flush/barrier-like protections when hitting Xen, + * but we must still run the mode-based protections. */ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rcx, %rdx */ + testb $3, UREGS_cs(%rsp) + jz .L\@_skip + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV +.L\@_skip: ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm /* @@ -360,18 +372,9 @@ movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr - /* Opencoded UNLIKELY_START() with no condition. */ -UNLIKELY_DISPATCH_LABEL(\@_serialise): - .subsection 1 - /* - * In the case that we might need to set SPEC_CTRL.IBRS for safety, we - * need to ensure that an attacker can't poison the `jz .L\@_skip_wrmsr` - * to speculate around the WRMSR. As a result, we need a dispatch - * serialising instruction in the else clause. - */ .L\@_skip_msr_spec_ctrl: + lfence - UNLIKELY_END(\@_serialise) .endm /* -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:32:39 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:32:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702767.1098262 (Exim 4.92) (envelope-from ) id 1ruFKp-0001DV-Kp; Tue, 09 Apr 2024 17:32:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702767.1098262; Tue, 09 Apr 2024 17:32:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKp-0001DN-Hk; Tue, 09 Apr 2024 17:32:39 +0000 Received: by outflank-mailman (input) for mailman id 702767; Tue, 09 Apr 2024 17:32:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKo-0001D8-3U for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKo-0005vn-2o for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFKo-0007ou-20 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=p0M6RKY7TWxjJOt7Ja7BJg8JxEU4anwkEZ3neWHvpLE=; b=qXnDLWQzAaHpBpYJoMv+8vliL9 SgOtUYwNCKFVLDxRimurC9U46lKngqk8Iim4pCk6qOtpjImYEeAI+6CzYmoflpI93RLR6IzKYnrBs g/BZWJEQOG0y0/GaRliQhl0dp2TfATz/jv/AN22XGYqLAdbN6h9eW2KE5IuClE4w6D54=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Message-Id: Date: Tue, 09 Apr 2024 17:32:38 +0000 commit 4123cb4e8309bcacaf943c7e41e2416c99284918 Author: Andrew Cooper AuthorDate: Fri Mar 22 15:52:06 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Other SPEC_CTRL_* paths already use %r14 like this, and it will allow for simplifications. All instances of SPEC_CTRL_ENTRY_FROM_PV are followed by a GET_STACK_END() invocation, so this change is only really logic and register shuffling. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22390697bf1b4cd3024f2d10893dec3c3ec08a9c) --- xen/arch/x86/x86_64/compat/entry.S | 15 +++++++++------ xen/arch/x86/x86_64/entry.S | 33 ++++++++++++++++++--------------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index add2616954..19a20aec63 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,6 +20,8 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, EFRAME_entry_vector(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ @@ -27,7 +29,7 @@ ENTRY(entry_int82) CR4_PV32_RESTORE - GET_CURRENT(bx) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov %rsp, %rdi call do_entry_int82 @@ -223,23 +225,24 @@ ENTRY(cstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lcstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lcstar_cr3_okay: sti CR4_PV32_RESTORE - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx movq VCPU_domain(%rbx),%rcx cmpb $0,DOMAIN_is_32bit_pv(%rcx) je switch_to_kernel diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index f5d36f835e..45c8644069 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -266,21 +266,22 @@ ENTRY(lstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Llstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Llstar_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx testb $TF_kernel_mode,VCPU_thread_flags(%rbx) jz switch_to_kernel @@ -304,23 +305,24 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lsyse_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl @@ -356,17 +358,18 @@ ENTRY(int80_direct_trap) movl $0x80, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lint80_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lint80_cr3_okay: sti @@ -376,7 +379,7 @@ UNLIKELY_START(ne, msi_check) call check_for_unexpected_msi UNLIKELY_END(msi_check) - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov VCPU_trap_ctxt(%rbx), %rsi mov VCPU_domain(%rbx), %rax -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:32:49 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:32:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702768.1098266 (Exim 4.92) (envelope-from ) id 1ruFKz-0001Gj-NX; Tue, 09 Apr 2024 17:32:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702768.1098266; Tue, 09 Apr 2024 17:32:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKz-0001Gb-L2; Tue, 09 Apr 2024 17:32:49 +0000 Received: by outflank-mailman (input) for mailman id 702768; Tue, 09 Apr 2024 17:32:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKy-0001GP-6Q for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFKy-0005wG-5m for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFKy-0007pi-4z for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=nKBxxy3i3zMoZqSztGe6KTdhIwiDjIioM8CFEA7yEwQ=; b=K7h/TdCxKnQJVgepQ1Vrb8Y0OD hlP0FwQQ+T13nGj8jEa0hgCiRR1jJkBO98+VGbPiRsLdS+0JlQ26pXSKRA+OgOlDLJ0GVPASiSqbX +4WoZWiljdt0DRk3i92ivkSP3h4BYke/uHqrBRd9r2NvyQi0yOR3A+37EquPSqRIxDn4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} Message-Id: Date: Tue, 09 Apr 2024 17:32:48 +0000 commit 38b55be646e885e283134c51faa014507c8102fd Author: Andrew Cooper AuthorDate: Fri Mar 22 12:08:02 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} ... as we do in the exit paths too. This will allow simplification to the sub-blocks. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9607aeb6602b8ed9962404de3f5f90170ffddb66) --- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 10 +++++----- xen/include/asm-x86/spec_ctrl_asm.h | 10 +++++++--- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 19a20aec63..2728ea7b49 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -22,7 +22,7 @@ ENTRY(entry_int82) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ sti @@ -227,7 +227,7 @@ ENTRY(cstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 45c8644069..8f07eb0877 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -268,7 +268,7 @@ ENTRY(lstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -307,7 +307,7 @@ GLOBAL(sysenter_eflags_saved) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ @@ -360,7 +360,7 @@ ENTRY(int80_direct_trap) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -646,7 +646,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -680,7 +680,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 150159e782..b583fd3ed4 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -263,9 +263,11 @@ */ .macro SPEC_CTRL_ENTRY_FROM_PV /* - * Requires %rsp=regs/cpuinfo, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs/cpuinfo, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ X86_FEATURE_IBPB_ENTRY_PV @@ -289,8 +291,10 @@ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + testb $3, UREGS_cs(%rsp) jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:32:59 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:32:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702769.1098270 (Exim 4.92) (envelope-from ) id 1ruFL9-0001Jn-PC; Tue, 09 Apr 2024 17:32:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702769.1098270; Tue, 09 Apr 2024 17:32:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFL9-0001Je-MQ; Tue, 09 Apr 2024 17:32:59 +0000 Received: by outflank-mailman (input) for mailman id 702769; Tue, 09 Apr 2024 17:32:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFL8-0001JP-9f for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFL8-0005wP-8o for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFL8-0007qc-84 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:32:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8d8K93/Kz2tJv7DL97ZfEQTDwmdmDj1bVNzXEFJ50xY=; b=AV0Zj6FTyZrMKx77ZAFDScIf7E Ifc6MHmDtsxWWZl1R15VcGMUugRqALqg8++1ScVBfTzVFFQeVtyChpsQLt/EnFcOMLCvJhjioqbia q8ciGxtDfTWYgXqL6C2LFrW2bnx9irCQonIJcYEYXv63ikSpKe86fKMF+JRCMpk7XSSo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Simplify DO_COND_IBPB Message-Id: Date: Tue, 09 Apr 2024 17:32:58 +0000 commit 4d870d3c2761ff6593c73b37acd11b446350f660 Author: Andrew Cooper AuthorDate: Fri Mar 22 14:33:17 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Simplify DO_COND_IBPB With the prior refactoring, SPEC_CTRL_ENTRY_{PV,INTR} both load SCF into %ebx, and handle the conditional safety including skipping if interrupting Xen. Therefore, we can drop the maybexen parameter and the conditional safety. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 2378d16a931de0e62c03669169989e9437306abe) --- xen/include/asm-x86/spec_ctrl_asm.h | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index b583fd3ed4..dc166f60dc 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -87,33 +87,21 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ -.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +.macro DO_COND_IBPB /* - * Requires %rsp=regs (also cpuinfo if !maybexen) - * Requires %r14=stack_end (if maybexen), %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rbx=SCF, %rdx=0 + * Clobbers %rax, %rcx * - * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen - * case, we can safely look at UREGS_cs to skip taking the hit when - * interrupting Xen. + * Conditionally issue IBPB if SCF_entry_ibpb is active. */ - .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) - jz .L\@_skip - testb $3, UREGS_cs(%rsp) - .else - testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) - .endif + testb $SCF_entry_ibpb, %bl jz .L\@_skip mov $MSR_PRED_CMD, %ecx mov $PRED_CMD_IBPB, %eax wrmsr - jmp .L\@_done .L\@_skip: - lfence -.L\@_done: .endm .macro DO_OVERWRITE_RSB tmp=rax @@ -268,8 +256,7 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -298,8 +285,7 @@ testb $3, UREGS_cs(%rsp) jz .L\@_skip - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -339,7 +325,7 @@ * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of: - * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_COND_IBPB * DO_OVERWRITE_RSB * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:33:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702770.1098273 (Exim 4.92) (envelope-from ) id 1ruFLJ-0001No-QQ; Tue, 09 Apr 2024 17:33:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702770.1098273; Tue, 09 Apr 2024 17:33:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLJ-0001Ng-Nr; Tue, 09 Apr 2024 17:33:09 +0000 Received: by outflank-mailman (input) for mailman id 702770; Tue, 09 Apr 2024 17:33:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLI-0001M3-CT for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLI-0005wr-Bn for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFLI-0007rQ-B0 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=g+5aVx2OernLyZF4nhuskCRmbx0aGU1yHvaX5SJNs6s=; b=bZhr8+wQZqP2E3UQexkwYKJEH+ WawTViQ1VYKbWaf1YRO0LaBbGcq3JuA7+9FAakoCxO60pu5f2u3KLiYRNOSwOLVis6jl7JvLA2iYN CYbIu6KfwSqZSgGb8P8c5LDQ1sz+oh+6fTHlgQYBYOrzCGPdMXmcxY8p+kByvOw4odGU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* Message-Id: Date: Tue, 09 Apr 2024 17:33:08 +0000 commit 9591349d8bf8d191ea59992b1e0a4b42cdfebc77 Author: Andrew Cooper AuthorDate: Mon Mar 25 11:09:35 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* The complexity is getting out of hand. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 40dea83b75386cb693481cf340024ce093be5c0f) --- xen/arch/x86/hvm/svm/entry.S | 14 +++++++++ xen/arch/x86/hvm/vmx/entry.S | 14 +++++++++ xen/include/asm-x86/spec_ctrl_asm.h | 59 +++++++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 73c35bc27d..19a148ee32 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -100,6 +100,11 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular + * making type-confused RETs safe to use. This is not needed on Zen5 + * and later parts when SRSO_MSR_FIX (BP-SPEC-REDUCE) is in use. + */ .macro svm_vmexit_cond_ibpb testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb @@ -111,8 +116,17 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + /* + * RSB (RAS/RAP) stuffing is to prevents RET predictions following guest + * entries. This is not needed on Zen4 and later, when AutoIBRS is in + * use. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting, making indirect CALLs/JMPs + * safe to use. The guest's setting resides in the VMCB. + */ .macro svm_vmexit_spec_ctrl movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax movzbl CPUINFO_last_spec_ctrl(%rsp), %edx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 8d5b683879..008d76a6e1 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -34,8 +34,22 @@ ENTRY(vmx_asm_vmexit_handler) mov %rax,VCPU_hvm_guest_cr2(%rbx) /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* + * RSB stuffing is to prevents RET predictions following guest + * entries. This is *not* sufficient to flush all RSB entries on + * parts enumerating eIBRS, although the following restore_spec_ctrl + * does covers us. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting. The guest's value resides in + * the MSR load/save list. For Legacy IBRS, this flushes/inhibits + * indirect predictions and does not flush the RSB. For eIBRS, this + * prevents CALLs/JMPs using predictions learnt at a lower predictor + * mode, and it flushes the RSB. On eIBRS parts that also suffer from + * PBRSB, the prior RSB stuffing suffices to make the RSB safe. + */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index dc166f60dc..741915d90c 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -256,10 +256,32 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. + */ ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * This is not needed if SMEP is active and the RSB is full-width. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. The + * guest can't change it's value behind Xen's back. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. + */ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV @@ -282,6 +304,14 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * All safety notes the same as SPEC_CTRL_ENTRY_FROM_PV, although there is + * a conditional jump skipping some actions when interrupting Xen. + * + * On Intel parts, the IRET #GP path ends up here with the guest's choice + * of MSR_SPEC_CTRL. + */ + testb $3, UREGS_cs(%rsp) jz .L\@_skip @@ -332,6 +362,19 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. The SVM path takes care of + * Host/Guest interactions prior to clearing GIF, and it's not used on the + * VMX path. + */ test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -341,6 +384,12 @@ .L\@_skip_ibpb: + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * SCF_ist_rsb is active if either PV or HVM protections are needed. The + * VMX path cannot guarantee to make the RSB safe ahead of taking an IST + * vector. + */ test $SCF_ist_rsb, %bl jz .L\@_skip_rsb @@ -348,6 +397,16 @@ .L\@_skip_rsb: + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. PV + * guests can't change their value behind Xen's back. HVM guests have + * their value stored in the MSR load/save list. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. On eIBRS parts that also + * suffer from PBRSB, the prior RSB stuffing suffices to make the RSB + * safe. + */ test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:33:19 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:33:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702771.1098278 (Exim 4.92) (envelope-from ) id 1ruFLT-0001Rn-SV; Tue, 09 Apr 2024 17:33:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702771.1098278; Tue, 09 Apr 2024 17:33:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLT-0001Rf-PQ; Tue, 09 Apr 2024 17:33:19 +0000 Received: by outflank-mailman (input) for mailman id 702771; Tue, 09 Apr 2024 17:33:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLS-0001RT-Fk for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLS-0005wy-F1 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:18 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFLS-0007s2-EF for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:18 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BvuZBpZ3w0QCNYCdENstSImj3IOT4uG81IPY8SqPr24=; b=rp52jrjyQuVd0W22hpfAvLGLCC toNWtJ2YJH2K4e7/u45MswL85aIKYRO1HSyLXYCkwRjRLkqi8LO56MjdSQ4mLik36deXLunRgrbUT KD6QWCxzaRb4ZaG+9niQ6LGHHvU5RcSZtBvRNkwSBRXnIbwKc7djaueBDo+3qfoKgl9A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/vmx: Add support for virtualize SPEC_CTRL Message-Id: Date: Tue, 09 Apr 2024 17:33:18 +0000 commit 598e010adaabc22a434bead255ded2c64a5fba49 Author: Roger Pau Monne AuthorDate: Thu Feb 15 17:46:53 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/vmx: Add support for virtualize SPEC_CTRL The feature is defined in the tertiary exec control, and is available starting from Sapphire Rapids and Alder Lake CPUs. When enabled, two extra VMCS fields are used: SPEC_CTRL mask and shadow. Bits set in mask are not allowed to be toggled by the guest (either set or clear) and the value in the shadow field is the value the guest expects to be in the SPEC_CTRL register. By using it the hypervisor can force the value of SPEC_CTRL bits behind the guest back without having to trap all accesses to SPEC_CTRL, note that no bits are forced into the guest as part of this patch. It also allows getting rid of SPEC_CTRL in the guest MSR load list, since the value in the shadow field will be loaded by the hardware on vmentry. Signed-off-by: Roger Pau Monné Signed-off-by: Andrew Cooper (cherry picked from commit 97c5b8b657e41a6645de9d40713b881234417b49) --- xen/arch/x86/hvm/vmx/vmcs.c | 12 ++++++++- xen/arch/x86/hvm/vmx/vmx.c | 55 ++++++++++++++++++++++++++++++++------ xen/include/asm-x86/hvm/vmx/vmcs.h | 5 ++++ xen/include/asm-x86/msr.h | 7 +++-- 4 files changed, 68 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 0c87966f2a..3d3bfce1b4 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -210,6 +210,7 @@ static void __init vmx_display_features(void) P(cpu_has_vmx_virt_exceptions, "Virtualisation Exceptions"); P(cpu_has_vmx_pml, "Page Modification Logging"); P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); + P(cpu_has_vmx_virt_spec_ctrl, "Virtualize SPEC_CTRL"); #undef P if ( !printed ) @@ -370,7 +371,7 @@ static int vmx_init_vmcs_config(bool bsp) if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) { - uint64_t opt = 0; + uint64_t opt = TERTIARY_EXEC_VIRT_SPEC_CTRL; _vmx_tertiary_exec_control = adjust_vmx_controls2( "Tertiary Exec Control", 0, opt, @@ -1379,6 +1380,12 @@ static int construct_vmcs(struct vcpu *v) if ( cpu_has_vmx_tsc_scaling ) __vmwrite(TSC_MULTIPLIER, d->arch.hvm.tsc_scaling_ratio); + if ( cpu_has_vmx_virt_spec_ctrl ) + { + __vmwrite(SPEC_CTRL_MASK, 0); + __vmwrite(SPEC_CTRL_SHADOW, 0); + } + /* will update HOST & GUEST_CR3 as reqd */ paging_update_paging_modes(v); @@ -2089,6 +2096,9 @@ void vmcs_dump_vcpu(struct vcpu *v) if ( v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY ) printk("InterruptStatus = %04x\n", vmr16(GUEST_INTR_STATUS)); + if ( cpu_has_vmx_virt_spec_ctrl ) + printk("SPEC_CTRL mask = 0x%016lx shadow = 0x%016lx\n", + vmr(SPEC_CTRL_MASK), vmr(SPEC_CTRL_SHADOW)); printk("*** Host State ***\n"); printk("RIP = 0x%016lx (%ps) RSP = 0x%016lx\n", diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index a7f9fefa8c..f15baef8ad 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -618,23 +618,28 @@ static void vmx_cpuid_policy_changed(struct vcpu *v) /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored. + * + * If VMX_VIRT_SPEC_CTRL is available, it is activated by default and the + * guest MSR_SPEC_CTRL value lives in the VMCS. Otherwise, it lives in + * the MSR load/save list. */ if ( cp->feat.ibrsb ) { vmx_clear_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); - if ( rc ) - goto out; + if ( !cpu_has_vmx_virt_spec_ctrl ) + { + rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); + if ( rc ) + goto out; + } } else { vmx_set_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); - if ( rc && rc != -ESRCH ) - goto out; - rc = 0; /* Tolerate -ESRCH */ + if ( !cpu_has_vmx_virt_spec_ctrl ) + vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ @@ -2444,9 +2449,14 @@ static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) uint64_t val = 0; int rc; + /* Logic which doesn't require remote VMCS acquisition. */ switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - fetched below. */ + break; + rc = vmx_read_guest_msr(v, reg, &val); if ( rc ) { @@ -2455,13 +2465,26 @@ static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) domain_crash(d); } return val; + } + + /* Logic which maybe requires remote VMCS acquisition. */ + vmx_vmcs_enter(v); + switch ( reg ) + { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmread(SPEC_CTRL_SHADOW, &val); + break; default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); domain_crash(d); - return 0; + break; } + vmx_vmcs_exit(v); + + return val; } static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) @@ -2469,9 +2492,14 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) struct domain *d = v->domain; int rc; + /* Logic which doesn't require remote VMCS acquisition. */ switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - set below. */ + break; + rc = vmx_write_guest_msr(v, reg, val); if ( rc ) { @@ -2480,12 +2508,23 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) domain_crash(d); } break; + } + + /* Logic which maybe requires remote VMCS acquisition. */ + vmx_vmcs_enter(v); + switch ( reg ) + { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmwrite(SPEC_CTRL_SHADOW, val); + break; default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); domain_crash(d); } + vmx_vmcs_exit(v); } static struct hvm_function_table __initdata vmx_function_table = { diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 9b246b802b..2b4de99ed4 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -279,6 +279,9 @@ extern u32 vmx_secondary_exec_control; #define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) extern uint64_t vmx_tertiary_exec_control; +#define cpu_has_vmx_virt_spec_ctrl \ + (vmx_tertiary_exec_control & TERTIARY_EXEC_VIRT_SPEC_CTRL) + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -436,6 +439,8 @@ enum vmcs_field { XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, TERTIARY_VM_EXEC_CONTROL = 0x00002034, + SPEC_CTRL_MASK = 0x0000204a, + SPEC_CTRL_SHADOW = 0x0000204c, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index c37b9e771b..a7ad9bd189 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -289,8 +289,11 @@ struct vcpu_msrs * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. * - * For VT-x guests, the guest value is held in the MSR guest load/save - * list. + * For VT-x guests, one of two situations exist: + * + * - If hardware supports virtualized MSR_SPEC_CTRL, it is active by + * default and the guest value lives in the VMCS. + * - Otherwise, the guest value is held in the MSR load/save list. * * For SVM, the guest value lives in the VMCB, and hardware saves/restores * the host value automatically. However, guests run with the OR of the -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:33:30 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:33:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702772.1098282 (Exim 4.92) (envelope-from ) id 1ruFLd-0001Xk-Vw; Tue, 09 Apr 2024 17:33:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702772.1098282; Tue, 09 Apr 2024 17:33:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLd-0001Xc-T3; Tue, 09 Apr 2024 17:33:29 +0000 Received: by outflank-mailman (input) for mailman id 702772; Tue, 09 Apr 2024 17:33:28 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLc-0001XL-Ig for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:28 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLc-0005x5-I1 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:28 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFLc-0007sb-HK for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:28 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yau98DZ21wjkgG5eRwyU05E0+7jXH2HXTy84UWvoOng=; b=VTdzqFwZRkYewD8+CdSQUDpv7m a4I5MhHViYBrPnONtFDtBYrGCAs4QTrqRZFYTcG8hDca/rAW/ZskB7Weh2Ens6XWcqCAsd7EictBb sUkuqle6t5dkfU1SJeeDxM7dSJ1HYu74pn5HyvYPwZx5RD3PvDAXRut2NhxlYD69gjBo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Message-Id: Date: Tue, 09 Apr 2024 17:33:28 +0000 commit d7b6631ca84829bd696dc50cddc6dc0419acd3de Author: Andrew Cooper AuthorDate: Tue Mar 26 22:43:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Right now, they're all bytes, but MSR_SPEC_CTRL has been steadily gaining new features. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 45dac88e78e8a2d9d8738eef884fe6730faf9e67) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/spec_ctrl.c | 2 +- xen/include/asm-x86/current.h | 4 ++-- xen/include/asm-x86/spec_ctrl.h | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 19a148ee32..badfed87ae 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -61,14 +61,14 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ .macro svm_vmentry_spec_ctrl mov VCPU_arch_msrs(%rbx), %rax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_last_spec_ctrl(%rsp), %edx mov VCPUMSR_spec_ctrl_raw(%rax), %eax cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM @@ -128,14 +128,14 @@ __UNLIKELY_END(nsvm_hap) * safe to use. The guest's setting resides in the VMCB. */ .macro svm_vmexit_spec_ctrl - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_last_spec_ctrl(%rsp), %edx cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 008d76a6e1..9250eb1839 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -52,7 +52,7 @@ ENTRY(vmx_asm_vmexit_handler) */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax xor %edx, %edx wrmsr .endm diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index d2fef8d1ba..381ce21557 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -66,7 +66,7 @@ bool __read_mostly opt_branch_harden = true; static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __read_mostly default_xen_spec_ctrl; +unsigned int __read_mostly default_xen_spec_ctrl; uint8_t __read_mostly default_scf; paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 138ad63165..2641573d52 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -55,8 +55,8 @@ struct cpu_info { /* See asm-x86/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; - uint8_t xen_spec_ctrl; - uint8_t last_spec_ctrl; + unsigned int xen_spec_ctrl; + unsigned int last_spec_ctrl; uint8_t scf; /* SCF_* */ /* diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index dfe7b37795..0e28851507 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -94,7 +94,7 @@ extern int8_t opt_l1d_flush; extern bool opt_branch_harden; extern bool bsp_delay_spec_ctrl; -extern uint8_t default_xen_spec_ctrl; +extern unsigned int default_xen_spec_ctrl; extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 741915d90c..c66be1f94b 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -217,10 +217,10 @@ setnz %al not %eax and %al, STACK_CPUINFO_FIELD(scf)(%r14) - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else andb $~SCF_use_shadow, CPUINFO_scf(%rsp) - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax .endif wrmsr @@ -418,7 +418,7 @@ /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr .L\@_skip_msr_spec_ctrl: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:33:40 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:33:40 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702773.1098285 (Exim 4.92) (envelope-from ) id 1ruFLo-0001cD-0y; Tue, 09 Apr 2024 17:33:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702773.1098285; Tue, 09 Apr 2024 17:33:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLn-0001c6-UX; Tue, 09 Apr 2024 17:33:39 +0000 Received: by outflank-mailman (input) for mailman id 702773; Tue, 09 Apr 2024 17:33:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLm-0001bu-Le for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLm-0005xC-L1 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:38 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFLm-0007t1-KK for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:38 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sNoXMgfJ0+7j+tkRu/1wQtlqf/Q7NCS1TvMfFwpGdUw=; b=FNZso6Ec+v2LI7jSRuCLDo/pL2 ZgUceGhvgjJW/0vf+EbvI3vSJTXrlvKwmPFuqEl0ieOQYfTo1Tt2ZVp11wPKvV+2r+i2V3qHF3Aqh Tui/i0kb/vrMc+KYfXJnYuPuvl9mnazz9Tv73ev7NXLVowMWd1qrPIfvo90TZjcsSB0Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86: Use indirect calls in reset-stack infrastructure Message-Id: Date: Tue, 09 Apr 2024 17:33:38 +0000 commit 768ee6d99e2bb1ba315fc7244abf502fe5c16cea Author: Andrew Cooper AuthorDate: Fri Dec 22 17:44:48 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86: Use indirect calls in reset-stack infrastructure Mixing up JMP and CALL indirect targets leads a very fun form of speculative type confusion. A target which is expecting to be called CALLed needs a return address on the stack, and an indirect JMP doesn't place one there. An indirect JMP which predicts to a target intending to be CALLed can end up with a RET speculatively executing with a value from the JMPers stack frame. There are several ways get indirect JMPs in Xen. * From tailcall optimisations. These are safe because the compiler has arranged the stack to point at the callee's return address. * From jump tables. These are unsafe, but Xen is built with -fno-jump-tables to work around several compiler issues. * From reset_stack_and_jump_ind(), which is particularly unsafe. Because of the additional stack adjustment made, the value picked up off the stack is regs->r15 of the next vCPU to run. In order to mitigate this type confusion, we want to make all indirect targets be CALL targets, and remove the use of indirect JMP except via tailcall optimisation. Luckily due to XSA-348, all C target functions of reset_stack_and_jump_ind() are noreturn. {svm,vmx}_do_resume() exits via reset_stack_and_jump(); a direct JMP with entirely different prediction properties. idle_loop() is an infinite loop which eventually exits via reset_stack_and_jump_ind() from a new schedule. i.e. These paths are all fine having one extra return address on the stack. This leaves continue_pv_domain(), which is expecting to be a JMP target. Alter it to strip the return address off the stack, which is safe because there isn't actually a RET expecting to return to its caller. This allows us change reset_stack_and_jump_ind() to reset_stack_and_call_ind() in order to mitigate the speculative type confusion. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8e186f98ce0e35d1754ec9299da41ec98873b65c) --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/x86_64/entry.S | 8 ++++++++ xen/include/asm-x86/current.h | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 684d105862..59b3e039cb 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2085,12 +2085,12 @@ void context_switch(struct vcpu *prev, struct vcpu *next) /* Ensure that the vcpu has an up-to-date time base. */ update_vcpu_system_time(next); - reset_stack_and_jump_ind(nextd->arch.ctxt_switch->tail); + reset_stack_and_call_ind(nextd->arch.ctxt_switch->tail); } void continue_running(struct vcpu *same) { - reset_stack_and_jump_ind(same->domain->arch.ctxt_switch->tail); + reset_stack_and_call_ind(same->domain->arch.ctxt_switch->tail); } int __sync_local_execstate(void) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 8f07eb0877..e677071610 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -583,6 +583,14 @@ ENTRY(dom_crash_sync_extable) #ifdef CONFIG_PV ENTRY(continue_pv_domain) ENDBR64 + + /* + * For speculative type confusion reasons, we're CALLed rather than + * JMPed to. Drop the return address. + */ + add $8, %rsp + ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK + call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 2641573d52..a0e7dbeaf9 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -197,8 +197,8 @@ unsigned long get_stack_dump_bottom (unsigned long sp); switch_stack_and_jump(fn, "jmp %c", "i") /* The constraint may only specify non-call-clobbered registers. */ -#define reset_stack_and_jump_ind(fn) \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b") +#define reset_stack_and_call_ind(fn) \ + switch_stack_and_jump(fn, "INDIRECT_CALL %", "b") /* * Which VCPU's state is currently running on each CPU? -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:33:49 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:33:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702774.1098290 (Exim 4.92) (envelope-from ) id 1ruFLx-0001i9-2m; Tue, 09 Apr 2024 17:33:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702774.1098290; Tue, 09 Apr 2024 17:33:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLw-0001i2-Vw; Tue, 09 Apr 2024 17:33:48 +0000 Received: by outflank-mailman (input) for mailman id 702774; Tue, 09 Apr 2024 17:33:48 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLw-0001hu-OL for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:48 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFLw-0005xb-Nh for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:48 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFLw-0007tT-N6 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:48 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3vicTAeTWw5FP9G88GcB3UAWkShwbZB/FOMMuFB9Pz4=; b=THcqP2zhn6CDwYZ/eckUu/Gle8 KWsLBZK+egRDNQwX2qHTX15TnCXE+q+TW/Eng/+Yl3iCluqXPVIjlppOr6HdBuz/WgJTDC5BWfYqF En1eLG+WvaFDjV/GweuHHVCf/mc55wATtVjlKbLLScwZNBXMMmXZV+SFYHmru4z0rcII=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86: Drop INDIRECT_JMP Message-Id: Date: Tue, 09 Apr 2024 17:33:48 +0000 commit 012c26451ab679256616e4b289ce2ab911d19c9e Author: Andrew Cooper AuthorDate: Fri Dec 22 18:01:37 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86: Drop INDIRECT_JMP Indirect JMPs which are not tailcalls can lead to an unwelcome form of speculative type confusion, and we've removed the uses of INDIRECT_JMP to compensate. Remove the temptation to reintroduce new instances. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0b66d7ce3c0290eaad28bdafb35200052d012b14) --- xen/include/asm-x86/asm-defns.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/xen/include/asm-x86/asm-defns.h b/xen/include/asm-x86/asm-defns.h index 8bd9007731..7e22fcb9c0 100644 --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -20,10 +20,9 @@ .byte 0x0f, 0x01, 0xdd .endm -.macro INDIRECT_BRANCH insn:req arg:req +.macro INDIRECT_CALL arg:req /* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. + * Create an indirect call. arg is a single register. * * With no compiler support, this degrades into a plain indirect call/jmp. * With compiler support, dispatch to the correct __x86_indirect_thunk_* @@ -33,7 +32,7 @@ $done = 0 .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg + call __x86_indirect_thunk_r\reg $done = 1 .exitm .endif @@ -44,19 +43,10 @@ .endif .else - \insn *\arg + call *\arg .endif .endm -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp \arg -.endm - #ifdef CONFIG_XEN_IBT # define ENDBR64 endbr64 #else -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:34:00 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:34:00 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702775.1098293 (Exim 4.92) (envelope-from ) id 1ruFM8-0001lB-3c; Tue, 09 Apr 2024 17:34:00 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702775.1098293; Tue, 09 Apr 2024 17:34:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFM8-0001l4-1A; Tue, 09 Apr 2024 17:34:00 +0000 Received: by outflank-mailman (input) for mailman id 702775; Tue, 09 Apr 2024 17:33:58 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFM6-0001ku-RJ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:58 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFM6-0005xi-Qf for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:58 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFM6-0007tz-Py for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:33:58 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sxUfq4glmTZHyPD6O9jXfcAhFo04H8DIfIQsl4IG+tI=; b=Bq6QwUuqWJv0X/YKs0GXPIPAB5 qoEWyak6c8qelpV+PYZWB0dW5xsxy8M818he+FJi0Xx6OArg5q1Zxo0ylkyDTqmAHTA4J837CU1cN 96fK0OJaqoMHVyaBIJZqVgXp2zpSBmReyX5oWaLWdwZm6KF61B9rv0qjbp+iKEAITbwc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/tsx: Expose RTM_ALWAYS_ABORT to guests Message-Id: Date: Tue, 09 Apr 2024 17:33:58 +0000 commit 1baac154c4fbf3ed33d9d027cd316c51ebe3adcc Author: Andrew Cooper AuthorDate: Sat Apr 6 20:36:54 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/tsx: Expose RTM_ALWAYS_ABORT to guests A TSX Abort is one option mitigate Native-BHI, but a guest kernel doesn't get to see this if Xen has turned RTM off using MSR_TSX_{CTRL,FORCE_ABORT}. Therefore, the meaning of RTM_ALWAYS_ABORT has been adjusted to "XBEGIN won't fault", and it should be exposed to guests so they can make a better decision. Expose it in the max policy for any RTM-capable system. Offer it by default only if RTM has been disabled. Update test-tsx to account for this new meaning. While adjusting the logic in test_guest_policies(), take the opportunity to use feature names (now they're available) to make the logic easier to follow. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c94e2105924347de0d9f32065370e802a20cc829) --- xen/arch/x86/cpu-policy.c | 20 ++++++++++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index c98b8fc93a..8424b3cff8 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -457,6 +457,21 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) raw_cpu_policy.feat.clwb ) __set_bit(X86_FEATURE_CLWB, fs); } + + /* + * To mitigate Native-BHI, one option is to use a TSX Abort on capable + * systems. This is safe even if RTM has been disabled for other reasons + * via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel doesn't get to + * know this type of information. + * + * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to instead + * mean "XBEGIN won't fault". This is enough for a guest kernel to make + * an informed choice WRT mitigating Native-BHI. + * + * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT. + */ + if ( test_bit(X86_FEATURE_RTM, fs) ) + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -517,9 +532,14 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) * function as expected, but is technically compatible with the ISA. * * Do not advertise RTM to guests by default if it won't actually work. + * Instead, advertise RTM_ALWAYS_ABORT indicating that TSX Aborts are safe + * to use, e.g. for mitigating Native-BHI. */ if ( rtm_disabled ) + { __clear_bit(X86_FEATURE_RTM, fs); + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); + } } static void __init guest_common_feature_adjustments(uint32_t *fs) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 0139c1a81f..662f4e4193 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -274,7 +274,7 @@ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a VP2INTERSECT{D,Q} insns */ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A VERW clears microarchitectural buffers */ -XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! June 2021 TSX defeaturing in microcode. */ +XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! RTM disabled (but XBEGIN wont fault) */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*a SERIALIZE insn */ XEN_CPUFEATURE(HYBRID, 9*32+15) /* Heterogeneous platform */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:34:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:34:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702776.1098297 (Exim 4.92) (envelope-from ) id 1ruFMI-0001py-5M; Tue, 09 Apr 2024 17:34:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702776.1098297; Tue, 09 Apr 2024 17:34:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMI-0001pq-2i; Tue, 09 Apr 2024 17:34:10 +0000 Received: by outflank-mailman (input) for mailman id 702776; Tue, 09 Apr 2024 17:34:08 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMG-0001pc-UU for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:08 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMG-0005y3-Ts for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:08 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFMG-0007vM-TC for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:08 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+0DgGvCIHoEXTdu/KxBvymksPWJD91opLMsQWF48sVU=; b=YK0FZ8S5IStTWPJZjqMmz2SVhu vqaULa6o47NcNmzxMrBgcQIB1ADPE+2no71tp6WqWzmTiu9tldyKIsZSd7tN42GRXEaQp1Tk/FjdL Xecb55kve0aLvsZsG8MoM9LcDjkXTHBNwpJUzOOBa7mYSwCzaHWbhrEIZprj/+2Ya8eE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Message-Id: Date: Tue, 09 Apr 2024 17:34:08 +0000 commit 041f939e13b5c07434b3523323b97ecc2881bcf4 Author: Andrew Cooper AuthorDate: Tue Mar 26 19:01:37 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Introduce a "bhi-dis-s" boolean to match the other options we have for MSR_SPEC_CTRL values. Also introduce bhi_calculations(). Use BHI_DIS_S whenever possible. Guests which are levelled to be migration compatible with older CPUs can't see BHI_DIS_S, and Xen must fill in the difference to make the guest safe. Use the virt MSR_SPEC_CTRL infrastructure to force BHI_DIS_S behind the guest's back. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 62a1106415c5e8a49b45147ca84d54a58d471343) --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/spec_ctrl.c | 24 +++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl.h | 1 + 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 5e63e3d822..b4e96f407c 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2189,7 +2189,8 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). > {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, -> unpriv-mmio,gds-mit,div-scrub,lock-harden}= ]` +> unpriv-mmio,gds-mit,div-scrub,lock-harden, +> bhi-dis-s}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2268,6 +2269,11 @@ option can be used to force or prevent Xen using the feature itself. By default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by default. +On hardware supporting BHI_DIS_S (Branch History Injection Disable +Supervisor), the `bhi-dis-s=` option can be used to force or prevent Xen using +the feature itself. By default Xen will use BHI_DIS_S on hardware susceptible +to Branch History Injection. + On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` option can be used to force (the default) or prevent Xen from issuing branch prediction barriers on vcpu context switches. diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index f15baef8ad..c4d401b56b 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -58,6 +58,7 @@ #include #include #include +#include #include static bool_t __initdata opt_force_ept; @@ -642,6 +643,22 @@ static void vmx_cpuid_policy_changed(struct vcpu *v) vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } + if ( cpu_has_vmx_virt_spec_ctrl ) + { + /* + * If we're on BHI_DIS_S capable hardware, the short loop sequence is + * not sufficient to mitigate Native-BHI. If the VM can't see it + * (i.e. it's levelled with older hardware), force it behind the + * guests back for safey. + * + * Because there's not a real Host/Guest split of the MSR_SPEC_CTRL + * value, this only works as expected when Xen is using BHI_DIS_S too. + */ + bool force_bhi_dis_s = opt_bhi_dis_s && !cp->feat.bhi_ctrl; + + __vmwrite(SPEC_CTRL_MASK, force_bhi_dis_s ? SPEC_CTRL_BHI_DIS_S : 0); + } + /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ if ( cp->feat.ibrsb || cp->extd.ibpb ) vmx_clear_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 381ce21557..02a327bf32 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -58,6 +58,7 @@ static int8_t __initdata opt_ibrs = -1; int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; +int8_t __read_mostly opt_bhi_dis_s = -1; int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; @@ -274,6 +275,8 @@ static int __init parse_spec_ctrl(const char *s) opt_ssbd = val; else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) opt_psfd = val; + else if ( (val = parse_boolean("bhi-dis-s", s, ss)) >= 0 ) + opt_bhi_dis_s = val; /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) @@ -508,7 +511,7 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -525,6 +528,8 @@ static void __init print_details(enum ind_thunk thunk) (!boot_cpu_has(X86_FEATURE_PSFD) && !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", + !boot_cpu_has(X86_FEATURE_BHI_CTRL) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_BHI_DIS_S) ? " BHI_DIS_S+" : " BHI_DIS_S-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -1543,6 +1548,21 @@ static void __init gds_calculations(void) } } +/* + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + */ +static void __init bhi_calculations(void) +{ + if ( opt_bhi_dis_s == -1 ) + opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + + if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) + opt_bhi_dis_s = false; + + if ( opt_bhi_dis_s ) + default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; +} + void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); @@ -2038,6 +2058,8 @@ void __init init_speculation_mitigations(void) gds_calculations(); + bhi_calculations(); + print_details(thunk); /* diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 0e28851507..449419e4f9 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -89,6 +89,7 @@ static always_inline void spec_ctrl_new_guest_context(void) extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; +extern int8_t opt_bhi_dis_s; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; extern bool opt_branch_harden; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:34:20 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:34:20 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702777.1098302 (Exim 4.92) (envelope-from ) id 1ruFMS-0001tD-8K; Tue, 09 Apr 2024 17:34:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702777.1098302; Tue, 09 Apr 2024 17:34:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMS-0001t5-5a; Tue, 09 Apr 2024 17:34:20 +0000 Received: by outflank-mailman (input) for mailman id 702777; Tue, 09 Apr 2024 17:34:19 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMR-0001sz-1Y for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:19 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMR-0005yC-0p for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:19 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFMQ-0007wJ-WF for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:19 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e+NiJTmW5x92ac6TKhKK2BzbFyoQfNW2pO6EeZWUWuM=; b=GE2UbJxw89CQ33Nw56vu0cKsb3 9rdtLZWYhFuDSi9uTNqlmvqUFwxiWsq1ACuy1kx6BuC3YAoh4Kay4HTH7ex0AOJmAeIUjKUiBRxD2 ex6le2gbXglBYgbk1M69Chry5TBcqWV+VvgC1nGIqmAETGN5/bFcs0ylldrg2pTqJpCo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Software BHB-clearing sequences Message-Id: Date: Tue, 09 Apr 2024 17:34:18 +0000 commit 3419b2a8fd0965b87b83aa314555a50059428df6 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Software BHB-clearing sequences Implement clear_bhb_{tsx,loops}() as per the BHI guidance. The loops variant is set up as the "short" sequence. Introduce SCF_entry_bhb and extend SPEC_CTRL_ENTRY_* with a conditional call to selected clearing routine. Note that due to a limitation in the ALTERNATIVE capability, the TEST/JZ can't be included alongside a CALL in a single alternative block. This is going to require further work to untangle. The BHB sequences (if used) must be after the restoration of Xen's MSR_SPEC_CTRL value, which must be accounted for when judging whether it is safe to skip the safety LFENCEs. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 954c983abceee97bf5f6230b9ae164f2c49a9aa9) --- xen/arch/x86/Makefile | 1 + xen/arch/x86/bhb-thunk.S | 98 +++++++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/vmx/entry.S | 12 +++++ xen/arch/x86/spec_ctrl.c | 39 ++++++++------- xen/include/asm-x86/cpufeature.h | 3 ++ xen/include/asm-x86/cpufeatures.h | 3 ++ xen/include/asm-x86/spec_ctrl.h | 3 +- xen/include/asm-x86/spec_ctrl_asm.h | 30 ++++++++++++ 8 files changed, 171 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 9389501645..417accd622 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -12,6 +12,7 @@ alternative-y := alternative.init.o alternative-$(CONFIG_LIVEPATCH) := obj-bin-y += $(alternative-y) obj-y += apic.o +obj-y += bhb-thunk.o obj-y += bitops.o obj-bin-y += bzimage.init.o obj-bin-y += clear_page.o diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S new file mode 100644 index 0000000000..f52cfb9bc2 --- /dev/null +++ b/xen/arch/x86/bhb-thunk.S @@ -0,0 +1,98 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Branch History Injection clearing sequences. + * + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + * + * Copyright (c) 2023, 2024 XenServer. + */ + .file __FILE__ + +#include + + .section .text.entry, "ax", @progbits + +/* + * Clear the Branch History Buffer using a TSX Abort. + * + * Any TSX Abort has a side effect of clearing the BHB, even when TSX is + * disabled for e.g. TAA mitigation reasons. + */ +ENTRY(clear_bhb_tsx) + .byte 0xc7, 0xf8; .long 1f - 0f /* xbegin 1f */ +0: .byte 0xc6, 0xf8, 0 /* xabort $0 */ + int3 +1: + ret + + .size clear_bhb_tsx, . - clear_bhb_tsx + .type clear_bhb_tsx, @function + +/* + * Clear the Branch History Buffer using the software sequence. + * + * Clobbers: %eax, %ecx + * + * This executes a specific number of taken branches, sufficient to displace + * all prior entries in the history tracker, therefore removing prior + * influence on subsequent BTB lookups. + * + * Structurally, it looks like this: + * + * call 1 + * call 2 + * ... 5x jmp loop + * call 2 + * ... 5x jmp loop + * ... 5x call2's deep + * + * ret + * ret + * ret + * ret + * + * The CALL/RETs are necessary to prevent the Loop Stream Detector from + * interfering. The alignment is for performance and not safety. + * + * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire + * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + */ +ENTRY(clear_bhb_loops) + mov $5, %ecx + + call 1f + jmp 5f + int3 + + .align 64 +1: call 2f + ret + int3 + + .align 64 +2: mov $5, %eax + +3: jmp 4f + int3 + +4: sub $1, %eax + jnz 3b + + sub $1, %ecx + jnz 1b + + ret +5: + /* + * The Intel sequence has an LFENCE here. The purpose is to ensure + * that all prior branches have executed, before dispatching a + * subsequent indirect branch. + * + * Xen's SPEC_CTRL_ENTRY_* blocks have safety LFENCEs at the end when + * protections are active, which suffices for this purpose. + */ + + ret + + .size clear_bhb_loops, . - clear_bhb_loops + .type clear_bhb_loops, @function diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 9250eb1839..1092d1918c 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -57,6 +57,18 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, CPUINFO_scf(%rsp) + jz .L_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 02a327bf32..77878d7f56 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2080,38 +2080,43 @@ void __init init_speculation_mitigations(void) /* * SPEC_CTRL_ENTRY_FROM_PV conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we're not using any prior conditional mitigation, - * then it's safe to drop the LFENCE. + * Otherwise, DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we do have it, or we're not using any + * prior conditional block, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); /* * SPEC_CTRL_ENTRY_FROM_INTR conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we have no protections active in the block that - * is skipped when interrupting guest context, then it's safe to drop - * the LFENCE. + * Otherwise DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we have it, or we have no protections + * active in the block that is skipped when interrupting guest + * context, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && - !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); /* * SPEC_CTRL_ENTRY_FROM_VMX conditional safety * - * Currently there are no safety actions with conditional branches, so - * no need for the extra safety LFENCE. + * A BHB sequence, if used, is the only conditional action, so if we + * don't have it, we don't need the safety LFENCE. */ - setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + if ( !cpu_has_bhb_seq ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } /* diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 892af11384..fd43408d35 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -178,6 +178,9 @@ /* Bugs. */ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) +#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ + boot_cpu_has(X86_SPEC_BHB_LOOPS)) + enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 0ca203530d..4df8f19d8a 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -55,5 +55,8 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ #define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ +#define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ +#define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 449419e4f9..7107b25fca 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -36,6 +36,7 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_entry_bhb (1 << 6) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -54,7 +55,7 @@ * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb | SCF_entry_bhb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index c66be1f94b..a5b51579e2 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -285,6 +285,17 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm @@ -323,6 +334,13 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm @@ -423,6 +441,18 @@ .L\@_skip_msr_spec_ctrl: + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + lfence .endm -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:34:30 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:34:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702778.1098306 (Exim 4.92) (envelope-from ) id 1ruFMc-0001vt-9f; Tue, 09 Apr 2024 17:34:30 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702778.1098306; Tue, 09 Apr 2024 17:34:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMc-0001vl-77; Tue, 09 Apr 2024 17:34:30 +0000 Received: by outflank-mailman (input) for mailman id 702778; Tue, 09 Apr 2024 17:34:29 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMb-0001vY-4f for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:29 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMb-0005zr-3o for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:29 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFMb-0007wx-38 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:29 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ujvGmnX+7WZ4C+JzeiQgs+zbLGSWfMzc88tcki5+SwE=; b=02+UHv2HHx6pvqEzCkLDPB62K3 0PcaZ+03FV/nt+sl5/trhc28Gi9po3UscsdfKIXTW/J32hscv7Oi78CFbKhujHoOVRdyypdIiNdJd IjM9SSyYDKeA3rJn+cqWQ2bDTfQX3TEwaIckTxN00SPanbLJlj1IfQetlq0ngKoLdCic=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Wire up the Native-BHI software sequences Message-Id: Date: Tue, 09 Apr 2024 17:34:29 +0000 commit 9efa5f2d3024b8d75030c1a46f29a809b01881c8 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Wire up the Native-BHI software sequences In the absence of BHI_DIS_S, mitigating Native-BHI requires the use of a software sequence. Introduce a new bhb-seq= option to select between avaialble sequences and bhb-entry= to control the per-PV/HVM actions like we have for other blocks. Activate the short sequence by default for PV and HVM guests on affected hardware if BHI_DIS_S isn't present. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 689ad48ce9cf4c38297cd126e7e003a1c13a3b9d) --- docs/misc/xen-command-line.pandoc | 25 +++++-- xen/arch/x86/spec_ctrl.c | 144 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 157 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index b4e96f407c..9cbbffc818 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2186,8 +2186,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, > bhi-dis-s}= ]` @@ -2212,10 +2213,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=` and `ibpb-entry=` options -offer fine grained control over the primitives by Xen. These impact Xen's -ability to protect itself, and/or Xen's ability to virtualise support for -guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=`, `ibpb-entry=` and `bhb-entry=` +options offer fine grained control over the primitives by Xen. These impact +Xen's ability to protect itself, and/or Xen's ability to virtualise support +for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2241,6 +2242,12 @@ guests to use. Return Stack Overflow if appropriate microcode has been loaded, but for performance reasons dom0 is unprotected by default. If it is necessary to protect dom0 too, boot with `spec-ctrl=ibpb-entry`. +* `bhb-entry=` offers control over whether BHB-clearing (Branch History + Buffer) sequences are used on entry to Xen. This is used by default on + hardware vulnerable to Branch History Injection, when the BHI_DIS_S control + is not available (see `bhi-dis-s`). The choice of scrubbing sequence can be + selected using the `bhb-seq=` option. If it is necessary to protect dom0 + too, boot with `spec-ctrl=bhb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` @@ -2248,6 +2255,12 @@ locations. The default thunk is `retpoline` (generally preferred), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and `lfence` (an `lfence; jmp *%reg` gadget). +On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing +sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` +options in order to mitigate Branch History Injection on affected hardware. +The default sequence is `short`, with `tsx` as an alternative available +capable hardware that can be opted in to. + On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. If Xen is not using IBRS itself, functionality is still set up so IBRS can be diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 77878d7f56..555d86882e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -44,6 +44,16 @@ static int8_t __read_mostly opt_ibpb_entry_pv = -1; static int8_t __read_mostly opt_ibpb_entry_hvm = -1; static bool __read_mostly opt_ibpb_entry_dom0; +static int8_t __read_mostly opt_bhb_entry_pv = -1; +static int8_t __read_mostly opt_bhb_entry_hvm = -1; +static bool __read_mostly opt_bhb_entry_dom0; +static enum bhb_thunk { + BHB_DEFAULT, + BHB_NONE, + BHB_TSX, + BHB_SHORT, +} opt_bhb_seq __initdata; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -126,8 +136,12 @@ static int __init parse_spec_ctrl(const char *s) opt_ibpb_entry_pv = 0; opt_ibpb_entry_hvm = 0; opt_ibpb_entry_dom0 = false; + opt_bhb_entry_pv = 0; + opt_bhb_entry_hvm = 0; + opt_bhb_entry_dom0 = false; opt_thunk = THUNK_JMP; + opt_bhb_seq = BHB_NONE; opt_ibrs = 0; opt_ibpb_ctxt_switch = false; opt_ssbd = false; @@ -156,6 +170,7 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_pv = val; opt_verw_pv = val; opt_ibpb_entry_pv = val; + opt_bhb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { @@ -163,6 +178,7 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_verw_hvm = val; opt_ibpb_entry_hvm = val; + opt_bhb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -250,6 +266,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("bhb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_bhb_entry_pv = opt_bhb_entry_hvm = + opt_bhb_entry_dom0 = val; + break; + + case -2: + s += strlen("bhb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_bhb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_bhb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -265,6 +303,19 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + else if ( !strncmp(s, "bhb-seq=", 8) ) + { + s += strlen("bhb-seq="); + + if ( !cmdline_strcmp(s, "none") ) + opt_bhb_seq = BHB_NONE; + else if ( !cmdline_strcmp(s, "tsx") ) + opt_bhb_seq = BHB_TSX; + else if ( !cmdline_strcmp(s, "short") ) + opt_bhb_seq = BHB_SHORT; + else + rc = -EINVAL; + } /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) @@ -511,11 +562,15 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", + opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", + opt_bhb_seq == BHB_NONE ? "" : + opt_bhb_seq == BHB_TSX ? "TSX, " : + opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -554,29 +609,33 @@ static void __init print_details(enum ind_thunk thunk) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -1551,16 +1610,85 @@ static void __init gds_calculations(void) /* * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html */ +static bool __init cpu_has_bug_bhi(void) +{ + /* BHI is only known to affect Intel Family 6 processors at this time. */ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return false; + + if ( boot_cpu_has(X86_FEATURE_BHI_NO) ) + return false; + + if ( cpu_has_hypervisor ) + return true; /* TODO: how to figure out out if we're really eIBRS levelled out? */ + + return cpu_has_eibrs; +} + static void __init bhi_calculations(void) { + bool has_bhi = cpu_has_bug_bhi(); + + /* + * To mitigate BHI, we want to use BHI_DIS_S wherever possible, or the + * short sequence otherwise. Other forms are available on request. + * + * We are repsonsbile for performing default-conversion on opt_bhi_dis_s + * and opt_bhb_seq, irrespective of succeptibility to BHI. + */ + if ( opt_bhi_dis_s == -1 ) - opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + opt_bhi_dis_s = has_bhi; if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) opt_bhi_dis_s = false; if ( opt_bhi_dis_s ) default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; + + if ( opt_bhb_seq == BHB_DEFAULT ) + { + /* + * If we're using BHI_DIS_S, or we're not succeptable, don't activate + * the thunks. + */ + if ( !has_bhi || opt_bhi_dis_s ) + opt_bhb_seq = BHB_NONE; + else + opt_bhb_seq = BHB_SHORT; + } + + /* + * We can use the TSX even if it's disabled for e.g. TAA reasons. + * However, fall back to the loop sequence if there is no trace of RTM at + * all, as XBEGIN will #UD. + */ + if ( opt_bhb_seq == BHB_TSX && !cpu_has_rtm && !cpu_has_rtm_always_abort && + !cpu_has_tsx_force_abort ) + opt_bhb_seq = BHB_SHORT; + + /* + * Only activate SCF_entry_bhb by for guests if a sequence is in place. + */ + if ( opt_bhb_entry_pv == -1 ) + opt_bhb_entry_pv = has_bhi && opt_bhb_seq != BHB_NONE; + if ( opt_bhb_entry_hvm == -1 ) + opt_bhb_entry_hvm = has_bhi && opt_bhb_seq != BHB_NONE; + + switch ( opt_bhb_seq ) + { + case BHB_SHORT: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); + break; + + case BHB_TSX: + setup_force_cpu_cap(X86_SPEC_BHB_TSX); + break; + + default: + break; + } } void spec_ctrl_init_domain(struct domain *d) @@ -1573,9 +1701,13 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); + bool bhb = ((pv ? opt_bhb_entry_pv : opt_bhb_entry_hvm) && + (d->domain_id != 0 || opt_bhb_entry_dom0)); + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | + (bhb ? SCF_entry_bhb : 0) | 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:34:40 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:34:40 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702779.1098311 (Exim 4.92) (envelope-from ) id 1ruFMm-00020b-E9; Tue, 09 Apr 2024 17:34:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702779.1098311; Tue, 09 Apr 2024 17:34:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMm-00020R-A4; Tue, 09 Apr 2024 17:34:40 +0000 Received: by outflank-mailman (input) for mailman id 702779; Tue, 09 Apr 2024 17:34:39 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMl-00020G-7Y for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:39 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMl-0005zz-6o for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:39 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFMl-0007xg-69 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:39 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O5abm6ZFWhvXpA/PLUim27O9wH+lv7LGNDIRL2IVtdI=; b=HHtWK+hJWZ9S5rOsbpHkIAstYC SfCu11toFfHzZH9PP/kNZWOYJb3CK5pjvK2dZizKvMVqVKLQ7i7VansjgG4sARawk0DMCicDS33EC nxmIC3yp3wDyfwBe5iLHFYCI0XzlNGu8brxQtpUGSkzI43bBK8CcrIgpiHwBOYGpJ9ks=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec-ctrl: Support the "long" BHB loop sequence Message-Id: Date: Tue, 09 Apr 2024 17:34:39 +0000 commit adc7d540ae9d5e074ac56141a6d6e5462f47e70b Author: Andrew Cooper AuthorDate: Fri Mar 22 19:29:34 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Support the "long" BHB loop sequence Out of an abudnance of caution, implement the long loop too, and allowing for it to be opted in to. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit d5887c0decbd90e798b24ed696628645b04632fb) --- docs/misc/xen-command-line.pandoc | 4 ++-- xen/arch/x86/bhb-thunk.S | 8 ++++++-- xen/arch/x86/spec_ctrl.c | 10 +++++++++- xen/include/asm-x86/cpufeatures.h | 1 + 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 9cbbffc818..2dad1edd59 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2187,7 +2187,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, > {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx|long, > {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, @@ -2259,7 +2259,7 @@ On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` options in order to mitigate Branch History Injection on affected hardware. The default sequence is `short`, with `tsx` as an alternative available -capable hardware that can be opted in to. +capable hardware, and `long` that can be opted in to. On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S index f52cfb9bc2..7e866784f7 100644 --- a/xen/arch/x86/bhb-thunk.S +++ b/xen/arch/x86/bhb-thunk.S @@ -56,9 +56,13 @@ ENTRY(clear_bhb_tsx) * * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + * + * The "long" sequence (12 and 7) is for Alder Lake / Sapphire Rapids + * (i.e. Golden Cove and/or Gracemont cores). However, such CPUs are expected + * to use BHI_DIS_S in preference. */ ENTRY(clear_bhb_loops) - mov $5, %ecx + ALTERNATIVE "mov $5, %ecx", "mov $12, %ecx", X86_SPEC_BHB_LOOPS_LONG call 1f jmp 5f @@ -70,7 +74,7 @@ ENTRY(clear_bhb_loops) int3 .align 64 -2: mov $5, %eax +2: ALTERNATIVE "mov $5, %eax", "mov $7, %eax", X86_SPEC_BHB_LOOPS_LONG 3: jmp 4f int3 diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 555d86882e..6ce2815746 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -52,6 +52,7 @@ static enum bhb_thunk { BHB_NONE, BHB_TSX, BHB_SHORT, + BHB_LONG, } opt_bhb_seq __initdata; /* Cmdline controls for Xen's speculative settings. */ @@ -313,6 +314,8 @@ static int __init parse_spec_ctrl(const char *s) opt_bhb_seq = BHB_TSX; else if ( !cmdline_strcmp(s, "short") ) opt_bhb_seq = BHB_SHORT; + else if ( !cmdline_strcmp(s, "long") ) + opt_bhb_seq = BHB_LONG; else rc = -EINVAL; } @@ -570,7 +573,8 @@ static void __init print_details(enum ind_thunk thunk) opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", opt_bhb_seq == BHB_NONE ? "" : opt_bhb_seq == BHB_TSX ? "TSX, " : - opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", + opt_bhb_seq == BHB_SHORT ? "SHORT, " : + opt_bhb_seq == BHB_LONG ? "LONG, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -1678,6 +1682,10 @@ static void __init bhi_calculations(void) switch ( opt_bhb_seq ) { + case BHB_LONG: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS_LONG); + fallthrough; + case BHB_SHORT: setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); break; diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 4df8f19d8a..6a9df4ae0c 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -57,6 +57,7 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ #define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ +#define X86_SPEC_BHB_LOOPS_LONG X86_BUG(21) /* Upgrade clear_bhb_loops to the "long" sequence. */ /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 17:34:50 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 17:34:50 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702780.1098314 (Exim 4.92) (envelope-from ) id 1ruFMw-00023d-EI; Tue, 09 Apr 2024 17:34:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702780.1098314; Tue, 09 Apr 2024 17:34:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMw-00023V-Bg; Tue, 09 Apr 2024 17:34:50 +0000 Received: by outflank-mailman (input) for mailman id 702780; Tue, 09 Apr 2024 17:34:49 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMv-00023C-AJ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:49 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruFMv-00060Q-9Z for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:49 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruFMv-0007ys-8s for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 17:34:49 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VoUkp/D87cDfQugxWMZp1POKUigbAEwdWhX9AZEADxI=; b=4dMWyuuDKFm6lctkcZ2yoB179T ck0RrVIA+ufytEojzHDPEP48RqUkHsSraN1EBd7oOC0lHSKyQEyZQCgKrYKac3BKjmtcS59vxLzhm m0o+l2BBQT0plOwFsjhgyGNBDqOn2qJIfnV+Okg86tW6MO6gsiFQyEoQKUr9+0WfTxCQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] Update Xen version to 4.15.6 Message-Id: Date: Tue, 09 Apr 2024 17:34:49 +0000 commit 4e55b32a8d66388bddb21e327f134f14b1a9b004 Author: Andrew Cooper AuthorDate: Wed Mar 27 18:23:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 Update Xen version to 4.15.6 Signed-off-by: Andrew Cooper --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index 3df09c361c..2cd249c308 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 15 -export XEN_EXTRAVERSION ?= .5$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .6$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 21:33:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 21:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702833.1098417 (Exim 4.92) (envelope-from ) id 1ruJ5U-000547-T9; Tue, 09 Apr 2024 21:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702833.1098417; Tue, 09 Apr 2024 21:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5U-000540-QU; Tue, 09 Apr 2024 21:33:04 +0000 Received: by outflank-mailman (input) for mailman id 702833; Tue, 09 Apr 2024 21:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5U-00053u-3F for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5U-0001dX-1K for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruJ5T-0005Zv-Vp for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3XESa0BUi+0+ORBqltMdtnnXigLNyW/g4iucvWFhqgE=; b=2KlM0xYD2hROvPrATjHmLiwhn0 KdElUPHveaWxsCxLz1nFd5Dv0uu8SLH6TY4/pvIk97PcwOWKVE9YfJWdkuINrCLfdipZOHDvxcRga Rtf4EQcq39rxGU2Ca/zsNZWa+b7ejCWfMO9x4kgHEtbH/7D2ybkR4M9ZPJs5dJyn/Jd8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/entry: Fix build with older toolchains Message-Id: Date: Tue, 09 Apr 2024 21:33:03 +0000 commit a9fa82500818a8d8ce5f2843f1577bd2c29d088e Author: Andrew Cooper AuthorDate: Tue Apr 9 21:39:51 2024 +0100 Commit: Stefano Stabellini CommitDate: Tue Apr 9 14:25:01 2024 -0700 x86/entry: Fix build with older toolchains Binutils older than 2.29 doesn't know INCSSPD. Fixes: 8e186f98ce0e ("x86: Use indirect calls in reset-stack infrastructure") Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini --- xen/arch/x86/x86_64/entry.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 461bbc3558..a4615e1ccb 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -650,7 +650,9 @@ FUNC(continue_pv_domain) * JMPed to. Drop the return address. */ add $8, %rsp +#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK +#endif call check_wakeup_from_wait ret_from_intr: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 21:33:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 21:33:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702834.1098422 (Exim 4.92) (envelope-from ) id 1ruJ5e-00057T-Ug; Tue, 09 Apr 2024 21:33:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702834.1098422; Tue, 09 Apr 2024 21:33:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5e-00057L-S8; Tue, 09 Apr 2024 21:33:14 +0000 Received: by outflank-mailman (input) for mailman id 702834; Tue, 09 Apr 2024 21:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5e-00057F-6s for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5e-0001df-5z for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruJ5e-0005aW-3Q for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xL04ZJq7HBJptErERqIfN6KoQJ2AzO/SjdOf1n6exFo=; b=NBhQypHDZzJmcmxOrJ8Or5Hhqt InaWEARC5DP4T4+hrv3tpXG4orKDyNq9zAjyia3cKra+yeZE/D/w5p2mMdN0WSSdTt8/QojJxRAnX 2d9m0T+r7pmyd0R2AzjuC4pP0Qzrw1LJ93EGcTJdH34VUgsEYmwgD19IUX6jwK43CBhY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Add imx8q{m,x} platform glue Message-Id: Date: Tue, 09 Apr 2024 21:33:14 +0000 commit 71d4356544ee49eeb6b58383f15eef330c7e8452 Author: John Ernberg AuthorDate: Mon Apr 8 16:11:35 2024 +0000 Commit: Stefano Stabellini CommitDate: Tue Apr 9 14:27:35 2024 -0700 xen/arm: Add imx8q{m,x} platform glue When using Linux for dom0 there are a bunch of drivers that need to do SMC SIP calls into the firmware to enable certain hardware bits like the watchdog. Provide a basic platform glue that implements the needed SMC forwarding. The format of these calls are as follows: - reg 0: function ID - reg 1: subfunction ID (when there's a subfunction) remaining regs: args For now we only allow Dom0 to make these calls as they are all managing hardware. There is no specification for these SIP calls, the IDs and names have been extracted from the upstream linux kernel and the vendor kernel. We can reject CPUFREQ because Dom0 cannot make an informed decision regarding CPU frequency scaling, WAKEUP_SRC is to wake up from suspend, which Xen doesn't support at this time. This leaves the TIME SIP, OTP SIPs which for now are allowed to Dom0. NOTE: This code is based on code found in NXP Xen tree located here: https://github.com/nxp-imx/imx-xen/blob/lf-5.10.y_4.13/xen/arch/arm/platforms/imx8qm.c Signed-off-by: Peng Fan [jernberg: Add SIP call filtering] Signed-off-by: John Ernberg Reviewed-by: Peng Fan Reviewed-by: Michal Orzel [stefano: commit message improvement] Signed-off-by: Stefano Stabellini --- xen/arch/arm/platforms/Makefile | 1 + xen/arch/arm/platforms/imx8qm.c | 139 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 140 insertions(+) diff --git a/xen/arch/arm/platforms/Makefile b/xen/arch/arm/platforms/Makefile index 8632f4115f..bec6e55d1f 100644 --- a/xen/arch/arm/platforms/Makefile +++ b/xen/arch/arm/platforms/Makefile @@ -9,5 +9,6 @@ obj-$(CONFIG_ALL_PLAT) += sunxi.o obj-$(CONFIG_ALL64_PLAT) += thunderx.o obj-$(CONFIG_ALL64_PLAT) += xgene-storm.o obj-$(CONFIG_ALL64_PLAT) += brcm-raspberry-pi.o +obj-$(CONFIG_ALL64_PLAT) += imx8qm.o obj-$(CONFIG_MPSOC_PLATFORM) += xilinx-zynqmp.o obj-$(CONFIG_MPSOC_PLATFORM) += xilinx-zynqmp-eemi.o diff --git a/xen/arch/arm/platforms/imx8qm.c b/xen/arch/arm/platforms/imx8qm.c new file mode 100644 index 0000000000..3600a073e8 --- /dev/null +++ b/xen/arch/arm/platforms/imx8qm.c @@ -0,0 +1,139 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * xen/arch/arm/platforms/imx8qm.c + * + * i.MX 8QM setup + * + * Copyright (c) 2016 Freescale Inc. + * Copyright 2018-2019 NXP + * + * + * Peng Fan + */ + +#include +#include +#include + +static const char * const imx8qm_dt_compat[] __initconst = +{ + "fsl,imx8qm", + "fsl,imx8qxp", + NULL +}; + +#define IMX_SIP_FID(fid) \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_64, \ + ARM_SMCCC_OWNER_SIP, \ + (fid)) + +#define IMX_SIP_F_CPUFREQ 0x1 +#define IMX_SIP_F_TIME 0x2 +#define IMX_SIP_F_WAKEUP_SRC 0x9 +#define IMX_SIP_F_OTP_WRITE 0xB + +#define IMX_SIP_TIME_SF_RTC_SET_TIME 0x00 +#define IMX_SIP_TIME_SF_WDOG_START 0x01 +#define IMX_SIP_TIME_SF_WDOG_STOP 0x02 +#define IMX_SIP_TIME_SF_WDOG_SET_ACT 0x03 +#define IMX_SIP_TIME_SF_WDOG_PING 0x04 +#define IMX_SIP_TIME_SF_WDOG_SET_TIMEOUT 0x05 +#define IMX_SIP_TIME_SF_WDOG_GET_STAT 0x06 +#define IMX_SIP_TIME_SF_WDOG_SET_PRETIME 0x07 + +static bool imx8qm_is_sip_time_call_ok(uint32_t subfunction_id) +{ + switch ( subfunction_id ) + { + case IMX_SIP_TIME_SF_RTC_SET_TIME: + return true; + case IMX_SIP_TIME_SF_WDOG_START: + case IMX_SIP_TIME_SF_WDOG_STOP: + case IMX_SIP_TIME_SF_WDOG_SET_ACT: + case IMX_SIP_TIME_SF_WDOG_PING: + case IMX_SIP_TIME_SF_WDOG_SET_TIMEOUT: + case IMX_SIP_TIME_SF_WDOG_GET_STAT: + case IMX_SIP_TIME_SF_WDOG_SET_PRETIME: + return true; + default: + gprintk(XENLOG_WARNING, "imx8qm: smc: time: Unknown subfunction id %x\n", + subfunction_id); + return false; + } +} + +static bool imx8qm_smc(struct cpu_user_regs *regs) +{ + uint32_t function_id = get_user_reg(regs, 0); + uint32_t subfunction_id = get_user_reg(regs, 1); + struct arm_smccc_res res; + + if ( !cpus_have_const_cap(ARM_SMCCC_1_1) ) + { + printk_once(XENLOG_WARNING + "imx8qm: smc: no SMCCC 1.1 support. Disabling firmware calls\n"); + + return false; + } + + /* Only hardware domain may use the SIP calls */ + if ( !is_hardware_domain(current->domain) ) + { + gprintk(XENLOG_WARNING, "imx8qm: smc: No access\n"); + return false; + } + + switch ( function_id ) + { + case IMX_SIP_FID(IMX_SIP_F_CPUFREQ): + /* Hardware domain can't take any informed decision here */ + return false; + case IMX_SIP_FID(IMX_SIP_F_TIME): + if ( imx8qm_is_sip_time_call_ok(subfunction_id) ) + goto allow_call; + return false; + /* Xen doesn't have suspend support */ + case IMX_SIP_FID(IMX_SIP_F_WAKEUP_SRC): + return false; + case IMX_SIP_FID(IMX_SIP_F_OTP_WRITE): + /* subfunction_id is the fuse number, no sensible check possible */ + goto allow_call; + default: + gprintk(XENLOG_WARNING, "imx8qm: smc: Unknown function id %x\n", + function_id); + return false; + } + + allow_call: + arm_smccc_1_1_smc(function_id, + subfunction_id, + get_user_reg(regs, 2), + get_user_reg(regs, 3), + get_user_reg(regs, 4), + get_user_reg(regs, 5), + get_user_reg(regs, 6), + get_user_reg(regs, 7), + &res); + + set_user_reg(regs, 0, res.a0); + set_user_reg(regs, 1, res.a1); + set_user_reg(regs, 2, res.a2); + set_user_reg(regs, 3, res.a3); + + return true; +} + +PLATFORM_START(imx8qm, "i.MX 8Q{M,XP}") + .compatible = imx8qm_dt_compat, + .smc = imx8qm_smc, +PLATFORM_END + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 21:33:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 21:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702835.1098425 (Exim 4.92) (envelope-from ) id 1ruJ5o-00059r-W9; Tue, 09 Apr 2024 21:33:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702835.1098425; Tue, 09 Apr 2024 21:33:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5o-00059k-Te; Tue, 09 Apr 2024 21:33:24 +0000 Received: by outflank-mailman (input) for mailman id 702835; Tue, 09 Apr 2024 21:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5o-00059b-A5 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5o-0001dm-8n for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruJ5o-0005b4-83 for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZrQNVel9bswF+x17wMPCcKiwjtD9oEsoTp6Ue+pZuCo=; b=BHhmxCpJ50D62JBUU+dmiPAsy7 XOg2+3juJ+zK6fow4FFxu0mk4/MMrzJjP8jUHx+X5GgyDduTkmoHjbxMpqt5tOnNcg8BA9dBvV4ej DeF2dDbF7KaTU1Zt7eshdQKTf1b6FAFAjFozYASR3Iv4n4Sd0QrjHYbKsYA763F9CdA4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/drivers: imx-lpuart: Replace iMX8QM compatible with iMX8QXP Message-Id: Date: Tue, 09 Apr 2024 21:33:24 +0000 commit 2f85a6d9f5bda5368ea75d81bef63b06598093a9 Author: John Ernberg AuthorDate: Mon Apr 8 16:11:35 2024 +0000 Commit: Stefano Stabellini CommitDate: Tue Apr 9 14:27:52 2024 -0700 xen/drivers: imx-lpuart: Replace iMX8QM compatible with iMX8QXP Allow the uart to probe also with iMX8QXP. The ip-block is the same as in the QM. Since the fsl,imx8qm-lpuart compatible in Linux exists in name only and is not used in the driver any iMX8QM device tree that can boot Linux must set fsl,imx8qxp-lpuart compatible as well as the QM one. Thus we replace the compatible rather than adding just another one. Signed-off-by: John Ernberg Acked-by: Julien Grall Reviewed-by: Peng Fan --- xen/drivers/char/imx-lpuart.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/char/imx-lpuart.c b/xen/drivers/char/imx-lpuart.c index 7770d158bf..cf034d7ed0 100644 --- a/xen/drivers/char/imx-lpuart.c +++ b/xen/drivers/char/imx-lpuart.c @@ -236,7 +236,7 @@ static int __init imx_lpuart_init(struct dt_device_node *dev, static const struct dt_device_match imx_lpuart_dt_compat[] __initconst = { - DT_MATCH_COMPATIBLE("fsl,imx8qm-lpuart"), + DT_MATCH_COMPATIBLE("fsl,imx8qxp-lpuart"), { /* sentinel */ }, }; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 21:33:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 21:33:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702836.1098429 (Exim 4.92) (envelope-from ) id 1ruJ60-0005DA-1N; Tue, 09 Apr 2024 21:33:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702836.1098429; Tue, 09 Apr 2024 21:33:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5z-0005D3-VC; Tue, 09 Apr 2024 21:33:35 +0000 Received: by outflank-mailman (input) for mailman id 702836; Tue, 09 Apr 2024 21:33:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5y-0005Ch-DK for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ5y-0001dx-CU for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruJ5y-0005bh-Aq for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=J8cSzK0UBwUQdTJ9WUMArL2ZL3Hw9XbJ/ujPG9njDb8=; b=YmiBof1TIvtn6uVXR4prYb1joj wgvXftoU2/CYWt3NeMeBD1toLXqppkBXjhV2x7TRqcHC+m9SnPY+zyQIbAGLhDq1vvTlCkBLXDa6V VxKD+yNhgaax9eOUaf9uFpDRHflb14Cto64UV/+ry/jZabmxGocNdFc8VIytwWvND1CE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MAINTAINERS: Become a reviewer of iMX8Q{M,XP} related patches Message-Id: Date: Tue, 09 Apr 2024 21:33:34 +0000 commit dfc9455b807797d3253a02b425469b5ac583a486 Author: John Ernberg AuthorDate: Mon Apr 8 16:11:35 2024 +0000 Commit: Stefano Stabellini CommitDate: Tue Apr 9 14:28:07 2024 -0700 MAINTAINERS: Become a reviewer of iMX8Q{M,XP} related patches I have experience with the IMX8QXP, and the supported parts of the IMX8QM are identical. Help review patches touching these areas. Signed-off-by: John Ernberg Acked-by: Stefano Stabellini Acked-by: Peng Fan --- MAINTAINERS | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 1bd22fd75f..09982241b3 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -337,6 +337,11 @@ F: tools/misc/xenhypfs.c F: xen/common/hypfs.c F: xen/include/xen/hypfs.h +IMX8QM/QXP SUPPORT +R: John Ernberg +F: xen/arch/arm/platforms/imx8qm.c +F: xen/drivers/char/imx-lpuart.c + INTEL(R) TRUSTED EXECUTION TECHNOLOGY (TXT) R: Lukasz Hawrylko R: Daniel P. Smith -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 09 21:33:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 09 Apr 2024 21:33:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702837.1098434 (Exim 4.92) (envelope-from ) id 1ruJ6A-0005Fs-3J; Tue, 09 Apr 2024 21:33:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702837.1098434; Tue, 09 Apr 2024 21:33:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ6A-0005Fk-0P; Tue, 09 Apr 2024 21:33:46 +0000 Received: by outflank-mailman (input) for mailman id 702837; Tue, 09 Apr 2024 21:33:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ68-0005FX-Ga for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruJ68-0001eO-FQ for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruJ68-0005cE-ET for xen-changelog@lists.xenproject.org; Tue, 09 Apr 2024 21:33:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=es1wNb5TO7oMafGG2BBKVjbU7XQ5V0mUEixieZ6hnJI=; b=41fFN9mqxAhzT5i/Y0Hfa6b40b xta+JNH3J9d7UVfKmYusL/tRHm366QuP72NmGcjUOBIWKj2SUBwTtUkCwQI1I1L/bquPnfFpDd+R1 /+1TJRRzV6GKvnjjKTkWfrPRQN1Lya4ZANYkpN6S9UDs+1vM50Ek3opP17+YbUjEANV8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs/misra: document the expected sizes of integer types Message-Id: Date: Tue, 09 Apr 2024 21:33:44 +0000 commit f48299cad5c3c69fdc2c101517a6dab9c9827ea5 Author: Stefano Stabellini AuthorDate: Fri Apr 5 11:44:46 2024 -0700 Commit: Stefano Stabellini CommitDate: Tue Apr 9 14:28:59 2024 -0700 docs/misra: document the expected sizes of integer types Xen makes assumptions about the size of integer types on the various architectures. Document these assumptions. Signed-off-by: Stefano Stabellini Acked-by: Bertrand Marquis --- docs/misra/C-language-toolchain.rst | 73 +++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/docs/misra/C-language-toolchain.rst b/docs/misra/C-language-toolchain.rst index b7c2000992..5ddfe7bdbe 100644 --- a/docs/misra/C-language-toolchain.rst +++ b/docs/misra/C-language-toolchain.rst @@ -480,4 +480,77 @@ The table columns are as follows: - See Section "4.13 Preprocessing Directives" of GCC_MANUAL and Section "11.1 Implementation-defined behavior" of CPP_MANUAL. +Sizes of Integer types +______________________ + +Xen expects System V ABI on x86_64: + https://gitlab.com/x86-psABIs/x86-64-ABI + +Xen expects AAPCS32 on ARMv8-A AArch32 and ARMv7-A: + https://github.com/ARM-software/abi-aa/blob/main/aapcs32/aapcs32.rst + +Xen expects AAPCS64 LP64 on ARMv8-A AArch64: + https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst + +A summary table of data types, sizes and alignment is below: + +.. list-table:: + :widths: 10 10 10 45 + :header-rows: 1 + + * - Type + - Size + - Alignment + - Architectures + + * - char + - 8 bits + - 8 bits + - x86_32, ARMv8-A AArch32, ARMv8-R AArch32, ARMv7-A, x86_64, + ARMv8-A AArch64, RV64, PPC64 + + * - short + - 16 bits + - 16 bits + - x86_32, ARMv8-A AArch32, ARMv8-R AArch32, ARMv7-A, x86_64, + ARMv8-A AArch64, RV64, PPC64 + + * - int + - 32 bits + - 32 bits + - x86_32, ARMv8-A AArch32, ARMv8-R AArch32, ARMv7-A, x86_64, + ARMv8-A AArch64, RV64, PPC64 + + * - long + - 32 bits + - 32 bits + - x86_32, ARMv8-A AArch32, ARMv8-R AArch32, ARMv7-A + + * - long + - 64 bits + - 64 bits + - x86_64, ARMv8-A AArch64, RV64, PPC64 + + * - long long + - 64-bit + - 32-bit + - x86_32 + + * - long long + - 64-bit + - 64-bit + - x86_64, ARMv8-A AArch64, RV64, PPC64, ARMv8-A AArch32, ARMv8-R + AArch32, ARMv7-A + + * - pointer + - 32-bit + - 32-bit + - x86_32, ARMv8-A AArch32, ARMv8-R AArch32, ARMv7-A + + * - pointer + - 64-bit + - 64-bit + - x86_64, ARMv8-A AArch64, RV64, PPC64 + + END OF DOCUMENT. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 04:22:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 04:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702904.1098558 (Exim 4.92) (envelope-from ) id 1ruPTH-0000wG-9W; Wed, 10 Apr 2024 04:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702904.1098558; Wed, 10 Apr 2024 04:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruPTH-0000w9-6s; Wed, 10 Apr 2024 04:22:03 +0000 Received: by outflank-mailman (input) for mailman id 702904; Wed, 10 Apr 2024 04:22:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruPTF-0000vt-HN for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 04:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruPTF-000851-Fc for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 04:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruPTF-0008Ay-Dl for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 04:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Dlv59PHDcR1e1V7AG4ob1oVVokxERXgMTezkeEf1JTU=; b=zL81FB0kourXPoFoazBKkagvZq fNwArtfZKP3Mfdw7cX63l6M6zNwXff5MzBEW2WRIcsXYpwC7vbqnRiPCeDk9Ok6FgMHkoex4REKsY wRZ8tEljRa3kwwZbdN39EJ8+lynQ6wsf9rbH2aUTzyB8yogLVPXPmCSrsQWk/wFXr77A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] drivers: char: Enable OMAP UART driver for TI K3 devices Message-Id: Date: Wed, 10 Apr 2024 04:22:01 +0000 commit 672b26b66ebb5ff3d28c573a6545a08020b27495 Author: Vaishnav Achath AuthorDate: Mon Apr 8 20:33:17 2024 +0530 Commit: Stefano Stabellini CommitDate: Mon Apr 8 17:18:26 2024 -0700 drivers: char: Enable OMAP UART driver for TI K3 devices TI K3 devices (J721E, J721S2, AM62X .etc) have the same variant of UART as OMAP4. Add the compatible used in Linux device tree, "ti,am654-uart" to the OMAP UART dt_match so that the driver can be used with these devices. Also, enable the driver for ARM64 platforms. Signed-off-by: Vaishnav Achath Reviewed-by: Michal Orzel --- xen/drivers/char/Kconfig | 2 +- xen/drivers/char/omap-uart.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/drivers/char/Kconfig b/xen/drivers/char/Kconfig index e18ec3788c..3f836ab301 100644 --- a/xen/drivers/char/Kconfig +++ b/xen/drivers/char/Kconfig @@ -55,7 +55,7 @@ config HAS_EXYNOS4210 config HAS_OMAP bool "Texas Instruments OMAP UART driver" default y - depends on ARM_32 + depends on ARM help This selects the Texas Instruments OMAP UART. If you have a Texas Instruments based CPU, say Y. diff --git a/xen/drivers/char/omap-uart.c b/xen/drivers/char/omap-uart.c index f4368c158c..03b5b66e7a 100644 --- a/xen/drivers/char/omap-uart.c +++ b/xen/drivers/char/omap-uart.c @@ -372,6 +372,7 @@ static int __init omap_uart_init(struct dt_device_node *dev, static const struct dt_device_match omap_uart_dt_match[] __initconst = { DT_MATCH_COMPATIBLE("ti,omap4-uart"), + DT_MATCH_COMPATIBLE("ti,am654-uart"), { /* sentinel */ }, }; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 05:55:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 05:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702915.1098572 (Exim 4.92) (envelope-from ) id 1ruQvH-0005HR-MO; Wed, 10 Apr 2024 05:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702915.1098572; Wed, 10 Apr 2024 05:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruQvH-0005HK-Jo; Wed, 10 Apr 2024 05:55:03 +0000 Received: by outflank-mailman (input) for mailman id 702915; Wed, 10 Apr 2024 05:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruQvG-0005HE-99 for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 05:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruQvF-0001lU-Vi for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 05:55:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruQvF-0004yi-Tl for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 05:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MaumUwnRrSI7D+vdrvQWSFspxYqyevt+NcEGao6kJP8=; b=thjn2CzDh7UnkSy29H2JZHFGD3 akfx4IdJpAQVBi0H7mbFHpLDfcn2PvSiLWk/fsQeOzkgiE5OVL4wPrqR+iAsyPil33vxTI2csSRKz UO5VSPUZBdS/zWiF7X3jtLgwDXKELkXwBVX/QZRavcKwHWOa9163wHSRWp1iZS2N0yYc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Message-Id: Date: Wed, 10 Apr 2024 05:55:01 +0000 commit 1a41979210b7d276824dc4660f4f58a1d6dea3ca Author: Jan Beulich AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:25 2024 +0100 x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Hypercalls in particular can be the subject of continuations, and logic there checks updated state against incoming register values. If the guest manufactured a suitable argument register with a non-zero upper half before entering compatibility mode and issuing a hypercall from there, checks in hypercall_xlat_continuation() might trip. Since for HVM we want to also be sure to not hit a corner case in the emulator, initiate the clipping right from the top of {svm,vmx}_vmexit_handler(). Also rename the invoked function, as it no longer does only invalidation of fields. Note that architecturally the upper halves of registers are undefined after a switch between compatibility and 64-bit mode (either direction). Hence once having entered compatibility mode, the guest can't assume the upper half of any register to retain its value. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 6a98383b0877bb66ebfe189da43bf81abe3d7909) --- xen/arch/x86/hvm/svm/svm.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 6 +++++- xen/include/asm-x86/hvm/hvm.h | 18 +++++++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index ba17bfe97a..0cc5e07f46 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2592,7 +2592,8 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) regs->rsp = vmcb->rsp; regs->rflags = vmcb->rflags; - hvm_invalidate_regs_fields(regs); + hvm_sanitize_regs_fields( + regs, !(vmcb_get_efer(vmcb) & EFER_LMA) || !(vmcb->cs.l)); if ( paging_mode_hap(v->domain) ) v->arch.hvm.guest_cr[3] = v->arch.hvm.hw_cr[3] = vmcb_get_cr3(vmcb); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 54023a9258..8bb4a6e042 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3932,6 +3932,7 @@ static int vmx_handle_apic_write(void) void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; + unsigned long cs_ar_bytes = 0; unsigned int vector = 0, mode; struct vcpu *v = current; struct domain *currd = v->domain; @@ -3940,7 +3941,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(GUEST_RSP, ®s->rsp); __vmread(GUEST_RFLAGS, ®s->rflags); - hvm_invalidate_regs_fields(regs); + if ( hvm_long_mode_active(v) ) + __vmread(GUEST_CS_AR_BYTES, &cs_ar_bytes); + + hvm_sanitize_regs_fields(regs, !(cs_ar_bytes & X86_SEG_AR_CS_LM_ACTIVE)); if ( paging_mode_hap(v->domain) ) { diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index b8dc445550..8e7a6b922d 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -564,8 +564,24 @@ static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) ? alternative_call(hvm_funcs.get_insn_bytes, v, buf) : 0); } -static inline void hvm_invalidate_regs_fields(struct cpu_user_regs *regs) +static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, + bool compat) { + if ( compat ) + { + /* Clear GPR upper halves, to counteract guests playing games. */ + regs->rbp = (uint32_t)regs->ebp; + regs->rbx = (uint32_t)regs->ebx; + regs->rax = (uint32_t)regs->eax; + regs->rcx = (uint32_t)regs->ecx; + regs->rdx = (uint32_t)regs->edx; + regs->rsi = (uint32_t)regs->esi; + regs->rdi = (uint32_t)regs->edi; + regs->rip = (uint32_t)regs->eip; + regs->rflags = (uint32_t)regs->eflags; + regs->rsp = (uint32_t)regs->esp; + } + #ifndef NDEBUG regs->error_code = 0xbeef; regs->entry_vector = 0xbeef; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 05:55:12 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 05:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702916.1098576 (Exim 4.92) (envelope-from ) id 1ruQvQ-0005J9-Nt; Wed, 10 Apr 2024 05:55:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702916.1098576; Wed, 10 Apr 2024 05:55:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruQvQ-0005J1-LJ; Wed, 10 Apr 2024 05:55:12 +0000 Received: by outflank-mailman (input) for mailman id 702916; Wed, 10 Apr 2024 05:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruQvQ-0005Is-3U for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 05:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruQvQ-0001lb-2f for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 05:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruQvQ-0004zD-1o for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 05:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XpmblqTW8dmZolEUWjHy6DTKnD4xfKq9pJEGTOwWv/w=; b=JctRqzHm5+GLvXgwtFFwOtMC4A 6QBMJBtTjjqOhI5XC62+dP7hw+qgj+BlH8ww1aS6wONUO3uzVc/pqYtLjap3QjmHoYO3moemYXj1w uD7A7GmgxXVDlfvVSYH9xW2uHkqNkWx+rPCgedsx45Phds1x3aP1JvLg3h6QFzNgTVBw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] hypercall_xlat_continuation: Replace BUG_ON with domain_crash Message-Id: Date: Wed, 10 Apr 2024 05:55:12 +0000 commit 65eb8f32b6b82e0268a9d66b49da354bc6698e87 Author: Bjoern Doebel AuthorDate: Wed Mar 27 18:30:55 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:25 2024 +0100 hypercall_xlat_continuation: Replace BUG_ON with domain_crash Instead of crashing the host in case of unexpected hypercall parameters, resort to only crashing the calling domain. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Bjoern Doebel Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 9926e692c4afc40bcd66f8416ff6a1e93ce402f6) --- xen/arch/x86/hypercall.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 791b4c7585..7889729717 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -202,8 +202,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bogus continuation arg%u (%#lx)\n", + mcs->call.op, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -215,8 +220,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, mcs->call.args[i] = cval; ++rc; } - else - BUG_ON(mcs->call.args[i] != (unsigned int)mcs->call.args[i]); + else if ( mcs->call.args[i] != (unsigned int)mcs->call.args[i] ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bad continuation arg%u (%#lx)\n", + mcs->call.op, i, mcs->call.args[i]); + domain_crash(current->domain); + } } } else @@ -242,8 +252,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bogus continuation arg%u (%#lx)\n", + regs->eax, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -255,8 +270,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, *reg = cval; ++rc; } - else - BUG_ON(*reg != (unsigned int)*reg); + else if ( *reg != (unsigned int)*reg ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bad continuation arg%u (%#lx)\n", + regs->eax, i, *reg); + domain_crash(current->domain); + } } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 10:00:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 10:00:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702978.1098711 (Exim 4.92) (envelope-from ) id 1ruUkM-0004Tt-S8; Wed, 10 Apr 2024 10:00:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702978.1098711; Wed, 10 Apr 2024 10:00:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruUkM-0004Tc-Oz; Wed, 10 Apr 2024 10:00:02 +0000 Received: by outflank-mailman (input) for mailman id 702978; Wed, 10 Apr 2024 10:00:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruUkL-0004JU-Ps for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 10:00:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruUkL-0006aU-P0 for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 10:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruUkL-0002ve-KX for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 10:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SkiJsSSrzyJitvffCofHP48pdyIKByasNJp4vUWoL/Q=; b=tTyikphdP1QYoXuSIK8Pn4rLbi IUBaM/gwPUVL2h/bjtiqifa13uohBdEZiVKMA2Ne1vuLMflv4Z0g6b7jsKZ44q+jqeIzxmlNdOth8 pizFovGxGNWuoZ3ULehzd7jvQxbPrCvZWzn4IZaI45LfiPAg5xNen+nYimQqmFTeTxhs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Message-Id: Date: Wed, 10 Apr 2024 10:00:01 +0000 commit 8d6efd087b34127ef9865afc36093617f15080b6 Author: Jan Beulich AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:36 2024 +0100 x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Hypercalls in particular can be the subject of continuations, and logic there checks updated state against incoming register values. If the guest manufactured a suitable argument register with a non-zero upper half before entering compatibility mode and issuing a hypercall from there, checks in hypercall_xlat_continuation() might trip. Since for HVM we want to also be sure to not hit a corner case in the emulator, initiate the clipping right from the top of {svm,vmx}_vmexit_handler(). Also rename the invoked function, as it no longer does only invalidation of fields. Note that architecturally the upper halves of registers are undefined after a switch between compatibility and 64-bit mode (either direction). Hence once having entered compatibility mode, the guest can't assume the upper half of any register to retain its value. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 6a98383b0877bb66ebfe189da43bf81abe3d7909) --- xen/arch/x86/hvm/svm/svm.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 6 +++++- xen/include/asm-x86/hvm/hvm.h | 18 +++++++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index ba4069f910..ef97926012 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2593,7 +2593,8 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) regs->rsp = vmcb->rsp; regs->rflags = vmcb->rflags; - hvm_invalidate_regs_fields(regs); + hvm_sanitize_regs_fields( + regs, !(vmcb_get_efer(vmcb) & EFER_LMA) || !(vmcb->cs.l)); if ( paging_mode_hap(v->domain) ) v->arch.hvm.guest_cr[3] = v->arch.hvm.hw_cr[3] = vmcb_get_cr3(vmcb); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 6c35812d05..54cb0553c2 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3939,6 +3939,7 @@ static int vmx_handle_apic_write(void) void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; + unsigned long cs_ar_bytes = 0; unsigned int vector = 0, mode; struct vcpu *v = current; struct domain *currd = v->domain; @@ -3947,7 +3948,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(GUEST_RSP, ®s->rsp); __vmread(GUEST_RFLAGS, ®s->rflags); - hvm_invalidate_regs_fields(regs); + if ( hvm_long_mode_active(v) ) + __vmread(GUEST_CS_AR_BYTES, &cs_ar_bytes); + + hvm_sanitize_regs_fields(regs, !(cs_ar_bytes & X86_SEG_AR_CS_LM_ACTIVE)); if ( paging_mode_hap(v->domain) ) { diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index 45b6ebecdc..30eb6559d2 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -579,8 +579,24 @@ static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) ? alternative_call(hvm_funcs.get_insn_bytes, v, buf) : 0); } -static inline void hvm_invalidate_regs_fields(struct cpu_user_regs *regs) +static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, + bool compat) { + if ( compat ) + { + /* Clear GPR upper halves, to counteract guests playing games. */ + regs->rbp = (uint32_t)regs->ebp; + regs->rbx = (uint32_t)regs->ebx; + regs->rax = (uint32_t)regs->eax; + regs->rcx = (uint32_t)regs->ecx; + regs->rdx = (uint32_t)regs->edx; + regs->rsi = (uint32_t)regs->esi; + regs->rdi = (uint32_t)regs->edi; + regs->rip = (uint32_t)regs->eip; + regs->rflags = (uint32_t)regs->eflags; + regs->rsp = (uint32_t)regs->esp; + } + #ifndef NDEBUG regs->error_code = 0xbeef; regs->entry_vector = 0xbeef; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 10:00:12 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 10:00:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.702979.1098714 (Exim 4.92) (envelope-from ) id 1ruUkW-00053x-TI; Wed, 10 Apr 2024 10:00:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 702979.1098714; Wed, 10 Apr 2024 10:00:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruUkW-00053n-Qd; Wed, 10 Apr 2024 10:00:12 +0000 Received: by outflank-mailman (input) for mailman id 702979; Wed, 10 Apr 2024 10:00:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruUkV-00053d-Ts for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 10:00:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruUkV-0006ae-Sy for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 10:00:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruUkV-0002x0-RB for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 10:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ERrE62+ReouVvzZTaX0EimC88SStde5wI4wacMPT4mg=; b=h63rtPfZe4v2wRjgzP/8cuf73j HGQEYv++++GhDhZ/r3i7Y/KMCEvJWzU4YKtR1l9MZxhdSCzNyHI0LNQLvhC1KqvhBc2MAw1XYa87Q pOyrK1ROVqB8XJtRr36hRjm+Ekoi3Ol3x4YJdkld3EFu+9THk9+vQrR4PKdesNOKWKYc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] hypercall_xlat_continuation: Replace BUG_ON with domain_crash Message-Id: Date: Wed, 10 Apr 2024 10:00:11 +0000 commit 9c7c50969fa6c7b1e2d24c2c9dfe528079d72df2 Author: Bjoern Doebel AuthorDate: Wed Mar 27 18:30:55 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:36 2024 +0100 hypercall_xlat_continuation: Replace BUG_ON with domain_crash Instead of crashing the host in case of unexpected hypercall parameters, resort to only crashing the calling domain. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Bjoern Doebel Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 9926e692c4afc40bcd66f8416ff6a1e93ce402f6) --- xen/arch/x86/hypercall.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 2370d31d3f..159e5c630e 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -211,8 +211,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bogus continuation arg%u (%#lx)\n", + mcs->call.op, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -224,8 +229,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, mcs->call.args[i] = cval; ++rc; } - else - BUG_ON(mcs->call.args[i] != (unsigned int)mcs->call.args[i]); + else if ( mcs->call.args[i] != (unsigned int)mcs->call.args[i] ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bad continuation arg%u (%#lx)\n", + mcs->call.op, i, mcs->call.args[i]); + domain_crash(current->domain); + } } } else @@ -251,8 +261,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bogus continuation arg%u (%#lx)\n", + regs->eax, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -264,8 +279,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, *reg = cval; ++rc; } - else - BUG_ON(*reg != (unsigned int)*reg); + else if ( *reg != (unsigned int)*reg ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bad continuation arg%u (%#lx)\n", + regs->eax, i, *reg); + domain_crash(current->domain); + } } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 16:33:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 16:33:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703437.1099117 (Exim 4.92) (envelope-from ) id 1ruasg-000513-KG; Wed, 10 Apr 2024 16:33:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703437.1099117; Wed, 10 Apr 2024 16:33:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruasg-00050v-HU; Wed, 10 Apr 2024 16:33:02 +0000 Received: by outflank-mailman (input) for mailman id 703437; Wed, 10 Apr 2024 16:33:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruasf-00050p-Ss for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruasf-0005ny-R6 for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruasf-0006vS-Q5 for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=it9DU4VBM52sF4ZNxljmOZ8fEcjfWxRS3Cy2rAXcjlI=; b=nUgS44UD9ufEFS5+lp60lU9kmK XyFBWMsJd+5O45KJWZ8pkH9FueLofvwLvURl5Z6dOKfhnk0bZybPeqda6PlFDzaEt+HzXR+GRW1vr WSJAXDDMC0Z9DdP7xqQuv9GqwK6HPzeBdueoG7XcEu+4q8+w8+HCIcMuPEolzagrtlPo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] arm/alternatives: Rename alt_instr fields which are used in common code Message-Id: Date: Wed, 10 Apr 2024 16:33:01 +0000 commit 4f7656fe8ed94d07f7de9a4274cd2a47675fb178 Author: Andrew Cooper AuthorDate: Sun Apr 16 01:10:43 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:56:55 2024 +0100 arm/alternatives: Rename alt_instr fields which are used in common code Alternatives auditing for livepatches is currently broken. To fix it, the livepatch code needs to inspect more fields of alt_instr. Rename ARM's fields to match x86's, because: * ARM already exposes alt_offset under the repl name via ALT_REPL_PTR(). * "alt" is ambiguous in a structure entirely about alternatives already. * "repl", being the same width as orig leads to slightly neater code. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini (cherry picked from commit 418cf59c4e29451010d7efb3835b900690d19866) --- xen/arch/arm/alternative.c | 6 +++--- xen/arch/arm/include/asm/alternative.h | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/arm/alternative.c b/xen/arch/arm/alternative.c index f03cd943c6..ef98f37417 100644 --- a/xen/arch/arm/alternative.c +++ b/xen/arch/arm/alternative.c @@ -55,7 +55,7 @@ static bool branch_insn_requires_update(const struct alt_instr *alt, return true; replptr = (unsigned long)ALT_REPL_PTR(alt); - if ( pc >= replptr && pc <= (replptr + alt->alt_len) ) + if ( pc >= replptr && pc <= (replptr + alt->repl_len) ) return false; /* @@ -139,9 +139,9 @@ static int __apply_alternatives(const struct alt_region *region, continue; if ( alt->cpufeature == ARM_CB_PATCH ) - BUG_ON(alt->alt_len != 0); + BUG_ON(alt->repl_len != 0); else - BUG_ON(alt->alt_len != alt->orig_len); + BUG_ON(alt->repl_len != alt->orig_len); origptr = ALT_ORIG_PTR(alt); updptr = (void *)origptr + update_offset; diff --git a/xen/arch/arm/include/asm/alternative.h b/xen/arch/arm/include/asm/alternative.h index 1eb4b60fbb..d3210e82f9 100644 --- a/xen/arch/arm/include/asm/alternative.h +++ b/xen/arch/arm/include/asm/alternative.h @@ -13,16 +13,16 @@ struct alt_instr { s32 orig_offset; /* offset to original instruction */ - s32 alt_offset; /* offset to replacement instruction */ + s32 repl_offset; /* offset to replacement instruction */ u16 cpufeature; /* cpufeature bit set for replacement */ u8 orig_len; /* size of original instruction(s) */ - u8 alt_len; /* size of new instruction(s), <= orig_len */ + u8 repl_len; /* size of new instruction(s), <= orig_len */ }; /* Xen: helpers used by common code. */ #define __ALT_PTR(a,f) ((void *)&(a)->f + (a)->f) #define ALT_ORIG_PTR(a) __ALT_PTR(a, orig_offset) -#define ALT_REPL_PTR(a) __ALT_PTR(a, alt_offset) +#define ALT_REPL_PTR(a) __ALT_PTR(a, repl_offset) typedef void (*alternative_cb_t)(const struct alt_instr *alt, const uint32_t *origptr, uint32_t *updptr, @@ -90,12 +90,12 @@ int apply_alternatives(const struct alt_instr *start, const struct alt_instr *en #include #include -.macro altinstruction_entry orig_offset alt_offset feature orig_len alt_len +.macro altinstruction_entry orig_offset repl_offset feature orig_len repl_len .word \orig_offset - . - .word \alt_offset - . + .word \repl_offset - . .hword \feature .byte \orig_len - .byte \alt_len + .byte \repl_len .endm .macro alternative_insn insn1, insn2, cap, enable = 1 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 16:33:12 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 16:33:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703438.1099121 (Exim 4.92) (envelope-from ) id 1ruasq-000550-LW; Wed, 10 Apr 2024 16:33:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703438.1099121; Wed, 10 Apr 2024 16:33:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruasq-00054t-J3; Wed, 10 Apr 2024 16:33:12 +0000 Received: by outflank-mailman (input) for mailman id 703438; Wed, 10 Apr 2024 16:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruasp-00054l-Vp for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruasp-0005oN-UE for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruasp-0006w0-TI for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0lYIIWuBp/1aY2ftR3VrFs9NZptI9AkIb6pTU0nrtXk=; b=O91w8n/TRZVPmPNgOdMTsJTdOu Dleh83CaUOQsThEgZWWg2RL6PODZvGsXjCfZugXARKzydp0ZgkhoaGvP757+8+ysX2gt1iWKiIQCp 0M/iIj3DBInImlbmW23gvonRqgoSkxk2D5xp5zld5dnb0kBIsqXjKyWHZNpwoK4u1Shs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] xen/livepatch: Fix .altinstructions safety checks Message-Id: Date: Wed, 10 Apr 2024 16:33:11 +0000 commit 1601fa5ac1652ff1d4903160f14c44fae2c668b8 Author: Andrew Cooper AuthorDate: Thu Apr 13 20:56:15 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:56:55 2024 +0100 xen/livepatch: Fix .altinstructions safety checks The prior check has && vs || mixups, making it tautologically false and thus providing no safety at all. There are boundary errors too. First start with a comment describing how the .altinstructions and .altinstr_replacement sections interact, and perform suitable cross-checking. Second, rewrite the alt_instr loop entirely from scratch. Origin sites have non-zero size, and must be fully contained within the livepatches .text section(s). Any non-zero sized replacements must be fully contained within the .altinstr_replacement section. Fixes: f8a10174e8b1 ("xsplice: Add support for alternatives") Signed-off-by: Andrew Cooper Reviewed-by: Ross Lagerwall (cherry picked from commit e74360e4ba4a6b6827a44f8b1b22a0ec4311694a) --- xen/common/livepatch.c | 69 +++++++++++++++++++++++++++++++++++++++----- xen/include/xen/elfstructs.h | 2 ++ 2 files changed, 64 insertions(+), 7 deletions(-) diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 28c09ddf58..352639c47f 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -816,29 +816,84 @@ static int prepare_payload(struct payload *payload, if ( sec ) { #ifdef CONFIG_HAS_ALTERNATIVE + /* + * (As of April 2023), Alternatives are formed of: + * - An .altinstructions section with an array of struct alt_instr's. + * - An .altinstr_replacement section containing instructions. + * + * An individual alt_instr contains: + * - An orig reference, pointing into .text with a nonzero length + * - A repl reference, pointing into .altinstr_replacement + * + * It is legal to have zero-length replacements, meaning it is legal + * for the .altinstr_replacement section to be empty too. An + * implementation detail means that a zero-length replacement's repl + * reference will still be in the .altinstr_replacement section. + */ + const struct livepatch_elf_sec *repl_sec; struct alt_instr *a, *start, *end; if ( !section_ok(elf, sec, sizeof(*a)) ) return -EINVAL; + /* Tolerate an empty .altinstructions section... */ + if ( sec->sec->sh_size == 0 ) + goto alt_done; + + /* ... but otherwise, there needs to be something to alter... */ + if ( payload->text_size == 0 ) + { + printk(XENLOG_ERR LIVEPATCH "%s Alternatives provided, but no .text\n", + elf->name); + return -EINVAL; + } + + /* ... and something to be altered to. */ + repl_sec = livepatch_elf_sec_by_name(elf, ".altinstr_replacement"); + if ( !repl_sec ) + { + printk(XENLOG_ERR LIVEPATCH "%s .altinstructions provided, but no .altinstr_replacement\n", + elf->name); + return -EINVAL; + } + start = sec->load_addr; end = sec->load_addr + sec->sec->sh_size; for ( a = start; a < end; a++ ) { - const void *instr = ALT_ORIG_PTR(a); - const void *replacement = ALT_REPL_PTR(a); + const void *orig = ALT_ORIG_PTR(a); + const void *repl = ALT_REPL_PTR(a); + + /* orig must be fully within .text. */ + if ( orig < payload->text_addr || + a->orig_len > payload->text_size || + orig + a->orig_len > payload->text_addr + payload->text_size ) + { + printk(XENLOG_ERR LIVEPATCH + "%s Alternative orig %p+%#x outside payload text %p+%#zx\n", + elf->name, orig, a->orig_len, + payload->text_addr, payload->text_size); + return -EINVAL; + } - if ( (instr < region->text_start && instr >= region->text_end) || - (replacement < region->text_start && - replacement >= region->text_end) ) + /* + * repl must be fully within .altinstr_replacement, even if the + * replacement and the section happen to both have zero length. + */ + if ( repl < repl_sec->load_addr || + a->repl_len > repl_sec->sec->sh_size || + repl + a->repl_len > repl_sec->load_addr + repl_sec->sec->sh_size ) { - printk(XENLOG_ERR LIVEPATCH "%s Alt patching outside payload: %p\n", - elf->name, instr); + printk(XENLOG_ERR LIVEPATCH + "%s Alternative repl %p+%#x outside .altinstr_replacement %p+%#"PRIxElfWord"\n", + elf->name, repl, a->repl_len, + repl_sec->load_addr, repl_sec->sec->sh_size); return -EINVAL; } } apply_alternatives(start, end); + alt_done:; #else printk(XENLOG_ERR LIVEPATCH "%s: We don't support alternative patching\n", elf->name); diff --git a/xen/include/xen/elfstructs.h b/xen/include/xen/elfstructs.h index 3124469fae..eb6b87a823 100644 --- a/xen/include/xen/elfstructs.h +++ b/xen/include/xen/elfstructs.h @@ -563,6 +563,7 @@ typedef struct { #if defined(ELFSIZE) && (ELFSIZE == 32) #define PRIxElfAddr PRIx32 #define PRIuElfWord PRIu32 +#define PRIxElfWord PRIx32 #define Elf_Ehdr Elf32_Ehdr #define Elf_Phdr Elf32_Phdr @@ -591,6 +592,7 @@ typedef struct { #elif defined(ELFSIZE) && (ELFSIZE == 64) #define PRIxElfAddr PRIx64 #define PRIuElfWord PRIu64 +#define PRIxElfWord PRIx64 #define Elf_Ehdr Elf64_Ehdr #define Elf_Phdr Elf64_Phdr -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 16:33:22 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 16:33:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703439.1099126 (Exim 4.92) (envelope-from ) id 1ruat0-000585-NE; Wed, 10 Apr 2024 16:33:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703439.1099126; Wed, 10 Apr 2024 16:33:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruat0-00057y-KY; Wed, 10 Apr 2024 16:33:22 +0000 Received: by outflank-mailman (input) for mailman id 703439; Wed, 10 Apr 2024 16:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruat0-00057n-3C for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruat0-0005ob-1D for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruat0-0006wa-0G for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xto3qqOAY/Ju0r/8VSVEqVCReFITWf5OoQaO9zDSLuc=; b=JprbBkxpwtn7m2f4fUSc8W8nhF ct8Tlp2CRgSo+e6tWcjw4pehVfif71ph2reEyUM3kSREuMFtndh7e7nzz26ccnsJP5kTU2RELEE+Y 92u4/n4y8Uf7BA7G1l9mLILWhmGm3Du/Kb031xXsK5GQSG766WAmS6YTu3mhnZA9tfdc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Message-Id: Date: Wed, 10 Apr 2024 16:33:22 +0000 commit 6462418517abb21775ee775a1275459e70b6e5a1 Author: Jan Beulich AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:56:55 2024 +0100 x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Hypercalls in particular can be the subject of continuations, and logic there checks updated state against incoming register values. If the guest manufactured a suitable argument register with a non-zero upper half before entering compatibility mode and issuing a hypercall from there, checks in hypercall_xlat_continuation() might trip. Since for HVM we want to also be sure to not hit a corner case in the emulator, initiate the clipping right from the top of {svm,vmx}_vmexit_handler(). Also rename the invoked function, as it no longer does only invalidation of fields. Note that architecturally the upper halves of registers are undefined after a switch between compatibility and 64-bit mode (either direction). Hence once having entered compatibility mode, the guest can't assume the upper half of any register to retain its value. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 6a98383b0877bb66ebfe189da43bf81abe3d7909) --- xen/arch/x86/hvm/svm/svm.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 6 +++++- xen/arch/x86/include/asm/hvm/hvm.h | 18 +++++++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 3c17464550..35173502bd 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2626,7 +2626,8 @@ void svm_vmexit_handler(struct cpu_user_regs *regs) regs->rsp = vmcb->rsp; regs->rflags = vmcb->rflags; - hvm_invalidate_regs_fields(regs); + hvm_sanitize_regs_fields( + regs, !(vmcb_get_efer(vmcb) & EFER_LMA) || !(vmcb->cs.l)); if ( paging_mode_hap(v->domain) ) v->arch.hvm.guest_cr[3] = v->arch.hvm.hw_cr[3] = vmcb_get_cr3(vmcb); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 35d391d8e5..fed362bc32 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3981,6 +3981,7 @@ static void undo_nmis_unblocked_by_iret(void) void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; + unsigned long cs_ar_bytes = 0; unsigned int vector = 0; struct vcpu *v = current; struct domain *currd = v->domain; @@ -3989,7 +3990,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(GUEST_RSP, ®s->rsp); __vmread(GUEST_RFLAGS, ®s->rflags); - hvm_invalidate_regs_fields(regs); + if ( hvm_long_mode_active(v) ) + __vmread(GUEST_CS_AR_BYTES, &cs_ar_bytes); + + hvm_sanitize_regs_fields(regs, !(cs_ar_bytes & X86_SEG_AR_CS_LM_ACTIVE)); if ( paging_mode_hap(v->domain) ) { diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 93254651f2..d67565dcb9 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -583,8 +583,24 @@ static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) ? alternative_call(hvm_funcs.get_insn_bytes, v, buf) : 0); } -static inline void hvm_invalidate_regs_fields(struct cpu_user_regs *regs) +static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, + bool compat) { + if ( compat ) + { + /* Clear GPR upper halves, to counteract guests playing games. */ + regs->rbp = (uint32_t)regs->ebp; + regs->rbx = (uint32_t)regs->ebx; + regs->rax = (uint32_t)regs->eax; + regs->rcx = (uint32_t)regs->ecx; + regs->rdx = (uint32_t)regs->edx; + regs->rsi = (uint32_t)regs->esi; + regs->rdi = (uint32_t)regs->edi; + regs->rip = (uint32_t)regs->eip; + regs->rflags = (uint32_t)regs->eflags; + regs->rsp = (uint32_t)regs->esp; + } + #ifndef NDEBUG regs->error_code = 0xbeef; regs->entry_vector = 0xbeef; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 16:33:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 16:33:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703441.1099129 (Exim 4.92) (envelope-from ) id 1ruatB-0005D2-Oo; Wed, 10 Apr 2024 16:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703441.1099129; Wed, 10 Apr 2024 16:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruatB-0005Ct-M5; Wed, 10 Apr 2024 16:33:33 +0000 Received: by outflank-mailman (input) for mailman id 703441; Wed, 10 Apr 2024 16:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruatA-0005AQ-4s for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruatA-0005oi-45 for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruatA-0006wz-3I for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 16:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=i6u/3VjMz2QScV8c5VeHWIVlHSm7xonL+dOCGE84sAY=; b=viYjkGd0u1iZ+ftPCDwz/5zYJ7 d6cwbgRvJowy52gAK2kp5JaPG9lVbb5PE9VhU2g4DFOk7irGbIV7cGh64NjZ1/nLMec2w5D1CxrCY R4+we/8KCipQ2NwVHLvfEonJSxJLz3wnjtYUc35FeHSZ+v6bp6DWiSnHb0rU6ohOo18g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] hypercall_xlat_continuation: Replace BUG_ON with domain_crash Message-Id: Date: Wed, 10 Apr 2024 16:33:32 +0000 commit b8f39fd4d024ea72c586f1afd233f379c6f6230b Author: Bjoern Doebel AuthorDate: Wed Mar 27 18:30:55 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:56:55 2024 +0100 hypercall_xlat_continuation: Replace BUG_ON with domain_crash Instead of crashing the host in case of unexpected hypercall parameters, resort to only crashing the calling domain. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Bjoern Doebel Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 9926e692c4afc40bcd66f8416ff6a1e93ce402f6) --- xen/arch/x86/hypercall.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 6b73cff9b9..382985f5f4 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -152,8 +152,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bogus continuation arg%u (%#lx)\n", + mcs->call.op, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -165,8 +170,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, mcs->call.args[i] = cval; ++rc; } - else - BUG_ON(mcs->call.args[i] != (unsigned int)mcs->call.args[i]); + else if ( mcs->call.args[i] != (unsigned int)mcs->call.args[i] ) + { + printk(XENLOG_G_ERR + "multicall (op %lu) bad continuation arg%u (%#lx)\n", + mcs->call.op, i, mcs->call.args[i]); + domain_crash(current->domain); + } } } else @@ -192,8 +202,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bogus continuation arg%u (%#lx)\n", + regs->eax, i, nval); + domain_crash(current->domain); + } } else if ( id && *id == i ) { @@ -205,8 +220,13 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, *reg = cval; ++rc; } - else - BUG_ON(*reg != (unsigned int)*reg); + else if ( *reg != (unsigned int)*reg ) + { + printk(XENLOG_G_ERR + "hypercall (op %u) bad continuation arg%u (%#lx)\n", + regs->eax, i, *reg); + domain_crash(current->domain); + } } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 18:00:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 18:00:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703530.1099174 (Exim 4.92) (envelope-from ) id 1rucEu-0003wl-Nc; Wed, 10 Apr 2024 18:00:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703530.1099174; Wed, 10 Apr 2024 18:00:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rucEu-0003wd-Ka; Wed, 10 Apr 2024 18:00:04 +0000 Received: by outflank-mailman (input) for mailman id 703530; Wed, 10 Apr 2024 18:00:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rucEu-0003pW-2v for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:00:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rucEu-0007ja-1A for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:00:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rucEt-00068d-VL for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:00:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4UvbsAsBqkhIGg7Ksv322H4YvbDjKBf5ghkc7STvom4=; b=m1Hugx6lyGnQMTgcIFhwac2bc1 fAK0T36jbxk2Z7qdT6of6W69ORvDl+wMTpCUm3diczEWzRBJA1sUB4Op8nyv3Hn2UGoSg/fYAe8q1 9qGRkuFl67wN4jzq5NFyV9MRsdfTKO72pylfWIs1nmQ3ntVGmvChRBT/Lk9/LZsJ6wHY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/ucode: Move vendor specifics back out of early_microcode_init() Message-Id: Date: Wed, 10 Apr 2024 18:00:03 +0000 commit 2eea952b70d297b0c86b70bff55d75b3ff9aa782 Author: Andrew Cooper AuthorDate: Tue Oct 24 19:32:31 2023 +0100 Commit: Andrew Cooper CommitDate: Wed Apr 10 18:34:46 2024 +0100 x86/ucode: Move vendor specifics back out of early_microcode_init() I know it was me who dropped microcode_init_{intel,amd}() in c/s dd5f07997f29 ("x86/ucode: Rationalise startup and family/model checks"), but times have moved on. We've gained new conditional support, and a wish to compile-time specialise Xen to single platform. (Re)introduce ucode_probe_{amd,intel}() and move the recent vendor specific additions back out. Encode the conditional support state in the NULL-ness of hooks as it's already done on other paths. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/microcode/amd.c | 10 +++++++++- xen/arch/x86/cpu/microcode/core.c | 16 +++++----------- xen/arch/x86/cpu/microcode/intel.c | 12 ++++++++++-- xen/arch/x86/cpu/microcode/private.h | 16 ++++++++++------ 4 files changed, 34 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c index 75fc84e445..17e68697d5 100644 --- a/xen/arch/x86/cpu/microcode/amd.c +++ b/xen/arch/x86/cpu/microcode/amd.c @@ -434,9 +434,17 @@ static struct microcode_patch *cf_check cpu_request_microcode( return patch; } -const struct microcode_ops __initconst_cf_clobber amd_ucode_ops = { +static const struct microcode_ops __initconst_cf_clobber amd_ucode_ops = { .cpu_request_microcode = cpu_request_microcode, .collect_cpu_info = collect_cpu_info, .apply_microcode = apply_microcode, .compare_patch = compare_patch, }; + +void __init ucode_probe_amd(struct microcode_ops *ops) +{ + if ( boot_cpu_data.x86 < 0x10 ) + return; + + *ops = amd_ucode_ops; +} diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 1c9f66ea8a..e738a88f5c 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -861,25 +861,19 @@ int __init early_microcode_init(unsigned long *module_map, { const struct cpuinfo_x86 *c = &boot_cpu_data; int rc = 0; - bool can_load = false; switch ( c->x86_vendor ) { case X86_VENDOR_AMD: - if ( c->x86 >= 0x10 ) - { - ucode_ops = amd_ucode_ops; - can_load = true; - } + ucode_probe_amd(&ucode_ops); break; case X86_VENDOR_INTEL: - ucode_ops = intel_ucode_ops; - can_load = intel_can_load_microcode(); + ucode_probe_intel(&ucode_ops); break; } - if ( !ucode_ops.apply_microcode ) + if ( !ucode_ops.collect_cpu_info ) { printk(XENLOG_INFO "Microcode loading not available\n"); return -ENODEV; @@ -896,10 +890,10 @@ int __init early_microcode_init(unsigned long *module_map, * * Take the hint in either case and ignore the microcode interface. */ - if ( this_cpu(cpu_sig).rev == ~0 || !can_load ) + if ( !ucode_ops.apply_microcode || this_cpu(cpu_sig).rev == ~0 ) { printk(XENLOG_INFO "Microcode loading disabled due to: %s\n", - can_load ? "rev = ~0" : "HW toggle"); + ucode_ops.apply_microcode ? "rev = ~0" : "HW toggle"); ucode_ops.apply_microcode = NULL; return -ENODEV; } diff --git a/xen/arch/x86/cpu/microcode/intel.c b/xen/arch/x86/cpu/microcode/intel.c index 060c529a6e..96f34b336b 100644 --- a/xen/arch/x86/cpu/microcode/intel.c +++ b/xen/arch/x86/cpu/microcode/intel.c @@ -385,7 +385,7 @@ static struct microcode_patch *cf_check cpu_request_microcode( return patch; } -bool __init intel_can_load_microcode(void) +static bool __init can_load_microcode(void) { uint64_t mcu_ctrl; @@ -398,9 +398,17 @@ bool __init intel_can_load_microcode(void) return !(mcu_ctrl & MCU_CONTROL_DIS_MCU_LOAD); } -const struct microcode_ops __initconst_cf_clobber intel_ucode_ops = { +static const struct microcode_ops __initconst_cf_clobber intel_ucode_ops = { .cpu_request_microcode = cpu_request_microcode, .collect_cpu_info = collect_cpu_info, .apply_microcode = apply_microcode, .compare_patch = compare_patch, }; + +void __init ucode_probe_intel(struct microcode_ops *ops) +{ + *ops = intel_ucode_ops; + + if ( !can_load_microcode() ) + ops->apply_microcode = NULL; +} diff --git a/xen/arch/x86/cpu/microcode/private.h b/xen/arch/x86/cpu/microcode/private.h index d80787205a..b58611e908 100644 --- a/xen/arch/x86/cpu/microcode/private.h +++ b/xen/arch/x86/cpu/microcode/private.h @@ -60,13 +60,17 @@ struct microcode_ops { const struct microcode_patch *new, const struct microcode_patch *old); }; -/** - * Checks whether we can perform microcode updates on this Intel system +/* + * Microcode loading falls into one of 3 states. + * - No support at all + * - Read-only (locked by firmware, or we're virtualised) + * - Loading available * - * @return True iff the microcode update facilities are enabled + * These are encoded by (not) filling in ops->collect_cpu_info (i.e. no + * support available) and (not) ops->apply_microcode (i.e. read only). + * Otherwise, all hooks must be filled in. */ -bool intel_can_load_microcode(void); - -extern const struct microcode_ops amd_ucode_ops, intel_ucode_ops; +void ucode_probe_amd(struct microcode_ops *ops); +void ucode_probe_intel(struct microcode_ops *ops); #endif /* ASM_X86_MICROCODE_PRIVATE_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 18:00:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 18:00:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703531.1099177 (Exim 4.92) (envelope-from ) id 1rucF4-0004I3-Pw; Wed, 10 Apr 2024 18:00:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703531.1099177; Wed, 10 Apr 2024 18:00:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rucF4-0004Hv-NQ; Wed, 10 Apr 2024 18:00:14 +0000 Received: by outflank-mailman (input) for mailman id 703531; Wed, 10 Apr 2024 18:00:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rucF4-0004Hl-5F for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:00:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rucF4-0007jj-4K for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:00:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rucF4-0006AI-3N for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:00:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9vJmUUmyrvnfAT1SLC+QFEBxfCAmjyS+krJ4h5UwiAI=; b=Fk9fD2zMi+74IgpTUm4FaxVnJX qM2/sNor/cJgwgKA1DNsbVVymkucqVW+18jzMJnJ5cfo9LwQkOo0mxI39ORt/nJen7ajrxYaEg4Ho 3/ACCjfdOKeLxunU+pZMjMOLJP1MoGGW20+xVAQnMs4TirikInXJKW8T0l2NZocqCcZY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/Kconfig: Introduce CONFIG_{AMD,INTEL} and conditionalise ucode Message-Id: Date: Wed, 10 Apr 2024 18:00:14 +0000 commit 0e7ea8ca5fc9bce9248414f6aaf2dc861abd45d9 Author: Andrew Cooper AuthorDate: Wed Oct 25 14:18:15 2023 +0100 Commit: Andrew Cooper CommitDate: Wed Apr 10 18:41:28 2024 +0100 x86/Kconfig: Introduce CONFIG_{AMD,INTEL} and conditionalise ucode We eventually want to be able to build a stripped down Xen for a single platform. Make a start with CONFIG_{AMD,INTEL} (hidden behind EXPERT, but available to randconfig), and adjust the microcode logic. No practical change. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné Reviewed-by: Stefano Stabellini --- xen/arch/x86/Kconfig | 2 ++ xen/arch/x86/Kconfig.cpu | 22 ++++++++++++++++++++++ xen/arch/x86/cpu/microcode/Makefile | 4 ++-- xen/arch/x86/cpu/microcode/private.h | 9 +++++++++ 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index d6f3128588..2b6248774d 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -51,6 +51,8 @@ config HAS_CC_CET_IBT menu "Architecture Features" +source "arch/x86/Kconfig.cpu" + source "arch/Kconfig" config PV diff --git a/xen/arch/x86/Kconfig.cpu b/xen/arch/x86/Kconfig.cpu new file mode 100644 index 0000000000..5fb18db1aa --- /dev/null +++ b/xen/arch/x86/Kconfig.cpu @@ -0,0 +1,22 @@ +menu "Supported CPU vendors" + visible if EXPERT + +config AMD + bool "Support AMD CPUs" + default y + help + Detection, tunings and quirks for AMD platforms. + + May be turned off in builds targetting other vendors. Otherwise, + must be enabled for Xen to work suitably on AMD platforms. + +config INTEL + bool "Support Intel CPUs" + default y + help + Detection, tunings and quirks for Intel platforms. + + May be turned off in builds targetting other vendors. Otherwise, + must be enabled for Xen to work suitably on Intel platforms. + +endmenu diff --git a/xen/arch/x86/cpu/microcode/Makefile b/xen/arch/x86/cpu/microcode/Makefile index aae235245b..30d600544f 100644 --- a/xen/arch/x86/cpu/microcode/Makefile +++ b/xen/arch/x86/cpu/microcode/Makefile @@ -1,3 +1,3 @@ -obj-y += amd.o +obj-$(CONFIG_AMD) += amd.o obj-y += core.o -obj-y += intel.o +obj-$(CONFIG_INTEL) += intel.o diff --git a/xen/arch/x86/cpu/microcode/private.h b/xen/arch/x86/cpu/microcode/private.h index b58611e908..da556fe506 100644 --- a/xen/arch/x86/cpu/microcode/private.h +++ b/xen/arch/x86/cpu/microcode/private.h @@ -70,7 +70,16 @@ struct microcode_ops { * support available) and (not) ops->apply_microcode (i.e. read only). * Otherwise, all hooks must be filled in. */ +#ifdef CONFIG_AMD void ucode_probe_amd(struct microcode_ops *ops); +#else +static inline void ucode_probe_amd(struct microcode_ops *ops) {} +#endif + +#ifdef CONFIG_INTEL void ucode_probe_intel(struct microcode_ops *ops); +#else +static inline void ucode_probe_intel(struct microcode_ops *ops) {} +#endif #endif /* ASM_X86_MICROCODE_PRIVATE_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 18:33:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 18:33:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703536.1099191 (Exim 4.92) (envelope-from ) id 1ruckq-0000Tw-7g; Wed, 10 Apr 2024 18:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703536.1099191; Wed, 10 Apr 2024 18:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruckq-0000Tp-5D; Wed, 10 Apr 2024 18:33:04 +0000 Received: by outflank-mailman (input) for mailman id 703536; Wed, 10 Apr 2024 18:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rucko-0000Tj-Dh for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rucko-0008JM-B5 for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rucko-0000Ab-9W for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R1VtDpn4Mzli1mjnotATZn6fPVmpkyioHFCZSlql6bk=; b=7D+Pya4fYRVvS4Jc0a1baTvTY0 N3/gYVpbvgvWQQoIuntb+pDzyojYUGUy+DplkfhlFod0ZhvsDLE0DuUmRbWFjZTPfuXxVZKPTpsje 3uJB6xttdW2X4DEHHOORgmGpUyxAJGUdm0Iqm2a6jamzm4uluYzxeoG12r991ZC2SVyA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Message-Id: Date: Wed, 10 Apr 2024 18:33:02 +0000 commit 429a125dba3083fa68e976d408b2ba430a67f0a5 Author: Jan Beulich AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:49 2024 +0100 x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Hypercalls in particular can be the subject of continuations, and logic there checks updated state against incoming register values. If the guest manufactured a suitable argument register with a non-zero upper half before entering compatibility mode and issuing a hypercall from there, checks in hypercall_xlat_continuation() might trip. Since for HVM we want to also be sure to not hit a corner case in the emulator, initiate the clipping right from the top of {svm,vmx}_vmexit_handler(). Also rename the invoked function, as it no longer does only invalidation of fields. Note that architecturally the upper halves of registers are undefined after a switch between compatibility and 64-bit mode (either direction). Hence once having entered compatibility mode, the guest can't assume the upper half of any register to retain its value. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 6a98383b0877bb66ebfe189da43bf81abe3d7909) --- xen/arch/x86/hvm/svm/svm.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 6 +++++- xen/arch/x86/include/asm/hvm/hvm.h | 18 +++++++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index ff991c82cf..c7bf90062f 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2603,7 +2603,8 @@ void svm_vmexit_handler(void) regs->rsp = vmcb->rsp; regs->rflags = vmcb->rflags; - hvm_invalidate_regs_fields(regs); + hvm_sanitize_regs_fields( + regs, !(vmcb_get_efer(vmcb) & EFER_LMA) || !(vmcb->cs.l)); if ( paging_mode_hap(v->domain) ) v->arch.hvm.guest_cr[3] = v->arch.hvm.hw_cr[3] = vmcb_get_cr3(vmcb); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 28dece7c6b..ae2157953a 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -4041,6 +4041,7 @@ static void undo_nmis_unblocked_by_iret(void) void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; + unsigned long cs_ar_bytes = 0; unsigned int vector = 0; struct vcpu *v = current; struct domain *currd = v->domain; @@ -4049,7 +4050,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(GUEST_RSP, ®s->rsp); __vmread(GUEST_RFLAGS, ®s->rflags); - hvm_invalidate_regs_fields(regs); + if ( hvm_long_mode_active(v) ) + __vmread(GUEST_CS_AR_BYTES, &cs_ar_bytes); + + hvm_sanitize_regs_fields(regs, !(cs_ar_bytes & X86_SEG_AR_CS_LM_ACTIVE)); if ( paging_mode_hap(v->domain) ) { diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 6d53713fc3..e5fa682f85 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -579,8 +579,24 @@ static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) ? alternative_call(hvm_funcs.get_insn_bytes, v, buf) : 0); } -static inline void hvm_invalidate_regs_fields(struct cpu_user_regs *regs) +static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, + bool compat) { + if ( compat ) + { + /* Clear GPR upper halves, to counteract guests playing games. */ + regs->rbp = (uint32_t)regs->ebp; + regs->rbx = (uint32_t)regs->ebx; + regs->rax = (uint32_t)regs->eax; + regs->rcx = (uint32_t)regs->ecx; + regs->rdx = (uint32_t)regs->edx; + regs->rsi = (uint32_t)regs->esi; + regs->rdi = (uint32_t)regs->edi; + regs->rip = (uint32_t)regs->eip; + regs->rflags = (uint32_t)regs->eflags; + regs->rsp = (uint32_t)regs->esp; + } + #ifndef NDEBUG regs->error_code = 0xbeef; regs->entry_vector = 0xbeef; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Wed Apr 10 18:33:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 10 Apr 2024 18:33:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703537.1099195 (Exim 4.92) (envelope-from ) id 1rucl0-0000Xf-93; Wed, 10 Apr 2024 18:33:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703537.1099195; Wed, 10 Apr 2024 18:33:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rucl0-0000XY-6f; Wed, 10 Apr 2024 18:33:14 +0000 Received: by outflank-mailman (input) for mailman id 703537; Wed, 10 Apr 2024 18:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rucky-0000XM-Eq for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rucky-0008JU-Dz for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rucky-0000B9-D4 for xen-changelog@lists.xenproject.org; Wed, 10 Apr 2024 18:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=avetNt6FQ87xnkaKldEOqxp3UaKFkbAiN9N8OVghbBo=; b=4x7Zta+nArj2dK3PSkqolxYb/s DP3kUGnRbIE3cZ1J6+dmASYc9HZYHBpbtZ7LGZxhJF7XB8BPX1eetmP0u06hjoYyZhzaX4UckRu5f QKl6ffvq+TuneTc56Eo/Yf5aGJdQlr9+mHYns1gOss8INUcw9Fy0BoGTU3Ytw/LnCQbM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] hypercall_xlat_continuation: Replace BUG_ON with domain_crash Message-Id: Date: Wed, 10 Apr 2024 18:33:12 +0000 commit 1166467ed300d605529aaf7a7d26c8c92defe36a Author: Bjoern Doebel AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 5 15:44:49 2024 +0100 hypercall_xlat_continuation: Replace BUG_ON with domain_crash Instead of crashing the host in case of unexpected hypercall parameters, resort to only crashing the calling domain. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Bjoern Doebel Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 9926e692c4afc40bcd66f8416ff6a1e93ce402f6) --- xen/arch/x86/hypercall.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 01cd73040d..04b5e9874c 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -140,8 +140,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + domain_crash(current->domain, + "multicall (op %lu) bogus continuation arg%u (%#lx)\n", + mcs->call.op, i, nval); } else if ( id && *id == i ) { @@ -153,8 +155,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, mcs->call.args[i] = cval; ++rc; } - else - BUG_ON(mcs->call.args[i] != (unsigned int)mcs->call.args[i]); + else if ( mcs->call.args[i] != (unsigned int)mcs->call.args[i] ) + domain_crash(current->domain, + "multicall (op %lu) bad continuation arg%u (%#lx)\n", + mcs->call.op, i, mcs->call.args[i]); } } else @@ -180,8 +184,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + domain_crash(current->domain, + "hypercall (op %u) bogus continuation arg%u (%#lx)\n", + regs->eax, i, nval); } else if ( id && *id == i ) { @@ -193,8 +199,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, *reg = cval; ++rc; } - else - BUG_ON(*reg != (unsigned int)*reg); + else if ( *reg != (unsigned int)*reg ) + domain_crash(current->domain, + "hypercall (op %u) bad continuation arg%u (%#lx)\n", + regs->eax, i, *reg); } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:22:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703919.1099875 (Exim 4.92) (envelope-from ) id 1ruuNR-0001V8-BP; Thu, 11 Apr 2024 13:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703919.1099875; Thu, 11 Apr 2024 13:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNR-0001V0-8e; Thu, 11 Apr 2024 13:22:05 +0000 Received: by outflank-mailman (input) for mailman id 703919; Thu, 11 Apr 2024 13:22:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNP-0001Uu-LV for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNP-0004Ea-Hz for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuNP-0000I7-F5 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QQCVc+rPLom91TlYNMzqJg2LyNJHFoVd9j6ZaxqDink=; b=mvURgbPxfEsdCcHALudai3I3W9 yQLr5FpNXH//AB5mHGxatMbt7lD1H/z8OvLxU0/qDghAktixcxQUia8oZEGepi9e1hAOON0yvlYNG BjymEjf2ftY9MJo9f4xu8xYdbTlNZQDrJkz1UWKvN0kXCkU95GNMX2fM3fRNs2gSRSYY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/link: Introduce a common BUGFRAMES definition Message-Id: Date: Thu, 11 Apr 2024 13:22:03 +0000 commit 337f11ea73b5fc55f53becf32cd5749c4da939c0 Author: Andrew Cooper AuthorDate: Fri Mar 15 18:21:31 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/link: Introduce a common BUGFRAMES definition Bugframe linkage is identical in all architectures. This is not surprising given that it is (now) only consumed by common/virtual_region.c Introduce a common BUGFRAMES define in xen.lds.h ahead of rearranging their structure. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Acked-by: Michal Orzel --- xen/arch/arm/xen.lds.S | 13 +++---------- xen/arch/ppc/xen.lds.S | 13 +++---------- xen/arch/riscv/xen.lds.S | 13 +++---------- xen/arch/x86/xen.lds.S | 11 +---------- xen/include/xen/xen.lds.h | 11 +++++++++++ 5 files changed, 21 insertions(+), 40 deletions(-) diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index 2266c9536f..bd884664ad 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -55,16 +55,9 @@ SECTIONS . = ALIGN(PAGE_SIZE); .rodata : { _srodata = .; /* Read-only data */ - /* Bug frames table */ - __start_bug_frames = .; - *(.bug_frames.0) - __stop_bug_frames_0 = .; - *(.bug_frames.1) - __stop_bug_frames_1 = .; - *(.bug_frames.2) - __stop_bug_frames_2 = .; - *(.bug_frames.3) - __stop_bug_frames_3 = .; + + BUGFRAMES + *(.rodata) *(.rodata.*) *(.data.rel.ro) diff --git a/xen/arch/ppc/xen.lds.S b/xen/arch/ppc/xen.lds.S index 8840a00446..38cd857187 100644 --- a/xen/arch/ppc/xen.lds.S +++ b/xen/arch/ppc/xen.lds.S @@ -45,16 +45,9 @@ SECTIONS . = ALIGN(PAGE_SIZE); DECL_SECTION(.rodata) { _srodata = .; /* Read-only data */ - /* Bug frames table */ - __start_bug_frames = .; - *(.bug_frames.0) - __stop_bug_frames_0 = .; - *(.bug_frames.1) - __stop_bug_frames_1 = .; - *(.bug_frames.2) - __stop_bug_frames_2 = .; - *(.bug_frames.3) - __stop_bug_frames_3 = .; + + BUGFRAMES + *(.rodata) *(.rodata.*) *(.data.rel.ro) diff --git a/xen/arch/riscv/xen.lds.S b/xen/arch/riscv/xen.lds.S index ace6f49c57..070b19d915 100644 --- a/xen/arch/riscv/xen.lds.S +++ b/xen/arch/riscv/xen.lds.S @@ -42,16 +42,9 @@ SECTIONS . = ALIGN(PAGE_SIZE); .rodata : { _srodata = .; /* Read-only data */ - /* Bug frames table */ - __start_bug_frames = .; - *(.bug_frames.0) - __stop_bug_frames_0 = .; - *(.bug_frames.1) - __stop_bug_frames_1 = .; - *(.bug_frames.2) - __stop_bug_frames_2 = .; - *(.bug_frames.3) - __stop_bug_frames_3 = .; + + BUGFRAMES + *(.rodata) *(.rodata.*) *(.data.rel.ro) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 1ef6645128..9a1dfe1b34 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -127,16 +127,7 @@ SECTIONS . = ALIGN(PAGE_SIZE); __ro_after_init_end = .; - /* Bug frames table */ - __start_bug_frames = .; - *(.bug_frames.0) - __stop_bug_frames_0 = .; - *(.bug_frames.1) - __stop_bug_frames_1 = .; - *(.bug_frames.2) - __stop_bug_frames_2 = .; - *(.bug_frames.3) - __stop_bug_frames_3 = .; + BUGFRAMES *(.rodata) *(.rodata.*) diff --git a/xen/include/xen/xen.lds.h b/xen/include/xen/xen.lds.h index be90f5ca0f..7ab7aa5678 100644 --- a/xen/include/xen/xen.lds.h +++ b/xen/include/xen/xen.lds.h @@ -114,6 +114,17 @@ /* List of constructs other than *_SECTIONS in alphabetical order. */ +#define BUGFRAMES \ + __start_bug_frames = .; \ + *(.bug_frames.0) \ + __stop_bug_frames_0 = .; \ + *(.bug_frames.1) \ + __stop_bug_frames_1 = .; \ + *(.bug_frames.2) \ + __stop_bug_frames_2 = .; \ + *(.bug_frames.3) \ + __stop_bug_frames_3 = .; + #ifdef CONFIG_HYPFS #define HYPFS_PARAM \ . = ALIGN(POINTER_ALIGN); \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:22:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703920.1099880 (Exim 4.92) (envelope-from ) id 1ruuNb-0001X3-DJ; Thu, 11 Apr 2024 13:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703920.1099880; Thu, 11 Apr 2024 13:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNb-0001Wv-A4; Thu, 11 Apr 2024 13:22:15 +0000 Received: by outflank-mailman (input) for mailman id 703920; Thu, 11 Apr 2024 13:22:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNZ-0001Wj-RQ for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNZ-0004F9-N0 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuNZ-0000JT-KK for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oUrBZs7msISIcK3soiPPXd3VtF49G29fe+qJ0cpQ7Aw=; b=qS4Xu4ksOdpf9mfJ/J084PeYal u/Xtry/ncf9mlgmSxrgKDduRRkPOY5lLIjsN7arca7AwL6PPF5Lswrbpsd2/7nvI7SPsd+4WRkHnK P+562f5ToNgFz/xxbzIKYElilhAaLgIOYhn63gHlX5xOqCanhlv38PHDif6VxpJGI6/g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/virtual-region: Rework how bugframe linkage works Message-Id: Date: Thu, 11 Apr 2024 13:22:13 +0000 commit 3434518d05f9526400599f4a738c400322f65fcf Author: Andrew Cooper AuthorDate: Fri Mar 15 18:43:53 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/virtual-region: Rework how bugframe linkage works The start/stop1/etc linkage scheme predates struct virtual_region, and as setup_virtual_regions() shows, it's awkward to express in the new scheme. Change the linker to provide explicit start/stop symbols for each bugframe type, and change virtual_region to have a stop pointer rather than a count. This marginally simplifies both do_bug_frame()s and prepare_payload(), but it massively simplifies setup_virtual_regions() by allowing the compiler to initialise the .frame[] array at build time. virtual_region.c is the only user of the linker symbols, and this is unlikely to change given the purpose of struct virtual_region, so move their externs out of bug.h No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Ross Lagerwall Reviewed-by: Jan Beulich Acked-by: Michal Orzel --- xen/arch/arm/traps.c | 5 ++--- xen/common/bug.c | 5 ++--- xen/common/livepatch.c | 7 +++---- xen/common/virtual_region.c | 45 ++++++++++++++++++---------------------- xen/include/xen/bug.h | 6 ------ xen/include/xen/virtual_region.h | 3 +-- xen/include/xen/xen.lds.h | 8 ++++++- 7 files changed, 35 insertions(+), 44 deletions(-) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 9cffe7f790..a8039087c8 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1226,10 +1226,9 @@ int do_bug_frame(const struct cpu_user_regs *regs, vaddr_t pc) for ( id = 0; id < BUGFRAME_NR; id++ ) { const struct bug_frame *b; - unsigned int i; - for ( i = 0, b = region->frame[id].bugs; - i < region->frame[id].n_bugs; b++, i++ ) + for ( b = region->frame[id].start; + b < region->frame[id].stop; b++ ) { if ( ((vaddr_t)bug_loc(b)) == pc ) { diff --git a/xen/common/bug.c b/xen/common/bug.c index c43e7c4397..b7c5d8fd4d 100644 --- a/xen/common/bug.c +++ b/xen/common/bug.c @@ -25,10 +25,9 @@ int do_bug_frame(const struct cpu_user_regs *regs, unsigned long pc) for ( id = 0; id < BUGFRAME_NR; id++ ) { const struct bug_frame *b; - size_t i; - for ( i = 0, b = region->frame[id].bugs; - i < region->frame[id].n_bugs; b++, i++ ) + for ( b = region->frame[id].start; + b < region->frame[id].stop; b++ ) { if ( bug_loc(b) == pc ) { diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index cabfb63911..351a3e0b9a 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -804,12 +804,11 @@ static int prepare_payload(struct payload *payload, if ( !sec ) continue; - if ( !section_ok(elf, sec, sizeof(*region->frame[i].bugs)) ) + if ( !section_ok(elf, sec, sizeof(*region->frame[i].start)) ) return -EINVAL; - region->frame[i].bugs = sec->load_addr; - region->frame[i].n_bugs = sec->sec->sh_size / - sizeof(*region->frame[i].bugs); + region->frame[i].start = sec->load_addr; + region->frame[i].stop = sec->load_addr + sec->sec->sh_size; } sec = livepatch_elf_sec_by_name(elf, ".altinstructions"); diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 142f21e181..7d8bdeb612 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -9,12 +9,25 @@ #include #include +extern const struct bug_frame + __start_bug_frames_0[], __stop_bug_frames_0[], + __start_bug_frames_1[], __stop_bug_frames_1[], + __start_bug_frames_2[], __stop_bug_frames_2[], + __start_bug_frames_3[], __stop_bug_frames_3[]; + static struct virtual_region core = { .list = LIST_HEAD_INIT(core.list), .text_start = _stext, .text_end = _etext, .rodata_start = _srodata, .rodata_end = _erodata, + + .frame = { + { __start_bug_frames_0, __stop_bug_frames_0 }, + { __start_bug_frames_1, __stop_bug_frames_1 }, + { __start_bug_frames_2, __stop_bug_frames_2 }, + { __start_bug_frames_3, __stop_bug_frames_3 }, + }, }; /* Becomes irrelevant when __init sections are cleared. */ @@ -22,6 +35,13 @@ static struct virtual_region core_init __initdata = { .list = LIST_HEAD_INIT(core_init.list), .text_start = _sinittext, .text_end = _einittext, + + .frame = { + { __start_bug_frames_0, __stop_bug_frames_0 }, + { __start_bug_frames_1, __stop_bug_frames_1 }, + { __start_bug_frames_2, __stop_bug_frames_2 }, + { __start_bug_frames_3, __stop_bug_frames_3 }, + }, }; /* @@ -133,31 +153,6 @@ void __init unregister_init_virtual_region(void) void __init setup_virtual_regions(const struct exception_table_entry *start, const struct exception_table_entry *end) { - size_t sz; - unsigned int i; - static const struct bug_frame *const __initconstrel bug_frames[] = { - __start_bug_frames, - __stop_bug_frames_0, - __stop_bug_frames_1, - __stop_bug_frames_2, - __stop_bug_frames_3, - NULL - }; - - for ( i = 1; bug_frames[i]; i++ ) - { - const struct bug_frame *s; - - s = bug_frames[i - 1]; - sz = bug_frames[i] - s; - - core.frame[i - 1].n_bugs = sz; - core.frame[i - 1].bugs = s; - - core_init.frame[i - 1].n_bugs = sz; - core_init.frame[i - 1].bugs = s; - } - core_init.ex = core.ex = start; core_init.ex_end = core.ex_end = end; diff --git a/xen/include/xen/bug.h b/xen/include/xen/bug.h index 77fe1e1ba8..99814c4bef 100644 --- a/xen/include/xen/bug.h +++ b/xen/include/xen/bug.h @@ -155,12 +155,6 @@ int do_bug_frame(const struct cpu_user_regs *regs, unsigned long pc); #endif /* CONFIG_GENERIC_BUG_FRAME */ -extern const struct bug_frame __start_bug_frames[], - __stop_bug_frames_0[], - __stop_bug_frames_1[], - __stop_bug_frames_2[], - __stop_bug_frames_3[]; - #endif /* !__ASSEMBLY__ */ #endif /* __XEN_BUG_H__ */ diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index dcdc95ba49..c8a90e3ef2 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -29,8 +29,7 @@ struct virtual_region symbols_lookup_t *symbols_lookup; struct { - const struct bug_frame *bugs; /* The pointer to array of bug frames. */ - size_t n_bugs; /* The number of them. */ + const struct bug_frame *start, *stop; /* Pointers to array of bug frames. */ } frame[BUGFRAME_NR]; const struct exception_table_entry *ex; diff --git a/xen/include/xen/xen.lds.h b/xen/include/xen/xen.lds.h index 7ab7aa5678..a17810bb28 100644 --- a/xen/include/xen/xen.lds.h +++ b/xen/include/xen/xen.lds.h @@ -115,13 +115,19 @@ /* List of constructs other than *_SECTIONS in alphabetical order. */ #define BUGFRAMES \ - __start_bug_frames = .; \ + __start_bug_frames_0 = .; \ *(.bug_frames.0) \ __stop_bug_frames_0 = .; \ + \ + __start_bug_frames_1 = .; \ *(.bug_frames.1) \ __stop_bug_frames_1 = .; \ + \ + __start_bug_frames_2 = .; \ *(.bug_frames.2) \ __stop_bug_frames_2 = .; \ + \ + __start_bug_frames_3 = .; \ *(.bug_frames.3) \ __stop_bug_frames_3 = .; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:22:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:22:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703921.1099882 (Exim 4.92) (envelope-from ) id 1ruuNl-0001a1-E2; Thu, 11 Apr 2024 13:22:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703921.1099882; Thu, 11 Apr 2024 13:22:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNl-0001Zu-Ba; Thu, 11 Apr 2024 13:22:25 +0000 Received: by outflank-mailman (input) for mailman id 703921; Thu, 11 Apr 2024 13:22:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNj-0001Zk-Qf for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNj-0004FR-Pz for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuNj-0000Js-P0 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W0QIqCYgjC9CSe+K42c2QWX4ujRYWChmLer51Oqc0b0=; b=eBEi+j1dM39GBbCmfhhv5ZV7A/ WdDgvcBhBmXqYAGCGlyRQvmyVtK1fhqYcjTb29qQzgjBUI34WhzF931sicF0TzzrZgnsgYKu/m1kW 9s9GT5zbD2/Bsueiu3PtN+RbTp9Vp5hN0JSJt436Ol8MtLWzLGt3myR2r2JRQY2EVVDI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/virtual-region: Link the list build time Message-Id: Date: Thu, 11 Apr 2024 13:22:23 +0000 commit 038ba305fda74c42707cf1ccb6d1d171d8433477 Author: Andrew Cooper AuthorDate: Fri Mar 15 17:18:42 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/virtual-region: Link the list build time Given 3 statically initialised objects, its easy to link the list at build time. There's no need to do it during runtime at boot (and with IRQs-off, even). As a consequence, register_virtual_region() can now move inside ifdef CONFIG_LIVEPATCH like unregister_virtual_region(). Signed-off-by: Andrew Cooper Reviewed-by: Michal Orzel --- xen/common/virtual_region.c | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 7d8bdeb612..fe4f53d86b 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -15,8 +15,19 @@ extern const struct bug_frame __start_bug_frames_2[], __stop_bug_frames_2[], __start_bug_frames_3[], __stop_bug_frames_3[]; +/* + * For the built-in regions, the double linked list can be constructed at + * build time. Forward-declare the elements and their initialisers. + */ +static struct list_head virtual_region_list; +static struct virtual_region core, core_init; + +#define LIST_ENTRY_HEAD() { .next = &core.list, .prev = &core_init.list } +#define LIST_ENTRY_CORE() { .next = &core_init.list, .prev = &virtual_region_list } +#define LIST_ENTRY_INIT() { .next = &virtual_region_list, .prev = &core.list } + static struct virtual_region core = { - .list = LIST_HEAD_INIT(core.list), + .list = LIST_ENTRY_CORE(), .text_start = _stext, .text_end = _etext, .rodata_start = _srodata, @@ -32,7 +43,7 @@ static struct virtual_region core = { /* Becomes irrelevant when __init sections are cleared. */ static struct virtual_region core_init __initdata = { - .list = LIST_HEAD_INIT(core_init.list), + .list = LIST_ENTRY_INIT(), .text_start = _sinittext, .text_end = _einittext, @@ -50,7 +61,7 @@ static struct virtual_region core_init __initdata = { * * All readers of virtual_region_list MUST use list_for_each_entry_rcu. */ -static LIST_HEAD(virtual_region_list); +static struct list_head virtual_region_list = LIST_ENTRY_HEAD(); static DEFINE_SPINLOCK(virtual_region_lock); static DEFINE_RCU_READ_LOCK(rcu_virtual_region_lock); @@ -73,15 +84,6 @@ const struct virtual_region *find_text_region(unsigned long addr) return region; } -void register_virtual_region(struct virtual_region *r) -{ - unsigned long flags; - - spin_lock_irqsave(&virtual_region_lock, flags); - list_add_tail_rcu(&r->list, &virtual_region_list); - spin_unlock_irqrestore(&virtual_region_lock, flags); -} - /* * Suggest inline so when !CONFIG_LIVEPATCH the function is not left * unreachable after init code is removed. @@ -96,6 +98,15 @@ static void inline remove_virtual_region(struct virtual_region *r) } #ifdef CONFIG_LIVEPATCH +void register_virtual_region(struct virtual_region *r) +{ + unsigned long flags; + + spin_lock_irqsave(&virtual_region_lock, flags); + list_add_tail_rcu(&r->list, &virtual_region_list); + spin_unlock_irqrestore(&virtual_region_lock, flags); +} + void unregister_virtual_region(struct virtual_region *r) { remove_virtual_region(r); @@ -155,9 +166,6 @@ void __init setup_virtual_regions(const struct exception_table_entry *start, { core_init.ex = core.ex = start; core_init.ex_end = core.ex_end = end; - - register_virtual_region(&core_init); - register_virtual_region(&core); } /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:22:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:22:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703922.1099887 (Exim 4.92) (envelope-from ) id 1ruuNv-0001cn-Fj; Thu, 11 Apr 2024 13:22:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703922.1099887; Thu, 11 Apr 2024 13:22:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNv-0001cf-D2; Thu, 11 Apr 2024 13:22:35 +0000 Received: by outflank-mailman (input) for mailman id 703922; Thu, 11 Apr 2024 13:22:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNt-0001cE-Tz for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuNt-0004Fe-TB for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuNt-0000KJ-SC for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FWzSqOBa5Q6wNUJXJAmkYqJc0cD6sVk9INTDaQ1FzKY=; b=abX8NIMQq8uIV4KBUIAyWl6GRn T8rFexv7oQzpCpF55AwIW0VsUFszx+ssTuJXPsxw/8ALD0pc3MhRNx2sAw5ZPfozYth2HLghwD5Do zRla1y5n1hMeQn+6a3dK1S8KiMLsSELFOLNf8ON4eBS5VioLJoNlGBjDvFlbXAKUzssA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/virtual-region: Drop setup_virtual_regions() Message-Id: Date: Thu, 11 Apr 2024 13:22:33 +0000 commit d37c1842360f5b4dfeb838268d2f8cacf5ff35bd Author: Andrew Cooper AuthorDate: Fri Mar 15 17:47:58 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/virtual-region: Drop setup_virtual_regions() All other actions it used to perform have been converted to build-time initialisation. The extable setup can done at build time too. This is one fewer setup step required to get exceptions working. Take the opportunity to move 'core' into read_mostly, where it probably should have lived all along. Signed-off-by: Andrew Cooper Reviewed-by: Luca Fancellu Tested-by: Luca Fancellu --- xen/arch/arm/setup.c | 1 - xen/arch/x86/setup.c | 2 -- xen/common/virtual_region.c | 19 +++++++++++-------- xen/include/xen/virtual_region.h | 4 ++-- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 424744ad5e..b9a7f61f73 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -719,7 +719,6 @@ void asmlinkage __init start_xen(unsigned long boot_phys_offset, percpu_init_areas(); set_processor_id(0); /* needed early, for smp_processor_id() */ - setup_virtual_regions(NULL, NULL); /* Initialize traps early allow us to get backtrace when an error occurred */ init_traps(); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index ac983ddc69..86cd8b9997 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1014,8 +1014,6 @@ void asmlinkage __init noreturn __start_xen(unsigned long mbi_p) smp_prepare_boot_cpu(); sort_exception_tables(); - setup_virtual_regions(__start___ex_table, __stop___ex_table); - /* Full exception support from here on in. */ rdmsrl(MSR_EFER, this_cpu(efer)); diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index fe4f53d86b..52405d84b2 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -26,7 +26,7 @@ static struct virtual_region core, core_init; #define LIST_ENTRY_CORE() { .next = &core_init.list, .prev = &virtual_region_list } #define LIST_ENTRY_INIT() { .next = &virtual_region_list, .prev = &core.list } -static struct virtual_region core = { +static struct virtual_region core __read_mostly = { .list = LIST_ENTRY_CORE(), .text_start = _stext, .text_end = _etext, @@ -39,6 +39,11 @@ static struct virtual_region core = { { __start_bug_frames_2, __stop_bug_frames_2 }, { __start_bug_frames_3, __stop_bug_frames_3 }, }, + +#ifdef CONFIG_HAS_EX_TABLE + .ex = __start___ex_table, + .ex_end = __stop___ex_table, +#endif }; /* Becomes irrelevant when __init sections are cleared. */ @@ -53,6 +58,11 @@ static struct virtual_region core_init __initdata = { { __start_bug_frames_2, __stop_bug_frames_2 }, { __start_bug_frames_3, __stop_bug_frames_3 }, }, + +#ifdef CONFIG_HAS_EX_TABLE + .ex = __start___ex_table, + .ex_end = __stop___ex_table, +#endif }; /* @@ -161,13 +171,6 @@ void __init unregister_init_virtual_region(void) remove_virtual_region(&core_init); } -void __init setup_virtual_regions(const struct exception_table_entry *start, - const struct exception_table_entry *end) -{ - core_init.ex = core.ex = start; - core_init.ex_end = core.ex_end = end; -} - /* * Local variables: * mode: C diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index c8a90e3ef2..a18dfb6fb0 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -32,13 +32,13 @@ struct virtual_region const struct bug_frame *start, *stop; /* Pointers to array of bug frames. */ } frame[BUGFRAME_NR]; +#ifdef CONFIG_HAS_EX_TABLE const struct exception_table_entry *ex; const struct exception_table_entry *ex_end; +#endif }; const struct virtual_region *find_text_region(unsigned long addr); -void setup_virtual_regions(const struct exception_table_entry *start, - const struct exception_table_entry *end); void unregister_init_virtual_region(void); void register_virtual_region(struct virtual_region *r); void unregister_virtual_region(struct virtual_region *r); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:22:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:22:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703923.1099891 (Exim 4.92) (envelope-from ) id 1ruuO5-0001fh-HI; Thu, 11 Apr 2024 13:22:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703923.1099891; Thu, 11 Apr 2024 13:22:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuO5-0001fa-ES; Thu, 11 Apr 2024 13:22:45 +0000 Received: by outflank-mailman (input) for mailman id 703923; Thu, 11 Apr 2024 13:22:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuO4-0001fP-0i for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuO4-0004Fu-01 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuO3-0000Kj-VH for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bDg8TYjzSojaZh4fs8plU1zK530lttfn3HVhGgwcUhI=; b=4Ngq/eE4feYiZBGAl9NHk5nTRh SEzo6SoE1HfjZAoNf1ogSbii8Us+j81Cew1ESNvPS/+YS98mQmPSWdAYfkQcwUn1bKyPUdptNS349 BnuFTwop+gkqvpbVVH7vHe5pB31lCbAId4vxuNBK4OFC5/xHDEVzbw+wz1mFpaEPcpKA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvm: Fix Misra Rule 19.1 regression Message-Id: Date: Thu, 11 Apr 2024 13:22:43 +0000 commit d0a718a45f14b86471d8eb3083acd72760963470 Author: Andrew Cooper AuthorDate: Wed Apr 10 11:26:24 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/hvm: Fix Misra Rule 19.1 regression Despite noticing an impending Rule 19.1 violation, the adjustment made (the uint32_t cast) wasn't sufficient to avoid it. Try again. Subsequently noticed by Coverity too. Fixes: 6a98383b0877 ("x86/HVM: clear upper halves of GPRs upon entry from 32-bit code") Coverity-IDs: 1596289 thru 1596298 Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini --- xen/arch/x86/include/asm/hvm/hvm.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 595253babe..899233fb25 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -575,16 +575,16 @@ static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, if ( compat ) { /* Clear GPR upper halves, to counteract guests playing games. */ - regs->rbp = (uint32_t)regs->ebp; - regs->rbx = (uint32_t)regs->ebx; - regs->rax = (uint32_t)regs->eax; - regs->rcx = (uint32_t)regs->ecx; - regs->rdx = (uint32_t)regs->edx; - regs->rsi = (uint32_t)regs->esi; - regs->rdi = (uint32_t)regs->edi; - regs->rip = (uint32_t)regs->eip; - regs->rflags = (uint32_t)regs->eflags; - regs->rsp = (uint32_t)regs->esp; + regs->rbp = (uint32_t)regs->rbp; + regs->rbx = (uint32_t)regs->rbx; + regs->rax = (uint32_t)regs->rax; + regs->rcx = (uint32_t)regs->rcx; + regs->rdx = (uint32_t)regs->rdx; + regs->rsi = (uint32_t)regs->rsi; + regs->rdi = (uint32_t)regs->rdi; + regs->rip = (uint32_t)regs->rip; + regs->rflags = (uint32_t)regs->rflags; + regs->rsp = (uint32_t)regs->rsp; } #ifndef NDEBUG -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:22:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:22:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703924.1099895 (Exim 4.92) (envelope-from ) id 1ruuOF-0001j8-KQ; Thu, 11 Apr 2024 13:22:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703924.1099895; Thu, 11 Apr 2024 13:22:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOF-0001j0-Hy; Thu, 11 Apr 2024 13:22:55 +0000 Received: by outflank-mailman (input) for mailman id 703924; Thu, 11 Apr 2024 13:22:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOE-0001ip-43 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOE-0004G1-3B for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuOE-0000LP-29 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:22:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/yN0m9cIm5g4Y9RDKuyRBv6EeWMsv6Jmd/s1VZEns10=; b=BL34t1rJ6yw9KBBUfB1LB7VDfX nIHw+sMPHwJWNY/KnqGB6Af8+NNQxFA6M1bedsKDCZfi2LivG/nQb4Sxn7IK344yV0mlPYB6iXDXZ +/elxcKI7gXZ6jrfhVVZhoLlrAlewqhc932VzQiiNBaPJycg2W/KN1Uc/u0xVNFE72HM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/nospec: Remove unreachable code Message-Id: Date: Thu, 11 Apr 2024 13:22:54 +0000 commit 52bde26c1c651983e396002e2b0aeb8ef414e2d7 Author: Andrew Cooper AuthorDate: Wed Apr 10 20:08:03 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/nospec: Remove unreachable code When CONFIG_SPECULATIVE_HARDEN_LOCK is active, this reads: static always_inline bool lock_evaluate_nospec(bool condition) { return arch_lock_evaluate_nospec(condition); return condition; } Insert an #else to take out the second return. Fixes: 7ef0084418e1 ("x86/spinlock: introduce support for blocking speculation into critical regions") Signed-off-by: Andrew Cooper Reviewed-by: Luca Fancellu Reviewed-by: Stefano Stabellini --- xen/include/xen/nospec.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/include/xen/nospec.h b/xen/include/xen/nospec.h index 9fb15aa26a..828dbd4e0a 100644 --- a/xen/include/xen/nospec.h +++ b/xen/include/xen/nospec.h @@ -82,8 +82,9 @@ static always_inline bool lock_evaluate_nospec(bool condition) { #ifdef CONFIG_SPECULATIVE_HARDEN_LOCK return arch_lock_evaluate_nospec(condition); -#endif +#else return condition; +#endif } #endif /* XEN_NOSPEC_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:23:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:23:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703925.1099899 (Exim 4.92) (envelope-from ) id 1ruuOP-0001ll-Lz; Thu, 11 Apr 2024 13:23:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703925.1099899; Thu, 11 Apr 2024 13:23:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOP-0001lc-JJ; Thu, 11 Apr 2024 13:23:05 +0000 Received: by outflank-mailman (input) for mailman id 703925; Thu, 11 Apr 2024 13:23:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOO-0001lQ-7A for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOO-0004GS-6L for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuOO-0000Ly-5M for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/2ihOagGZN9qmF9BHPnHbij7bAZbgPfDQ/rZCGhLKZU=; b=xA/Q0o6W0chCDQOXiuuci9YZ27 ja4njhHjLMU1Ib2/MzL0Aswjg25zL4vpSgwkspt0xmZu/JKzsyevC9833olX9pKTqgEjpw1TB17X2 /uAntCUq1TwOuw1LDqJQHxy1GuBngObtLgS2MGPtgLOQeP9N1j2KhQlavGeG6xK7NshI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/vPCI: Remove shadowed variable Message-Id: Date: Thu, 11 Apr 2024 13:23:04 +0000 commit e5b93b70d5f1921867bd59b35562b28766c65f69 Author: Andrew Cooper AuthorDate: Wed Apr 10 20:28:23 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/vPCI: Remove shadowed variable Resolves a MISRA R5.3 violation. Fixes: 622bdd962822 ("vpci/header: handle p2m range sets per BAR") Signed-off-by: Andrew Cooper Reviewed-by: Luca Fancellu Reviewed-by: Stefano Stabellini Acked-by: Roger Pau Monné --- xen/drivers/vpci/vpci.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index 260b72875e..97e115dc57 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -62,8 +62,6 @@ void vpci_deassign_device(struct pci_dev *pdev) spin_unlock(&pdev->vpci->lock); if ( pdev->vpci->msix ) { - unsigned int i; - list_del(&pdev->vpci->msix->next); for ( i = 0; i < ARRAY_SIZE(pdev->vpci->msix->table); i++ ) if ( pdev->vpci->msix->table[i] ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:23:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:23:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703926.1099902 (Exim 4.92) (envelope-from ) id 1ruuOZ-0001pg-Nb; Thu, 11 Apr 2024 13:23:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703926.1099902; Thu, 11 Apr 2024 13:23:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOZ-0001pZ-LC; Thu, 11 Apr 2024 13:23:15 +0000 Received: by outflank-mailman (input) for mailman id 703926; Thu, 11 Apr 2024 13:23:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOY-0001pQ-A2 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOY-0004Gu-9I for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuOY-0000Me-8R for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0UCPXmpINVr0xu5e7UOqSJUsmeRZovDyflf8dvC0a0c=; b=PbbCDpn96UxtYFlljVpMEiyUQa sCn1eJJJUD2hP44bW35O7ykROHssvzsWuZRHDoDqayJ2qT/HsCumt5QLc+C50PMz4YGm9TcIJSsBS mGgsJnuoLCD8gCgen6phsctSwSR1mHVIUyed9gT5zL037p9su5IHY6zOgAc2QBdczu4c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/spinlock: Adjust LOCK_DEBUG_INITVAL to placate MISRA Message-Id: Date: Thu, 11 Apr 2024 13:23:14 +0000 commit 761358b9ebd8584e7fe9c66dbfa477f644617478 Author: Andrew Cooper AuthorDate: Wed Apr 10 20:32:24 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/spinlock: Adjust LOCK_DEBUG_INITVAL to placate MISRA Resolves 160 MISRA R7.2 violations. Fixes: c286bb93d20c ("xen/spinlock: support higher number of cpus") Signed-off-by: Andrew Cooper Reviewed-by: Luca Fancellu Reviewed-by: Stefano Stabellini Reviewed-by: Nicola Vetrini --- xen/include/xen/spinlock.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index db00a24646..18793c5e29 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -13,7 +13,7 @@ #ifdef CONFIG_DEBUG_LOCKS union lock_debug { uint32_t val; -#define LOCK_DEBUG_INITVAL 0xffffffff +#define LOCK_DEBUG_INITVAL 0xffffffffU struct { unsigned int cpu:SPINLOCK_CPU_BITS; #define LOCK_DEBUG_PAD_BITS (30 - SPINLOCK_CPU_BITS) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:23:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:23:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703927.1099906 (Exim 4.92) (envelope-from ) id 1ruuOj-0001sk-Oz; Thu, 11 Apr 2024 13:23:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703927.1099906; Thu, 11 Apr 2024 13:23:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOj-0001sd-Ma; Thu, 11 Apr 2024 13:23:25 +0000 Received: by outflank-mailman (input) for mailman id 703927; Thu, 11 Apr 2024 13:23:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOi-0001sJ-D1 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOi-0004H6-CF for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuOi-0000N8-BN for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RkucxYwELpQibCNnYA8D8JqHr2YCHq9uSvsmnsD2/yA=; b=10OxB7DnZadPvmF2OvoYIJgOLz rfhAXfHKC8kA/6gWucs6mw2EZrSQPiJVzgCLejwA2eA5/ZxTygnl3BCITsViRqqDfUncYEWXNJsLf 1fL+4jjZddUsi51+GOmWFR5feWxYXgH2qpwxUP+/Fo9sVFrD+NMz5KFEuGTtqRb1Y5bc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/emul: Adjust X86EMUL_OPC_EXT_MASK to placate MISRA Message-Id: Date: Thu, 11 Apr 2024 13:23:24 +0000 commit 478002370cfb99d65731aedd78fbfa017c730ee7 Author: Andrew Cooper AuthorDate: Wed Apr 10 20:41:27 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/emul: Adjust X86EMUL_OPC_EXT_MASK to placate MISRA Resolves 4740 MISRA R7.2 violations (of 4935, so 96% of them). Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini --- xen/arch/x86/x86_emulate/x86_emulate.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.h b/xen/arch/x86/x86_emulate/x86_emulate.h index 698750267a..d92be69d84 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.h +++ b/xen/arch/x86/x86_emulate/x86_emulate.h @@ -620,7 +620,7 @@ struct x86_emulate_ctxt * below). * Hence no separate #define-s get added. */ -#define X86EMUL_OPC_EXT_MASK 0xffff0000 +#define X86EMUL_OPC_EXT_MASK 0xffff0000U #define X86EMUL_OPC(ext, byte) ((uint8_t)(byte) | \ MASK_INSR((ext), X86EMUL_OPC_EXT_MASK)) /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:23:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:23:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703928.1099911 (Exim 4.92) (envelope-from ) id 1ruuOt-0001vy-Qk; Thu, 11 Apr 2024 13:23:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703928.1099911; Thu, 11 Apr 2024 13:23:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOt-0001vq-Nx; Thu, 11 Apr 2024 13:23:35 +0000 Received: by outflank-mailman (input) for mailman id 703928; Thu, 11 Apr 2024 13:23:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOs-0001vc-Fs for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuOs-0004HR-FB for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuOs-0000Na-EK for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W1AKSFETA9dtHdNdQAX/5AQiegEuJuuFv4lif6S+9Ys=; b=1a9vNcdseeQfULzDu6BgxpQJ+f vM/OOYnRMees9x9YXC9fql6slKCVVhzymKwcNDUSdlYH7kOtqEg3FoT40BcquceDwe6/CEWywIyoR 3gJpd6CU6iKfHj4gASxdQlJVOHhQ2FYKFFU/67Hrm4IxIDVhxxtfip2tX1Bdxx4L4OTo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/vlapic: tidy switch statement and address MISRA violation Message-Id: Date: Thu, 11 Apr 2024 13:23:34 +0000 commit 6af626c1da682655a6734a0d47899cb9b03d71ae Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:29 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/vlapic: tidy switch statement and address MISRA violation Refactor the last clauses so that a violation of MISRA C Rule 16.2 is resolved (A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement). The switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. No functional change. Suggested-by: Jan Beulich Signed-off-by: Nicola Vetrini Reviewed-by: Stefano Stabellini --- xen/arch/x86/hvm/vlapic.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index dcbcf4a1fe..05072a21bf 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -1033,11 +1033,11 @@ int guest_wrmsr_x2apic(struct vcpu *v, uint32_t msr, uint64_t val) case APIC_EOI: case APIC_ESR: - if ( val ) - { + if ( !val ) + break; + fallthrough; default: return X86EMUL_EXCEPTION; - } } vlapic_reg_write(v, array_index_nospec(offset, PAGE_SIZE), val); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:23:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:23:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703929.1099915 (Exim 4.92) (envelope-from ) id 1ruuP3-00021f-S0; Thu, 11 Apr 2024 13:23:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703929.1099915; Thu, 11 Apr 2024 13:23:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuP3-00021X-PJ; Thu, 11 Apr 2024 13:23:45 +0000 Received: by outflank-mailman (input) for mailman id 703929; Thu, 11 Apr 2024 13:23:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuP2-00021Q-IR for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuP2-0004Hc-Hm for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuP2-0000O6-HA for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4FbfUtOOLWjHzwky4ZNZR+ZZcUaQJ5O1/3xtU7OvheI=; b=r3gflmPgUOcK6DruVmbx9ySd8z PQOwaDZ36eA4ymYNg2to+wgR7h4DTu1RfRCzIVtiWv0o8i2A7heoFoZVTbj0vHqsHRO0oBJ88Vj2Q dcRlN5JZdVoZuTjGOTSRADI4ZGUdImK0/xK9u2R3AzH7XsLx0pUdRimlHXPBCsT55WvA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpuid: address violation of MISRA C Rule 16.2 Message-Id: Date: Thu, 11 Apr 2024 13:23:44 +0000 commit 3b51a812e03a36a44b154b261458c9ff88b98c60 Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:30 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/cpuid: address violation of MISRA C Rule 16.2 Refactor the switch so that a violation of MISRA C Rule 16.2 is resolved (A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement). Note that the switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/cpuid.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 7290a979c6..7a38e03214 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -331,23 +331,22 @@ void guest_cpuid(const struct vcpu *v, uint32_t leaf, switch ( subleaf ) { case 1: - if ( p->xstate.xsavec || p->xstate.xsaves ) - { - /* - * TODO: Figure out what to do for XSS state. VT-x manages - * host vs guest MSR_XSS automatically, so as soon as we start - * supporting any XSS states, the wrong XSS will be in - * context. - */ - BUILD_BUG_ON(XSTATE_XSAVES_ONLY != 0); + if ( !p->xstate.xsavec && !p->xstate.xsaves ) + break; - /* - * Read CPUID[0xD,0/1].EBX from hardware. They vary with - * enabled XSTATE, and appropraite XCR0|XSS are in context. - */ + /* + * TODO: Figure out what to do for XSS state. VT-x manages host + * vs guest MSR_XSS automatically, so as soon as we start + * supporting any XSS states, the wrong XSS will be in context. + */ + BUILD_BUG_ON(XSTATE_XSAVES_ONLY != 0); + fallthrough; case 0: - res->b = cpuid_count_ebx(leaf, subleaf); - } + /* + * Read CPUID[0xD,0/1].EBX from hardware. They vary with enabled + * XSTATE, and appropriate XCR0|XSS are in context. + */ + res->b = cpuid_count_ebx(leaf, subleaf); break; } break; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:23:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:23:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703930.1099919 (Exim 4.92) (envelope-from ) id 1ruuPD-00026x-TT; Thu, 11 Apr 2024 13:23:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703930.1099919; Thu, 11 Apr 2024 13:23:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPD-00026p-Qg; Thu, 11 Apr 2024 13:23:55 +0000 Received: by outflank-mailman (input) for mailman id 703930; Thu, 11 Apr 2024 13:23:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPC-00025Q-LT for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPC-0004Hu-Ke for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuPC-0000OW-Jz for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:23:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rTiFnpHu3l/I6cY5FyeTTFrFos0mZsiz0EpHWn++X9k=; b=xt9mOa3/LkPjiZZMtXqla2YK/E Ra+FjaFO8pvbRF+MkrVVX0/kfdkAmoDg+wfyb08nnpEPdNJzEDDpG/zVgX11vKKt9vCQrWdGycNAq EzvQtyi0WQTfpAUOs2qQGkCp9uMEo6Zv/jo/P/AX+SPe7UhZ2hyVoFv7SL2fDJkB4ics=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/irq: tidy switch statement and address MISRA violation Message-Id: Date: Thu, 11 Apr 2024 13:23:54 +0000 commit 24f204748ef978eba6ae4f83bb5b7daacab5acb1 Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:31 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/irq: tidy switch statement and address MISRA violation Refactor the clauses so that a MISRA C Rule 16.2 violation is resolved (A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement). Note that the switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Andrew Cooper --- xen/arch/x86/irq.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index a042faf104..80ba8d9fe9 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -2882,7 +2882,7 @@ int allocate_and_map_gsi_pirq(struct domain *d, int index, int *pirq_p) int allocate_and_map_msi_pirq(struct domain *d, int index, int *pirq_p, int type, struct msi_info *msi) { - int irq, pirq, ret; + int irq = -1, pirq, ret; ASSERT_PDEV_LIST_IS_READ_LOCKED(d); @@ -2892,11 +2892,10 @@ int allocate_and_map_msi_pirq(struct domain *d, int index, int *pirq_p, if ( !msi->table_base ) msi->entry_nr = 1; irq = index; - if ( irq == -1 ) - { + fallthrough; case MAP_PIRQ_TYPE_MULTI_MSI: + if( irq == -1 ) irq = create_irq(NUMA_NO_NODE, true); - } if ( irq < nr_irqs_gsi || irq >= nr_irqs ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:24:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:24:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703931.1099923 (Exim 4.92) (envelope-from ) id 1ruuPO-0002DE-VA; Thu, 11 Apr 2024 13:24:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703931.1099923; Thu, 11 Apr 2024 13:24:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPO-0002D6-SI; Thu, 11 Apr 2024 13:24:06 +0000 Received: by outflank-mailman (input) for mailman id 703931; Thu, 11 Apr 2024 13:24:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPM-0002BJ-OC for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPM-0004IF-NY for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuPM-0000Pa-Mk for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BjzmJIdgt5v1HQ700S4Uty4zAxAdTNMfNf6m48JpfJ8=; b=rLSnJPefjmSSptpAsWP/w15dXs F+i0e3CtGs/YwgJeqL8vFH0pomFIRjEi4+TrC+wwTzi4UNnnU8OAL2vNEOk0bcVNjTYDQpEBWrZ4J HknEbuKqJvl/CkGv1ToGWOhZz8os3Ld5HVOnmPOcc7usAwFuSswZuddOt3v2d2pmOijE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/efi: tidy switch statement and address MISRA violation Message-Id: Date: Thu, 11 Apr 2024 13:24:04 +0000 commit f509d39d5bb35d2ce200ebe75ad8cbb5f35a7ae2 Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:32 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/efi: tidy switch statement and address MISRA violation Refactor the first clauses so that a violation of MISRA C Rule 16.2 is resolved (a switch label, "default" in this case, should be immediately enclosed in the compound statement of the switch). Note that the switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. Convert fallthrough comments in other clauses to the pseudo-keyword while at it. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Andrew Cooper --- xen/arch/x86/efi/efi-boot.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 8ea64e31cd..f282358435 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -169,20 +169,23 @@ static void __init efi_arch_process_memory_map(EFI_SYSTEM_TABLE *SystemTable, switch ( desc->Type ) { + default: + type = E820_RESERVED; + break; + case EfiBootServicesCode: case EfiBootServicesData: if ( map_bs ) { - default: type = E820_RESERVED; break; } - /* fall through */ + fallthrough; case EfiConventionalMemory: if ( !trampoline_phys && desc->PhysicalStart + len <= 0x100000 && len >= cfg.size && desc->PhysicalStart + len > cfg.addr ) cfg.addr = (desc->PhysicalStart + len - cfg.size) & PAGE_MASK; - /* fall through */ + fallthrough; case EfiLoaderCode: case EfiLoaderData: if ( desc->Attribute & EFI_MEMORY_RUNTIME ) @@ -190,9 +193,13 @@ static void __init efi_arch_process_memory_map(EFI_SYSTEM_TABLE *SystemTable, else if ( desc->Attribute & EFI_MEMORY_WB ) type = E820_RAM; else - case EfiUnusableMemory: type = E820_UNUSABLE; break; + + case EfiUnusableMemory: + type = E820_UNUSABLE; + break; + case EfiACPIReclaimMemory: type = E820_ACPI; break; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:24:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:24:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703932.1099927 (Exim 4.92) (envelope-from ) id 1ruuPY-0002JP-1U; Thu, 11 Apr 2024 13:24:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703932.1099927; Thu, 11 Apr 2024 13:24:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPX-0002JH-V3; Thu, 11 Apr 2024 13:24:15 +0000 Received: by outflank-mailman (input) for mailman id 703932; Thu, 11 Apr 2024 13:24:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPW-0002Iy-Sj for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPW-0004Ii-QH for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuPW-0000Q3-Pd for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/3Vq3TcmvtKyj6jgq4wAm0C2kP0eI0CuQ14pFBmwTBY=; b=NPhOleorP+VhXcLsb+GRRWzhw9 x8aXEMi4SA94tdJOUykPi9vgKw5enuXETlJo0CInEOg67hQTtStyy/Eh/hkCvkaw4dV8aFqZLbX0c hBYf2yIFOdVECu9WesxdTIh0fID5+5RwkgoXTs56frl5MZKzPIH60nkJ7a/8DAFy9Osc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/domctl: address violations of MISRA C Rule 16.2 Message-Id: Date: Thu, 11 Apr 2024 13:24:14 +0000 commit eeab8c4619c26e4ba4055430a46d6180cc73b2be Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:33 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/domctl: address violations of MISRA C Rule 16.2 Refactor the first clauses so that a violation of MISRA C Rule 16.2 is resolved (a switch label should be immediately enclosed in the compound statement of the switch). Note that the switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. Convert fallthrough comments in other clauses to the pseudo-keyword while at it. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/common/domctl.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 43b0b074c3..2c0331bb05 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -293,6 +293,10 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) switch ( op->cmd ) { + case XEN_DOMCTL_createdomain: + d = NULL; + break; + case XEN_DOMCTL_assign_device: case XEN_DOMCTL_deassign_device: if ( op->domain == DOMID_IO ) @@ -302,16 +306,15 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) } else if ( op->domain == DOMID_INVALID ) return -ESRCH; - /* fall through */ + fallthrough; case XEN_DOMCTL_test_assign_device: case XEN_DOMCTL_vm_event_op: if ( op->domain == DOMID_INVALID ) { - case XEN_DOMCTL_createdomain: d = NULL; break; } - /* fall through */ + fallthrough; default: d = rcu_lock_domain_by_id(op->domain); if ( !d ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:24:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:24:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703933.1099930 (Exim 4.92) (envelope-from ) id 1ruuPi-0002PP-2j; Thu, 11 Apr 2024 13:24:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703933.1099930; Thu, 11 Apr 2024 13:24:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPi-0002PI-0J; Thu, 11 Apr 2024 13:24:26 +0000 Received: by outflank-mailman (input) for mailman id 703933; Thu, 11 Apr 2024 13:24:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPg-0002PB-Td for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPg-0004Iq-Sw for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuPg-0000QW-SJ for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0tRwu3ZoESdLN/qtGTm2XDFeknI3Mx23ovqAHYz8FEo=; b=ctO3r6C/rX3iJgW5iv+81N5sp5 KmIV8RKgeHHZPLj+kS3iwyG/h/Y5WifJ4i/tVTxdnOWJH7O4NvpsKImZIq9qW1k+B0hkxl2TO7/cE zs9xj+0pqclZQS3SP/9DnmSV8lkH4d3ZIgDPs/Bn+k0aALFXElklYbdEuZFTqWWXr/f4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hvm: address violations of MISRA C Rule 16.2 Message-Id: Date: Thu, 11 Apr 2024 13:24:24 +0000 commit bbbbd024e8e5d5a286af51de883a33989a2031dc Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:34 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/hvm: address violations of MISRA C Rule 16.2 Refactor the switch so that a violation of MISRA C Rule 16.2 is resolved (a switch label should be immediately enclosed in the compound statement of the switch). The switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/hvm/hypercall.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index eeb73e1aa5..14679dd829 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -119,12 +119,12 @@ int hvm_hypercall(struct cpu_user_regs *regs) (mode == 8 ? regs->rdi : regs->ebx) == HVMOP_guest_request_vm_event ) break; - if ( unlikely(hvm_get_cpl(curr)) ) - { + if ( likely(!hvm_get_cpl(curr)) ) + break; + fallthrough; default: - regs->rax = -EPERM; - return HVM_HCALL_completed; - } + regs->rax = -EPERM; + return HVM_HCALL_completed; case 0: break; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:24:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:24:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703934.1099934 (Exim 4.92) (envelope-from ) id 1ruuPs-0002VB-4K; Thu, 11 Apr 2024 13:24:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703934.1099934; Thu, 11 Apr 2024 13:24:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPs-0002V3-1l; Thu, 11 Apr 2024 13:24:36 +0000 Received: by outflank-mailman (input) for mailman id 703934; Thu, 11 Apr 2024 13:24:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPr-0002TH-1x for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuPq-0004KV-Vi for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuPq-0000RJ-V1 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZfR86NWUyc29GUhxNhRMlaScS0Rnb+wledSe6qhmnEw=; b=dHVMflb9bqqHuLm5G2+b8KQPdv n5pygU+VrAETiVquCijDBatPMnx6BWkIgykVNkfD4SlJAiKgtgthVShzAqAI0BfzabPxTXQCwFKsN a0VDaV/VGVqrKwSjDrkZssczLLUkF+GKSHz3tR9EvejfXfLYJZT1W2DTCZqVj1tTOP7c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/xsm: address violation of MISRA C Rule 16.2 Message-Id: Date: Thu, 11 Apr 2024 13:24:34 +0000 commit 2145512e212f2967a1c93f0845692b8e0714d24b Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:35 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/xsm: address violation of MISRA C Rule 16.2 Refactor the switch so that a violation of MISRA C Rule 16.2 is resolved (A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement). Note that the switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. Signed-off-by: Nicola Vetrini Acked-by: Daniel P. Smith Reviewed-by: Stefano Stabellini --- xen/include/xsm/dummy.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 88039fdd22..00d2cbebf2 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -83,17 +83,17 @@ static always_inline int xsm_default_action( return 0; case XSM_TARGET: if ( evaluate_nospec(src == target) ) - { return 0; + fallthrough; case XSM_XS_PRIV: - if ( evaluate_nospec(is_xenstore_domain(src)) ) - return 0; - } - /* fall through */ + if ( action == XSM_XS_PRIV && + evaluate_nospec(is_xenstore_domain(src)) ) + return 0; + fallthrough; case XSM_DM_PRIV: if ( target && evaluate_nospec(src->target == target) ) return 0; - /* fall through */ + fallthrough; case XSM_PRIV: if ( is_control_domain(src) ) return 0; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:24:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:24:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703935.1099939 (Exim 4.92) (envelope-from ) id 1ruuQ2-0002aJ-6T; Thu, 11 Apr 2024 13:24:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703935.1099939; Thu, 11 Apr 2024 13:24:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQ2-0002aB-3t; Thu, 11 Apr 2024 13:24:46 +0000 Received: by outflank-mailman (input) for mailman id 703935; Thu, 11 Apr 2024 13:24:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQ1-0002a1-3M for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQ1-0004Kh-2i for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuQ1-0000SI-23 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Jw2uPdvtkXanjS6WgD/PE3bds+r4sNkEe+Wd+gPb16s=; b=QceMgZCvNXeE3sxkjO+ueQCbGJ ZI1Et6XinxGIcvz6jL8sxNV18XsEnB8NaXC1kEqM6UUyL3CvH0ksw1LhnXvZbprqrMtJimsAK1uzq q5QiwycMlV8dU9H2tB8u4KrWtnSBWY5YiHDPmdwwud5zkyrj5KopH743YmwvmJwBK1ao=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/acpi: Allow xen/acpi.h to be included on non-ACPI archs Message-Id: Date: Thu, 11 Apr 2024 13:24:45 +0000 commit c304bdf1e769830abc849721c05870352e919c2a Author: Shawn Anastasio AuthorDate: Fri Apr 5 13:20:31 2024 -0500 Commit: Andrew Cooper CommitDate: Thu Apr 11 14:16:36 2024 +0100 xen/acpi: Allow xen/acpi.h to be included on non-ACPI archs Conditionalize xen/acpi.h's inclusion of acpi/acpi.h and asm/acpi.h on CONFIG_ACPI and import ARM's !CONFIG_ACPI stub for acpi_disabled() so that the header can be included on architectures without ACPI support, like ppc. This change revealed some missing #includes across the ARM tree, so fix those as well. Suggested-by: Jan Beulich Signed-off-by: Shawn Anastasio Acked-by: Jan Beulich Reviewed-by: Michal Orzel [Fold Randconfig fix] Signed-off-by: Andrew Cooper --- xen/arch/arm/arm32/mmu/mm.c | 1 + xen/arch/arm/arm64/smpboot.c | 3 ++- xen/arch/arm/domain_build.c | 1 - xen/arch/arm/gic-v2.c | 1 - xen/arch/arm/gic-v3.c | 2 -- xen/arch/arm/include/asm/acpi.h | 1 - xen/arch/arm/mmu/pt.c | 1 + xen/arch/arm/mmu/setup.c | 1 + xen/arch/arm/psci.c | 1 + xen/arch/arm/smpboot.c | 1 + xen/arch/arm/traps.c | 3 ++- xen/common/sched/boot-cpupool.c | 2 +- xen/include/xen/acpi.h | 8 ++++++-- 13 files changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/arm/arm32/mmu/mm.c b/xen/arch/arm/arm32/mmu/mm.c index cb441ca87c..0ab6ae52a6 100644 --- a/xen/arch/arm/arm32/mmu/mm.c +++ b/xen/arch/arm/arm32/mmu/mm.c @@ -3,6 +3,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/arch/arm/arm64/smpboot.c b/xen/arch/arm/arm64/smpboot.c index bf81d018b3..a225fae64d 100644 --- a/xen/arch/arm/arm64/smpboot.c +++ b/xen/arch/arm/arm64/smpboot.c @@ -1,4 +1,6 @@ +#include #include +#include #include #include #include @@ -7,7 +9,6 @@ #include #include #include -#include struct smp_enable_ops { int (*prepare_cpu)(int cpu); diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 085d88671e..54232ed4cb 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -18,7 +18,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/arch/arm/gic-v2.c b/xen/arch/arm/gic-v2.c index 5d6885e389..02043c0d4b 100644 --- a/xen/arch/arm/gic-v2.c +++ b/xen/arch/arm/gic-v2.c @@ -22,7 +22,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c index 1cb1360606..cd3e1acf79 100644 --- a/xen/arch/arm/gic-v3.c +++ b/xen/arch/arm/gic-v3.c @@ -25,8 +25,6 @@ #include #include -#include - #include #include #include diff --git a/xen/arch/arm/include/asm/acpi.h b/xen/arch/arm/include/asm/acpi.h index e53973e054..13756dd341 100644 --- a/xen/arch/arm/include/asm/acpi.h +++ b/xen/arch/arm/include/asm/acpi.h @@ -74,7 +74,6 @@ static inline void enable_acpi(void) acpi_disabled = false; } #else -#define acpi_disabled (true) #define disable_acpi() #define enable_acpi() #endif diff --git a/xen/arch/arm/mmu/pt.c b/xen/arch/arm/mmu/pt.c index a7755728ae..da28d669e7 100644 --- a/xen/arch/arm/mmu/pt.c +++ b/xen/arch/arm/mmu/pt.c @@ -11,6 +11,7 @@ #include #include +#include #include #ifdef NDEBUG diff --git a/xen/arch/arm/mmu/setup.c b/xen/arch/arm/mmu/setup.c index 57f1b46499..c0cb17ca2e 100644 --- a/xen/arch/arm/mmu/setup.c +++ b/xen/arch/arm/mmu/setup.c @@ -10,6 +10,7 @@ #include #include +#include #include /* Override macros from asm/page.h to make them work with mfn_t */ diff --git a/xen/arch/arm/psci.c b/xen/arch/arm/psci.c index 695d2fa1f1..b6860a7760 100644 --- a/xen/arch/arm/psci.c +++ b/xen/arch/arm/psci.c @@ -9,6 +9,7 @@ */ +#include #include #include #include diff --git a/xen/arch/arm/smpboot.c b/xen/arch/arm/smpboot.c index a84e706d77..6efed87678 100644 --- a/xen/arch/arm/smpboot.c +++ b/xen/arch/arm/smpboot.c @@ -7,6 +7,7 @@ * Copyright (c) 2011 Citrix Systems. */ +#include #include #include #include diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index a8039087c8..aac6c599f8 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -7,6 +7,7 @@ * Copyright (c) 2011 Citrix Systems. */ +#include #include #include #include @@ -30,7 +31,6 @@ #include #include -#include #include #include #include @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/common/sched/boot-cpupool.c b/xen/common/sched/boot-cpupool.c index 5955e6f9a9..feeac3b704 100644 --- a/xen/common/sched/boot-cpupool.c +++ b/xen/common/sched/boot-cpupool.c @@ -7,8 +7,8 @@ * Copyright (C) 2022 Arm Ltd. */ +#include #include -#include /* * pool_cpu_map: Index is logical cpu number, content is cpupool id, (-1) for diff --git a/xen/include/xen/acpi.h b/xen/include/xen/acpi.h index 6a2f5983fd..e78e7e7852 100644 --- a/xen/include/xen/acpi.h +++ b/xen/include/xen/acpi.h @@ -37,10 +37,10 @@ #ifndef __ASSEMBLY__ +#include #include -#include -#include +#include #define ACPI_MADT_GET_(fld, x) (((x) & ACPI_MADT_##fld##_MASK) / \ (ACPI_MADT_##fld##_MASK & -ACPI_MADT_##fld##_MASK)) @@ -54,6 +54,9 @@ #ifdef CONFIG_ACPI +#include +#include + extern acpi_physical_address rsdp_hint; extern bool opt_acpi_verbose; @@ -118,6 +121,7 @@ extern u32 pci_mmcfg_base_addr; #else /*!CONFIG_ACPI*/ #define acpi_mp_config 0 +#define acpi_disabled true static inline int acpi_boot_init(void) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:24:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:24:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703937.1099954 (Exim 4.92) (envelope-from ) id 1ruuQC-0002uq-FV; Thu, 11 Apr 2024 13:24:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703937.1099954; Thu, 11 Apr 2024 13:24:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQC-0002ud-CL; Thu, 11 Apr 2024 13:24:56 +0000 Received: by outflank-mailman (input) for mailman id 703937; Thu, 11 Apr 2024 13:24:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQB-0002sh-6F for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQB-0004L8-5T for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuQB-0000Sp-4k for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:24:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xSPimr96KIf+fyZX4vmkzOlYDzAy9jxYpkBZ0gGcmkg=; b=kldTj6uHSttQoGNJ5ojlGmeAcW DbUrwFWuROFVL6Xl7iyj6IcbiE1rARYwt71Dz78kjEsU851JAGneNlubSc8qQdWMbKsTI+TAOd3W+ nNEawZ9exDodzs9IRUuKSddBmERKtCZjZs8/Hor+9eCCo/fYSAQWXz8zAfeR0YacwRmk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/misc: xenwatchdogd: use EXIT_* constants Message-Id: Date: Thu, 11 Apr 2024 13:24:55 +0000 commit 0668d35594f77a3c3dc30bac3a692b69a8cc5688 Author: Leigh Brown AuthorDate: Fri Mar 29 11:10:51 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 14:16:53 2024 +0100 tools/misc: xenwatchdogd: use EXIT_* constants Use EXIT_SUCCESS/EXIT_FAILURE constants instead of magic numbers. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index 254117b554..2f7c822d61 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -17,37 +17,37 @@ void daemonize(void) { switch (fork()) { case -1: - err(1, "fork"); + err(EXIT_FAILURE, "fork"); case 0: break; default: - exit(0); + exit(EXIT_SUCCESS); } umask(0); if (setsid() < 0) - err(1, "setsid"); + err(EXIT_FAILURE, "setsid"); if (chdir("/") < 0) - err(1, "chdir /"); + err(EXIT_FAILURE, "chdir /"); if (freopen("/dev/null", "r", stdin) == NULL) - err(1, "reopen stdin"); + err(EXIT_FAILURE, "reopen stdin"); if(freopen("/dev/null", "w", stdout) == NULL) - err(1, "reopen stdout"); + err(EXIT_FAILURE, "reopen stdout"); if(freopen("/dev/null", "w", stderr) == NULL) - err(1, "reopen stderr"); + err(EXIT_FAILURE, "reopen stderr"); } void catch_exit(int sig) { if (id) xc_watchdog(h, id, 300); - exit(0); + exit(EXIT_SUCCESS); } void catch_usr1(int sig) { if (id) xc_watchdog(h, id, 0); - exit(0); + exit(EXIT_SUCCESS); } int main(int argc, char **argv) @@ -56,44 +56,44 @@ int main(int argc, char **argv) int ret; if (argc < 2) - errx(1, "usage: %s ", argv[0]); + errx(EXIT_FAILURE, "usage: %s ", argv[0]); daemonize(); h = xc_interface_open(NULL, NULL, 0); if (h == NULL) - err(1, "xc_interface_open"); + err(EXIT_FAILURE, "xc_interface_open"); t = strtoul(argv[1], NULL, 0); if (t == ULONG_MAX) - err(1, "strtoul"); + err(EXIT_FAILURE, "strtoul"); s = t / 2; if (argc == 3) { s = strtoul(argv[2], NULL, 0); if (s == ULONG_MAX) - err(1, "strtoul"); + err(EXIT_FAILURE, "strtoul"); } if (signal(SIGHUP, &catch_exit) == SIG_ERR) - err(1, "signal"); + err(EXIT_FAILURE, "signal"); if (signal(SIGINT, &catch_exit) == SIG_ERR) - err(1, "signal"); + err(EXIT_FAILURE, "signal"); if (signal(SIGQUIT, &catch_exit) == SIG_ERR) - err(1, "signal"); + err(EXIT_FAILURE, "signal"); if (signal(SIGTERM, &catch_exit) == SIG_ERR) - err(1, "signal"); + err(EXIT_FAILURE, "signal"); if (signal(SIGUSR1, &catch_usr1) == SIG_ERR) - err(1, "signal"); + err(EXIT_FAILURE, "signal"); id = xc_watchdog(h, 0, t); if (id <= 0) - err(1, "xc_watchdog setup"); + err(EXIT_FAILURE, "xc_watchdog setup"); for (;;) { sleep(s); ret = xc_watchdog(h, id, t); if (ret != 0) - err(1, "xc_watchdog"); + err(EXIT_FAILURE, "xc_watchdog"); } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:25:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:25:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703938.1099957 (Exim 4.92) (envelope-from ) id 1ruuQM-00032Z-Gk; Thu, 11 Apr 2024 13:25:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703938.1099957; Thu, 11 Apr 2024 13:25:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQM-00032P-Dw; Thu, 11 Apr 2024 13:25:06 +0000 Received: by outflank-mailman (input) for mailman id 703938; Thu, 11 Apr 2024 13:25:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQL-000304-8z for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:25:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQL-0004LZ-8L for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:25:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuQL-0000TT-7a for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:25:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qWuzfWQm3BDqwSPzMYlufaxuTs6p5ouZwtoXfuGM6Io=; b=LQjC5uSuZr2cYggXgyP7Kp7oSc 7RlpWkjFimOQodjmN+kbd4DbBdOLmBO8Gix9OaRbuReIZeKXxNNvQjrHZB4h2VOaXuj+ICoRQl9Ld XaNg9p2ITfWB6BcL7ooIXahOfVkgicDvpfAdSHWWdAR3Tz80kFkLCOPX2MzhwhBTjMes=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/misc: rework xenwatchdogd signal handling Message-Id: Date: Thu, 11 Apr 2024 13:25:05 +0000 commit 5d09f8cbdc22aca97f0ea5de0067ebd2820953a9 Author: Leigh Brown AuthorDate: Fri Mar 29 11:10:52 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 14:16:53 2024 +0100 tools/misc: rework xenwatchdogd signal handling Rework xenwatchdogd signal handling to do the minimum in the signal handler. This is a very minor enhancement. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index 2f7c822d61..ecc3f01a0e 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -9,9 +9,11 @@ #include #include #include +#include xc_interface *h; -int id = 0; +static volatile bool safeexit = false; +static volatile bool done = false; void daemonize(void) { @@ -38,20 +40,18 @@ void daemonize(void) void catch_exit(int sig) { - if (id) - xc_watchdog(h, id, 300); - exit(EXIT_SUCCESS); + done = true; } void catch_usr1(int sig) { - if (id) - xc_watchdog(h, id, 0); - exit(EXIT_SUCCESS); + safeexit = true; + done = true; } int main(int argc, char **argv) { + int id; int t, s; int ret; @@ -90,10 +90,14 @@ int main(int argc, char **argv) if (id <= 0) err(EXIT_FAILURE, "xc_watchdog setup"); - for (;;) { + while (!done) { sleep(s); ret = xc_watchdog(h, id, t); if (ret != 0) err(EXIT_FAILURE, "xc_watchdog"); } + + // Zero seconds timeout will disarm the watchdog timer + xc_watchdog(h, id, safeexit ? 0 : 300); + return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:25:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:25:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703939.1099962 (Exim 4.92) (envelope-from ) id 1ruuQW-0003CW-IM; Thu, 11 Apr 2024 13:25:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703939.1099962; Thu, 11 Apr 2024 13:25:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQW-0003CO-FK; Thu, 11 Apr 2024 13:25:16 +0000 Received: by outflank-mailman (input) for mailman id 703939; Thu, 11 Apr 2024 13:25:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQV-0003AW-Bq for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:25:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQV-0004M3-B3 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:25:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuQV-0000Uh-AS for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:25:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dPYX98s57cK0b4knHR6gZ4Dqug3egX5DhOr22bC/rxE=; b=ZAwZv+GgOLrHw99sWEeRtD6Gy4 tNJiF0OyE1YaY/+BBRR7GfUfj8XMPFEkQRskb7Bv3IbNqg83RWDbQtpLGf/FHzlvCr2e2DB9jYR3C 5JF8U2uz9QpLaxZ+/Tgm1ZG9umV4i5Z4aG9MyMYkENKDtvNMTDZLBXy4ZvEG2dfvtyC0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/misc: xenwatchdogd: add static qualifier Message-Id: Date: Thu, 11 Apr 2024 13:25:15 +0000 commit 86c008aa5deeb57e4fed79cfd225fa2060d41d2b Author: Leigh Brown AuthorDate: Fri Mar 29 11:10:53 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 14:16:53 2024 +0100 tools/misc: xenwatchdogd: add static qualifier Make all functions except main() static in xenwatchdogd.c. Also make the remaining global variable static. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index ecc3f01a0e..112b706357 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -11,11 +11,11 @@ #include #include -xc_interface *h; +static xc_interface *h; static volatile bool safeexit = false; static volatile bool done = false; -void daemonize(void) +static void daemonize(void) { switch (fork()) { case -1: @@ -38,12 +38,12 @@ void daemonize(void) err(EXIT_FAILURE, "reopen stderr"); } -void catch_exit(int sig) +static void catch_exit(int sig) { done = true; } -void catch_usr1(int sig) +static void catch_usr1(int sig) { safeexit = true; done = true; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 13:25:27 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 13:25:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.703941.1099965 (Exim 4.92) (envelope-from ) id 1ruuQg-0003Lf-KY; Thu, 11 Apr 2024 13:25:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 703941.1099965; Thu, 11 Apr 2024 13:25:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQg-0003LX-I1; Thu, 11 Apr 2024 13:25:26 +0000 Received: by outflank-mailman (input) for mailman id 703941; Thu, 11 Apr 2024 13:25:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQf-0003LE-Er for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:25:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruuQf-0004MP-Dz for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:25:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruuQf-0000W2-DC for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 13:25:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RzhnNYE54vGcrVy/92GWLJ9WgmDaBxdtWDJ9uVfDDes=; b=OWhdjAoebCEh4RA6j+GxjnxZn7 pLLjI2v8zb7sGMBypjbfuDUU2ycVhtlUwYoNXtabqsP746mvmKCRZnpAFzK0agGxunI1F//CHPsrE zt/dk9ust0niy/wjXhgIWqDgG911vt7bIACSZGT804iIeUM1hJIv+3qd5IJ+qqPRykq0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MAINTAINERS: Update livepatch maintainers Message-Id: Date: Thu, 11 Apr 2024 13:25:25 +0000 commit 6cb501e3e6db36b1b4b6345f5af8adc0a291b404 Author: Ross Lagerwall AuthorDate: Tue Apr 9 11:32:07 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 14:16:53 2024 +0100 MAINTAINERS: Update livepatch maintainers Remove Konrad from the livepatch maintainers list as he hasn't been active for a few years. At the same time, add Roger as a new maintainer since he has been actively working on it for a while. Signed-off-by: Ross Lagerwall Acked-by: Konrad Rzeszutek Wilk Acked-by: Roger Pau Monné --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 09982241b3..d1850c134d 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -400,7 +400,7 @@ F: tools/include/xentoollog.h F: tools/libs/ LIVEPATCH -M: Konrad Rzeszutek Wilk +M: Roger Pau Monné M: Ross Lagerwall S: Supported F: docs/misc/livepatch.pandoc -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 15:44:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 15:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.704047.1100144 (Exim 4.92) (envelope-from ) id 1ruwar-0000bX-F2; Thu, 11 Apr 2024 15:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 704047.1100144; Thu, 11 Apr 2024 15:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruwar-0000bQ-Cf; Thu, 11 Apr 2024 15:44:05 +0000 Received: by outflank-mailman (input) for mailman id 704047; Thu, 11 Apr 2024 15:44:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruwap-0000ZB-Jq for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 15:44:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruwap-0006uq-HD for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 15:44:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruwap-0001J0-FM for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 15:44:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wimtmFsqOZZJ42vjXfns0PhRitl2kN2uRKMJ6MaHtqs=; b=n26BE573dasrSEw1OGzFxvB35M Js6U9E3KyqkaNRrLN3QGsLOOWZZL9FpKP4m1c9tftR9MYQzqPRQfFqwq5lObe+XRh6fe7FwvdpflW dH5ejdEAJyxoOHfrvY6eJD+b4e489MNUaIwjmIpiPA/dSpy2FCgAxaNgOeiFT46PYTJw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/entry: Fix build with older toolchains Message-Id: Date: Thu, 11 Apr 2024 15:44:03 +0000 commit 2d38302c33b117aa9a417056db241aefc840c2f0 Author: Andrew Cooper AuthorDate: Tue Apr 9 21:39:51 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:36:11 2024 +0100 x86/entry: Fix build with older toolchains Binutils older than 2.29 doesn't know INCSSPD. Fixes: 8e186f98ce0e ("x86: Use indirect calls in reset-stack infrastructure") Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini (cherry picked from commit a9fa82500818a8d8ce5f2843f1577bd2c29d088e) --- xen/arch/x86/x86_64/entry.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index ad7dd3b23b..054fcb225f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -643,7 +643,9 @@ ENTRY(continue_pv_domain) * JMPed to. Drop the return address. */ add $8, %rsp +#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK +#endif call check_wakeup_from_wait ret_from_intr: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 15:44:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 15:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.704049.1100149 (Exim 4.92) (envelope-from ) id 1ruwb1-0000ez-Gs; Thu, 11 Apr 2024 15:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 704049.1100149; Thu, 11 Apr 2024 15:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruwb1-0000es-ED; Thu, 11 Apr 2024 15:44:15 +0000 Received: by outflank-mailman (input) for mailman id 704049; Thu, 11 Apr 2024 15:44:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruwaz-0000ei-Pu for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 15:44:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruwaz-0006vK-PD for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 15:44:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruwaz-0001Jt-OJ for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 15:44:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iEpocaiVuXX/GTliRS0ys5DDXalW3EXUfkLLaKkAI9U=; b=oH31uJZ5PO1N8E+EqIUqIeLbci WKdT43hn2hQ0wMzhJZSh5HTrUQ2aotDzI/5sE1GpW0LKnuEYS+iIya7fLKe1ngEqLZUwUtGvYbv7/ HICIjf1gfOmEF08PzOBcEJ5lZ8JYFBReefzrSlMqj8l1okzWhJIVPnMQlAL2sQT+18mc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/entry: Fix build with older toolchains Message-Id: Date: Thu, 11 Apr 2024 15:44:13 +0000 commit 5d9a931fe2c1310dbfd946bbc1e22a177add4f5c Author: Andrew Cooper AuthorDate: Tue Apr 9 21:39:51 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:36:26 2024 +0100 x86/entry: Fix build with older toolchains Binutils older than 2.29 doesn't know INCSSPD. Fixes: 8e186f98ce0e ("x86: Use indirect calls in reset-stack infrastructure") Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini (cherry picked from commit a9fa82500818a8d8ce5f2843f1577bd2c29d088e) --- xen/arch/x86/x86_64/entry.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 9c256746ba..1ecf900eee 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -643,7 +643,9 @@ ENTRY(continue_pv_domain) * JMPed to. Drop the return address. */ add $8, %rsp +#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK +#endif call check_wakeup_from_wait ret_from_intr: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 15:44:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 15:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.704050.1100152 (Exim 4.92) (envelope-from ) id 1ruwbB-0000he-IW; Thu, 11 Apr 2024 15:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 704050.1100152; Thu, 11 Apr 2024 15:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruwbB-0000hX-G3; Thu, 11 Apr 2024 15:44:25 +0000 Received: by outflank-mailman (input) for mailman id 704050; Thu, 11 Apr 2024 15:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruwbA-0000hN-3y for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 15:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruwbA-0006ve-3C for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 15:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruwbA-0001Kw-0G for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 15:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=35PgJY9ftp0UeLdqI7F00Lo/bRv791w0KvW4mSf+yS0=; b=HJ+p0hNsBTEj6S+CDjQ4eKpkfT dsbgaeQMJW5D/2f5hK0bYa9X+N/98RyBY7s01FkgSirWzT1V79iNqk67tCOaEPkGjmSVgnBx4haIE T1ZfXKJPBCaISdhwmOc0VJz9qZ4B6BBiVSD/VpnFML/nwZKPBzn4jlimkKvs7tsMm+Cg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/entry: Fix build with older toolchains Message-Id: Date: Thu, 11 Apr 2024 15:44:24 +0000 commit 150f6cdbfe079816a0df8b9d57320ca42fc39d12 Author: Andrew Cooper AuthorDate: Tue Apr 9 21:39:51 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:36:31 2024 +0100 x86/entry: Fix build with older toolchains Binutils older than 2.29 doesn't know INCSSPD. Fixes: 8e186f98ce0e ("x86: Use indirect calls in reset-stack infrastructure") Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini (cherry picked from commit a9fa82500818a8d8ce5f2843f1577bd2c29d088e) --- xen/arch/x86/x86_64/entry.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 67ca00dbe1..e34be4801b 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -643,7 +643,9 @@ ENTRY(continue_pv_domain) * JMPed to. Drop the return address. */ add $8, %rsp +#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK +#endif call check_wakeup_from_wait ret_from_intr: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 18:00:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 18:00:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.704101.1100235 (Exim 4.92) (envelope-from ) id 1ruyiS-0007o9-FW; Thu, 11 Apr 2024 18:00:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 704101.1100235; Thu, 11 Apr 2024 18:00:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyiS-0007nj-Cr; Thu, 11 Apr 2024 18:00:04 +0000 Received: by outflank-mailman (input) for mailman id 704101; Thu, 11 Apr 2024 18:00:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyiR-0007an-Er for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyiR-0001MV-D9 for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruyiR-0004ep-Bj for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=i2CnHtZ7QS5+qwJTTBnCFCAGbd/ZUVPcGGIyVlh7wd0=; b=V6lHfPiXWPagIlCR0JJjp1gfoG Wl36QST0AutapOFykHmYxUeW9nfD0ocLPukfURs3zUdTmsUt7AbLqgbUW3QPtX/C2r3QxOfnYAwKV KnzkmyaZbxCsKySqat+0VsX6zyp0SFgK8oFyYSAlPTE55gnhsfHymTcxYS26f46otong=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/include: move definition of ASM_INT() to xen/linkage.h Message-Id: Date: Thu, 11 Apr 2024 18:00:03 +0000 commit 2b31a1f0557a05a182fe360c49eaa7ae1b231aa4 Author: Juergen Gross AuthorDate: Wed Apr 3 14:03:23 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:24:32 2024 +0100 xen/include: move definition of ASM_INT() to xen/linkage.h ASM_INT() is defined in arch/[arm|x86]/include/asm/asm_defns.h in exactly the same way. Instead of replicating this definition for riscv and ppc, move it to include/xen/linkage.h, where other arch agnostic definitions for assembler code are living already. Adapt the generation of assembler sources via tools/binfile to include the new home of ASM_INT(). Signed-off-by: Juergen Gross Acked-by: Andrew Cooper Acked-by: Michal Orzel --- xen/arch/arm/include/asm/asm_defns.h | 3 --- xen/arch/x86/include/asm/asm_defns.h | 3 --- xen/include/xen/linkage.h | 2 ++ xen/tools/binfile | 2 +- 4 files changed, 3 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/include/asm/asm_defns.h b/xen/arch/arm/include/asm/asm_defns.h index c489547d29..47efdf5234 100644 --- a/xen/arch/arm/include/asm/asm_defns.h +++ b/xen/arch/arm/include/asm/asm_defns.h @@ -28,9 +28,6 @@ label: .asciz msg; \ .popsection -#define ASM_INT(label, val) \ - DATA(label, 4) .long (val); END(label) - #endif /* __ARM_ASM_DEFNS_H__ */ /* * Local variables: diff --git a/xen/arch/x86/include/asm/asm_defns.h b/xen/arch/x86/include/asm/asm_defns.h index a69fae78b1..0a3ff70566 100644 --- a/xen/arch/x86/include/asm/asm_defns.h +++ b/xen/arch/x86/include/asm/asm_defns.h @@ -351,9 +351,6 @@ static always_inline void stac(void) 4: .p2align 2 ; \ .popsection -#define ASM_INT(label, val) \ - DATA(label, 4) .long (val); END(label) - #define ASM_CONSTANT(name, value) \ asm ( ".equ " #name ", %P0; .global " #name \ :: "i" ((value)) ); diff --git a/xen/include/xen/linkage.h b/xen/include/xen/linkage.h index 478b1d7287..3d401b88c1 100644 --- a/xen/include/xen/linkage.h +++ b/xen/include/xen/linkage.h @@ -60,6 +60,8 @@ #define DATA_LOCAL(name, align...) \ SYM(name, DATA, LOCAL, LASTARG(DATA_ALIGN, ## align), DATA_FILL) +#define ASM_INT(label, val) DATA(label, 4) .long (val); END(label) + #endif /* __ASSEMBLY__ */ #endif /* __LINKAGE_H__ */ diff --git a/xen/tools/binfile b/xen/tools/binfile index 099d7eda9a..0299326ccc 100755 --- a/xen/tools/binfile +++ b/xen/tools/binfile @@ -25,7 +25,7 @@ binsource=$2 varname=$3 cat <$target -#include +#include .section $section.rodata, "a", %progbits -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 18:00:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 18:00:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.704102.1100240 (Exim 4.92) (envelope-from ) id 1ruyic-00088e-Gw; Thu, 11 Apr 2024 18:00:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 704102.1100240; Thu, 11 Apr 2024 18:00:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyic-00088W-EJ; Thu, 11 Apr 2024 18:00:14 +0000 Received: by outflank-mailman (input) for mailman id 704102; Thu, 11 Apr 2024 18:00:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyib-00088N-IY for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyib-0001Mf-Gp for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruyib-0004fr-FY for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VG3+Sp2I1uVoncuWM80G+OUWqsS+4gVepiGQBH6zin4=; b=OR8khFBv/queC3hzRMfImUSYUg KVGWb1qtf2TufgHqdCfeKoQ5VQ6XiLreuXOF00o9Qm/KI1NHDmbos+BN5CRCzj6SjUnw2Y5tTIV+l wjn/hMKo9keu2zVV/ZMDTsCPULXaQMWvJYlhleCDjwBbO16NorX4L0HxXTwaJ8kr+EFQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxl: Use vkb=[] for HVMs Message-Id: Date: Thu, 11 Apr 2024 18:00:13 +0000 commit 3c7482b73c5aa38e7faecccd649c67093001d3b5 Author: Jason Andryuk AuthorDate: Sun Apr 7 10:32:08 2024 -0400 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:39:10 2024 +0100 libxl: Use vkb=[] for HVMs xl/libxl only applies vkb=[] to PV & PVH guests. HVM gets only a single vkb by default, but that can be disabled by the vkb_device boolean. Notably the HVM vkb cannot be configured, so feature-abs-pointer or the backend-type cannot be specified. Re-arrange the logic so that vkb=[] is handled regardless of domain type. If vkb is empty or unspecified, follow the vkb_device boolean for HVMs. Nothing changes for PVH & PV. HVMs can now get a configured vkb instead of just the default one. The chance for regression is an HVM config with vkb=["$something"] vkb_device=false Which would now get a vkb. This is useful for vGlass which provides a VKB to HVMs. vGlass wants to specify feature-abs-pointer, but that is racily written by vGlass instead of coming through the xl.cfg. Unhelpfully, Linux xen-kbdfront reads the backend nodes without checking that the backend is in InitWait. Signed-off-by: Jason Andryuk Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- CHANGELOG.md | 1 + docs/man/xl.cfg.5.pod.in | 2 ++ tools/libs/light/libxl_create.c | 27 +++++++++++++++------------ 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93fda73c00..8041cfb7d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - On x86: - HVM PIRQs are disabled by default. - Reduce IOMMU setup time for hardware domain. + - xl/libxl configures vkb=[] for HVM domains with priority over vkb_device. ### Added - On x86: diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in index 039e057318..8f2b375ce9 100644 --- a/docs/man/xl.cfg.5.pod.in +++ b/docs/man/xl.cfg.5.pod.in @@ -2710,6 +2710,8 @@ device. Specifies that the HVM guest gets a vkdb. The default is true (1). +This option is only used when B is unset. + =item B Enables or disables an emulated USB bus in the guest. diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 5546335973..41252ec553 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1769,24 +1769,32 @@ static void domcreate_launch_dm(libxl__egc *egc, libxl__multidev *multidev, libxl__device_add(gc, domid, &libxl__virtio_devtype, &d_config->virtios[i]); + if (d_config->num_vkbs) { + for (i = 0; i < d_config->num_vkbs; i++) { + ret = libxl__device_add(gc, domid, &libxl__vkb_devtype, + &d_config->vkbs[i]); + if (ret) goto error_out; + } + } else if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM && + libxl_defbool_val(d_config->b_info.u.hvm.vkb_device)) { + libxl_device_vkb vkb; + + libxl_device_vkb_init(&vkb); + libxl__device_add(gc, domid, &libxl__vkb_devtype, &vkb); + libxl_device_vkb_dispose(&vkb); + } + switch (d_config->c_info.type) { case LIBXL_DOMAIN_TYPE_HVM: { libxl__device_console console; libxl__device device; - libxl_device_vkb vkb; init_console_info(gc, &console, 0); console.backend_domid = state->console_domid; libxl__device_console_add(gc, domid, &console, state, &device); libxl__device_console_dispose(&console); - if (libxl_defbool_val(d_config->b_info.u.hvm.vkb_device)) { - libxl_device_vkb_init(&vkb); - libxl__device_add(gc, domid, &libxl__vkb_devtype, &vkb); - libxl_device_vkb_dispose(&vkb); - } - dcs->sdss.dm.guest_domid = domid; if (libxl_defbool_val(d_config->b_info.device_model_stubdomain)) libxl__spawn_stub_dm(egc, &dcs->sdss); @@ -1814,11 +1822,6 @@ static void domcreate_launch_dm(libxl__egc *egc, libxl__multidev *multidev, &d_config->vfbs[i]); } - for (i = 0; i < d_config->num_vkbs; i++) { - libxl__device_add(gc, domid, &libxl__vkb_devtype, - &d_config->vkbs[i]); - } - if (d_config->b_info.arch_arm.vuart == LIBXL_VUART_TYPE_SBSA_UART) { init_console_info(gc, &vuart, 0); vuart.backend_domid = state->console_domid; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 18:00:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 18:00:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.704103.1100245 (Exim 4.92) (envelope-from ) id 1ruyim-0008BG-Iu; Thu, 11 Apr 2024 18:00:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 704103.1100245; Thu, 11 Apr 2024 18:00:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyim-0008B8-Fh; Thu, 11 Apr 2024 18:00:24 +0000 Received: by outflank-mailman (input) for mailman id 704103; Thu, 11 Apr 2024 18:00:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyil-0008Av-Lj for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyil-0001N9-Ks for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruyil-0004gO-JP for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3gqHKAlSUWUhP3bHiV/gLfOTkF7HP4MFoasFsNy4GAQ=; b=uoAzw+jqhcWHdUVg7TArZcI8IE ynO4gFgk5t9smR8J88TdVYH1HLK4pvBT3jfIn5FHbL6oN8u9NJB3k4Yp+HJ/u81EtY+JoToHsbd6x g/056qm8YMF64fqsZH3H0S2BkixqWylr/91YOrbLLHRdIxgTAbZmFz6C+Xy/sJxbVl/U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxl: devd: Spawn QEMU for 9pfs Message-Id: Date: Thu, 11 Apr 2024 18:00:23 +0000 commit 09abf1b61b45f65ebd017a246d887254dc50e0f8 Author: Jason Andryuk AuthorDate: Sun Apr 7 16:58:09 2024 -0400 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:41:09 2024 +0100 libxl: devd: Spawn QEMU for 9pfs Add support for xl devd to support 9pfs in a domU. devd need to spawn a pvqemu for the domain to service 9pfs as well as qdisk backends. Rename num_qdisks to pvqemu_refcnt to be more generic. Keep the qdisk-backend-pid xenstore key as well as the disk-%u log file. They are externally visible, so they might be used by other tooling. Signed-off-by: Jason Andryuk Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_device.c | 22 ++++++++++++---------- tools/libs/light/libxl_dm.c | 5 +++-- tools/libs/light/libxl_internal.h | 4 ++-- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/tools/libs/light/libxl_device.c b/tools/libs/light/libxl_device.c index 6f0100d05e..a3d9f6f7df 100644 --- a/tools/libs/light/libxl_device.c +++ b/tools/libs/light/libxl_device.c @@ -1524,12 +1524,12 @@ static void device_complete(libxl__egc *egc, libxl__ao_device *aodev) libxl__nested_ao_free(aodev->ao); } -static void qdisk_spawn_outcome(libxl__egc *egc, libxl__dm_spawn_state *dmss, - int rc) +static void qemu_xenpv_spawn_outcome(libxl__egc *egc, + libxl__dm_spawn_state *dmss, int rc) { STATE_AO_GC(dmss->spawn.ao); - LOGD(DEBUG, dmss->guest_domid, "qdisk backend spawn %s", + LOGD(DEBUG, dmss->guest_domid, "qemu xenpv backend spawn %s", rc ? "failed" : "succeed"); libxl__nested_ao_free(dmss->spawn.ao); @@ -1552,7 +1552,7 @@ typedef struct libxl__ddomain_device { */ typedef struct libxl__ddomain_guest { uint32_t domid; - int num_qdisks; + int pvqemu_refcnt; XEN_SLIST_HEAD(, struct libxl__ddomain_device) devices; XEN_SLIST_ENTRY(struct libxl__ddomain_guest) next; } libxl__ddomain_guest; @@ -1646,15 +1646,16 @@ static int add_device(libxl__egc *egc, libxl__ao *ao, switch(dev->backend_kind) { case LIBXL__DEVICE_KIND_QDISK: - if (dguest->num_qdisks == 0) { + case LIBXL__DEVICE_KIND_9PFS: + if (dguest->pvqemu_refcnt == 0) { GCNEW(dmss); dmss->guest_domid = dev->domid; dmss->spawn.ao = ao; - dmss->callback = qdisk_spawn_outcome; + dmss->callback = qemu_xenpv_spawn_outcome; - libxl__spawn_qdisk_backend(egc, dmss); + libxl__spawn_qemu_xenpv_backend(egc, dmss); } - dguest->num_qdisks++; + dguest->pvqemu_refcnt++; break; default: GCNEW(aodev); @@ -1685,8 +1686,9 @@ static int remove_device(libxl__egc *egc, libxl__ao *ao, switch(ddev->dev->backend_kind) { case LIBXL__DEVICE_KIND_QDISK: - if (--dguest->num_qdisks == 0) { - rc = libxl__destroy_qdisk_backend(gc, dev->domid); + case LIBXL__DEVICE_KIND_9PFS: + if (--dguest->pvqemu_refcnt == 0) { + rc = libxl__destroy_qemu_xenpv_backend(gc, dev->domid); if (rc) goto out; } diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 0b03a7c747..567ae1ec7e 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -3381,7 +3381,8 @@ static void device_model_postconfig_done(libxl__egc *egc, dmss->callback(egc, dmss, rc); } -void libxl__spawn_qdisk_backend(libxl__egc *egc, libxl__dm_spawn_state *dmss) +void libxl__spawn_qemu_xenpv_backend(libxl__egc *egc, + libxl__dm_spawn_state *dmss) { STATE_AO_GC(dmss->spawn.ao); flexarray_t *dm_args, *dm_envs; @@ -3471,7 +3472,7 @@ static int kill_device_model(libxl__gc *gc, const char *xs_path_pid) } /* Helper to destroy a Qdisk backend */ -int libxl__destroy_qdisk_backend(libxl__gc *gc, uint32_t domid) +int libxl__destroy_qemu_xenpv_backend(libxl__gc *gc, uint32_t domid) { char *pid_path; int rc; diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index 803dbc1a03..3b58bb2d7f 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -4192,9 +4192,9 @@ _hidden char *libxl__stub_dm_name(libxl__gc *gc, const char * guest_name); /* Qdisk backend launch helpers */ -_hidden void libxl__spawn_qdisk_backend(libxl__egc *egc, +_hidden void libxl__spawn_qemu_xenpv_backend(libxl__egc *egc, libxl__dm_spawn_state *dmss); -_hidden int libxl__destroy_qdisk_backend(libxl__gc *gc, uint32_t domid); +_hidden int libxl__destroy_qemu_xenpv_backend(libxl__gc *gc, uint32_t domid); /*----- Domain creation -----*/ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 11 18:00:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 11 Apr 2024 18:00:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.704104.1100248 (Exim 4.92) (envelope-from ) id 1ruyiw-0008EB-Ks; Thu, 11 Apr 2024 18:00:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 704104.1100248; Thu, 11 Apr 2024 18:00:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyiw-0008E3-IK; Thu, 11 Apr 2024 18:00:34 +0000 Received: by outflank-mailman (input) for mailman id 704104; Thu, 11 Apr 2024 18:00:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyiv-0008Dt-Pq for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ruyiv-0001NG-Nr for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ruyiv-0004gr-Mt for xen-changelog@lists.xenproject.org; Thu, 11 Apr 2024 18:00:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XgDMLUMSbrOH2899VV+uD3F+zV7eAfS3FXiXyfDI0DE=; b=l/RWg0HR4HaF5M5rbkJW5VzEUB hl4yWZqVmO4mkNVs2lVPiRHs89pA6FvkhR0/+R3N8aH8tUnf2bfv+lAnPE9KOGlLn2yu0kkarxPMc XATxQM4jGiVDZ+SqHO3AJVIb3WHPBSYevQnLMNV8f8wfOzWM+uin9Uog7oPx8U43Zpas=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] altcall: fix __alt_call_maybe_initdata so it's safe for livepatch Message-Id: Date: Thu, 11 Apr 2024 18:00:33 +0000 commit af4cd0a6a61cdb03bc1afca9478b05b0c9703599 Author: Roger Pau Monne AuthorDate: Thu Apr 11 18:08:38 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 18:51:36 2024 +0100 altcall: fix __alt_call_maybe_initdata so it's safe for livepatch Setting alternative call variables as __init is not safe for use with livepatch, as livepatches can rightfully introduce new alternative calls to structures marked as __alt_call_maybe_initdata (possibly just indirectly due to replacing existing functions that use those). Attempting to resolve those alternative calls then results in page faults as the variable that holds the function pointer address has been freed. When livepatch is supported use the __ro_after_init attribute instead of __initdata for __alt_call_maybe_initdata. Fixes: f26bb285949b ('xen: Implement xen/alternative-call.h for use in common code') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper --- xen/include/xen/alternative-call.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/xen/include/xen/alternative-call.h b/xen/include/xen/alternative-call.h index 5c6b9a562b..10f7d7637e 100644 --- a/xen/include/xen/alternative-call.h +++ b/xen/include/xen/alternative-call.h @@ -50,7 +50,12 @@ #include -#define __alt_call_maybe_initdata __initdata +#ifdef CONFIG_LIVEPATCH +/* Must keep for livepatches to resolve alternative calls. */ +# define __alt_call_maybe_initdata __ro_after_init +#else +# define __alt_call_maybe_initdata __initdata +#endif #else -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 12 14:55:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 12 Apr 2024 14:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.704750.1101291 (Exim 4.92) (envelope-from ) id 1rvIIz-0003bz-Ay; Fri, 12 Apr 2024 14:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 704750.1101291; Fri, 12 Apr 2024 14:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rvIIz-0003bs-82; Fri, 12 Apr 2024 14:55:05 +0000 Received: by outflank-mailman (input) for mailman id 704750; Fri, 12 Apr 2024 14:55:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rvIIx-0003aV-RY for xen-changelog@lists.xenproject.org; Fri, 12 Apr 2024 14:55:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rvIIx-0006jq-OS for xen-changelog@lists.xenproject.org; Fri, 12 Apr 2024 14:55:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rvIIx-0000GK-Ky for xen-changelog@lists.xenproject.org; Fri, 12 Apr 2024 14:55:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7o04pnqcoB77/DsM6cCwe4HwA9bXu+MJf9W9jJ13sow=; b=TpUEVHWnv4oXVmWJj006YboE91 vboTxVMjFgyXDk68PWFI8JJoRcTEURSLj3rpt+JHhn1x/GH0/ZXXg3SKamWUzs9MJruxdHyjFCpVn ebzdgZOaK0XD/1Drfz9MPcDYLXj1EQS4PaH3htZOowqAsTRsl6EaNBBCh0tJf8OnaXno=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/gzip: Colocate gunzip code files Message-Id: Date: Fri, 12 Apr 2024 14:55:03 +0000 commit cfb922bb7d6945eb4d33a910d78b506ae0af14fa Author: Daniel P. Smith AuthorDate: Thu Apr 11 11:25:14 2024 -0400 Commit: Andrew Cooper CommitDate: Fri Apr 12 13:10:18 2024 +0100 xen/gzip: Colocate gunzip code files This patch moves the gunzip code files to common/gzip. Makefiles are adjusted accordingly. Signed-off-by: Daniel P. Smith Reviewed-by: Andrew Cooper --- docs/misra/exclude-list.json | 2 +- xen/common/Makefile | 2 +- xen/common/gunzip.c | 139 ----- xen/common/gzip/Makefile | 1 + xen/common/gzip/gunzip.c | 139 +++++ xen/common/gzip/inflate.c | 1305 ++++++++++++++++++++++++++++++++++++++++++ xen/common/inflate.c | 1305 ------------------------------------------ 7 files changed, 1447 insertions(+), 1446 deletions(-) diff --git a/docs/misra/exclude-list.json b/docs/misra/exclude-list.json index 36bad9e54f..0956364158 100644 --- a/docs/misra/exclude-list.json +++ b/docs/misra/exclude-list.json @@ -118,7 +118,7 @@ "comment": "Imported from Linux, ignore for now" }, { - "rel_path": "common/inflate.c", + "rel_path": "common/gzip/inflate.c", "comment": "Imported from Linux, ignore for now" }, { diff --git a/xen/common/Makefile b/xen/common/Makefile index e5eee19a85..d512cad524 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -14,7 +14,7 @@ obj-y += event_channel.o obj-y += event_fifo.o obj-$(CONFIG_GRANT_TABLE) += grant_table.o obj-y += guestcopy.o -obj-bin-y += gunzip.init.o +obj-y += gzip/ obj-$(CONFIG_HYPFS) += hypfs.o obj-$(CONFIG_IOREQ_SERVER) += ioreq.o obj-y += irq.o diff --git a/xen/common/gunzip.c b/xen/common/gunzip.c deleted file mode 100644 index 2c6eae167d..0000000000 --- a/xen/common/gunzip.c +++ /dev/null @@ -1,139 +0,0 @@ -#include -#include -#include -#include -#include - -#define HEAPORDER 3 - -static unsigned char *__initdata window; -#define memptr long -static memptr __initdata free_mem_ptr; -static memptr __initdata free_mem_end_ptr; - -#define WSIZE 0x80000000U - -static unsigned char *__initdata inbuf; -static unsigned int __initdata insize; - -/* Index of next byte to be processed in inbuf: */ -static unsigned int __initdata inptr; - -/* Bytes in output buffer: */ -static unsigned int __initdata outcnt; - -#define OF(args) args - -#define memzero(s, n) memset((s), 0, (n)) - -typedef unsigned char uch; -typedef unsigned short ush; -typedef unsigned long ulg; - -#define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf()) - -/* Diagnostic functions */ -#ifdef DEBUG -# define Assert(cond, msg) do { if (!(cond)) error(msg); } while (0) -# define Trace(x) do { fprintf x; } while (0) -# define Tracev(x) do { if (verbose) fprintf x ; } while (0) -# define Tracevv(x) do { if (verbose > 1) fprintf x ; } while (0) -# define Tracec(c, x) do { if (verbose && (c)) fprintf x ; } while (0) -# define Tracecv(c, x) do { if (verbose > 1 && (c)) fprintf x ; } while (0) -#else -# define Assert(cond, msg) -# define Trace(x) -# define Tracev(x) -# define Tracevv(x) -# define Tracec(c, x) -# define Tracecv(c, x) -#endif - -static long __initdata bytes_out; -static void flush_window(void); - -static __init void error(const char *x) -{ - panic("%s\n", x); -} - -static __init int fill_inbuf(void) -{ - error("ran out of input data"); - return 0; -} - - -#include "inflate.c" - -static __init void flush_window(void) -{ - /* - * The window is equal to the output buffer therefore only need to - * compute the crc. - */ - unsigned long c = crc; - unsigned int n; - unsigned char *in, ch; - - in = window; - for ( n = 0; n < outcnt; n++ ) - { - ch = *in++; - c = crc_32_tab[((int)c ^ ch) & 0xff] ^ (c >> 8); - } - crc = c; - - bytes_out += (unsigned long)outcnt; - outcnt = 0; -} - -__init int gzip_check(char *image, unsigned long image_len) -{ - unsigned char magic0, magic1; - - if ( image_len < 2 ) - return 0; - - magic0 = (unsigned char)image[0]; - magic1 = (unsigned char)image[1]; - - return (magic0 == 0x1f) && ((magic1 == 0x8b) || (magic1 == 0x9e)); -} - -__init int perform_gunzip(char *output, char *image, unsigned long image_len) -{ - int rc; - - if ( !gzip_check(image, image_len) ) - return 1; - - window = (unsigned char *)output; - - free_mem_ptr = (unsigned long)alloc_xenheap_pages(HEAPORDER, 0); - if ( !free_mem_ptr ) - return -ENOMEM; - - free_mem_end_ptr = free_mem_ptr + (PAGE_SIZE << HEAPORDER); - init_allocator(); - - inbuf = (unsigned char *)image; - insize = image_len; - inptr = 0; - bytes_out = 0; - - makecrc(); - - if ( gunzip() < 0 ) - { - rc = -EINVAL; - } - else - { - rc = 0; - } - - free_xenheap_pages((void *)free_mem_ptr, HEAPORDER); - - return rc; -} diff --git a/xen/common/gzip/Makefile b/xen/common/gzip/Makefile new file mode 100644 index 0000000000..bda73c0184 --- /dev/null +++ b/xen/common/gzip/Makefile @@ -0,0 +1 @@ +obj-bin-y += gunzip.init.o diff --git a/xen/common/gzip/gunzip.c b/xen/common/gzip/gunzip.c new file mode 100644 index 0000000000..2c6eae167d --- /dev/null +++ b/xen/common/gzip/gunzip.c @@ -0,0 +1,139 @@ +#include +#include +#include +#include +#include + +#define HEAPORDER 3 + +static unsigned char *__initdata window; +#define memptr long +static memptr __initdata free_mem_ptr; +static memptr __initdata free_mem_end_ptr; + +#define WSIZE 0x80000000U + +static unsigned char *__initdata inbuf; +static unsigned int __initdata insize; + +/* Index of next byte to be processed in inbuf: */ +static unsigned int __initdata inptr; + +/* Bytes in output buffer: */ +static unsigned int __initdata outcnt; + +#define OF(args) args + +#define memzero(s, n) memset((s), 0, (n)) + +typedef unsigned char uch; +typedef unsigned short ush; +typedef unsigned long ulg; + +#define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf()) + +/* Diagnostic functions */ +#ifdef DEBUG +# define Assert(cond, msg) do { if (!(cond)) error(msg); } while (0) +# define Trace(x) do { fprintf x; } while (0) +# define Tracev(x) do { if (verbose) fprintf x ; } while (0) +# define Tracevv(x) do { if (verbose > 1) fprintf x ; } while (0) +# define Tracec(c, x) do { if (verbose && (c)) fprintf x ; } while (0) +# define Tracecv(c, x) do { if (verbose > 1 && (c)) fprintf x ; } while (0) +#else +# define Assert(cond, msg) +# define Trace(x) +# define Tracev(x) +# define Tracevv(x) +# define Tracec(c, x) +# define Tracecv(c, x) +#endif + +static long __initdata bytes_out; +static void flush_window(void); + +static __init void error(const char *x) +{ + panic("%s\n", x); +} + +static __init int fill_inbuf(void) +{ + error("ran out of input data"); + return 0; +} + + +#include "inflate.c" + +static __init void flush_window(void) +{ + /* + * The window is equal to the output buffer therefore only need to + * compute the crc. + */ + unsigned long c = crc; + unsigned int n; + unsigned char *in, ch; + + in = window; + for ( n = 0; n < outcnt; n++ ) + { + ch = *in++; + c = crc_32_tab[((int)c ^ ch) & 0xff] ^ (c >> 8); + } + crc = c; + + bytes_out += (unsigned long)outcnt; + outcnt = 0; +} + +__init int gzip_check(char *image, unsigned long image_len) +{ + unsigned char magic0, magic1; + + if ( image_len < 2 ) + return 0; + + magic0 = (unsigned char)image[0]; + magic1 = (unsigned char)image[1]; + + return (magic0 == 0x1f) && ((magic1 == 0x8b) || (magic1 == 0x9e)); +} + +__init int perform_gunzip(char *output, char *image, unsigned long image_len) +{ + int rc; + + if ( !gzip_check(image, image_len) ) + return 1; + + window = (unsigned char *)output; + + free_mem_ptr = (unsigned long)alloc_xenheap_pages(HEAPORDER, 0); + if ( !free_mem_ptr ) + return -ENOMEM; + + free_mem_end_ptr = free_mem_ptr + (PAGE_SIZE << HEAPORDER); + init_allocator(); + + inbuf = (unsigned char *)image; + insize = image_len; + inptr = 0; + bytes_out = 0; + + makecrc(); + + if ( gunzip() < 0 ) + { + rc = -EINVAL; + } + else + { + rc = 0; + } + + free_xenheap_pages((void *)free_mem_ptr, HEAPORDER); + + return rc; +} diff --git a/xen/common/gzip/inflate.c b/xen/common/gzip/inflate.c new file mode 100644 index 0000000000..58f263d9e8 --- /dev/null +++ b/xen/common/gzip/inflate.c @@ -0,0 +1,1305 @@ +#define DEBG(x) +#define DEBG1(x) +/* inflate.c -- Not copyrighted 1992 by Mark Adler + version c10p1, 10 January 1993 */ + +/* + * Adapted for booting Linux by Hannu Savolainen 1993 + * based on gzip-1.0.3 + * + * Nicolas Pitre , 1999/04/14 : + * Little mods for all variable to reside either into rodata or bss segments + * by marking constant variables with 'const' and initializing all the others + * at run-time only. This allows for the kernel uncompressor to run + * directly from Flash or ROM memory on embedded systems. + */ + +/* + Inflate deflated (PKZIP's method 8 compressed) data. The compression + method searches for as much of the current string of bytes (up to a + length of 258) in the previous 32 K bytes. If it doesn't find any + matches (of at least length 3), it codes the next byte. Otherwise, it + codes the length of the matched string and its distance backwards from + the current position. There is a single Huffman code that codes both + single bytes (called "literals") and match lengths. A second Huffman + code codes the distance information, which follows a length code. Each + length or distance code actually represents a base value and a number + of "extra" (sometimes zero) bits to get to add to the base value. At + the end of each deflated block is a special end-of-block (EOB) literal/ + length code. The decoding process is basically: get a literal/length + code; if EOB then done; if a literal, emit the decoded byte; if a + length then get the distance and emit the referred-to bytes from the + sliding window of previously emitted data. + + There are (currently) three kinds of inflate blocks: stored, fixed, and + dynamic. The compressor deals with some chunk of data at a time, and + decides which method to use on a chunk-by-chunk basis. A chunk might + typically be 32 K or 64 K. If the chunk is incompressible, then the + "stored" method is used. In this case, the bytes are simply stored as + is, eight bits per byte, with none of the above coding. The bytes are + preceded by a count, since there is no longer an EOB code. + + If the data is compressible, then either the fixed or dynamic methods + are used. In the dynamic method, the compressed data is preceded by + an encoding of the literal/length and distance Huffman codes that are + to be used to decode this block. The representation is itself Huffman + coded, and so is preceded by a description of that code. These code + descriptions take up a little space, and so for small blocks, there is + a predefined set of codes, called the fixed codes. The fixed method is + used if the block codes up smaller that way (usually for quite small + chunks), otherwise the dynamic method is used. In the latter case, the + codes are customized to the probabilities in the current block, and so + can code it much better than the pre-determined fixed codes. + + The Huffman codes themselves are decoded using a multi-level table + lookup, in order to maximize the speed of decoding plus the speed of + building the decoding tables. See the comments below that precede the + lbits and dbits tuning parameters. + */ + + +/* + Notes beyond the 1.93a appnote.txt: + + 1. Distance pointers never point before the beginning of the output + stream. + 2. Distance pointers can point back across blocks, up to 32k away. + 3. There is an implied maximum of 7 bits for the bit length table and + 15 bits for the actual data. + 4. If only one code exists, then it is encoded using one bit. (Zero + would be more efficient, but perhaps a little confusing.) If two + codes exist, they are coded using one bit each (0 and 1). + 5. There is no way of sending zero distance codes--a dummy must be + sent if there are none. (History: a pre 2.0 version of PKZIP would + store blocks with no distance codes, but this was discovered to be + too harsh a criterion.) Valid only for 1.93a. 2.04c does allow + zero distance codes, which is sent as one code of zero bits in + length. + 6. There are up to 286 literal/length codes. Code 256 represents the + end-of-block. Note however that the static length tree defines + 288 codes just to fill out the Huffman codes. Codes 286 and 287 + cannot be used though, since there is no length base or extra bits + defined for them. Similarly, there are up to 30 distance codes. + However, static trees define 32 codes (all 5 bits) to fill out the + Huffman codes, but the last two had better not show up in the data. + 7. Unzip can check dynamic Huffman blocks for complete code sets. + The exception is that a single code would not be complete (see #4). + 8. The five bits following the block type is really the number of + literal codes sent minus 257. + 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits + (1+6+6). Therefore, to output three times the length, you output + three codes (1+1+1), whereas to output four times the same length, + you only need two codes (1+3). Hmm. + 10. In the tree reconstruction algorithm, Code = Code + Increment + only if BitLength(i) is not zero. (Pretty obvious.) + 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) + 12. Note: length code 284 can represent 227-258, but length code 285 + really is 258. The last length deserves its own, short code + since it gets used a lot in very redundant files. The length + 258 is special since 258 - 3 (the min match length) is 255. + 13. The literal/length and distance code bit lengths are read as a + single stream of lengths. It is possible (and advantageous) for + a repeat code (16, 17, or 18) to go across the boundary between + the two sets of lengths. + */ + +#ifdef RCSID +static char rcsid[] = "#Id: inflate.c,v 0.14 1993/06/10 13:27:04 jloup Exp #"; +#endif + +#ifndef __XEN__ + +#if defined(STDC_HEADERS) || defined(HAVE_STDLIB_H) +# include +# include +#endif + +#include "gzip.h" + +#endif /* !__XEN__ */ + +#define slide window + +/* Huffman code lookup table entry--this entry is four bytes for machines + that have 16-bit pointers (e.g. PC's in the small or medium model). + Valid extra bits are 0..13. e == 15 is EOB (end of block), e == 16 + means that v is a literal, 16 < e < 32 means that v is a pointer to + the next table, which codes e - 16 bits, and lastly e == 99 indicates + an unused code. If a code with e == 99 is looked up, this implies an + error in the data. */ +struct huft { + uch e; /* number of extra bits or operation */ + uch b; /* number of bits in this code or subcode */ + union { + ush n; /* literal, length base, or distance base */ + struct huft *t; /* pointer to next level of table */ + } v; +}; + + +/* Function prototypes */ +static int huft_build OF((unsigned *, unsigned, unsigned, + const ush *, const ush *, struct huft **, int *)); +static int huft_free OF((struct huft *)); +static int inflate_codes OF((struct huft *, struct huft *, int, int)); +static int inflate_stored OF((void)); +static int inflate_fixed OF((void)); +static int inflate_dynamic OF((void)); +static int inflate_block OF((int *)); +static int inflate OF((void)); + + +/* The inflate algorithm uses a sliding 32 K byte window on the uncompressed + stream to find repeated byte strings. This is implemented here as a + circular buffer. The index is updated simply by incrementing and then + ANDing with 0x7fff (32K-1). */ +/* It is left to other modules to supply the 32 K area. It is assumed + to be usable as if it were declared "uch slide[32768];" or as just + "uch *slide;" and then malloc'ed in the latter case. The definition + must be in unzip.h, included above. */ +/* unsigned wp; current position in slide */ +#define wp outcnt +#define flush_output(w) (wp=(w),flush_window()) + +/* Tables for deflate from PKZIP's appnote.txt. */ +static const unsigned border[] = { /* Order of the bit length code lengths */ + 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; +static const ush cplens[] = { /* Copy lengths for literal codes 257..285 */ + 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, + 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; +/* note: see note #13 above about the 258 in this list. */ +static const ush cplext[] = { /* Extra bits for literal codes 257..285 */ + 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, + 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 99, 99}; /* 99==invalid */ +static const ush cpdist[] = { /* Copy offsets for distance codes 0..29 */ + 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, + 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, + 8193, 12289, 16385, 24577}; +static const ush cpdext[] = { /* Extra bits for distance codes */ + 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, + 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, + 12, 12, 13, 13}; + + + +/* Macros for inflate() bit peeking and grabbing. + The usage is: + + NEEDBITS(j) + x = b & mask_bits[j]; + DUMPBITS(j) + + where NEEDBITS makes sure that b has at least j bits in it, and + DUMPBITS removes the bits from b. The macros use the variable k + for the number of bits in b. Normally, b and k are register + variables for speed, and are initialized at the beginning of a + routine that uses these macros from a global bit buffer and count. + + If we assume that EOB will be the longest code, then we will never + ask for bits with NEEDBITS that are beyond the end of the stream. + So, NEEDBITS should not read any more bytes than are needed to + meet the request. Then no bytes need to be "returned" to the buffer + at the end of the last block. + + However, this assumption is not true for fixed blocks--the EOB code + is 7 bits, but the other literal/length codes can be 8 or 9 bits. + (The EOB code is shorter than other codes because fixed blocks are + generally short. So, while a block always has an EOB, many other + literal/length codes have a significantly lower probability of + showing up at all.) However, by making the first table have a + lookup of seven bits, the EOB code will be found in that first + lookup, and so will not require that too many bits be pulled from + the stream. + */ + +static ulg __initdata bb; /* bit buffer */ +static unsigned __initdata bk; /* bits in bit buffer */ + +static const ush mask_bits[] = { + 0x0000, + 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff, + 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff +}; + +#define NEXTBYTE() ({ int v = get_byte(); if (v < 0) goto underrun; (uch)v; }) +#define NEEDBITS(n) {while(k<(n)){b|=((ulg)NEXTBYTE())<>=(n);k-=(n);} + +#ifndef NO_INFLATE_MALLOC +/* A trivial malloc implementation, adapted from + * malloc by Hannu Savolainen 1993 and Matthias Urlichs 1994 + */ + +static unsigned long __initdata malloc_ptr; +static int __initdata malloc_count; + +static void __init init_allocator(void) +{ + malloc_ptr = free_mem_ptr; + malloc_count = 0; +} + +static void *__init malloc(int size) +{ + void *p; + + if (size < 0) + error("Malloc error"); + if (!malloc_ptr) + malloc_ptr = free_mem_ptr; + + malloc_ptr = (malloc_ptr + 3) & ~3; /* Align */ + + p = (void *)malloc_ptr; + malloc_ptr += size; + + if (free_mem_end_ptr && malloc_ptr >= free_mem_end_ptr) + error("Out of memory"); + + malloc_count++; + return p; +} + +static void __init free(void *where) +{ + malloc_count--; + if (!malloc_count) + malloc_ptr = free_mem_ptr; +} +#else +#define malloc(a) kmalloc(a, GFP_KERNEL) +#define free(a) kfree(a) +#endif + +/* + Huffman code decoding is performed using a multi-level table lookup. + The fastest way to decode is to simply build a lookup table whose + size is determined by the longest code. However, the time it takes + to build this table can also be a factor if the data being decoded + is not very long. The most common codes are necessarily the + shortest codes, so those codes dominate the decoding time, and hence + the speed. The idea is you can have a shorter table that decodes the + shorter, more probable codes, and then point to subsidiary tables for + the longer codes. The time it costs to decode the longer codes is + then traded against the time it takes to make longer tables. + + This results of this trade are in the variables lbits and dbits + below. lbits is the number of bits the first level table for literal/ + length codes can decode in one step, and dbits is the same thing for + the distance codes. Subsequent tables are also less than or equal to + those sizes. These values may be adjusted either when all of the + codes are shorter than that, in which case the longest code length in + bits is used, or when the shortest code is *longer* than the requested + table size, in which case the length of the shortest code in bits is + used. + + There are two different values for the two tables, since they code a + different number of possibilities each. The literal/length table + codes 286 possible values, or in a flat code, a little over eight + bits. The distance table codes 30 possible values, or a little less + than five bits, flat. The optimum values for speed end up being + about one bit more than those, so lbits is 8+1 and dbits is 5+1. + The optimum values may differ though from machine to machine, and + possibly even between compilers. Your mileage may vary. + */ + + +static const int lbits = 9; /* bits in base literal/length lookup table */ +static const int dbits = 6; /* bits in base distance lookup table */ + + +/* If BMAX needs to be larger than 16, then h and x[] should be ulg. */ +#define BMAX 16 /* maximum bit length of any code (16 for explode) */ +#define N_MAX 288 /* maximum number of codes in any set */ + + +static unsigned __initdata hufts; /* track memory usage */ + + +static int __init huft_build( + unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ + unsigned n, /* number of codes (assumed <= N_MAX) */ + unsigned s, /* number of simple-valued codes (0..s-1) */ + const ush *d, /* list of base values for non-simple codes */ + const ush *e, /* list of extra bits for non-simple codes */ + struct huft **t, /* result: starting table */ + int *m /* maximum lookup bits, returns actual */ + ) +/* Given a list of code lengths and a maximum table size, make a set of + tables to decode that set of codes. Return zero on success, one if + the given code set is incomplete (the tables are still built in this + case), two if the input is invalid (all zero length codes or an + oversubscribed set of lengths), and three if not enough memory. */ +{ + unsigned a; /* counter for codes of length k */ + unsigned f; /* i repeats in table every f entries */ + int g; /* maximum code length */ + int h; /* table level */ + register unsigned i; /* counter, current code */ + register unsigned j; /* counter */ + register int k; /* number of bits in current code */ + int l; /* bits per table (returned in m) */ + register unsigned *p; /* pointer into c[], b[], or v[] */ + register struct huft *q; /* points to current table */ + struct huft r; /* table entry for structure assignment */ + register int w; /* bits before this table == (l * h) */ + unsigned *xp; /* pointer into x */ + int y; /* number of dummy codes added */ + unsigned z; /* number of entries in current table */ + struct { + unsigned c[BMAX+1]; /* bit length count table */ + struct huft *u[BMAX]; /* table stack */ + unsigned v[N_MAX]; /* values in order of bit length */ + unsigned x[BMAX+1]; /* bit offsets, then code stack */ + } *stk; + unsigned *c, *v, *x; + struct huft **u; + int ret; + + DEBG("huft1 "); + + stk = malloc(sizeof(*stk)); + if (stk == NULL) + return 3; /* out of memory */ + + c = stk->c; + v = stk->v; + x = stk->x; + u = stk->u; + + /* Generate counts for each bit length */ + memzero(stk->c, sizeof(stk->c)); + p = b; i = n; + do { + Tracecv(*p, (stderr, (n-i >= ' ' && n-i <= '~' ? "%c %d\n" : "0x%x %d\n"), + n-i, *p)); + c[*p]++; /* assume all entries <= BMAX */ + p++; /* Can't combine with above line (Solaris bug) */ + } while (--i); + if (c[0] == n) /* null input--all zero length codes */ + { + *t = (struct huft *)NULL; + *m = 0; + ret = 2; + goto out; + } + + DEBG("huft2 "); + + /* Find minimum and maximum length, bound *m by those */ + l = *m; + for (j = 1; j <= BMAX; j++) + if (c[j]) + break; + k = j; /* minimum code length */ + if ((unsigned)l < j) + l = j; + for (i = BMAX; i; i--) + if (c[i]) + break; + g = i; /* maximum code length */ + if ((unsigned)l > i) + l = i; + *m = l; + + DEBG("huft3 "); + + /* Adjust last length count to fill out codes, if needed */ + for (y = 1 << j; j < i; j++, y <<= 1) + if ((y -= c[j]) < 0) { + ret = 2; /* bad input: more codes than bits */ + goto out; + } + if ((y -= c[i]) < 0) { + ret = 2; + goto out; + } + c[i] += y; + + DEBG("huft4 "); + + /* Generate starting offsets into the value table for each length */ + x[1] = j = 0; + p = c + 1; xp = x + 2; + while (--i) { /* note that i == g from above */ + *xp++ = (j += *p++); + } + + DEBG("huft5 "); + + /* Make a table of values in order of bit lengths */ + p = b; i = 0; + do { + if ((j = *p++) != 0) + v[x[j]++] = i; + } while (++i < n); + n = x[g]; /* set n to length of v */ + + DEBG("h6 "); + + /* Generate the Huffman codes and for each, make the table entries */ + x[0] = i = 0; /* first Huffman code is zero */ + p = v; /* grab values in bit order */ + h = -1; /* no tables yet--level -1 */ + w = -l; /* bits decoded == (l * h) */ + u[0] = (struct huft *)NULL; /* just to keep compilers happy */ + q = (struct huft *)NULL; /* ditto */ + z = 0; /* ditto */ + DEBG("h6a "); + + /* go through the bit lengths (k already is bits in shortest code) */ + for (; k <= g; k++) + { + DEBG("h6b "); + a = c[k]; + while (a--) + { + DEBG("h6b1 "); + /* here i is the Huffman code of length k bits for value *p */ + /* make tables up to required level */ + while (k > w + l) + { + DEBG1("1 "); + h++; + w += l; /* previous table always l bits */ + + /* compute minimum size table less than or equal to l bits */ + z = (z = g - w) > (unsigned)l ? l : z; /* upper limit on table size */ + if ((f = 1 << (j = k - w)) > a + 1) /* try a k-w bit table */ + { /* too few codes for k-w bit table */ + DEBG1("2 "); + f -= a + 1; /* deduct codes from patterns left */ + xp = c + k; + if (j < z) + while (++j < z) /* try smaller tables up to z bits */ + { + if ((f <<= 1) <= *++xp) + break; /* enough codes to use up j bits */ + f -= *xp; /* else deduct codes from patterns */ + } + } + DEBG1("3 "); + z = 1 << j; /* table entries for j-bit table */ + + /* allocate and link in new table */ + if ((q = (struct huft *)malloc((z + 1)*sizeof(struct huft))) == + (struct huft *)NULL) + { + if (h) + huft_free(u[0]); + ret = 3; /* not enough memory */ + goto out; + } + DEBG1("4 "); + hufts += z + 1; /* track memory usage */ + *t = q + 1; /* link to list for huft_free() */ + *(t = &(q->v.t)) = (struct huft *)NULL; + u[h] = ++q; /* table starts after link */ + + DEBG1("5 "); + /* connect to last table, if there is one */ + if (h) + { + x[h] = i; /* save pattern for backing up */ + r.b = (uch)l; /* bits to dump before this table */ + r.e = (uch)(16 + j); /* bits in this table */ + r.v.t = q; /* pointer to this table */ + j = i >> (w - l); /* (get around Turbo C bug) */ + u[h-1][j] = r; /* connect to last table */ + } + DEBG1("6 "); + } + DEBG("h6c "); + + /* set up table entry in r */ + r.b = (uch)(k - w); + if (p >= v + n) + r.e = 99; /* out of values--invalid code */ + else if (*p < s) + { + r.e = (uch)(*p < 256 ? 16 : 15); /* 256 is end-of-block code */ + r.v.n = (ush)(*p); /* simple code is just the value */ + p++; /* one compiler does not like *p++ */ + } + else + { + r.e = (uch)e[*p - s]; /* non-simple--look up in lists */ + r.v.n = d[*p++ - s]; + } + DEBG("h6d "); + + /* fill code-like entries with r */ + f = 1 << (k - w); + for (j = i >> w; j < z; j += f) + q[j] = r; + + /* backwards increment the k-bit code i */ + for (j = 1 << (k - 1); i & j; j >>= 1) + i ^= j; + i ^= j; + + /* backup over finished tables */ + while ((i & ((1 << w) - 1)) != x[h]) + { + h--; /* don't need to update q */ + w -= l; + } + DEBG("h6e "); + } + DEBG("h6f "); + } + + DEBG("huft7 "); + + /* Return true (1) if we were given an incomplete table */ + ret = y != 0 && g != 1; + + out: + free(stk); + return ret; +} + + + +static int __init huft_free( + struct huft *t /* table to free */ + ) +/* Free the malloc'ed tables built by huft_build(), which makes a linked + list of the tables it made, with the links in a dummy first entry of + each table. */ +{ + register struct huft *p, *q; + + + /* Go through linked list, freeing from the malloced (t[-1]) address. */ + p = t; + while (p != (struct huft *)NULL) + { + q = (--p)->v.t; + free((char*)p); + p = q; + } + return 0; +} + + +static int __init inflate_codes( + struct huft *tl, /* literal/length decoder tables */ + struct huft *td, /* distance decoder tables */ + int bl, /* number of bits decoded by tl[] */ + int bd /* number of bits decoded by td[] */ + ) +/* inflate (decompress) the codes in a deflated (compressed) block. + Return an error code or zero if it all goes ok. */ +{ + register unsigned e; /* table entry flag/number of extra bits */ + unsigned n, d; /* length and index for copy */ + unsigned w; /* current window position */ + struct huft *t; /* pointer to table entry */ + unsigned ml, md; /* masks for bl and bd bits */ + register ulg b; /* bit buffer */ + register unsigned k; /* number of bits in bit buffer */ + + + /* make local copies of globals */ + b = bb; /* initialize bit buffer */ + k = bk; + w = wp; /* initialize window position */ + + /* inflate the coded data */ + ml = mask_bits[bl]; /* precompute masks for speed */ + md = mask_bits[bd]; + for (;;) /* do until end of block */ + { + NEEDBITS((unsigned)bl) + if ((e = (t = tl + ((unsigned)b & ml))->e) > 16) + do { + if (e == 99) + return 1; + DUMPBITS(t->b) + e -= 16; + NEEDBITS(e) + } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); + DUMPBITS(t->b) + if (e == 16) /* then it's a literal */ + { + slide[w++] = (uch)t->v.n; + Tracevv((stderr, "%c", slide[w-1])); + if (w == WSIZE) + { + flush_output(w); + w = 0; + } + } + else /* it's an EOB or a length */ + { + /* exit if end of block */ + if (e == 15) + break; + + /* get length of block to copy */ + NEEDBITS(e) + n = t->v.n + ((unsigned)b & mask_bits[e]); + DUMPBITS(e); + + /* decode distance of block to copy */ + NEEDBITS((unsigned)bd) + if ((e = (t = td + ((unsigned)b & md))->e) > 16) + do { + if (e == 99) + return 1; + DUMPBITS(t->b) + e -= 16; + NEEDBITS(e) + } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); + DUMPBITS(t->b) + NEEDBITS(e) + d = w - t->v.n - ((unsigned)b & mask_bits[e]); + DUMPBITS(e) + Tracevv((stderr,"\\[%d,%d]", w-d, n)); + + /* do the copy */ + do { + n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e); +#if !defined(NOMEMCPY) && !defined(DEBUG) + if (w - d >= e) /* (this test assumes unsigned comparison) */ + { + memcpy(slide + w, slide + d, e); + w += e; + d += e; + } + else /* do it slow to avoid memcpy() overlap */ +#endif /* !NOMEMCPY */ + do { + slide[w++] = slide[d++]; + Tracevv((stderr, "%c", slide[w-1])); + } while (--e); + if (w == WSIZE) + { + flush_output(w); + w = 0; + } + } while (n); + } + } + + + /* restore the globals from the locals */ + wp = w; /* restore global window pointer */ + bb = b; /* restore global bit buffer */ + bk = k; + + /* done */ + return 0; + + underrun: + return 4; /* Input underrun */ +} + + + +static int __init inflate_stored(void) +/* "decompress" an inflated type 0 (stored) block. */ +{ + unsigned n; /* number of bytes in block */ + unsigned w; /* current window position */ + register ulg b; /* bit buffer */ + register unsigned k; /* number of bits in bit buffer */ + + DEBG(""); + return 0; + + underrun: + return 4; /* Input underrun */ +} + + +/* + * We use `noinline' here to prevent gcc-3.5 from using too much stack space + */ +static int noinline __init inflate_fixed(void) +/* decompress an inflated type 1 (fixed Huffman codes) block. We should + either replace this with a custom decoder, or at least precompute the + Huffman tables. */ +{ + int i; /* temporary variable */ + struct huft *tl; /* literal/length code table */ + struct huft *td; /* distance code table */ + int bl; /* lookup bits for tl */ + int bd; /* lookup bits for td */ + unsigned *l; /* length list for huft_build */ + + DEBG(" 1) + { + huft_free(tl); + free(l); + + DEBG(">"); + return i; + } + + + /* decompress until an end-of-block code */ + if (inflate_codes(tl, td, bl, bd)) { + free(l); + return 1; + } + + /* free the decoding tables, return */ + free(l); + huft_free(tl); + huft_free(td); + return 0; +} + + +/* + * We use `noinline' here to prevent gcc-3.5 from using too much stack space + */ +static int noinline __init inflate_dynamic(void) +/* decompress an inflated type 2 (dynamic Huffman codes) block. */ +{ + int i; /* temporary variables */ + unsigned j; + unsigned l; /* last length */ + unsigned m; /* mask for bit lengths table */ + unsigned n; /* number of lengths to get */ + struct huft *tl; /* literal/length code table */ + struct huft *td; /* distance code table */ + int bl; /* lookup bits for tl */ + int bd; /* lookup bits for td */ + unsigned nb; /* number of bit length codes */ + unsigned nl; /* number of literal/length codes */ + unsigned nd; /* number of distance codes */ + unsigned *ll; /* literal/length and distance code lengths */ + register ulg b; /* bit buffer */ + register unsigned k; /* number of bits in bit buffer */ + int ret; + + DEBG(" 288 || nd > 32) +#else + if (nl > 286 || nd > 30) +#endif + { + ret = 1; /* bad lengths */ + goto out; + } + + DEBG("dyn1 "); + + /* read in bit-length-code lengths */ + for (j = 0; j < nb; j++) + { + NEEDBITS(3) + ll[border[j]] = (unsigned)b & 7; + DUMPBITS(3) + } + for (; j < 19; j++) + ll[border[j]] = 0; + + DEBG("dyn2 "); + + /* build decoding table for trees--single level, 7 bit lookup */ + bl = 7; + if ((i = huft_build(ll, 19, 19, NULL, NULL, &tl, &bl)) != 0) + { + if (i == 1) + huft_free(tl); + ret = i; /* incomplete code set */ + goto out; + } + + DEBG("dyn3 "); + + /* read in literal and distance code lengths */ + n = nl + nd; + m = mask_bits[bl]; + i = l = 0; + while ((unsigned)i < n) + { + NEEDBITS((unsigned)bl) + j = (td = tl + ((unsigned)b & m))->b; + DUMPBITS(j) + j = td->v.n; + if (j < 16) /* length of code in bits (0..15) */ + ll[i++] = l = j; /* save last length in l */ + else if (j == 16) /* repeat last length 3 to 6 times */ + { + NEEDBITS(2) + j = 3 + ((unsigned)b & 3); + DUMPBITS(2) + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } + while (j--) + ll[i++] = l; + } + else if (j == 17) /* 3 to 10 zero length codes */ + { + NEEDBITS(3) + j = 3 + ((unsigned)b & 7); + DUMPBITS(3) + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } + while (j--) + ll[i++] = 0; + l = 0; + } + else /* j == 18: 11 to 138 zero length codes */ + { + NEEDBITS(7) + j = 11 + ((unsigned)b & 0x7f); + DUMPBITS(7) + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } + while (j--) + ll[i++] = 0; + l = 0; + } + } + + DEBG("dyn4 "); + + /* free decoding table for trees */ + huft_free(tl); + + DEBG("dyn5 "); + + /* restore the global bit buffer */ + bb = b; + bk = k; + + DEBG("dyn5a "); + + /* build the decoding tables for literal/length and distance codes */ + bl = lbits; + if ((i = huft_build(ll, nl, 257, cplens, cplext, &tl, &bl)) != 0) + { + DEBG("dyn5b "); + if (i == 1) { + error("incomplete literal tree"); + huft_free(tl); + } + ret = i; /* incomplete code set */ + goto out; + } + DEBG("dyn5c "); + bd = dbits; + if ((i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &td, &bd)) != 0) + { + DEBG("dyn5d "); + if (i == 1) { + error("incomplete distance tree"); +#ifdef PKZIP_BUG_WORKAROUND + i = 0; + } +#else + huft_free(td); + } + huft_free(tl); + ret = i; /* incomplete code set */ + goto out; +#endif +} + +DEBG("dyn6 "); + + /* decompress until an end-of-block code */ +if (inflate_codes(tl, td, bl, bd)) { + ret = 1; + goto out; +} + +DEBG("dyn7 "); + + /* free the decoding tables, return */ +huft_free(tl); +huft_free(td); + +DEBG(">"); +ret = 0; +out: +free(ll); +return ret; + +underrun: +ret = 4; /* Input underrun */ +goto out; +} + + + +static int __init inflate_block( +int *e /* last block flag */ +) +/* decompress an inflated block */ +{ +unsigned t; /* block type */ +register ulg b; /* bit buffer */ +register unsigned k; /* number of bits in bit buffer */ + +DEBG(""); + + /* bad block type */ + return 2; + + underrun: + return 4; /* Input underrun */ +} + + + +static int __init inflate(void) +/* decompress an inflated entry */ +{ + int e; /* last block flag */ + int r; /* result code */ + unsigned h; /* maximum struct huft's malloc'ed */ + + /* initialize window, bit buffer */ + wp = 0; + bk = 0; + bb = 0; + + + /* decompress until the last block */ + h = 0; + do { + hufts = 0; +#ifdef ARCH_HAS_DECOMP_WDOG + arch_decomp_wdog(); +#endif + r = inflate_block(&e); + if (r) + return r; + if (hufts > h) + h = hufts; + } while (!e); + + /* Undo too much lookahead. The next read will be byte aligned so we + * can discard unused bits in the last meaningful byte. + */ + while (bk >= 8) { + bk -= 8; + inptr--; + } + + /* flush out slide */ + flush_output(wp); + + + /* return success */ +#ifdef DEBUG + fprintf(stderr, "<%u> ", h); +#endif /* DEBUG */ + return 0; +} + +/********************************************************************** + * + * The following are support routines for inflate.c + * + **********************************************************************/ + +static ulg __initdata crc_32_tab[256]; +static ulg __initdata crc; /* initialized in makecrc() so it'll reside in bss */ +#define CRC_VALUE (crc ^ 0xffffffffUL) + +/* + * Code to compute the CRC-32 table. Borrowed from + * gzip-1.0.3/makecrc.c. + */ + +static void __init +makecrc(void) +{ +/* Not copyrighted 1990 Mark Adler */ + + unsigned long c; /* crc shift register */ + unsigned long e; /* polynomial exclusive-or pattern */ + int i; /* counter for all possible eight bit values */ + int k; /* byte being shifted into crc apparatus */ + + /* terms of polynomial defining this crc (except x^32): */ + static const int p[] = {0,1,2,4,5,7,8,10,11,12,16,22,23,26}; + + /* Make exclusive-or pattern from polynomial */ + e = 0; + for (i = 0; i < sizeof(p)/sizeof(int); i++) + e |= 1L << (31 - p[i]); + + crc_32_tab[0] = 0; + + for (i = 1; i < 256; i++) + { + c = 0; + for (k = i | 256; k != 1; k >>= 1) + { + c = c & 1 ? (c >> 1) ^ e : c >> 1; + if (k & 1) + c ^= e; + } + crc_32_tab[i] = c; + } + + /* this is initialized here so this code could reside in ROM */ + crc = (ulg)0xffffffffUL; /* shift register contents */ +} + +/* gzip flag byte */ +#define ASCII_FLAG 0x01 /* bit 0 set: file probably ASCII text */ +#define CONTINUATION 0x02 /* bit 1 set: continuation of multi-part gzip file */ +#define EXTRA_FIELD 0x04 /* bit 2 set: extra field present */ +#define ORIG_NAME 0x08 /* bit 3 set: original file name present */ +#define COMMENT 0x10 /* bit 4 set: file comment present */ +#define ENCRYPTED 0x20 /* bit 5 set: file is encrypted */ +#define RESERVED 0xC0 /* bit 6,7: reserved */ + +/* + * Do the uncompression! + */ +static int __init gunzip(void) +{ + uch flags; + unsigned char magic[2]; /* magic header */ + char method; + ulg orig_crc = 0; /* original crc */ + ulg orig_len = 0; /* original uncompressed length */ + int res; + + magic[0] = NEXTBYTE(); + magic[1] = NEXTBYTE(); + method = NEXTBYTE(); + + if (magic[0] != 037 || /* octal-ok */ + ((magic[1] != 0213) && (magic[1] != 0236))) { /* octal-ok */ + error("bad gzip magic numbers"); + return -1; + } + + /* We only support method #8, DEFLATED */ + if (method != 8) { + error("internal error, invalid method"); + return -1; + } + + flags = (uch)get_byte(); + if ((flags & ENCRYPTED) != 0) { + error("Input is encrypted"); + return -1; + } + if ((flags & CONTINUATION) != 0) { + error("Multi part input"); + return -1; + } + if ((flags & RESERVED) != 0) { + error("Input has invalid flags"); + return -1; + } + NEXTBYTE(); /* Get timestamp */ + NEXTBYTE(); + NEXTBYTE(); + NEXTBYTE(); + + (void)NEXTBYTE(); /* Ignore extra flags for the moment */ + (void)NEXTBYTE(); /* Ignore OS type for the moment */ + + if ((flags & EXTRA_FIELD) != 0) { + unsigned len = (unsigned)NEXTBYTE(); + len |= ((unsigned)NEXTBYTE())<<8; + while (len--) (void)NEXTBYTE(); + } + + /* Get original file name if it was truncated */ + if ((flags & ORIG_NAME) != 0) { + /* Discard the old name */ + while (NEXTBYTE() != 0) /* null */ ; + } + + /* Discard file comment if any */ + if ((flags & COMMENT) != 0) { + while (NEXTBYTE() != 0) /* null */ ; + } + + /* Decompress */ + if ((res = inflate())) { + switch (res) { + case 0: + break; + case 1: + error("invalid compressed format (err=1)"); + break; + case 2: + error("invalid compressed format (err=2)"); + break; + case 3: + error("out of memory"); + break; + case 4: + error("out of input data"); + break; + default: + error("invalid compressed format (other)"); + } + return -1; + } + + /* Get the crc and original length */ + /* crc32 (see algorithm.doc) + * uncompressed input size modulo 2^32 + */ + orig_crc = (ulg) NEXTBYTE(); + orig_crc |= (ulg) NEXTBYTE() << 8; + orig_crc |= (ulg) NEXTBYTE() << 16; + orig_crc |= (ulg) NEXTBYTE() << 24; + + orig_len = (ulg) NEXTBYTE(); + orig_len |= (ulg) NEXTBYTE() << 8; + orig_len |= (ulg) NEXTBYTE() << 16; + orig_len |= (ulg) NEXTBYTE() << 24; + + /* Validate decompression */ + if (orig_crc != CRC_VALUE) { + error("crc error"); + return -1; + } + if (orig_len != bytes_out) { + error("length error"); + return -1; + } + return 0; + + underrun: /* NEXTBYTE() goto's here if needed */ + error("out of input data"); + return -1; +} diff --git a/xen/common/inflate.c b/xen/common/inflate.c deleted file mode 100644 index 58f263d9e8..0000000000 --- a/xen/common/inflate.c +++ /dev/null @@ -1,1305 +0,0 @@ -#define DEBG(x) -#define DEBG1(x) -/* inflate.c -- Not copyrighted 1992 by Mark Adler - version c10p1, 10 January 1993 */ - -/* - * Adapted for booting Linux by Hannu Savolainen 1993 - * based on gzip-1.0.3 - * - * Nicolas Pitre , 1999/04/14 : - * Little mods for all variable to reside either into rodata or bss segments - * by marking constant variables with 'const' and initializing all the others - * at run-time only. This allows for the kernel uncompressor to run - * directly from Flash or ROM memory on embedded systems. - */ - -/* - Inflate deflated (PKZIP's method 8 compressed) data. The compression - method searches for as much of the current string of bytes (up to a - length of 258) in the previous 32 K bytes. If it doesn't find any - matches (of at least length 3), it codes the next byte. Otherwise, it - codes the length of the matched string and its distance backwards from - the current position. There is a single Huffman code that codes both - single bytes (called "literals") and match lengths. A second Huffman - code codes the distance information, which follows a length code. Each - length or distance code actually represents a base value and a number - of "extra" (sometimes zero) bits to get to add to the base value. At - the end of each deflated block is a special end-of-block (EOB) literal/ - length code. The decoding process is basically: get a literal/length - code; if EOB then done; if a literal, emit the decoded byte; if a - length then get the distance and emit the referred-to bytes from the - sliding window of previously emitted data. - - There are (currently) three kinds of inflate blocks: stored, fixed, and - dynamic. The compressor deals with some chunk of data at a time, and - decides which method to use on a chunk-by-chunk basis. A chunk might - typically be 32 K or 64 K. If the chunk is incompressible, then the - "stored" method is used. In this case, the bytes are simply stored as - is, eight bits per byte, with none of the above coding. The bytes are - preceded by a count, since there is no longer an EOB code. - - If the data is compressible, then either the fixed or dynamic methods - are used. In the dynamic method, the compressed data is preceded by - an encoding of the literal/length and distance Huffman codes that are - to be used to decode this block. The representation is itself Huffman - coded, and so is preceded by a description of that code. These code - descriptions take up a little space, and so for small blocks, there is - a predefined set of codes, called the fixed codes. The fixed method is - used if the block codes up smaller that way (usually for quite small - chunks), otherwise the dynamic method is used. In the latter case, the - codes are customized to the probabilities in the current block, and so - can code it much better than the pre-determined fixed codes. - - The Huffman codes themselves are decoded using a multi-level table - lookup, in order to maximize the speed of decoding plus the speed of - building the decoding tables. See the comments below that precede the - lbits and dbits tuning parameters. - */ - - -/* - Notes beyond the 1.93a appnote.txt: - - 1. Distance pointers never point before the beginning of the output - stream. - 2. Distance pointers can point back across blocks, up to 32k away. - 3. There is an implied maximum of 7 bits for the bit length table and - 15 bits for the actual data. - 4. If only one code exists, then it is encoded using one bit. (Zero - would be more efficient, but perhaps a little confusing.) If two - codes exist, they are coded using one bit each (0 and 1). - 5. There is no way of sending zero distance codes--a dummy must be - sent if there are none. (History: a pre 2.0 version of PKZIP would - store blocks with no distance codes, but this was discovered to be - too harsh a criterion.) Valid only for 1.93a. 2.04c does allow - zero distance codes, which is sent as one code of zero bits in - length. - 6. There are up to 286 literal/length codes. Code 256 represents the - end-of-block. Note however that the static length tree defines - 288 codes just to fill out the Huffman codes. Codes 286 and 287 - cannot be used though, since there is no length base or extra bits - defined for them. Similarly, there are up to 30 distance codes. - However, static trees define 32 codes (all 5 bits) to fill out the - Huffman codes, but the last two had better not show up in the data. - 7. Unzip can check dynamic Huffman blocks for complete code sets. - The exception is that a single code would not be complete (see #4). - 8. The five bits following the block type is really the number of - literal codes sent minus 257. - 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits - (1+6+6). Therefore, to output three times the length, you output - three codes (1+1+1), whereas to output four times the same length, - you only need two codes (1+3). Hmm. - 10. In the tree reconstruction algorithm, Code = Code + Increment - only if BitLength(i) is not zero. (Pretty obvious.) - 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) - 12. Note: length code 284 can represent 227-258, but length code 285 - really is 258. The last length deserves its own, short code - since it gets used a lot in very redundant files. The length - 258 is special since 258 - 3 (the min match length) is 255. - 13. The literal/length and distance code bit lengths are read as a - single stream of lengths. It is possible (and advantageous) for - a repeat code (16, 17, or 18) to go across the boundary between - the two sets of lengths. - */ - -#ifdef RCSID -static char rcsid[] = "#Id: inflate.c,v 0.14 1993/06/10 13:27:04 jloup Exp #"; -#endif - -#ifndef __XEN__ - -#if defined(STDC_HEADERS) || defined(HAVE_STDLIB_H) -# include -# include -#endif - -#include "gzip.h" - -#endif /* !__XEN__ */ - -#define slide window - -/* Huffman code lookup table entry--this entry is four bytes for machines - that have 16-bit pointers (e.g. PC's in the small or medium model). - Valid extra bits are 0..13. e == 15 is EOB (end of block), e == 16 - means that v is a literal, 16 < e < 32 means that v is a pointer to - the next table, which codes e - 16 bits, and lastly e == 99 indicates - an unused code. If a code with e == 99 is looked up, this implies an - error in the data. */ -struct huft { - uch e; /* number of extra bits or operation */ - uch b; /* number of bits in this code or subcode */ - union { - ush n; /* literal, length base, or distance base */ - struct huft *t; /* pointer to next level of table */ - } v; -}; - - -/* Function prototypes */ -static int huft_build OF((unsigned *, unsigned, unsigned, - const ush *, const ush *, struct huft **, int *)); -static int huft_free OF((struct huft *)); -static int inflate_codes OF((struct huft *, struct huft *, int, int)); -static int inflate_stored OF((void)); -static int inflate_fixed OF((void)); -static int inflate_dynamic OF((void)); -static int inflate_block OF((int *)); -static int inflate OF((void)); - - -/* The inflate algorithm uses a sliding 32 K byte window on the uncompressed - stream to find repeated byte strings. This is implemented here as a - circular buffer. The index is updated simply by incrementing and then - ANDing with 0x7fff (32K-1). */ -/* It is left to other modules to supply the 32 K area. It is assumed - to be usable as if it were declared "uch slide[32768];" or as just - "uch *slide;" and then malloc'ed in the latter case. The definition - must be in unzip.h, included above. */ -/* unsigned wp; current position in slide */ -#define wp outcnt -#define flush_output(w) (wp=(w),flush_window()) - -/* Tables for deflate from PKZIP's appnote.txt. */ -static const unsigned border[] = { /* Order of the bit length code lengths */ - 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; -static const ush cplens[] = { /* Copy lengths for literal codes 257..285 */ - 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, - 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; -/* note: see note #13 above about the 258 in this list. */ -static const ush cplext[] = { /* Extra bits for literal codes 257..285 */ - 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, - 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 99, 99}; /* 99==invalid */ -static const ush cpdist[] = { /* Copy offsets for distance codes 0..29 */ - 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, - 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, - 8193, 12289, 16385, 24577}; -static const ush cpdext[] = { /* Extra bits for distance codes */ - 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, - 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, - 12, 12, 13, 13}; - - - -/* Macros for inflate() bit peeking and grabbing. - The usage is: - - NEEDBITS(j) - x = b & mask_bits[j]; - DUMPBITS(j) - - where NEEDBITS makes sure that b has at least j bits in it, and - DUMPBITS removes the bits from b. The macros use the variable k - for the number of bits in b. Normally, b and k are register - variables for speed, and are initialized at the beginning of a - routine that uses these macros from a global bit buffer and count. - - If we assume that EOB will be the longest code, then we will never - ask for bits with NEEDBITS that are beyond the end of the stream. - So, NEEDBITS should not read any more bytes than are needed to - meet the request. Then no bytes need to be "returned" to the buffer - at the end of the last block. - - However, this assumption is not true for fixed blocks--the EOB code - is 7 bits, but the other literal/length codes can be 8 or 9 bits. - (The EOB code is shorter than other codes because fixed blocks are - generally short. So, while a block always has an EOB, many other - literal/length codes have a significantly lower probability of - showing up at all.) However, by making the first table have a - lookup of seven bits, the EOB code will be found in that first - lookup, and so will not require that too many bits be pulled from - the stream. - */ - -static ulg __initdata bb; /* bit buffer */ -static unsigned __initdata bk; /* bits in bit buffer */ - -static const ush mask_bits[] = { - 0x0000, - 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff, - 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff -}; - -#define NEXTBYTE() ({ int v = get_byte(); if (v < 0) goto underrun; (uch)v; }) -#define NEEDBITS(n) {while(k<(n)){b|=((ulg)NEXTBYTE())<>=(n);k-=(n);} - -#ifndef NO_INFLATE_MALLOC -/* A trivial malloc implementation, adapted from - * malloc by Hannu Savolainen 1993 and Matthias Urlichs 1994 - */ - -static unsigned long __initdata malloc_ptr; -static int __initdata malloc_count; - -static void __init init_allocator(void) -{ - malloc_ptr = free_mem_ptr; - malloc_count = 0; -} - -static void *__init malloc(int size) -{ - void *p; - - if (size < 0) - error("Malloc error"); - if (!malloc_ptr) - malloc_ptr = free_mem_ptr; - - malloc_ptr = (malloc_ptr + 3) & ~3; /* Align */ - - p = (void *)malloc_ptr; - malloc_ptr += size; - - if (free_mem_end_ptr && malloc_ptr >= free_mem_end_ptr) - error("Out of memory"); - - malloc_count++; - return p; -} - -static void __init free(void *where) -{ - malloc_count--; - if (!malloc_count) - malloc_ptr = free_mem_ptr; -} -#else -#define malloc(a) kmalloc(a, GFP_KERNEL) -#define free(a) kfree(a) -#endif - -/* - Huffman code decoding is performed using a multi-level table lookup. - The fastest way to decode is to simply build a lookup table whose - size is determined by the longest code. However, the time it takes - to build this table can also be a factor if the data being decoded - is not very long. The most common codes are necessarily the - shortest codes, so those codes dominate the decoding time, and hence - the speed. The idea is you can have a shorter table that decodes the - shorter, more probable codes, and then point to subsidiary tables for - the longer codes. The time it costs to decode the longer codes is - then traded against the time it takes to make longer tables. - - This results of this trade are in the variables lbits and dbits - below. lbits is the number of bits the first level table for literal/ - length codes can decode in one step, and dbits is the same thing for - the distance codes. Subsequent tables are also less than or equal to - those sizes. These values may be adjusted either when all of the - codes are shorter than that, in which case the longest code length in - bits is used, or when the shortest code is *longer* than the requested - table size, in which case the length of the shortest code in bits is - used. - - There are two different values for the two tables, since they code a - different number of possibilities each. The literal/length table - codes 286 possible values, or in a flat code, a little over eight - bits. The distance table codes 30 possible values, or a little less - than five bits, flat. The optimum values for speed end up being - about one bit more than those, so lbits is 8+1 and dbits is 5+1. - The optimum values may differ though from machine to machine, and - possibly even between compilers. Your mileage may vary. - */ - - -static const int lbits = 9; /* bits in base literal/length lookup table */ -static const int dbits = 6; /* bits in base distance lookup table */ - - -/* If BMAX needs to be larger than 16, then h and x[] should be ulg. */ -#define BMAX 16 /* maximum bit length of any code (16 for explode) */ -#define N_MAX 288 /* maximum number of codes in any set */ - - -static unsigned __initdata hufts; /* track memory usage */ - - -static int __init huft_build( - unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ - unsigned n, /* number of codes (assumed <= N_MAX) */ - unsigned s, /* number of simple-valued codes (0..s-1) */ - const ush *d, /* list of base values for non-simple codes */ - const ush *e, /* list of extra bits for non-simple codes */ - struct huft **t, /* result: starting table */ - int *m /* maximum lookup bits, returns actual */ - ) -/* Given a list of code lengths and a maximum table size, make a set of - tables to decode that set of codes. Return zero on success, one if - the given code set is incomplete (the tables are still built in this - case), two if the input is invalid (all zero length codes or an - oversubscribed set of lengths), and three if not enough memory. */ -{ - unsigned a; /* counter for codes of length k */ - unsigned f; /* i repeats in table every f entries */ - int g; /* maximum code length */ - int h; /* table level */ - register unsigned i; /* counter, current code */ - register unsigned j; /* counter */ - register int k; /* number of bits in current code */ - int l; /* bits per table (returned in m) */ - register unsigned *p; /* pointer into c[], b[], or v[] */ - register struct huft *q; /* points to current table */ - struct huft r; /* table entry for structure assignment */ - register int w; /* bits before this table == (l * h) */ - unsigned *xp; /* pointer into x */ - int y; /* number of dummy codes added */ - unsigned z; /* number of entries in current table */ - struct { - unsigned c[BMAX+1]; /* bit length count table */ - struct huft *u[BMAX]; /* table stack */ - unsigned v[N_MAX]; /* values in order of bit length */ - unsigned x[BMAX+1]; /* bit offsets, then code stack */ - } *stk; - unsigned *c, *v, *x; - struct huft **u; - int ret; - - DEBG("huft1 "); - - stk = malloc(sizeof(*stk)); - if (stk == NULL) - return 3; /* out of memory */ - - c = stk->c; - v = stk->v; - x = stk->x; - u = stk->u; - - /* Generate counts for each bit length */ - memzero(stk->c, sizeof(stk->c)); - p = b; i = n; - do { - Tracecv(*p, (stderr, (n-i >= ' ' && n-i <= '~' ? "%c %d\n" : "0x%x %d\n"), - n-i, *p)); - c[*p]++; /* assume all entries <= BMAX */ - p++; /* Can't combine with above line (Solaris bug) */ - } while (--i); - if (c[0] == n) /* null input--all zero length codes */ - { - *t = (struct huft *)NULL; - *m = 0; - ret = 2; - goto out; - } - - DEBG("huft2 "); - - /* Find minimum and maximum length, bound *m by those */ - l = *m; - for (j = 1; j <= BMAX; j++) - if (c[j]) - break; - k = j; /* minimum code length */ - if ((unsigned)l < j) - l = j; - for (i = BMAX; i; i--) - if (c[i]) - break; - g = i; /* maximum code length */ - if ((unsigned)l > i) - l = i; - *m = l; - - DEBG("huft3 "); - - /* Adjust last length count to fill out codes, if needed */ - for (y = 1 << j; j < i; j++, y <<= 1) - if ((y -= c[j]) < 0) { - ret = 2; /* bad input: more codes than bits */ - goto out; - } - if ((y -= c[i]) < 0) { - ret = 2; - goto out; - } - c[i] += y; - - DEBG("huft4 "); - - /* Generate starting offsets into the value table for each length */ - x[1] = j = 0; - p = c + 1; xp = x + 2; - while (--i) { /* note that i == g from above */ - *xp++ = (j += *p++); - } - - DEBG("huft5 "); - - /* Make a table of values in order of bit lengths */ - p = b; i = 0; - do { - if ((j = *p++) != 0) - v[x[j]++] = i; - } while (++i < n); - n = x[g]; /* set n to length of v */ - - DEBG("h6 "); - - /* Generate the Huffman codes and for each, make the table entries */ - x[0] = i = 0; /* first Huffman code is zero */ - p = v; /* grab values in bit order */ - h = -1; /* no tables yet--level -1 */ - w = -l; /* bits decoded == (l * h) */ - u[0] = (struct huft *)NULL; /* just to keep compilers happy */ - q = (struct huft *)NULL; /* ditto */ - z = 0; /* ditto */ - DEBG("h6a "); - - /* go through the bit lengths (k already is bits in shortest code) */ - for (; k <= g; k++) - { - DEBG("h6b "); - a = c[k]; - while (a--) - { - DEBG("h6b1 "); - /* here i is the Huffman code of length k bits for value *p */ - /* make tables up to required level */ - while (k > w + l) - { - DEBG1("1 "); - h++; - w += l; /* previous table always l bits */ - - /* compute minimum size table less than or equal to l bits */ - z = (z = g - w) > (unsigned)l ? l : z; /* upper limit on table size */ - if ((f = 1 << (j = k - w)) > a + 1) /* try a k-w bit table */ - { /* too few codes for k-w bit table */ - DEBG1("2 "); - f -= a + 1; /* deduct codes from patterns left */ - xp = c + k; - if (j < z) - while (++j < z) /* try smaller tables up to z bits */ - { - if ((f <<= 1) <= *++xp) - break; /* enough codes to use up j bits */ - f -= *xp; /* else deduct codes from patterns */ - } - } - DEBG1("3 "); - z = 1 << j; /* table entries for j-bit table */ - - /* allocate and link in new table */ - if ((q = (struct huft *)malloc((z + 1)*sizeof(struct huft))) == - (struct huft *)NULL) - { - if (h) - huft_free(u[0]); - ret = 3; /* not enough memory */ - goto out; - } - DEBG1("4 "); - hufts += z + 1; /* track memory usage */ - *t = q + 1; /* link to list for huft_free() */ - *(t = &(q->v.t)) = (struct huft *)NULL; - u[h] = ++q; /* table starts after link */ - - DEBG1("5 "); - /* connect to last table, if there is one */ - if (h) - { - x[h] = i; /* save pattern for backing up */ - r.b = (uch)l; /* bits to dump before this table */ - r.e = (uch)(16 + j); /* bits in this table */ - r.v.t = q; /* pointer to this table */ - j = i >> (w - l); /* (get around Turbo C bug) */ - u[h-1][j] = r; /* connect to last table */ - } - DEBG1("6 "); - } - DEBG("h6c "); - - /* set up table entry in r */ - r.b = (uch)(k - w); - if (p >= v + n) - r.e = 99; /* out of values--invalid code */ - else if (*p < s) - { - r.e = (uch)(*p < 256 ? 16 : 15); /* 256 is end-of-block code */ - r.v.n = (ush)(*p); /* simple code is just the value */ - p++; /* one compiler does not like *p++ */ - } - else - { - r.e = (uch)e[*p - s]; /* non-simple--look up in lists */ - r.v.n = d[*p++ - s]; - } - DEBG("h6d "); - - /* fill code-like entries with r */ - f = 1 << (k - w); - for (j = i >> w; j < z; j += f) - q[j] = r; - - /* backwards increment the k-bit code i */ - for (j = 1 << (k - 1); i & j; j >>= 1) - i ^= j; - i ^= j; - - /* backup over finished tables */ - while ((i & ((1 << w) - 1)) != x[h]) - { - h--; /* don't need to update q */ - w -= l; - } - DEBG("h6e "); - } - DEBG("h6f "); - } - - DEBG("huft7 "); - - /* Return true (1) if we were given an incomplete table */ - ret = y != 0 && g != 1; - - out: - free(stk); - return ret; -} - - - -static int __init huft_free( - struct huft *t /* table to free */ - ) -/* Free the malloc'ed tables built by huft_build(), which makes a linked - list of the tables it made, with the links in a dummy first entry of - each table. */ -{ - register struct huft *p, *q; - - - /* Go through linked list, freeing from the malloced (t[-1]) address. */ - p = t; - while (p != (struct huft *)NULL) - { - q = (--p)->v.t; - free((char*)p); - p = q; - } - return 0; -} - - -static int __init inflate_codes( - struct huft *tl, /* literal/length decoder tables */ - struct huft *td, /* distance decoder tables */ - int bl, /* number of bits decoded by tl[] */ - int bd /* number of bits decoded by td[] */ - ) -/* inflate (decompress) the codes in a deflated (compressed) block. - Return an error code or zero if it all goes ok. */ -{ - register unsigned e; /* table entry flag/number of extra bits */ - unsigned n, d; /* length and index for copy */ - unsigned w; /* current window position */ - struct huft *t; /* pointer to table entry */ - unsigned ml, md; /* masks for bl and bd bits */ - register ulg b; /* bit buffer */ - register unsigned k; /* number of bits in bit buffer */ - - - /* make local copies of globals */ - b = bb; /* initialize bit buffer */ - k = bk; - w = wp; /* initialize window position */ - - /* inflate the coded data */ - ml = mask_bits[bl]; /* precompute masks for speed */ - md = mask_bits[bd]; - for (;;) /* do until end of block */ - { - NEEDBITS((unsigned)bl) - if ((e = (t = tl + ((unsigned)b & ml))->e) > 16) - do { - if (e == 99) - return 1; - DUMPBITS(t->b) - e -= 16; - NEEDBITS(e) - } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); - DUMPBITS(t->b) - if (e == 16) /* then it's a literal */ - { - slide[w++] = (uch)t->v.n; - Tracevv((stderr, "%c", slide[w-1])); - if (w == WSIZE) - { - flush_output(w); - w = 0; - } - } - else /* it's an EOB or a length */ - { - /* exit if end of block */ - if (e == 15) - break; - - /* get length of block to copy */ - NEEDBITS(e) - n = t->v.n + ((unsigned)b & mask_bits[e]); - DUMPBITS(e); - - /* decode distance of block to copy */ - NEEDBITS((unsigned)bd) - if ((e = (t = td + ((unsigned)b & md))->e) > 16) - do { - if (e == 99) - return 1; - DUMPBITS(t->b) - e -= 16; - NEEDBITS(e) - } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); - DUMPBITS(t->b) - NEEDBITS(e) - d = w - t->v.n - ((unsigned)b & mask_bits[e]); - DUMPBITS(e) - Tracevv((stderr,"\\[%d,%d]", w-d, n)); - - /* do the copy */ - do { - n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e); -#if !defined(NOMEMCPY) && !defined(DEBUG) - if (w - d >= e) /* (this test assumes unsigned comparison) */ - { - memcpy(slide + w, slide + d, e); - w += e; - d += e; - } - else /* do it slow to avoid memcpy() overlap */ -#endif /* !NOMEMCPY */ - do { - slide[w++] = slide[d++]; - Tracevv((stderr, "%c", slide[w-1])); - } while (--e); - if (w == WSIZE) - { - flush_output(w); - w = 0; - } - } while (n); - } - } - - - /* restore the globals from the locals */ - wp = w; /* restore global window pointer */ - bb = b; /* restore global bit buffer */ - bk = k; - - /* done */ - return 0; - - underrun: - return 4; /* Input underrun */ -} - - - -static int __init inflate_stored(void) -/* "decompress" an inflated type 0 (stored) block. */ -{ - unsigned n; /* number of bytes in block */ - unsigned w; /* current window position */ - register ulg b; /* bit buffer */ - register unsigned k; /* number of bits in bit buffer */ - - DEBG(""); - return 0; - - underrun: - return 4; /* Input underrun */ -} - - -/* - * We use `noinline' here to prevent gcc-3.5 from using too much stack space - */ -static int noinline __init inflate_fixed(void) -/* decompress an inflated type 1 (fixed Huffman codes) block. We should - either replace this with a custom decoder, or at least precompute the - Huffman tables. */ -{ - int i; /* temporary variable */ - struct huft *tl; /* literal/length code table */ - struct huft *td; /* distance code table */ - int bl; /* lookup bits for tl */ - int bd; /* lookup bits for td */ - unsigned *l; /* length list for huft_build */ - - DEBG(" 1) - { - huft_free(tl); - free(l); - - DEBG(">"); - return i; - } - - - /* decompress until an end-of-block code */ - if (inflate_codes(tl, td, bl, bd)) { - free(l); - return 1; - } - - /* free the decoding tables, return */ - free(l); - huft_free(tl); - huft_free(td); - return 0; -} - - -/* - * We use `noinline' here to prevent gcc-3.5 from using too much stack space - */ -static int noinline __init inflate_dynamic(void) -/* decompress an inflated type 2 (dynamic Huffman codes) block. */ -{ - int i; /* temporary variables */ - unsigned j; - unsigned l; /* last length */ - unsigned m; /* mask for bit lengths table */ - unsigned n; /* number of lengths to get */ - struct huft *tl; /* literal/length code table */ - struct huft *td; /* distance code table */ - int bl; /* lookup bits for tl */ - int bd; /* lookup bits for td */ - unsigned nb; /* number of bit length codes */ - unsigned nl; /* number of literal/length codes */ - unsigned nd; /* number of distance codes */ - unsigned *ll; /* literal/length and distance code lengths */ - register ulg b; /* bit buffer */ - register unsigned k; /* number of bits in bit buffer */ - int ret; - - DEBG(" 288 || nd > 32) -#else - if (nl > 286 || nd > 30) -#endif - { - ret = 1; /* bad lengths */ - goto out; - } - - DEBG("dyn1 "); - - /* read in bit-length-code lengths */ - for (j = 0; j < nb; j++) - { - NEEDBITS(3) - ll[border[j]] = (unsigned)b & 7; - DUMPBITS(3) - } - for (; j < 19; j++) - ll[border[j]] = 0; - - DEBG("dyn2 "); - - /* build decoding table for trees--single level, 7 bit lookup */ - bl = 7; - if ((i = huft_build(ll, 19, 19, NULL, NULL, &tl, &bl)) != 0) - { - if (i == 1) - huft_free(tl); - ret = i; /* incomplete code set */ - goto out; - } - - DEBG("dyn3 "); - - /* read in literal and distance code lengths */ - n = nl + nd; - m = mask_bits[bl]; - i = l = 0; - while ((unsigned)i < n) - { - NEEDBITS((unsigned)bl) - j = (td = tl + ((unsigned)b & m))->b; - DUMPBITS(j) - j = td->v.n; - if (j < 16) /* length of code in bits (0..15) */ - ll[i++] = l = j; /* save last length in l */ - else if (j == 16) /* repeat last length 3 to 6 times */ - { - NEEDBITS(2) - j = 3 + ((unsigned)b & 3); - DUMPBITS(2) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } - while (j--) - ll[i++] = l; - } - else if (j == 17) /* 3 to 10 zero length codes */ - { - NEEDBITS(3) - j = 3 + ((unsigned)b & 7); - DUMPBITS(3) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } - while (j--) - ll[i++] = 0; - l = 0; - } - else /* j == 18: 11 to 138 zero length codes */ - { - NEEDBITS(7) - j = 11 + ((unsigned)b & 0x7f); - DUMPBITS(7) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } - while (j--) - ll[i++] = 0; - l = 0; - } - } - - DEBG("dyn4 "); - - /* free decoding table for trees */ - huft_free(tl); - - DEBG("dyn5 "); - - /* restore the global bit buffer */ - bb = b; - bk = k; - - DEBG("dyn5a "); - - /* build the decoding tables for literal/length and distance codes */ - bl = lbits; - if ((i = huft_build(ll, nl, 257, cplens, cplext, &tl, &bl)) != 0) - { - DEBG("dyn5b "); - if (i == 1) { - error("incomplete literal tree"); - huft_free(tl); - } - ret = i; /* incomplete code set */ - goto out; - } - DEBG("dyn5c "); - bd = dbits; - if ((i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &td, &bd)) != 0) - { - DEBG("dyn5d "); - if (i == 1) { - error("incomplete distance tree"); -#ifdef PKZIP_BUG_WORKAROUND - i = 0; - } -#else - huft_free(td); - } - huft_free(tl); - ret = i; /* incomplete code set */ - goto out; -#endif -} - -DEBG("dyn6 "); - - /* decompress until an end-of-block code */ -if (inflate_codes(tl, td, bl, bd)) { - ret = 1; - goto out; -} - -DEBG("dyn7 "); - - /* free the decoding tables, return */ -huft_free(tl); -huft_free(td); - -DEBG(">"); -ret = 0; -out: -free(ll); -return ret; - -underrun: -ret = 4; /* Input underrun */ -goto out; -} - - - -static int __init inflate_block( -int *e /* last block flag */ -) -/* decompress an inflated block */ -{ -unsigned t; /* block type */ -register ulg b; /* bit buffer */ -register unsigned k; /* number of bits in bit buffer */ - -DEBG(""); - - /* bad block type */ - return 2; - - underrun: - return 4; /* Input underrun */ -} - - - -static int __init inflate(void) -/* decompress an inflated entry */ -{ - int e; /* last block flag */ - int r; /* result code */ - unsigned h; /* maximum struct huft's malloc'ed */ - - /* initialize window, bit buffer */ - wp = 0; - bk = 0; - bb = 0; - - - /* decompress until the last block */ - h = 0; - do { - hufts = 0; -#ifdef ARCH_HAS_DECOMP_WDOG - arch_decomp_wdog(); -#endif - r = inflate_block(&e); - if (r) - return r; - if (hufts > h) - h = hufts; - } while (!e); - - /* Undo too much lookahead. The next read will be byte aligned so we - * can discard unused bits in the last meaningful byte. - */ - while (bk >= 8) { - bk -= 8; - inptr--; - } - - /* flush out slide */ - flush_output(wp); - - - /* return success */ -#ifdef DEBUG - fprintf(stderr, "<%u> ", h); -#endif /* DEBUG */ - return 0; -} - -/********************************************************************** - * - * The following are support routines for inflate.c - * - **********************************************************************/ - -static ulg __initdata crc_32_tab[256]; -static ulg __initdata crc; /* initialized in makecrc() so it'll reside in bss */ -#define CRC_VALUE (crc ^ 0xffffffffUL) - -/* - * Code to compute the CRC-32 table. Borrowed from - * gzip-1.0.3/makecrc.c. - */ - -static void __init -makecrc(void) -{ -/* Not copyrighted 1990 Mark Adler */ - - unsigned long c; /* crc shift register */ - unsigned long e; /* polynomial exclusive-or pattern */ - int i; /* counter for all possible eight bit values */ - int k; /* byte being shifted into crc apparatus */ - - /* terms of polynomial defining this crc (except x^32): */ - static const int p[] = {0,1,2,4,5,7,8,10,11,12,16,22,23,26}; - - /* Make exclusive-or pattern from polynomial */ - e = 0; - for (i = 0; i < sizeof(p)/sizeof(int); i++) - e |= 1L << (31 - p[i]); - - crc_32_tab[0] = 0; - - for (i = 1; i < 256; i++) - { - c = 0; - for (k = i | 256; k != 1; k >>= 1) - { - c = c & 1 ? (c >> 1) ^ e : c >> 1; - if (k & 1) - c ^= e; - } - crc_32_tab[i] = c; - } - - /* this is initialized here so this code could reside in ROM */ - crc = (ulg)0xffffffffUL; /* shift register contents */ -} - -/* gzip flag byte */ -#define ASCII_FLAG 0x01 /* bit 0 set: file probably ASCII text */ -#define CONTINUATION 0x02 /* bit 1 set: continuation of multi-part gzip file */ -#define EXTRA_FIELD 0x04 /* bit 2 set: extra field present */ -#define ORIG_NAME 0x08 /* bit 3 set: original file name present */ -#define COMMENT 0x10 /* bit 4 set: file comment present */ -#define ENCRYPTED 0x20 /* bit 5 set: file is encrypted */ -#define RESERVED 0xC0 /* bit 6,7: reserved */ - -/* - * Do the uncompression! - */ -static int __init gunzip(void) -{ - uch flags; - unsigned char magic[2]; /* magic header */ - char method; - ulg orig_crc = 0; /* original crc */ - ulg orig_len = 0; /* original uncompressed length */ - int res; - - magic[0] = NEXTBYTE(); - magic[1] = NEXTBYTE(); - method = NEXTBYTE(); - - if (magic[0] != 037 || /* octal-ok */ - ((magic[1] != 0213) && (magic[1] != 0236))) { /* octal-ok */ - error("bad gzip magic numbers"); - return -1; - } - - /* We only support method #8, DEFLATED */ - if (method != 8) { - error("internal error, invalid method"); - return -1; - } - - flags = (uch)get_byte(); - if ((flags & ENCRYPTED) != 0) { - error("Input is encrypted"); - return -1; - } - if ((flags & CONTINUATION) != 0) { - error("Multi part input"); - return -1; - } - if ((flags & RESERVED) != 0) { - error("Input has invalid flags"); - return -1; - } - NEXTBYTE(); /* Get timestamp */ - NEXTBYTE(); - NEXTBYTE(); - NEXTBYTE(); - - (void)NEXTBYTE(); /* Ignore extra flags for the moment */ - (void)NEXTBYTE(); /* Ignore OS type for the moment */ - - if ((flags & EXTRA_FIELD) != 0) { - unsigned len = (unsigned)NEXTBYTE(); - len |= ((unsigned)NEXTBYTE())<<8; - while (len--) (void)NEXTBYTE(); - } - - /* Get original file name if it was truncated */ - if ((flags & ORIG_NAME) != 0) { - /* Discard the old name */ - while (NEXTBYTE() != 0) /* null */ ; - } - - /* Discard file comment if any */ - if ((flags & COMMENT) != 0) { - while (NEXTBYTE() != 0) /* null */ ; - } - - /* Decompress */ - if ((res = inflate())) { - switch (res) { - case 0: - break; - case 1: - error("invalid compressed format (err=1)"); - break; - case 2: - error("invalid compressed format (err=2)"); - break; - case 3: - error("out of memory"); - break; - case 4: - error("out of input data"); - break; - default: - error("invalid compressed format (other)"); - } - return -1; - } - - /* Get the crc and original length */ - /* crc32 (see algorithm.doc) - * uncompressed input size modulo 2^32 - */ - orig_crc = (ulg) NEXTBYTE(); - orig_crc |= (ulg) NEXTBYTE() << 8; - orig_crc |= (ulg) NEXTBYTE() << 16; - orig_crc |= (ulg) NEXTBYTE() << 24; - - orig_len = (ulg) NEXTBYTE(); - orig_len |= (ulg) NEXTBYTE() << 8; - orig_len |= (ulg) NEXTBYTE() << 16; - orig_len |= (ulg) NEXTBYTE() << 24; - - /* Validate decompression */ - if (orig_crc != CRC_VALUE) { - error("crc error"); - return -1; - } - if (orig_len != bytes_out) { - error("length error"); - return -1; - } - return 0; - - underrun: /* NEXTBYTE() goto's here if needed */ - error("out of input data"); - return -1; -} -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 12 14:55:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 12 Apr 2024 14:55:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.704751.1101296 (Exim 4.92) (envelope-from ) id 1rvIJ8-0003jd-FV; Fri, 12 Apr 2024 14:55:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 704751.1101296; Fri, 12 Apr 2024 14:55:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rvIJ8-0003jV-CC; Fri, 12 Apr 2024 14:55:14 +0000 Received: by outflank-mailman (input) for mailman id 704751; Fri, 12 Apr 2024 14:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rvIJ8-0003jP-1e for xen-changelog@lists.xenproject.org; Fri, 12 Apr 2024 14:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rvIJ7-0006jx-Ro for xen-changelog@lists.xenproject.org; Fri, 12 Apr 2024 14:55:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rvIJ7-0000Gn-Qn for xen-changelog@lists.xenproject.org; Fri, 12 Apr 2024 14:55:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bzNXUxm7E7Bjb5MShqIGKwM+OzwqyNfixnpTxHth3BE=; b=BtF7KvvTr4XMdhTzJw9HhX+B2p i2dvkrESccs/bLD17keiYdkzPtDUDA1drm0V+ljXFIWEjMkAmHGbPDHJdVBZ8AZFOv/ddD0KUo+/r 2OSYQm6zt6d7DMBSMToaFfYK1UFYW+DrWfJMnX8nprtOQ95vGFsMInXF1PMN+iOetsg0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs/hypercall-abi: State that the hypercall page is optional Message-Id: Date: Fri, 12 Apr 2024 14:55:13 +0000 commit c0f890cd9d5fd2c17a1e3110cb26f98c90ce8429 Author: Andrew Cooper AuthorDate: Thu Apr 11 15:37:57 2024 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 12 15:50:28 2024 +0100 docs/hypercall-abi: State that the hypercall page is optional Xen doesn't care (and indeed, cannot feasibly tell) whether a hypercall was initiated using the hypercall page or not. For SEV-SNP/TDX encrypted VMs, use of a hypercall page would violate the integrity properties wanted. Explicitly state that the hypercall page is optional. Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini --- docs/guest-guide/x86/hypercall-abi.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/guest-guide/x86/hypercall-abi.rst b/docs/guest-guide/x86/hypercall-abi.rst index 83890e1cb6..8004122ca4 100644 --- a/docs/guest-guide/x86/hypercall-abi.rst +++ b/docs/guest-guide/x86/hypercall-abi.rst @@ -79,7 +79,8 @@ Hypercall Page ============== The hypercall page is a page of guest RAM into which Xen will write suitable -transfer stubs. +transfer stubs. It is intended as a convenience for guests, but use of the +hypercall page is not mandatory for making hypercalls to Xen. Creating a hypercall page is an isolated operation from Xen's point of view. It is the guests responsibility to ensure that the hypercall page, once -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 15 10:33:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 15 Apr 2024 10:33:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.706010.1102990 (Exim 4.92) (envelope-from ) id 1rwJe4-00015n-PM; Mon, 15 Apr 2024 10:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 706010.1102990; Mon, 15 Apr 2024 10:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwJe4-00015f-Ms; Mon, 15 Apr 2024 10:33:04 +0000 Received: by outflank-mailman (input) for mailman id 706010; Mon, 15 Apr 2024 10:33:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwJe3-00015Z-Rx for xen-changelog@lists.xenproject.org; Mon, 15 Apr 2024 10:33:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwJe3-0001k5-Mq for xen-changelog@lists.xenproject.org; Mon, 15 Apr 2024 10:33:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwJe3-0007e4-Lp for xen-changelog@lists.xenproject.org; Mon, 15 Apr 2024 10:33:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=l+tx1uJ6JTlywzTjJ5rEEm1aECJrK6dYxnIIBYrzLo4=; b=W6qYVIgFIB/e7ov780eKqf/8UG a/W8o8EOlDCu5aeK/fspI90YTpY16mv9NHvGyXrquXWhdosrTzlfRzhGgjg9Zwy0UA2CYDDZfQTlw TdtK8TNW6Wo+agc70u4VQVZ4mDnQpMPRgW/kxCyVfgKAd/nZgEBP9CUOkG22Ep33J4bg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/vmx: prevent fallthrough in vmx_set_reg() for handled registers Message-Id: Date: Mon, 15 Apr 2024 10:33:03 +0000 commit cd2df4561edef2c104f46f8d0998e8ccefdf9c5e Author: Roger Pau Monné AuthorDate: Mon Apr 15 11:22:31 2024 +0100 Commit: Andrew Cooper CommitDate: Mon Apr 15 11:26:00 2024 +0100 x86/vmx: prevent fallthrough in vmx_set_reg() for handled registers vmx_set_reg() logic is split into two parts, the top one handles registers that don't require loading the VMCS into context (ie: don't require a VMWRITE). The second half handles registers that do require the VMCS to be loaded. SPEC_CTRL MSR is handled differently depending on whether there's support for virtualize SPEC_CTRL. Without hardware help for virtualizing SPEC_CTRL the value is handled using MSR load lists, that don't require the VMCS to be loaded. When there's hardware assistance however the value is stored in the VMCS, and requires a VMWRITE. The lack of a return statement when handling SPEC_CTRL in the first half of the function leads to SPEC_CTRL being unconditionally handled as if the host had virtualize SPEC_CTRL, which means Xen will either hit an ASSERT in debug builds, or will attempt to perform a VMWRITE to an unhandled VMCS field if the host doesn't support the virtualize SPEC_CTRL feature. This bug occured because the context wasn't adjusted accordingly to account for the absence commit 0626219dcc6a ("x86/hvm: Drop hvm_{get,set}_guest_bndcfgs() and use {get,set}_regs() instead") in the 4.15 and 4.16 branches. Fix by returning early from the function if the register is handled without requiring the VMCS context to be loaded. Fixes: 295bf24af77c ('x86/vmx: Add support for virtualize SPEC_CTRL') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper --- xen/arch/x86/hvm/vmx/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 0041fdc88b..d5112c8ecf 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2663,7 +2663,7 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) __func__, v, reg, rc); domain_crash(d); } - break; + return; } /* Logic which maybe requires remote VMCS acquisition. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Mon Apr 15 10:33:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 15 Apr 2024 10:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.706011.1102994 (Exim 4.92) (envelope-from ) id 1rwJeF-00019E-R0; Mon, 15 Apr 2024 10:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 706011.1102994; Mon, 15 Apr 2024 10:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwJeF-000196-OL; Mon, 15 Apr 2024 10:33:15 +0000 Received: by outflank-mailman (input) for mailman id 706011; Mon, 15 Apr 2024 10:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwJeE-00018s-3U for xen-changelog@lists.xenproject.org; Mon, 15 Apr 2024 10:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwJeE-0001kE-2g for xen-changelog@lists.xenproject.org; Mon, 15 Apr 2024 10:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwJeE-0007fJ-1k for xen-changelog@lists.xenproject.org; Mon, 15 Apr 2024 10:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JBtQN9t4HYuxoRIjstKVpkSocDTjbUMDxeNjCtXY4x0=; b=OnJLrvktQot8OwMxXmwiYKlpm1 ylYPmQVD4mwWN7Fqrv/37JnAfLlA+YkwlK4kni9oWKG6kxI8SZyqmv0UVEPd6lEJ4FBcNiqwAyJxZ kmD/7u7lFb1n+b/FPaKyf5R3vKkaFV7BskusRgwM+au0dyiXWsQK3YeqIUBGOtuuB3Gw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/entry: Fix build with older toolchains Message-Id: Date: Mon, 15 Apr 2024 10:33:14 +0000 commit ab125048b9ba462ce70b8dceb28c90fcac9675c3 Author: Andrew Cooper AuthorDate: Tue Apr 9 21:39:51 2024 +0100 Commit: Andrew Cooper CommitDate: Mon Apr 15 11:27:31 2024 +0100 x86/entry: Fix build with older toolchains Binutils older than 2.29 doesn't know INCSSPD. Fixes: 8e186f98ce0e ("x86: Use indirect calls in reset-stack infrastructure") Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini (cherry picked from commit a9fa82500818a8d8ce5f2843f1577bd2c29d088e) --- xen/arch/x86/x86_64/entry.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index e677071610..968176124f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -589,7 +589,9 @@ ENTRY(continue_pv_domain) * JMPed to. Drop the return address. */ add $8, %rsp +#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK +#endif call check_wakeup_from_wait ret_from_intr: -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Mon Apr 15 10:33:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 15 Apr 2024 10:33:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.706012.1102998 (Exim 4.92) (envelope-from ) id 1rwJeP-0001C0-SW; Mon, 15 Apr 2024 10:33:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 706012.1102998; Mon, 15 Apr 2024 10:33:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwJeP-0001Bs-Pv; Mon, 15 Apr 2024 10:33:25 +0000 Received: by outflank-mailman (input) for mailman id 706012; Mon, 15 Apr 2024 10:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwJeO-0001Bf-6X for xen-changelog@lists.xenproject.org; Mon, 15 Apr 2024 10:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwJeO-0001kb-5o for xen-changelog@lists.xenproject.org; Mon, 15 Apr 2024 10:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwJeO-0007fx-4q for xen-changelog@lists.xenproject.org; Mon, 15 Apr 2024 10:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=POWZmepH60Lg8+o6RvnXVdpe3wACfZJyQSOpuupICrA=; b=ciET7oR7GgXPrOjCNfBJwUXtzt r2ZcWjThN5nDcuMFjiVPDnkKGij229dcWNfwK3zIZWFNx/FksLvYmxsVVYO5DcD0lXldhHhDY4AJt IPQ9s6l48g+KPYMcdDYoOObhi0HxJvXY+NxrZhjL8A+U/JxNV55p4+EoTX2BNAevFy0k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/vmx: prevent fallthrough in vmx_set_reg() for handled registers Message-Id: Date: Mon, 15 Apr 2024 10:33:24 +0000 commit 0a1c1a01a8028a929d460a966c8f8e7384f5b3a6 Author: Roger Pau Monné AuthorDate: Mon Apr 15 11:22:31 2024 +0100 Commit: Andrew Cooper CommitDate: Mon Apr 15 11:28:15 2024 +0100 x86/vmx: prevent fallthrough in vmx_set_reg() for handled registers vmx_set_reg() logic is split into two parts, the top one handles registers that don't require loading the VMCS into context (ie: don't require a VMWRITE). The second half handles registers that do require the VMCS to be loaded. SPEC_CTRL MSR is handled differently depending on whether there's support for virtualize SPEC_CTRL. Without hardware help for virtualizing SPEC_CTRL the value is handled using MSR load lists, that don't require the VMCS to be loaded. When there's hardware assistance however the value is stored in the VMCS, and requires a VMWRITE. The lack of a return statement when handling SPEC_CTRL in the first half of the function leads to SPEC_CTRL being unconditionally handled as if the host had virtualize SPEC_CTRL, which means Xen will either hit an ASSERT in debug builds, or will attempt to perform a VMWRITE to an unhandled VMCS field if the host doesn't support the virtualize SPEC_CTRL feature. This bug occured because the context wasn't adjusted accordingly to account for the absence commit 0626219dcc6a ("x86/hvm: Drop hvm_{get,set}_guest_bndcfgs() and use {get,set}_regs() instead") in the 4.15 and 4.16 branches. Fix by returning early from the function if the register is handled without requiring the VMCS context to be loaded. Fixes: 295bf24af77c ('x86/vmx: Add support for virtualize SPEC_CTRL') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper (cherry picked from commit cd2df4561edef2c104f46f8d0998e8ccefdf9c5e) --- xen/arch/x86/hvm/vmx/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index c4d401b56b..3b7a57233b 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2524,7 +2524,7 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) __func__, v, reg, rc); domain_crash(d); } - break; + return; } /* Logic which maybe requires remote VMCS acquisition. */ -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 16 19:22:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 16 Apr 2024 19:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707088.1104586 (Exim 4.92) (envelope-from ) id 1rwoNa-0001aE-1V; Tue, 16 Apr 2024 19:22:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707088.1104586; Tue, 16 Apr 2024 19:22:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwoNZ-0001a6-Uz; Tue, 16 Apr 2024 19:22:05 +0000 Received: by outflank-mailman (input) for mailman id 707088; Tue, 16 Apr 2024 19:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwoNY-0001Zv-6d for xen-changelog@lists.xenproject.org; Tue, 16 Apr 2024 19:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwoNY-0001x4-3e for xen-changelog@lists.xenproject.org; Tue, 16 Apr 2024 19:22:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwoNY-0003OC-2c for xen-changelog@lists.xenproject.org; Tue, 16 Apr 2024 19:22:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XNNl2cH8aEY5yTIhSWUxJ4QtxWVcLf2C/L35VCyjjao=; b=2b+FYN2d9MBskyPEqzdfDFi0bi npu+Kevq0OpLnpEH9M5ch/77cY1j1z1kswUB5jUdHpp2lLnZi4HIXKPROka+Dd/x0HEvBoM8MBsLF O3LyKOKXnSPCfakspdXTA0nfo4aLymrlc9I5O8YMV7n4lBde0beGDLU32FYebrQBwkkw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs/misra/rules.rst: add rule 5.5 Message-Id: Date: Tue, 16 Apr 2024 19:22:04 +0000 commit 487838f13ab3d3b6e0a85e982734732c14591000 Author: Stefano Stabellini AuthorDate: Thu Mar 14 17:35:03 2024 -0700 Commit: Stefano Stabellini CommitDate: Tue Apr 16 12:14:32 2024 -0700 docs/misra/rules.rst: add rule 5.5 Signed-off-by: Stefano Stabellini Acked-by: Bertrand Marquis --- docs/misra/rules.rst | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index 86f4ad0ab3..d3159af917 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -181,6 +181,21 @@ maintainers if you want to suggest a change. headers (xen/include/public/) are allowed to retain longer identifiers for backward compatibility. + * - `Rule 5.5 `_ + - Required + - Identifiers shall be distinct from macro names + - Macros expanding to their own name are allowed, e.g.:: + + #define x x + + Clashes between names of function-like macros and identifiers of + non-callable entities are allowed. Callable entities having an + identifier that is the same of the name of a + function-like macro are not allowed. Example (not allowed):: + + #define f(x, y) f(x, y) + void f(int x, int y); + * - `Rule 5.6 `_ - Required - A typedef name shall be a unique identifier -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 16 19:22:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 16 Apr 2024 19:22:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707089.1104590 (Exim 4.92) (envelope-from ) id 1rwoNk-0001bk-2n; Tue, 16 Apr 2024 19:22:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707089.1104590; Tue, 16 Apr 2024 19:22:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwoNk-0001bc-06; Tue, 16 Apr 2024 19:22:16 +0000 Received: by outflank-mailman (input) for mailman id 707089; Tue, 16 Apr 2024 19:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwoNi-0001bK-7l for xen-changelog@lists.xenproject.org; Tue, 16 Apr 2024 19:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwoNi-0001xB-73 for xen-changelog@lists.xenproject.org; Tue, 16 Apr 2024 19:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwoNi-0003PD-5h for xen-changelog@lists.xenproject.org; Tue, 16 Apr 2024 19:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jJ6SItg5XWsjtaOQ5KLp5KR6GkS0IvJRyg1nAX/+cqU=; b=hBO6RCcihA0Lo0U0tLXL5lB27n gyzVEhac7zorgEnrUP8Y1+ZlciuRPLwDMTqqtu24BIHH7JA6vrY8nFhWqpZUgABtyHjnAPxNPMpT1 uEdR91oOUyHi7mqT7rk1uaeIBOAnLstXYj/J9rLbTP4bEi8KpbXrqKm8lFmUUpt5g1s0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs/misra: add Rule 16.4 Message-Id: Date: Tue, 16 Apr 2024 19:22:14 +0000 commit ad363fb17d720f1ad047775e1d7b70158f546c46 Author: Stefano Stabellini AuthorDate: Thu Mar 14 14:50:21 2024 -0700 Commit: Stefano Stabellini CommitDate: Tue Apr 16 12:15:16 2024 -0700 docs/misra: add Rule 16.4 Signed-off-by: Stefano Stabellini Acked-by: Bertrand Marquis --- docs/misra/rules.rst | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index d3159af917..b7b447e152 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -494,6 +494,31 @@ maintainers if you want to suggest a change. - In addition to break, also other unconditional flow control statements such as continue, return, goto are allowed. + * - `Rule 16.4 `_ + - Required + - Every switch statement shall have a default label + - Switch statements with enums as controlling expression don't need + a default label as gcc -Wall enables -Wswitch which warns (and + breaks the build as we use -Werror) if one of the enum labels is + missing from the switch. + + Switch statements with integer types as controlling expression + should have a default label: + + - if the switch is expected to handle all possible cases + explicitly, then a default label shall be added to handle + unexpected error conditions, using BUG(), ASSERT(), WARN(), + domain_crash(), or other appropriate methods; + + - if the switch is expected to handle a subset of all possible + cases, then an empty default label shall be added with an + in-code comment on top of the default label with a reason and + when possible a more detailed explanation. Example:: + + default: + /* Notifier pattern */ + break; + * - `Rule 16.2 `_ - Required - A switch label shall only be used when the most closely-enclosing -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:11:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707166.1104744 (Exim 4.92) (envelope-from ) id 1rwvhZ-0008UB-B8; Wed, 17 Apr 2024 03:11:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707166.1104744; Wed, 17 Apr 2024 03:11:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvhZ-0008U3-8Z; Wed, 17 Apr 2024 03:11:13 +0000 Received: by outflank-mailman (input) for mailman id 707166; Wed, 17 Apr 2024 03:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvhY-0008Tv-Qa for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvhY-00019u-PP for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvhY-0003zv-O6 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=styRDy0m24bAOWhvgau2AySy87XMn+ZzPozUylDK1eM=; b=Yz7TgFCaw57sy7cDC98hI7WZwe pXiI5aP+O8F+VQ5ClVSW4VnVLTNydp/SgVAK72oRSrQmTJ+A0mRNPZoTvP5Oo+1t+f2NkINS7/vDb SW2s/B4HO9b1aH+cUTam5WV9JvRQRpt3q6lf4+7uTxwHyP7yIBYotwaen9KEMr5MlOzw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] hypercall_xlat_continuation: Replace BUG_ON with domain_crash Message-Id: Date: Wed, 17 Apr 2024 03:11:12 +0000 commit 9926e692c4afc40bcd66f8416ff6a1e93ce402f6 Author: Bjoern Doebel AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:49:40 2024 +0100 hypercall_xlat_continuation: Replace BUG_ON with domain_crash Instead of crashing the host in case of unexpected hypercall parameters, resort to only crashing the calling domain. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Bjoern Doebel Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/hypercall.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 133e9f221c..d292376b19 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -142,8 +142,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + domain_crash(current->domain, + "multicall (op %lu) bogus continuation arg%u (%#lx)\n", + mcs->call.op, i, nval); } else if ( id && *id == i ) { @@ -155,8 +157,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, mcs->call.args[i] = cval; ++rc; } - else - BUG_ON(mcs->call.args[i] != (unsigned int)mcs->call.args[i]); + else if ( mcs->call.args[i] != (unsigned int)mcs->call.args[i] ) + domain_crash(current->domain, + "multicall (op %lu) bad continuation arg%u (%#lx)\n", + mcs->call.op, i, mcs->call.args[i]); } } else @@ -182,8 +186,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, cval = va_arg(args, unsigned int); if ( cval == nval ) mask &= ~1U; - else - BUG_ON(nval == (unsigned int)nval); + else if ( nval == (unsigned int)nval ) + domain_crash(current->domain, + "hypercall (op %u) bogus continuation arg%u (%#lx)\n", + regs->eax, i, nval); } else if ( id && *id == i ) { @@ -195,8 +201,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, *reg = cval; ++rc; } - else - BUG_ON(*reg != (unsigned int)*reg); + else if ( *reg != (unsigned int)*reg ) + domain_crash(current->domain, + "hypercall (op %u) bad continuation arg%u (%#lx)\n", + regs->eax, i, *reg); } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:11:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707165.1104740 (Exim 4.92) (envelope-from ) id 1rwvhQ-0008Sj-9r; Wed, 17 Apr 2024 03:11:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707165.1104740; Wed, 17 Apr 2024 03:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvhQ-0008Sb-79; Wed, 17 Apr 2024 03:11:04 +0000 Received: by outflank-mailman (input) for mailman id 707165; Wed, 17 Apr 2024 03:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvhO-0008ST-SA for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvhO-00019n-Lx for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvhO-0003zF-Kx for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ndtNowyIGxepJpM6kNBX8ZkB4AuPnsqyeQ10fkga4K0=; b=lv4VsCtSTXX6LOZFya6AgLWJlo eNs/1qTDCg8Fc7BXFMDlPSEsACN8r08e+HXr9wPqQ6Zl6pZ6JBOLKe+uFuJ/Fwqpv+TqWDgLstrHb Pk4GJH4606k03gFWoJeE6XjSsshTH9dNNdTtb9jm5FGtRbIlL0QiEWDefU4XsICdm+X8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Message-Id: Date: Wed, 17 Apr 2024 03:11:02 +0000 commit 6a98383b0877bb66ebfe189da43bf81abe3d7909 Author: Jan Beulich AuthorDate: Wed Mar 27 17:31:38 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 12:49:40 2024 +0100 x86/HVM: clear upper halves of GPRs upon entry from 32-bit code Hypercalls in particular can be the subject of continuations, and logic there checks updated state against incoming register values. If the guest manufactured a suitable argument register with a non-zero upper half before entering compatibility mode and issuing a hypercall from there, checks in hypercall_xlat_continuation() might trip. Since for HVM we want to also be sure to not hit a corner case in the emulator, initiate the clipping right from the top of {svm,vmx}_vmexit_handler(). Also rename the invoked function, as it no longer does only invalidation of fields. Note that architecturally the upper halves of registers are undefined after a switch between compatibility and 64-bit mode (either direction). Hence once having entered compatibility mode, the guest can't assume the upper half of any register to retain its value. This is part of XSA-454 / CVE-2023-46842. Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op") Reported-by: Manuel Andreas Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné --- xen/arch/x86/hvm/svm/svm.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 6 +++++- xen/arch/x86/include/asm/hvm/hvm.h | 18 +++++++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 6a47c5915c..a745acd903 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2546,7 +2546,8 @@ void asmlinkage svm_vmexit_handler(void) regs->rsp = vmcb->rsp; regs->rflags = vmcb->rflags; - hvm_invalidate_regs_fields(regs); + hvm_sanitize_regs_fields( + regs, !(vmcb_get_efer(vmcb) & EFER_LMA) || !(vmcb->cs.l)); if ( paging_mode_hap(v->domain) ) v->arch.hvm.guest_cr[3] = v->arch.hvm.hw_cr[3] = vmcb_get_cr3(vmcb); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 23bdf0d195..319a37b745 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -4033,6 +4033,7 @@ static void undo_nmis_unblocked_by_iret(void) void asmlinkage vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; + unsigned long cs_ar_bytes = 0; unsigned int vector = 0; struct vcpu *v = current; struct domain *currd = v->domain; @@ -4041,7 +4042,10 @@ void asmlinkage vmx_vmexit_handler(struct cpu_user_regs *regs) __vmread(GUEST_RSP, ®s->rsp); __vmread(GUEST_RFLAGS, ®s->rflags); - hvm_invalidate_regs_fields(regs); + if ( hvm_long_mode_active(v) ) + __vmread(GUEST_CS_AR_BYTES, &cs_ar_bytes); + + hvm_sanitize_regs_fields(regs, !(cs_ar_bytes & X86_SEG_AR_CS_LM_ACTIVE)); if ( paging_mode_hap(v->domain) ) { diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 87a6935d97..595253babe 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -569,8 +569,24 @@ static inline unsigned int hvm_get_insn_bytes(struct vcpu *v, uint8_t *buf) ? alternative_call(hvm_funcs.get_insn_bytes, v, buf) : 0); } -static inline void hvm_invalidate_regs_fields(struct cpu_user_regs *regs) +static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, + bool compat) { + if ( compat ) + { + /* Clear GPR upper halves, to counteract guests playing games. */ + regs->rbp = (uint32_t)regs->ebp; + regs->rbx = (uint32_t)regs->ebx; + regs->rax = (uint32_t)regs->eax; + regs->rcx = (uint32_t)regs->ecx; + regs->rdx = (uint32_t)regs->edx; + regs->rsi = (uint32_t)regs->esi; + regs->rdi = (uint32_t)regs->edi; + regs->rip = (uint32_t)regs->eip; + regs->rflags = (uint32_t)regs->eflags; + regs->rsp = (uint32_t)regs->esp; + } + #ifndef NDEBUG regs->error_code = 0xbeef; regs->entry_vector = 0xbeef; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:11:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707167.1104748 (Exim 4.92) (envelope-from ) id 1rwvhj-00004y-CS; Wed, 17 Apr 2024 03:11:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707167.1104748; Wed, 17 Apr 2024 03:11:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvhj-00004q-A1; Wed, 17 Apr 2024 03:11:23 +0000 Received: by outflank-mailman (input) for mailman id 707167; Wed, 17 Apr 2024 03:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvhi-0008WQ-TK for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvhi-0001A5-SV for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvhi-00040O-RV for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MWgVIYcUj8VZSR2H4dHzcIdArPQpbR9eysouWk+M55w=; b=3VHnNPCbV0ohHf0btpQswKHIdX ccV4odHV+5qIxbCk3RdK9Lk4UHK0j5HAQfoWXU4OTc+PMKPai5fmJsLjAv78NroFQcQCeBOI8aKkh Sy/lKNNkIIxmLlbpo3Ejeish767A24TZ48539nlry9aGAnkWXtROL+TraqqFBPeWnQXA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/alternatives: fix .init section reference in _apply_alternatives() Message-Id: Date: Wed, 17 Apr 2024 03:11:22 +0000 commit 4be1fef1e6572c2be0bd378902ffb62a6e73faeb Author: Roger Pau Monné AuthorDate: Tue Apr 9 14:50:46 2024 +0200 Commit: Andrew Cooper CommitDate: Tue Apr 9 14:05:59 2024 +0100 x86/alternatives: fix .init section reference in _apply_alternatives() The code in _apply_alternatives() will unconditionally attempt to read __initdata_cf_clobber_{start,end} when called as part of applying alternatives to a livepatch payload when Xen is using IBT. That leads to a page-fault as __initdata_cf_clobber_{start,end} living in .init section will have been unmapped by the time a livepatch gets loaded. Fix by adding a check that limits the clobbering of endbr64 instructions to boot time only. Fixes: 37ed5da851b8 ('x86/altcall: Optimise away endbr64 instruction where possible') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper --- xen/arch/x86/alternative.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 21af0e8258..2e7ba6e0b8 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -326,7 +326,7 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, * Clobber endbr64 instructions now that altcall has finished optimising * all indirect branches to direct ones. */ - if ( force && cpu_has_xen_ibt ) + if ( force && cpu_has_xen_ibt && system_state < SYS_STATE_active ) { void *const *val; unsigned int clobbered = 0; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:11:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:11:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707168.1104751 (Exim 4.92) (envelope-from ) id 1rwvhu-00008E-E5; Wed, 17 Apr 2024 03:11:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707168.1104751; Wed, 17 Apr 2024 03:11:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvhu-000081-BT; Wed, 17 Apr 2024 03:11:34 +0000 Received: by outflank-mailman (input) for mailman id 707168; Wed, 17 Apr 2024 03:11:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvht-00007u-0H for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvhs-0001AH-Vm for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvhs-00040p-Uk for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Vb8CS9kTf+sL4KrLj7xqHTWONg2H4C4tCxPgvZBHufg=; b=oKsj/riq5HvjhL+KjNJzg7nIY3 7kv8OPCRgYd1dB6dW+XXEcdgRKh9WrSwuo86g1XT0U4BFNyAgXonQ6+FYlyxrmg1ZNMHUSBA2qqbE jb8hZIxZPYJfdcztcvZhoAU8tk014RMcv47e8Ufyyjoai5mg9LVX/1RcHTZUdL8qe/y0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests Message-Id: Date: Wed, 17 Apr 2024 03:11:32 +0000 commit 4b3da946ad7e3452761478ae683da842e7ff20d6 Author: Andrew Cooper AuthorDate: Tue Apr 9 15:03:05 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 15:26:27 2024 +0100 x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests All of these are prediction-mode (i.e. CPL) based. They don't operate as advertised in PV context. Fixes: 4dd676070684 ("x86/spec-ctrl: Expose IPRED_CTRL to guests") Fixes: 478e4787fa64 ("x86/spec-ctrl: Expose RRSBA_CTRL to guests") Fixes: 583f1d095052 ("x86/spec-ctrl: Expose BHI_CTRL to guests") Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- xen/include/public/arch-x86/cpufeatureset.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 3de7c0383f..6bb1ee3b0a 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -311,10 +311,10 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*S MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*S MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(DDP_CTRL, 13*32+ 3) /* MSR_SPEC_CTRL.DDP_DIS_U */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*S MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:11:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:11:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707169.1104756 (Exim 4.92) (envelope-from ) id 1rwvi4-0000BJ-Fe; Wed, 17 Apr 2024 03:11:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707169.1104756; Wed, 17 Apr 2024 03:11:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvi4-0000BA-Cy; Wed, 17 Apr 2024 03:11:44 +0000 Received: by outflank-mailman (input) for mailman id 707169; Wed, 17 Apr 2024 03:11:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvi3-0000Aw-3X for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvi3-0001AO-2n for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvi3-00041G-20 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KjpM8NNDZ2c2xyUoA+uW1fyOe9welUYmNQCN5f+njzE=; b=rVkBlfBPkkQ1Ag0AfJp9kug6cR wkfRyRe1M+LB6/OitpwI6GTP3kvfRJet2j7Ej1wnAiSuebSC7N6a+NhLieSn7FEiHYwFA4lgOBiXE /nXTS/qJecy093Bq/03NZfPBeBych5qP3j+tr+wsETirzq8/L5h37ZcPrFNRUiYlAs2s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Fix BTC/SRSO mitigations Message-Id: Date: Wed, 17 Apr 2024 03:11:43 +0000 commit 489d93cd0fdd9609ca0414d7efae51c381106dbc Author: Andrew Cooper AuthorDate: Tue Mar 26 22:47:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Fix BTC/SRSO mitigations We were looking for SCF_entry_ibpb in the wrong variable in the top-of-stack block, and xen_spec_ctrl won't have had bit 5 set because Xen doesn't understand SPEC_CTRL_RRSBA_DIS_U yet. This is XSA-455 / CVE-2024-31142. Fixes: 53a570b28569 ("x86/spec-ctrl: Support IBPB-on-entry") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 60b0b00ed0..071b3997b1 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 629518cc69..c19b39d8c2 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -90,7 +90,7 @@ jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) .endif jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:11:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:11:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707170.1104761 (Exim 4.92) (envelope-from ) id 1rwviE-0000FU-JR; Wed, 17 Apr 2024 03:11:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707170.1104761; Wed, 17 Apr 2024 03:11:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwviE-0000FI-Fw; Wed, 17 Apr 2024 03:11:54 +0000 Received: by outflank-mailman (input) for mailman id 707170; Wed, 17 Apr 2024 03:11:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwviD-0000F5-89 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwviD-0001Am-6R for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwviD-00041x-5Z for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:11:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YKWx0mc5L9QWtVwJM24l0XtlNXU46/h8ESgGJQUdTzM=; b=Lh5MOTByPZB+rWpRbL8Wtij0e7 H73uStUX4KcUkh2XJR/l+uq1MYrA1IA1JIbaHXknFG3t7hEOIO9kZvicT/yH7XRdrFiDT4WDB6H5y w0Am4s0Ig5vd9gsJkMgH7Ts88Zj1dsv0PNggKv4lQAmHWcgGMAR0FdEIGeXaaeWvuOsk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Rename spec_ctrl_flags to scf Message-Id: Date: Wed, 17 Apr 2024 03:11:53 +0000 commit c62673c4334b3372ebd4292a7ac8185357e7ea27 Author: Andrew Cooper AuthorDate: Thu Mar 28 11:57:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Rename spec_ctrl_flags to scf XSA-455 was ultimately caused by having fields with too-similar names. Both {xen,last}_spec_ctrl are fields containing an architectural MSR_SPEC_CTRL value. The spec_ctrl_flags field contains Xen-internal flags. To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which is also the prefix of the constants used by the fields. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 4 ++-- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/include/asm/current.h | 2 +- xen/arch/x86/include/asm/domain.h | 2 +- xen/arch/x86/include/asm/spec_ctrl.h | 16 ++++++++-------- xen/arch/x86/include/asm/spec_ctrl_asm.h | 22 +++++++++++----------- xen/arch/x86/setup.c | 2 +- xen/arch/x86/spec_ctrl.c | 18 +++++++++--------- xen/arch/x86/x86_64/asm-offsets.c | 2 +- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 2 +- 14 files changed, 44 insertions(+), 44 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 861d12aab0..c6fa810a6b 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,7 @@ static int enter_state(u32 state) ci = get_cpu_info(); /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_IST_MASK; + ci->scf &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,7 +290,7 @@ static int enter_state(u32 state) panic("Missing previously available feature(s)\n"); /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); + ci->scf |= (default_scf & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 33a2830d9d..9ab048b462 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2111,10 +2111,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the new spec_ctrl settings. */ - info->spec_ctrl_flags = - (info->spec_ctrl_flags & ~SCF_DOM_MASK) | - (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); + /* Update the top-of-stack block with the new speculation settings. */ + info->scf = + (info->scf & ~SCF_DOM_MASK) | + (nextd->arch.scf & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 071b3997b1..ecd4db4c41 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 1bead826ca..744cc5186a 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -111,7 +111,7 @@ UNLIKELY_END(realmode) BUILD_BUG_ON(SCF_verw & ~0xff) movzbl VCPU_vmx_launched(%rbx), %ecx shl $31, %ecx - movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax + movzbl CPUINFO_scf(%rsp), %eax and $SCF_verw, %eax or %eax, %ecx diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 6b4f004a3d..423d2963f7 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1374,7 +1374,7 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); - if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + if ( !rc && (d->arch.scf & SCF_entry_ibpb) ) rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, VMX_MSR_HOST); diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index 10950f36cc..8ba3574d59 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -57,7 +57,7 @@ struct cpu_info { unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; + uint8_t scf; /* SCF_* */ /* * The following field controls copying of the L4 page table of 64-bit diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h index 4bd78e3a6d..f5daeb182b 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -323,7 +323,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ + uint8_t scf; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 011ab1db27..ee3119e128 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -9,10 +9,10 @@ #define __X86_SPEC_CTRL_H__ /* - * Encoding of: - * cpuinfo.spec_ctrl_flags - * default_spec_ctrl_flags - * domain.spec_ctrl_flags + * Encoding of Xen's speculation control flags in: + * cpuinfo.scf + * default_scf + * domain.scf * * Live settings are in the top-of-stack block, because they need to be * accessable when XPTI is active. Some settings are fixed from boot, some @@ -82,7 +82,7 @@ extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; -extern uint8_t default_spec_ctrl_flags; +extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; @@ -102,7 +102,7 @@ static inline void init_shadow_spec_ctrl_state(void) info->shadow_spec_ctrl = 0; info->xen_spec_ctrl = default_xen_spec_ctrl; - info->spec_ctrl_flags = default_spec_ctrl_flags; + info->scf = default_scf; /* * For least latency, the VERW selector should be a writeable data @@ -126,7 +126,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) */ info->shadow_spec_ctrl = val; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); @@ -175,7 +175,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. */ - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index c19b39d8c2..8d9761cbe6 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -39,7 +39,7 @@ * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow - * boolean in the per cpu spec_ctrl_flags. The synchronous use is: + * boolean in the per cpu scf. The synchronous use is: * * 1) Store guest value in shadow_spec_ctrl * 2) Set the use_shadow boolean @@ -86,11 +86,11 @@ * interrupting Xen. */ .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) .endif jz .L\@_skip @@ -160,8 +160,8 @@ #define STK_REL(field, top_of_stk) ((field) - (top_of_stk)) .macro SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) + scf=STK_REL(CPUINFO_scf, CPUINFO_error_code), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) /* * Requires \scf and \sel as %rsp-relative expressions * Clobbers eflags @@ -216,10 +216,10 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else - andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + andb $~SCF_use_shadow, CPUINFO_scf(%rsp) movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax .endif @@ -238,7 +238,7 @@ mov %eax, CPUINFO_shadow_spec_ctrl(%rsp) /* Set SPEC_CTRL shadowing *before* loading the guest value. */ - orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + orb $SCF_use_shadow, CPUINFO_scf(%rsp) mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx @@ -316,7 +316,7 @@ * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -341,7 +341,7 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx @@ -375,7 +375,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs * Clobbers %rax, %rbx, %rcx, %rdx */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx testb $SCF_ist_sc_msr, %bl jz .L\@_skip_sc_msr diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index a21984b1cc..ac983ddc69 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2056,7 +2056,7 @@ void asmlinkage __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 6a889db70c..4b146bc28a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -57,7 +57,7 @@ static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; uint8_t __ro_after_init default_xen_spec_ctrl; -uint8_t __ro_after_init default_spec_ctrl_flags; +uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; bool __ro_after_init cpu_has_bug_l1tf; @@ -1105,7 +1105,7 @@ static void __init ibpb_calculations(void) * NMI/#MC, so can't interrupt Xen ahead of having already flushed the * BTB. */ - default_spec_ctrl_flags |= SCF_ist_ibpb; + default_scf |= SCF_ist_ibpb; } if ( opt_ibpb_entry_hvm ) setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); @@ -1606,7 +1606,7 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); - d->arch.spec_ctrl_flags = + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | 0; @@ -1711,7 +1711,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1722,7 +1722,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1857,7 +1857,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } /* @@ -1880,7 +1880,7 @@ void __init init_speculation_mitigations(void) * possible rogue RSB speculation. */ if ( !cpu_has_svm ) - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } srso_calculations(hw_smt_enabled); @@ -1893,7 +1893,7 @@ void __init init_speculation_mitigations(void) if ( opt_eager_fpu == -1 ) opt_eager_fpu = should_use_eager_fpu(); - /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ + /* (Re)init BSP state now that default_scf has been calculated. */ init_shadow_spec_ctrl_state(); /* @@ -2166,7 +2166,7 @@ void __init init_speculation_mitigations(void) { info->shadow_spec_ctrl = 0; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); } diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index d8903a3ce9..3fe21c21b9 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -155,7 +155,7 @@ void __dummy__(void) OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); - OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); + OFFSET(CPUINFO_scf, struct cpu_info, scf); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info)); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 631f4f272a..4ccee38905 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -162,8 +162,8 @@ FUNC(compat_restore_all_guest) /* Account for ev/ec having already been popped off the stack. */ SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) + scf=STK_REL(CPUINFO_scf, CPUINFO_rip), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) .Lft0: iretq _ASM_PRE_EXTABLE(.Lft0, handle_exception) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 7d686b7628..6f82cdeeaf 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -701,7 +701,7 @@ UNLIKELY_END(exit_cr3) /* * When the CPU pushed this exception frame, it zero-extended eflags. * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of - * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs, + * scf and ver_sel above eflags, as we can't use any GPRs, * and we're at a random place on the stack, not in a CPUFINFO block. * * Account for ev/ec having already been popped off the stack. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:12:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:12:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707173.1104774 (Exim 4.92) (envelope-from ) id 1rwviO-0000XC-09; Wed, 17 Apr 2024 03:12:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707173.1104774; Wed, 17 Apr 2024 03:12:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwviN-0000X0-Sr; Wed, 17 Apr 2024 03:12:03 +0000 Received: by outflank-mailman (input) for mailman id 707173; Wed, 17 Apr 2024 03:12:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwviN-0000Tq-BN for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwviN-0001BC-Ac for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwviN-00043w-8u for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qFh5V45wZp8/QoFwW7Ne4jm6yWQLpWZNUsZF9YCkJEE=; b=ojUgr9xqo/iNR+F+nIvt66l/Ue e2PAXJ3juItSH7BYUF2eQA0vWXBrfV7qEmXsHCuXfewZKL7dQtQ9letArcRm5LzS5HrolMJlgDG8h 6iwiHnRpXhHz3rnwUgzAq+/+RjLycSsHXLHoEhFKPRmHCtuq92lVTk06+eGPzOrsdUKM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Message-Id: Date: Wed, 17 Apr 2024 03:12:03 +0000 commit 94896de1a98c4289fe6fef9e16ef99fc6ef2efc4 Author: Andrew Cooper AuthorDate: Fri Mar 22 11:41:41 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Right now, we have a mix of safety strategies in different blocks, making the logic fragile and hard to follow. Start addressing this by having a safety LFENCE at the end of the blocks, which can be patched out if other safety criteria are met. This will allow us to simplify the sub-blocks. For SPEC_CTRL_ENTRY_FROM_IST, simply leave an LFENCE unconditionally at the end; the IST path is not a fast-path by any stretch of the imagination. For SPEC_CTRL_ENTRY_FROM_INTR, the existing description was incorrect. The IRET #GP path is non-fatal but can occur with the guest's choice of MSR_SPEC_CTRL. It is safe to skip the flush/barrier-like protections when interrupting Xen, but we must run DO_SPEC_CTRL_ENTRY irrespective. This will skip RSB stuffing which was previously unconditional even when interrupting Xen. AFAICT, this is a missing cleanup from commit 3fffaf9c13e9 ("x86/entry: Avoid using alternatives in NMI/#MC paths") where we split the IST entry path out of the main INTR entry path. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- xen/arch/x86/hvm/vmx/entry.S | 1 + xen/arch/x86/include/asm/cpufeatures.h | 4 +++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 27 +++++++++-------- xen/arch/x86/spec_ctrl.c | 52 ++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 744cc5186a..241ec5ce07 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -43,6 +43,7 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 7e8221fd85..6422c66b0f 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -52,5 +52,9 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_BUG_CLFLUSH_MFENCE X86_BUG( 2) /* MFENCE needed to serialise CLFLUSH */ #define X86_BUG_IBPB_NO_RET X86_BUG( 3) /* IBPB doesn't flush the RSB/RAS */ +#define X86_SPEC_NO_LFENCE_ENTRY_PV X86_BUG(16) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_PV. */ +#define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ +#define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 8d9761cbe6..ffa573ef0f 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -261,25 +261,37 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm /* * Used after an exception or maskable interrupt, hitting Xen or PV context. - * There will either be a guest speculation context, or (barring fatal - * exceptions) a well-formed Xen speculation context. + * There will either be a guest speculation context, or a well-formed Xen + * speculation context, with the exception of one case. IRET #GP handling may + * have a guest choice of MSR_SPEC_CTRL. + * + * Therefore, we can skip the flush/barrier-like protections when hitting Xen, + * but we must still run the mode-based protections. */ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rcx, %rdx */ + testb $3, UREGS_cs(%rsp) + jz .L\@_skip + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV +.L\@_skip: ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm /* @@ -348,18 +360,9 @@ movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr - /* Opencoded UNLIKELY_START() with no condition. */ -UNLIKELY_DISPATCH_LABEL(\@_serialise): - .subsection 1 - /* - * In the case that we might need to set SPEC_CTRL.IBRS for safety, we - * need to ensure that an attacker can't poison the `jz .L\@_skip_wrmsr` - * to speculate around the WRMSR. As a result, we need a dispatch - * serialising instruction in the else clause. - */ .L\@_skip_msr_spec_ctrl: + lfence - UNLIKELY_END(\@_serialise) .endm /* diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 4b146bc28a..c2be9889e3 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2142,6 +2142,58 @@ void __init init_speculation_mitigations(void) print_details(thunk); + /* + * With the alternative blocks now chosen, see if we need any other + * adjustments for safety. + * + * We compile the LFENCE in, and patch it out if it's not needed. + * + * Notes: + * - SPEC_CTRL_ENTRY_FROM_SVM doesn't need an LFENCE because it has an + * unconditional STGI. + * - SPEC_CTRL_ENTRY_FROM_IST handles its own safety, without the use of + * alternatives. + * - DO_OVERWRITE_RSB has conditional branches in it, but it's an inline + * sequence. It is considered safe for uarch reasons. + */ + { + /* + * SPEC_CTRL_ENTRY_FROM_PV conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we're not using any prior conditional mitigation, + * then it's safe to drop the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); + + /* + * SPEC_CTRL_ENTRY_FROM_INTR conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we have no protections active in the block that + * is skipped when interrupting guest context, then it's safe to drop + * the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); + + /* + * SPEC_CTRL_ENTRY_FROM_VMX conditional safety + * + * Currently there are no safety actions with conditional branches, so + * no need for the extra safety LFENCE. + */ + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + } + /* * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard * any firmware settings. For performance reasons, when safe to do so, we -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:12:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:12:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707175.1104777 (Exim 4.92) (envelope-from ) id 1rwviY-0000d3-1E; Wed, 17 Apr 2024 03:12:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707175.1104777; Wed, 17 Apr 2024 03:12:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwviX-0000cw-Um; Wed, 17 Apr 2024 03:12:13 +0000 Received: by outflank-mailman (input) for mailman id 707175; Wed, 17 Apr 2024 03:12:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwviX-0000cW-EG for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwviX-0001BQ-Db for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwviX-00045H-Cp for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xehh1z0u/SkLLE6MgyJBE9SpRO66YcyFKplbNHRwAQA=; b=oTrTfjjGBSQVQcQ+tanm+PHKM+ Z1zWE47zWy9VskU1ivmITYtzlKQCu1UZEojhIJYCkQyv0yiG+c0sIOBZdSYFaIvbQTYRpgYN82fH0 rqSQrcc3qtwo8tvr3+IsfVwr3fX0OIvtbXznNndr6L5OqxoH2kKIERtFnJXyyGiHTIa4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Message-Id: Date: Wed, 17 Apr 2024 03:12:13 +0000 commit 22390697bf1b4cd3024f2d10893dec3c3ec08a9c Author: Andrew Cooper AuthorDate: Fri Mar 22 15:52:06 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Other SPEC_CTRL_* paths already use %r14 like this, and it will allow for simplifications. All instances of SPEC_CTRL_ENTRY_FROM_PV are followed by a GET_STACK_END() invocation, so this change is only really logic and register shuffling. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/x86_64/compat/entry.S | 4 +++- xen/arch/x86/x86_64/entry.S | 44 +++++++++++++++++++++----------------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 4ccee38905..0a1dad8a50 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,6 +18,8 @@ FUNC(entry_int82) movb $HYPERCALL_VECTOR, EFRAME_entry_vector(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ @@ -25,7 +27,7 @@ FUNC(entry_int82) CR4_PV32_RESTORE /* Clob: ac */ - GET_CURRENT(bx) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov %rsp, %rdi call do_entry_int82 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 6f82cdeeaf..000710f314 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -265,21 +265,22 @@ FUNC(lstar_enter) movb $TRAP_syscall >> 8, EFRAME_entry_vector + 1(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Llstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Llstar_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx testb $TF_kernel_mode,VCPU_thread_flags(%rbx) jz switch_to_kernel @@ -304,23 +305,24 @@ FUNC(cstar_enter) movb $TRAP_syscall >> 8, EFRAME_entry_vector + 1(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lcstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lcstar_cr3_okay: sti CR4_PV32_RESTORE /* Clob: ac */ - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx #ifdef CONFIG_PV32 movq VCPU_domain(%rbx), %rcx @@ -347,23 +349,24 @@ LABEL(sysenter_eflags_saved, 0) movb $TRAP_syscall >> 8, EFRAME_entry_vector + 1(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lsyse_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl @@ -402,17 +405,18 @@ FUNC(entry_int80) movb $0x80, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lint80_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lint80_cr3_okay: sti @@ -422,7 +426,7 @@ UNLIKELY_START(ne, msi_check) call check_for_unexpected_msi UNLIKELY_END(msi_check) - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov VCPU_trap_ctxt(%rbx), %rsi mov VCPU_domain(%rbx), %rax -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:12:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:12:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707177.1104781 (Exim 4.92) (envelope-from ) id 1rwvij-0000qh-44; Wed, 17 Apr 2024 03:12:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707177.1104781; Wed, 17 Apr 2024 03:12:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvij-0000qa-1b; Wed, 17 Apr 2024 03:12:25 +0000 Received: by outflank-mailman (input) for mailman id 707177; Wed, 17 Apr 2024 03:12:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvih-0000oe-Jh for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvih-0001Bb-Gi for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvih-00045i-Fn for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LcAafxhNptNIzks2pT34M9f1TmNxrxcHc3Gtn+cNmSk=; b=PyQYfKx+NI3y6ytumIh/QWUqOd AsxuoiU35WHvKWP4BwKzA6zvN+y2UVZ7slZDzevFWsYAx5FChkvlgXzWwsVKylef1Kef0ZwpiD6lW fW+AsoFyinTwLl2IIqtSOtevbKDVFmW5lrNhOSH8Ty1oa0+HICupMN70Lj79SffJhrgs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} Message-Id: Date: Wed, 17 Apr 2024 03:12:23 +0000 commit 9607aeb6602b8ed9962404de3f5f90170ffddb66 Author: Andrew Cooper AuthorDate: Fri Mar 22 12:08:02 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} ... as we do in the exit paths too. This will allow simplification to the sub-blocks. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 10 +++++++--- xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++++------ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index ffa573ef0f..9d57478ac5 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -251,9 +251,11 @@ */ .macro SPEC_CTRL_ENTRY_FROM_PV /* - * Requires %rsp=regs/cpuinfo, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs/cpuinfo, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ X86_FEATURE_IBPB_ENTRY_PV @@ -277,8 +279,10 @@ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + testb $3, UREGS_cs(%rsp) jz .L\@_skip diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 0a1dad8a50..a99646c0cd 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,7 +20,7 @@ FUNC(entry_int82) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ sti diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 000710f314..715b0d415a 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -267,7 +267,7 @@ FUNC(lstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -307,7 +307,7 @@ FUNC(cstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -351,7 +351,7 @@ LABEL(sysenter_eflags_saved, 0) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ @@ -407,7 +407,7 @@ FUNC(entry_int80) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -723,7 +723,7 @@ FUNC(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -759,7 +759,7 @@ FUNC(handle_exception, 0) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:12:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:12:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707179.1104786 (Exim 4.92) (envelope-from ) id 1rwvit-0000wF-60; Wed, 17 Apr 2024 03:12:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707179.1104786; Wed, 17 Apr 2024 03:12:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvit-0000w7-37; Wed, 17 Apr 2024 03:12:35 +0000 Received: by outflank-mailman (input) for mailman id 707179; Wed, 17 Apr 2024 03:12:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvir-0000vp-Kq for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvir-0001Bj-K5 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvir-00046K-JB for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IL6GgwLyd7Ibfrbl2KXZvC55sKG8JckGf56SG0C4Gss=; b=XTu6x/zb2iQBIyls45YY8IliJZ Mv+nrgeQSv6di+7sa5MwSo5I/v0i1yV4FP7CGP/6BtAHX00bSD6bOM6Vrnw1ShHdcvNRbAw3idb51 8c3oG+lPzyw2b3Gmv09kIE5yPs5BZpj3wamObcKj3CWrpKT7LeBTpnrz+dtsftfAg/qQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Simplify DO_COND_IBPB Message-Id: Date: Wed, 17 Apr 2024 03:12:33 +0000 commit 2378d16a931de0e62c03669169989e9437306abe Author: Andrew Cooper AuthorDate: Fri Mar 22 14:33:17 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Simplify DO_COND_IBPB With the prior refactoring, SPEC_CTRL_ENTRY_{PV,INTR} both load SCF into %ebx, and handle the conditional safety including skipping if interrupting Xen. Therefore, we can drop the maybexen parameter and the conditional safety. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 9d57478ac5..5e6d085ec3 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -75,33 +75,21 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ -.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +.macro DO_COND_IBPB /* - * Requires %rsp=regs (also cpuinfo if !maybexen) - * Requires %r14=stack_end (if maybexen), %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rbx=SCF, %rdx=0 + * Clobbers %rax, %rcx * - * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen - * case, we can safely look at UREGS_cs to skip taking the hit when - * interrupting Xen. + * Conditionally issue IBPB if SCF_entry_ibpb is active. */ - .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) - jz .L\@_skip - testb $3, UREGS_cs(%rsp) - .else - testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) - .endif + testb $SCF_entry_ibpb, %bl jz .L\@_skip mov $MSR_PRED_CMD, %ecx mov $PRED_CMD_IBPB, %eax wrmsr - jmp .L\@_done .L\@_skip: - lfence -.L\@_done: .endm .macro DO_OVERWRITE_RSB tmp=rax, xu @@ -256,8 +244,7 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -286,8 +273,7 @@ testb $3, UREGS_cs(%rsp) jz .L\@_skip - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -327,7 +313,7 @@ * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of: - * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_COND_IBPB * DO_OVERWRITE_RSB * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:12:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:12:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707180.1104790 (Exim 4.92) (envelope-from ) id 1rwvj3-00010U-74; Wed, 17 Apr 2024 03:12:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707180.1104790; Wed, 17 Apr 2024 03:12:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvj3-00010M-4P; Wed, 17 Apr 2024 03:12:45 +0000 Received: by outflank-mailman (input) for mailman id 707180; Wed, 17 Apr 2024 03:12:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvj1-00010B-OV for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvj1-0001Bt-Nl for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvj1-00046l-MP for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rTKONlASb53oD3v5LNUbiKRGY+krmsKbivtjqxMTNeM=; b=mJEi4NJGwMznoeHf4FVZmer7zq jqwjnzzIGv+Fw7PIV+pMDNoAvU7bLQiBujo9DGVk6Nt1mL6nHytwFAmODGShxCUYkTfecylYYHHJH G0UxcQtXC0PU1jjONoSLIe6TrckfFTgEvsYe/xJyQwtug5UUIRHkndr6fI++kRVPZVJg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* Message-Id: Date: Wed, 17 Apr 2024 03:12:43 +0000 commit 40dea83b75386cb693481cf340024ce093be5c0f Author: Andrew Cooper AuthorDate: Mon Mar 25 11:09:35 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* The complexity is getting out of hand. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 14 ++++++++ xen/arch/x86/hvm/vmx/entry.S | 14 ++++++++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 59 ++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index ecd4db4c41..6c48118dc9 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -100,6 +100,11 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular + * making type-confused RETs safe to use. This is not needed on Zen5 + * and later parts when SRSO_MSR_FIX (BP-SPEC-REDUCE) is in use. + */ .macro svm_vmexit_cond_ibpb testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb @@ -111,8 +116,17 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + /* + * RSB (RAS/RAP) stuffing is to prevents RET predictions following guest + * entries. This is not needed on Zen4 and later, when AutoIBRS is in + * use. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting, making indirect CALLs/JMPs + * safe to use. The guest's setting resides in the VMCB. + */ .macro svm_vmexit_spec_ctrl movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax movzbl CPUINFO_last_spec_ctrl(%rsp), %edx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 241ec5ce07..f52b3f0893 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -34,8 +34,22 @@ ENTRY(vmx_asm_vmexit_handler) mov %rax,VCPU_hvm_guest_cr2(%rbx) /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* + * RSB stuffing is to prevents RET predictions following guest + * entries. This is *not* sufficient to flush all RSB entries on + * parts enumerating eIBRS, although the following restore_spec_ctrl + * does covers us. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting. The guest's value resides in + * the MSR load/save list. For Legacy IBRS, this flushes/inhibits + * indirect predictions and does not flush the RSB. For eIBRS, this + * prevents CALLs/JMPs using predictions learnt at a lower predictor + * mode, and it flushes the RSB. On eIBRS parts that also suffer from + * PBRSB, the prior RSB stuffing suffices to make the RSB safe. + */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 5e6d085ec3..346e131a31 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -244,10 +244,32 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. + */ ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * This is not needed if SMEP is active and the RSB is full-width. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. The + * guest can't change it's value behind Xen's back. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. + */ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV @@ -270,6 +292,14 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * All safety notes the same as SPEC_CTRL_ENTRY_FROM_PV, although there is + * a conditional jump skipping some actions when interrupting Xen. + * + * On Intel parts, the IRET #GP path ends up here with the guest's choice + * of MSR_SPEC_CTRL. + */ + testb $3, UREGS_cs(%rsp) jz .L\@_skip @@ -320,6 +350,19 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. The SVM path takes care of + * Host/Guest interactions prior to clearing GIF, and it's not used on the + * VMX path. + */ test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -329,6 +372,12 @@ .L\@_skip_ibpb: + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * SCF_ist_rsb is active if either PV or HVM protections are needed. The + * VMX path cannot guarantee to make the RSB safe ahead of taking an IST + * vector. + */ test $SCF_ist_rsb, %bl jz .L\@_skip_rsb @@ -336,6 +385,16 @@ .L\@_skip_rsb: + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. PV + * guests can't change their value behind Xen's back. HVM guests have + * their value stored in the MSR load/save list. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. On eIBRS parts that also + * suffer from PBRSB, the prior RSB stuffing suffices to make the RSB + * safe. + */ test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:12:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:12:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707182.1104794 (Exim 4.92) (envelope-from ) id 1rwvjD-00013h-92; Wed, 17 Apr 2024 03:12:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707182.1104794; Wed, 17 Apr 2024 03:12:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjD-00013Y-5t; Wed, 17 Apr 2024 03:12:55 +0000 Received: by outflank-mailman (input) for mailman id 707182; Wed, 17 Apr 2024 03:12:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjB-00013N-S2 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjB-0001CK-RJ for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvjB-00047R-QU for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:12:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rrgKRCyaqTV8q/yoSgH6wB4uQ4BUtf83HXz1jFiZeqY=; b=TO1G2jT43bNW8XGZWy1RTsXrmd JMHxbI9l45ZUJdhkX9raVK4H+NgGvesBBEcAaTUqawlXQWZNZLa/EDp8M6Ftdju3M6lB+JJf+Xh7M rvPoyg+wL9gvFnqM/g2deP252kKTXzOBH7mQbfgQCJw5oVQPHZVE/hiD0BrKIf2Lu8eQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/vmx: Add support for virtualize SPEC_CTRL Message-Id: Date: Wed, 17 Apr 2024 03:12:53 +0000 commit 97c5b8b657e41a6645de9d40713b881234417b49 Author: Roger Pau Monne AuthorDate: Thu Feb 15 17:46:53 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/vmx: Add support for virtualize SPEC_CTRL The feature is defined in the tertiary exec control, and is available starting from Sapphire Rapids and Alder Lake CPUs. When enabled, two extra VMCS fields are used: SPEC_CTRL mask and shadow. Bits set in mask are not allowed to be toggled by the guest (either set or clear) and the value in the shadow field is the value the guest expects to be in the SPEC_CTRL register. By using it the hypervisor can force the value of SPEC_CTRL bits behind the guest back without having to trap all accesses to SPEC_CTRL, note that no bits are forced into the guest as part of this patch. It also allows getting rid of SPEC_CTRL in the guest MSR load list, since the value in the shadow field will be loaded by the hardware on vmentry. Signed-off-by: Roger Pau Monné Signed-off-by: Andrew Cooper --- xen/arch/x86/hvm/vmx/vmcs.c | 12 ++++++++++- xen/arch/x86/hvm/vmx/vmx.c | 37 ++++++++++++++++++++++++++------- xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 5 +++++ xen/arch/x86/include/asm/msr.h | 7 +++++-- 4 files changed, 51 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 423d2963f7..9b6dc51f36 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -202,6 +202,7 @@ static void __init vmx_display_features(void) P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); P(cpu_has_vmx_bus_lock_detection, "Bus Lock Detection"); P(cpu_has_vmx_notify_vm_exiting, "Notify VM Exit"); + P(cpu_has_vmx_virt_spec_ctrl, "Virtualize SPEC_CTRL"); #undef P if ( !printed ) @@ -365,7 +366,7 @@ static int vmx_init_vmcs_config(bool bsp) if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) { - uint64_t opt = 0; + uint64_t opt = TERTIARY_EXEC_VIRT_SPEC_CTRL; _vmx_tertiary_exec_control = adjust_vmx_controls2( "Tertiary Exec Control", 0, opt, @@ -1365,6 +1366,12 @@ static int construct_vmcs(struct vcpu *v) if ( cpu_has_vmx_tsc_scaling ) __vmwrite(TSC_MULTIPLIER, d->arch.hvm.tsc_scaling_ratio); + if ( cpu_has_vmx_virt_spec_ctrl ) + { + __vmwrite(SPEC_CTRL_MASK, 0); + __vmwrite(SPEC_CTRL_SHADOW, 0); + } + /* will update HOST & GUEST_CR3 as reqd */ paging_update_paging_modes(v); @@ -2086,6 +2093,9 @@ void vmcs_dump_vcpu(struct vcpu *v) if ( v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY ) printk("InterruptStatus = %04x\n", vmr16(GUEST_INTR_STATUS)); + if ( cpu_has_vmx_virt_spec_ctrl ) + printk("SPEC_CTRL mask = 0x%016lx shadow = 0x%016lx\n", + vmr(SPEC_CTRL_MASK), vmr(SPEC_CTRL_SHADOW)); printk("*** Host State ***\n"); printk("RIP = 0x%016lx (%ps) RSP = 0x%016lx\n", diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 319a37b745..c886331006 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -818,23 +818,28 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored. + * + * If VMX_VIRT_SPEC_CTRL is available, it is activated by default and the + * guest MSR_SPEC_CTRL value lives in the VMCS. Otherwise, it lives in + * the MSR load/save list. */ if ( cp->feat.ibrsb ) { vmx_clear_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); - if ( rc ) - goto out; + if ( !cpu_has_vmx_virt_spec_ctrl ) + { + rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); + if ( rc ) + goto out; + } } else { vmx_set_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); - if ( rc && rc != -ESRCH ) - goto out; - rc = 0; /* Tolerate -ESRCH */ + if ( !cpu_has_vmx_virt_spec_ctrl ) + vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ @@ -2629,6 +2634,10 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - fetched below. */ + break; + rc = vmx_read_guest_msr(v, reg, &val); if ( rc ) { @@ -2652,6 +2661,11 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmread(SPEC_CTRL_SHADOW, &val); + break; + case MSR_IA32_BNDCFGS: __vmread(GUEST_BNDCFGS, &val); break; @@ -2678,6 +2692,10 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - set below. */ + break; + rc = vmx_write_guest_msr(v, reg, val); if ( rc ) { @@ -2698,6 +2716,11 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmwrite(SPEC_CTRL_SHADOW, val); + break; + case MSR_IA32_BNDCFGS: __vmwrite(GUEST_BNDCFGS, val); break; diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index a7dd2eeffc..58140af691 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -270,6 +270,9 @@ extern u32 vmx_secondary_exec_control; #define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) extern uint64_t vmx_tertiary_exec_control; +#define cpu_has_vmx_virt_spec_ctrl \ + (vmx_tertiary_exec_control & TERTIARY_EXEC_VIRT_SPEC_CTRL) + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -436,6 +439,8 @@ enum vmcs_field { XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, TERTIARY_VM_EXEC_CONTROL = 0x00002034, + SPEC_CTRL_MASK = 0x0000204a, + SPEC_CTRL_SHADOW = 0x0000204c, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 1d8ea9f26f..c95330a5a1 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -302,8 +302,11 @@ struct vcpu_msrs * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. * - * For VT-x guests, the guest value is held in the MSR guest load/save - * list. + * For VT-x guests, one of two situations exist: + * + * - If hardware supports virtualized MSR_SPEC_CTRL, it is active by + * default and the guest value lives in the VMCS. + * - Otherwise, the guest value is held in the MSR load/save list. * * For SVM, the guest value lives in the VMCB, and hardware saves/restores * the host value automatically. However, guests run with the OR of the -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:13:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:13:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707183.1104797 (Exim 4.92) (envelope-from ) id 1rwvjN-000177-BP; Wed, 17 Apr 2024 03:13:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707183.1104797; Wed, 17 Apr 2024 03:13:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjN-00016z-8x; Wed, 17 Apr 2024 03:13:05 +0000 Received: by outflank-mailman (input) for mailman id 707183; Wed, 17 Apr 2024 03:13:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjL-00016k-VO for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjL-0001Ce-UW for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvjL-00048B-Tn for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=v8mOWoYdM7aj75y0RMylZJSDTu+izg5M0Sx8g3tt8hU=; b=vcV6srPV3L4zCRJfltUaiJKfnp clkENCBwYJN8+hPJE6Mt5SNrUJeC68Cu0iH34+frGZzkHoMobAb3Gh0U0PSlbVySnV6gt+9MZpLKD oo7t17iWZcfma+FPQcNtfEoMUTTgSVsMvHy7o36Da2PjT5mSD2lvTrHW7vSOzDzXnVGE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Message-Id: Date: Wed, 17 Apr 2024 03:13:03 +0000 commit 45dac88e78e8a2d9d8738eef884fe6730faf9e67 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:43:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Right now, they're all bytes, but MSR_SPEC_CTRL has been steadily gaining new features. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/include/asm/spec_ctrl.h | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 6 +++--- xen/arch/x86/spec_ctrl.c | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 6c48118dc9..6fd9652c04 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -61,14 +61,14 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ .macro svm_vmentry_spec_ctrl mov VCPU_arch_msrs(%rbx), %rax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_last_spec_ctrl(%rsp), %edx mov VCPUMSR_spec_ctrl_raw(%rax), %eax cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM @@ -128,14 +128,14 @@ __UNLIKELY_END(nsvm_hap) * safe to use. The guest's setting resides in the VMCB. */ .macro svm_vmexit_spec_ctrl - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_last_spec_ctrl(%rsp), %edx cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index f52b3f0893..96b3d22080 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -52,7 +52,7 @@ ENTRY(vmx_asm_vmexit_handler) */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax xor %edx, %edx wrmsr .endm diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index 8ba3574d59..4126d03396 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -55,8 +55,8 @@ struct cpu_info { /* See asm/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; - uint8_t xen_spec_ctrl; - uint8_t last_spec_ctrl; + unsigned int xen_spec_ctrl; + unsigned int last_spec_ctrl; uint8_t scf; /* SCF_* */ /* diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index ee3119e128..95dd081f30 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -81,7 +81,7 @@ extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; -extern uint8_t default_xen_spec_ctrl; +extern unsigned int default_xen_spec_ctrl; extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 346e131a31..23b23219de 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -205,10 +205,10 @@ setnz %al not %eax and %al, STACK_CPUINFO_FIELD(scf)(%r14) - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else andb $~SCF_use_shadow, CPUINFO_scf(%rsp) - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax .endif wrmsr @@ -406,7 +406,7 @@ /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr .L\@_skip_msr_spec_ctrl: diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index c2be9889e3..ed52ce3cc5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -56,7 +56,7 @@ static bool __initdata opt_branch_harden = static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __ro_after_init default_xen_spec_ctrl; +unsigned int __ro_after_init default_xen_spec_ctrl; uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:13:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:13:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707184.1104802 (Exim 4.92) (envelope-from ) id 1rwvjX-0001Bw-D0; Wed, 17 Apr 2024 03:13:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707184.1104802; Wed, 17 Apr 2024 03:13:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjX-0001Bo-AN; Wed, 17 Apr 2024 03:13:15 +0000 Received: by outflank-mailman (input) for mailman id 707184; Wed, 17 Apr 2024 03:13:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjW-0001Bc-24 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjW-0001Co-1N for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvjW-00048r-0b for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pCmdCi5Hs6ZSOHo7wREstsmQVa/DfW+qz0nuZ1mplWk=; b=bj2b+LYU6gaPK1WHWCq4GaJBuJ glPtK4Mq4dLx1+r6D/gk8LIr/S7gWkhqD6VlVqe5ePXVw2+hRIekfr0Q44awdyMBrvRb+isZ1DKPZ 3Sp7NZc1EpAAk2dDD8jTZ1wb0H4R162QXod82xZjg5bU9/5Hn/zArwrN9ZNNvLte/REk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: Use indirect calls in reset-stack infrastructure Message-Id: Date: Wed, 17 Apr 2024 03:13:14 +0000 commit 8e186f98ce0e35d1754ec9299da41ec98873b65c Author: Andrew Cooper AuthorDate: Fri Dec 22 17:44:48 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86: Use indirect calls in reset-stack infrastructure Mixing up JMP and CALL indirect targets leads a very fun form of speculative type confusion. A target which is expecting to be called CALLed needs a return address on the stack, and an indirect JMP doesn't place one there. An indirect JMP which predicts to a target intending to be CALLed can end up with a RET speculatively executing with a value from the JMPers stack frame. There are several ways get indirect JMPs in Xen. * From tailcall optimisations. These are safe because the compiler has arranged the stack to point at the callee's return address. * From jump tables. These are unsafe, but Xen is built with -fno-jump-tables to work around several compiler issues. * From reset_stack_and_jump_ind(), which is particularly unsafe. Because of the additional stack adjustment made, the value picked up off the stack is regs->r15 of the next vCPU to run. In order to mitigate this type confusion, we want to make all indirect targets be CALL targets, and remove the use of indirect JMP except via tailcall optimisation. Luckily due to XSA-348, all C target functions of reset_stack_and_jump_ind() are noreturn. {svm,vmx}_do_resume() exits via reset_stack_and_jump(); a direct JMP with entirely different prediction properties. idle_loop() is an infinite loop which eventually exits via reset_stack_and_jump_ind() from a new schedule. i.e. These paths are all fine having one extra return address on the stack. This leaves continue_pv_domain(), which is expecting to be a JMP target. Alter it to strip the return address off the stack, which is safe because there isn't actually a RET expecting to return to its caller. This allows us change reset_stack_and_jump_ind() to reset_stack_and_call_ind() in order to mitigate the speculative type confusion. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/x86_64/entry.S | 8 ++++++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 9ab048b462..4f851aa81f 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2127,12 +2127,12 @@ void context_switch(struct vcpu *prev, struct vcpu *next) /* Ensure that the vcpu has an up-to-date time base. */ update_vcpu_system_time(next); - reset_stack_and_jump_ind(nextd->arch.ctxt_switch->tail); + reset_stack_and_call_ind(nextd->arch.ctxt_switch->tail); } void continue_running(struct vcpu *same) { - reset_stack_and_jump_ind(same->domain->arch.ctxt_switch->tail); + reset_stack_and_call_ind(same->domain->arch.ctxt_switch->tail); } int __sync_local_execstate(void) diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index 4126d03396..bcec328c98 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -198,10 +198,10 @@ unsigned long get_stack_dump_bottom (unsigned long sp); switch_stack_and_jump(fn, "jmp %c", "i") /* The constraint may only specify non-call-clobbered registers. */ -#define reset_stack_and_jump_ind(fn) \ +#define reset_stack_and_call_ind(fn) \ ({ \ (void)((fn) == (void (*)(void))NULL); \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b"); \ + switch_stack_and_jump(fn, "INDIRECT_CALL %", "b"); \ }) /* diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 715b0d415a..461bbc3558 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -644,6 +644,14 @@ END(create_bounce_frame) #ifdef CONFIG_PV FUNC(continue_pv_domain) ENDBR64 + + /* + * For speculative type confusion reasons, we're CALLed rather than + * JMPed to. Drop the return address. + */ + add $8, %rsp + ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK + call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:13:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:13:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707185.1104806 (Exim 4.92) (envelope-from ) id 1rwvjh-0001F8-EW; Wed, 17 Apr 2024 03:13:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707185.1104806; Wed, 17 Apr 2024 03:13:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjh-0001Ey-Bm; Wed, 17 Apr 2024 03:13:25 +0000 Received: by outflank-mailman (input) for mailman id 707185; Wed, 17 Apr 2024 03:13:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjg-0001Ep-4y for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjg-0001D1-4J for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvjg-00049N-3V for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yYKEfcciECRSSaUo8H6+m1R68rymTRMPHfS9h+jWpcw=; b=NQ9FEWCX+subITsvf1dvmdX8DH O5kE1GcBbgJsOTaqmZXVbzdYmOqQoD68XPa0Hi6yioPSS4oAEBjVptdroM/AXD/oarJWx3dIy0KdS fgMAtmWTdytpQPWJ7KFh233/z+78Akkoy6q7P08EeiYXLwyFZYXPyJESbDZ05fVEoqsE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86: Drop INDIRECT_JMP Message-Id: Date: Wed, 17 Apr 2024 03:13:24 +0000 commit 0b66d7ce3c0290eaad28bdafb35200052d012b14 Author: Andrew Cooper AuthorDate: Fri Dec 22 18:01:37 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86: Drop INDIRECT_JMP Indirect JMPs which are not tailcalls can lead to an unwelcome form of speculative type confusion, and we've removed the uses of INDIRECT_JMP to compensate. Remove the temptation to reintroduce new instances. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/include/asm/asm-defns.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/include/asm/asm-defns.h b/xen/arch/x86/include/asm/asm-defns.h index 0e5f0be768..d55dd3bbc3 100644 --- a/xen/arch/x86/include/asm/asm-defns.h +++ b/xen/arch/x86/include/asm/asm-defns.h @@ -29,10 +29,9 @@ BUG /* Shouldn't return */ .endm -.macro INDIRECT_BRANCH insn:req, arg:req +.macro INDIRECT_CALL arg:req /* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. + * Create an indirect call. arg is a single register. * * With no compiler support, this degrades into a plain indirect call/jmp. * With compiler support, dispatch to the correct __x86_indirect_thunk_* @@ -42,7 +41,7 @@ $done = 0 .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg + call __x86_indirect_thunk_r\reg $done = 1 .exitm .endif @@ -53,19 +52,10 @@ .endif .else - \insn *\arg + call *\arg .endif .endm -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call, \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp, \arg -.endm - #ifdef CONFIG_XEN_IBT # define ENDBR64 endbr64 #else -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:13:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:13:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707186.1104810 (Exim 4.92) (envelope-from ) id 1rwvjr-0001Of-G7; Wed, 17 Apr 2024 03:13:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707186.1104810; Wed, 17 Apr 2024 03:13:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjr-0001OX-DK; Wed, 17 Apr 2024 03:13:35 +0000 Received: by outflank-mailman (input) for mailman id 707186; Wed, 17 Apr 2024 03:13:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjq-0001MM-7x for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvjq-0001DB-7J for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvjq-00049o-6f for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wXE35KsmmJ51srxVr5uXNKgXLfIrDHd2KRoHaNTmedE=; b=OarR1+IrJBw3xWG7l60ipJIdzY XH0jM6wa1qYLuJRiAF18LEfO7NSpObW2oUd8hLscEf2CSKnxtrCb/SChqzNgJ9Yd7pe0cBgAg1asH LVagaLpx7zyGBtbL0746AggWY4RD294bZAUDWgi2lsMGQyo4mzxtYgrGkSCI/VRNTQrE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/tsx: Expose RTM_ALWAYS_ABORT to guests Message-Id: Date: Wed, 17 Apr 2024 03:13:34 +0000 commit c94e2105924347de0d9f32065370e802a20cc829 Author: Andrew Cooper AuthorDate: Sat Apr 6 20:36:54 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/tsx: Expose RTM_ALWAYS_ABORT to guests A TSX Abort is one option mitigate Native-BHI, but a guest kernel doesn't get to see this if Xen has turned RTM off using MSR_TSX_{CTRL,FORCE_ABORT}. Therefore, the meaning of RTM_ALWAYS_ABORT has been adjusted to "XBEGIN won't fault", and it should be exposed to guests so they can make a better decision. Expose it in the max policy for any RTM-capable system. Offer it by default only if RTM has been disabled. Update test-tsx to account for this new meaning. While adjusting the logic in test_guest_policies(), take the opportunity to use feature names (now they're available) to make the logic easier to follow. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- tools/tests/tsx/test-tsx.c | 39 +++++++++++++++++++---------- xen/arch/x86/cpu-policy.c | 20 +++++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 47 insertions(+), 14 deletions(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index b7e1972ce8..5af04953f3 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -311,25 +311,25 @@ static void test_guest_policies(const struct cpu_policy *max, dump_tsx_details(max, "Max:"); dump_tsx_details(def, "Def:"); - if ( ((max->feat.raw[0].d | def->feat.raw[0].d) & - (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | - bitmaskof(X86_FEATURE_SRBDS_CTRL))) || - ((max->arch_caps.raw | def->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) + if ( max->feat.tsx_force_abort || def->feat.tsx_force_abort || + max->feat.srbds_ctrl || def->feat.srbds_ctrl || + max->arch_caps.tsx_ctrl || def->arch_caps.tsx_ctrl ) fail(" Xen-only TSX controls offered to guest\n"); switch ( rtm_behaviour ) { case RTM_UD: - if ( (max->feat.raw[0].b | def->feat.raw[0].b) & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) - fail(" HLE/RTM offered to guests despite not being available\n"); + if ( max->feat.hle || def->feat.hle || + max->feat.rtm || def->feat.rtm || + max->feat.rtm_always_abort || def->feat.rtm_always_abort ) + fail(" HLE/RTM/RTM_AA offered to guests despite not being available\n"); break; case RTM_ABORT: - if ( def->feat.raw[0].b & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) + if ( def->feat.hle || def->feat.rtm ) fail(" HLE/RTM offered to guests by default despite not being usable\n"); + if ( !def->feat.rtm_always_abort ) + fail(" RTM_AA not offered to guests by default despite being available\n"); break; case RTM_OK: @@ -340,6 +340,9 @@ static void test_guest_policies(const struct cpu_policy *max, if ( def->feat.hle ) fail(" Fail: HLE offered in default policy\n"); + + if ( def->feat.rtm && def->feat.rtm_always_abort ) + fail(" Fail: Both RTM and RTM_AA offered in default policy\n"); } static void test_def_max_policies(void) @@ -388,14 +391,13 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.hle || guest_policy.policy.feat.tsx_force_abort || - guest_policy.policy.feat.rtm_always_abort || guest_policy.policy.feat.srbds_ctrl || guest_policy.policy.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); if ( host.policy.feat.rtm ) { - unsigned int _7b0; + unsigned int _7b0, _7d0; /* * If host RTM is available, all combinations of guest flags should be @@ -403,6 +405,8 @@ static void test_guest(struct xen_domctl_createdomain *c) */ _7b0 = (guest_policy.policy.feat.raw[0].b ^= (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM))); + _7d0 = (guest_policy.policy.feat.raw[0].d ^= + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT)); /* Set the new policy. */ rc = xc_cpu_policy_set_domain(xch, domid, &guest_policy); @@ -426,10 +430,17 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.raw[0].b != _7b0 ) { - fail(" Expected CPUID.7[1].b 0x%08x differs from actual 0x%08x\n", + fail(" Expected CPUID.7[0].b 0x%08x differs from actual 0x%08x\n", _7b0, guest_policy.policy.feat.raw[0].b); goto out; } + + if ( guest_policy.policy.feat.raw[0].d != _7d0 ) + { + fail(" Expected CPUID.7[0].d 0x%08x differs from actual 0x%08x\n", + _7d0, guest_policy.policy.feat.raw[0].d); + goto out; + } } out: @@ -514,6 +525,8 @@ static void test_tsx(void) i, errno, strerror(errno)); } + dump_tsx_details(&host.policy, "Host:"); + rc = xc_physinfo(xch, &physinfo); if ( rc ) return fail("Failed to obtain physinfo: %d - %s\n", diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index 5952ff20e6..4b6d962763 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -462,6 +462,21 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) */ __set_bit(X86_FEATURE_HTT, fs); __set_bit(X86_FEATURE_CMP_LEGACY, fs); + + /* + * To mitigate Native-BHI, one option is to use a TSX Abort on capable + * systems. This is safe even if RTM has been disabled for other reasons + * via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel doesn't get to + * know this type of information. + * + * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to instead + * mean "XBEGIN won't fault". This is enough for a guest kernel to make + * an informed choice WRT mitigating Native-BHI. + * + * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT. + */ + if ( test_bit(X86_FEATURE_RTM, fs) ) + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -534,9 +549,14 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) * function as expected, but is technically compatible with the ISA. * * Do not advertise RTM to guests by default if it won't actually work. + * Instead, advertise RTM_ALWAYS_ABORT indicating that TSX Aborts are safe + * to use, e.g. for mitigating Native-BHI. */ if ( rtm_disabled ) + { __clear_bit(X86_FEATURE_RTM, fs); + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); + } } static void __init guest_common_feature_adjustments(uint32_t *fs) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 6bb1ee3b0a..53f13dec31 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -264,7 +264,7 @@ XEN_CPUFEATURE(FSRM, 9*32+ 4) /*A Fast Short REP MOVS */ XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a VP2INTERSECT{D,Q} insns */ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A VERW clears microarchitectural buffers */ -XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! June 2021 TSX defeaturing in microcode. */ +XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! RTM disabled (but XBEGIN wont fault) */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*A SERIALIZE insn */ XEN_CPUFEATURE(HYBRID, 9*32+15) /* Heterogeneous platform */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:13:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:13:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707187.1104814 (Exim 4.92) (envelope-from ) id 1rwvk1-0001RL-Hf; Wed, 17 Apr 2024 03:13:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707187.1104814; Wed, 17 Apr 2024 03:13:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvk1-0001RE-Em; Wed, 17 Apr 2024 03:13:45 +0000 Received: by outflank-mailman (input) for mailman id 707187; Wed, 17 Apr 2024 03:13:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvk0-0001Qy-BP for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvk0-0001DI-Aj for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvk0-0004AH-9x for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P48JE3OWYJc4n/4nrP4+Y5IoYlQhWHJBR2prbJQUoec=; b=t+al7E24HMpkQXb9kqBK+NoI8a I3cvX/uk/ledlEn7pjqoye3BF4EUfo7JNNkc3hut/qzenlL8nveYz+1X2DfBtCOohUAIjDKuaNo3p +5b9nMLB4s+xKXc09SNGte59qScVipg0Dv/Jfg0uj8exZoZUOS1hLFxITw/f734kUe2Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Message-Id: Date: Wed, 17 Apr 2024 03:13:44 +0000 commit 62a1106415c5e8a49b45147ca84d54a58d471343 Author: Andrew Cooper AuthorDate: Tue Mar 26 19:01:37 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Introduce a "bhi-dis-s" boolean to match the other options we have for MSR_SPEC_CTRL values. Also introduce bhi_calculations(). Use BHI_DIS_S whenever possible. Guests which are levelled to be migration compatible with older CPUs can't see BHI_DIS_S, and Xen must fill in the difference to make the guest safe. Use the virt MSR_SPEC_CTRL infrastructure to force BHI_DIS_S behind the guest's back. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/include/asm/spec_ctrl.h | 1 + xen/arch/x86/spec_ctrl.c | 24 +++++++++++++++++++++++- 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 14cafb462a..b87e7ebc35 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2377,7 +2377,8 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). > {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, -> unpriv-mmio,gds-mit,div-scrub,lock-harden}= ]` +> unpriv-mmio,gds-mit,div-scrub,lock-harden, +> bhi-dis-s}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2458,6 +2459,11 @@ option can be used to force or prevent Xen using the feature itself. By default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by default. +On hardware supporting BHI_DIS_S (Branch History Injection Disable +Supervisor), the `bhi-dis-s=` option can be used to force or prevent Xen using +the feature itself. By default Xen will use BHI_DIS_S on hardware susceptible +to Branch History Injection. + On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` option can be used to force (the default) or prevent Xen from issuing branch prediction barriers on vcpu context switches. diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index c886331006..0935762378 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -48,6 +48,7 @@ #include #include #include +#include #include static bool __initdata opt_force_ept; @@ -842,6 +843,22 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } + if ( cpu_has_vmx_virt_spec_ctrl ) + { + /* + * If we're on BHI_DIS_S capable hardware, the short loop sequence is + * not sufficient to mitigate Native-BHI. If the VM can't see it + * (i.e. it's levelled with older hardware), force it behind the + * guests back for safey. + * + * Because there's not a real Host/Guest split of the MSR_SPEC_CTRL + * value, this only works as expected when Xen is using BHI_DIS_S too. + */ + bool force_bhi_dis_s = opt_bhi_dis_s && !cp->feat.bhi_ctrl; + + __vmwrite(SPEC_CTRL_MASK, force_bhi_dis_s ? SPEC_CTRL_BHI_DIS_S : 0); + } + /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ if ( cp->feat.ibrsb || cp->extd.ibpb ) vmx_clear_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 95dd081f30..b2d2c25842 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -77,6 +77,7 @@ static always_inline void spec_ctrl_new_guest_context(void) extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; +extern int8_t opt_bhi_dis_s; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ed52ce3cc5..a5096ab4fb 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -47,6 +47,7 @@ static int8_t __initdata opt_ibrs = -1; static int8_t __initdata opt_stibp = -1; bool __ro_after_init opt_ssbd; static int8_t __initdata opt_psfd = -1; +int8_t __ro_after_init opt_bhi_dis_s = -1; int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; int8_t __ro_after_init opt_eager_fpu = -1; @@ -269,6 +270,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ssbd = val; else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) opt_psfd = val; + else if ( (val = parse_boolean("bhi-dis-s", s, ss)) >= 0 ) + opt_bhi_dis_s = val; /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) @@ -524,7 +527,7 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : @@ -542,6 +545,8 @@ static void __init print_details(enum ind_thunk thunk) (!boot_cpu_has(X86_FEATURE_PSFD) && !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", + !boot_cpu_has(X86_FEATURE_BHI_CTRL) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_BHI_DIS_S) ? " BHI_DIS_S+" : " BHI_DIS_S-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -1596,6 +1601,21 @@ static void __init gds_calculations(void) } } +/* + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + */ +static void __init bhi_calculations(void) +{ + if ( opt_bhi_dis_s == -1 ) + opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + + if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) + opt_bhi_dis_s = false; + + if ( opt_bhi_dis_s ) + default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; +} + void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); @@ -2140,6 +2160,8 @@ void __init init_speculation_mitigations(void) gds_calculations(); + bhi_calculations(); + print_details(thunk); /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:13:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:13:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707188.1104818 (Exim 4.92) (envelope-from ) id 1rwvkB-0001Um-KO; Wed, 17 Apr 2024 03:13:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707188.1104818; Wed, 17 Apr 2024 03:13:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvkB-0001Ue-HY; Wed, 17 Apr 2024 03:13:55 +0000 Received: by outflank-mailman (input) for mailman id 707188; Wed, 17 Apr 2024 03:13:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvkA-0001UU-ER for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvkA-0001Dh-Dl for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvkA-0004Ai-D2 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:13:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+g96mG7FdQCVq3d+GQ2PritHaIS0nW28+kchhmQKWnA=; b=FLL2gYYgCLq6OffYva6kW6F0Ij kixZJu1y3Cb6sOWAboGo+4GEzOZmO26p41GQYpJLYZpJBHoAnflc9wJfIs28YN8eR8XCFSMKRagry ocrYGBcfSK8D+vqmswAWWWFmDIUF+gGjpDi9Sdi2OfTpGcbEiJiURlRM8/BroRNWqoRc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Software BHB-clearing sequences Message-Id: Date: Wed, 17 Apr 2024 03:13:54 +0000 commit 954c983abceee97bf5f6230b9ae164f2c49a9aa9 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Software BHB-clearing sequences Implement clear_bhb_{tsx,loops}() as per the BHI guidance. The loops variant is set up as the "short" sequence. Introduce SCF_entry_bhb and extend SPEC_CTRL_ENTRY_* with a conditional call to selected clearing routine. Note that due to a limitation in the ALTERNATIVE capability, the TEST/JZ can't be included alongside a CALL in a single alternative block. This is going to require further work to untangle. The BHB sequences (if used) must be after the restoration of Xen's MSR_SPEC_CTRL value, which must be accounted for when judging whether it is safe to skip the safety LFENCEs. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- xen/arch/x86/Makefile | 1 + xen/arch/x86/bhb-thunk.S | 94 ++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/vmx/entry.S | 12 ++++ xen/arch/x86/include/asm/cpufeature.h | 3 + xen/arch/x86/include/asm/cpufeatures.h | 3 + xen/arch/x86/include/asm/spec_ctrl.h | 3 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++++ xen/arch/x86/spec_ctrl.c | 39 +++++++------ 8 files changed, 167 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 26d8740529..d902fb7acc 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -15,6 +15,7 @@ alternative-y := alternative.init.o alternative-$(CONFIG_LIVEPATCH) := obj-bin-y += $(alternative-y) obj-y += apic.o +obj-y += bhb-thunk.o obj-y += bitops.o obj-bin-y += bzimage.init.o obj-bin-y += clear_page.o diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S new file mode 100644 index 0000000000..b3f2cb3cb6 --- /dev/null +++ b/xen/arch/x86/bhb-thunk.S @@ -0,0 +1,94 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Branch History Injection clearing sequences. + * + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + * + * Copyright (c) 2023, 2024 XenServer. + */ + .file __FILE__ + +#include + + .section .text.entry, "ax", @progbits + +/* + * Clear the Branch History Buffer using a TSX Abort. + * + * Any TSX Abort has a side effect of clearing the BHB, even when TSX is + * disabled for e.g. TAA mitigation reasons. + */ +FUNC(clear_bhb_tsx) + .byte 0xc7, 0xf8; .long 1f - 0f /* xbegin 1f */ +0: .byte 0xc6, 0xf8, 0 /* xabort $0 */ + int3 +1: + ret +END(clear_bhb_tsx) + +/* + * Clear the Branch History Buffer using the software sequence. + * + * Clobbers: %eax, %ecx + * + * This executes a specific number of taken branches, sufficient to displace + * all prior entries in the history tracker, therefore removing prior + * influence on subsequent BTB lookups. + * + * Structurally, it looks like this: + * + * call 1 + * call 2 + * ... 5x jmp loop + * call 2 + * ... 5x jmp loop + * ... 5x call2's deep + * + * ret + * ret + * ret + * ret + * + * The CALL/RETs are necessary to prevent the Loop Stream Detector from + * interfering. The alignment is for performance and not safety. + * + * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire + * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + */ +FUNC(clear_bhb_loops) + mov $5, %ecx + + call 1f + jmp 5f + int3 + + .align 64 +1: call 2f + ret + int3 + + .align 64 +2: mov $5, %eax + +3: jmp 4f + int3 + +4: sub $1, %eax + jnz 3b + + sub $1, %ecx + jnz 1b + + ret +5: + /* + * The Intel sequence has an LFENCE here. The purpose is to ensure + * that all prior branches have executed, before dispatching a + * subsequent indirect branch. + * + * Xen's SPEC_CTRL_ENTRY_* blocks have safety LFENCEs at the end when + * protections are active, which suffices for this purpose. + */ + + ret +END(clear_bhb_loops) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 96b3d22080..7233e771d8 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -57,6 +57,18 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, CPUINFO_scf(%rsp) + jz .L_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 9bc553681f..743f11f989 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -235,6 +235,9 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) +#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ + boot_cpu_has(X86_SPEC_BHB_LOOPS)) + enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 6422c66b0f..bada8912e0 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -56,5 +56,8 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ #define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ +#define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ +#define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index b2d2c25842..72347ef2b9 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -24,6 +24,7 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_entry_bhb (1 << 6) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -42,7 +43,7 @@ * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb | SCF_entry_bhb) #ifndef __ASSEMBLY__ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 23b23219de..729a830411 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -273,6 +273,17 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm @@ -311,6 +322,13 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm @@ -411,6 +429,18 @@ .L\@_skip_msr_spec_ctrl: + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + lfence .endm diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index a5096ab4fb..589feeee24 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2182,38 +2182,43 @@ void __init init_speculation_mitigations(void) /* * SPEC_CTRL_ENTRY_FROM_PV conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we're not using any prior conditional mitigation, - * then it's safe to drop the LFENCE. + * Otherwise, DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we do have it, or we're not using any + * prior conditional block, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); /* * SPEC_CTRL_ENTRY_FROM_INTR conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we have no protections active in the block that - * is skipped when interrupting guest context, then it's safe to drop - * the LFENCE. + * Otherwise DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we have it, or we have no protections + * active in the block that is skipped when interrupting guest + * context, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && - !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); /* * SPEC_CTRL_ENTRY_FROM_VMX conditional safety * - * Currently there are no safety actions with conditional branches, so - * no need for the extra safety LFENCE. + * A BHB sequence, if used, is the only conditional action, so if we + * don't have it, we don't need the safety LFENCE. */ - setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + if ( !cpu_has_bhb_seq ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:14:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:14:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707189.1104821 (Exim 4.92) (envelope-from ) id 1rwvkL-0001XB-MC; Wed, 17 Apr 2024 03:14:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707189.1104821; Wed, 17 Apr 2024 03:14:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvkL-0001X4-JB; Wed, 17 Apr 2024 03:14:05 +0000 Received: by outflank-mailman (input) for mailman id 707189; Wed, 17 Apr 2024 03:14:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvkK-0001Wu-Hr for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvkK-0001E1-HB for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvkK-0004Bo-GM for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=c2m9Y5AFw2VvCz33HeI8Ktan7ZrMu4SNgNSu3OaVpLw=; b=znwl3eMEvVOnif/ri+ORrBB+Cx dphQkue8S/GX9+FL2kkjqNFamwmoQp0BBpFqo5mBJBeVBlB6otEyJXiKz423KDbxQQuZxn6BfESI7 L7cB9xT32nFFB8yqr9KrLVJ7hgS8Eih6cypdeyAAnbpYDB5kGEPTrG0fYJGG6ku8QxI0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Wire up the Native-BHI software sequences Message-Id: Date: Wed, 17 Apr 2024 03:14:04 +0000 commit 689ad48ce9cf4c38297cd126e7e003a1c13a3b9d Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Wire up the Native-BHI software sequences In the absence of BHI_DIS_S, mitigating Native-BHI requires the use of a software sequence. Introduce a new bhb-seq= option to select between avaialble sequences and bhb-entry= to control the per-PV/HVM actions like we have for other blocks. Activate the short sequence by default for PV and HVM guests on affected hardware if BHI_DIS_S isn't present. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- docs/misc/xen-command-line.pandoc | 25 +++++-- xen/arch/x86/spec_ctrl.c | 145 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 157 insertions(+), 13 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index b87e7ebc35..c8b0cb091e 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2374,8 +2374,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, > bhi-dis-s}= ]` @@ -2400,10 +2401,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=` and `ibpb-entry=` options -offer fine grained control over the primitives by Xen. These impact Xen's -ability to protect itself, and/or Xen's ability to virtualise support for -guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=`, `ibpb-entry=` and `bhb-entry=` +options offer fine grained control over the primitives by Xen. These impact +Xen's ability to protect itself, and/or Xen's ability to virtualise support +for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2429,6 +2430,12 @@ guests to use. Return Stack Overflow if appropriate microcode has been loaded, but for performance reasons dom0 is unprotected by default. If it is necessary to protect dom0 too, boot with `spec-ctrl=ibpb-entry`. +* `bhb-entry=` offers control over whether BHB-clearing (Branch History + Buffer) sequences are used on entry to Xen. This is used by default on + hardware vulnerable to Branch History Injection, when the BHI_DIS_S control + is not available (see `bhi-dis-s`). The choice of scrubbing sequence can be + selected using the `bhb-seq=` option. If it is necessary to protect dom0 + too, boot with `spec-ctrl=bhb-entry`. If Xen was compiled with `CONFIG_INDIRECT_THUNK` support, `bti-thunk=` can be used to select which of the thunks gets patched into the @@ -2436,6 +2443,12 @@ used to select which of the thunks gets patched into the (generally preferred), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and `lfence` (an `lfence; jmp *%reg` gadget). +On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing +sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` +options in order to mitigate Branch History Injection on affected hardware. +The default sequence is `short`, with `tsx` as an alternative available +capable hardware that can be opted in to. + On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. If Xen is not using IBRS itself, functionality is still set up so IBRS can be diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 589feeee24..d362544f34 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -33,6 +33,16 @@ static int8_t __ro_after_init opt_ibpb_entry_pv = -1; static int8_t __ro_after_init opt_ibpb_entry_hvm = -1; static bool __ro_after_init opt_ibpb_entry_dom0; +static int8_t __ro_after_init opt_bhb_entry_pv = -1; +static int8_t __ro_after_init opt_bhb_entry_hvm = -1; +static bool __ro_after_init opt_bhb_entry_dom0; +static enum bhb_thunk { + BHB_DEFAULT, + BHB_NONE, + BHB_TSX, + BHB_SHORT, +} opt_bhb_seq __initdata; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -116,8 +126,12 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ibpb_entry_pv = 0; opt_ibpb_entry_hvm = 0; opt_ibpb_entry_dom0 = false; + opt_bhb_entry_pv = 0; + opt_bhb_entry_hvm = 0; + opt_bhb_entry_dom0 = false; opt_thunk = THUNK_JMP; + opt_bhb_seq = BHB_NONE; opt_ibrs = 0; opt_ibpb_ctxt_switch = false; opt_ssbd = false; @@ -146,6 +160,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_pv = val; opt_verw_pv = val; opt_ibpb_entry_pv = val; + opt_bhb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { @@ -153,6 +168,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_verw_hvm = val; opt_ibpb_entry_hvm = val; + opt_bhb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -240,6 +256,28 @@ static int __init cf_check parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("bhb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_bhb_entry_pv = opt_bhb_entry_hvm = + opt_bhb_entry_dom0 = val; + break; + + case -2: + s += strlen("bhb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_bhb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_bhb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -260,6 +298,19 @@ static int __init cf_check parse_spec_ctrl(const char *s) else rc = -EINVAL; } + else if ( !strncmp(s, "bhb-seq=", 8) ) + { + s += strlen("bhb-seq="); + + if ( !cmdline_strcmp(s, "none") ) + opt_bhb_seq = BHB_NONE; + else if ( !cmdline_strcmp(s, "tsx") ) + opt_bhb_seq = BHB_TSX; + else if ( !cmdline_strcmp(s, "short") ) + opt_bhb_seq = BHB_SHORT; + else + rc = -EINVAL; + } /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) @@ -527,12 +578,16 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%s%s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : thunk == THUNK_LFENCE ? "LFENCE, " : thunk == THUNK_JMP ? "JMP, " : "?, ", + opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", + opt_bhb_seq == BHB_NONE ? "" : + opt_bhb_seq == BHB_TSX ? "TSX, " : + opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -571,11 +626,11 @@ static void __init print_details(enum ind_thunk thunk) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - amd_virt_spec_ctrl || + cpu_has_bhb_seq || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -583,20 +638,23 @@ static void __init print_details(enum ind_thunk thunk) boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -1604,16 +1662,85 @@ static void __init gds_calculations(void) /* * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html */ +static bool __init cpu_has_bug_bhi(void) +{ + /* BHI is only known to affect Intel Family 6 processors at this time. */ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return false; + + if ( boot_cpu_has(X86_FEATURE_BHI_NO) ) + return false; + + if ( cpu_has_hypervisor ) + return true; /* TODO: how to figure out out if we're really eIBRS levelled out? */ + + return cpu_has_eibrs; +} + static void __init bhi_calculations(void) { + bool has_bhi = cpu_has_bug_bhi(); + + /* + * To mitigate BHI, we want to use BHI_DIS_S wherever possible, or the + * short sequence otherwise. Other forms are available on request. + * + * We are repsonsbile for performing default-conversion on opt_bhi_dis_s + * and opt_bhb_seq, irrespective of succeptibility to BHI. + */ + if ( opt_bhi_dis_s == -1 ) - opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + opt_bhi_dis_s = has_bhi; if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) opt_bhi_dis_s = false; if ( opt_bhi_dis_s ) default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; + + if ( opt_bhb_seq == BHB_DEFAULT ) + { + /* + * If we're using BHI_DIS_S, or we're not succeptable, don't activate + * the thunks. + */ + if ( !has_bhi || opt_bhi_dis_s ) + opt_bhb_seq = BHB_NONE; + else + opt_bhb_seq = BHB_SHORT; + } + + /* + * We can use the TSX even if it's disabled for e.g. TAA reasons. + * However, fall back to the loop sequence if there is no trace of RTM at + * all, as XBEGIN will #UD. + */ + if ( opt_bhb_seq == BHB_TSX && !cpu_has_rtm && !cpu_has_rtm_always_abort && + !cpu_has_tsx_force_abort ) + opt_bhb_seq = BHB_SHORT; + + /* + * Only activate SCF_entry_bhb by for guests if a sequence is in place. + */ + if ( opt_bhb_entry_pv == -1 ) + opt_bhb_entry_pv = has_bhi && opt_bhb_seq != BHB_NONE; + if ( opt_bhb_entry_hvm == -1 ) + opt_bhb_entry_hvm = has_bhi && opt_bhb_seq != BHB_NONE; + + switch ( opt_bhb_seq ) + { + case BHB_SHORT: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); + break; + + case BHB_TSX: + setup_force_cpu_cap(X86_SPEC_BHB_TSX); + break; + + default: + break; + } } void spec_ctrl_init_domain(struct domain *d) @@ -1626,9 +1753,13 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); + bool bhb = ((pv ? opt_bhb_entry_pv : opt_bhb_entry_hvm) && + (d->domain_id != 0 || opt_bhb_entry_dom0)); + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | + (bhb ? SCF_entry_bhb : 0) | 0; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:14:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:14:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707190.1104825 (Exim 4.92) (envelope-from ) id 1rwvkV-0001aP-Pa; Wed, 17 Apr 2024 03:14:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707190.1104825; Wed, 17 Apr 2024 03:14:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvkV-0001aG-Ms; Wed, 17 Apr 2024 03:14:15 +0000 Received: by outflank-mailman (input) for mailman id 707190; Wed, 17 Apr 2024 03:14:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvkU-0001a6-L0 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvkU-0001EB-KO for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvkU-0004DA-Jb for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=O8vj6lpKwTDSq95Y+Yj0/xVYlcKYeCpFfezYx37fRfY=; b=gby6FPHAtqmKwMo6uyKoYRD4Kd s7XWok3NX8698FF/7ZBuOo/UwkWO/vU3HtciSeNeJ7tmEqM5Bpq5c4BOyYz7WxbY2fWZXQBgN/irA bDHTmv/JY1LedCa0xA5jRkJxTIElzrOTMKxt15fMRYfrpXT72Bgt97a0nn3rgFe/u09o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec-ctrl: Support the "long" BHB loop sequence Message-Id: Date: Wed, 17 Apr 2024 03:14:14 +0000 commit d5887c0decbd90e798b24ed696628645b04632fb Author: Andrew Cooper AuthorDate: Fri Mar 22 19:29:34 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:37:30 2024 +0100 x86/spec-ctrl: Support the "long" BHB loop sequence Out of an abudnance of caution, implement the long loop too, and allowing for it to be opted in to. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné --- docs/misc/xen-command-line.pandoc | 4 ++-- xen/arch/x86/bhb-thunk.S | 8 ++++++-- xen/arch/x86/include/asm/cpufeatures.h | 1 + xen/arch/x86/spec_ctrl.c | 10 +++++++++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index c8b0cb091e..e760f3266e 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2375,7 +2375,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, > {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx|long, > {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, @@ -2447,7 +2447,7 @@ On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` options in order to mitigate Branch History Injection on affected hardware. The default sequence is `short`, with `tsx` as an alternative available -capable hardware that can be opted in to. +capable hardware, and `long` that can be opted in to. On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S index b3f2cb3cb6..678c00c5d0 100644 --- a/xen/arch/x86/bhb-thunk.S +++ b/xen/arch/x86/bhb-thunk.S @@ -54,9 +54,13 @@ END(clear_bhb_tsx) * * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + * + * The "long" sequence (12 and 7) is for Alder Lake / Sapphire Rapids + * (i.e. Golden Cove and/or Gracemont cores). However, such CPUs are expected + * to use BHI_DIS_S in preference. */ FUNC(clear_bhb_loops) - mov $5, %ecx + ALTERNATIVE "mov $5, %ecx", "mov $12, %ecx", X86_SPEC_BHB_LOOPS_LONG call 1f jmp 5f @@ -68,7 +72,7 @@ FUNC(clear_bhb_loops) int3 .align 64 -2: mov $5, %eax +2: ALTERNATIVE "mov $5, %eax", "mov $7, %eax", X86_SPEC_BHB_LOOPS_LONG 3: jmp 4f int3 diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index bada8912e0..ba3df174b7 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -58,6 +58,7 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ #define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ +#define X86_SPEC_BHB_LOOPS_LONG X86_BUG(21) /* Upgrade clear_bhb_loops to the "long" sequence. */ /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index d362544f34..dd01e30844 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -41,6 +41,7 @@ static enum bhb_thunk { BHB_NONE, BHB_TSX, BHB_SHORT, + BHB_LONG, } opt_bhb_seq __initdata; /* Cmdline controls for Xen's speculative settings. */ @@ -308,6 +309,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_bhb_seq = BHB_TSX; else if ( !cmdline_strcmp(s, "short") ) opt_bhb_seq = BHB_SHORT; + else if ( !cmdline_strcmp(s, "long") ) + opt_bhb_seq = BHB_LONG; else rc = -EINVAL; } @@ -587,7 +590,8 @@ static void __init print_details(enum ind_thunk thunk) opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", opt_bhb_seq == BHB_NONE ? "" : opt_bhb_seq == BHB_TSX ? "TSX, " : - opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", + opt_bhb_seq == BHB_SHORT ? "SHORT, " : + opt_bhb_seq == BHB_LONG ? "LONG, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -1730,6 +1734,10 @@ static void __init bhi_calculations(void) switch ( opt_bhb_seq ) { + case BHB_LONG: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS_LONG); + fallthrough; + case BHB_SHORT: setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); break; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:14:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:14:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707191.1104830 (Exim 4.92) (envelope-from ) id 1rwvkf-0001cl-Qn; Wed, 17 Apr 2024 03:14:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707191.1104830; Wed, 17 Apr 2024 03:14:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvkf-0001cd-OH; Wed, 17 Apr 2024 03:14:25 +0000 Received: by outflank-mailman (input) for mailman id 707191; Wed, 17 Apr 2024 03:14:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvke-0001cV-Nr for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvke-0001EL-N9 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvke-0004Dz-MX for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0xi5WmZg6J1X6ymunjBi3Iti7SqFabXR/GldlC3sP1Q=; b=ydMMIBTgLHIdztEdE+veysZtoe fOhdPBXsMeo5Hx/dd+00DjtvgDl8KNSnJ6jqURHS9nMwb0wWdO1JM7FqeK1zcp9TRP7o1EpI0Ht4y XPSGn5SoYn+L17WKObs93dS3Rptg/lLeqyIiFawz/1reRWsOY9hJ/KT2rX4/mdrdcZUY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/entry: Fix build with older toolchains Message-Id: Date: Wed, 17 Apr 2024 03:14:24 +0000 commit a9fa82500818a8d8ce5f2843f1577bd2c29d088e Author: Andrew Cooper AuthorDate: Tue Apr 9 21:39:51 2024 +0100 Commit: Stefano Stabellini CommitDate: Tue Apr 9 14:25:01 2024 -0700 x86/entry: Fix build with older toolchains Binutils older than 2.29 doesn't know INCSSPD. Fixes: 8e186f98ce0e ("x86: Use indirect calls in reset-stack infrastructure") Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini --- xen/arch/x86/x86_64/entry.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 461bbc3558..a4615e1ccb 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -650,7 +650,9 @@ FUNC(continue_pv_domain) * JMPed to. Drop the return address. */ add $8, %rsp +#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK +#endif call check_wakeup_from_wait ret_from_intr: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:14:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:14:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707192.1104834 (Exim 4.92) (envelope-from ) id 1rwvkq-0001fH-SR; Wed, 17 Apr 2024 03:14:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707192.1104834; Wed, 17 Apr 2024 03:14:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvkq-0001f9-Pl; Wed, 17 Apr 2024 03:14:36 +0000 Received: by outflank-mailman (input) for mailman id 707192; Wed, 17 Apr 2024 03:14:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvko-0001ex-Qn for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvko-0001G0-Q3 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvko-0004Eq-PM for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fBJvtJbQFDA3m3SdB+9GcVWuh3oR7ZS0zUi21860KeA=; b=gfqiB5vzSp/ruX4Fzic3hInSAW PPFmmRJ/tEl9q5KC2J/W42PL8YYFfjUao5aQ8fBRY3cOehgYT1Nl9qrLA0hs8NGoFjOEDO4irRlUR Pv1A7DRffJJUdSUMXUa5vDiBYkfaJPpnCtoYJtXkZH7fDTM2F1cwSPKz/VMx+ma4CX4I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Add imx8q{m,x} platform glue Message-Id: Date: Wed, 17 Apr 2024 03:14:34 +0000 commit 71d4356544ee49eeb6b58383f15eef330c7e8452 Author: John Ernberg AuthorDate: Mon Apr 8 16:11:35 2024 +0000 Commit: Stefano Stabellini CommitDate: Tue Apr 9 14:27:35 2024 -0700 xen/arm: Add imx8q{m,x} platform glue When using Linux for dom0 there are a bunch of drivers that need to do SMC SIP calls into the firmware to enable certain hardware bits like the watchdog. Provide a basic platform glue that implements the needed SMC forwarding. The format of these calls are as follows: - reg 0: function ID - reg 1: subfunction ID (when there's a subfunction) remaining regs: args For now we only allow Dom0 to make these calls as they are all managing hardware. There is no specification for these SIP calls, the IDs and names have been extracted from the upstream linux kernel and the vendor kernel. We can reject CPUFREQ because Dom0 cannot make an informed decision regarding CPU frequency scaling, WAKEUP_SRC is to wake up from suspend, which Xen doesn't support at this time. This leaves the TIME SIP, OTP SIPs which for now are allowed to Dom0. NOTE: This code is based on code found in NXP Xen tree located here: https://github.com/nxp-imx/imx-xen/blob/lf-5.10.y_4.13/xen/arch/arm/platforms/imx8qm.c Signed-off-by: Peng Fan [jernberg: Add SIP call filtering] Signed-off-by: John Ernberg Reviewed-by: Peng Fan Reviewed-by: Michal Orzel [stefano: commit message improvement] Signed-off-by: Stefano Stabellini --- xen/arch/arm/platforms/Makefile | 1 + xen/arch/arm/platforms/imx8qm.c | 139 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 140 insertions(+) diff --git a/xen/arch/arm/platforms/Makefile b/xen/arch/arm/platforms/Makefile index 8632f4115f..bec6e55d1f 100644 --- a/xen/arch/arm/platforms/Makefile +++ b/xen/arch/arm/platforms/Makefile @@ -9,5 +9,6 @@ obj-$(CONFIG_ALL_PLAT) += sunxi.o obj-$(CONFIG_ALL64_PLAT) += thunderx.o obj-$(CONFIG_ALL64_PLAT) += xgene-storm.o obj-$(CONFIG_ALL64_PLAT) += brcm-raspberry-pi.o +obj-$(CONFIG_ALL64_PLAT) += imx8qm.o obj-$(CONFIG_MPSOC_PLATFORM) += xilinx-zynqmp.o obj-$(CONFIG_MPSOC_PLATFORM) += xilinx-zynqmp-eemi.o diff --git a/xen/arch/arm/platforms/imx8qm.c b/xen/arch/arm/platforms/imx8qm.c new file mode 100644 index 0000000000..3600a073e8 --- /dev/null +++ b/xen/arch/arm/platforms/imx8qm.c @@ -0,0 +1,139 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * xen/arch/arm/platforms/imx8qm.c + * + * i.MX 8QM setup + * + * Copyright (c) 2016 Freescale Inc. + * Copyright 2018-2019 NXP + * + * + * Peng Fan + */ + +#include +#include +#include + +static const char * const imx8qm_dt_compat[] __initconst = +{ + "fsl,imx8qm", + "fsl,imx8qxp", + NULL +}; + +#define IMX_SIP_FID(fid) \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_64, \ + ARM_SMCCC_OWNER_SIP, \ + (fid)) + +#define IMX_SIP_F_CPUFREQ 0x1 +#define IMX_SIP_F_TIME 0x2 +#define IMX_SIP_F_WAKEUP_SRC 0x9 +#define IMX_SIP_F_OTP_WRITE 0xB + +#define IMX_SIP_TIME_SF_RTC_SET_TIME 0x00 +#define IMX_SIP_TIME_SF_WDOG_START 0x01 +#define IMX_SIP_TIME_SF_WDOG_STOP 0x02 +#define IMX_SIP_TIME_SF_WDOG_SET_ACT 0x03 +#define IMX_SIP_TIME_SF_WDOG_PING 0x04 +#define IMX_SIP_TIME_SF_WDOG_SET_TIMEOUT 0x05 +#define IMX_SIP_TIME_SF_WDOG_GET_STAT 0x06 +#define IMX_SIP_TIME_SF_WDOG_SET_PRETIME 0x07 + +static bool imx8qm_is_sip_time_call_ok(uint32_t subfunction_id) +{ + switch ( subfunction_id ) + { + case IMX_SIP_TIME_SF_RTC_SET_TIME: + return true; + case IMX_SIP_TIME_SF_WDOG_START: + case IMX_SIP_TIME_SF_WDOG_STOP: + case IMX_SIP_TIME_SF_WDOG_SET_ACT: + case IMX_SIP_TIME_SF_WDOG_PING: + case IMX_SIP_TIME_SF_WDOG_SET_TIMEOUT: + case IMX_SIP_TIME_SF_WDOG_GET_STAT: + case IMX_SIP_TIME_SF_WDOG_SET_PRETIME: + return true; + default: + gprintk(XENLOG_WARNING, "imx8qm: smc: time: Unknown subfunction id %x\n", + subfunction_id); + return false; + } +} + +static bool imx8qm_smc(struct cpu_user_regs *regs) +{ + uint32_t function_id = get_user_reg(regs, 0); + uint32_t subfunction_id = get_user_reg(regs, 1); + struct arm_smccc_res res; + + if ( !cpus_have_const_cap(ARM_SMCCC_1_1) ) + { + printk_once(XENLOG_WARNING + "imx8qm: smc: no SMCCC 1.1 support. Disabling firmware calls\n"); + + return false; + } + + /* Only hardware domain may use the SIP calls */ + if ( !is_hardware_domain(current->domain) ) + { + gprintk(XENLOG_WARNING, "imx8qm: smc: No access\n"); + return false; + } + + switch ( function_id ) + { + case IMX_SIP_FID(IMX_SIP_F_CPUFREQ): + /* Hardware domain can't take any informed decision here */ + return false; + case IMX_SIP_FID(IMX_SIP_F_TIME): + if ( imx8qm_is_sip_time_call_ok(subfunction_id) ) + goto allow_call; + return false; + /* Xen doesn't have suspend support */ + case IMX_SIP_FID(IMX_SIP_F_WAKEUP_SRC): + return false; + case IMX_SIP_FID(IMX_SIP_F_OTP_WRITE): + /* subfunction_id is the fuse number, no sensible check possible */ + goto allow_call; + default: + gprintk(XENLOG_WARNING, "imx8qm: smc: Unknown function id %x\n", + function_id); + return false; + } + + allow_call: + arm_smccc_1_1_smc(function_id, + subfunction_id, + get_user_reg(regs, 2), + get_user_reg(regs, 3), + get_user_reg(regs, 4), + get_user_reg(regs, 5), + get_user_reg(regs, 6), + get_user_reg(regs, 7), + &res); + + set_user_reg(regs, 0, res.a0); + set_user_reg(regs, 1, res.a1); + set_user_reg(regs, 2, res.a2); + set_user_reg(regs, 3, res.a3); + + return true; +} + +PLATFORM_START(imx8qm, "i.MX 8Q{M,XP}") + .compatible = imx8qm_dt_compat, + .smc = imx8qm_smc, +PLATFORM_END + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:14:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:14:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707193.1104837 (Exim 4.92) (envelope-from ) id 1rwvl0-0001hV-Tk; Wed, 17 Apr 2024 03:14:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707193.1104837; Wed, 17 Apr 2024 03:14:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvl0-0001hN-RE; Wed, 17 Apr 2024 03:14:46 +0000 Received: by outflank-mailman (input) for mailman id 707193; Wed, 17 Apr 2024 03:14:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvky-0001hB-Td for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvky-0001GQ-Sw for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvky-0004Fm-SF for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aIWZn0fJ/UIcmb5WuyNyKEDWyg/ORlteLWB99K+ynPk=; b=2+GWMpDUh0IjsjRRmrPJyPkL72 qDGtQ5XytJxlBcCPOaHVTmF3jbpblPwO6xatloFQtP24l0DnXtyWXGvm9Sjo4TCxpzEIaK0g1lOA4 D6IvDbSqibQp7YIfW0zbYKibCR7M3AeTtF5hzLQAXSZV1YU5W1IXzR+rpKocS0IGONFc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/drivers: imx-lpuart: Replace iMX8QM compatible with iMX8QXP Message-Id: Date: Wed, 17 Apr 2024 03:14:44 +0000 commit 2f85a6d9f5bda5368ea75d81bef63b06598093a9 Author: John Ernberg AuthorDate: Mon Apr 8 16:11:35 2024 +0000 Commit: Stefano Stabellini CommitDate: Tue Apr 9 14:27:52 2024 -0700 xen/drivers: imx-lpuart: Replace iMX8QM compatible with iMX8QXP Allow the uart to probe also with iMX8QXP. The ip-block is the same as in the QM. Since the fsl,imx8qm-lpuart compatible in Linux exists in name only and is not used in the driver any iMX8QM device tree that can boot Linux must set fsl,imx8qxp-lpuart compatible as well as the QM one. Thus we replace the compatible rather than adding just another one. Signed-off-by: John Ernberg Acked-by: Julien Grall Reviewed-by: Peng Fan --- xen/drivers/char/imx-lpuart.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/char/imx-lpuart.c b/xen/drivers/char/imx-lpuart.c index 7770d158bf..cf034d7ed0 100644 --- a/xen/drivers/char/imx-lpuart.c +++ b/xen/drivers/char/imx-lpuart.c @@ -236,7 +236,7 @@ static int __init imx_lpuart_init(struct dt_device_node *dev, static const struct dt_device_match imx_lpuart_dt_compat[] __initconst = { - DT_MATCH_COMPATIBLE("fsl,imx8qm-lpuart"), + DT_MATCH_COMPATIBLE("fsl,imx8qxp-lpuart"), { /* sentinel */ }, }; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:14:57 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:14:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707194.1104843 (Exim 4.92) (envelope-from ) id 1rwvlA-0001kf-Vs; Wed, 17 Apr 2024 03:14:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707194.1104843; Wed, 17 Apr 2024 03:14:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvlA-0001kV-Si; Wed, 17 Apr 2024 03:14:56 +0000 Received: by outflank-mailman (input) for mailman id 707194; Wed, 17 Apr 2024 03:14:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvl9-0001kA-09 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvl8-0001GX-Vi for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvl8-0004GD-V3 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:14:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0Nv/vSxYxebXr9+wHppH/6nywwwzKiHTSUNK0F9uu3M=; b=NQ3pzw07csJwhfomcBq1u0fCDX 1PGka0iOqGASIykiWSP05U24tZkfr67adu19fCO4s727dnXmbkmweQmRqN2oInKdXJxtWOJH0lC8i c0HiBGE3u7BkmkC2Adva0U/wR8Np+rO70GeZXgzeGxZgMyVQagpIzYbCPegrgOLcKhgs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MAINTAINERS: Become a reviewer of iMX8Q{M,XP} related patches Message-Id: Date: Wed, 17 Apr 2024 03:14:54 +0000 commit dfc9455b807797d3253a02b425469b5ac583a486 Author: John Ernberg AuthorDate: Mon Apr 8 16:11:35 2024 +0000 Commit: Stefano Stabellini CommitDate: Tue Apr 9 14:28:07 2024 -0700 MAINTAINERS: Become a reviewer of iMX8Q{M,XP} related patches I have experience with the IMX8QXP, and the supported parts of the IMX8QM are identical. Help review patches touching these areas. Signed-off-by: John Ernberg Acked-by: Stefano Stabellini Acked-by: Peng Fan --- MAINTAINERS | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 1bd22fd75f..09982241b3 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -337,6 +337,11 @@ F: tools/misc/xenhypfs.c F: xen/common/hypfs.c F: xen/include/xen/hypfs.h +IMX8QM/QXP SUPPORT +R: John Ernberg +F: xen/arch/arm/platforms/imx8qm.c +F: xen/drivers/char/imx-lpuart.c + INTEL(R) TRUSTED EXECUTION TECHNOLOGY (TXT) R: Lukasz Hawrylko R: Daniel P. Smith -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:15:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:15:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707195.1104846 (Exim 4.92) (envelope-from ) id 1rwvlL-0001oD-1E; Wed, 17 Apr 2024 03:15:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707195.1104846; Wed, 17 Apr 2024 03:15:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvlK-0001o5-U8; Wed, 17 Apr 2024 03:15:06 +0000 Received: by outflank-mailman (input) for mailman id 707195; Wed, 17 Apr 2024 03:15:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvlJ-0001nf-36 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvlJ-0001H9-2L for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvlJ-0004Gs-1a for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=haitafmAsQUhtPPDdHQzAZRh3QhEy839kdVNSqpEk4k=; b=ERKQohu/px6rDNo8iLbrIbWZrC xyQY9Dcd+K22L79lrQblxAYQbbiuetQJIP3TpZE8ZX82/J3wV5COGQvEsu0U1K/GcUOEcYpgOAut3 lYHrm18z2KTlth9JexvTbaNL1OkzKwdbEMcoXKx/0VSp9d5UvultlIfbYv+190gZJhFE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs/misra: document the expected sizes of integer types Message-Id: Date: Wed, 17 Apr 2024 03:15:05 +0000 commit f48299cad5c3c69fdc2c101517a6dab9c9827ea5 Author: Stefano Stabellini AuthorDate: Fri Apr 5 11:44:46 2024 -0700 Commit: Stefano Stabellini CommitDate: Tue Apr 9 14:28:59 2024 -0700 docs/misra: document the expected sizes of integer types Xen makes assumptions about the size of integer types on the various architectures. Document these assumptions. Signed-off-by: Stefano Stabellini Acked-by: Bertrand Marquis --- docs/misra/C-language-toolchain.rst | 73 +++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/docs/misra/C-language-toolchain.rst b/docs/misra/C-language-toolchain.rst index b7c2000992..5ddfe7bdbe 100644 --- a/docs/misra/C-language-toolchain.rst +++ b/docs/misra/C-language-toolchain.rst @@ -480,4 +480,77 @@ The table columns are as follows: - See Section "4.13 Preprocessing Directives" of GCC_MANUAL and Section "11.1 Implementation-defined behavior" of CPP_MANUAL. +Sizes of Integer types +______________________ + +Xen expects System V ABI on x86_64: + https://gitlab.com/x86-psABIs/x86-64-ABI + +Xen expects AAPCS32 on ARMv8-A AArch32 and ARMv7-A: + https://github.com/ARM-software/abi-aa/blob/main/aapcs32/aapcs32.rst + +Xen expects AAPCS64 LP64 on ARMv8-A AArch64: + https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst + +A summary table of data types, sizes and alignment is below: + +.. list-table:: + :widths: 10 10 10 45 + :header-rows: 1 + + * - Type + - Size + - Alignment + - Architectures + + * - char + - 8 bits + - 8 bits + - x86_32, ARMv8-A AArch32, ARMv8-R AArch32, ARMv7-A, x86_64, + ARMv8-A AArch64, RV64, PPC64 + + * - short + - 16 bits + - 16 bits + - x86_32, ARMv8-A AArch32, ARMv8-R AArch32, ARMv7-A, x86_64, + ARMv8-A AArch64, RV64, PPC64 + + * - int + - 32 bits + - 32 bits + - x86_32, ARMv8-A AArch32, ARMv8-R AArch32, ARMv7-A, x86_64, + ARMv8-A AArch64, RV64, PPC64 + + * - long + - 32 bits + - 32 bits + - x86_32, ARMv8-A AArch32, ARMv8-R AArch32, ARMv7-A + + * - long + - 64 bits + - 64 bits + - x86_64, ARMv8-A AArch64, RV64, PPC64 + + * - long long + - 64-bit + - 32-bit + - x86_32 + + * - long long + - 64-bit + - 64-bit + - x86_64, ARMv8-A AArch64, RV64, PPC64, ARMv8-A AArch32, ARMv8-R + AArch32, ARMv7-A + + * - pointer + - 32-bit + - 32-bit + - x86_32, ARMv8-A AArch32, ARMv8-R AArch32, ARMv7-A + + * - pointer + - 64-bit + - 64-bit + - x86_64, ARMv8-A AArch64, RV64, PPC64 + + END OF DOCUMENT. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:15:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:15:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707196.1104850 (Exim 4.92) (envelope-from ) id 1rwvlV-0001rX-3f; Wed, 17 Apr 2024 03:15:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707196.1104850; Wed, 17 Apr 2024 03:15:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvlV-0001rO-0s; Wed, 17 Apr 2024 03:15:17 +0000 Received: by outflank-mailman (input) for mailman id 707196; Wed, 17 Apr 2024 03:15:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvlT-0001r9-62 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvlT-0001HG-5O for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvlT-0004Hj-4c for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Cb6q4aNJrrGdD33UtfCNmCZtR12K0pZqqbpoWEUGIw4=; b=a14d/hoXZpnUn1/UEoctK4KqIu EIVy7/tUO+vHDuAUsjLQcgce8FMtrw3K5ox3EIZ+grKlLVrYEcr1Tjbb8FaztORK5qoTFWc4vnD+L E8dOaSB2bRBXZxv1qEf5qo4qe75eD9pDULxuWe+C+HA/Or2XSetbElq8Wl1pIfYQcIsI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/ucode: Move vendor specifics back out of early_microcode_init() Message-Id: Date: Wed, 17 Apr 2024 03:15:15 +0000 commit 2eea952b70d297b0c86b70bff55d75b3ff9aa782 Author: Andrew Cooper AuthorDate: Tue Oct 24 19:32:31 2023 +0100 Commit: Andrew Cooper CommitDate: Wed Apr 10 18:34:46 2024 +0100 x86/ucode: Move vendor specifics back out of early_microcode_init() I know it was me who dropped microcode_init_{intel,amd}() in c/s dd5f07997f29 ("x86/ucode: Rationalise startup and family/model checks"), but times have moved on. We've gained new conditional support, and a wish to compile-time specialise Xen to single platform. (Re)introduce ucode_probe_{amd,intel}() and move the recent vendor specific additions back out. Encode the conditional support state in the NULL-ness of hooks as it's already done on other paths. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/microcode/amd.c | 10 +++++++++- xen/arch/x86/cpu/microcode/core.c | 16 +++++----------- xen/arch/x86/cpu/microcode/intel.c | 12 ++++++++++-- xen/arch/x86/cpu/microcode/private.h | 16 ++++++++++------ 4 files changed, 34 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c index 75fc84e445..17e68697d5 100644 --- a/xen/arch/x86/cpu/microcode/amd.c +++ b/xen/arch/x86/cpu/microcode/amd.c @@ -434,9 +434,17 @@ static struct microcode_patch *cf_check cpu_request_microcode( return patch; } -const struct microcode_ops __initconst_cf_clobber amd_ucode_ops = { +static const struct microcode_ops __initconst_cf_clobber amd_ucode_ops = { .cpu_request_microcode = cpu_request_microcode, .collect_cpu_info = collect_cpu_info, .apply_microcode = apply_microcode, .compare_patch = compare_patch, }; + +void __init ucode_probe_amd(struct microcode_ops *ops) +{ + if ( boot_cpu_data.x86 < 0x10 ) + return; + + *ops = amd_ucode_ops; +} diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 1c9f66ea8a..e738a88f5c 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -861,25 +861,19 @@ int __init early_microcode_init(unsigned long *module_map, { const struct cpuinfo_x86 *c = &boot_cpu_data; int rc = 0; - bool can_load = false; switch ( c->x86_vendor ) { case X86_VENDOR_AMD: - if ( c->x86 >= 0x10 ) - { - ucode_ops = amd_ucode_ops; - can_load = true; - } + ucode_probe_amd(&ucode_ops); break; case X86_VENDOR_INTEL: - ucode_ops = intel_ucode_ops; - can_load = intel_can_load_microcode(); + ucode_probe_intel(&ucode_ops); break; } - if ( !ucode_ops.apply_microcode ) + if ( !ucode_ops.collect_cpu_info ) { printk(XENLOG_INFO "Microcode loading not available\n"); return -ENODEV; @@ -896,10 +890,10 @@ int __init early_microcode_init(unsigned long *module_map, * * Take the hint in either case and ignore the microcode interface. */ - if ( this_cpu(cpu_sig).rev == ~0 || !can_load ) + if ( !ucode_ops.apply_microcode || this_cpu(cpu_sig).rev == ~0 ) { printk(XENLOG_INFO "Microcode loading disabled due to: %s\n", - can_load ? "rev = ~0" : "HW toggle"); + ucode_ops.apply_microcode ? "rev = ~0" : "HW toggle"); ucode_ops.apply_microcode = NULL; return -ENODEV; } diff --git a/xen/arch/x86/cpu/microcode/intel.c b/xen/arch/x86/cpu/microcode/intel.c index 060c529a6e..96f34b336b 100644 --- a/xen/arch/x86/cpu/microcode/intel.c +++ b/xen/arch/x86/cpu/microcode/intel.c @@ -385,7 +385,7 @@ static struct microcode_patch *cf_check cpu_request_microcode( return patch; } -bool __init intel_can_load_microcode(void) +static bool __init can_load_microcode(void) { uint64_t mcu_ctrl; @@ -398,9 +398,17 @@ bool __init intel_can_load_microcode(void) return !(mcu_ctrl & MCU_CONTROL_DIS_MCU_LOAD); } -const struct microcode_ops __initconst_cf_clobber intel_ucode_ops = { +static const struct microcode_ops __initconst_cf_clobber intel_ucode_ops = { .cpu_request_microcode = cpu_request_microcode, .collect_cpu_info = collect_cpu_info, .apply_microcode = apply_microcode, .compare_patch = compare_patch, }; + +void __init ucode_probe_intel(struct microcode_ops *ops) +{ + *ops = intel_ucode_ops; + + if ( !can_load_microcode() ) + ops->apply_microcode = NULL; +} diff --git a/xen/arch/x86/cpu/microcode/private.h b/xen/arch/x86/cpu/microcode/private.h index d80787205a..b58611e908 100644 --- a/xen/arch/x86/cpu/microcode/private.h +++ b/xen/arch/x86/cpu/microcode/private.h @@ -60,13 +60,17 @@ struct microcode_ops { const struct microcode_patch *new, const struct microcode_patch *old); }; -/** - * Checks whether we can perform microcode updates on this Intel system +/* + * Microcode loading falls into one of 3 states. + * - No support at all + * - Read-only (locked by firmware, or we're virtualised) + * - Loading available * - * @return True iff the microcode update facilities are enabled + * These are encoded by (not) filling in ops->collect_cpu_info (i.e. no + * support available) and (not) ops->apply_microcode (i.e. read only). + * Otherwise, all hooks must be filled in. */ -bool intel_can_load_microcode(void); - -extern const struct microcode_ops amd_ucode_ops, intel_ucode_ops; +void ucode_probe_amd(struct microcode_ops *ops); +void ucode_probe_intel(struct microcode_ops *ops); #endif /* ASM_X86_MICROCODE_PRIVATE_H */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:15:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:15:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707197.1104854 (Exim 4.92) (envelope-from ) id 1rwvle-0001u4-5L; Wed, 17 Apr 2024 03:15:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707197.1104854; Wed, 17 Apr 2024 03:15:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvle-0001tw-2L; Wed, 17 Apr 2024 03:15:26 +0000 Received: by outflank-mailman (input) for mailman id 707197; Wed, 17 Apr 2024 03:15:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvld-0001tj-97 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvld-0001HR-8P for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvld-0004IL-7h for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zYCpe7SNPw8cd5nsnKY1UMj64oIWUCNHwekGTX8Hvqg=; b=cPBBFgiMEcSNtzN7cr3gJElIQv oiTaaE5h5ehb0kT6Ut81L+4SeN5Ao/zpXD9c6pStTuDHrj5weKJsQoRQYXeWXK7Dy4VOljcKNxGLE r4V5eiXqhL+1Skt2HJSHKYUbyppGEvaxWaeFzmGrPY+3rAzXixDq4u8TyUAj3027PzzA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/Kconfig: Introduce CONFIG_{AMD,INTEL} and conditionalise ucode Message-Id: Date: Wed, 17 Apr 2024 03:15:25 +0000 commit 0e7ea8ca5fc9bce9248414f6aaf2dc861abd45d9 Author: Andrew Cooper AuthorDate: Wed Oct 25 14:18:15 2023 +0100 Commit: Andrew Cooper CommitDate: Wed Apr 10 18:41:28 2024 +0100 x86/Kconfig: Introduce CONFIG_{AMD,INTEL} and conditionalise ucode We eventually want to be able to build a stripped down Xen for a single platform. Make a start with CONFIG_{AMD,INTEL} (hidden behind EXPERT, but available to randconfig), and adjust the microcode logic. No practical change. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné Reviewed-by: Stefano Stabellini --- xen/arch/x86/Kconfig | 2 ++ xen/arch/x86/Kconfig.cpu | 22 ++++++++++++++++++++++ xen/arch/x86/cpu/microcode/Makefile | 4 ++-- xen/arch/x86/cpu/microcode/private.h | 9 +++++++++ 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index d6f3128588..2b6248774d 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -51,6 +51,8 @@ config HAS_CC_CET_IBT menu "Architecture Features" +source "arch/x86/Kconfig.cpu" + source "arch/Kconfig" config PV diff --git a/xen/arch/x86/Kconfig.cpu b/xen/arch/x86/Kconfig.cpu new file mode 100644 index 0000000000..5fb18db1aa --- /dev/null +++ b/xen/arch/x86/Kconfig.cpu @@ -0,0 +1,22 @@ +menu "Supported CPU vendors" + visible if EXPERT + +config AMD + bool "Support AMD CPUs" + default y + help + Detection, tunings and quirks for AMD platforms. + + May be turned off in builds targetting other vendors. Otherwise, + must be enabled for Xen to work suitably on AMD platforms. + +config INTEL + bool "Support Intel CPUs" + default y + help + Detection, tunings and quirks for Intel platforms. + + May be turned off in builds targetting other vendors. Otherwise, + must be enabled for Xen to work suitably on Intel platforms. + +endmenu diff --git a/xen/arch/x86/cpu/microcode/Makefile b/xen/arch/x86/cpu/microcode/Makefile index aae235245b..30d600544f 100644 --- a/xen/arch/x86/cpu/microcode/Makefile +++ b/xen/arch/x86/cpu/microcode/Makefile @@ -1,3 +1,3 @@ -obj-y += amd.o +obj-$(CONFIG_AMD) += amd.o obj-y += core.o -obj-y += intel.o +obj-$(CONFIG_INTEL) += intel.o diff --git a/xen/arch/x86/cpu/microcode/private.h b/xen/arch/x86/cpu/microcode/private.h index b58611e908..da556fe506 100644 --- a/xen/arch/x86/cpu/microcode/private.h +++ b/xen/arch/x86/cpu/microcode/private.h @@ -70,7 +70,16 @@ struct microcode_ops { * support available) and (not) ops->apply_microcode (i.e. read only). * Otherwise, all hooks must be filled in. */ +#ifdef CONFIG_AMD void ucode_probe_amd(struct microcode_ops *ops); +#else +static inline void ucode_probe_amd(struct microcode_ops *ops) {} +#endif + +#ifdef CONFIG_INTEL void ucode_probe_intel(struct microcode_ops *ops); +#else +static inline void ucode_probe_intel(struct microcode_ops *ops) {} +#endif #endif /* ASM_X86_MICROCODE_PRIVATE_H */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:15:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:15:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707198.1104858 (Exim 4.92) (envelope-from ) id 1rwvlo-0001xO-6U; Wed, 17 Apr 2024 03:15:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707198.1104858; Wed, 17 Apr 2024 03:15:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvlo-0001xG-3k; Wed, 17 Apr 2024 03:15:36 +0000 Received: by outflank-mailman (input) for mailman id 707198; Wed, 17 Apr 2024 03:15:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvln-0001x6-CB for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvln-0001HV-BS for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvln-0004Im-Ak for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gIVUdR3F3ooBLR7cW8JZKayE2/mT8+as2tI/kG4f2NQ=; b=lLn90yQJi1wj94UVk8hmymbBHz cTSA/Envh0p5mBkC12sjHjInQs3P/S8o5mrk2fpnZDjBCIjjXRqsBoFZZ8HBG/IHr3WVoPkAvbPKo xLUSbN0JK0ZS7bwolqnnVxprMNcG4eg5BBw/450IM3juUFgQcAQP0Mnfo96p8VCdVeeI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/link: Introduce a common BUGFRAMES definition Message-Id: Date: Wed, 17 Apr 2024 03:15:35 +0000 commit 337f11ea73b5fc55f53becf32cd5749c4da939c0 Author: Andrew Cooper AuthorDate: Fri Mar 15 18:21:31 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/link: Introduce a common BUGFRAMES definition Bugframe linkage is identical in all architectures. This is not surprising given that it is (now) only consumed by common/virtual_region.c Introduce a common BUGFRAMES define in xen.lds.h ahead of rearranging their structure. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Acked-by: Michal Orzel --- xen/arch/arm/xen.lds.S | 13 +++---------- xen/arch/ppc/xen.lds.S | 13 +++---------- xen/arch/riscv/xen.lds.S | 13 +++---------- xen/arch/x86/xen.lds.S | 11 +---------- xen/include/xen/xen.lds.h | 11 +++++++++++ 5 files changed, 21 insertions(+), 40 deletions(-) diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index 2266c9536f..bd884664ad 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -55,16 +55,9 @@ SECTIONS . = ALIGN(PAGE_SIZE); .rodata : { _srodata = .; /* Read-only data */ - /* Bug frames table */ - __start_bug_frames = .; - *(.bug_frames.0) - __stop_bug_frames_0 = .; - *(.bug_frames.1) - __stop_bug_frames_1 = .; - *(.bug_frames.2) - __stop_bug_frames_2 = .; - *(.bug_frames.3) - __stop_bug_frames_3 = .; + + BUGFRAMES + *(.rodata) *(.rodata.*) *(.data.rel.ro) diff --git a/xen/arch/ppc/xen.lds.S b/xen/arch/ppc/xen.lds.S index 8840a00446..38cd857187 100644 --- a/xen/arch/ppc/xen.lds.S +++ b/xen/arch/ppc/xen.lds.S @@ -45,16 +45,9 @@ SECTIONS . = ALIGN(PAGE_SIZE); DECL_SECTION(.rodata) { _srodata = .; /* Read-only data */ - /* Bug frames table */ - __start_bug_frames = .; - *(.bug_frames.0) - __stop_bug_frames_0 = .; - *(.bug_frames.1) - __stop_bug_frames_1 = .; - *(.bug_frames.2) - __stop_bug_frames_2 = .; - *(.bug_frames.3) - __stop_bug_frames_3 = .; + + BUGFRAMES + *(.rodata) *(.rodata.*) *(.data.rel.ro) diff --git a/xen/arch/riscv/xen.lds.S b/xen/arch/riscv/xen.lds.S index ace6f49c57..070b19d915 100644 --- a/xen/arch/riscv/xen.lds.S +++ b/xen/arch/riscv/xen.lds.S @@ -42,16 +42,9 @@ SECTIONS . = ALIGN(PAGE_SIZE); .rodata : { _srodata = .; /* Read-only data */ - /* Bug frames table */ - __start_bug_frames = .; - *(.bug_frames.0) - __stop_bug_frames_0 = .; - *(.bug_frames.1) - __stop_bug_frames_1 = .; - *(.bug_frames.2) - __stop_bug_frames_2 = .; - *(.bug_frames.3) - __stop_bug_frames_3 = .; + + BUGFRAMES + *(.rodata) *(.rodata.*) *(.data.rel.ro) diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 1ef6645128..9a1dfe1b34 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -127,16 +127,7 @@ SECTIONS . = ALIGN(PAGE_SIZE); __ro_after_init_end = .; - /* Bug frames table */ - __start_bug_frames = .; - *(.bug_frames.0) - __stop_bug_frames_0 = .; - *(.bug_frames.1) - __stop_bug_frames_1 = .; - *(.bug_frames.2) - __stop_bug_frames_2 = .; - *(.bug_frames.3) - __stop_bug_frames_3 = .; + BUGFRAMES *(.rodata) *(.rodata.*) diff --git a/xen/include/xen/xen.lds.h b/xen/include/xen/xen.lds.h index be90f5ca0f..7ab7aa5678 100644 --- a/xen/include/xen/xen.lds.h +++ b/xen/include/xen/xen.lds.h @@ -114,6 +114,17 @@ /* List of constructs other than *_SECTIONS in alphabetical order. */ +#define BUGFRAMES \ + __start_bug_frames = .; \ + *(.bug_frames.0) \ + __stop_bug_frames_0 = .; \ + *(.bug_frames.1) \ + __stop_bug_frames_1 = .; \ + *(.bug_frames.2) \ + __stop_bug_frames_2 = .; \ + *(.bug_frames.3) \ + __stop_bug_frames_3 = .; + #ifdef CONFIG_HYPFS #define HYPFS_PARAM \ . = ALIGN(POINTER_ALIGN); \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:15:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:15:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707199.1104861 (Exim 4.92) (envelope-from ) id 1rwvly-00020b-8A; Wed, 17 Apr 2024 03:15:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707199.1104861; Wed, 17 Apr 2024 03:15:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvly-00020T-5R; Wed, 17 Apr 2024 03:15:46 +0000 Received: by outflank-mailman (input) for mailman id 707199; Wed, 17 Apr 2024 03:15:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvlx-00020D-FJ for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvlx-0001Hs-Ea for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvlx-0004JE-Ds for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Mu9y+XlMlFpElr6x44KIvHPD6PkIJOgR+v87bLdIrLs=; b=uE7XS2mI+ErLsLQJ4qqzHuSic3 WMmmyoD3PAkxSRqoeV9UFmN+3UnDWdtZChA0ClYSHUl/qW3wptxUnelJx07JJ6aMCKfFl3nePEEL+ WXqUcS/sK0xjzDbizDYMXc873ljIXRtiIE9rJTXbl3c3OE4OY1qxiREzu65Q+Bu6ZjeY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/virtual-region: Rework how bugframe linkage works Message-Id: Date: Wed, 17 Apr 2024 03:15:45 +0000 commit 3434518d05f9526400599f4a738c400322f65fcf Author: Andrew Cooper AuthorDate: Fri Mar 15 18:43:53 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/virtual-region: Rework how bugframe linkage works The start/stop1/etc linkage scheme predates struct virtual_region, and as setup_virtual_regions() shows, it's awkward to express in the new scheme. Change the linker to provide explicit start/stop symbols for each bugframe type, and change virtual_region to have a stop pointer rather than a count. This marginally simplifies both do_bug_frame()s and prepare_payload(), but it massively simplifies setup_virtual_regions() by allowing the compiler to initialise the .frame[] array at build time. virtual_region.c is the only user of the linker symbols, and this is unlikely to change given the purpose of struct virtual_region, so move their externs out of bug.h No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Ross Lagerwall Reviewed-by: Jan Beulich Acked-by: Michal Orzel --- xen/arch/arm/traps.c | 5 ++--- xen/common/bug.c | 5 ++--- xen/common/livepatch.c | 7 +++---- xen/common/virtual_region.c | 45 ++++++++++++++++++---------------------- xen/include/xen/bug.h | 6 ------ xen/include/xen/virtual_region.h | 3 +-- xen/include/xen/xen.lds.h | 8 ++++++- 7 files changed, 35 insertions(+), 44 deletions(-) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 9cffe7f790..a8039087c8 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -1226,10 +1226,9 @@ int do_bug_frame(const struct cpu_user_regs *regs, vaddr_t pc) for ( id = 0; id < BUGFRAME_NR; id++ ) { const struct bug_frame *b; - unsigned int i; - for ( i = 0, b = region->frame[id].bugs; - i < region->frame[id].n_bugs; b++, i++ ) + for ( b = region->frame[id].start; + b < region->frame[id].stop; b++ ) { if ( ((vaddr_t)bug_loc(b)) == pc ) { diff --git a/xen/common/bug.c b/xen/common/bug.c index c43e7c4397..b7c5d8fd4d 100644 --- a/xen/common/bug.c +++ b/xen/common/bug.c @@ -25,10 +25,9 @@ int do_bug_frame(const struct cpu_user_regs *regs, unsigned long pc) for ( id = 0; id < BUGFRAME_NR; id++ ) { const struct bug_frame *b; - size_t i; - for ( i = 0, b = region->frame[id].bugs; - i < region->frame[id].n_bugs; b++, i++ ) + for ( b = region->frame[id].start; + b < region->frame[id].stop; b++ ) { if ( bug_loc(b) == pc ) { diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index cabfb63911..351a3e0b9a 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -804,12 +804,11 @@ static int prepare_payload(struct payload *payload, if ( !sec ) continue; - if ( !section_ok(elf, sec, sizeof(*region->frame[i].bugs)) ) + if ( !section_ok(elf, sec, sizeof(*region->frame[i].start)) ) return -EINVAL; - region->frame[i].bugs = sec->load_addr; - region->frame[i].n_bugs = sec->sec->sh_size / - sizeof(*region->frame[i].bugs); + region->frame[i].start = sec->load_addr; + region->frame[i].stop = sec->load_addr + sec->sec->sh_size; } sec = livepatch_elf_sec_by_name(elf, ".altinstructions"); diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 142f21e181..7d8bdeb612 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -9,12 +9,25 @@ #include #include +extern const struct bug_frame + __start_bug_frames_0[], __stop_bug_frames_0[], + __start_bug_frames_1[], __stop_bug_frames_1[], + __start_bug_frames_2[], __stop_bug_frames_2[], + __start_bug_frames_3[], __stop_bug_frames_3[]; + static struct virtual_region core = { .list = LIST_HEAD_INIT(core.list), .text_start = _stext, .text_end = _etext, .rodata_start = _srodata, .rodata_end = _erodata, + + .frame = { + { __start_bug_frames_0, __stop_bug_frames_0 }, + { __start_bug_frames_1, __stop_bug_frames_1 }, + { __start_bug_frames_2, __stop_bug_frames_2 }, + { __start_bug_frames_3, __stop_bug_frames_3 }, + }, }; /* Becomes irrelevant when __init sections are cleared. */ @@ -22,6 +35,13 @@ static struct virtual_region core_init __initdata = { .list = LIST_HEAD_INIT(core_init.list), .text_start = _sinittext, .text_end = _einittext, + + .frame = { + { __start_bug_frames_0, __stop_bug_frames_0 }, + { __start_bug_frames_1, __stop_bug_frames_1 }, + { __start_bug_frames_2, __stop_bug_frames_2 }, + { __start_bug_frames_3, __stop_bug_frames_3 }, + }, }; /* @@ -133,31 +153,6 @@ void __init unregister_init_virtual_region(void) void __init setup_virtual_regions(const struct exception_table_entry *start, const struct exception_table_entry *end) { - size_t sz; - unsigned int i; - static const struct bug_frame *const __initconstrel bug_frames[] = { - __start_bug_frames, - __stop_bug_frames_0, - __stop_bug_frames_1, - __stop_bug_frames_2, - __stop_bug_frames_3, - NULL - }; - - for ( i = 1; bug_frames[i]; i++ ) - { - const struct bug_frame *s; - - s = bug_frames[i - 1]; - sz = bug_frames[i] - s; - - core.frame[i - 1].n_bugs = sz; - core.frame[i - 1].bugs = s; - - core_init.frame[i - 1].n_bugs = sz; - core_init.frame[i - 1].bugs = s; - } - core_init.ex = core.ex = start; core_init.ex_end = core.ex_end = end; diff --git a/xen/include/xen/bug.h b/xen/include/xen/bug.h index 77fe1e1ba8..99814c4bef 100644 --- a/xen/include/xen/bug.h +++ b/xen/include/xen/bug.h @@ -155,12 +155,6 @@ int do_bug_frame(const struct cpu_user_regs *regs, unsigned long pc); #endif /* CONFIG_GENERIC_BUG_FRAME */ -extern const struct bug_frame __start_bug_frames[], - __stop_bug_frames_0[], - __stop_bug_frames_1[], - __stop_bug_frames_2[], - __stop_bug_frames_3[]; - #endif /* !__ASSEMBLY__ */ #endif /* __XEN_BUG_H__ */ diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index dcdc95ba49..c8a90e3ef2 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -29,8 +29,7 @@ struct virtual_region symbols_lookup_t *symbols_lookup; struct { - const struct bug_frame *bugs; /* The pointer to array of bug frames. */ - size_t n_bugs; /* The number of them. */ + const struct bug_frame *start, *stop; /* Pointers to array of bug frames. */ } frame[BUGFRAME_NR]; const struct exception_table_entry *ex; diff --git a/xen/include/xen/xen.lds.h b/xen/include/xen/xen.lds.h index 7ab7aa5678..a17810bb28 100644 --- a/xen/include/xen/xen.lds.h +++ b/xen/include/xen/xen.lds.h @@ -115,13 +115,19 @@ /* List of constructs other than *_SECTIONS in alphabetical order. */ #define BUGFRAMES \ - __start_bug_frames = .; \ + __start_bug_frames_0 = .; \ *(.bug_frames.0) \ __stop_bug_frames_0 = .; \ + \ + __start_bug_frames_1 = .; \ *(.bug_frames.1) \ __stop_bug_frames_1 = .; \ + \ + __start_bug_frames_2 = .; \ *(.bug_frames.2) \ __stop_bug_frames_2 = .; \ + \ + __start_bug_frames_3 = .; \ *(.bug_frames.3) \ __stop_bug_frames_3 = .; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:15:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:15:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707200.1104866 (Exim 4.92) (envelope-from ) id 1rwvm8-00023V-9u; Wed, 17 Apr 2024 03:15:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707200.1104866; Wed, 17 Apr 2024 03:15:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvm8-00023N-6x; Wed, 17 Apr 2024 03:15:56 +0000 Received: by outflank-mailman (input) for mailman id 707200; Wed, 17 Apr 2024 03:15:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvm7-00023G-IH for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvm7-0001Hz-HW for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvm7-0004Jk-Go for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:15:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6U1eXnfrmvlGzLjip6RuNsn+v+A1TRE0osUHnI9U9H4=; b=63jww0BOXXz9Ddkvy0ZXXiY9AR oCYQDLepEPHr57tmih3AolEP4wuFpAcf4wSq0Q8dUtN13OXcRMTZlI+LNoiyCkA45GQZ66rkF/JbL a4jbS71DHea6y8oOpWeoXoxcSOYs8A1b9qBc4GR8cQsZLxyKHYjct/zZpTuHRsFysTT4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/virtual-region: Link the list build time Message-Id: Date: Wed, 17 Apr 2024 03:15:55 +0000 commit 038ba305fda74c42707cf1ccb6d1d171d8433477 Author: Andrew Cooper AuthorDate: Fri Mar 15 17:18:42 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/virtual-region: Link the list build time Given 3 statically initialised objects, its easy to link the list at build time. There's no need to do it during runtime at boot (and with IRQs-off, even). As a consequence, register_virtual_region() can now move inside ifdef CONFIG_LIVEPATCH like unregister_virtual_region(). Signed-off-by: Andrew Cooper Reviewed-by: Michal Orzel --- xen/common/virtual_region.c | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index 7d8bdeb612..fe4f53d86b 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -15,8 +15,19 @@ extern const struct bug_frame __start_bug_frames_2[], __stop_bug_frames_2[], __start_bug_frames_3[], __stop_bug_frames_3[]; +/* + * For the built-in regions, the double linked list can be constructed at + * build time. Forward-declare the elements and their initialisers. + */ +static struct list_head virtual_region_list; +static struct virtual_region core, core_init; + +#define LIST_ENTRY_HEAD() { .next = &core.list, .prev = &core_init.list } +#define LIST_ENTRY_CORE() { .next = &core_init.list, .prev = &virtual_region_list } +#define LIST_ENTRY_INIT() { .next = &virtual_region_list, .prev = &core.list } + static struct virtual_region core = { - .list = LIST_HEAD_INIT(core.list), + .list = LIST_ENTRY_CORE(), .text_start = _stext, .text_end = _etext, .rodata_start = _srodata, @@ -32,7 +43,7 @@ static struct virtual_region core = { /* Becomes irrelevant when __init sections are cleared. */ static struct virtual_region core_init __initdata = { - .list = LIST_HEAD_INIT(core_init.list), + .list = LIST_ENTRY_INIT(), .text_start = _sinittext, .text_end = _einittext, @@ -50,7 +61,7 @@ static struct virtual_region core_init __initdata = { * * All readers of virtual_region_list MUST use list_for_each_entry_rcu. */ -static LIST_HEAD(virtual_region_list); +static struct list_head virtual_region_list = LIST_ENTRY_HEAD(); static DEFINE_SPINLOCK(virtual_region_lock); static DEFINE_RCU_READ_LOCK(rcu_virtual_region_lock); @@ -73,15 +84,6 @@ const struct virtual_region *find_text_region(unsigned long addr) return region; } -void register_virtual_region(struct virtual_region *r) -{ - unsigned long flags; - - spin_lock_irqsave(&virtual_region_lock, flags); - list_add_tail_rcu(&r->list, &virtual_region_list); - spin_unlock_irqrestore(&virtual_region_lock, flags); -} - /* * Suggest inline so when !CONFIG_LIVEPATCH the function is not left * unreachable after init code is removed. @@ -96,6 +98,15 @@ static void inline remove_virtual_region(struct virtual_region *r) } #ifdef CONFIG_LIVEPATCH +void register_virtual_region(struct virtual_region *r) +{ + unsigned long flags; + + spin_lock_irqsave(&virtual_region_lock, flags); + list_add_tail_rcu(&r->list, &virtual_region_list); + spin_unlock_irqrestore(&virtual_region_lock, flags); +} + void unregister_virtual_region(struct virtual_region *r) { remove_virtual_region(r); @@ -155,9 +166,6 @@ void __init setup_virtual_regions(const struct exception_table_entry *start, { core_init.ex = core.ex = start; core_init.ex_end = core.ex_end = end; - - register_virtual_region(&core_init); - register_virtual_region(&core); } /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:16:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:16:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707201.1104869 (Exim 4.92) (envelope-from ) id 1rwvmI-000275-CD; Wed, 17 Apr 2024 03:16:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707201.1104869; Wed, 17 Apr 2024 03:16:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmI-00026y-9f; Wed, 17 Apr 2024 03:16:06 +0000 Received: by outflank-mailman (input) for mailman id 707201; Wed, 17 Apr 2024 03:16:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmH-00026l-Pk for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmH-0001IJ-KW for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvmH-0004Kp-Jo for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=mkTOrE5O+LszOqnhnVDEli/iqJCGnkhdw1V6QLiGwQo=; b=JwIDoXmAbd9ktGcdWgYf3Wx62G ktErQQrt6HUR5XX1cNjN6c8pWQuK/GlGB9OE451zeDypjRKNGkynr7DSu3dlNNEOwvjVVpjItKp93 YHJSfTLepm6RKa1M0rzWzo2pR75WdTRSkUKmM/EEM6AMuqD9NZQEdEBxr7Xt76uY+q1E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/virtual-region: Drop setup_virtual_regions() Message-Id: Date: Wed, 17 Apr 2024 03:16:05 +0000 commit d37c1842360f5b4dfeb838268d2f8cacf5ff35bd Author: Andrew Cooper AuthorDate: Fri Mar 15 17:47:58 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/virtual-region: Drop setup_virtual_regions() All other actions it used to perform have been converted to build-time initialisation. The extable setup can done at build time too. This is one fewer setup step required to get exceptions working. Take the opportunity to move 'core' into read_mostly, where it probably should have lived all along. Signed-off-by: Andrew Cooper Reviewed-by: Luca Fancellu Tested-by: Luca Fancellu --- xen/arch/arm/setup.c | 1 - xen/arch/x86/setup.c | 2 -- xen/common/virtual_region.c | 19 +++++++++++-------- xen/include/xen/virtual_region.h | 4 ++-- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 424744ad5e..b9a7f61f73 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -719,7 +719,6 @@ void asmlinkage __init start_xen(unsigned long boot_phys_offset, percpu_init_areas(); set_processor_id(0); /* needed early, for smp_processor_id() */ - setup_virtual_regions(NULL, NULL); /* Initialize traps early allow us to get backtrace when an error occurred */ init_traps(); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index ac983ddc69..86cd8b9997 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1014,8 +1014,6 @@ void asmlinkage __init noreturn __start_xen(unsigned long mbi_p) smp_prepare_boot_cpu(); sort_exception_tables(); - setup_virtual_regions(__start___ex_table, __stop___ex_table); - /* Full exception support from here on in. */ rdmsrl(MSR_EFER, this_cpu(efer)); diff --git a/xen/common/virtual_region.c b/xen/common/virtual_region.c index fe4f53d86b..52405d84b2 100644 --- a/xen/common/virtual_region.c +++ b/xen/common/virtual_region.c @@ -26,7 +26,7 @@ static struct virtual_region core, core_init; #define LIST_ENTRY_CORE() { .next = &core_init.list, .prev = &virtual_region_list } #define LIST_ENTRY_INIT() { .next = &virtual_region_list, .prev = &core.list } -static struct virtual_region core = { +static struct virtual_region core __read_mostly = { .list = LIST_ENTRY_CORE(), .text_start = _stext, .text_end = _etext, @@ -39,6 +39,11 @@ static struct virtual_region core = { { __start_bug_frames_2, __stop_bug_frames_2 }, { __start_bug_frames_3, __stop_bug_frames_3 }, }, + +#ifdef CONFIG_HAS_EX_TABLE + .ex = __start___ex_table, + .ex_end = __stop___ex_table, +#endif }; /* Becomes irrelevant when __init sections are cleared. */ @@ -53,6 +58,11 @@ static struct virtual_region core_init __initdata = { { __start_bug_frames_2, __stop_bug_frames_2 }, { __start_bug_frames_3, __stop_bug_frames_3 }, }, + +#ifdef CONFIG_HAS_EX_TABLE + .ex = __start___ex_table, + .ex_end = __stop___ex_table, +#endif }; /* @@ -161,13 +171,6 @@ void __init unregister_init_virtual_region(void) remove_virtual_region(&core_init); } -void __init setup_virtual_regions(const struct exception_table_entry *start, - const struct exception_table_entry *end) -{ - core_init.ex = core.ex = start; - core_init.ex_end = core.ex_end = end; -} - /* * Local variables: * mode: C diff --git a/xen/include/xen/virtual_region.h b/xen/include/xen/virtual_region.h index c8a90e3ef2..a18dfb6fb0 100644 --- a/xen/include/xen/virtual_region.h +++ b/xen/include/xen/virtual_region.h @@ -32,13 +32,13 @@ struct virtual_region const struct bug_frame *start, *stop; /* Pointers to array of bug frames. */ } frame[BUGFRAME_NR]; +#ifdef CONFIG_HAS_EX_TABLE const struct exception_table_entry *ex; const struct exception_table_entry *ex_end; +#endif }; const struct virtual_region *find_text_region(unsigned long addr); -void setup_virtual_regions(const struct exception_table_entry *start, - const struct exception_table_entry *end); void unregister_init_virtual_region(void); void register_virtual_region(struct virtual_region *r); void unregister_virtual_region(struct virtual_region *r); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:16:18 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:16:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707202.1104874 (Exim 4.92) (envelope-from ) id 1rwvmS-0002A0-Dm; Wed, 17 Apr 2024 03:16:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707202.1104874; Wed, 17 Apr 2024 03:16:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmS-00029s-B8; Wed, 17 Apr 2024 03:16:16 +0000 Received: by outflank-mailman (input) for mailman id 707202; Wed, 17 Apr 2024 03:16:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmR-00029i-O3 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmR-0001IT-NM for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvmR-0004LK-Me for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Rn4BQeQE2eO10Dq2L/YHERJz2BuQlt23WzsgjGxJbcc=; b=vHZG6tvI0AEaZYwaL0V8dfDFC6 /8NxiA4mznyzn1GDAQHIfgjZWBsHyR/YzOU8lR6y9VwS+4RIsp249mPBAFSIF3AbAjNjb3k6W7BdH k1k29Tiu1PVmHgOfhKSmVTDPeZA3Lhy5SqGH4rqCSNil/QmMZ25GLqE2TGbrBGlasfW0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hvm: Fix Misra Rule 19.1 regression Message-Id: Date: Wed, 17 Apr 2024 03:16:15 +0000 commit d0a718a45f14b86471d8eb3083acd72760963470 Author: Andrew Cooper AuthorDate: Wed Apr 10 11:26:24 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/hvm: Fix Misra Rule 19.1 regression Despite noticing an impending Rule 19.1 violation, the adjustment made (the uint32_t cast) wasn't sufficient to avoid it. Try again. Subsequently noticed by Coverity too. Fixes: 6a98383b0877 ("x86/HVM: clear upper halves of GPRs upon entry from 32-bit code") Coverity-IDs: 1596289 thru 1596298 Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini --- xen/arch/x86/include/asm/hvm/hvm.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 595253babe..899233fb25 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -575,16 +575,16 @@ static inline void hvm_sanitize_regs_fields(struct cpu_user_regs *regs, if ( compat ) { /* Clear GPR upper halves, to counteract guests playing games. */ - regs->rbp = (uint32_t)regs->ebp; - regs->rbx = (uint32_t)regs->ebx; - regs->rax = (uint32_t)regs->eax; - regs->rcx = (uint32_t)regs->ecx; - regs->rdx = (uint32_t)regs->edx; - regs->rsi = (uint32_t)regs->esi; - regs->rdi = (uint32_t)regs->edi; - regs->rip = (uint32_t)regs->eip; - regs->rflags = (uint32_t)regs->eflags; - regs->rsp = (uint32_t)regs->esp; + regs->rbp = (uint32_t)regs->rbp; + regs->rbx = (uint32_t)regs->rbx; + regs->rax = (uint32_t)regs->rax; + regs->rcx = (uint32_t)regs->rcx; + regs->rdx = (uint32_t)regs->rdx; + regs->rsi = (uint32_t)regs->rsi; + regs->rdi = (uint32_t)regs->rdi; + regs->rip = (uint32_t)regs->rip; + regs->rflags = (uint32_t)regs->rflags; + regs->rsp = (uint32_t)regs->rsp; } #ifndef NDEBUG -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:16:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:16:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707204.1104878 (Exim 4.92) (envelope-from ) id 1rwvmc-0002Cy-FH; Wed, 17 Apr 2024 03:16:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707204.1104878; Wed, 17 Apr 2024 03:16:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmc-0002Cq-Ca; Wed, 17 Apr 2024 03:16:26 +0000 Received: by outflank-mailman (input) for mailman id 707204; Wed, 17 Apr 2024 03:16:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmb-0002Cg-Qw for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmb-0001Ia-Q7 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvmb-0004Ll-PR for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4+32evfF3xUZhTctRy9fOf6s849OabQw6gLk6AlcBEk=; b=oO8H8yqK245r/Wnjc+ctfDUp2u jdwLVRFlUUP2PUw34vyJCO11E2l2dsQAJ+3IgjlMDOpIxYAdOKeqnd6cuE+rfsh81zNzs2gHxnQ79 WGglFn0cs7uki3Ez+UBTCOYLoFDEm9bIhosKbM44qguFlKqS8Wg0vMPwrJgUT8GJea4Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/nospec: Remove unreachable code Message-Id: Date: Wed, 17 Apr 2024 03:16:25 +0000 commit 52bde26c1c651983e396002e2b0aeb8ef414e2d7 Author: Andrew Cooper AuthorDate: Wed Apr 10 20:08:03 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/nospec: Remove unreachable code When CONFIG_SPECULATIVE_HARDEN_LOCK is active, this reads: static always_inline bool lock_evaluate_nospec(bool condition) { return arch_lock_evaluate_nospec(condition); return condition; } Insert an #else to take out the second return. Fixes: 7ef0084418e1 ("x86/spinlock: introduce support for blocking speculation into critical regions") Signed-off-by: Andrew Cooper Reviewed-by: Luca Fancellu Reviewed-by: Stefano Stabellini --- xen/include/xen/nospec.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/include/xen/nospec.h b/xen/include/xen/nospec.h index 9fb15aa26a..828dbd4e0a 100644 --- a/xen/include/xen/nospec.h +++ b/xen/include/xen/nospec.h @@ -82,8 +82,9 @@ static always_inline bool lock_evaluate_nospec(bool condition) { #ifdef CONFIG_SPECULATIVE_HARDEN_LOCK return arch_lock_evaluate_nospec(condition); -#endif +#else return condition; +#endif } #endif /* XEN_NOSPEC_H */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:16:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:16:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707205.1104882 (Exim 4.92) (envelope-from ) id 1rwvmm-0002Fq-Gt; Wed, 17 Apr 2024 03:16:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707205.1104882; Wed, 17 Apr 2024 03:16:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmm-0002Fi-E0; Wed, 17 Apr 2024 03:16:36 +0000 Received: by outflank-mailman (input) for mailman id 707205; Wed, 17 Apr 2024 03:16:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvml-0002FZ-Ue for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvml-0001Ik-TB for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvml-0004MC-SJ for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7ar+s4p3l81h6pTp7wJjBn91c2rCE2RZk1N/N6wWXHs=; b=JDPEiqfk8rIpOCLlUbcfoVFKAc XDc667BWLDfRREhWJ512DVZ2A/lLhQ5lnwb4ujstIpvFscUIrdaW8nFTBDf/t0OaG/zUdlbM1L9hk tutok7kUHrDtHE7gf3jo/iU/0431fRnycd8geHHpNY0LNgtIMT1GI49PCGzwcr18Qtw0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/vPCI: Remove shadowed variable Message-Id: Date: Wed, 17 Apr 2024 03:16:35 +0000 commit e5b93b70d5f1921867bd59b35562b28766c65f69 Author: Andrew Cooper AuthorDate: Wed Apr 10 20:28:23 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/vPCI: Remove shadowed variable Resolves a MISRA R5.3 violation. Fixes: 622bdd962822 ("vpci/header: handle p2m range sets per BAR") Signed-off-by: Andrew Cooper Reviewed-by: Luca Fancellu Reviewed-by: Stefano Stabellini Acked-by: Roger Pau Monné --- xen/drivers/vpci/vpci.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index 260b72875e..97e115dc57 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -62,8 +62,6 @@ void vpci_deassign_device(struct pci_dev *pdev) spin_unlock(&pdev->vpci->lock); if ( pdev->vpci->msix ) { - unsigned int i; - list_del(&pdev->vpci->msix->next); for ( i = 0; i < ARRAY_SIZE(pdev->vpci->msix->table); i++ ) if ( pdev->vpci->msix->table[i] ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:16:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:16:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707207.1104887 (Exim 4.92) (envelope-from ) id 1rwvmw-0002Id-Iy; Wed, 17 Apr 2024 03:16:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707207.1104887; Wed, 17 Apr 2024 03:16:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmw-0002IV-FU; Wed, 17 Apr 2024 03:16:46 +0000 Received: by outflank-mailman (input) for mailman id 707207; Wed, 17 Apr 2024 03:16:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmw-0002II-0X for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvmv-0001J7-W3 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvmv-0004Mw-VJ for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0ar4zSL7ct/B6blLIUPHPZyGpo/0P0dPFaX+2pCkuGY=; b=FFQXW3Z/iObEFKa8qXsInSsdx5 Y39kQ6JKdlG6WtutsB/J7l8NVOgkl1CDYCYpLbznHMg92TST2eJSrI5iDini4W4FaCe7k433q5DcF +9lxPJveX73nmPqxoaxUjNBV4ss0PW/zN1eNsYRZ2R4nhvG8zBxAjH21g/lpCwz5+znc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/spinlock: Adjust LOCK_DEBUG_INITVAL to placate MISRA Message-Id: Date: Wed, 17 Apr 2024 03:16:45 +0000 commit 761358b9ebd8584e7fe9c66dbfa477f644617478 Author: Andrew Cooper AuthorDate: Wed Apr 10 20:32:24 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/spinlock: Adjust LOCK_DEBUG_INITVAL to placate MISRA Resolves 160 MISRA R7.2 violations. Fixes: c286bb93d20c ("xen/spinlock: support higher number of cpus") Signed-off-by: Andrew Cooper Reviewed-by: Luca Fancellu Reviewed-by: Stefano Stabellini Reviewed-by: Nicola Vetrini --- xen/include/xen/spinlock.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index db00a24646..18793c5e29 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -13,7 +13,7 @@ #ifdef CONFIG_DEBUG_LOCKS union lock_debug { uint32_t val; -#define LOCK_DEBUG_INITVAL 0xffffffff +#define LOCK_DEBUG_INITVAL 0xffffffffU struct { unsigned int cpu:SPINLOCK_CPU_BITS; #define LOCK_DEBUG_PAD_BITS (30 - SPINLOCK_CPU_BITS) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:16:57 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:16:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707208.1104889 (Exim 4.92) (envelope-from ) id 1rwvn7-0002Lh-JZ; Wed, 17 Apr 2024 03:16:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707208.1104889; Wed, 17 Apr 2024 03:16:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvn7-0002La-H7; Wed, 17 Apr 2024 03:16:57 +0000 Received: by outflank-mailman (input) for mailman id 707208; Wed, 17 Apr 2024 03:16:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvn6-0002LD-3o for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvn6-0001JG-2f for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvn6-0004NN-1y for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:16:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qLSR6h9veEIDfN0uSjhzUDVUaKU8htczzOukk/MlaRU=; b=mW7GPjftSCt0iijIheOYZlCX30 TUWIcTla6nXUHnQTMAxBpZCyiPN1/VH7AhWB+7oVPgmHBAudN+LvhdC2lv5jTHEc5FP+M3hroDhi7 /hUeWLnHYOR/ApdL4n/NZBvGV+BCYYP34TEV0a/3IDhn6sS9kkuxo83My1kQkyn5vsqI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/emul: Adjust X86EMUL_OPC_EXT_MASK to placate MISRA Message-Id: Date: Wed, 17 Apr 2024 03:16:56 +0000 commit 478002370cfb99d65731aedd78fbfa017c730ee7 Author: Andrew Cooper AuthorDate: Wed Apr 10 20:41:27 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/emul: Adjust X86EMUL_OPC_EXT_MASK to placate MISRA Resolves 4740 MISRA R7.2 violations (of 4935, so 96% of them). Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini --- xen/arch/x86/x86_emulate/x86_emulate.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_emulate/x86_emulate.h b/xen/arch/x86/x86_emulate/x86_emulate.h index 698750267a..d92be69d84 100644 --- a/xen/arch/x86/x86_emulate/x86_emulate.h +++ b/xen/arch/x86/x86_emulate/x86_emulate.h @@ -620,7 +620,7 @@ struct x86_emulate_ctxt * below). * Hence no separate #define-s get added. */ -#define X86EMUL_OPC_EXT_MASK 0xffff0000 +#define X86EMUL_OPC_EXT_MASK 0xffff0000U #define X86EMUL_OPC(ext, byte) ((uint8_t)(byte) | \ MASK_INSR((ext), X86EMUL_OPC_EXT_MASK)) /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:17:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:17:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707209.1104894 (Exim 4.92) (envelope-from ) id 1rwvnH-0002O9-L5; Wed, 17 Apr 2024 03:17:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707209.1104894; Wed, 17 Apr 2024 03:17:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnH-0002Nz-Ic; Wed, 17 Apr 2024 03:17:07 +0000 Received: by outflank-mailman (input) for mailman id 707209; Wed, 17 Apr 2024 03:17:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnG-0002No-6X for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnG-0001Jc-5e for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvnG-0004PY-4q for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rAXEUdSs5GVYrbfB21hiyAxeYNMdCwAdEX7wJTZdLi0=; b=PPK0kooU7gme/v0ejYlXmasTQc nOv8DV8PzX30I7d6L0Do7S4niqI/DDHhrbX/8vk7zAqk6q3Fv9HQWN+Z/vEJY8AWeMxNWiaR2GR8z ARJ0FcYGmrc4nZQQwvJBvY62OKJn0ZmdLxQRHJxO6/WUvvAXaA0kb0CO89hC5SjQMcro=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/vlapic: tidy switch statement and address MISRA violation Message-Id: Date: Wed, 17 Apr 2024 03:17:06 +0000 commit 6af626c1da682655a6734a0d47899cb9b03d71ae Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:29 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/vlapic: tidy switch statement and address MISRA violation Refactor the last clauses so that a violation of MISRA C Rule 16.2 is resolved (A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement). The switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. No functional change. Suggested-by: Jan Beulich Signed-off-by: Nicola Vetrini Reviewed-by: Stefano Stabellini --- xen/arch/x86/hvm/vlapic.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c index dcbcf4a1fe..05072a21bf 100644 --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c @@ -1033,11 +1033,11 @@ int guest_wrmsr_x2apic(struct vcpu *v, uint32_t msr, uint64_t val) case APIC_EOI: case APIC_ESR: - if ( val ) - { + if ( !val ) + break; + fallthrough; default: return X86EMUL_EXCEPTION; - } } vlapic_reg_write(v, array_index_nospec(offset, PAGE_SIZE), val); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:17:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:17:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707210.1104899 (Exim 4.92) (envelope-from ) id 1rwvnR-0002Qq-NG; Wed, 17 Apr 2024 03:17:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707210.1104899; Wed, 17 Apr 2024 03:17:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnR-0002Qi-K2; Wed, 17 Apr 2024 03:17:17 +0000 Received: by outflank-mailman (input) for mailman id 707210; Wed, 17 Apr 2024 03:17:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnQ-0002QT-9I for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnQ-0001Jl-8Y for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvnQ-0004Py-7t for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GyDaKJvGhFtK1oMTmDja3DufKsmqpzeDACiwLTvz8fs=; b=RArVb6GumqjDDwyckUEM3vWDI2 aAJ971b3fpiO3V7AMmYFJNsG0Xyi+sB7Yett2xbhcw1mGerU+dJoD2ZTltXvmWNDhq1MziDn60UTi yH7EOfC/f7HBY4hSDH3MeUQQ/2lyyU4hrCRBc+I0OWM4Ch50AQCW78xF3SeEYyAPmOns=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/cpuid: address violation of MISRA C Rule 16.2 Message-Id: Date: Wed, 17 Apr 2024 03:17:16 +0000 commit 3b51a812e03a36a44b154b261458c9ff88b98c60 Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:30 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/cpuid: address violation of MISRA C Rule 16.2 Refactor the switch so that a violation of MISRA C Rule 16.2 is resolved (A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement). Note that the switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/cpuid.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index 7290a979c6..7a38e03214 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -331,23 +331,22 @@ void guest_cpuid(const struct vcpu *v, uint32_t leaf, switch ( subleaf ) { case 1: - if ( p->xstate.xsavec || p->xstate.xsaves ) - { - /* - * TODO: Figure out what to do for XSS state. VT-x manages - * host vs guest MSR_XSS automatically, so as soon as we start - * supporting any XSS states, the wrong XSS will be in - * context. - */ - BUILD_BUG_ON(XSTATE_XSAVES_ONLY != 0); + if ( !p->xstate.xsavec && !p->xstate.xsaves ) + break; - /* - * Read CPUID[0xD,0/1].EBX from hardware. They vary with - * enabled XSTATE, and appropraite XCR0|XSS are in context. - */ + /* + * TODO: Figure out what to do for XSS state. VT-x manages host + * vs guest MSR_XSS automatically, so as soon as we start + * supporting any XSS states, the wrong XSS will be in context. + */ + BUILD_BUG_ON(XSTATE_XSAVES_ONLY != 0); + fallthrough; case 0: - res->b = cpuid_count_ebx(leaf, subleaf); - } + /* + * Read CPUID[0xD,0/1].EBX from hardware. They vary with enabled + * XSTATE, and appropriate XCR0|XSS are in context. + */ + res->b = cpuid_count_ebx(leaf, subleaf); break; } break; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:17:27 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:17:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707211.1104901 (Exim 4.92) (envelope-from ) id 1rwvnb-0002UK-Qa; Wed, 17 Apr 2024 03:17:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707211.1104901; Wed, 17 Apr 2024 03:17:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnb-0002UD-Nx; Wed, 17 Apr 2024 03:17:27 +0000 Received: by outflank-mailman (input) for mailman id 707211; Wed, 17 Apr 2024 03:17:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvna-0002Tt-Cr for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvna-0001Jw-C8 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvna-0004QP-Au for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BwtjdApPYzyM3hFgs5+URYZ/OHtgerUXNDm0vgZFpS0=; b=bEjEwyYSb/fpI1qeHKq93AhBCU hY+6Fm1bIvyanNQeXfx/4DjtEcZDMk+l5HykeeHVlqdrQV8BWMee9RhiclV9H+eENPI2mr6aCEPiG DiQwZvK7VlUpzO+sKe3AX7cD9jy7JF0M1UeaWEHGVaXtop5WlSACrpTlDaVaiSZx4x7A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/irq: tidy switch statement and address MISRA violation Message-Id: Date: Wed, 17 Apr 2024 03:17:26 +0000 commit 24f204748ef978eba6ae4f83bb5b7daacab5acb1 Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:31 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/irq: tidy switch statement and address MISRA violation Refactor the clauses so that a MISRA C Rule 16.2 violation is resolved (A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement). Note that the switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Andrew Cooper --- xen/arch/x86/irq.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index a042faf104..80ba8d9fe9 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -2882,7 +2882,7 @@ int allocate_and_map_gsi_pirq(struct domain *d, int index, int *pirq_p) int allocate_and_map_msi_pirq(struct domain *d, int index, int *pirq_p, int type, struct msi_info *msi) { - int irq, pirq, ret; + int irq = -1, pirq, ret; ASSERT_PDEV_LIST_IS_READ_LOCKED(d); @@ -2892,11 +2892,10 @@ int allocate_and_map_msi_pirq(struct domain *d, int index, int *pirq_p, if ( !msi->table_base ) msi->entry_nr = 1; irq = index; - if ( irq == -1 ) - { + fallthrough; case MAP_PIRQ_TYPE_MULTI_MSI: + if( irq == -1 ) irq = create_irq(NUMA_NO_NODE, true); - } if ( irq < nr_irqs_gsi || irq >= nr_irqs ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:17:38 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:17:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707212.1104906 (Exim 4.92) (envelope-from ) id 1rwvnl-0002Wn-Rt; Wed, 17 Apr 2024 03:17:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707212.1104906; Wed, 17 Apr 2024 03:17:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnl-0002Wg-PR; Wed, 17 Apr 2024 03:17:37 +0000 Received: by outflank-mailman (input) for mailman id 707212; Wed, 17 Apr 2024 03:17:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnk-0002WV-G0 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnk-0001K3-FA for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:36 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvnk-0004Qq-EQ for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:36 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y+bhsr7BInUBDyUWgXy+/sKwvOkrps2fySah+rCwX4s=; b=tezfS9MnhKOus6fu2IXFpk5Hta Z7QV/PAbPewOcS6wtBvo7ZmIXQDBy8OIoMMQCeaP8TJ5Sx2XfiO7XY/Fbvu+c16MQ06dSJepuV3eF y21Z02kLCHjMPCXdSC2iLRSgmA8AnHA1EweNeRys8on8wzm3Lc0E+0sX3r45GHHKUCvU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/efi: tidy switch statement and address MISRA violation Message-Id: Date: Wed, 17 Apr 2024 03:17:36 +0000 commit f509d39d5bb35d2ce200ebe75ad8cbb5f35a7ae2 Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:32 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/efi: tidy switch statement and address MISRA violation Refactor the first clauses so that a violation of MISRA C Rule 16.2 is resolved (a switch label, "default" in this case, should be immediately enclosed in the compound statement of the switch). Note that the switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. Convert fallthrough comments in other clauses to the pseudo-keyword while at it. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Andrew Cooper --- xen/arch/x86/efi/efi-boot.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 8ea64e31cd..f282358435 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -169,20 +169,23 @@ static void __init efi_arch_process_memory_map(EFI_SYSTEM_TABLE *SystemTable, switch ( desc->Type ) { + default: + type = E820_RESERVED; + break; + case EfiBootServicesCode: case EfiBootServicesData: if ( map_bs ) { - default: type = E820_RESERVED; break; } - /* fall through */ + fallthrough; case EfiConventionalMemory: if ( !trampoline_phys && desc->PhysicalStart + len <= 0x100000 && len >= cfg.size && desc->PhysicalStart + len > cfg.addr ) cfg.addr = (desc->PhysicalStart + len - cfg.size) & PAGE_MASK; - /* fall through */ + fallthrough; case EfiLoaderCode: case EfiLoaderData: if ( desc->Attribute & EFI_MEMORY_RUNTIME ) @@ -190,9 +193,13 @@ static void __init efi_arch_process_memory_map(EFI_SYSTEM_TABLE *SystemTable, else if ( desc->Attribute & EFI_MEMORY_WB ) type = E820_RAM; else - case EfiUnusableMemory: type = E820_UNUSABLE; break; + + case EfiUnusableMemory: + type = E820_UNUSABLE; + break; + case EfiACPIReclaimMemory: type = E820_ACPI; break; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:17:47 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:17:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707213.1104910 (Exim 4.92) (envelope-from ) id 1rwvnv-0002ZY-Td; Wed, 17 Apr 2024 03:17:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707213.1104910; Wed, 17 Apr 2024 03:17:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnv-0002ZP-Qu; Wed, 17 Apr 2024 03:17:47 +0000 Received: by outflank-mailman (input) for mailman id 707213; Wed, 17 Apr 2024 03:17:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnu-0002ZC-Ig for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvnu-0001KT-I0 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvnu-0004RL-HI for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lLUsOi85vJtVTcVQ/3XSrzktwPigN/oIT0roAD/BhVU=; b=ivrG79CN7zijAAt/zJqSp6Q7fa hL7De1e+sKufsnAsv+23Nb0z9jHYC5BrbUWPxS6VhC8L9btqlwX83f/zNVChxWfXmHMPdixMsdOXv /J7ekhSSSYbbIs6vLZM/JHh77luiOVlVsdpiztpXV9HIBCMqSZBHq2yf5Z0kdKPOYMbU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/domctl: address violations of MISRA C Rule 16.2 Message-Id: Date: Wed, 17 Apr 2024 03:17:46 +0000 commit eeab8c4619c26e4ba4055430a46d6180cc73b2be Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:33 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/domctl: address violations of MISRA C Rule 16.2 Refactor the first clauses so that a violation of MISRA C Rule 16.2 is resolved (a switch label should be immediately enclosed in the compound statement of the switch). Note that the switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. Convert fallthrough comments in other clauses to the pseudo-keyword while at it. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/common/domctl.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 43b0b074c3..2c0331bb05 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -293,6 +293,10 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) switch ( op->cmd ) { + case XEN_DOMCTL_createdomain: + d = NULL; + break; + case XEN_DOMCTL_assign_device: case XEN_DOMCTL_deassign_device: if ( op->domain == DOMID_IO ) @@ -302,16 +306,15 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) } else if ( op->domain == DOMID_INVALID ) return -ESRCH; - /* fall through */ + fallthrough; case XEN_DOMCTL_test_assign_device: case XEN_DOMCTL_vm_event_op: if ( op->domain == DOMID_INVALID ) { - case XEN_DOMCTL_createdomain: d = NULL; break; } - /* fall through */ + fallthrough; default: d = rcu_lock_domain_by_id(op->domain); if ( !d ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:17:57 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:17:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707214.1104914 (Exim 4.92) (envelope-from ) id 1rwvo5-0002cO-VF; Wed, 17 Apr 2024 03:17:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707214.1104914; Wed, 17 Apr 2024 03:17:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvo5-0002cG-SL; Wed, 17 Apr 2024 03:17:57 +0000 Received: by outflank-mailman (input) for mailman id 707214; Wed, 17 Apr 2024 03:17:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvo4-0002c5-Lj for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvo4-0001Ka-L1 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvo4-0004Ry-K8 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:17:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5CA0S+wYeK/i/ax7eCx0ypCeEsIrqeoXzOkYQTd+Le0=; b=6ESV6ARMcYKdKkqin75chacO68 7prrBXCtd3aIrFWG4RHTm8NcoMGaMhuieIJ3ngCMmHQO/8GOdyin+ymila3PQ78WBE3DpOf3g2f0e WA9INC1aa4aSwht6wWLLMpGU82tKXis+Usk/tdM8QliUNnDgiegjLT5BosUzTOrDc0jM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hvm: address violations of MISRA C Rule 16.2 Message-Id: Date: Wed, 17 Apr 2024 03:17:56 +0000 commit bbbbd024e8e5d5a286af51de883a33989a2031dc Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:34 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 x86/hvm: address violations of MISRA C Rule 16.2 Refactor the switch so that a violation of MISRA C Rule 16.2 is resolved (a switch label should be immediately enclosed in the compound statement of the switch). The switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/hvm/hypercall.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/hypercall.c b/xen/arch/x86/hvm/hypercall.c index eeb73e1aa5..14679dd829 100644 --- a/xen/arch/x86/hvm/hypercall.c +++ b/xen/arch/x86/hvm/hypercall.c @@ -119,12 +119,12 @@ int hvm_hypercall(struct cpu_user_regs *regs) (mode == 8 ? regs->rdi : regs->ebx) == HVMOP_guest_request_vm_event ) break; - if ( unlikely(hvm_get_cpl(curr)) ) - { + if ( likely(!hvm_get_cpl(curr)) ) + break; + fallthrough; default: - regs->rax = -EPERM; - return HVM_HCALL_completed; - } + regs->rax = -EPERM; + return HVM_HCALL_completed; case 0: break; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:18:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:18:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707215.1104918 (Exim 4.92) (envelope-from ) id 1rwvoG-0002fC-0S; Wed, 17 Apr 2024 03:18:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707215.1104918; Wed, 17 Apr 2024 03:18:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvoF-0002f4-Tz; Wed, 17 Apr 2024 03:18:07 +0000 Received: by outflank-mailman (input) for mailman id 707215; Wed, 17 Apr 2024 03:18:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvoE-0002em-Oa for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvoE-0001Ku-Nr for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvoE-0004TN-N5 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZFliFctd+6DPbz5FbxVG9uNlVf/KGjCvUKiR3da9rvE=; b=oXeFDsWK5mFBKmVtMDC03DJn11 9j8JB4XyrvOsskICPU/Sq2iTn6tMz4IVHQlH8W/tijw6xTPGrTsEghBwE3Y8+XjyDC7zkJOhvPQJj 3GDyZQuO886tRScVTUhuYQPBbHnZogZc3l8hZDnHOY1En4dcKRXkf0yEgItsgLtuP6Ek=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/xsm: address violation of MISRA C Rule 16.2 Message-Id: Date: Wed, 17 Apr 2024 03:18:06 +0000 commit 2145512e212f2967a1c93f0845692b8e0714d24b Author: Nicola Vetrini AuthorDate: Fri Apr 5 11:14:35 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 13:23:08 2024 +0100 xen/xsm: address violation of MISRA C Rule 16.2 Refactor the switch so that a violation of MISRA C Rule 16.2 is resolved (A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement). Note that the switch clause ending with the pseudo keyword "fallthrough" is an allowed exception to Rule 16.3. Signed-off-by: Nicola Vetrini Acked-by: Daniel P. Smith Reviewed-by: Stefano Stabellini --- xen/include/xsm/dummy.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h index 88039fdd22..00d2cbebf2 100644 --- a/xen/include/xsm/dummy.h +++ b/xen/include/xsm/dummy.h @@ -83,17 +83,17 @@ static always_inline int xsm_default_action( return 0; case XSM_TARGET: if ( evaluate_nospec(src == target) ) - { return 0; + fallthrough; case XSM_XS_PRIV: - if ( evaluate_nospec(is_xenstore_domain(src)) ) - return 0; - } - /* fall through */ + if ( action == XSM_XS_PRIV && + evaluate_nospec(is_xenstore_domain(src)) ) + return 0; + fallthrough; case XSM_DM_PRIV: if ( target && evaluate_nospec(src->target == target) ) return 0; - /* fall through */ + fallthrough; case XSM_PRIV: if ( is_control_domain(src) ) return 0; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:18:18 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:18:18 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707216.1104922 (Exim 4.92) (envelope-from ) id 1rwvoQ-0002jL-1l; Wed, 17 Apr 2024 03:18:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707216.1104922; Wed, 17 Apr 2024 03:18:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvoP-0002jA-VU; Wed, 17 Apr 2024 03:18:17 +0000 Received: by outflank-mailman (input) for mailman id 707216; Wed, 17 Apr 2024 03:18:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvoO-0002iz-Rv for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvoO-0001L4-RI for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvoO-0004Tq-QY for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aDH2Q5MijtScEjJsW9sve9sykh65cwmO5XtFnRgMJvg=; b=ibOe5CyCbtLNHNVIisOiGRBusu tPKkbiOVHw6eTFAgElZqPL9EiRsayN8qH3tKMX3rwp8ImdTJ7hNZYQJiDURDM1fLbDT5vtxR2yppz fBFaD1oBY6Y1E4uz7XZlcUwixhYVvIcPhchnysPzc8geEcYzKav7kq2J9OHpjikRslNs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/acpi: Allow xen/acpi.h to be included on non-ACPI archs Message-Id: Date: Wed, 17 Apr 2024 03:18:16 +0000 commit c304bdf1e769830abc849721c05870352e919c2a Author: Shawn Anastasio AuthorDate: Fri Apr 5 13:20:31 2024 -0500 Commit: Andrew Cooper CommitDate: Thu Apr 11 14:16:36 2024 +0100 xen/acpi: Allow xen/acpi.h to be included on non-ACPI archs Conditionalize xen/acpi.h's inclusion of acpi/acpi.h and asm/acpi.h on CONFIG_ACPI and import ARM's !CONFIG_ACPI stub for acpi_disabled() so that the header can be included on architectures without ACPI support, like ppc. This change revealed some missing #includes across the ARM tree, so fix those as well. Suggested-by: Jan Beulich Signed-off-by: Shawn Anastasio Acked-by: Jan Beulich Reviewed-by: Michal Orzel [Fold Randconfig fix] Signed-off-by: Andrew Cooper --- xen/arch/arm/arm32/mmu/mm.c | 1 + xen/arch/arm/arm64/smpboot.c | 3 ++- xen/arch/arm/domain_build.c | 1 - xen/arch/arm/gic-v2.c | 1 - xen/arch/arm/gic-v3.c | 2 -- xen/arch/arm/include/asm/acpi.h | 1 - xen/arch/arm/mmu/pt.c | 1 + xen/arch/arm/mmu/setup.c | 1 + xen/arch/arm/psci.c | 1 + xen/arch/arm/smpboot.c | 1 + xen/arch/arm/traps.c | 3 ++- xen/common/sched/boot-cpupool.c | 2 +- xen/include/xen/acpi.h | 8 ++++++-- 13 files changed, 16 insertions(+), 10 deletions(-) diff --git a/xen/arch/arm/arm32/mmu/mm.c b/xen/arch/arm/arm32/mmu/mm.c index cb441ca87c..0ab6ae52a6 100644 --- a/xen/arch/arm/arm32/mmu/mm.c +++ b/xen/arch/arm/arm32/mmu/mm.c @@ -3,6 +3,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/arch/arm/arm64/smpboot.c b/xen/arch/arm/arm64/smpboot.c index bf81d018b3..a225fae64d 100644 --- a/xen/arch/arm/arm64/smpboot.c +++ b/xen/arch/arm/arm64/smpboot.c @@ -1,4 +1,6 @@ +#include #include +#include #include #include #include @@ -7,7 +9,6 @@ #include #include #include -#include struct smp_enable_ops { int (*prepare_cpu)(int cpu); diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 085d88671e..54232ed4cb 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -18,7 +18,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/arch/arm/gic-v2.c b/xen/arch/arm/gic-v2.c index 5d6885e389..02043c0d4b 100644 --- a/xen/arch/arm/gic-v2.c +++ b/xen/arch/arm/gic-v2.c @@ -22,7 +22,6 @@ #include #include #include -#include #include #include #include diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c index 1cb1360606..cd3e1acf79 100644 --- a/xen/arch/arm/gic-v3.c +++ b/xen/arch/arm/gic-v3.c @@ -25,8 +25,6 @@ #include #include -#include - #include #include #include diff --git a/xen/arch/arm/include/asm/acpi.h b/xen/arch/arm/include/asm/acpi.h index e53973e054..13756dd341 100644 --- a/xen/arch/arm/include/asm/acpi.h +++ b/xen/arch/arm/include/asm/acpi.h @@ -74,7 +74,6 @@ static inline void enable_acpi(void) acpi_disabled = false; } #else -#define acpi_disabled (true) #define disable_acpi() #define enable_acpi() #endif diff --git a/xen/arch/arm/mmu/pt.c b/xen/arch/arm/mmu/pt.c index a7755728ae..da28d669e7 100644 --- a/xen/arch/arm/mmu/pt.c +++ b/xen/arch/arm/mmu/pt.c @@ -11,6 +11,7 @@ #include #include +#include #include #ifdef NDEBUG diff --git a/xen/arch/arm/mmu/setup.c b/xen/arch/arm/mmu/setup.c index 57f1b46499..c0cb17ca2e 100644 --- a/xen/arch/arm/mmu/setup.c +++ b/xen/arch/arm/mmu/setup.c @@ -10,6 +10,7 @@ #include #include +#include #include /* Override macros from asm/page.h to make them work with mfn_t */ diff --git a/xen/arch/arm/psci.c b/xen/arch/arm/psci.c index 695d2fa1f1..b6860a7760 100644 --- a/xen/arch/arm/psci.c +++ b/xen/arch/arm/psci.c @@ -9,6 +9,7 @@ */ +#include #include #include #include diff --git a/xen/arch/arm/smpboot.c b/xen/arch/arm/smpboot.c index a84e706d77..6efed87678 100644 --- a/xen/arch/arm/smpboot.c +++ b/xen/arch/arm/smpboot.c @@ -7,6 +7,7 @@ * Copyright (c) 2011 Citrix Systems. */ +#include #include #include #include diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index a8039087c8..aac6c599f8 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -7,6 +7,7 @@ * Copyright (c) 2011 Citrix Systems. */ +#include #include #include #include @@ -30,7 +31,6 @@ #include #include -#include #include #include #include @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include diff --git a/xen/common/sched/boot-cpupool.c b/xen/common/sched/boot-cpupool.c index 5955e6f9a9..feeac3b704 100644 --- a/xen/common/sched/boot-cpupool.c +++ b/xen/common/sched/boot-cpupool.c @@ -7,8 +7,8 @@ * Copyright (C) 2022 Arm Ltd. */ +#include #include -#include /* * pool_cpu_map: Index is logical cpu number, content is cpupool id, (-1) for diff --git a/xen/include/xen/acpi.h b/xen/include/xen/acpi.h index 6a2f5983fd..e78e7e7852 100644 --- a/xen/include/xen/acpi.h +++ b/xen/include/xen/acpi.h @@ -37,10 +37,10 @@ #ifndef __ASSEMBLY__ +#include #include -#include -#include +#include #define ACPI_MADT_GET_(fld, x) (((x) & ACPI_MADT_##fld##_MASK) / \ (ACPI_MADT_##fld##_MASK & -ACPI_MADT_##fld##_MASK)) @@ -54,6 +54,9 @@ #ifdef CONFIG_ACPI +#include +#include + extern acpi_physical_address rsdp_hint; extern bool opt_acpi_verbose; @@ -118,6 +121,7 @@ extern u32 pci_mmcfg_base_addr; #else /*!CONFIG_ACPI*/ #define acpi_mp_config 0 +#define acpi_disabled true static inline int acpi_boot_init(void) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:18:28 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:18:28 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707217.1104926 (Exim 4.92) (envelope-from ) id 1rwvoa-0002lp-3h; Wed, 17 Apr 2024 03:18:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707217.1104926; Wed, 17 Apr 2024 03:18:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvoa-0002lh-0j; Wed, 17 Apr 2024 03:18:28 +0000 Received: by outflank-mailman (input) for mailman id 707217; Wed, 17 Apr 2024 03:18:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvoY-0002la-Uq for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvoY-0001LB-U9 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvoY-0004Ut-TQ for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MB7HmwAqxTq2vNJGqMS/BAYejuDOd3eFMEwvtvYhBlc=; b=Fs/9VDmOLCdofMHGcCGCgxrOCR ZGBo4nX5nxv/74TIJZXaV2l4WrdAyVoJZDw5GZrZcyO40fsKaxG6JodGq1IIZEr/hOhuKeAsHnnfL aD6wUl2TseebW0nJ4xg4hGRRzrB/rKuX//gUx+avfvnO9B3TDZY4hxDJruEhdYU2EYqw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/misc: xenwatchdogd: use EXIT_* constants Message-Id: Date: Wed, 17 Apr 2024 03:18:26 +0000 commit 0668d35594f77a3c3dc30bac3a692b69a8cc5688 Author: Leigh Brown AuthorDate: Fri Mar 29 11:10:51 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 14:16:53 2024 +0100 tools/misc: xenwatchdogd: use EXIT_* constants Use EXIT_SUCCESS/EXIT_FAILURE constants instead of magic numbers. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index 254117b554..2f7c822d61 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -17,37 +17,37 @@ void daemonize(void) { switch (fork()) { case -1: - err(1, "fork"); + err(EXIT_FAILURE, "fork"); case 0: break; default: - exit(0); + exit(EXIT_SUCCESS); } umask(0); if (setsid() < 0) - err(1, "setsid"); + err(EXIT_FAILURE, "setsid"); if (chdir("/") < 0) - err(1, "chdir /"); + err(EXIT_FAILURE, "chdir /"); if (freopen("/dev/null", "r", stdin) == NULL) - err(1, "reopen stdin"); + err(EXIT_FAILURE, "reopen stdin"); if(freopen("/dev/null", "w", stdout) == NULL) - err(1, "reopen stdout"); + err(EXIT_FAILURE, "reopen stdout"); if(freopen("/dev/null", "w", stderr) == NULL) - err(1, "reopen stderr"); + err(EXIT_FAILURE, "reopen stderr"); } void catch_exit(int sig) { if (id) xc_watchdog(h, id, 300); - exit(0); + exit(EXIT_SUCCESS); } void catch_usr1(int sig) { if (id) xc_watchdog(h, id, 0); - exit(0); + exit(EXIT_SUCCESS); } int main(int argc, char **argv) @@ -56,44 +56,44 @@ int main(int argc, char **argv) int ret; if (argc < 2) - errx(1, "usage: %s ", argv[0]); + errx(EXIT_FAILURE, "usage: %s ", argv[0]); daemonize(); h = xc_interface_open(NULL, NULL, 0); if (h == NULL) - err(1, "xc_interface_open"); + err(EXIT_FAILURE, "xc_interface_open"); t = strtoul(argv[1], NULL, 0); if (t == ULONG_MAX) - err(1, "strtoul"); + err(EXIT_FAILURE, "strtoul"); s = t / 2; if (argc == 3) { s = strtoul(argv[2], NULL, 0); if (s == ULONG_MAX) - err(1, "strtoul"); + err(EXIT_FAILURE, "strtoul"); } if (signal(SIGHUP, &catch_exit) == SIG_ERR) - err(1, "signal"); + err(EXIT_FAILURE, "signal"); if (signal(SIGINT, &catch_exit) == SIG_ERR) - err(1, "signal"); + err(EXIT_FAILURE, "signal"); if (signal(SIGQUIT, &catch_exit) == SIG_ERR) - err(1, "signal"); + err(EXIT_FAILURE, "signal"); if (signal(SIGTERM, &catch_exit) == SIG_ERR) - err(1, "signal"); + err(EXIT_FAILURE, "signal"); if (signal(SIGUSR1, &catch_usr1) == SIG_ERR) - err(1, "signal"); + err(EXIT_FAILURE, "signal"); id = xc_watchdog(h, 0, t); if (id <= 0) - err(1, "xc_watchdog setup"); + err(EXIT_FAILURE, "xc_watchdog setup"); for (;;) { sleep(s); ret = xc_watchdog(h, id, t); if (ret != 0) - err(1, "xc_watchdog"); + err(EXIT_FAILURE, "xc_watchdog"); } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:18:38 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:18:38 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707218.1104930 (Exim 4.92) (envelope-from ) id 1rwvok-0002pE-6e; Wed, 17 Apr 2024 03:18:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707218.1104930; Wed, 17 Apr 2024 03:18:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvok-0002p6-3Y; Wed, 17 Apr 2024 03:18:38 +0000 Received: by outflank-mailman (input) for mailman id 707218; Wed, 17 Apr 2024 03:18:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvoj-0002ox-1W for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvoj-0001LL-0o for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvoj-0004Vw-00 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FAXooEGPcg7gxcV+zrBsIqjDSbKEllvPt+omSlqkFVg=; b=mIixhnevSSHhqVNeJ7wFxXEMXm tc+J1XbvsGPCjQRYfwe97H+05cA/Nspe6vtJkegRsFhi9l6yVW5ZYBvDzWz/QhMgGKRUA3OlVT4pl Wz2A+nnHEqfLvtp6F1BjDyeheJCLaP0E5esjbnwb9Fr3JCwD9Znxsmzv5ZWCDrlnq79s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/misc: rework xenwatchdogd signal handling Message-Id: Date: Wed, 17 Apr 2024 03:18:37 +0000 commit 5d09f8cbdc22aca97f0ea5de0067ebd2820953a9 Author: Leigh Brown AuthorDate: Fri Mar 29 11:10:52 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 14:16:53 2024 +0100 tools/misc: rework xenwatchdogd signal handling Rework xenwatchdogd signal handling to do the minimum in the signal handler. This is a very minor enhancement. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index 2f7c822d61..ecc3f01a0e 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -9,9 +9,11 @@ #include #include #include +#include xc_interface *h; -int id = 0; +static volatile bool safeexit = false; +static volatile bool done = false; void daemonize(void) { @@ -38,20 +40,18 @@ void daemonize(void) void catch_exit(int sig) { - if (id) - xc_watchdog(h, id, 300); - exit(EXIT_SUCCESS); + done = true; } void catch_usr1(int sig) { - if (id) - xc_watchdog(h, id, 0); - exit(EXIT_SUCCESS); + safeexit = true; + done = true; } int main(int argc, char **argv) { + int id; int t, s; int ret; @@ -90,10 +90,14 @@ int main(int argc, char **argv) if (id <= 0) err(EXIT_FAILURE, "xc_watchdog setup"); - for (;;) { + while (!done) { sleep(s); ret = xc_watchdog(h, id, t); if (ret != 0) err(EXIT_FAILURE, "xc_watchdog"); } + + // Zero seconds timeout will disarm the watchdog timer + xc_watchdog(h, id, safeexit ? 0 : 300); + return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:18:48 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:18:48 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707219.1104934 (Exim 4.92) (envelope-from ) id 1rwvou-0002st-7s; Wed, 17 Apr 2024 03:18:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707219.1104934; Wed, 17 Apr 2024 03:18:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvou-0002sl-58; Wed, 17 Apr 2024 03:18:48 +0000 Received: by outflank-mailman (input) for mailman id 707219; Wed, 17 Apr 2024 03:18:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvot-0002sa-4S for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvot-0001Ll-3k for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvot-0004WN-2u for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/2nfDdcY7WPdHqrWzDzSEM8aRaaSABTmBlJp+Aa7iRg=; b=SZApbrdbKSuNyhf+0qJiGjloJx CAYaLgtqiRxhQsXd24S3ajcEdvH2hKDlpmipvmdQeQKPxz6n2+ys6RAtl2scF81EnvzHBODMhaBzx 01P5DrTLWGmLXyqcw35XXwG2a6z2CeXO1teIhiu9IAk3BnGq4XqM2xXONQ8uJBWbf1X8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/misc: xenwatchdogd: add static qualifier Message-Id: Date: Wed, 17 Apr 2024 03:18:47 +0000 commit 86c008aa5deeb57e4fed79cfd225fa2060d41d2b Author: Leigh Brown AuthorDate: Fri Mar 29 11:10:53 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 11 14:16:53 2024 +0100 tools/misc: xenwatchdogd: add static qualifier Make all functions except main() static in xenwatchdogd.c. Also make the remaining global variable static. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index ecc3f01a0e..112b706357 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -11,11 +11,11 @@ #include #include -xc_interface *h; +static xc_interface *h; static volatile bool safeexit = false; static volatile bool done = false; -void daemonize(void) +static void daemonize(void) { switch (fork()) { case -1: @@ -38,12 +38,12 @@ void daemonize(void) err(EXIT_FAILURE, "reopen stderr"); } -void catch_exit(int sig) +static void catch_exit(int sig) { done = true; } -void catch_usr1(int sig) +static void catch_usr1(int sig) { safeexit = true; done = true; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:18:58 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:18:58 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707220.1104937 (Exim 4.92) (envelope-from ) id 1rwvp4-0002vt-8x; Wed, 17 Apr 2024 03:18:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707220.1104937; Wed, 17 Apr 2024 03:18:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvp4-0002vm-6X; Wed, 17 Apr 2024 03:18:58 +0000 Received: by outflank-mailman (input) for mailman id 707220; Wed, 17 Apr 2024 03:18:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvp3-0002vS-7R for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvp3-0001Lu-6i for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvp3-0004Wo-5t for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:18:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GOwDQ0dlN581vcyxLxp/dL0qZf8+PNfOVnZvIDJwvEk=; b=ZTSEhuIwSBwg61oTE11ropE2+2 OSqZ3OJI3MO2vbAfCsIQMKEMzvV20s45Zq/Nv4ZsCOumwfg0MWevi34Abqn+SskcUp5tr9hpOHFNy U+xJ7UKqdlyH5DvTYHpjN+fKqUbZw+1w8LvPsxvjBawBUWAK2lK8UIcJHGmyPTFFrLoQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MAINTAINERS: Update livepatch maintainers Message-Id: Date: Wed, 17 Apr 2024 03:18:57 +0000 commit 6cb501e3e6db36b1b4b6345f5af8adc0a291b404 Author: Ross Lagerwall AuthorDate: Tue Apr 9 11:32:07 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 14:16:53 2024 +0100 MAINTAINERS: Update livepatch maintainers Remove Konrad from the livepatch maintainers list as he hasn't been active for a few years. At the same time, add Roger as a new maintainer since he has been actively working on it for a while. Signed-off-by: Ross Lagerwall Acked-by: Konrad Rzeszutek Wilk Acked-by: Roger Pau Monné --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 09982241b3..d1850c134d 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -400,7 +400,7 @@ F: tools/include/xentoollog.h F: tools/libs/ LIVEPATCH -M: Konrad Rzeszutek Wilk +M: Roger Pau Monné M: Ross Lagerwall S: Supported F: docs/misc/livepatch.pandoc -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:19:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:19:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707221.1104942 (Exim 4.92) (envelope-from ) id 1rwvpE-0002y3-AR; Wed, 17 Apr 2024 03:19:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707221.1104942; Wed, 17 Apr 2024 03:19:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpE-0002xw-7v; Wed, 17 Apr 2024 03:19:08 +0000 Received: by outflank-mailman (input) for mailman id 707221; Wed, 17 Apr 2024 03:19:07 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpD-0002xp-AJ for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:07 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpD-0001ME-9c for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:07 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvpD-0004XX-90 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:07 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xCDEqA5mOKojwi3z9L+axsD5qT6b8mSqb1f+Qp4WHhI=; b=G0YxnB1wGMG4mBZ4lVtyx5V1dU l6NYac1U2rN5Lx04+RReKRsVdiu7dRpzLePdpbkkXEH7xEZJYlcJ15+85SkxuVYWo1kAhZqJIVAil DjdU/IAIyYH2yC9eBf501QHX3sjoZc3E0dLdHwhj+yYU+S2LYLM355UNHybi+DVt14LQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/include: move definition of ASM_INT() to xen/linkage.h Message-Id: Date: Wed, 17 Apr 2024 03:19:07 +0000 commit 2b31a1f0557a05a182fe360c49eaa7ae1b231aa4 Author: Juergen Gross AuthorDate: Wed Apr 3 14:03:23 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:24:32 2024 +0100 xen/include: move definition of ASM_INT() to xen/linkage.h ASM_INT() is defined in arch/[arm|x86]/include/asm/asm_defns.h in exactly the same way. Instead of replicating this definition for riscv and ppc, move it to include/xen/linkage.h, where other arch agnostic definitions for assembler code are living already. Adapt the generation of assembler sources via tools/binfile to include the new home of ASM_INT(). Signed-off-by: Juergen Gross Acked-by: Andrew Cooper Acked-by: Michal Orzel --- xen/arch/arm/include/asm/asm_defns.h | 3 --- xen/arch/x86/include/asm/asm_defns.h | 3 --- xen/include/xen/linkage.h | 2 ++ xen/tools/binfile | 2 +- 4 files changed, 3 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/include/asm/asm_defns.h b/xen/arch/arm/include/asm/asm_defns.h index c489547d29..47efdf5234 100644 --- a/xen/arch/arm/include/asm/asm_defns.h +++ b/xen/arch/arm/include/asm/asm_defns.h @@ -28,9 +28,6 @@ label: .asciz msg; \ .popsection -#define ASM_INT(label, val) \ - DATA(label, 4) .long (val); END(label) - #endif /* __ARM_ASM_DEFNS_H__ */ /* * Local variables: diff --git a/xen/arch/x86/include/asm/asm_defns.h b/xen/arch/x86/include/asm/asm_defns.h index a69fae78b1..0a3ff70566 100644 --- a/xen/arch/x86/include/asm/asm_defns.h +++ b/xen/arch/x86/include/asm/asm_defns.h @@ -351,9 +351,6 @@ static always_inline void stac(void) 4: .p2align 2 ; \ .popsection -#define ASM_INT(label, val) \ - DATA(label, 4) .long (val); END(label) - #define ASM_CONSTANT(name, value) \ asm ( ".equ " #name ", %P0; .global " #name \ :: "i" ((value)) ); diff --git a/xen/include/xen/linkage.h b/xen/include/xen/linkage.h index 478b1d7287..3d401b88c1 100644 --- a/xen/include/xen/linkage.h +++ b/xen/include/xen/linkage.h @@ -60,6 +60,8 @@ #define DATA_LOCAL(name, align...) \ SYM(name, DATA, LOCAL, LASTARG(DATA_ALIGN, ## align), DATA_FILL) +#define ASM_INT(label, val) DATA(label, 4) .long (val); END(label) + #endif /* __ASSEMBLY__ */ #endif /* __LINKAGE_H__ */ diff --git a/xen/tools/binfile b/xen/tools/binfile index 099d7eda9a..0299326ccc 100755 --- a/xen/tools/binfile +++ b/xen/tools/binfile @@ -25,7 +25,7 @@ binsource=$2 varname=$3 cat <$target -#include +#include .section $section.rodata, "a", %progbits -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:19:19 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:19:19 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707222.1104945 (Exim 4.92) (envelope-from ) id 1rwvpP-00030i-C4; Wed, 17 Apr 2024 03:19:19 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707222.1104945; Wed, 17 Apr 2024 03:19:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpP-00030b-9O; Wed, 17 Apr 2024 03:19:19 +0000 Received: by outflank-mailman (input) for mailman id 707222; Wed, 17 Apr 2024 03:19:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpN-00030J-DS for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpN-0001MN-Ch for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:17 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvpN-0004Y0-By for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:17 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=y0QFv1rhd+hwZSevbKppu6lDBqH6MPE+sDqLG2vtPug=; b=3PUgM+SQqGES0l6gORdnFMFK7Q bz8YJ6fPIMIgLxQiZ4PtIyCvFef11GbKWMbFp6iRq+W9bO3wNBTqCCG/2AirbF2EbDKxAD6/ZFcZV FDBlSj3gHDEI+tGbc/iZXgySUj9uiB3FeGBquJTuK/TbAIX4tSJfLXEmdyzoo1omeTug=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxl: Use vkb=[] for HVMs Message-Id: Date: Wed, 17 Apr 2024 03:19:17 +0000 commit 3c7482b73c5aa38e7faecccd649c67093001d3b5 Author: Jason Andryuk AuthorDate: Sun Apr 7 10:32:08 2024 -0400 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:39:10 2024 +0100 libxl: Use vkb=[] for HVMs xl/libxl only applies vkb=[] to PV & PVH guests. HVM gets only a single vkb by default, but that can be disabled by the vkb_device boolean. Notably the HVM vkb cannot be configured, so feature-abs-pointer or the backend-type cannot be specified. Re-arrange the logic so that vkb=[] is handled regardless of domain type. If vkb is empty or unspecified, follow the vkb_device boolean for HVMs. Nothing changes for PVH & PV. HVMs can now get a configured vkb instead of just the default one. The chance for regression is an HVM config with vkb=["$something"] vkb_device=false Which would now get a vkb. This is useful for vGlass which provides a VKB to HVMs. vGlass wants to specify feature-abs-pointer, but that is racily written by vGlass instead of coming through the xl.cfg. Unhelpfully, Linux xen-kbdfront reads the backend nodes without checking that the backend is in InitWait. Signed-off-by: Jason Andryuk Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- CHANGELOG.md | 1 + docs/man/xl.cfg.5.pod.in | 2 ++ tools/libs/light/libxl_create.c | 27 +++++++++++++++------------ 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93fda73c00..8041cfb7d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - On x86: - HVM PIRQs are disabled by default. - Reduce IOMMU setup time for hardware domain. + - xl/libxl configures vkb=[] for HVM domains with priority over vkb_device. ### Added - On x86: diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in index 039e057318..8f2b375ce9 100644 --- a/docs/man/xl.cfg.5.pod.in +++ b/docs/man/xl.cfg.5.pod.in @@ -2710,6 +2710,8 @@ device. Specifies that the HVM guest gets a vkdb. The default is true (1). +This option is only used when B is unset. + =item B Enables or disables an emulated USB bus in the guest. diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index 5546335973..41252ec553 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1769,24 +1769,32 @@ static void domcreate_launch_dm(libxl__egc *egc, libxl__multidev *multidev, libxl__device_add(gc, domid, &libxl__virtio_devtype, &d_config->virtios[i]); + if (d_config->num_vkbs) { + for (i = 0; i < d_config->num_vkbs; i++) { + ret = libxl__device_add(gc, domid, &libxl__vkb_devtype, + &d_config->vkbs[i]); + if (ret) goto error_out; + } + } else if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM && + libxl_defbool_val(d_config->b_info.u.hvm.vkb_device)) { + libxl_device_vkb vkb; + + libxl_device_vkb_init(&vkb); + libxl__device_add(gc, domid, &libxl__vkb_devtype, &vkb); + libxl_device_vkb_dispose(&vkb); + } + switch (d_config->c_info.type) { case LIBXL_DOMAIN_TYPE_HVM: { libxl__device_console console; libxl__device device; - libxl_device_vkb vkb; init_console_info(gc, &console, 0); console.backend_domid = state->console_domid; libxl__device_console_add(gc, domid, &console, state, &device); libxl__device_console_dispose(&console); - if (libxl_defbool_val(d_config->b_info.u.hvm.vkb_device)) { - libxl_device_vkb_init(&vkb); - libxl__device_add(gc, domid, &libxl__vkb_devtype, &vkb); - libxl_device_vkb_dispose(&vkb); - } - dcs->sdss.dm.guest_domid = domid; if (libxl_defbool_val(d_config->b_info.device_model_stubdomain)) libxl__spawn_stub_dm(egc, &dcs->sdss); @@ -1814,11 +1822,6 @@ static void domcreate_launch_dm(libxl__egc *egc, libxl__multidev *multidev, &d_config->vfbs[i]); } - for (i = 0; i < d_config->num_vkbs; i++) { - libxl__device_add(gc, domid, &libxl__vkb_devtype, - &d_config->vkbs[i]); - } - if (d_config->b_info.arch_arm.vuart == LIBXL_VUART_TYPE_SBSA_UART) { init_console_info(gc, &vuart, 0); vuart.backend_domid = state->console_domid; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:19:29 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:19:29 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707223.1104949 (Exim 4.92) (envelope-from ) id 1rwvpZ-000333-DS; Wed, 17 Apr 2024 03:19:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707223.1104949; Wed, 17 Apr 2024 03:19:29 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpZ-00032w-Ar; Wed, 17 Apr 2024 03:19:29 +0000 Received: by outflank-mailman (input) for mailman id 707223; Wed, 17 Apr 2024 03:19:27 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpX-00032n-GW for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:27 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpX-0001NF-Fr for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:27 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvpX-0004YS-F8 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:27 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uexwf6d0XQnlctGYoGkheCvp2Vunkg0Fng+EAmQC6GY=; b=IKo9u77+80wMgDQze6OZNAFs4n GM+ThEdr1+cHfUIsc1UMfebaKp2RzGD0iKHJNZKJhnd7Iv3uoAFH53Cbs0p7XNOSFcqEBTTzDkdHr kOm3qvhVtzZyBWy/exd005Y5BThP/IIEleFxJabzu49aKpeaAYLozz6pLLKuvRvHTM8o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxl: devd: Spawn QEMU for 9pfs Message-Id: Date: Wed, 17 Apr 2024 03:19:27 +0000 commit 09abf1b61b45f65ebd017a246d887254dc50e0f8 Author: Jason Andryuk AuthorDate: Sun Apr 7 16:58:09 2024 -0400 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:41:09 2024 +0100 libxl: devd: Spawn QEMU for 9pfs Add support for xl devd to support 9pfs in a domU. devd need to spawn a pvqemu for the domain to service 9pfs as well as qdisk backends. Rename num_qdisks to pvqemu_refcnt to be more generic. Keep the qdisk-backend-pid xenstore key as well as the disk-%u log file. They are externally visible, so they might be used by other tooling. Signed-off-by: Jason Andryuk Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_device.c | 22 ++++++++++++---------- tools/libs/light/libxl_dm.c | 5 +++-- tools/libs/light/libxl_internal.h | 4 ++-- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/tools/libs/light/libxl_device.c b/tools/libs/light/libxl_device.c index 6f0100d05e..a3d9f6f7df 100644 --- a/tools/libs/light/libxl_device.c +++ b/tools/libs/light/libxl_device.c @@ -1524,12 +1524,12 @@ static void device_complete(libxl__egc *egc, libxl__ao_device *aodev) libxl__nested_ao_free(aodev->ao); } -static void qdisk_spawn_outcome(libxl__egc *egc, libxl__dm_spawn_state *dmss, - int rc) +static void qemu_xenpv_spawn_outcome(libxl__egc *egc, + libxl__dm_spawn_state *dmss, int rc) { STATE_AO_GC(dmss->spawn.ao); - LOGD(DEBUG, dmss->guest_domid, "qdisk backend spawn %s", + LOGD(DEBUG, dmss->guest_domid, "qemu xenpv backend spawn %s", rc ? "failed" : "succeed"); libxl__nested_ao_free(dmss->spawn.ao); @@ -1552,7 +1552,7 @@ typedef struct libxl__ddomain_device { */ typedef struct libxl__ddomain_guest { uint32_t domid; - int num_qdisks; + int pvqemu_refcnt; XEN_SLIST_HEAD(, struct libxl__ddomain_device) devices; XEN_SLIST_ENTRY(struct libxl__ddomain_guest) next; } libxl__ddomain_guest; @@ -1646,15 +1646,16 @@ static int add_device(libxl__egc *egc, libxl__ao *ao, switch(dev->backend_kind) { case LIBXL__DEVICE_KIND_QDISK: - if (dguest->num_qdisks == 0) { + case LIBXL__DEVICE_KIND_9PFS: + if (dguest->pvqemu_refcnt == 0) { GCNEW(dmss); dmss->guest_domid = dev->domid; dmss->spawn.ao = ao; - dmss->callback = qdisk_spawn_outcome; + dmss->callback = qemu_xenpv_spawn_outcome; - libxl__spawn_qdisk_backend(egc, dmss); + libxl__spawn_qemu_xenpv_backend(egc, dmss); } - dguest->num_qdisks++; + dguest->pvqemu_refcnt++; break; default: GCNEW(aodev); @@ -1685,8 +1686,9 @@ static int remove_device(libxl__egc *egc, libxl__ao *ao, switch(ddev->dev->backend_kind) { case LIBXL__DEVICE_KIND_QDISK: - if (--dguest->num_qdisks == 0) { - rc = libxl__destroy_qdisk_backend(gc, dev->domid); + case LIBXL__DEVICE_KIND_9PFS: + if (--dguest->pvqemu_refcnt == 0) { + rc = libxl__destroy_qemu_xenpv_backend(gc, dev->domid); if (rc) goto out; } diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 0b03a7c747..567ae1ec7e 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -3381,7 +3381,8 @@ static void device_model_postconfig_done(libxl__egc *egc, dmss->callback(egc, dmss, rc); } -void libxl__spawn_qdisk_backend(libxl__egc *egc, libxl__dm_spawn_state *dmss) +void libxl__spawn_qemu_xenpv_backend(libxl__egc *egc, + libxl__dm_spawn_state *dmss) { STATE_AO_GC(dmss->spawn.ao); flexarray_t *dm_args, *dm_envs; @@ -3471,7 +3472,7 @@ static int kill_device_model(libxl__gc *gc, const char *xs_path_pid) } /* Helper to destroy a Qdisk backend */ -int libxl__destroy_qdisk_backend(libxl__gc *gc, uint32_t domid) +int libxl__destroy_qemu_xenpv_backend(libxl__gc *gc, uint32_t domid) { char *pid_path; int rc; diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h index 803dbc1a03..3b58bb2d7f 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h @@ -4192,9 +4192,9 @@ _hidden char *libxl__stub_dm_name(libxl__gc *gc, const char * guest_name); /* Qdisk backend launch helpers */ -_hidden void libxl__spawn_qdisk_backend(libxl__egc *egc, +_hidden void libxl__spawn_qemu_xenpv_backend(libxl__egc *egc, libxl__dm_spawn_state *dmss); -_hidden int libxl__destroy_qdisk_backend(libxl__gc *gc, uint32_t domid); +_hidden int libxl__destroy_qemu_xenpv_backend(libxl__gc *gc, uint32_t domid); /*----- Domain creation -----*/ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:19:39 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:19:39 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707224.1104954 (Exim 4.92) (envelope-from ) id 1rwvpj-00035r-F7; Wed, 17 Apr 2024 03:19:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707224.1104954; Wed, 17 Apr 2024 03:19:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpj-00035j-CK; Wed, 17 Apr 2024 03:19:39 +0000 Received: by outflank-mailman (input) for mailman id 707224; Wed, 17 Apr 2024 03:19:37 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvph-00035a-JT for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:37 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvph-0001OA-Ij for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:37 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvph-0004Yt-Hr for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:37 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aOwAnu31tQU+CePSANqLKBeIUKwPdUkl0sGXFuM3fxo=; b=eDSxfEUPCsqwNI06cYYdd3mrxQ m9Nu4EkDgwLZ5LEhxJPHml4rQ0ImiA1qaQ9gLmJ+1qCfPzhR1w/3e2L5H/TfcLNeCqcUiEwBoN01N AcUi6hBuJlvPhxkvQSr+b3fHW42w2iraxKyObuSSfQ3n3GM/l3XIHMsCz+eVaN+f0umg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] altcall: fix __alt_call_maybe_initdata so it's safe for livepatch Message-Id: Date: Wed, 17 Apr 2024 03:19:37 +0000 commit af4cd0a6a61cdb03bc1afca9478b05b0c9703599 Author: Roger Pau Monne AuthorDate: Thu Apr 11 18:08:38 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 11 18:51:36 2024 +0100 altcall: fix __alt_call_maybe_initdata so it's safe for livepatch Setting alternative call variables as __init is not safe for use with livepatch, as livepatches can rightfully introduce new alternative calls to structures marked as __alt_call_maybe_initdata (possibly just indirectly due to replacing existing functions that use those). Attempting to resolve those alternative calls then results in page faults as the variable that holds the function pointer address has been freed. When livepatch is supported use the __ro_after_init attribute instead of __initdata for __alt_call_maybe_initdata. Fixes: f26bb285949b ('xen: Implement xen/alternative-call.h for use in common code') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper --- xen/include/xen/alternative-call.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/xen/include/xen/alternative-call.h b/xen/include/xen/alternative-call.h index 5c6b9a562b..10f7d7637e 100644 --- a/xen/include/xen/alternative-call.h +++ b/xen/include/xen/alternative-call.h @@ -50,7 +50,12 @@ #include -#define __alt_call_maybe_initdata __initdata +#ifdef CONFIG_LIVEPATCH +/* Must keep for livepatches to resolve alternative calls. */ +# define __alt_call_maybe_initdata __ro_after_init +#else +# define __alt_call_maybe_initdata __initdata +#endif #else -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:19:49 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:19:49 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707225.1104958 (Exim 4.92) (envelope-from ) id 1rwvpt-00039G-I8; Wed, 17 Apr 2024 03:19:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707225.1104958; Wed, 17 Apr 2024 03:19:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpt-000399-FF; Wed, 17 Apr 2024 03:19:49 +0000 Received: by outflank-mailman (input) for mailman id 707225; Wed, 17 Apr 2024 03:19:47 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpr-00038d-Mm for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:47 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvpr-0001OX-Ln for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:47 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvpr-0004Zq-Ku for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:47 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=f3An/MM20jl776yv4lo7vDC+ILrL9e6d7Hxg7Lgm0Jk=; b=Ytz79Qj4D6x0lBqFjjVEoyaeXz OU5UyPlsSmPnexOcADchMHu5pOkMtZyinjh20zK9HOJ8SFqdxG1F4cwsuk4k9cI47QkuB0AdWB81c 2puwoH0MclBpc1qkD4OKmAK5Uf2NtR0wUauqqphGsOOmaQdYjiUqM7c19vils9jl0+qE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/gzip: Colocate gunzip code files Message-Id: Date: Wed, 17 Apr 2024 03:19:47 +0000 commit cfb922bb7d6945eb4d33a910d78b506ae0af14fa Author: Daniel P. Smith AuthorDate: Thu Apr 11 11:25:14 2024 -0400 Commit: Andrew Cooper CommitDate: Fri Apr 12 13:10:18 2024 +0100 xen/gzip: Colocate gunzip code files This patch moves the gunzip code files to common/gzip. Makefiles are adjusted accordingly. Signed-off-by: Daniel P. Smith Reviewed-by: Andrew Cooper --- docs/misra/exclude-list.json | 2 +- xen/common/Makefile | 2 +- xen/common/gunzip.c | 139 ----- xen/common/gzip/Makefile | 1 + xen/common/gzip/gunzip.c | 139 +++++ xen/common/gzip/inflate.c | 1305 ++++++++++++++++++++++++++++++++++++++++++ xen/common/inflate.c | 1305 ------------------------------------------ 7 files changed, 1447 insertions(+), 1446 deletions(-) diff --git a/docs/misra/exclude-list.json b/docs/misra/exclude-list.json index 36bad9e54f..0956364158 100644 --- a/docs/misra/exclude-list.json +++ b/docs/misra/exclude-list.json @@ -118,7 +118,7 @@ "comment": "Imported from Linux, ignore for now" }, { - "rel_path": "common/inflate.c", + "rel_path": "common/gzip/inflate.c", "comment": "Imported from Linux, ignore for now" }, { diff --git a/xen/common/Makefile b/xen/common/Makefile index e5eee19a85..d512cad524 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -14,7 +14,7 @@ obj-y += event_channel.o obj-y += event_fifo.o obj-$(CONFIG_GRANT_TABLE) += grant_table.o obj-y += guestcopy.o -obj-bin-y += gunzip.init.o +obj-y += gzip/ obj-$(CONFIG_HYPFS) += hypfs.o obj-$(CONFIG_IOREQ_SERVER) += ioreq.o obj-y += irq.o diff --git a/xen/common/gunzip.c b/xen/common/gunzip.c deleted file mode 100644 index 2c6eae167d..0000000000 --- a/xen/common/gunzip.c +++ /dev/null @@ -1,139 +0,0 @@ -#include -#include -#include -#include -#include - -#define HEAPORDER 3 - -static unsigned char *__initdata window; -#define memptr long -static memptr __initdata free_mem_ptr; -static memptr __initdata free_mem_end_ptr; - -#define WSIZE 0x80000000U - -static unsigned char *__initdata inbuf; -static unsigned int __initdata insize; - -/* Index of next byte to be processed in inbuf: */ -static unsigned int __initdata inptr; - -/* Bytes in output buffer: */ -static unsigned int __initdata outcnt; - -#define OF(args) args - -#define memzero(s, n) memset((s), 0, (n)) - -typedef unsigned char uch; -typedef unsigned short ush; -typedef unsigned long ulg; - -#define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf()) - -/* Diagnostic functions */ -#ifdef DEBUG -# define Assert(cond, msg) do { if (!(cond)) error(msg); } while (0) -# define Trace(x) do { fprintf x; } while (0) -# define Tracev(x) do { if (verbose) fprintf x ; } while (0) -# define Tracevv(x) do { if (verbose > 1) fprintf x ; } while (0) -# define Tracec(c, x) do { if (verbose && (c)) fprintf x ; } while (0) -# define Tracecv(c, x) do { if (verbose > 1 && (c)) fprintf x ; } while (0) -#else -# define Assert(cond, msg) -# define Trace(x) -# define Tracev(x) -# define Tracevv(x) -# define Tracec(c, x) -# define Tracecv(c, x) -#endif - -static long __initdata bytes_out; -static void flush_window(void); - -static __init void error(const char *x) -{ - panic("%s\n", x); -} - -static __init int fill_inbuf(void) -{ - error("ran out of input data"); - return 0; -} - - -#include "inflate.c" - -static __init void flush_window(void) -{ - /* - * The window is equal to the output buffer therefore only need to - * compute the crc. - */ - unsigned long c = crc; - unsigned int n; - unsigned char *in, ch; - - in = window; - for ( n = 0; n < outcnt; n++ ) - { - ch = *in++; - c = crc_32_tab[((int)c ^ ch) & 0xff] ^ (c >> 8); - } - crc = c; - - bytes_out += (unsigned long)outcnt; - outcnt = 0; -} - -__init int gzip_check(char *image, unsigned long image_len) -{ - unsigned char magic0, magic1; - - if ( image_len < 2 ) - return 0; - - magic0 = (unsigned char)image[0]; - magic1 = (unsigned char)image[1]; - - return (magic0 == 0x1f) && ((magic1 == 0x8b) || (magic1 == 0x9e)); -} - -__init int perform_gunzip(char *output, char *image, unsigned long image_len) -{ - int rc; - - if ( !gzip_check(image, image_len) ) - return 1; - - window = (unsigned char *)output; - - free_mem_ptr = (unsigned long)alloc_xenheap_pages(HEAPORDER, 0); - if ( !free_mem_ptr ) - return -ENOMEM; - - free_mem_end_ptr = free_mem_ptr + (PAGE_SIZE << HEAPORDER); - init_allocator(); - - inbuf = (unsigned char *)image; - insize = image_len; - inptr = 0; - bytes_out = 0; - - makecrc(); - - if ( gunzip() < 0 ) - { - rc = -EINVAL; - } - else - { - rc = 0; - } - - free_xenheap_pages((void *)free_mem_ptr, HEAPORDER); - - return rc; -} diff --git a/xen/common/gzip/Makefile b/xen/common/gzip/Makefile new file mode 100644 index 0000000000..bda73c0184 --- /dev/null +++ b/xen/common/gzip/Makefile @@ -0,0 +1 @@ +obj-bin-y += gunzip.init.o diff --git a/xen/common/gzip/gunzip.c b/xen/common/gzip/gunzip.c new file mode 100644 index 0000000000..2c6eae167d --- /dev/null +++ b/xen/common/gzip/gunzip.c @@ -0,0 +1,139 @@ +#include +#include +#include +#include +#include + +#define HEAPORDER 3 + +static unsigned char *__initdata window; +#define memptr long +static memptr __initdata free_mem_ptr; +static memptr __initdata free_mem_end_ptr; + +#define WSIZE 0x80000000U + +static unsigned char *__initdata inbuf; +static unsigned int __initdata insize; + +/* Index of next byte to be processed in inbuf: */ +static unsigned int __initdata inptr; + +/* Bytes in output buffer: */ +static unsigned int __initdata outcnt; + +#define OF(args) args + +#define memzero(s, n) memset((s), 0, (n)) + +typedef unsigned char uch; +typedef unsigned short ush; +typedef unsigned long ulg; + +#define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf()) + +/* Diagnostic functions */ +#ifdef DEBUG +# define Assert(cond, msg) do { if (!(cond)) error(msg); } while (0) +# define Trace(x) do { fprintf x; } while (0) +# define Tracev(x) do { if (verbose) fprintf x ; } while (0) +# define Tracevv(x) do { if (verbose > 1) fprintf x ; } while (0) +# define Tracec(c, x) do { if (verbose && (c)) fprintf x ; } while (0) +# define Tracecv(c, x) do { if (verbose > 1 && (c)) fprintf x ; } while (0) +#else +# define Assert(cond, msg) +# define Trace(x) +# define Tracev(x) +# define Tracevv(x) +# define Tracec(c, x) +# define Tracecv(c, x) +#endif + +static long __initdata bytes_out; +static void flush_window(void); + +static __init void error(const char *x) +{ + panic("%s\n", x); +} + +static __init int fill_inbuf(void) +{ + error("ran out of input data"); + return 0; +} + + +#include "inflate.c" + +static __init void flush_window(void) +{ + /* + * The window is equal to the output buffer therefore only need to + * compute the crc. + */ + unsigned long c = crc; + unsigned int n; + unsigned char *in, ch; + + in = window; + for ( n = 0; n < outcnt; n++ ) + { + ch = *in++; + c = crc_32_tab[((int)c ^ ch) & 0xff] ^ (c >> 8); + } + crc = c; + + bytes_out += (unsigned long)outcnt; + outcnt = 0; +} + +__init int gzip_check(char *image, unsigned long image_len) +{ + unsigned char magic0, magic1; + + if ( image_len < 2 ) + return 0; + + magic0 = (unsigned char)image[0]; + magic1 = (unsigned char)image[1]; + + return (magic0 == 0x1f) && ((magic1 == 0x8b) || (magic1 == 0x9e)); +} + +__init int perform_gunzip(char *output, char *image, unsigned long image_len) +{ + int rc; + + if ( !gzip_check(image, image_len) ) + return 1; + + window = (unsigned char *)output; + + free_mem_ptr = (unsigned long)alloc_xenheap_pages(HEAPORDER, 0); + if ( !free_mem_ptr ) + return -ENOMEM; + + free_mem_end_ptr = free_mem_ptr + (PAGE_SIZE << HEAPORDER); + init_allocator(); + + inbuf = (unsigned char *)image; + insize = image_len; + inptr = 0; + bytes_out = 0; + + makecrc(); + + if ( gunzip() < 0 ) + { + rc = -EINVAL; + } + else + { + rc = 0; + } + + free_xenheap_pages((void *)free_mem_ptr, HEAPORDER); + + return rc; +} diff --git a/xen/common/gzip/inflate.c b/xen/common/gzip/inflate.c new file mode 100644 index 0000000000..58f263d9e8 --- /dev/null +++ b/xen/common/gzip/inflate.c @@ -0,0 +1,1305 @@ +#define DEBG(x) +#define DEBG1(x) +/* inflate.c -- Not copyrighted 1992 by Mark Adler + version c10p1, 10 January 1993 */ + +/* + * Adapted for booting Linux by Hannu Savolainen 1993 + * based on gzip-1.0.3 + * + * Nicolas Pitre , 1999/04/14 : + * Little mods for all variable to reside either into rodata or bss segments + * by marking constant variables with 'const' and initializing all the others + * at run-time only. This allows for the kernel uncompressor to run + * directly from Flash or ROM memory on embedded systems. + */ + +/* + Inflate deflated (PKZIP's method 8 compressed) data. The compression + method searches for as much of the current string of bytes (up to a + length of 258) in the previous 32 K bytes. If it doesn't find any + matches (of at least length 3), it codes the next byte. Otherwise, it + codes the length of the matched string and its distance backwards from + the current position. There is a single Huffman code that codes both + single bytes (called "literals") and match lengths. A second Huffman + code codes the distance information, which follows a length code. Each + length or distance code actually represents a base value and a number + of "extra" (sometimes zero) bits to get to add to the base value. At + the end of each deflated block is a special end-of-block (EOB) literal/ + length code. The decoding process is basically: get a literal/length + code; if EOB then done; if a literal, emit the decoded byte; if a + length then get the distance and emit the referred-to bytes from the + sliding window of previously emitted data. + + There are (currently) three kinds of inflate blocks: stored, fixed, and + dynamic. The compressor deals with some chunk of data at a time, and + decides which method to use on a chunk-by-chunk basis. A chunk might + typically be 32 K or 64 K. If the chunk is incompressible, then the + "stored" method is used. In this case, the bytes are simply stored as + is, eight bits per byte, with none of the above coding. The bytes are + preceded by a count, since there is no longer an EOB code. + + If the data is compressible, then either the fixed or dynamic methods + are used. In the dynamic method, the compressed data is preceded by + an encoding of the literal/length and distance Huffman codes that are + to be used to decode this block. The representation is itself Huffman + coded, and so is preceded by a description of that code. These code + descriptions take up a little space, and so for small blocks, there is + a predefined set of codes, called the fixed codes. The fixed method is + used if the block codes up smaller that way (usually for quite small + chunks), otherwise the dynamic method is used. In the latter case, the + codes are customized to the probabilities in the current block, and so + can code it much better than the pre-determined fixed codes. + + The Huffman codes themselves are decoded using a multi-level table + lookup, in order to maximize the speed of decoding plus the speed of + building the decoding tables. See the comments below that precede the + lbits and dbits tuning parameters. + */ + + +/* + Notes beyond the 1.93a appnote.txt: + + 1. Distance pointers never point before the beginning of the output + stream. + 2. Distance pointers can point back across blocks, up to 32k away. + 3. There is an implied maximum of 7 bits for the bit length table and + 15 bits for the actual data. + 4. If only one code exists, then it is encoded using one bit. (Zero + would be more efficient, but perhaps a little confusing.) If two + codes exist, they are coded using one bit each (0 and 1). + 5. There is no way of sending zero distance codes--a dummy must be + sent if there are none. (History: a pre 2.0 version of PKZIP would + store blocks with no distance codes, but this was discovered to be + too harsh a criterion.) Valid only for 1.93a. 2.04c does allow + zero distance codes, which is sent as one code of zero bits in + length. + 6. There are up to 286 literal/length codes. Code 256 represents the + end-of-block. Note however that the static length tree defines + 288 codes just to fill out the Huffman codes. Codes 286 and 287 + cannot be used though, since there is no length base or extra bits + defined for them. Similarly, there are up to 30 distance codes. + However, static trees define 32 codes (all 5 bits) to fill out the + Huffman codes, but the last two had better not show up in the data. + 7. Unzip can check dynamic Huffman blocks for complete code sets. + The exception is that a single code would not be complete (see #4). + 8. The five bits following the block type is really the number of + literal codes sent minus 257. + 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits + (1+6+6). Therefore, to output three times the length, you output + three codes (1+1+1), whereas to output four times the same length, + you only need two codes (1+3). Hmm. + 10. In the tree reconstruction algorithm, Code = Code + Increment + only if BitLength(i) is not zero. (Pretty obvious.) + 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) + 12. Note: length code 284 can represent 227-258, but length code 285 + really is 258. The last length deserves its own, short code + since it gets used a lot in very redundant files. The length + 258 is special since 258 - 3 (the min match length) is 255. + 13. The literal/length and distance code bit lengths are read as a + single stream of lengths. It is possible (and advantageous) for + a repeat code (16, 17, or 18) to go across the boundary between + the two sets of lengths. + */ + +#ifdef RCSID +static char rcsid[] = "#Id: inflate.c,v 0.14 1993/06/10 13:27:04 jloup Exp #"; +#endif + +#ifndef __XEN__ + +#if defined(STDC_HEADERS) || defined(HAVE_STDLIB_H) +# include +# include +#endif + +#include "gzip.h" + +#endif /* !__XEN__ */ + +#define slide window + +/* Huffman code lookup table entry--this entry is four bytes for machines + that have 16-bit pointers (e.g. PC's in the small or medium model). + Valid extra bits are 0..13. e == 15 is EOB (end of block), e == 16 + means that v is a literal, 16 < e < 32 means that v is a pointer to + the next table, which codes e - 16 bits, and lastly e == 99 indicates + an unused code. If a code with e == 99 is looked up, this implies an + error in the data. */ +struct huft { + uch e; /* number of extra bits or operation */ + uch b; /* number of bits in this code or subcode */ + union { + ush n; /* literal, length base, or distance base */ + struct huft *t; /* pointer to next level of table */ + } v; +}; + + +/* Function prototypes */ +static int huft_build OF((unsigned *, unsigned, unsigned, + const ush *, const ush *, struct huft **, int *)); +static int huft_free OF((struct huft *)); +static int inflate_codes OF((struct huft *, struct huft *, int, int)); +static int inflate_stored OF((void)); +static int inflate_fixed OF((void)); +static int inflate_dynamic OF((void)); +static int inflate_block OF((int *)); +static int inflate OF((void)); + + +/* The inflate algorithm uses a sliding 32 K byte window on the uncompressed + stream to find repeated byte strings. This is implemented here as a + circular buffer. The index is updated simply by incrementing and then + ANDing with 0x7fff (32K-1). */ +/* It is left to other modules to supply the 32 K area. It is assumed + to be usable as if it were declared "uch slide[32768];" or as just + "uch *slide;" and then malloc'ed in the latter case. The definition + must be in unzip.h, included above. */ +/* unsigned wp; current position in slide */ +#define wp outcnt +#define flush_output(w) (wp=(w),flush_window()) + +/* Tables for deflate from PKZIP's appnote.txt. */ +static const unsigned border[] = { /* Order of the bit length code lengths */ + 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; +static const ush cplens[] = { /* Copy lengths for literal codes 257..285 */ + 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, + 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; +/* note: see note #13 above about the 258 in this list. */ +static const ush cplext[] = { /* Extra bits for literal codes 257..285 */ + 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, + 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 99, 99}; /* 99==invalid */ +static const ush cpdist[] = { /* Copy offsets for distance codes 0..29 */ + 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, + 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, + 8193, 12289, 16385, 24577}; +static const ush cpdext[] = { /* Extra bits for distance codes */ + 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, + 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, + 12, 12, 13, 13}; + + + +/* Macros for inflate() bit peeking and grabbing. + The usage is: + + NEEDBITS(j) + x = b & mask_bits[j]; + DUMPBITS(j) + + where NEEDBITS makes sure that b has at least j bits in it, and + DUMPBITS removes the bits from b. The macros use the variable k + for the number of bits in b. Normally, b and k are register + variables for speed, and are initialized at the beginning of a + routine that uses these macros from a global bit buffer and count. + + If we assume that EOB will be the longest code, then we will never + ask for bits with NEEDBITS that are beyond the end of the stream. + So, NEEDBITS should not read any more bytes than are needed to + meet the request. Then no bytes need to be "returned" to the buffer + at the end of the last block. + + However, this assumption is not true for fixed blocks--the EOB code + is 7 bits, but the other literal/length codes can be 8 or 9 bits. + (The EOB code is shorter than other codes because fixed blocks are + generally short. So, while a block always has an EOB, many other + literal/length codes have a significantly lower probability of + showing up at all.) However, by making the first table have a + lookup of seven bits, the EOB code will be found in that first + lookup, and so will not require that too many bits be pulled from + the stream. + */ + +static ulg __initdata bb; /* bit buffer */ +static unsigned __initdata bk; /* bits in bit buffer */ + +static const ush mask_bits[] = { + 0x0000, + 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff, + 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff +}; + +#define NEXTBYTE() ({ int v = get_byte(); if (v < 0) goto underrun; (uch)v; }) +#define NEEDBITS(n) {while(k<(n)){b|=((ulg)NEXTBYTE())<>=(n);k-=(n);} + +#ifndef NO_INFLATE_MALLOC +/* A trivial malloc implementation, adapted from + * malloc by Hannu Savolainen 1993 and Matthias Urlichs 1994 + */ + +static unsigned long __initdata malloc_ptr; +static int __initdata malloc_count; + +static void __init init_allocator(void) +{ + malloc_ptr = free_mem_ptr; + malloc_count = 0; +} + +static void *__init malloc(int size) +{ + void *p; + + if (size < 0) + error("Malloc error"); + if (!malloc_ptr) + malloc_ptr = free_mem_ptr; + + malloc_ptr = (malloc_ptr + 3) & ~3; /* Align */ + + p = (void *)malloc_ptr; + malloc_ptr += size; + + if (free_mem_end_ptr && malloc_ptr >= free_mem_end_ptr) + error("Out of memory"); + + malloc_count++; + return p; +} + +static void __init free(void *where) +{ + malloc_count--; + if (!malloc_count) + malloc_ptr = free_mem_ptr; +} +#else +#define malloc(a) kmalloc(a, GFP_KERNEL) +#define free(a) kfree(a) +#endif + +/* + Huffman code decoding is performed using a multi-level table lookup. + The fastest way to decode is to simply build a lookup table whose + size is determined by the longest code. However, the time it takes + to build this table can also be a factor if the data being decoded + is not very long. The most common codes are necessarily the + shortest codes, so those codes dominate the decoding time, and hence + the speed. The idea is you can have a shorter table that decodes the + shorter, more probable codes, and then point to subsidiary tables for + the longer codes. The time it costs to decode the longer codes is + then traded against the time it takes to make longer tables. + + This results of this trade are in the variables lbits and dbits + below. lbits is the number of bits the first level table for literal/ + length codes can decode in one step, and dbits is the same thing for + the distance codes. Subsequent tables are also less than or equal to + those sizes. These values may be adjusted either when all of the + codes are shorter than that, in which case the longest code length in + bits is used, or when the shortest code is *longer* than the requested + table size, in which case the length of the shortest code in bits is + used. + + There are two different values for the two tables, since they code a + different number of possibilities each. The literal/length table + codes 286 possible values, or in a flat code, a little over eight + bits. The distance table codes 30 possible values, or a little less + than five bits, flat. The optimum values for speed end up being + about one bit more than those, so lbits is 8+1 and dbits is 5+1. + The optimum values may differ though from machine to machine, and + possibly even between compilers. Your mileage may vary. + */ + + +static const int lbits = 9; /* bits in base literal/length lookup table */ +static const int dbits = 6; /* bits in base distance lookup table */ + + +/* If BMAX needs to be larger than 16, then h and x[] should be ulg. */ +#define BMAX 16 /* maximum bit length of any code (16 for explode) */ +#define N_MAX 288 /* maximum number of codes in any set */ + + +static unsigned __initdata hufts; /* track memory usage */ + + +static int __init huft_build( + unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ + unsigned n, /* number of codes (assumed <= N_MAX) */ + unsigned s, /* number of simple-valued codes (0..s-1) */ + const ush *d, /* list of base values for non-simple codes */ + const ush *e, /* list of extra bits for non-simple codes */ + struct huft **t, /* result: starting table */ + int *m /* maximum lookup bits, returns actual */ + ) +/* Given a list of code lengths and a maximum table size, make a set of + tables to decode that set of codes. Return zero on success, one if + the given code set is incomplete (the tables are still built in this + case), two if the input is invalid (all zero length codes or an + oversubscribed set of lengths), and three if not enough memory. */ +{ + unsigned a; /* counter for codes of length k */ + unsigned f; /* i repeats in table every f entries */ + int g; /* maximum code length */ + int h; /* table level */ + register unsigned i; /* counter, current code */ + register unsigned j; /* counter */ + register int k; /* number of bits in current code */ + int l; /* bits per table (returned in m) */ + register unsigned *p; /* pointer into c[], b[], or v[] */ + register struct huft *q; /* points to current table */ + struct huft r; /* table entry for structure assignment */ + register int w; /* bits before this table == (l * h) */ + unsigned *xp; /* pointer into x */ + int y; /* number of dummy codes added */ + unsigned z; /* number of entries in current table */ + struct { + unsigned c[BMAX+1]; /* bit length count table */ + struct huft *u[BMAX]; /* table stack */ + unsigned v[N_MAX]; /* values in order of bit length */ + unsigned x[BMAX+1]; /* bit offsets, then code stack */ + } *stk; + unsigned *c, *v, *x; + struct huft **u; + int ret; + + DEBG("huft1 "); + + stk = malloc(sizeof(*stk)); + if (stk == NULL) + return 3; /* out of memory */ + + c = stk->c; + v = stk->v; + x = stk->x; + u = stk->u; + + /* Generate counts for each bit length */ + memzero(stk->c, sizeof(stk->c)); + p = b; i = n; + do { + Tracecv(*p, (stderr, (n-i >= ' ' && n-i <= '~' ? "%c %d\n" : "0x%x %d\n"), + n-i, *p)); + c[*p]++; /* assume all entries <= BMAX */ + p++; /* Can't combine with above line (Solaris bug) */ + } while (--i); + if (c[0] == n) /* null input--all zero length codes */ + { + *t = (struct huft *)NULL; + *m = 0; + ret = 2; + goto out; + } + + DEBG("huft2 "); + + /* Find minimum and maximum length, bound *m by those */ + l = *m; + for (j = 1; j <= BMAX; j++) + if (c[j]) + break; + k = j; /* minimum code length */ + if ((unsigned)l < j) + l = j; + for (i = BMAX; i; i--) + if (c[i]) + break; + g = i; /* maximum code length */ + if ((unsigned)l > i) + l = i; + *m = l; + + DEBG("huft3 "); + + /* Adjust last length count to fill out codes, if needed */ + for (y = 1 << j; j < i; j++, y <<= 1) + if ((y -= c[j]) < 0) { + ret = 2; /* bad input: more codes than bits */ + goto out; + } + if ((y -= c[i]) < 0) { + ret = 2; + goto out; + } + c[i] += y; + + DEBG("huft4 "); + + /* Generate starting offsets into the value table for each length */ + x[1] = j = 0; + p = c + 1; xp = x + 2; + while (--i) { /* note that i == g from above */ + *xp++ = (j += *p++); + } + + DEBG("huft5 "); + + /* Make a table of values in order of bit lengths */ + p = b; i = 0; + do { + if ((j = *p++) != 0) + v[x[j]++] = i; + } while (++i < n); + n = x[g]; /* set n to length of v */ + + DEBG("h6 "); + + /* Generate the Huffman codes and for each, make the table entries */ + x[0] = i = 0; /* first Huffman code is zero */ + p = v; /* grab values in bit order */ + h = -1; /* no tables yet--level -1 */ + w = -l; /* bits decoded == (l * h) */ + u[0] = (struct huft *)NULL; /* just to keep compilers happy */ + q = (struct huft *)NULL; /* ditto */ + z = 0; /* ditto */ + DEBG("h6a "); + + /* go through the bit lengths (k already is bits in shortest code) */ + for (; k <= g; k++) + { + DEBG("h6b "); + a = c[k]; + while (a--) + { + DEBG("h6b1 "); + /* here i is the Huffman code of length k bits for value *p */ + /* make tables up to required level */ + while (k > w + l) + { + DEBG1("1 "); + h++; + w += l; /* previous table always l bits */ + + /* compute minimum size table less than or equal to l bits */ + z = (z = g - w) > (unsigned)l ? l : z; /* upper limit on table size */ + if ((f = 1 << (j = k - w)) > a + 1) /* try a k-w bit table */ + { /* too few codes for k-w bit table */ + DEBG1("2 "); + f -= a + 1; /* deduct codes from patterns left */ + xp = c + k; + if (j < z) + while (++j < z) /* try smaller tables up to z bits */ + { + if ((f <<= 1) <= *++xp) + break; /* enough codes to use up j bits */ + f -= *xp; /* else deduct codes from patterns */ + } + } + DEBG1("3 "); + z = 1 << j; /* table entries for j-bit table */ + + /* allocate and link in new table */ + if ((q = (struct huft *)malloc((z + 1)*sizeof(struct huft))) == + (struct huft *)NULL) + { + if (h) + huft_free(u[0]); + ret = 3; /* not enough memory */ + goto out; + } + DEBG1("4 "); + hufts += z + 1; /* track memory usage */ + *t = q + 1; /* link to list for huft_free() */ + *(t = &(q->v.t)) = (struct huft *)NULL; + u[h] = ++q; /* table starts after link */ + + DEBG1("5 "); + /* connect to last table, if there is one */ + if (h) + { + x[h] = i; /* save pattern for backing up */ + r.b = (uch)l; /* bits to dump before this table */ + r.e = (uch)(16 + j); /* bits in this table */ + r.v.t = q; /* pointer to this table */ + j = i >> (w - l); /* (get around Turbo C bug) */ + u[h-1][j] = r; /* connect to last table */ + } + DEBG1("6 "); + } + DEBG("h6c "); + + /* set up table entry in r */ + r.b = (uch)(k - w); + if (p >= v + n) + r.e = 99; /* out of values--invalid code */ + else if (*p < s) + { + r.e = (uch)(*p < 256 ? 16 : 15); /* 256 is end-of-block code */ + r.v.n = (ush)(*p); /* simple code is just the value */ + p++; /* one compiler does not like *p++ */ + } + else + { + r.e = (uch)e[*p - s]; /* non-simple--look up in lists */ + r.v.n = d[*p++ - s]; + } + DEBG("h6d "); + + /* fill code-like entries with r */ + f = 1 << (k - w); + for (j = i >> w; j < z; j += f) + q[j] = r; + + /* backwards increment the k-bit code i */ + for (j = 1 << (k - 1); i & j; j >>= 1) + i ^= j; + i ^= j; + + /* backup over finished tables */ + while ((i & ((1 << w) - 1)) != x[h]) + { + h--; /* don't need to update q */ + w -= l; + } + DEBG("h6e "); + } + DEBG("h6f "); + } + + DEBG("huft7 "); + + /* Return true (1) if we were given an incomplete table */ + ret = y != 0 && g != 1; + + out: + free(stk); + return ret; +} + + + +static int __init huft_free( + struct huft *t /* table to free */ + ) +/* Free the malloc'ed tables built by huft_build(), which makes a linked + list of the tables it made, with the links in a dummy first entry of + each table. */ +{ + register struct huft *p, *q; + + + /* Go through linked list, freeing from the malloced (t[-1]) address. */ + p = t; + while (p != (struct huft *)NULL) + { + q = (--p)->v.t; + free((char*)p); + p = q; + } + return 0; +} + + +static int __init inflate_codes( + struct huft *tl, /* literal/length decoder tables */ + struct huft *td, /* distance decoder tables */ + int bl, /* number of bits decoded by tl[] */ + int bd /* number of bits decoded by td[] */ + ) +/* inflate (decompress) the codes in a deflated (compressed) block. + Return an error code or zero if it all goes ok. */ +{ + register unsigned e; /* table entry flag/number of extra bits */ + unsigned n, d; /* length and index for copy */ + unsigned w; /* current window position */ + struct huft *t; /* pointer to table entry */ + unsigned ml, md; /* masks for bl and bd bits */ + register ulg b; /* bit buffer */ + register unsigned k; /* number of bits in bit buffer */ + + + /* make local copies of globals */ + b = bb; /* initialize bit buffer */ + k = bk; + w = wp; /* initialize window position */ + + /* inflate the coded data */ + ml = mask_bits[bl]; /* precompute masks for speed */ + md = mask_bits[bd]; + for (;;) /* do until end of block */ + { + NEEDBITS((unsigned)bl) + if ((e = (t = tl + ((unsigned)b & ml))->e) > 16) + do { + if (e == 99) + return 1; + DUMPBITS(t->b) + e -= 16; + NEEDBITS(e) + } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); + DUMPBITS(t->b) + if (e == 16) /* then it's a literal */ + { + slide[w++] = (uch)t->v.n; + Tracevv((stderr, "%c", slide[w-1])); + if (w == WSIZE) + { + flush_output(w); + w = 0; + } + } + else /* it's an EOB or a length */ + { + /* exit if end of block */ + if (e == 15) + break; + + /* get length of block to copy */ + NEEDBITS(e) + n = t->v.n + ((unsigned)b & mask_bits[e]); + DUMPBITS(e); + + /* decode distance of block to copy */ + NEEDBITS((unsigned)bd) + if ((e = (t = td + ((unsigned)b & md))->e) > 16) + do { + if (e == 99) + return 1; + DUMPBITS(t->b) + e -= 16; + NEEDBITS(e) + } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); + DUMPBITS(t->b) + NEEDBITS(e) + d = w - t->v.n - ((unsigned)b & mask_bits[e]); + DUMPBITS(e) + Tracevv((stderr,"\\[%d,%d]", w-d, n)); + + /* do the copy */ + do { + n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e); +#if !defined(NOMEMCPY) && !defined(DEBUG) + if (w - d >= e) /* (this test assumes unsigned comparison) */ + { + memcpy(slide + w, slide + d, e); + w += e; + d += e; + } + else /* do it slow to avoid memcpy() overlap */ +#endif /* !NOMEMCPY */ + do { + slide[w++] = slide[d++]; + Tracevv((stderr, "%c", slide[w-1])); + } while (--e); + if (w == WSIZE) + { + flush_output(w); + w = 0; + } + } while (n); + } + } + + + /* restore the globals from the locals */ + wp = w; /* restore global window pointer */ + bb = b; /* restore global bit buffer */ + bk = k; + + /* done */ + return 0; + + underrun: + return 4; /* Input underrun */ +} + + + +static int __init inflate_stored(void) +/* "decompress" an inflated type 0 (stored) block. */ +{ + unsigned n; /* number of bytes in block */ + unsigned w; /* current window position */ + register ulg b; /* bit buffer */ + register unsigned k; /* number of bits in bit buffer */ + + DEBG(""); + return 0; + + underrun: + return 4; /* Input underrun */ +} + + +/* + * We use `noinline' here to prevent gcc-3.5 from using too much stack space + */ +static int noinline __init inflate_fixed(void) +/* decompress an inflated type 1 (fixed Huffman codes) block. We should + either replace this with a custom decoder, or at least precompute the + Huffman tables. */ +{ + int i; /* temporary variable */ + struct huft *tl; /* literal/length code table */ + struct huft *td; /* distance code table */ + int bl; /* lookup bits for tl */ + int bd; /* lookup bits for td */ + unsigned *l; /* length list for huft_build */ + + DEBG(" 1) + { + huft_free(tl); + free(l); + + DEBG(">"); + return i; + } + + + /* decompress until an end-of-block code */ + if (inflate_codes(tl, td, bl, bd)) { + free(l); + return 1; + } + + /* free the decoding tables, return */ + free(l); + huft_free(tl); + huft_free(td); + return 0; +} + + +/* + * We use `noinline' here to prevent gcc-3.5 from using too much stack space + */ +static int noinline __init inflate_dynamic(void) +/* decompress an inflated type 2 (dynamic Huffman codes) block. */ +{ + int i; /* temporary variables */ + unsigned j; + unsigned l; /* last length */ + unsigned m; /* mask for bit lengths table */ + unsigned n; /* number of lengths to get */ + struct huft *tl; /* literal/length code table */ + struct huft *td; /* distance code table */ + int bl; /* lookup bits for tl */ + int bd; /* lookup bits for td */ + unsigned nb; /* number of bit length codes */ + unsigned nl; /* number of literal/length codes */ + unsigned nd; /* number of distance codes */ + unsigned *ll; /* literal/length and distance code lengths */ + register ulg b; /* bit buffer */ + register unsigned k; /* number of bits in bit buffer */ + int ret; + + DEBG(" 288 || nd > 32) +#else + if (nl > 286 || nd > 30) +#endif + { + ret = 1; /* bad lengths */ + goto out; + } + + DEBG("dyn1 "); + + /* read in bit-length-code lengths */ + for (j = 0; j < nb; j++) + { + NEEDBITS(3) + ll[border[j]] = (unsigned)b & 7; + DUMPBITS(3) + } + for (; j < 19; j++) + ll[border[j]] = 0; + + DEBG("dyn2 "); + + /* build decoding table for trees--single level, 7 bit lookup */ + bl = 7; + if ((i = huft_build(ll, 19, 19, NULL, NULL, &tl, &bl)) != 0) + { + if (i == 1) + huft_free(tl); + ret = i; /* incomplete code set */ + goto out; + } + + DEBG("dyn3 "); + + /* read in literal and distance code lengths */ + n = nl + nd; + m = mask_bits[bl]; + i = l = 0; + while ((unsigned)i < n) + { + NEEDBITS((unsigned)bl) + j = (td = tl + ((unsigned)b & m))->b; + DUMPBITS(j) + j = td->v.n; + if (j < 16) /* length of code in bits (0..15) */ + ll[i++] = l = j; /* save last length in l */ + else if (j == 16) /* repeat last length 3 to 6 times */ + { + NEEDBITS(2) + j = 3 + ((unsigned)b & 3); + DUMPBITS(2) + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } + while (j--) + ll[i++] = l; + } + else if (j == 17) /* 3 to 10 zero length codes */ + { + NEEDBITS(3) + j = 3 + ((unsigned)b & 7); + DUMPBITS(3) + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } + while (j--) + ll[i++] = 0; + l = 0; + } + else /* j == 18: 11 to 138 zero length codes */ + { + NEEDBITS(7) + j = 11 + ((unsigned)b & 0x7f); + DUMPBITS(7) + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } + while (j--) + ll[i++] = 0; + l = 0; + } + } + + DEBG("dyn4 "); + + /* free decoding table for trees */ + huft_free(tl); + + DEBG("dyn5 "); + + /* restore the global bit buffer */ + bb = b; + bk = k; + + DEBG("dyn5a "); + + /* build the decoding tables for literal/length and distance codes */ + bl = lbits; + if ((i = huft_build(ll, nl, 257, cplens, cplext, &tl, &bl)) != 0) + { + DEBG("dyn5b "); + if (i == 1) { + error("incomplete literal tree"); + huft_free(tl); + } + ret = i; /* incomplete code set */ + goto out; + } + DEBG("dyn5c "); + bd = dbits; + if ((i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &td, &bd)) != 0) + { + DEBG("dyn5d "); + if (i == 1) { + error("incomplete distance tree"); +#ifdef PKZIP_BUG_WORKAROUND + i = 0; + } +#else + huft_free(td); + } + huft_free(tl); + ret = i; /* incomplete code set */ + goto out; +#endif +} + +DEBG("dyn6 "); + + /* decompress until an end-of-block code */ +if (inflate_codes(tl, td, bl, bd)) { + ret = 1; + goto out; +} + +DEBG("dyn7 "); + + /* free the decoding tables, return */ +huft_free(tl); +huft_free(td); + +DEBG(">"); +ret = 0; +out: +free(ll); +return ret; + +underrun: +ret = 4; /* Input underrun */ +goto out; +} + + + +static int __init inflate_block( +int *e /* last block flag */ +) +/* decompress an inflated block */ +{ +unsigned t; /* block type */ +register ulg b; /* bit buffer */ +register unsigned k; /* number of bits in bit buffer */ + +DEBG(""); + + /* bad block type */ + return 2; + + underrun: + return 4; /* Input underrun */ +} + + + +static int __init inflate(void) +/* decompress an inflated entry */ +{ + int e; /* last block flag */ + int r; /* result code */ + unsigned h; /* maximum struct huft's malloc'ed */ + + /* initialize window, bit buffer */ + wp = 0; + bk = 0; + bb = 0; + + + /* decompress until the last block */ + h = 0; + do { + hufts = 0; +#ifdef ARCH_HAS_DECOMP_WDOG + arch_decomp_wdog(); +#endif + r = inflate_block(&e); + if (r) + return r; + if (hufts > h) + h = hufts; + } while (!e); + + /* Undo too much lookahead. The next read will be byte aligned so we + * can discard unused bits in the last meaningful byte. + */ + while (bk >= 8) { + bk -= 8; + inptr--; + } + + /* flush out slide */ + flush_output(wp); + + + /* return success */ +#ifdef DEBUG + fprintf(stderr, "<%u> ", h); +#endif /* DEBUG */ + return 0; +} + +/********************************************************************** + * + * The following are support routines for inflate.c + * + **********************************************************************/ + +static ulg __initdata crc_32_tab[256]; +static ulg __initdata crc; /* initialized in makecrc() so it'll reside in bss */ +#define CRC_VALUE (crc ^ 0xffffffffUL) + +/* + * Code to compute the CRC-32 table. Borrowed from + * gzip-1.0.3/makecrc.c. + */ + +static void __init +makecrc(void) +{ +/* Not copyrighted 1990 Mark Adler */ + + unsigned long c; /* crc shift register */ + unsigned long e; /* polynomial exclusive-or pattern */ + int i; /* counter for all possible eight bit values */ + int k; /* byte being shifted into crc apparatus */ + + /* terms of polynomial defining this crc (except x^32): */ + static const int p[] = {0,1,2,4,5,7,8,10,11,12,16,22,23,26}; + + /* Make exclusive-or pattern from polynomial */ + e = 0; + for (i = 0; i < sizeof(p)/sizeof(int); i++) + e |= 1L << (31 - p[i]); + + crc_32_tab[0] = 0; + + for (i = 1; i < 256; i++) + { + c = 0; + for (k = i | 256; k != 1; k >>= 1) + { + c = c & 1 ? (c >> 1) ^ e : c >> 1; + if (k & 1) + c ^= e; + } + crc_32_tab[i] = c; + } + + /* this is initialized here so this code could reside in ROM */ + crc = (ulg)0xffffffffUL; /* shift register contents */ +} + +/* gzip flag byte */ +#define ASCII_FLAG 0x01 /* bit 0 set: file probably ASCII text */ +#define CONTINUATION 0x02 /* bit 1 set: continuation of multi-part gzip file */ +#define EXTRA_FIELD 0x04 /* bit 2 set: extra field present */ +#define ORIG_NAME 0x08 /* bit 3 set: original file name present */ +#define COMMENT 0x10 /* bit 4 set: file comment present */ +#define ENCRYPTED 0x20 /* bit 5 set: file is encrypted */ +#define RESERVED 0xC0 /* bit 6,7: reserved */ + +/* + * Do the uncompression! + */ +static int __init gunzip(void) +{ + uch flags; + unsigned char magic[2]; /* magic header */ + char method; + ulg orig_crc = 0; /* original crc */ + ulg orig_len = 0; /* original uncompressed length */ + int res; + + magic[0] = NEXTBYTE(); + magic[1] = NEXTBYTE(); + method = NEXTBYTE(); + + if (magic[0] != 037 || /* octal-ok */ + ((magic[1] != 0213) && (magic[1] != 0236))) { /* octal-ok */ + error("bad gzip magic numbers"); + return -1; + } + + /* We only support method #8, DEFLATED */ + if (method != 8) { + error("internal error, invalid method"); + return -1; + } + + flags = (uch)get_byte(); + if ((flags & ENCRYPTED) != 0) { + error("Input is encrypted"); + return -1; + } + if ((flags & CONTINUATION) != 0) { + error("Multi part input"); + return -1; + } + if ((flags & RESERVED) != 0) { + error("Input has invalid flags"); + return -1; + } + NEXTBYTE(); /* Get timestamp */ + NEXTBYTE(); + NEXTBYTE(); + NEXTBYTE(); + + (void)NEXTBYTE(); /* Ignore extra flags for the moment */ + (void)NEXTBYTE(); /* Ignore OS type for the moment */ + + if ((flags & EXTRA_FIELD) != 0) { + unsigned len = (unsigned)NEXTBYTE(); + len |= ((unsigned)NEXTBYTE())<<8; + while (len--) (void)NEXTBYTE(); + } + + /* Get original file name if it was truncated */ + if ((flags & ORIG_NAME) != 0) { + /* Discard the old name */ + while (NEXTBYTE() != 0) /* null */ ; + } + + /* Discard file comment if any */ + if ((flags & COMMENT) != 0) { + while (NEXTBYTE() != 0) /* null */ ; + } + + /* Decompress */ + if ((res = inflate())) { + switch (res) { + case 0: + break; + case 1: + error("invalid compressed format (err=1)"); + break; + case 2: + error("invalid compressed format (err=2)"); + break; + case 3: + error("out of memory"); + break; + case 4: + error("out of input data"); + break; + default: + error("invalid compressed format (other)"); + } + return -1; + } + + /* Get the crc and original length */ + /* crc32 (see algorithm.doc) + * uncompressed input size modulo 2^32 + */ + orig_crc = (ulg) NEXTBYTE(); + orig_crc |= (ulg) NEXTBYTE() << 8; + orig_crc |= (ulg) NEXTBYTE() << 16; + orig_crc |= (ulg) NEXTBYTE() << 24; + + orig_len = (ulg) NEXTBYTE(); + orig_len |= (ulg) NEXTBYTE() << 8; + orig_len |= (ulg) NEXTBYTE() << 16; + orig_len |= (ulg) NEXTBYTE() << 24; + + /* Validate decompression */ + if (orig_crc != CRC_VALUE) { + error("crc error"); + return -1; + } + if (orig_len != bytes_out) { + error("length error"); + return -1; + } + return 0; + + underrun: /* NEXTBYTE() goto's here if needed */ + error("out of input data"); + return -1; +} diff --git a/xen/common/inflate.c b/xen/common/inflate.c deleted file mode 100644 index 58f263d9e8..0000000000 --- a/xen/common/inflate.c +++ /dev/null @@ -1,1305 +0,0 @@ -#define DEBG(x) -#define DEBG1(x) -/* inflate.c -- Not copyrighted 1992 by Mark Adler - version c10p1, 10 January 1993 */ - -/* - * Adapted for booting Linux by Hannu Savolainen 1993 - * based on gzip-1.0.3 - * - * Nicolas Pitre , 1999/04/14 : - * Little mods for all variable to reside either into rodata or bss segments - * by marking constant variables with 'const' and initializing all the others - * at run-time only. This allows for the kernel uncompressor to run - * directly from Flash or ROM memory on embedded systems. - */ - -/* - Inflate deflated (PKZIP's method 8 compressed) data. The compression - method searches for as much of the current string of bytes (up to a - length of 258) in the previous 32 K bytes. If it doesn't find any - matches (of at least length 3), it codes the next byte. Otherwise, it - codes the length of the matched string and its distance backwards from - the current position. There is a single Huffman code that codes both - single bytes (called "literals") and match lengths. A second Huffman - code codes the distance information, which follows a length code. Each - length or distance code actually represents a base value and a number - of "extra" (sometimes zero) bits to get to add to the base value. At - the end of each deflated block is a special end-of-block (EOB) literal/ - length code. The decoding process is basically: get a literal/length - code; if EOB then done; if a literal, emit the decoded byte; if a - length then get the distance and emit the referred-to bytes from the - sliding window of previously emitted data. - - There are (currently) three kinds of inflate blocks: stored, fixed, and - dynamic. The compressor deals with some chunk of data at a time, and - decides which method to use on a chunk-by-chunk basis. A chunk might - typically be 32 K or 64 K. If the chunk is incompressible, then the - "stored" method is used. In this case, the bytes are simply stored as - is, eight bits per byte, with none of the above coding. The bytes are - preceded by a count, since there is no longer an EOB code. - - If the data is compressible, then either the fixed or dynamic methods - are used. In the dynamic method, the compressed data is preceded by - an encoding of the literal/length and distance Huffman codes that are - to be used to decode this block. The representation is itself Huffman - coded, and so is preceded by a description of that code. These code - descriptions take up a little space, and so for small blocks, there is - a predefined set of codes, called the fixed codes. The fixed method is - used if the block codes up smaller that way (usually for quite small - chunks), otherwise the dynamic method is used. In the latter case, the - codes are customized to the probabilities in the current block, and so - can code it much better than the pre-determined fixed codes. - - The Huffman codes themselves are decoded using a multi-level table - lookup, in order to maximize the speed of decoding plus the speed of - building the decoding tables. See the comments below that precede the - lbits and dbits tuning parameters. - */ - - -/* - Notes beyond the 1.93a appnote.txt: - - 1. Distance pointers never point before the beginning of the output - stream. - 2. Distance pointers can point back across blocks, up to 32k away. - 3. There is an implied maximum of 7 bits for the bit length table and - 15 bits for the actual data. - 4. If only one code exists, then it is encoded using one bit. (Zero - would be more efficient, but perhaps a little confusing.) If two - codes exist, they are coded using one bit each (0 and 1). - 5. There is no way of sending zero distance codes--a dummy must be - sent if there are none. (History: a pre 2.0 version of PKZIP would - store blocks with no distance codes, but this was discovered to be - too harsh a criterion.) Valid only for 1.93a. 2.04c does allow - zero distance codes, which is sent as one code of zero bits in - length. - 6. There are up to 286 literal/length codes. Code 256 represents the - end-of-block. Note however that the static length tree defines - 288 codes just to fill out the Huffman codes. Codes 286 and 287 - cannot be used though, since there is no length base or extra bits - defined for them. Similarly, there are up to 30 distance codes. - However, static trees define 32 codes (all 5 bits) to fill out the - Huffman codes, but the last two had better not show up in the data. - 7. Unzip can check dynamic Huffman blocks for complete code sets. - The exception is that a single code would not be complete (see #4). - 8. The five bits following the block type is really the number of - literal codes sent minus 257. - 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits - (1+6+6). Therefore, to output three times the length, you output - three codes (1+1+1), whereas to output four times the same length, - you only need two codes (1+3). Hmm. - 10. In the tree reconstruction algorithm, Code = Code + Increment - only if BitLength(i) is not zero. (Pretty obvious.) - 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) - 12. Note: length code 284 can represent 227-258, but length code 285 - really is 258. The last length deserves its own, short code - since it gets used a lot in very redundant files. The length - 258 is special since 258 - 3 (the min match length) is 255. - 13. The literal/length and distance code bit lengths are read as a - single stream of lengths. It is possible (and advantageous) for - a repeat code (16, 17, or 18) to go across the boundary between - the two sets of lengths. - */ - -#ifdef RCSID -static char rcsid[] = "#Id: inflate.c,v 0.14 1993/06/10 13:27:04 jloup Exp #"; -#endif - -#ifndef __XEN__ - -#if defined(STDC_HEADERS) || defined(HAVE_STDLIB_H) -# include -# include -#endif - -#include "gzip.h" - -#endif /* !__XEN__ */ - -#define slide window - -/* Huffman code lookup table entry--this entry is four bytes for machines - that have 16-bit pointers (e.g. PC's in the small or medium model). - Valid extra bits are 0..13. e == 15 is EOB (end of block), e == 16 - means that v is a literal, 16 < e < 32 means that v is a pointer to - the next table, which codes e - 16 bits, and lastly e == 99 indicates - an unused code. If a code with e == 99 is looked up, this implies an - error in the data. */ -struct huft { - uch e; /* number of extra bits or operation */ - uch b; /* number of bits in this code or subcode */ - union { - ush n; /* literal, length base, or distance base */ - struct huft *t; /* pointer to next level of table */ - } v; -}; - - -/* Function prototypes */ -static int huft_build OF((unsigned *, unsigned, unsigned, - const ush *, const ush *, struct huft **, int *)); -static int huft_free OF((struct huft *)); -static int inflate_codes OF((struct huft *, struct huft *, int, int)); -static int inflate_stored OF((void)); -static int inflate_fixed OF((void)); -static int inflate_dynamic OF((void)); -static int inflate_block OF((int *)); -static int inflate OF((void)); - - -/* The inflate algorithm uses a sliding 32 K byte window on the uncompressed - stream to find repeated byte strings. This is implemented here as a - circular buffer. The index is updated simply by incrementing and then - ANDing with 0x7fff (32K-1). */ -/* It is left to other modules to supply the 32 K area. It is assumed - to be usable as if it were declared "uch slide[32768];" or as just - "uch *slide;" and then malloc'ed in the latter case. The definition - must be in unzip.h, included above. */ -/* unsigned wp; current position in slide */ -#define wp outcnt -#define flush_output(w) (wp=(w),flush_window()) - -/* Tables for deflate from PKZIP's appnote.txt. */ -static const unsigned border[] = { /* Order of the bit length code lengths */ - 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; -static const ush cplens[] = { /* Copy lengths for literal codes 257..285 */ - 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, - 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; -/* note: see note #13 above about the 258 in this list. */ -static const ush cplext[] = { /* Extra bits for literal codes 257..285 */ - 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, - 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 99, 99}; /* 99==invalid */ -static const ush cpdist[] = { /* Copy offsets for distance codes 0..29 */ - 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, - 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, - 8193, 12289, 16385, 24577}; -static const ush cpdext[] = { /* Extra bits for distance codes */ - 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, - 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, - 12, 12, 13, 13}; - - - -/* Macros for inflate() bit peeking and grabbing. - The usage is: - - NEEDBITS(j) - x = b & mask_bits[j]; - DUMPBITS(j) - - where NEEDBITS makes sure that b has at least j bits in it, and - DUMPBITS removes the bits from b. The macros use the variable k - for the number of bits in b. Normally, b and k are register - variables for speed, and are initialized at the beginning of a - routine that uses these macros from a global bit buffer and count. - - If we assume that EOB will be the longest code, then we will never - ask for bits with NEEDBITS that are beyond the end of the stream. - So, NEEDBITS should not read any more bytes than are needed to - meet the request. Then no bytes need to be "returned" to the buffer - at the end of the last block. - - However, this assumption is not true for fixed blocks--the EOB code - is 7 bits, but the other literal/length codes can be 8 or 9 bits. - (The EOB code is shorter than other codes because fixed blocks are - generally short. So, while a block always has an EOB, many other - literal/length codes have a significantly lower probability of - showing up at all.) However, by making the first table have a - lookup of seven bits, the EOB code will be found in that first - lookup, and so will not require that too many bits be pulled from - the stream. - */ - -static ulg __initdata bb; /* bit buffer */ -static unsigned __initdata bk; /* bits in bit buffer */ - -static const ush mask_bits[] = { - 0x0000, - 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff, - 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff -}; - -#define NEXTBYTE() ({ int v = get_byte(); if (v < 0) goto underrun; (uch)v; }) -#define NEEDBITS(n) {while(k<(n)){b|=((ulg)NEXTBYTE())<>=(n);k-=(n);} - -#ifndef NO_INFLATE_MALLOC -/* A trivial malloc implementation, adapted from - * malloc by Hannu Savolainen 1993 and Matthias Urlichs 1994 - */ - -static unsigned long __initdata malloc_ptr; -static int __initdata malloc_count; - -static void __init init_allocator(void) -{ - malloc_ptr = free_mem_ptr; - malloc_count = 0; -} - -static void *__init malloc(int size) -{ - void *p; - - if (size < 0) - error("Malloc error"); - if (!malloc_ptr) - malloc_ptr = free_mem_ptr; - - malloc_ptr = (malloc_ptr + 3) & ~3; /* Align */ - - p = (void *)malloc_ptr; - malloc_ptr += size; - - if (free_mem_end_ptr && malloc_ptr >= free_mem_end_ptr) - error("Out of memory"); - - malloc_count++; - return p; -} - -static void __init free(void *where) -{ - malloc_count--; - if (!malloc_count) - malloc_ptr = free_mem_ptr; -} -#else -#define malloc(a) kmalloc(a, GFP_KERNEL) -#define free(a) kfree(a) -#endif - -/* - Huffman code decoding is performed using a multi-level table lookup. - The fastest way to decode is to simply build a lookup table whose - size is determined by the longest code. However, the time it takes - to build this table can also be a factor if the data being decoded - is not very long. The most common codes are necessarily the - shortest codes, so those codes dominate the decoding time, and hence - the speed. The idea is you can have a shorter table that decodes the - shorter, more probable codes, and then point to subsidiary tables for - the longer codes. The time it costs to decode the longer codes is - then traded against the time it takes to make longer tables. - - This results of this trade are in the variables lbits and dbits - below. lbits is the number of bits the first level table for literal/ - length codes can decode in one step, and dbits is the same thing for - the distance codes. Subsequent tables are also less than or equal to - those sizes. These values may be adjusted either when all of the - codes are shorter than that, in which case the longest code length in - bits is used, or when the shortest code is *longer* than the requested - table size, in which case the length of the shortest code in bits is - used. - - There are two different values for the two tables, since they code a - different number of possibilities each. The literal/length table - codes 286 possible values, or in a flat code, a little over eight - bits. The distance table codes 30 possible values, or a little less - than five bits, flat. The optimum values for speed end up being - about one bit more than those, so lbits is 8+1 and dbits is 5+1. - The optimum values may differ though from machine to machine, and - possibly even between compilers. Your mileage may vary. - */ - - -static const int lbits = 9; /* bits in base literal/length lookup table */ -static const int dbits = 6; /* bits in base distance lookup table */ - - -/* If BMAX needs to be larger than 16, then h and x[] should be ulg. */ -#define BMAX 16 /* maximum bit length of any code (16 for explode) */ -#define N_MAX 288 /* maximum number of codes in any set */ - - -static unsigned __initdata hufts; /* track memory usage */ - - -static int __init huft_build( - unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ - unsigned n, /* number of codes (assumed <= N_MAX) */ - unsigned s, /* number of simple-valued codes (0..s-1) */ - const ush *d, /* list of base values for non-simple codes */ - const ush *e, /* list of extra bits for non-simple codes */ - struct huft **t, /* result: starting table */ - int *m /* maximum lookup bits, returns actual */ - ) -/* Given a list of code lengths and a maximum table size, make a set of - tables to decode that set of codes. Return zero on success, one if - the given code set is incomplete (the tables are still built in this - case), two if the input is invalid (all zero length codes or an - oversubscribed set of lengths), and three if not enough memory. */ -{ - unsigned a; /* counter for codes of length k */ - unsigned f; /* i repeats in table every f entries */ - int g; /* maximum code length */ - int h; /* table level */ - register unsigned i; /* counter, current code */ - register unsigned j; /* counter */ - register int k; /* number of bits in current code */ - int l; /* bits per table (returned in m) */ - register unsigned *p; /* pointer into c[], b[], or v[] */ - register struct huft *q; /* points to current table */ - struct huft r; /* table entry for structure assignment */ - register int w; /* bits before this table == (l * h) */ - unsigned *xp; /* pointer into x */ - int y; /* number of dummy codes added */ - unsigned z; /* number of entries in current table */ - struct { - unsigned c[BMAX+1]; /* bit length count table */ - struct huft *u[BMAX]; /* table stack */ - unsigned v[N_MAX]; /* values in order of bit length */ - unsigned x[BMAX+1]; /* bit offsets, then code stack */ - } *stk; - unsigned *c, *v, *x; - struct huft **u; - int ret; - - DEBG("huft1 "); - - stk = malloc(sizeof(*stk)); - if (stk == NULL) - return 3; /* out of memory */ - - c = stk->c; - v = stk->v; - x = stk->x; - u = stk->u; - - /* Generate counts for each bit length */ - memzero(stk->c, sizeof(stk->c)); - p = b; i = n; - do { - Tracecv(*p, (stderr, (n-i >= ' ' && n-i <= '~' ? "%c %d\n" : "0x%x %d\n"), - n-i, *p)); - c[*p]++; /* assume all entries <= BMAX */ - p++; /* Can't combine with above line (Solaris bug) */ - } while (--i); - if (c[0] == n) /* null input--all zero length codes */ - { - *t = (struct huft *)NULL; - *m = 0; - ret = 2; - goto out; - } - - DEBG("huft2 "); - - /* Find minimum and maximum length, bound *m by those */ - l = *m; - for (j = 1; j <= BMAX; j++) - if (c[j]) - break; - k = j; /* minimum code length */ - if ((unsigned)l < j) - l = j; - for (i = BMAX; i; i--) - if (c[i]) - break; - g = i; /* maximum code length */ - if ((unsigned)l > i) - l = i; - *m = l; - - DEBG("huft3 "); - - /* Adjust last length count to fill out codes, if needed */ - for (y = 1 << j; j < i; j++, y <<= 1) - if ((y -= c[j]) < 0) { - ret = 2; /* bad input: more codes than bits */ - goto out; - } - if ((y -= c[i]) < 0) { - ret = 2; - goto out; - } - c[i] += y; - - DEBG("huft4 "); - - /* Generate starting offsets into the value table for each length */ - x[1] = j = 0; - p = c + 1; xp = x + 2; - while (--i) { /* note that i == g from above */ - *xp++ = (j += *p++); - } - - DEBG("huft5 "); - - /* Make a table of values in order of bit lengths */ - p = b; i = 0; - do { - if ((j = *p++) != 0) - v[x[j]++] = i; - } while (++i < n); - n = x[g]; /* set n to length of v */ - - DEBG("h6 "); - - /* Generate the Huffman codes and for each, make the table entries */ - x[0] = i = 0; /* first Huffman code is zero */ - p = v; /* grab values in bit order */ - h = -1; /* no tables yet--level -1 */ - w = -l; /* bits decoded == (l * h) */ - u[0] = (struct huft *)NULL; /* just to keep compilers happy */ - q = (struct huft *)NULL; /* ditto */ - z = 0; /* ditto */ - DEBG("h6a "); - - /* go through the bit lengths (k already is bits in shortest code) */ - for (; k <= g; k++) - { - DEBG("h6b "); - a = c[k]; - while (a--) - { - DEBG("h6b1 "); - /* here i is the Huffman code of length k bits for value *p */ - /* make tables up to required level */ - while (k > w + l) - { - DEBG1("1 "); - h++; - w += l; /* previous table always l bits */ - - /* compute minimum size table less than or equal to l bits */ - z = (z = g - w) > (unsigned)l ? l : z; /* upper limit on table size */ - if ((f = 1 << (j = k - w)) > a + 1) /* try a k-w bit table */ - { /* too few codes for k-w bit table */ - DEBG1("2 "); - f -= a + 1; /* deduct codes from patterns left */ - xp = c + k; - if (j < z) - while (++j < z) /* try smaller tables up to z bits */ - { - if ((f <<= 1) <= *++xp) - break; /* enough codes to use up j bits */ - f -= *xp; /* else deduct codes from patterns */ - } - } - DEBG1("3 "); - z = 1 << j; /* table entries for j-bit table */ - - /* allocate and link in new table */ - if ((q = (struct huft *)malloc((z + 1)*sizeof(struct huft))) == - (struct huft *)NULL) - { - if (h) - huft_free(u[0]); - ret = 3; /* not enough memory */ - goto out; - } - DEBG1("4 "); - hufts += z + 1; /* track memory usage */ - *t = q + 1; /* link to list for huft_free() */ - *(t = &(q->v.t)) = (struct huft *)NULL; - u[h] = ++q; /* table starts after link */ - - DEBG1("5 "); - /* connect to last table, if there is one */ - if (h) - { - x[h] = i; /* save pattern for backing up */ - r.b = (uch)l; /* bits to dump before this table */ - r.e = (uch)(16 + j); /* bits in this table */ - r.v.t = q; /* pointer to this table */ - j = i >> (w - l); /* (get around Turbo C bug) */ - u[h-1][j] = r; /* connect to last table */ - } - DEBG1("6 "); - } - DEBG("h6c "); - - /* set up table entry in r */ - r.b = (uch)(k - w); - if (p >= v + n) - r.e = 99; /* out of values--invalid code */ - else if (*p < s) - { - r.e = (uch)(*p < 256 ? 16 : 15); /* 256 is end-of-block code */ - r.v.n = (ush)(*p); /* simple code is just the value */ - p++; /* one compiler does not like *p++ */ - } - else - { - r.e = (uch)e[*p - s]; /* non-simple--look up in lists */ - r.v.n = d[*p++ - s]; - } - DEBG("h6d "); - - /* fill code-like entries with r */ - f = 1 << (k - w); - for (j = i >> w; j < z; j += f) - q[j] = r; - - /* backwards increment the k-bit code i */ - for (j = 1 << (k - 1); i & j; j >>= 1) - i ^= j; - i ^= j; - - /* backup over finished tables */ - while ((i & ((1 << w) - 1)) != x[h]) - { - h--; /* don't need to update q */ - w -= l; - } - DEBG("h6e "); - } - DEBG("h6f "); - } - - DEBG("huft7 "); - - /* Return true (1) if we were given an incomplete table */ - ret = y != 0 && g != 1; - - out: - free(stk); - return ret; -} - - - -static int __init huft_free( - struct huft *t /* table to free */ - ) -/* Free the malloc'ed tables built by huft_build(), which makes a linked - list of the tables it made, with the links in a dummy first entry of - each table. */ -{ - register struct huft *p, *q; - - - /* Go through linked list, freeing from the malloced (t[-1]) address. */ - p = t; - while (p != (struct huft *)NULL) - { - q = (--p)->v.t; - free((char*)p); - p = q; - } - return 0; -} - - -static int __init inflate_codes( - struct huft *tl, /* literal/length decoder tables */ - struct huft *td, /* distance decoder tables */ - int bl, /* number of bits decoded by tl[] */ - int bd /* number of bits decoded by td[] */ - ) -/* inflate (decompress) the codes in a deflated (compressed) block. - Return an error code or zero if it all goes ok. */ -{ - register unsigned e; /* table entry flag/number of extra bits */ - unsigned n, d; /* length and index for copy */ - unsigned w; /* current window position */ - struct huft *t; /* pointer to table entry */ - unsigned ml, md; /* masks for bl and bd bits */ - register ulg b; /* bit buffer */ - register unsigned k; /* number of bits in bit buffer */ - - - /* make local copies of globals */ - b = bb; /* initialize bit buffer */ - k = bk; - w = wp; /* initialize window position */ - - /* inflate the coded data */ - ml = mask_bits[bl]; /* precompute masks for speed */ - md = mask_bits[bd]; - for (;;) /* do until end of block */ - { - NEEDBITS((unsigned)bl) - if ((e = (t = tl + ((unsigned)b & ml))->e) > 16) - do { - if (e == 99) - return 1; - DUMPBITS(t->b) - e -= 16; - NEEDBITS(e) - } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); - DUMPBITS(t->b) - if (e == 16) /* then it's a literal */ - { - slide[w++] = (uch)t->v.n; - Tracevv((stderr, "%c", slide[w-1])); - if (w == WSIZE) - { - flush_output(w); - w = 0; - } - } - else /* it's an EOB or a length */ - { - /* exit if end of block */ - if (e == 15) - break; - - /* get length of block to copy */ - NEEDBITS(e) - n = t->v.n + ((unsigned)b & mask_bits[e]); - DUMPBITS(e); - - /* decode distance of block to copy */ - NEEDBITS((unsigned)bd) - if ((e = (t = td + ((unsigned)b & md))->e) > 16) - do { - if (e == 99) - return 1; - DUMPBITS(t->b) - e -= 16; - NEEDBITS(e) - } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); - DUMPBITS(t->b) - NEEDBITS(e) - d = w - t->v.n - ((unsigned)b & mask_bits[e]); - DUMPBITS(e) - Tracevv((stderr,"\\[%d,%d]", w-d, n)); - - /* do the copy */ - do { - n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e); -#if !defined(NOMEMCPY) && !defined(DEBUG) - if (w - d >= e) /* (this test assumes unsigned comparison) */ - { - memcpy(slide + w, slide + d, e); - w += e; - d += e; - } - else /* do it slow to avoid memcpy() overlap */ -#endif /* !NOMEMCPY */ - do { - slide[w++] = slide[d++]; - Tracevv((stderr, "%c", slide[w-1])); - } while (--e); - if (w == WSIZE) - { - flush_output(w); - w = 0; - } - } while (n); - } - } - - - /* restore the globals from the locals */ - wp = w; /* restore global window pointer */ - bb = b; /* restore global bit buffer */ - bk = k; - - /* done */ - return 0; - - underrun: - return 4; /* Input underrun */ -} - - - -static int __init inflate_stored(void) -/* "decompress" an inflated type 0 (stored) block. */ -{ - unsigned n; /* number of bytes in block */ - unsigned w; /* current window position */ - register ulg b; /* bit buffer */ - register unsigned k; /* number of bits in bit buffer */ - - DEBG(""); - return 0; - - underrun: - return 4; /* Input underrun */ -} - - -/* - * We use `noinline' here to prevent gcc-3.5 from using too much stack space - */ -static int noinline __init inflate_fixed(void) -/* decompress an inflated type 1 (fixed Huffman codes) block. We should - either replace this with a custom decoder, or at least precompute the - Huffman tables. */ -{ - int i; /* temporary variable */ - struct huft *tl; /* literal/length code table */ - struct huft *td; /* distance code table */ - int bl; /* lookup bits for tl */ - int bd; /* lookup bits for td */ - unsigned *l; /* length list for huft_build */ - - DEBG(" 1) - { - huft_free(tl); - free(l); - - DEBG(">"); - return i; - } - - - /* decompress until an end-of-block code */ - if (inflate_codes(tl, td, bl, bd)) { - free(l); - return 1; - } - - /* free the decoding tables, return */ - free(l); - huft_free(tl); - huft_free(td); - return 0; -} - - -/* - * We use `noinline' here to prevent gcc-3.5 from using too much stack space - */ -static int noinline __init inflate_dynamic(void) -/* decompress an inflated type 2 (dynamic Huffman codes) block. */ -{ - int i; /* temporary variables */ - unsigned j; - unsigned l; /* last length */ - unsigned m; /* mask for bit lengths table */ - unsigned n; /* number of lengths to get */ - struct huft *tl; /* literal/length code table */ - struct huft *td; /* distance code table */ - int bl; /* lookup bits for tl */ - int bd; /* lookup bits for td */ - unsigned nb; /* number of bit length codes */ - unsigned nl; /* number of literal/length codes */ - unsigned nd; /* number of distance codes */ - unsigned *ll; /* literal/length and distance code lengths */ - register ulg b; /* bit buffer */ - register unsigned k; /* number of bits in bit buffer */ - int ret; - - DEBG(" 288 || nd > 32) -#else - if (nl > 286 || nd > 30) -#endif - { - ret = 1; /* bad lengths */ - goto out; - } - - DEBG("dyn1 "); - - /* read in bit-length-code lengths */ - for (j = 0; j < nb; j++) - { - NEEDBITS(3) - ll[border[j]] = (unsigned)b & 7; - DUMPBITS(3) - } - for (; j < 19; j++) - ll[border[j]] = 0; - - DEBG("dyn2 "); - - /* build decoding table for trees--single level, 7 bit lookup */ - bl = 7; - if ((i = huft_build(ll, 19, 19, NULL, NULL, &tl, &bl)) != 0) - { - if (i == 1) - huft_free(tl); - ret = i; /* incomplete code set */ - goto out; - } - - DEBG("dyn3 "); - - /* read in literal and distance code lengths */ - n = nl + nd; - m = mask_bits[bl]; - i = l = 0; - while ((unsigned)i < n) - { - NEEDBITS((unsigned)bl) - j = (td = tl + ((unsigned)b & m))->b; - DUMPBITS(j) - j = td->v.n; - if (j < 16) /* length of code in bits (0..15) */ - ll[i++] = l = j; /* save last length in l */ - else if (j == 16) /* repeat last length 3 to 6 times */ - { - NEEDBITS(2) - j = 3 + ((unsigned)b & 3); - DUMPBITS(2) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } - while (j--) - ll[i++] = l; - } - else if (j == 17) /* 3 to 10 zero length codes */ - { - NEEDBITS(3) - j = 3 + ((unsigned)b & 7); - DUMPBITS(3) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } - while (j--) - ll[i++] = 0; - l = 0; - } - else /* j == 18: 11 to 138 zero length codes */ - { - NEEDBITS(7) - j = 11 + ((unsigned)b & 0x7f); - DUMPBITS(7) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } - while (j--) - ll[i++] = 0; - l = 0; - } - } - - DEBG("dyn4 "); - - /* free decoding table for trees */ - huft_free(tl); - - DEBG("dyn5 "); - - /* restore the global bit buffer */ - bb = b; - bk = k; - - DEBG("dyn5a "); - - /* build the decoding tables for literal/length and distance codes */ - bl = lbits; - if ((i = huft_build(ll, nl, 257, cplens, cplext, &tl, &bl)) != 0) - { - DEBG("dyn5b "); - if (i == 1) { - error("incomplete literal tree"); - huft_free(tl); - } - ret = i; /* incomplete code set */ - goto out; - } - DEBG("dyn5c "); - bd = dbits; - if ((i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &td, &bd)) != 0) - { - DEBG("dyn5d "); - if (i == 1) { - error("incomplete distance tree"); -#ifdef PKZIP_BUG_WORKAROUND - i = 0; - } -#else - huft_free(td); - } - huft_free(tl); - ret = i; /* incomplete code set */ - goto out; -#endif -} - -DEBG("dyn6 "); - - /* decompress until an end-of-block code */ -if (inflate_codes(tl, td, bl, bd)) { - ret = 1; - goto out; -} - -DEBG("dyn7 "); - - /* free the decoding tables, return */ -huft_free(tl); -huft_free(td); - -DEBG(">"); -ret = 0; -out: -free(ll); -return ret; - -underrun: -ret = 4; /* Input underrun */ -goto out; -} - - - -static int __init inflate_block( -int *e /* last block flag */ -) -/* decompress an inflated block */ -{ -unsigned t; /* block type */ -register ulg b; /* bit buffer */ -register unsigned k; /* number of bits in bit buffer */ - -DEBG(""); - - /* bad block type */ - return 2; - - underrun: - return 4; /* Input underrun */ -} - - - -static int __init inflate(void) -/* decompress an inflated entry */ -{ - int e; /* last block flag */ - int r; /* result code */ - unsigned h; /* maximum struct huft's malloc'ed */ - - /* initialize window, bit buffer */ - wp = 0; - bk = 0; - bb = 0; - - - /* decompress until the last block */ - h = 0; - do { - hufts = 0; -#ifdef ARCH_HAS_DECOMP_WDOG - arch_decomp_wdog(); -#endif - r = inflate_block(&e); - if (r) - return r; - if (hufts > h) - h = hufts; - } while (!e); - - /* Undo too much lookahead. The next read will be byte aligned so we - * can discard unused bits in the last meaningful byte. - */ - while (bk >= 8) { - bk -= 8; - inptr--; - } - - /* flush out slide */ - flush_output(wp); - - - /* return success */ -#ifdef DEBUG - fprintf(stderr, "<%u> ", h); -#endif /* DEBUG */ - return 0; -} - -/********************************************************************** - * - * The following are support routines for inflate.c - * - **********************************************************************/ - -static ulg __initdata crc_32_tab[256]; -static ulg __initdata crc; /* initialized in makecrc() so it'll reside in bss */ -#define CRC_VALUE (crc ^ 0xffffffffUL) - -/* - * Code to compute the CRC-32 table. Borrowed from - * gzip-1.0.3/makecrc.c. - */ - -static void __init -makecrc(void) -{ -/* Not copyrighted 1990 Mark Adler */ - - unsigned long c; /* crc shift register */ - unsigned long e; /* polynomial exclusive-or pattern */ - int i; /* counter for all possible eight bit values */ - int k; /* byte being shifted into crc apparatus */ - - /* terms of polynomial defining this crc (except x^32): */ - static const int p[] = {0,1,2,4,5,7,8,10,11,12,16,22,23,26}; - - /* Make exclusive-or pattern from polynomial */ - e = 0; - for (i = 0; i < sizeof(p)/sizeof(int); i++) - e |= 1L << (31 - p[i]); - - crc_32_tab[0] = 0; - - for (i = 1; i < 256; i++) - { - c = 0; - for (k = i | 256; k != 1; k >>= 1) - { - c = c & 1 ? (c >> 1) ^ e : c >> 1; - if (k & 1) - c ^= e; - } - crc_32_tab[i] = c; - } - - /* this is initialized here so this code could reside in ROM */ - crc = (ulg)0xffffffffUL; /* shift register contents */ -} - -/* gzip flag byte */ -#define ASCII_FLAG 0x01 /* bit 0 set: file probably ASCII text */ -#define CONTINUATION 0x02 /* bit 1 set: continuation of multi-part gzip file */ -#define EXTRA_FIELD 0x04 /* bit 2 set: extra field present */ -#define ORIG_NAME 0x08 /* bit 3 set: original file name present */ -#define COMMENT 0x10 /* bit 4 set: file comment present */ -#define ENCRYPTED 0x20 /* bit 5 set: file is encrypted */ -#define RESERVED 0xC0 /* bit 6,7: reserved */ - -/* - * Do the uncompression! - */ -static int __init gunzip(void) -{ - uch flags; - unsigned char magic[2]; /* magic header */ - char method; - ulg orig_crc = 0; /* original crc */ - ulg orig_len = 0; /* original uncompressed length */ - int res; - - magic[0] = NEXTBYTE(); - magic[1] = NEXTBYTE(); - method = NEXTBYTE(); - - if (magic[0] != 037 || /* octal-ok */ - ((magic[1] != 0213) && (magic[1] != 0236))) { /* octal-ok */ - error("bad gzip magic numbers"); - return -1; - } - - /* We only support method #8, DEFLATED */ - if (method != 8) { - error("internal error, invalid method"); - return -1; - } - - flags = (uch)get_byte(); - if ((flags & ENCRYPTED) != 0) { - error("Input is encrypted"); - return -1; - } - if ((flags & CONTINUATION) != 0) { - error("Multi part input"); - return -1; - } - if ((flags & RESERVED) != 0) { - error("Input has invalid flags"); - return -1; - } - NEXTBYTE(); /* Get timestamp */ - NEXTBYTE(); - NEXTBYTE(); - NEXTBYTE(); - - (void)NEXTBYTE(); /* Ignore extra flags for the moment */ - (void)NEXTBYTE(); /* Ignore OS type for the moment */ - - if ((flags & EXTRA_FIELD) != 0) { - unsigned len = (unsigned)NEXTBYTE(); - len |= ((unsigned)NEXTBYTE())<<8; - while (len--) (void)NEXTBYTE(); - } - - /* Get original file name if it was truncated */ - if ((flags & ORIG_NAME) != 0) { - /* Discard the old name */ - while (NEXTBYTE() != 0) /* null */ ; - } - - /* Discard file comment if any */ - if ((flags & COMMENT) != 0) { - while (NEXTBYTE() != 0) /* null */ ; - } - - /* Decompress */ - if ((res = inflate())) { - switch (res) { - case 0: - break; - case 1: - error("invalid compressed format (err=1)"); - break; - case 2: - error("invalid compressed format (err=2)"); - break; - case 3: - error("out of memory"); - break; - case 4: - error("out of input data"); - break; - default: - error("invalid compressed format (other)"); - } - return -1; - } - - /* Get the crc and original length */ - /* crc32 (see algorithm.doc) - * uncompressed input size modulo 2^32 - */ - orig_crc = (ulg) NEXTBYTE(); - orig_crc |= (ulg) NEXTBYTE() << 8; - orig_crc |= (ulg) NEXTBYTE() << 16; - orig_crc |= (ulg) NEXTBYTE() << 24; - - orig_len = (ulg) NEXTBYTE(); - orig_len |= (ulg) NEXTBYTE() << 8; - orig_len |= (ulg) NEXTBYTE() << 16; - orig_len |= (ulg) NEXTBYTE() << 24; - - /* Validate decompression */ - if (orig_crc != CRC_VALUE) { - error("crc error"); - return -1; - } - if (orig_len != bytes_out) { - error("length error"); - return -1; - } - return 0; - - underrun: /* NEXTBYTE() goto's here if needed */ - error("out of input data"); - return -1; -} -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 03:19:59 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 03:19:59 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707226.1104961 (Exim 4.92) (envelope-from ) id 1rwvq3-0003CY-LX; Wed, 17 Apr 2024 03:19:59 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707226.1104961; Wed, 17 Apr 2024 03:19:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvq3-0003CR-J6; Wed, 17 Apr 2024 03:19:59 +0000 Received: by outflank-mailman (input) for mailman id 707226; Wed, 17 Apr 2024 03:19:57 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvq1-0003CH-Pe for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:57 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rwvq1-0001Of-Or for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:57 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rwvq1-0004ak-O6 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 03:19:57 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rjKNMxuLNF/uTLEdXXRiZsQ8/tBMPUYzPZb0E8+v8kI=; b=niEhUlrKwxdMASOuUfMLcTDLgz bpRGndULkNTktW0TgbCIkWnAYrHFYIaYJfjITnPo5e4zz2gid6e3LY49CmvwrCRgB3/rSjjZfngVy R8ioDDPVYVsQ7zT2uXxhxIwtTAgCeipLJwCzqMZweDPWE0y4a81cR/c0Awt8+5P7E48M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs/hypercall-abi: State that the hypercall page is optional Message-Id: Date: Wed, 17 Apr 2024 03:19:57 +0000 commit c0f890cd9d5fd2c17a1e3110cb26f98c90ce8429 Author: Andrew Cooper AuthorDate: Thu Apr 11 15:37:57 2024 +0100 Commit: Andrew Cooper CommitDate: Fri Apr 12 15:50:28 2024 +0100 docs/hypercall-abi: State that the hypercall page is optional Xen doesn't care (and indeed, cannot feasibly tell) whether a hypercall was initiated using the hypercall page or not. For SEV-SNP/TDX encrypted VMs, use of a hypercall page would violate the integrity properties wanted. Explicitly state that the hypercall page is optional. Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini --- docs/guest-guide/x86/hypercall-abi.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/guest-guide/x86/hypercall-abi.rst b/docs/guest-guide/x86/hypercall-abi.rst index 83890e1cb6..8004122ca4 100644 --- a/docs/guest-guide/x86/hypercall-abi.rst +++ b/docs/guest-guide/x86/hypercall-abi.rst @@ -79,7 +79,8 @@ Hypercall Page ============== The hypercall page is a page of guest RAM into which Xen will write suitable -transfer stubs. +transfer stubs. It is intended as a convenience for guests, but use of the +hypercall page is not mandatory for making hypercalls to Xen. Creating a hypercall page is an isolated operation from Xen's point of view. It is the guests responsibility to ensure that the hypercall page, once -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 09:55:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 09:55:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707295.1105068 (Exim 4.92) (envelope-from ) id 1rx20P-0006Cw-Ti; Wed, 17 Apr 2024 09:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707295.1105068; Wed, 17 Apr 2024 09:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rx20P-0006Cm-R0; Wed, 17 Apr 2024 09:55:05 +0000 Received: by outflank-mailman (input) for mailman id 707295; Wed, 17 Apr 2024 09:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rx20O-0006C6-1y for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 09:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rx20O-0001q5-17 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 09:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rx20O-00033K-0C for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 09:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VAOL0AqBaNn8xaVxtwRzHzKNRnrtzrtdSSJ+0uNT4oQ=; b=G0tqRYAGEYbANGfswU9C8pkFXW TYeew6aDstabzQ+4Ljz6T79aORxey10ZMxE9bjEO58q19QK+9V4d5nUInj+LniL61gHW7skbjOzS3 OknW6e+/P5AVElMTWlXMIF7Ergf0RaXMLqgNWUtlo/zJUtey4Q2dMj1TBf3bZtym+zOo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] public: s/int/int32_t Message-Id: Date: Wed, 17 Apr 2024 09:55:04 +0000 commit afab29d0882f1d6889c73302fdf04632a492c529 Author: Stefano Stabellini AuthorDate: Tue Apr 9 16:19:21 2024 -0700 Commit: Julien Grall CommitDate: Wed Apr 17 10:52:48 2024 +0100 public: s/int/int32_t Straightforward int -> int32_t and unsigned int -> uint32_t replacements in public headers. No ABI or semantic changes intended. Signed-off-by: Stefano Stabellini --- xen/include/public/kexec.h | 8 ++++---- xen/include/public/memory.h | 24 ++++++++++++------------ xen/include/public/physdev.h | 18 +++++++++--------- xen/include/public/sched.h | 6 +++--- xen/include/public/vcpu.h | 2 +- 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/xen/include/public/kexec.h b/xen/include/public/kexec.h index 40d79e936b..8d2a0ef697 100644 --- a/xen/include/public/kexec.h +++ b/xen/include/public/kexec.h @@ -105,7 +105,7 @@ typedef struct xen_kexec_image { */ #define KEXEC_CMD_kexec 0 typedef struct xen_kexec_exec { - int type; + int32_t type; } xen_kexec_exec_t; /* @@ -116,7 +116,7 @@ typedef struct xen_kexec_exec { #define KEXEC_CMD_kexec_load_v1 1 /* obsolete since 0x00040400 */ #define KEXEC_CMD_kexec_unload_v1 2 /* obsolete since 0x00040400 */ typedef struct xen_kexec_load_v1 { - int type; + int32_t type; xen_kexec_image_t image; } xen_kexec_load_v1_t; @@ -143,8 +143,8 @@ typedef struct xen_kexec_load_v1 { */ #define KEXEC_CMD_kexec_get_range 3 typedef struct xen_kexec_range { - int range; - int nr; + int32_t range; + int32_t nr; unsigned long size; unsigned long start; } xen_kexec_range_t; diff --git a/xen/include/public/memory.h b/xen/include/public/memory.h index 5e545ae9a4..9eb67d231d 100644 --- a/xen/include/public/memory.h +++ b/xen/include/public/memory.h @@ -61,13 +61,13 @@ struct xen_memory_reservation { /* Number of extents, and size/alignment of each (2^extent_order pages). */ xen_ulong_t nr_extents; - unsigned int extent_order; + uint32_t extent_order; #if __XEN_INTERFACE_VERSION__ >= 0x00030209 /* XENMEMF flags. */ - unsigned int mem_flags; + uint32_t mem_flags; #else - unsigned int address_bits; + uint32_t address_bits; #endif /* @@ -163,7 +163,7 @@ struct xen_machphys_mfn_list { * Size of the 'extent_start' array. Fewer entries will be filled if the * machphys table is smaller than max_extents * 2MB. */ - unsigned int max_extents; + uint32_t max_extents; /* * Pointer to buffer to fill with list of extent starts. If there are @@ -176,7 +176,7 @@ struct xen_machphys_mfn_list { * Number of extents written to the above array. This will be smaller * than 'max_extents' if the machphys table is smaller than max_e * 2MB. */ - unsigned int nr_extents; + uint32_t nr_extents; }; typedef struct xen_machphys_mfn_list xen_machphys_mfn_list_t; DEFINE_XEN_GUEST_HANDLE(xen_machphys_mfn_list_t); @@ -232,7 +232,7 @@ struct xen_add_to_physmap { /* Number of pages to go through for gmfn_range */ uint16_t size; - unsigned int space; /* => enum phys_map_space */ + uint32_t space; /* => enum phys_map_space */ #define XENMAPIDX_grant_table_status 0x80000000U @@ -274,7 +274,7 @@ struct xen_add_to_physmap_batch { /* OUT */ /* Per index error code. */ - XEN_GUEST_HANDLE(int) errs; + XEN_GUEST_HANDLE(int32_t) errs; }; typedef struct xen_add_to_physmap_batch xen_add_to_physmap_batch_t; DEFINE_XEN_GUEST_HANDLE(xen_add_to_physmap_batch_t); @@ -317,7 +317,7 @@ struct xen_memory_map { * return the number of entries which have been stored in * buffer. */ - unsigned int nr_entries; + uint32_t nr_entries; /* * Entries in the buffer are in the same format as returned by the @@ -591,7 +591,7 @@ struct xen_reserved_device_memory_map { * Gets set to the required number of entries when too low, * signaled by error code -ERANGE. */ - unsigned int nr_entries; + uint32_t nr_entries; /* OUT */ XEN_GUEST_HANDLE(xen_reserved_device_memory_t) buffer; /* IN */ @@ -711,9 +711,9 @@ struct xen_vnuma_topology_info { domid_t domid; uint16_t pad; /* IN/OUT */ - unsigned int nr_vnodes; - unsigned int nr_vcpus; - unsigned int nr_vmemranges; + uint32_t nr_vnodes; + uint32_t nr_vcpus; + uint32_t nr_vmemranges; /* OUT */ union { XEN_GUEST_HANDLE(uint) h; diff --git a/xen/include/public/physdev.h b/xen/include/public/physdev.h index f0c0d4727c..03ccf86618 100644 --- a/xen/include/public/physdev.h +++ b/xen/include/public/physdev.h @@ -142,17 +142,17 @@ DEFINE_XEN_GUEST_HANDLE(physdev_irq_t); struct physdev_map_pirq { domid_t domid; /* IN */ - int type; + int32_t type; /* IN (ignored for ..._MULTI_MSI) */ - int index; + int32_t index; /* IN or OUT */ - int pirq; + int32_t pirq; /* IN - high 16 bits hold segment for ..._MSI_SEG and ..._MULTI_MSI */ - int bus; + int32_t bus; /* IN */ - int devfn; + int32_t devfn; /* IN (also OUT for ..._MULTI_MSI) */ - int entry_nr; + int32_t entry_nr; /* IN */ uint64_t table_base; }; @@ -163,7 +163,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_map_pirq_t); struct physdev_unmap_pirq { domid_t domid; /* IN */ - int pirq; + int32_t pirq; }; typedef struct physdev_unmap_pirq physdev_unmap_pirq_t; @@ -224,7 +224,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_op_t); #define PHYSDEVOP_setup_gsi 21 struct physdev_setup_gsi { - int gsi; + int32_t gsi; /* IN */ uint8_t triggering; /* IN */ @@ -242,7 +242,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_setup_gsi_t); #define PHYSDEVOP_get_free_pirq 23 struct physdev_get_free_pirq { /* IN */ - int type; + int32_t type; /* OUT */ uint32_t pirq; }; diff --git a/xen/include/public/sched.h b/xen/include/public/sched.h index b4362c6a1d..57ac3df47b 100644 --- a/xen/include/public/sched.h +++ b/xen/include/public/sched.h @@ -116,14 +116,14 @@ /* ` } */ struct sched_shutdown { - unsigned int reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ + uint32_t reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ }; typedef struct sched_shutdown sched_shutdown_t; DEFINE_XEN_GUEST_HANDLE(sched_shutdown_t); struct sched_poll { XEN_GUEST_HANDLE(evtchn_port_t) ports; - unsigned int nr_ports; + uint32_t nr_ports; uint64_t timeout; }; typedef struct sched_poll sched_poll_t; @@ -131,7 +131,7 @@ DEFINE_XEN_GUEST_HANDLE(sched_poll_t); struct sched_remote_shutdown { domid_t domain_id; /* Remote domain ID */ - unsigned int reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ + uint32_t reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ }; typedef struct sched_remote_shutdown sched_remote_shutdown_t; DEFINE_XEN_GUEST_HANDLE(sched_remote_shutdown_t); diff --git a/xen/include/public/vcpu.h b/xen/include/public/vcpu.h index f7445ac0b0..2b8df2b0da 100644 --- a/xen/include/public/vcpu.h +++ b/xen/include/public/vcpu.h @@ -63,7 +63,7 @@ #define VCPUOP_get_runstate_info 4 struct vcpu_runstate_info { /* VCPU's current state (RUNSTATE_*). */ - int state; + int32_t state; /* When was current state entered (system time, ns)? */ uint64_t state_entry_time; /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 09:55:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 09:55:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707296.1105071 (Exim 4.92) (envelope-from ) id 1rx20Z-0006LP-Uz; Wed, 17 Apr 2024 09:55:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707296.1105071; Wed, 17 Apr 2024 09:55:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rx20Z-0006LH-SW; Wed, 17 Apr 2024 09:55:15 +0000 Received: by outflank-mailman (input) for mailman id 707296; Wed, 17 Apr 2024 09:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rx20Y-0006Je-5h for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 09:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rx20Y-0001qG-4t for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 09:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rx20Y-000343-3B for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 09:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3aHX65o5ai69SDKnJ8Jk8xOWtnYUBM/+eQx2UczXeVQ=; b=5kr4vvfJhL0EvjGI3kxVv1SHfx rVi+v3Jw0LbaTDuOEUJKhGNF0V2Fgw92DsY8wUWa/T+l4T4UPmWQOXxC1S06aanPxGNMPFCFJLh60 X6+hf5q7kP4kvl2xU724tF3LmPO1oBIUPSCmRafDMqfwB/oWAe1o28jnb4k+exh7gT2Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs: arm: Update where Xen should be loaded in memory Message-Id: Date: Wed, 17 Apr 2024 09:55:14 +0000 commit 83e081b29e52b0ea946e30677e9caf86e9bcbc65 Author: Michal Orzel AuthorDate: Fri Apr 12 08:16:24 2024 +0200 Commit: Julien Grall CommitDate: Wed Apr 17 10:53:10 2024 +0100 docs: arm: Update where Xen should be loaded in memory Since commit 6cd046c501bc ("xen/arm: Enlarge identity map space to 10TB") Xen can be loaded below 10 TiB. Update docs accordingly. Take the opportunity to update stale links to Linux docs. Signed-off-by: Michal Orzel Reviewed-by: Luca Fancellu --- docs/misc/arm/booting.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/misc/arm/booting.txt b/docs/misc/arm/booting.txt index 547f58a7d9..21ae74837d 100644 --- a/docs/misc/arm/booting.txt +++ b/docs/misc/arm/booting.txt @@ -23,7 +23,7 @@ The exceptions to this on 32-bit ARM are as follows: The exceptions to this on 64-bit ARM are as follows: - Xen binary should be loaded in memory below 2 TiB. + Xen binary should be loaded in memory below 10 TiB. Booting Guests -------------- @@ -64,10 +64,10 @@ Xen relies on some settings the firmware has to configure in EL3 before starting [1] linux/Documentation/arm/booting.rst -Latest version: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/arm/booting.rst +Latest version: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/arch/arm/booting.rst [2] linux/Documentation/arm64/booting.rst -Latest version: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/arm64/booting.rst +Latest version: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/arch/arm64/booting.rst [3] legacy format header Latest version: https://source.denx.de/u-boot/u-boot/-/blob/master/include/image.h#L315 -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 12:55:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 12:55:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707489.1105455 (Exim 4.92) (envelope-from ) id 1rx4ob-0005RD-Tg; Wed, 17 Apr 2024 12:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707489.1105455; Wed, 17 Apr 2024 12:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rx4ob-0005R5-R7; Wed, 17 Apr 2024 12:55:05 +0000 Received: by outflank-mailman (input) for mailman id 707489; Wed, 17 Apr 2024 12:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rx4oa-0005Qy-DK for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 12:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rx4oa-0005Vp-54 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 12:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rx4oa-0005MF-3c for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 12:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DVKlBxdtTv8Hzi/ALgN36rAFtl7U/9HFqdUAqn80Tzg=; b=6DzdhaS8PtgPto8P3MuSViYNBP uF7mDZKndqZyPuTqm09o3GKqzoWVCiZCwSAr4RfFvIXACyfsdBWY4lLDnEty+ZfrL9jz9RWXS9Apx m71JtgyREl36x0RZTnaC2BSqwqm5vnWEzxA+2K78tQMrbaeEze7Duhngwe73g6KSog78=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] Revert "public: s/int/int32_t" Message-Id: Date: Wed, 17 Apr 2024 12:55:04 +0000 commit 2a9a19be134ee345831a0d5595a3050c50680466 Author: Julien Grall AuthorDate: Wed Apr 17 13:46:55 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 17 13:53:17 2024 +0100 Revert "public: s/int/int32_t" This reverts commit afab29d0882f1d6889c73302fdf04632a492c529. This is breaking the build. I mistakenly committed the wrong version. Signed-off-by: Julien Grall --- xen/include/public/kexec.h | 8 ++++---- xen/include/public/memory.h | 24 ++++++++++++------------ xen/include/public/physdev.h | 18 +++++++++--------- xen/include/public/sched.h | 6 +++--- xen/include/public/vcpu.h | 2 +- 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/xen/include/public/kexec.h b/xen/include/public/kexec.h index 8d2a0ef697..40d79e936b 100644 --- a/xen/include/public/kexec.h +++ b/xen/include/public/kexec.h @@ -105,7 +105,7 @@ typedef struct xen_kexec_image { */ #define KEXEC_CMD_kexec 0 typedef struct xen_kexec_exec { - int32_t type; + int type; } xen_kexec_exec_t; /* @@ -116,7 +116,7 @@ typedef struct xen_kexec_exec { #define KEXEC_CMD_kexec_load_v1 1 /* obsolete since 0x00040400 */ #define KEXEC_CMD_kexec_unload_v1 2 /* obsolete since 0x00040400 */ typedef struct xen_kexec_load_v1 { - int32_t type; + int type; xen_kexec_image_t image; } xen_kexec_load_v1_t; @@ -143,8 +143,8 @@ typedef struct xen_kexec_load_v1 { */ #define KEXEC_CMD_kexec_get_range 3 typedef struct xen_kexec_range { - int32_t range; - int32_t nr; + int range; + int nr; unsigned long size; unsigned long start; } xen_kexec_range_t; diff --git a/xen/include/public/memory.h b/xen/include/public/memory.h index 9eb67d231d..5e545ae9a4 100644 --- a/xen/include/public/memory.h +++ b/xen/include/public/memory.h @@ -61,13 +61,13 @@ struct xen_memory_reservation { /* Number of extents, and size/alignment of each (2^extent_order pages). */ xen_ulong_t nr_extents; - uint32_t extent_order; + unsigned int extent_order; #if __XEN_INTERFACE_VERSION__ >= 0x00030209 /* XENMEMF flags. */ - uint32_t mem_flags; + unsigned int mem_flags; #else - uint32_t address_bits; + unsigned int address_bits; #endif /* @@ -163,7 +163,7 @@ struct xen_machphys_mfn_list { * Size of the 'extent_start' array. Fewer entries will be filled if the * machphys table is smaller than max_extents * 2MB. */ - uint32_t max_extents; + unsigned int max_extents; /* * Pointer to buffer to fill with list of extent starts. If there are @@ -176,7 +176,7 @@ struct xen_machphys_mfn_list { * Number of extents written to the above array. This will be smaller * than 'max_extents' if the machphys table is smaller than max_e * 2MB. */ - uint32_t nr_extents; + unsigned int nr_extents; }; typedef struct xen_machphys_mfn_list xen_machphys_mfn_list_t; DEFINE_XEN_GUEST_HANDLE(xen_machphys_mfn_list_t); @@ -232,7 +232,7 @@ struct xen_add_to_physmap { /* Number of pages to go through for gmfn_range */ uint16_t size; - uint32_t space; /* => enum phys_map_space */ + unsigned int space; /* => enum phys_map_space */ #define XENMAPIDX_grant_table_status 0x80000000U @@ -274,7 +274,7 @@ struct xen_add_to_physmap_batch { /* OUT */ /* Per index error code. */ - XEN_GUEST_HANDLE(int32_t) errs; + XEN_GUEST_HANDLE(int) errs; }; typedef struct xen_add_to_physmap_batch xen_add_to_physmap_batch_t; DEFINE_XEN_GUEST_HANDLE(xen_add_to_physmap_batch_t); @@ -317,7 +317,7 @@ struct xen_memory_map { * return the number of entries which have been stored in * buffer. */ - uint32_t nr_entries; + unsigned int nr_entries; /* * Entries in the buffer are in the same format as returned by the @@ -591,7 +591,7 @@ struct xen_reserved_device_memory_map { * Gets set to the required number of entries when too low, * signaled by error code -ERANGE. */ - uint32_t nr_entries; + unsigned int nr_entries; /* OUT */ XEN_GUEST_HANDLE(xen_reserved_device_memory_t) buffer; /* IN */ @@ -711,9 +711,9 @@ struct xen_vnuma_topology_info { domid_t domid; uint16_t pad; /* IN/OUT */ - uint32_t nr_vnodes; - uint32_t nr_vcpus; - uint32_t nr_vmemranges; + unsigned int nr_vnodes; + unsigned int nr_vcpus; + unsigned int nr_vmemranges; /* OUT */ union { XEN_GUEST_HANDLE(uint) h; diff --git a/xen/include/public/physdev.h b/xen/include/public/physdev.h index 03ccf86618..f0c0d4727c 100644 --- a/xen/include/public/physdev.h +++ b/xen/include/public/physdev.h @@ -142,17 +142,17 @@ DEFINE_XEN_GUEST_HANDLE(physdev_irq_t); struct physdev_map_pirq { domid_t domid; /* IN */ - int32_t type; + int type; /* IN (ignored for ..._MULTI_MSI) */ - int32_t index; + int index; /* IN or OUT */ - int32_t pirq; + int pirq; /* IN - high 16 bits hold segment for ..._MSI_SEG and ..._MULTI_MSI */ - int32_t bus; + int bus; /* IN */ - int32_t devfn; + int devfn; /* IN (also OUT for ..._MULTI_MSI) */ - int32_t entry_nr; + int entry_nr; /* IN */ uint64_t table_base; }; @@ -163,7 +163,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_map_pirq_t); struct physdev_unmap_pirq { domid_t domid; /* IN */ - int32_t pirq; + int pirq; }; typedef struct physdev_unmap_pirq physdev_unmap_pirq_t; @@ -224,7 +224,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_op_t); #define PHYSDEVOP_setup_gsi 21 struct physdev_setup_gsi { - int32_t gsi; + int gsi; /* IN */ uint8_t triggering; /* IN */ @@ -242,7 +242,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_setup_gsi_t); #define PHYSDEVOP_get_free_pirq 23 struct physdev_get_free_pirq { /* IN */ - int32_t type; + int type; /* OUT */ uint32_t pirq; }; diff --git a/xen/include/public/sched.h b/xen/include/public/sched.h index 57ac3df47b..b4362c6a1d 100644 --- a/xen/include/public/sched.h +++ b/xen/include/public/sched.h @@ -116,14 +116,14 @@ /* ` } */ struct sched_shutdown { - uint32_t reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ + unsigned int reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ }; typedef struct sched_shutdown sched_shutdown_t; DEFINE_XEN_GUEST_HANDLE(sched_shutdown_t); struct sched_poll { XEN_GUEST_HANDLE(evtchn_port_t) ports; - uint32_t nr_ports; + unsigned int nr_ports; uint64_t timeout; }; typedef struct sched_poll sched_poll_t; @@ -131,7 +131,7 @@ DEFINE_XEN_GUEST_HANDLE(sched_poll_t); struct sched_remote_shutdown { domid_t domain_id; /* Remote domain ID */ - uint32_t reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ + unsigned int reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ }; typedef struct sched_remote_shutdown sched_remote_shutdown_t; DEFINE_XEN_GUEST_HANDLE(sched_remote_shutdown_t); diff --git a/xen/include/public/vcpu.h b/xen/include/public/vcpu.h index 2b8df2b0da..f7445ac0b0 100644 --- a/xen/include/public/vcpu.h +++ b/xen/include/public/vcpu.h @@ -63,7 +63,7 @@ #define VCPUOP_get_runstate_info 4 struct vcpu_runstate_info { /* VCPU's current state (RUNSTATE_*). */ - int32_t state; + int state; /* When was current state entered (system time, ns)? */ uint64_t state_entry_time; /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:22:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:22:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707701.1105834 (Exim 4.92) (envelope-from ) id 1rxAr5-00008U-5p; Wed, 17 Apr 2024 19:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707701.1105834; Wed, 17 Apr 2024 19:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAr5-00008M-2v; Wed, 17 Apr 2024 19:22:03 +0000 Received: by outflank-mailman (input) for mailman id 707701; Wed, 17 Apr 2024 19:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAr4-00008C-MH for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAr4-0004e3-92 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAr4-0008CK-7K for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=oQX1D5/Ks9L0joAVUlplmwGoZTyC1TOlQBuoyPnv/SA=; b=P9ZRKM9n1UygEBDYE6Kx22NjKv bKJbxJbP3y3J0Y9DY7Nnvq1xz83r7kpKLdQqC0vR66r9vg2nAn81gxwnZ58NfzaWCM5JkRz2Xz/65 Seu8rE9g7Q6XpygW1N3yO6dNL99KZxemDyS/V7nnjjK1qcWv8O8KHuAlR7GWd5kjarSY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Fix BTC/SRSO mitigations Message-Id: Date: Wed, 17 Apr 2024 19:22:02 +0000 commit 6672d8ceae4acf0e0ef7dc7002e6146d10507c37 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:47:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:31 2024 +0100 x86/spec-ctrl: Fix BTC/SRSO mitigations We were looking for SCF_entry_ibpb in the wrong variable in the top-of-stack block, and xen_spec_ctrl won't have had bit 5 set because Xen doesn't understand SPEC_CTRL_RRSBA_DIS_U yet. This is XSA-455 / CVE-2024-31142. Fixes: 53a570b28569 ("x86/spec-ctrl: Support IBPB-on-entry") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index ad5ca50c12..d1ca530315 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9650a3aca7..9704a22d5b 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -102,7 +102,7 @@ jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) .endif jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:22:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:22:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707702.1105839 (Exim 4.92) (envelope-from ) id 1rxArF-0000Ac-7U; Wed, 17 Apr 2024 19:22:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707702.1105839; Wed, 17 Apr 2024 19:22:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArF-0000AT-4Q; Wed, 17 Apr 2024 19:22:13 +0000 Received: by outflank-mailman (input) for mailman id 707702; Wed, 17 Apr 2024 19:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArE-0000AC-EV for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArE-0004eD-Cn for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxArE-0008ES-BN for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZITvKXbw/+TrSjM+maVb7o+Tfeo8oT+LOc91RppWAsg=; b=U9MLRUUICobJnkjuB+oE/oOJ/R 8WrxJsdrgUU81mQg5I9fXlwPz9nsgHoTf1LPvqbWhxQtcCqJCjlTyfdu0LQ6XP5fjXi9BVBRd5NZ4 xhVQrssZNeDAl/K/ytuVqLwbcaU9P+pgijwGCgM+Qad5W1z/35iCJi56uOoPnTVV1/zc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Expose IPRED_CTRL to guests Message-Id: Date: Wed, 17 Apr 2024 19:22:12 +0000 commit 2a33c31e4affbca0651599e3b204a01ce7b48a3e Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:58 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:31 2024 +0100 x86/spec-ctrl: Expose IPRED_CTRL to guests The CPUID feature bit signals the presence of the IPRED_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 4dd6760706848de30f7c8b5f83462b9bcb070c91) --- tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/msr.c | 6 ++++-- xen/include/asm-x86/msr-index.h | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 3 ++- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 3faf1e4304..dcb90e364f 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -206,7 +206,7 @@ static const char *const str_7d1[32] = static const char *const str_7d2[32] = { - [ 0] = "intel-psfd", + [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 22f86f2785..91b7402fba 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -306,8 +306,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) /* * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have - * separate CPUID features for this functionality, but only set will be - * active. + * separate CPUID features for some of this functionality, but only one + * vendors-worth will be active on a single host. */ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) { @@ -321,6 +321,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | (psfd ? SPEC_CTRL_PSFD : 0) | + (cp->feat.ipred_ctrl + ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 17abfa0e4a..f7f44b85d2 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -36,6 +36,8 @@ #define SPEC_CTRL_IBRS (_AC(1, ULL) << 0) #define SPEC_CTRL_STIBP (_AC(1, ULL) << 1) #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) +#define SPEC_CTRL_IPRED_DIS_U (_AC(1, ULL) << 3) +#define SPEC_CTRL_IPRED_DIS_S (_AC(1, ULL) << 4) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index e027a31d67..d80618c21c 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -301,6 +301,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index c255bf4305..b5018ea234 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -315,7 +315,8 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS], + IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, + IPRED_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:22:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:22:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707703.1105842 (Exim 4.92) (envelope-from ) id 1rxArP-0000Dc-8Z; Wed, 17 Apr 2024 19:22:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707703.1105842; Wed, 17 Apr 2024 19:22:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArP-0000DU-5s; Wed, 17 Apr 2024 19:22:23 +0000 Received: by outflank-mailman (input) for mailman id 707703; Wed, 17 Apr 2024 19:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArO-0000DI-Gr for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArO-0004eQ-G5 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxArO-0008Eu-FB for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Qo6WExr1zktdJd1gOiqjlg2YVD8kHLgWPRARTEgyxVw=; b=NadQxh83SgjNMXZsjZpnuejF56 3ipi7VMEmDfNLd5p5F9oKVz8sHJVrMtMzld3UjTayuLa0xFUejQiKPrl55f1nT9o5H1OdjtwiO5eI BwjtQ1nJMgNHapMRJRphX+4pqZLfNK2+oPdhV1TJdOv8q4FYx6Ec+6+vy6CS89tdH2Go=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Expose RRSBA_CTRL to guests Message-Id: Date: Wed, 17 Apr 2024 19:22:22 +0000 commit bc7f292b554137cfab1a70dd06a78e8ba0f3d01a Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:59 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:31 2024 +0100 x86/spec-ctrl: Expose RRSBA_CTRL to guests The CPUID feature bit signals the presence of the RRSBA_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 478e4787fa64b621061177a7843c452e9a19916d) --- tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 ++ xen/include/asm-x86/msr-index.h | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 5 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index dcb90e364f..350a7fdc45 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -207,6 +207,7 @@ static const char *const str_7d1[32] = static const char *const str_7d2[32] = { [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", + [ 2] = "rrsba-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 91b7402fba..0000d4a4c2 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -323,6 +323,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) (psfd ? SPEC_CTRL_PSFD : 0) | (cp->feat.ipred_ctrl ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | + (cp->feat.rrsba_ctrl + ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index f7f44b85d2..b6c77049c4 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -38,6 +38,8 @@ #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) #define SPEC_CTRL_IPRED_DIS_U (_AC(1, ULL) << 3) #define SPEC_CTRL_IPRED_DIS_S (_AC(1, ULL) << 4) +#define SPEC_CTRL_RRSBA_DIS_U (_AC(1, ULL) << 5) +#define SPEC_CTRL_RRSBA_DIS_S (_AC(1, ULL) << 6) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index d80618c21c..0d333ae0b6 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -302,6 +302,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index b5018ea234..6fc4392654 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -316,7 +316,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL], + IPRED_CTRL, RRSBA_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:22:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:22:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707704.1105847 (Exim 4.92) (envelope-from ) id 1rxArZ-0000Gg-AB; Wed, 17 Apr 2024 19:22:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707704.1105847; Wed, 17 Apr 2024 19:22:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArZ-0000GY-7S; Wed, 17 Apr 2024 19:22:33 +0000 Received: by outflank-mailman (input) for mailman id 707704; Wed, 17 Apr 2024 19:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArY-0000GR-Kd for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArY-0004eX-Jq for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxArY-0008FP-IU for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y78npn0vbKxhB3jr+uBNFSXphItBoHPf2otbiXrRU5A=; b=urF7WadJKtTtZ7sTZYiusLjZ+M AT/OovtuVSqQkKwB/JRGXmSeZ9ORMRuITrKkgASMtG8OSiK6+/Z3O7+PkljYaA8TWjMh3xzgEy4QX GCNC/Zgq5u4f598DWFQdYGMjFLh6H0mE3fkdhW1mtZfd3he6fRM4uIBPgE+wilXKEDCs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Expose BHI_CTRL to guests Message-Id: Date: Wed, 17 Apr 2024 19:22:32 +0000 commit 0f640366e5f8fa43ed464c56d00ef960824c9611 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:14:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:31 2024 +0100 x86/spec-ctrl: Expose BHI_CTRL to guests The CPUID feature bit signals the presence of the BHI_DIS_S control in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 583f1d0950529f3517b1741c2b21a028a82ba831) --- tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 1 + xen/include/asm-x86/msr-index.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 5 files changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 350a7fdc45..6af86ba798 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -208,6 +208,7 @@ static const char *const str_7d2[32] = { [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", [ 2] = "rrsba-ctrl", + [ 4] = "bhi-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 0000d4a4c2..4e67381d9a 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -325,6 +325,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | (cp->feat.rrsba_ctrl ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | + (cp->feat.bhi_ctrl ? SPEC_CTRL_BHI_DIS_S : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index b6c77049c4..5433ee199d 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -41,6 +41,7 @@ #define SPEC_CTRL_RRSBA_DIS_U (_AC(1, ULL) << 5) #define SPEC_CTRL_RRSBA_DIS_S (_AC(1, ULL) << 6) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) +#define SPEC_CTRL_BHI_DIS_S (_AC(1, ULL) << 10) #define MSR_PRED_CMD 0x00000049 #define PRED_CMD_IBPB (_AC(1, ULL) << 0) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 0d333ae0b6..6e9fbcc38c 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -303,6 +303,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 6fc4392654..564477b392 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -316,7 +316,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL, RRSBA_CTRL], + IPRED_CTRL, RRSBA_CTRL, BHI_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:22:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:22:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707705.1105851 (Exim 4.92) (envelope-from ) id 1rxArj-0000KK-D0; Wed, 17 Apr 2024 19:22:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707705.1105851; Wed, 17 Apr 2024 19:22:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArj-0000KB-A8; Wed, 17 Apr 2024 19:22:43 +0000 Received: by outflank-mailman (input) for mailman id 707705; Wed, 17 Apr 2024 19:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAri-0000K2-O7 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAri-0004eh-NI for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAri-0008Fu-MR for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JG+h2rvwXM75ILIMIA1n893zXttGB16ipzIqbHH12iE=; b=6d7z0XKtNRj2Ttfi60WkWSHJ5w DCJtKDKMueFNgl5gZH9tXoqN+BkBiu395G+iC8rBdjy/olnKlAwOFQ+S0fDlWRCTt2dxB9FTBJwfW elxYjsXIavs8e1GKrJhcL/zAeRirAjPO2fE/V9nX8fjQAnmZXnk0N7H/HenY3C7F8Lhg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] VMX: tertiary execution control infrastructure Message-Id: Date: Wed, 17 Apr 2024 19:22:42 +0000 commit 97a6db38f364e7e2b5f906e46b753815e1dcbef7 Author: Jan Beulich AuthorDate: Wed Feb 7 13:46:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 VMX: tertiary execution control infrastructure This is a prereq to enabling e.g. the MSRLIST feature. Note that the PROCBASED_CTLS3 MSR is different from other VMX feature reporting MSRs, in that all 64 bits report allowed 1-settings. vVMX code is left alone, though, for the time being. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 878159bf259bfbd7a40312829f1ea0ce1f6645e2) --- xen/arch/x86/hvm/vmx/vmcs.c | 57 ++++++++++++++++++++++++++++++++++---- xen/arch/x86/hvm/vmx/vmx.c | 6 ++++ xen/include/asm-x86/hvm/vmx/vmcs.h | 13 +++++++++ xen/include/asm-x86/hvm/vmx/vmx.h | 1 + xen/include/asm-x86/msr-index.h | 1 + 5 files changed, 72 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 237b13459d..888239ce0f 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -173,6 +173,7 @@ static int parse_ept_param_runtime(const char *s) u32 vmx_pin_based_exec_control __read_mostly; u32 vmx_cpu_based_exec_control __read_mostly; u32 vmx_secondary_exec_control __read_mostly; +uint64_t vmx_tertiary_exec_control __read_mostly; u32 vmx_vmexit_control __read_mostly; u32 vmx_vmentry_control __read_mostly; u64 vmx_ept_vpid_cap __read_mostly; @@ -236,10 +237,32 @@ static u32 adjust_vmx_controls( return ctl; } -static bool_t cap_check(const char *name, u32 expected, u32 saw) +static uint64_t adjust_vmx_controls2( + const char *name, uint64_t ctl_min, uint64_t ctl_opt, unsigned int msr, + bool *mismatch) +{ + uint64_t vmx_msr, ctl = ctl_min | ctl_opt; + + rdmsrl(msr, vmx_msr); + + ctl &= vmx_msr; /* bit == 0 ==> must be zero */ + + /* Ensure minimum (required) set of control bits are supported. */ + if ( ctl_min & ~ctl ) + { + *mismatch = true; + printk("VMX: CPU%u has insufficient %s (%#lx; requires %#lx)\n", + smp_processor_id(), name, ctl, ctl_min); + } + + return ctl; +} + +static bool cap_check( + const char *name, unsigned long expected, unsigned long saw) { if ( saw != expected ) - printk("VMX %s: saw %#x expected %#x\n", name, saw, expected); + printk("VMX %s: saw %#lx expected %#lx\n", name, saw, expected); return saw != expected; } @@ -249,6 +272,7 @@ static int vmx_init_vmcs_config(bool bsp) u32 _vmx_pin_based_exec_control; u32 _vmx_cpu_based_exec_control; u32 _vmx_secondary_exec_control = 0; + uint64_t _vmx_tertiary_exec_control = 0; u64 _vmx_ept_vpid_cap = 0; u64 _vmx_misc_cap = 0; u32 _vmx_vmexit_control; @@ -282,7 +306,8 @@ static int vmx_init_vmcs_config(bool bsp) opt = (CPU_BASED_ACTIVATE_MSR_BITMAP | CPU_BASED_TPR_SHADOW | CPU_BASED_MONITOR_TRAP_FLAG | - CPU_BASED_ACTIVATE_SECONDARY_CONTROLS); + CPU_BASED_ACTIVATE_SECONDARY_CONTROLS | + CPU_BASED_ACTIVATE_TERTIARY_CONTROLS); _vmx_cpu_based_exec_control = adjust_vmx_controls( "CPU-Based Exec Control", min, opt, MSR_IA32_VMX_PROCBASED_CTLS, &mismatch); @@ -343,6 +368,15 @@ static int vmx_init_vmcs_config(bool bsp) MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); } + if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) + { + uint64_t opt = 0; + + _vmx_tertiary_exec_control = adjust_vmx_controls2( + "Tertiary Exec Control", 0, opt, + MSR_IA32_VMX_PROCBASED_CTLS3, &mismatch); + } + /* The IA32_VMX_EPT_VPID_CAP MSR exists only when EPT or VPID available */ if ( _vmx_secondary_exec_control & (SECONDARY_EXEC_ENABLE_EPT | SECONDARY_EXEC_ENABLE_VPID) ) @@ -473,6 +507,7 @@ static int vmx_init_vmcs_config(bool bsp) vmx_pin_based_exec_control = _vmx_pin_based_exec_control; vmx_cpu_based_exec_control = _vmx_cpu_based_exec_control; vmx_secondary_exec_control = _vmx_secondary_exec_control; + vmx_tertiary_exec_control = _vmx_tertiary_exec_control; vmx_ept_vpid_cap = _vmx_ept_vpid_cap; vmx_vmexit_control = _vmx_vmexit_control; vmx_vmentry_control = _vmx_vmentry_control; @@ -508,6 +543,9 @@ static int vmx_init_vmcs_config(bool bsp) mismatch |= cap_check( "Secondary Exec Control", vmx_secondary_exec_control, _vmx_secondary_exec_control); + mismatch |= cap_check( + "Tertiary Exec Control", + vmx_tertiary_exec_control, _vmx_tertiary_exec_control); mismatch |= cap_check( "VMExit Control", vmx_vmexit_control, _vmx_vmexit_control); @@ -1084,6 +1122,7 @@ static int construct_vmcs(struct vcpu *v) v->arch.hvm.vmx.exec_control |= CPU_BASED_RDTSC_EXITING; v->arch.hvm.vmx.secondary_exec_control = vmx_secondary_exec_control; + v->arch.hvm.vmx.tertiary_exec_control = vmx_tertiary_exec_control; /* * Disable features which we don't want active by default: @@ -1152,6 +1191,10 @@ static int construct_vmcs(struct vcpu *v) __vmwrite(SECONDARY_VM_EXEC_CONTROL, v->arch.hvm.vmx.secondary_exec_control); + if ( cpu_has_vmx_tertiary_exec_control ) + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); + /* MSR access bitmap. */ if ( cpu_has_vmx_msr_bitmap ) { @@ -2071,10 +2114,12 @@ void vmcs_dump_vcpu(struct vcpu *v) vmr(HOST_PERF_GLOBAL_CTRL)); printk("*** Control State ***\n"); - printk("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n", + printk("PinBased=%08x CPUBased=%08x\n", vmr32(PIN_BASED_VM_EXEC_CONTROL), - vmr32(CPU_BASED_VM_EXEC_CONTROL), - vmr32(SECONDARY_VM_EXEC_CONTROL)); + vmr32(CPU_BASED_VM_EXEC_CONTROL)); + printk("SecondaryExec=%08x TertiaryExec=%016lx\n", + vmr32(SECONDARY_VM_EXEC_CONTROL), + vmr(TERTIARY_VM_EXEC_CONTROL)); printk("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl, vmexit_ctl); printk("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n", vmr32(EXCEPTION_BITMAP), diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 8bb4a6e042..a7f9fefa8c 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -584,6 +584,12 @@ void vmx_update_secondary_exec_control(struct vcpu *v) v->arch.hvm.vmx.secondary_exec_control); } +void vmx_update_tertiary_exec_control(const struct vcpu *v) +{ + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); +} + void vmx_update_exception_bitmap(struct vcpu *v) { u32 bitmap = unlikely(v->arch.hvm.vmx.vmx_realmode) diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 8073af323b..9b246b802b 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -125,6 +125,7 @@ struct vmx_vcpu { /* Cache of cpu execution control. */ u32 exec_control; u32 secondary_exec_control; + uint64_t tertiary_exec_control; u32 exception_bitmap; uint64_t shadow_gs; @@ -207,6 +208,7 @@ void vmx_vmcs_reload(struct vcpu *v); #define CPU_BASED_RDTSC_EXITING 0x00001000 #define CPU_BASED_CR3_LOAD_EXITING 0x00008000 #define CPU_BASED_CR3_STORE_EXITING 0x00010000 +#define CPU_BASED_ACTIVATE_TERTIARY_CONTROLS 0x00020000 #define CPU_BASED_CR8_LOAD_EXITING 0x00080000 #define CPU_BASED_CR8_STORE_EXITING 0x00100000 #define CPU_BASED_TPR_SHADOW 0x00200000 @@ -269,6 +271,14 @@ extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_TSC_SCALING 0x02000000 extern u32 vmx_secondary_exec_control; +#define TERTIARY_EXEC_LOADIWKEY_EXITING BIT(0, UL) +#define TERTIARY_EXEC_ENABLE_HLAT BIT(1, UL) +#define TERTIARY_EXEC_EPT_PAGING_WRITE BIT(2, UL) +#define TERTIARY_EXEC_GUEST_PAGING_VERIFY BIT(3, UL) +#define TERTIARY_EXEC_IPI_VIRT BIT(4, UL) +#define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) +extern uint64_t vmx_tertiary_exec_control; + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -304,6 +314,8 @@ extern u64 vmx_ept_vpid_cap; (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_MSR_BITMAP) #define cpu_has_vmx_secondary_exec_control \ (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) +#define cpu_has_vmx_tertiary_exec_control \ + (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS) #define cpu_has_vmx_ept \ (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) #define cpu_has_vmx_dt_exiting \ @@ -423,6 +435,7 @@ enum vmcs_field { VIRT_EXCEPTION_INFO = 0x0000202a, XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, + TERTIARY_VM_EXEC_CONTROL = 0x00002034, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h index 534e9fc221..a651cb3465 100644 --- a/xen/include/asm-x86/hvm/vmx/vmx.h +++ b/xen/include/asm-x86/hvm/vmx/vmx.h @@ -103,6 +103,7 @@ void vmx_update_debug_state(struct vcpu *v); void vmx_update_exception_bitmap(struct vcpu *v); void vmx_update_cpu_exec_control(struct vcpu *v); void vmx_update_secondary_exec_control(struct vcpu *v); +void vmx_update_tertiary_exec_control(const struct vcpu *v); #define POSTED_INTR_ON 0 #define POSTED_INTR_SN 1 diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 5433ee199d..7fd9864a2e 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -312,6 +312,7 @@ #define MSR_IA32_VMX_TRUE_EXIT_CTLS 0x48f #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 #define MSR_IA32_VMX_VMFUNC 0x491 +#define MSR_IA32_VMX_PROCBASED_CTLS3 0x492 /* K7/K8 MSRs. Not complete. See the architecture manual for a more complete list. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:22:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:22:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707706.1105855 (Exim 4.92) (envelope-from ) id 1rxArt-0000Mz-EE; Wed, 17 Apr 2024 19:22:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707706.1105855; Wed, 17 Apr 2024 19:22:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArt-0000Mr-Ba; Wed, 17 Apr 2024 19:22:53 +0000 Received: by outflank-mailman (input) for mailman id 707706; Wed, 17 Apr 2024 19:22:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArs-0000Ml-R3 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxArs-0004eo-Q7 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxArs-0008GZ-PL for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:22:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fQMXCd86hI85YwlYs1Swq77ihlg1hFbBXmsuLF2rBcA=; b=INkWHV2mAFf9LHw9ecfGWuFag4 WaWGCLwbmrPfaIjF3RsJ5e90V6SMdgo3CPc7uI6XEIeVE3QsKDn9VljnsuO85I5cj8PrJqateKY+I qjAOaQ0RV3kAhda8oCE2jbU7Q916zbD/8VLkywBD3nLEOmBrGB4gDgFuSZQF30J2iAp4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch Message-Id: Date: Wed, 17 Apr 2024 19:22:52 +0000 commit eb4b730ac68af4009913a97674837f587ae39957 Author: Andrew Cooper AuthorDate: Wed Apr 3 17:43:42 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch It turns out there is something wonky on some but not all CPUs with MSR_TSX_FORCE_ABORT. The presence of RTM_ALWAYS_ABORT causes Xen to think it's safe to offer HLE/RTM to guests, but in this case, XBEGIN instructions genuinely #UD. Spot this case and try to back out as cleanly as we can. Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich (cherry picked from commit b33f191e3ca99458fdcea1cb5a29dfa4965d1604) --- xen/arch/x86/tsx.c | 55 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 287812ec2b..2eb797e352 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -1,5 +1,6 @@ #include #include +#include #include /* @@ -9,6 +10,7 @@ * -1 => Default, altered to 0/1 (if unspecified) by: * - TAA heuristics/settings for speculative safety * - "TSX vs PCR3" select for TSX memory ordering safety + * -2 => Implicit tsx=0 (from RTM_ALWAYS_ABORT vs RTM mismatch) * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) * * This is arranged such that the bottom bit encodes whether TSX is actually @@ -122,11 +124,50 @@ void tsx_init(void) if ( cpu_has_tsx_force_abort ) { + uint64_t val; + /* - * On an early TSX-enable Skylake part subject to the memory + * On an early TSX-enabled Skylake part subject to the memory * ordering erratum, with at least the March 2019 microcode. */ + rdmsrl(MSR_TSX_FORCE_ABORT, val); + + /* + * At the time of writing (April 2024), it was discovered that + * some parts (e.g. CoffeeLake 8th Gen, 06-9e-0a, ucode 0xf6) + * advertise RTM_ALWAYS_ABORT, but XBEGIN instructions #UD. Other + * similar parts (e.g. KabyLake Xeon-E3, 06-9e-09, ucode 0xf8) + * operate as expected. + * + * In this case: + * - RTM_ALWAYS_ABORT and MSR_TSX_FORCE_ABORT are enumerated. + * - XBEGIN instructions genuinely #UD. + * - MSR_TSX_FORCE_ABORT appears to be write-discard and fails to + * hold its value. + * - HLE and RTM are not enumerated, despite + * MSR_TSX_FORCE_ABORT.TSX_CPUID_CLEAR being clear. + * + * Spot RTM being unavailable without CLEAR_CPUID being set, and + * treat it as if no TSX is available at all. This will prevent + * Xen from thinking it's safe to offer HLE/RTM to VMs. + */ + if ( val == 0 && cpu_has_rtm_always_abort && !cpu_has_rtm ) + { + printk(XENLOG_ERR + "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RTM_ALWAYS_ABORT vs RTM mismatch\n", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_mask, this_cpu(cpu_sig).rev); + + setup_clear_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + setup_clear_cpu_cap(X86_FEATURE_TSX_FORCE_ABORT); + + if ( opt_tsx < 0 ) + opt_tsx = -2; + + goto done_probe; + } + /* * Probe for the June 2021 microcode which de-features TSX on * client parts. (Note - this is a subset of parts impacted by @@ -136,15 +177,8 @@ void tsx_init(void) * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. */ - if ( !has_rtm_always_abort ) - { - uint64_t val; - - rdmsrl(MSR_TSX_FORCE_ABORT, val); - - if ( val & TSX_ENABLE_RTM ) - has_rtm_always_abort = true; - } + if ( val & TSX_ENABLE_RTM ) + has_rtm_always_abort = true; /* * If no explicit tsx= option is provided, pick a default. @@ -199,6 +233,7 @@ void tsx_init(void) setup_force_cpu_cap(X86_FEATURE_RTM); } } + done_probe: /* * Note: MSR_TSX_CTRL is enumerated on TSX-enabled MDS_NO and later parts. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:23:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:23:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707707.1105859 (Exim 4.92) (envelope-from ) id 1rxAs4-0000Q0-Fw; Wed, 17 Apr 2024 19:23:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707707.1105859; Wed, 17 Apr 2024 19:23:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAs4-0000Ps-D5; Wed, 17 Apr 2024 19:23:04 +0000 Received: by outflank-mailman (input) for mailman id 707707; Wed, 17 Apr 2024 19:23:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAs2-0000Ph-UA for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAs2-0004fU-TM for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAs2-0008HB-SX for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XCKrOkW+qkbN/irgCuSppVuj22GkSO4/TtkfVTtxDlU=; b=VQneCvuHxS9HXUHbqVZUulUT3r Pa45y2+X7xznafxHj7Of6C5aROneLAo6Ahww+r5UXpeK0qcZITM1o2ul7VRfvT0QE+GHb7clEDwo7 e6A+lmgMDxUProSjNDQiphGujPBD0w6rh3WHc5ayd0znn77gXy/xUpacvOQsq/8wNZxE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] xen/wait: Remove indirect jump Message-Id: Date: Wed, 17 Apr 2024 19:23:02 +0000 commit 1e37e4d2c0e78108e06a6661ea82b785dc5a58fe Author: Andrew Cooper AuthorDate: Fri Oct 22 16:07:07 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 xen/wait: Remove indirect jump There is no need for this to be an indirect jump at all. Execution always returns to a specific location, so use a direct jump instead. Use a named label for the jump. As both 1 and 2 have disappeared as labels, rename 3 to skip to better describe its purpose. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit f03567bd7e8efc0f667a67905862e6047babdb7a) --- xen/common/wait.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/xen/common/wait.c b/xen/common/wait.c index 24716e7676..9276d76464 100644 --- a/xen/common/wait.c +++ b/xen/common/wait.c @@ -144,18 +144,16 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) "push %%r8; push %%r9; push %%r10; push %%r11;" "push %%r12; push %%r13; push %%r14; push %%r15;" - "call 1f;" - "1: addq $2f-1b,(%%rsp);" "sub %%esp,%%ecx;" "cmp %3,%%ecx;" - "ja 3f;" + "ja .L_skip;" "mov %%rsp,%%rsi;" /* check_wakeup_from_wait() longjmp()'s to this point. */ - "2: rep movsb;" + ".L_wq_resume: rep movsb;" "mov %%rsp,%%rsi;" - "3: pop %%rax;" + ".L_skip:" "pop %%r15; pop %%r14; pop %%r13; pop %%r12;" "pop %%r11; pop %%r10; pop %%r9; pop %%r8;" "pop %%rbp; pop %%rdx; pop %%rbx; pop %%rax" @@ -204,15 +202,14 @@ void check_wakeup_from_wait(void) } /* - * Hand-rolled longjmp(). Returns to the pointer on the top of - * wqv->stack, and lands on a `rep movs` instruction. All other GPRs are - * restored from the stack, so are available for use here. + * Hand-rolled longjmp(). Returns to __prepare_to_wait(), and lands on a + * `rep movs` instruction. All other GPRs are restored from the stack, so + * are available for use here. */ asm volatile ( - "mov %1,%%"__OP"sp; INDIRECT_JMP %[ip]" + "mov %1,%%"__OP"sp; jmp .L_wq_resume;" : : "S" (wqv->stack), "D" (wqv->esp), - "c" ((char *)get_cpu_info() - (char *)wqv->esp), - [ip] "r" (*(unsigned long *)wqv->stack) + "c" ((char *)get_cpu_info() - (char *)wqv->esp) : "memory" ); unreachable(); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:23:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:23:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707708.1105862 (Exim 4.92) (envelope-from ) id 1rxAsE-0000U7-HN; Wed, 17 Apr 2024 19:23:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707708.1105862; Wed, 17 Apr 2024 19:23:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsE-0000Tz-Er; Wed, 17 Apr 2024 19:23:14 +0000 Received: by outflank-mailman (input) for mailman id 707708; Wed, 17 Apr 2024 19:23:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsD-0000To-0w for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsD-0004fd-08 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAsC-0008Hj-VY for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+3GIcmd5GwF4vmh+Lr+95ux+LpwDUXSLGRiiLCK4B8c=; b=X2213d7mr5tzz32HOxj8R+Mw1K JrY3eYKqXjTl2cIZqVKhElYmHMyfPhwB0Kp3Ucg95/oOKESQ/f2mgXTZcVZQsRBBqkR3dq+Cc89O1 mtqTjMPC/0RDtlL2l7gSN2v157FE4FbZe6aI3K0N7899ia/hpYb5JCYExM/84SackYlk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests Message-Id: Date: Wed, 17 Apr 2024 19:23:12 +0000 commit 13e7c5a9f1b4a6fab563a5994487fc60778073d5 Author: Andrew Cooper AuthorDate: Tue Apr 9 15:03:05 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests All of these are prediction-mode (i.e. CPL) based. They don't operate as advertised in PV context. Fixes: 4dd676070684 ("x86/spec-ctrl: Expose IPRED_CTRL to guests") Fixes: 478e4787fa64 ("x86/spec-ctrl: Expose RRSBA_CTRL to guests") Fixes: 583f1d095052 ("x86/spec-ctrl: Expose BHI_CTRL to guests") Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 4b3da946ad7e3452761478ae683da842e7ff20d6) --- xen/include/public/arch-x86/cpufeatureset.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 6e9fbcc38c..0139c1a81f 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -301,9 +301,9 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*S MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*S MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*S MSR_SPEC_CTRL.BHI_DIS_S */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:23:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:23:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707709.1105868 (Exim 4.92) (envelope-from ) id 1rxAsO-0000Wj-J3; Wed, 17 Apr 2024 19:23:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707709.1105868; Wed, 17 Apr 2024 19:23:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsO-0000Wb-GJ; Wed, 17 Apr 2024 19:23:24 +0000 Received: by outflank-mailman (input) for mailman id 707709; Wed, 17 Apr 2024 19:23:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsN-0000WT-47 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsN-0004fk-3L for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAsN-0008ID-2P for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=L7zS1wNKSJ/6sh/uXF+XMLUsHWpUYXcS59JLMsUIbJo=; b=ZW68S7RnW98Ep73Vpj/7GlpHhj 3qpkPA9CrJpo4Y+0A+Rh+UFdQzic2R/HyRJqsz+RMo6Phm7C5TRgfm4PsPLchon6zvNta2KOO27x/ LShG0gPPuVBPbywFsILT/8GEO7V3DCKU+tvYk5/+NobiHv6svNvKXDRbqvsOq42BAwMc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional Message-Id: Date: Wed, 17 Apr 2024 19:23:23 +0000 commit 3fbd85d08734214aa48a003e3430b8ada0c232e4 Author: Andrew Cooper AuthorDate: Mon Jul 18 14:15:08 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional The logic was written this way out of an abundance of caution, but the reality is that AMD parts don't currently have the RAS-flushing side effect, nor do they intend to gain it. This removes one WRMSR from the VMExit path by default on Zen2 systems. Fixes: 614cec7d79d7 ("x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c16a9eda77b2089206d5bc39ab6488c3793e11bf) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index d1ca530315..1974eaff97 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -114,15 +114,15 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl - /* - * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] - * flushing side effect. - */ - mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:23:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:23:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707710.1105871 (Exim 4.92) (envelope-from ) id 1rxAsY-0000dQ-Ln; Wed, 17 Apr 2024 19:23:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707710.1105871; Wed, 17 Apr 2024 19:23:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsY-0000dI-J9; Wed, 17 Apr 2024 19:23:34 +0000 Received: by outflank-mailman (input) for mailman id 707710; Wed, 17 Apr 2024 19:23:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsX-0000a4-7l for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsX-0004fr-74 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAsX-0008Ii-6A for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5kGGdir/kH6DfTG3onr4fWrFiR2JTd2m52OdRMQkBjw=; b=E+rjmVnG6pkAUiHJuHWOR9b/IR s53LFZP6BTW6VEYjfJe7XqtVY7pPmk/mSFmjfTdELdnobjTU23bWFsReFOUyRMSSmg41tOEX2mlbD Fkomtj70F08X+RuEYTEQfM6vfwPdfqBTyQzoXp8tFgQ2/LHqv02YOUKENVNVI7aTO9ms=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Rename spec_ctrl_flags to scf Message-Id: Date: Wed, 17 Apr 2024 19:23:33 +0000 commit bd436736f7350f302144c12ec82e3256c9872d8a Author: Andrew Cooper AuthorDate: Thu Mar 28 11:57:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Rename spec_ctrl_flags to scf XSA-455 was ultimately caused by having fields with too-similar names. Both {xen,last}_spec_ctrl are fields containing an architectural MSR_SPEC_CTRL value. The spec_ctrl_flags field contains Xen-internal flags. To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which is also the prefix of the constants used by the fields. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit c62673c4334b3372ebd4292a7ac8185357e7ea27) --- xen/arch/x86/acpi/power.c | 4 ++-- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/setup.c | 2 +- xen/arch/x86/spec_ctrl.c | 18 +++++++++--------- xen/arch/x86/x86_64/asm-offsets.c | 2 +- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 2 +- xen/include/asm-x86/current.h | 2 +- xen/include/asm-x86/domain.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 16 ++++++++-------- xen/include/asm-x86/spec_ctrl_asm.h | 22 +++++++++++----------- 14 files changed, 44 insertions(+), 44 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 1a7baeebe6..4d6650f407 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,7 @@ static int enter_state(u32 state) ci = get_cpu_info(); /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_IST_MASK; + ci->scf &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,7 +290,7 @@ static int enter_state(u32 state) panic("Missing previously available feature(s)\n"); /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); + ci->scf |= (default_scf & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 711e52f75f..684d105862 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2069,10 +2069,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the new spec_ctrl settings. */ - info->spec_ctrl_flags = - (info->spec_ctrl_flags & ~SCF_DOM_MASK) | - (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); + /* Update the top-of-stack block with the new speculation settings. */ + info->scf = + (info->scf & ~SCF_DOM_MASK) | + (nextd->arch.scf & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 1974eaff97..73c35bc27d 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index cdde76e138..4ee529c57a 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -111,7 +111,7 @@ UNLIKELY_END(realmode) BUILD_BUG_ON(SCF_verw & ~0xff) movzbl VCPU_vmx_launched(%rbx), %ecx shl $31, %ecx - movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax + movzbl CPUINFO_scf(%rsp), %eax and $SCF_verw, %eax or %eax, %ecx diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 888239ce0f..0c87966f2a 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1388,7 +1388,7 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); - if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + if ( !rc && (d->arch.scf & SCF_entry_ibpb) ) rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, VMX_MSR_HOST); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 63156eaf26..c32b835fe5 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1994,7 +1994,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b24c36c99e..34a83e8ce1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,7 @@ static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; uint8_t __read_mostly default_xen_spec_ctrl; -uint8_t __read_mostly default_spec_ctrl_flags; +uint8_t __read_mostly default_scf; paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; static bool __initdata cpu_has_bug_l1tf; @@ -1052,7 +1052,7 @@ static void __init ibpb_calculations(void) * NMI/#MC, so can't interrupt Xen ahead of having already flushed the * BTB. */ - default_spec_ctrl_flags |= SCF_ist_ibpb; + default_scf |= SCF_ist_ibpb; } if ( opt_ibpb_entry_hvm ) setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); @@ -1553,7 +1553,7 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); - d->arch.spec_ctrl_flags = + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | 0; @@ -1658,7 +1658,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1669,7 +1669,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1756,7 +1756,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } /* @@ -1779,7 +1779,7 @@ void __init init_speculation_mitigations(void) * possible rogue RSB speculation. */ if ( !cpu_has_svm ) - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } srso_calculations(hw_smt_enabled); @@ -1792,7 +1792,7 @@ void __init init_speculation_mitigations(void) if ( opt_eager_fpu == -1 ) opt_eager_fpu = should_use_eager_fpu(); - /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ + /* (Re)init BSP state now that default_scf has been calculated. */ init_shadow_spec_ctrl_state(); /* @@ -2064,7 +2064,7 @@ void __init init_speculation_mitigations(void) { info->shadow_spec_ctrl = 0; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); } diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index e3a38ae967..73fd42889d 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -152,7 +152,7 @@ void __dummy__(void) OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); - OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); + OFFSET(CPUINFO_scf, struct cpu_info, scf); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info)); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index becc7f1bb2..add2616954 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -168,8 +168,8 @@ ENTRY(compat_restore_all_guest) /* Account for ev/ec having already been popped off the stack. */ SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) + scf=STK_REL(CPUINFO_scf, CPUINFO_rip), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) .Lft0: iretq _ASM_PRE_EXTABLE(.Lft0, handle_exception) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index d855d4d1d7..f5d36f835e 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -626,7 +626,7 @@ UNLIKELY_END(exit_cr3) /* * When the CPU pushed this exception frame, it zero-extended eflags. * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of - * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs, + * scf and ver_sel above eflags, as we can't use any GPRs, * and we're at a random place on the stack, not in a CPUFINFO block. * * Account for ev/ec having already been popped off the stack. diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 8ea4aecc5e..138ad63165 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -57,7 +57,7 @@ struct cpu_info { unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; + uint8_t scf; /* SCF_* */ /* * The following field controls copying of the L4 page table of 64-bit diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index e2ad2957ee..7901cfd6c6 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -319,7 +319,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ + uint8_t scf; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index e400ff2273..dfe7b37795 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -21,10 +21,10 @@ #define __X86_SPEC_CTRL_H__ /* - * Encoding of: - * cpuinfo.spec_ctrl_flags - * default_spec_ctrl_flags - * domain.spec_ctrl_flags + * Encoding of Xen's speculation control flags in: + * cpuinfo.scf + * default_scf + * domain.scf * * Live settings are in the top-of-stack block, because they need to be * accessable when XPTI is active. Some settings are fixed from boot, some @@ -95,7 +95,7 @@ extern bool opt_branch_harden; extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; -extern uint8_t default_spec_ctrl_flags; +extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; @@ -114,7 +114,7 @@ static inline void init_shadow_spec_ctrl_state(void) info->shadow_spec_ctrl = 0; info->xen_spec_ctrl = default_xen_spec_ctrl; - info->spec_ctrl_flags = default_spec_ctrl_flags; + info->scf = default_scf; /* * For least latency, the VERW selector should be a writeable data @@ -138,7 +138,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) */ info->shadow_spec_ctrl = val; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); @@ -172,7 +172,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. */ - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9704a22d5b..d015e2df5f 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -51,7 +51,7 @@ * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow - * boolean in the per cpu spec_ctrl_flags. The synchronous use is: + * boolean in the per cpu scf. The synchronous use is: * * 1) Store guest value in shadow_spec_ctrl * 2) Set the use_shadow boolean @@ -98,11 +98,11 @@ * interrupting Xen. */ .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) .endif jz .L\@_skip @@ -172,8 +172,8 @@ #define STK_REL(field, top_of_stk) ((field) - (top_of_stk)) .macro SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) + scf=STK_REL(CPUINFO_scf, CPUINFO_error_code), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) /* * Requires \scf and \sel as %rsp-relative expressions * Clobbers eflags @@ -228,10 +228,10 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else - andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + andb $~SCF_use_shadow, CPUINFO_scf(%rsp) movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax .endif @@ -250,7 +250,7 @@ mov %eax, CPUINFO_shadow_spec_ctrl(%rsp) /* Set SPEC_CTRL shadowing *before* loading the guest value. */ - orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + orb $SCF_use_shadow, CPUINFO_scf(%rsp) mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx @@ -328,7 +328,7 @@ * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -353,7 +353,7 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx @@ -387,7 +387,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs * Clobbers %rax, %rbx, %rcx, %rdx */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx testb $SCF_ist_sc_msr, %bl jz .L\@_skip_sc_msr -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:23:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:23:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707711.1105875 (Exim 4.92) (envelope-from ) id 1rxAsi-000141-NL; Wed, 17 Apr 2024 19:23:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707711.1105875; Wed, 17 Apr 2024 19:23:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsi-00013t-Kh; Wed, 17 Apr 2024 19:23:44 +0000 Received: by outflank-mailman (input) for mailman id 707711; Wed, 17 Apr 2024 19:23:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsh-00013l-Aq for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsh-0004fz-A7 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAsh-0008JD-9L for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lW1fY5iVV3MglsxYr0YOH67XoenQdInZxt69oZOkrpk=; b=eCZy6ndGXW0bgsJKNIz1nIWKrx 3lPsZHx+3HWw/zgbx65AOKqVF4AuwG8D8XefcUIEvO999Auh1YVJGvahbRF/u+lmVMCcZKICL2PTV 0gk5bY0b+XQE75467oZMtW2By20ha9IHGftplLREY+OP8c7lV+r8USq+ENqkvZgVoPAk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Message-Id: Date: Wed, 17 Apr 2024 19:23:43 +0000 commit 0cf958a47f1486ca911d16bf294a37f6b6f93667 Author: Andrew Cooper AuthorDate: Fri Mar 22 11:41:41 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Right now, we have a mix of safety strategies in different blocks, making the logic fragile and hard to follow. Start addressing this by having a safety LFENCE at the end of the blocks, which can be patched out if other safety criteria are met. This will allow us to simplify the sub-blocks. For SPEC_CTRL_ENTRY_FROM_IST, simply leave an LFENCE unconditionally at the end; the IST path is not a fast-path by any stretch of the imagination. For SPEC_CTRL_ENTRY_FROM_INTR, the existing description was incorrect. The IRET #GP path is non-fatal but can occur with the guest's choice of MSR_SPEC_CTRL. It is safe to skip the flush/barrier-like protections when interrupting Xen, but we must run DO_SPEC_CTRL_ENTRY irrespective. This will skip RSB stuffing which was previously unconditional even when interrupting Xen. AFAICT, this is a missing cleanup from commit 3fffaf9c13e9 ("x86/entry: Avoid using alternatives in NMI/#MC paths") where we split the IST entry path out of the main INTR entry path. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 94896de1a98c4289fe6fef9e16ef99fc6ef2efc4) --- xen/arch/x86/hvm/vmx/entry.S | 1 + xen/arch/x86/spec_ctrl.c | 52 +++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/cpufeatures.h | 4 +++ xen/include/asm-x86/spec_ctrl_asm.h | 27 ++++++++++--------- 4 files changed, 72 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 4ee529c57a..8d5b683879 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -43,6 +43,7 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 34a83e8ce1..d2fef8d1ba 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2040,6 +2040,58 @@ void __init init_speculation_mitigations(void) print_details(thunk); + /* + * With the alternative blocks now chosen, see if we need any other + * adjustments for safety. + * + * We compile the LFENCE in, and patch it out if it's not needed. + * + * Notes: + * - SPEC_CTRL_ENTRY_FROM_SVM doesn't need an LFENCE because it has an + * unconditional STGI. + * - SPEC_CTRL_ENTRY_FROM_IST handles its own safety, without the use of + * alternatives. + * - DO_OVERWRITE_RSB has conditional branches in it, but it's an inline + * sequence. It is considered safe for uarch reasons. + */ + { + /* + * SPEC_CTRL_ENTRY_FROM_PV conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we're not using any prior conditional mitigation, + * then it's safe to drop the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); + + /* + * SPEC_CTRL_ENTRY_FROM_INTR conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we have no protections active in the block that + * is skipped when interrupting guest context, then it's safe to drop + * the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); + + /* + * SPEC_CTRL_ENTRY_FROM_VMX conditional safety + * + * Currently there are no safety actions with conditional branches, so + * no need for the extra safety LFENCE. + */ + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + } + /* * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard * any firmware settings. For performance reasons, when safe to do so, we diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 24a182d37f..0ca203530d 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -51,5 +51,9 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_BUG_CLFLUSH_MFENCE X86_BUG( 2) /* MFENCE needed to serialise CLFLUSH */ #define X86_BUG_IBPB_NO_RET X86_BUG( 3) /* IBPB doesn't flush the RSB/RAS */ +#define X86_SPEC_NO_LFENCE_ENTRY_PV X86_BUG(16) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_PV. */ +#define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ +#define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index d015e2df5f..150159e782 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -273,25 +273,37 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm /* * Used after an exception or maskable interrupt, hitting Xen or PV context. - * There will either be a guest speculation context, or (barring fatal - * exceptions) a well-formed Xen speculation context. + * There will either be a guest speculation context, or a well-formed Xen + * speculation context, with the exception of one case. IRET #GP handling may + * have a guest choice of MSR_SPEC_CTRL. + * + * Therefore, we can skip the flush/barrier-like protections when hitting Xen, + * but we must still run the mode-based protections. */ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rcx, %rdx */ + testb $3, UREGS_cs(%rsp) + jz .L\@_skip + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV +.L\@_skip: ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm /* @@ -360,18 +372,9 @@ movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr - /* Opencoded UNLIKELY_START() with no condition. */ -UNLIKELY_DISPATCH_LABEL(\@_serialise): - .subsection 1 - /* - * In the case that we might need to set SPEC_CTRL.IBRS for safety, we - * need to ensure that an attacker can't poison the `jz .L\@_skip_wrmsr` - * to speculate around the WRMSR. As a result, we need a dispatch - * serialising instruction in the else clause. - */ .L\@_skip_msr_spec_ctrl: + lfence - UNLIKELY_END(\@_serialise) .endm /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:23:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:23:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707712.1105880 (Exim 4.92) (envelope-from ) id 1rxAss-0001N2-QQ; Wed, 17 Apr 2024 19:23:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707712.1105880; Wed, 17 Apr 2024 19:23:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAss-0001Mg-MC; Wed, 17 Apr 2024 19:23:54 +0000 Received: by outflank-mailman (input) for mailman id 707712; Wed, 17 Apr 2024 19:23:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsr-0001IT-Dv for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAsr-0004g8-D2 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAsr-0008Je-CK for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:23:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1JvZGj456SnLRP5Ut4wFegaYF1lFqswm818Ms+FjAKM=; b=Cl7r39qVq3XsKEJ2iS5n/pI7hK DbNDy4S1MDn6TVkmlvS1npI0s3ZoZyaeds4yon9+/MylQOeHMtzKKJqiKEP52S9a5epH8hxmDB5/y JViuscJzuNWl2W/BuOPMqNtt3j7bAZ/tM3kVajmEJJKj0PP7TzOfs9UQy0sjpG41c/qs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Message-Id: Date: Wed, 17 Apr 2024 19:23:53 +0000 commit 4123cb4e8309bcacaf943c7e41e2416c99284918 Author: Andrew Cooper AuthorDate: Fri Mar 22 15:52:06 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Other SPEC_CTRL_* paths already use %r14 like this, and it will allow for simplifications. All instances of SPEC_CTRL_ENTRY_FROM_PV are followed by a GET_STACK_END() invocation, so this change is only really logic and register shuffling. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22390697bf1b4cd3024f2d10893dec3c3ec08a9c) --- xen/arch/x86/x86_64/compat/entry.S | 15 +++++++++------ xen/arch/x86/x86_64/entry.S | 33 ++++++++++++++++++--------------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index add2616954..19a20aec63 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,6 +20,8 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, EFRAME_entry_vector(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ @@ -27,7 +29,7 @@ ENTRY(entry_int82) CR4_PV32_RESTORE - GET_CURRENT(bx) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov %rsp, %rdi call do_entry_int82 @@ -223,23 +225,24 @@ ENTRY(cstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lcstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lcstar_cr3_okay: sti CR4_PV32_RESTORE - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx movq VCPU_domain(%rbx),%rcx cmpb $0,DOMAIN_is_32bit_pv(%rcx) je switch_to_kernel diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index f5d36f835e..45c8644069 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -266,21 +266,22 @@ ENTRY(lstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Llstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Llstar_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx testb $TF_kernel_mode,VCPU_thread_flags(%rbx) jz switch_to_kernel @@ -304,23 +305,24 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lsyse_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl @@ -356,17 +358,18 @@ ENTRY(int80_direct_trap) movl $0x80, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lint80_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lint80_cr3_okay: sti @@ -376,7 +379,7 @@ UNLIKELY_START(ne, msi_check) call check_for_unexpected_msi UNLIKELY_END(msi_check) - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov VCPU_trap_ctxt(%rbx), %rsi mov VCPU_domain(%rbx), %rax -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:24:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:24:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707713.1105883 (Exim 4.92) (envelope-from ) id 1rxAt2-0001Wb-Rs; Wed, 17 Apr 2024 19:24:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707713.1105883; Wed, 17 Apr 2024 19:24:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAt2-0001WT-PH; Wed, 17 Apr 2024 19:24:04 +0000 Received: by outflank-mailman (input) for mailman id 707713; Wed, 17 Apr 2024 19:24:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAt1-0001WI-Gp for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAt1-0004gi-G9 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAt1-0008Ky-FL for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RZvRmj1J6r7kaxJMxLrqHUUBX3ORrLdLX7KSzBqeCJg=; b=YAn2KMpg27vIMlVfJm4fawxflO QX+bqV/BnVkGTf/UC60EFnTnSnmIsTWfSPB47wR9/Y7apadFRlqe64uS8zmGAKMMsCA51Aox04Ev/ 6UvwYjNcROvAyLSudhHMLyaJ3htO6XUBmlN1g5ANW1tbMfhvIJfxtsJA7TrHfi/xn0v8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} Message-Id: Date: Wed, 17 Apr 2024 19:24:03 +0000 commit 38b55be646e885e283134c51faa014507c8102fd Author: Andrew Cooper AuthorDate: Fri Mar 22 12:08:02 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} ... as we do in the exit paths too. This will allow simplification to the sub-blocks. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9607aeb6602b8ed9962404de3f5f90170ffddb66) --- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 10 +++++----- xen/include/asm-x86/spec_ctrl_asm.h | 10 +++++++--- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 19a20aec63..2728ea7b49 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -22,7 +22,7 @@ ENTRY(entry_int82) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ sti @@ -227,7 +227,7 @@ ENTRY(cstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 45c8644069..8f07eb0877 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -268,7 +268,7 @@ ENTRY(lstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -307,7 +307,7 @@ GLOBAL(sysenter_eflags_saved) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ @@ -360,7 +360,7 @@ ENTRY(int80_direct_trap) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -646,7 +646,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -680,7 +680,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 150159e782..b583fd3ed4 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -263,9 +263,11 @@ */ .macro SPEC_CTRL_ENTRY_FROM_PV /* - * Requires %rsp=regs/cpuinfo, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs/cpuinfo, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ X86_FEATURE_IBPB_ENTRY_PV @@ -289,8 +291,10 @@ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + testb $3, UREGS_cs(%rsp) jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:24:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:24:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707718.1105898 (Exim 4.92) (envelope-from ) id 1rxAtD-0001q4-4j; Wed, 17 Apr 2024 19:24:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707718.1105898; Wed, 17 Apr 2024 19:24:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtD-0001pw-1t; Wed, 17 Apr 2024 19:24:15 +0000 Received: by outflank-mailman (input) for mailman id 707718; Wed, 17 Apr 2024 19:24:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtB-0001pK-Ji for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtB-0004gx-Iv for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAtB-0008Lh-IH for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=alW1p6UfyXFo5zf5ksoRq2QWRNFIYVGbrIWhvdYxMIA=; b=Mf36SMwX/UDN/1mmLPjSVEfSMy Rp4iovHmyz2AynCBWb/QUXfwMEhuFJwt1ETEn8dvj2I3YSiESoOaYbs+9JYkoHsmjLL+RsRcq1gnk CmnrfZP4YIQ9FpsjpyS2mn18tqVVeBjecytGTpd+6OIHRDLDqon9ahVDWgxo67p7R0wo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Simplify DO_COND_IBPB Message-Id: Date: Wed, 17 Apr 2024 19:24:13 +0000 commit 4d870d3c2761ff6593c73b37acd11b446350f660 Author: Andrew Cooper AuthorDate: Fri Mar 22 14:33:17 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Simplify DO_COND_IBPB With the prior refactoring, SPEC_CTRL_ENTRY_{PV,INTR} both load SCF into %ebx, and handle the conditional safety including skipping if interrupting Xen. Therefore, we can drop the maybexen parameter and the conditional safety. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 2378d16a931de0e62c03669169989e9437306abe) --- xen/include/asm-x86/spec_ctrl_asm.h | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index b583fd3ed4..dc166f60dc 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -87,33 +87,21 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ -.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +.macro DO_COND_IBPB /* - * Requires %rsp=regs (also cpuinfo if !maybexen) - * Requires %r14=stack_end (if maybexen), %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rbx=SCF, %rdx=0 + * Clobbers %rax, %rcx * - * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen - * case, we can safely look at UREGS_cs to skip taking the hit when - * interrupting Xen. + * Conditionally issue IBPB if SCF_entry_ibpb is active. */ - .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) - jz .L\@_skip - testb $3, UREGS_cs(%rsp) - .else - testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) - .endif + testb $SCF_entry_ibpb, %bl jz .L\@_skip mov $MSR_PRED_CMD, %ecx mov $PRED_CMD_IBPB, %eax wrmsr - jmp .L\@_done .L\@_skip: - lfence -.L\@_done: .endm .macro DO_OVERWRITE_RSB tmp=rax @@ -268,8 +256,7 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -298,8 +285,7 @@ testb $3, UREGS_cs(%rsp) jz .L\@_skip - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -339,7 +325,7 @@ * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of: - * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_COND_IBPB * DO_OVERWRITE_RSB * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:24:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:24:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707719.1105902 (Exim 4.92) (envelope-from ) id 1rxAtN-00020B-7G; Wed, 17 Apr 2024 19:24:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707719.1105902; Wed, 17 Apr 2024 19:24:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtN-000203-3G; Wed, 17 Apr 2024 19:24:25 +0000 Received: by outflank-mailman (input) for mailman id 707719; Wed, 17 Apr 2024 19:24:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtL-0001zT-Mm for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtL-0004h4-M1 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAtL-0008MA-LG for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kbudC0a/4lM3/1QvgmF8MhwKRJ2lN0DyBDdgMt8gw2I=; b=WUvJjGNnV6kFfhAMSF2qvjwnwR aNca15onYdNmWE7k9/bl2F4wMhtMKFhS98GAcPk5sDk1fXDZ5/pQ9xtHuKlchaNYTdVJ4Eq1hik2b fSfBCww9Kk5ac8gMCl+/HOf86ChOcigepQIJYeYcsJL6renh7RtlQC0aWTaaa4NfQS/w=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* Message-Id: Date: Wed, 17 Apr 2024 19:24:23 +0000 commit 9591349d8bf8d191ea59992b1e0a4b42cdfebc77 Author: Andrew Cooper AuthorDate: Mon Mar 25 11:09:35 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* The complexity is getting out of hand. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 40dea83b75386cb693481cf340024ce093be5c0f) --- xen/arch/x86/hvm/svm/entry.S | 14 +++++++++ xen/arch/x86/hvm/vmx/entry.S | 14 +++++++++ xen/include/asm-x86/spec_ctrl_asm.h | 59 +++++++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 73c35bc27d..19a148ee32 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -100,6 +100,11 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular + * making type-confused RETs safe to use. This is not needed on Zen5 + * and later parts when SRSO_MSR_FIX (BP-SPEC-REDUCE) is in use. + */ .macro svm_vmexit_cond_ibpb testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb @@ -111,8 +116,17 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + /* + * RSB (RAS/RAP) stuffing is to prevents RET predictions following guest + * entries. This is not needed on Zen4 and later, when AutoIBRS is in + * use. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting, making indirect CALLs/JMPs + * safe to use. The guest's setting resides in the VMCB. + */ .macro svm_vmexit_spec_ctrl movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax movzbl CPUINFO_last_spec_ctrl(%rsp), %edx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 8d5b683879..008d76a6e1 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -34,8 +34,22 @@ ENTRY(vmx_asm_vmexit_handler) mov %rax,VCPU_hvm_guest_cr2(%rbx) /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* + * RSB stuffing is to prevents RET predictions following guest + * entries. This is *not* sufficient to flush all RSB entries on + * parts enumerating eIBRS, although the following restore_spec_ctrl + * does covers us. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting. The guest's value resides in + * the MSR load/save list. For Legacy IBRS, this flushes/inhibits + * indirect predictions and does not flush the RSB. For eIBRS, this + * prevents CALLs/JMPs using predictions learnt at a lower predictor + * mode, and it flushes the RSB. On eIBRS parts that also suffer from + * PBRSB, the prior RSB stuffing suffices to make the RSB safe. + */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index dc166f60dc..741915d90c 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -256,10 +256,32 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. + */ ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * This is not needed if SMEP is active and the RSB is full-width. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. The + * guest can't change it's value behind Xen's back. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. + */ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV @@ -282,6 +304,14 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * All safety notes the same as SPEC_CTRL_ENTRY_FROM_PV, although there is + * a conditional jump skipping some actions when interrupting Xen. + * + * On Intel parts, the IRET #GP path ends up here with the guest's choice + * of MSR_SPEC_CTRL. + */ + testb $3, UREGS_cs(%rsp) jz .L\@_skip @@ -332,6 +362,19 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. The SVM path takes care of + * Host/Guest interactions prior to clearing GIF, and it's not used on the + * VMX path. + */ test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -341,6 +384,12 @@ .L\@_skip_ibpb: + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * SCF_ist_rsb is active if either PV or HVM protections are needed. The + * VMX path cannot guarantee to make the RSB safe ahead of taking an IST + * vector. + */ test $SCF_ist_rsb, %bl jz .L\@_skip_rsb @@ -348,6 +397,16 @@ .L\@_skip_rsb: + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. PV + * guests can't change their value behind Xen's back. HVM guests have + * their value stored in the MSR load/save list. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. On eIBRS parts that also + * suffer from PBRSB, the prior RSB stuffing suffices to make the RSB + * safe. + */ test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:24:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:24:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707721.1105905 (Exim 4.92) (envelope-from ) id 1rxAtX-00026S-8C; Wed, 17 Apr 2024 19:24:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707721.1105905; Wed, 17 Apr 2024 19:24:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtX-00026L-4h; Wed, 17 Apr 2024 19:24:35 +0000 Received: by outflank-mailman (input) for mailman id 707721; Wed, 17 Apr 2024 19:24:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtV-000263-Pw for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtV-0004ik-PH for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAtV-0008Me-OZ for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QTz3yNEdP57lzxFQ64/SSIn+SCVO3OOHU+42IYDPrlg=; b=fX9lfAwlBcXHD8sqof0/ganDqm 0ihdRk6Y6obugGNrTh1vDaMZc2RMNcEloz7FXp+/G6tkUtNos01SW3clCQdiFaUSinkVQeci45XsO htJe8DaH4zaauxNQI8mJ94zDDGXV4QsDvGClPxIknUQGFDJRRZih45Q0ScCO/bDsgooc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/vmx: Add support for virtualize SPEC_CTRL Message-Id: Date: Wed, 17 Apr 2024 19:24:33 +0000 commit 598e010adaabc22a434bead255ded2c64a5fba49 Author: Roger Pau Monne AuthorDate: Thu Feb 15 17:46:53 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/vmx: Add support for virtualize SPEC_CTRL The feature is defined in the tertiary exec control, and is available starting from Sapphire Rapids and Alder Lake CPUs. When enabled, two extra VMCS fields are used: SPEC_CTRL mask and shadow. Bits set in mask are not allowed to be toggled by the guest (either set or clear) and the value in the shadow field is the value the guest expects to be in the SPEC_CTRL register. By using it the hypervisor can force the value of SPEC_CTRL bits behind the guest back without having to trap all accesses to SPEC_CTRL, note that no bits are forced into the guest as part of this patch. It also allows getting rid of SPEC_CTRL in the guest MSR load list, since the value in the shadow field will be loaded by the hardware on vmentry. Signed-off-by: Roger Pau Monné Signed-off-by: Andrew Cooper (cherry picked from commit 97c5b8b657e41a6645de9d40713b881234417b49) --- xen/arch/x86/hvm/vmx/vmcs.c | 12 ++++++++- xen/arch/x86/hvm/vmx/vmx.c | 55 ++++++++++++++++++++++++++++++++------ xen/include/asm-x86/hvm/vmx/vmcs.h | 5 ++++ xen/include/asm-x86/msr.h | 7 +++-- 4 files changed, 68 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 0c87966f2a..3d3bfce1b4 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -210,6 +210,7 @@ static void __init vmx_display_features(void) P(cpu_has_vmx_virt_exceptions, "Virtualisation Exceptions"); P(cpu_has_vmx_pml, "Page Modification Logging"); P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); + P(cpu_has_vmx_virt_spec_ctrl, "Virtualize SPEC_CTRL"); #undef P if ( !printed ) @@ -370,7 +371,7 @@ static int vmx_init_vmcs_config(bool bsp) if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) { - uint64_t opt = 0; + uint64_t opt = TERTIARY_EXEC_VIRT_SPEC_CTRL; _vmx_tertiary_exec_control = adjust_vmx_controls2( "Tertiary Exec Control", 0, opt, @@ -1379,6 +1380,12 @@ static int construct_vmcs(struct vcpu *v) if ( cpu_has_vmx_tsc_scaling ) __vmwrite(TSC_MULTIPLIER, d->arch.hvm.tsc_scaling_ratio); + if ( cpu_has_vmx_virt_spec_ctrl ) + { + __vmwrite(SPEC_CTRL_MASK, 0); + __vmwrite(SPEC_CTRL_SHADOW, 0); + } + /* will update HOST & GUEST_CR3 as reqd */ paging_update_paging_modes(v); @@ -2089,6 +2096,9 @@ void vmcs_dump_vcpu(struct vcpu *v) if ( v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY ) printk("InterruptStatus = %04x\n", vmr16(GUEST_INTR_STATUS)); + if ( cpu_has_vmx_virt_spec_ctrl ) + printk("SPEC_CTRL mask = 0x%016lx shadow = 0x%016lx\n", + vmr(SPEC_CTRL_MASK), vmr(SPEC_CTRL_SHADOW)); printk("*** Host State ***\n"); printk("RIP = 0x%016lx (%ps) RSP = 0x%016lx\n", diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index a7f9fefa8c..f15baef8ad 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -618,23 +618,28 @@ static void vmx_cpuid_policy_changed(struct vcpu *v) /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored. + * + * If VMX_VIRT_SPEC_CTRL is available, it is activated by default and the + * guest MSR_SPEC_CTRL value lives in the VMCS. Otherwise, it lives in + * the MSR load/save list. */ if ( cp->feat.ibrsb ) { vmx_clear_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); - if ( rc ) - goto out; + if ( !cpu_has_vmx_virt_spec_ctrl ) + { + rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); + if ( rc ) + goto out; + } } else { vmx_set_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); - if ( rc && rc != -ESRCH ) - goto out; - rc = 0; /* Tolerate -ESRCH */ + if ( !cpu_has_vmx_virt_spec_ctrl ) + vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ @@ -2444,9 +2449,14 @@ static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) uint64_t val = 0; int rc; + /* Logic which doesn't require remote VMCS acquisition. */ switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - fetched below. */ + break; + rc = vmx_read_guest_msr(v, reg, &val); if ( rc ) { @@ -2455,13 +2465,26 @@ static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) domain_crash(d); } return val; + } + + /* Logic which maybe requires remote VMCS acquisition. */ + vmx_vmcs_enter(v); + switch ( reg ) + { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmread(SPEC_CTRL_SHADOW, &val); + break; default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); domain_crash(d); - return 0; + break; } + vmx_vmcs_exit(v); + + return val; } static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) @@ -2469,9 +2492,14 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) struct domain *d = v->domain; int rc; + /* Logic which doesn't require remote VMCS acquisition. */ switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - set below. */ + break; + rc = vmx_write_guest_msr(v, reg, val); if ( rc ) { @@ -2480,12 +2508,23 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) domain_crash(d); } break; + } + + /* Logic which maybe requires remote VMCS acquisition. */ + vmx_vmcs_enter(v); + switch ( reg ) + { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmwrite(SPEC_CTRL_SHADOW, val); + break; default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); domain_crash(d); } + vmx_vmcs_exit(v); } static struct hvm_function_table __initdata vmx_function_table = { diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 9b246b802b..2b4de99ed4 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -279,6 +279,9 @@ extern u32 vmx_secondary_exec_control; #define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) extern uint64_t vmx_tertiary_exec_control; +#define cpu_has_vmx_virt_spec_ctrl \ + (vmx_tertiary_exec_control & TERTIARY_EXEC_VIRT_SPEC_CTRL) + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -436,6 +439,8 @@ enum vmcs_field { XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, TERTIARY_VM_EXEC_CONTROL = 0x00002034, + SPEC_CTRL_MASK = 0x0000204a, + SPEC_CTRL_SHADOW = 0x0000204c, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index c37b9e771b..a7ad9bd189 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -289,8 +289,11 @@ struct vcpu_msrs * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. * - * For VT-x guests, the guest value is held in the MSR guest load/save - * list. + * For VT-x guests, one of two situations exist: + * + * - If hardware supports virtualized MSR_SPEC_CTRL, it is active by + * default and the guest value lives in the VMCS. + * - Otherwise, the guest value is held in the MSR load/save list. * * For SVM, the guest value lives in the VMCB, and hardware saves/restores * the host value automatically. However, guests run with the OR of the -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:24:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:24:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707723.1105910 (Exim 4.92) (envelope-from ) id 1rxAth-0002BO-BA; Wed, 17 Apr 2024 19:24:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707723.1105910; Wed, 17 Apr 2024 19:24:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAth-0002BH-7t; Wed, 17 Apr 2024 19:24:45 +0000 Received: by outflank-mailman (input) for mailman id 707723; Wed, 17 Apr 2024 19:24:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtf-0002B6-T1 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtf-0004ir-SF for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAtf-0008NK-Rb for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3djpRZFF28roaEN8CXzSQ02Xholt/sQZoa3kKhxQ8sk=; b=f9hA/w7wGsv7z9iWtaJTQBG465 9yqj6a3TrG0AVkQvOQyerPQIwJ2dGNiKWL+ewvTrQbXSKaRB7e/uiYBXK0HSbvfLebQnWDOKKmxlL 02EwANFqHzxbYwqQwPtCEHBpEj9GYHku1UEH0Du5cRXMhqFzL237XphFYtUbsbk4YzOM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Message-Id: Date: Wed, 17 Apr 2024 19:24:43 +0000 commit d7b6631ca84829bd696dc50cddc6dc0419acd3de Author: Andrew Cooper AuthorDate: Tue Mar 26 22:43:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Right now, they're all bytes, but MSR_SPEC_CTRL has been steadily gaining new features. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 45dac88e78e8a2d9d8738eef884fe6730faf9e67) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/spec_ctrl.c | 2 +- xen/include/asm-x86/current.h | 4 ++-- xen/include/asm-x86/spec_ctrl.h | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 19a148ee32..badfed87ae 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -61,14 +61,14 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ .macro svm_vmentry_spec_ctrl mov VCPU_arch_msrs(%rbx), %rax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_last_spec_ctrl(%rsp), %edx mov VCPUMSR_spec_ctrl_raw(%rax), %eax cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM @@ -128,14 +128,14 @@ __UNLIKELY_END(nsvm_hap) * safe to use. The guest's setting resides in the VMCB. */ .macro svm_vmexit_spec_ctrl - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_last_spec_ctrl(%rsp), %edx cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 008d76a6e1..9250eb1839 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -52,7 +52,7 @@ ENTRY(vmx_asm_vmexit_handler) */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax xor %edx, %edx wrmsr .endm diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index d2fef8d1ba..381ce21557 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -66,7 +66,7 @@ bool __read_mostly opt_branch_harden = true; static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __read_mostly default_xen_spec_ctrl; +unsigned int __read_mostly default_xen_spec_ctrl; uint8_t __read_mostly default_scf; paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 138ad63165..2641573d52 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -55,8 +55,8 @@ struct cpu_info { /* See asm-x86/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; - uint8_t xen_spec_ctrl; - uint8_t last_spec_ctrl; + unsigned int xen_spec_ctrl; + unsigned int last_spec_ctrl; uint8_t scf; /* SCF_* */ /* diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index dfe7b37795..0e28851507 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -94,7 +94,7 @@ extern int8_t opt_l1d_flush; extern bool opt_branch_harden; extern bool bsp_delay_spec_ctrl; -extern uint8_t default_xen_spec_ctrl; +extern unsigned int default_xen_spec_ctrl; extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 741915d90c..c66be1f94b 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -217,10 +217,10 @@ setnz %al not %eax and %al, STACK_CPUINFO_FIELD(scf)(%r14) - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else andb $~SCF_use_shadow, CPUINFO_scf(%rsp) - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax .endif wrmsr @@ -418,7 +418,7 @@ /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr .L\@_skip_msr_spec_ctrl: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:24:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:24:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707724.1105913 (Exim 4.92) (envelope-from ) id 1rxAtr-0002E5-CI; Wed, 17 Apr 2024 19:24:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707724.1105913; Wed, 17 Apr 2024 19:24:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtr-0002Dy-9S; Wed, 17 Apr 2024 19:24:55 +0000 Received: by outflank-mailman (input) for mailman id 707724; Wed, 17 Apr 2024 19:24:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtp-0002Dn-W8 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAtp-0004iz-VI for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAtp-0008Nl-Ua for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:24:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4pBVpVUOsze1FXr3TOa3d+Zb74f7d5jmzeLh0sQLKCY=; b=t5BPteYDJCAwxB7op6XZNPxzrt IG7G+e1lxcV3P1/E/4qvs3J9CUs44w9BwuWhk5fzfWbyQcNIFk3zuf+HWgAxEPNq3O2B5DtTG3vTo xql/rOWEf4Av/AF9o2E/gv97AsV3KVvfP3cHF0JCQPexNeQqZl0Qx09dI5C/LTjxsf0E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86: Use indirect calls in reset-stack infrastructure Message-Id: Date: Wed, 17 Apr 2024 19:24:53 +0000 commit 768ee6d99e2bb1ba315fc7244abf502fe5c16cea Author: Andrew Cooper AuthorDate: Fri Dec 22 17:44:48 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86: Use indirect calls in reset-stack infrastructure Mixing up JMP and CALL indirect targets leads a very fun form of speculative type confusion. A target which is expecting to be called CALLed needs a return address on the stack, and an indirect JMP doesn't place one there. An indirect JMP which predicts to a target intending to be CALLed can end up with a RET speculatively executing with a value from the JMPers stack frame. There are several ways get indirect JMPs in Xen. * From tailcall optimisations. These are safe because the compiler has arranged the stack to point at the callee's return address. * From jump tables. These are unsafe, but Xen is built with -fno-jump-tables to work around several compiler issues. * From reset_stack_and_jump_ind(), which is particularly unsafe. Because of the additional stack adjustment made, the value picked up off the stack is regs->r15 of the next vCPU to run. In order to mitigate this type confusion, we want to make all indirect targets be CALL targets, and remove the use of indirect JMP except via tailcall optimisation. Luckily due to XSA-348, all C target functions of reset_stack_and_jump_ind() are noreturn. {svm,vmx}_do_resume() exits via reset_stack_and_jump(); a direct JMP with entirely different prediction properties. idle_loop() is an infinite loop which eventually exits via reset_stack_and_jump_ind() from a new schedule. i.e. These paths are all fine having one extra return address on the stack. This leaves continue_pv_domain(), which is expecting to be a JMP target. Alter it to strip the return address off the stack, which is safe because there isn't actually a RET expecting to return to its caller. This allows us change reset_stack_and_jump_ind() to reset_stack_and_call_ind() in order to mitigate the speculative type confusion. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8e186f98ce0e35d1754ec9299da41ec98873b65c) --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/x86_64/entry.S | 8 ++++++++ xen/include/asm-x86/current.h | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 684d105862..59b3e039cb 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2085,12 +2085,12 @@ void context_switch(struct vcpu *prev, struct vcpu *next) /* Ensure that the vcpu has an up-to-date time base. */ update_vcpu_system_time(next); - reset_stack_and_jump_ind(nextd->arch.ctxt_switch->tail); + reset_stack_and_call_ind(nextd->arch.ctxt_switch->tail); } void continue_running(struct vcpu *same) { - reset_stack_and_jump_ind(same->domain->arch.ctxt_switch->tail); + reset_stack_and_call_ind(same->domain->arch.ctxt_switch->tail); } int __sync_local_execstate(void) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 8f07eb0877..e677071610 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -583,6 +583,14 @@ ENTRY(dom_crash_sync_extable) #ifdef CONFIG_PV ENTRY(continue_pv_domain) ENDBR64 + + /* + * For speculative type confusion reasons, we're CALLed rather than + * JMPed to. Drop the return address. + */ + add $8, %rsp + ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK + call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 2641573d52..a0e7dbeaf9 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -197,8 +197,8 @@ unsigned long get_stack_dump_bottom (unsigned long sp); switch_stack_and_jump(fn, "jmp %c", "i") /* The constraint may only specify non-call-clobbered registers. */ -#define reset_stack_and_jump_ind(fn) \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b") +#define reset_stack_and_call_ind(fn) \ + switch_stack_and_jump(fn, "INDIRECT_CALL %", "b") /* * Which VCPU's state is currently running on each CPU? -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:25:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:25:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707725.1105917 (Exim 4.92) (envelope-from ) id 1rxAu1-0002HZ-Dm; Wed, 17 Apr 2024 19:25:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707725.1105917; Wed, 17 Apr 2024 19:25:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAu1-0002HR-B8; Wed, 17 Apr 2024 19:25:05 +0000 Received: by outflank-mailman (input) for mailman id 707725; Wed, 17 Apr 2024 19:25:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAu0-0002HE-2Z for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAu0-0004jh-1v for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAu0-0008OW-1J for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5YaG/34LwUgMhPyF8Ml/LH3ReepPr7RS2U0yqKwtyK0=; b=XldDs3FJ7QQzU1B/q50c7FgSVM G22ajsfklQvTFbsVPQ/hm6VaoIYEdJNf2RiSkRf71ydz6BfccHUm1btmC2gdHVlVKwABf5t6yUyKm OkhDwR80V8hEUmpOUTzLepbk+VCBa2MquVZmeRRs3iTDteT/tBXu3zYZZpL9kaobzVZI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86: Drop INDIRECT_JMP Message-Id: Date: Wed, 17 Apr 2024 19:25:04 +0000 commit 012c26451ab679256616e4b289ce2ab911d19c9e Author: Andrew Cooper AuthorDate: Fri Dec 22 18:01:37 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86: Drop INDIRECT_JMP Indirect JMPs which are not tailcalls can lead to an unwelcome form of speculative type confusion, and we've removed the uses of INDIRECT_JMP to compensate. Remove the temptation to reintroduce new instances. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0b66d7ce3c0290eaad28bdafb35200052d012b14) --- xen/include/asm-x86/asm-defns.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/xen/include/asm-x86/asm-defns.h b/xen/include/asm-x86/asm-defns.h index 8bd9007731..7e22fcb9c0 100644 --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -20,10 +20,9 @@ .byte 0x0f, 0x01, 0xdd .endm -.macro INDIRECT_BRANCH insn:req arg:req +.macro INDIRECT_CALL arg:req /* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. + * Create an indirect call. arg is a single register. * * With no compiler support, this degrades into a plain indirect call/jmp. * With compiler support, dispatch to the correct __x86_indirect_thunk_* @@ -33,7 +32,7 @@ $done = 0 .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg + call __x86_indirect_thunk_r\reg $done = 1 .exitm .endif @@ -44,19 +43,10 @@ .endif .else - \insn *\arg + call *\arg .endif .endm -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp \arg -.endm - #ifdef CONFIG_XEN_IBT # define ENDBR64 endbr64 #else -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:25:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:25:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707726.1105920 (Exim 4.92) (envelope-from ) id 1rxAuB-0002L0-Ey; Wed, 17 Apr 2024 19:25:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707726.1105920; Wed, 17 Apr 2024 19:25:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuB-0002Kt-CX; Wed, 17 Apr 2024 19:25:15 +0000 Received: by outflank-mailman (input) for mailman id 707726; Wed, 17 Apr 2024 19:25:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuA-0002Kl-5a for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuA-0004jx-4q for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAuA-0008P3-4H for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xGxo11Fj5sKSxJgA+7epAzs/bH6JlPjwBOW6qIle7QI=; b=VpPTAL6nOOB3GeFef4UaK/+5EB FLPHfPHWJKefRz+TVv9VgG1+ar1aHf5l+5t1F9sEe/6PzT9Szla0ziFYWKmQKBY0GZiIeeFhhlP/b 89+tQTTjTUuIbmHUiz26wDlmngza/vi2YqIddGqfgIywTc3RfU2ZtWPmqOwV3F7Hxo/0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/tsx: Expose RTM_ALWAYS_ABORT to guests Message-Id: Date: Wed, 17 Apr 2024 19:25:14 +0000 commit 1baac154c4fbf3ed33d9d027cd316c51ebe3adcc Author: Andrew Cooper AuthorDate: Sat Apr 6 20:36:54 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/tsx: Expose RTM_ALWAYS_ABORT to guests A TSX Abort is one option mitigate Native-BHI, but a guest kernel doesn't get to see this if Xen has turned RTM off using MSR_TSX_{CTRL,FORCE_ABORT}. Therefore, the meaning of RTM_ALWAYS_ABORT has been adjusted to "XBEGIN won't fault", and it should be exposed to guests so they can make a better decision. Expose it in the max policy for any RTM-capable system. Offer it by default only if RTM has been disabled. Update test-tsx to account for this new meaning. While adjusting the logic in test_guest_policies(), take the opportunity to use feature names (now they're available) to make the logic easier to follow. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c94e2105924347de0d9f32065370e802a20cc829) --- xen/arch/x86/cpu-policy.c | 20 ++++++++++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index c98b8fc93a..8424b3cff8 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -457,6 +457,21 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) raw_cpu_policy.feat.clwb ) __set_bit(X86_FEATURE_CLWB, fs); } + + /* + * To mitigate Native-BHI, one option is to use a TSX Abort on capable + * systems. This is safe even if RTM has been disabled for other reasons + * via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel doesn't get to + * know this type of information. + * + * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to instead + * mean "XBEGIN won't fault". This is enough for a guest kernel to make + * an informed choice WRT mitigating Native-BHI. + * + * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT. + */ + if ( test_bit(X86_FEATURE_RTM, fs) ) + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -517,9 +532,14 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) * function as expected, but is technically compatible with the ISA. * * Do not advertise RTM to guests by default if it won't actually work. + * Instead, advertise RTM_ALWAYS_ABORT indicating that TSX Aborts are safe + * to use, e.g. for mitigating Native-BHI. */ if ( rtm_disabled ) + { __clear_bit(X86_FEATURE_RTM, fs); + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); + } } static void __init guest_common_feature_adjustments(uint32_t *fs) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 0139c1a81f..662f4e4193 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -274,7 +274,7 @@ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a VP2INTERSECT{D,Q} insns */ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A VERW clears microarchitectural buffers */ -XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! June 2021 TSX defeaturing in microcode. */ +XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! RTM disabled (but XBEGIN wont fault) */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*a SERIALIZE insn */ XEN_CPUFEATURE(HYBRID, 9*32+15) /* Heterogeneous platform */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:25:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:25:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707727.1105925 (Exim 4.92) (envelope-from ) id 1rxAuL-0002Np-Gp; Wed, 17 Apr 2024 19:25:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707727.1105925; Wed, 17 Apr 2024 19:25:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuL-0002Ni-E2; Wed, 17 Apr 2024 19:25:25 +0000 Received: by outflank-mailman (input) for mailman id 707727; Wed, 17 Apr 2024 19:25:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuK-0002NU-9C for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuK-0004kD-8O for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAuK-0008Pb-7T for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JkTojPdPAqroHHZnIRZCpZO/GhBZIAtkT1SnIAqpz7s=; b=xX0RJxOG1vIM9kx8Tv9O5oHFYr aBgMVQsrCr7qJu5lu/HhQ3M4QE0TvudXsnmtUyYqp/VDO/M56/JJSIEVu1m6nJdKmx3oL/Q86TN7+ 68t83o5pJuP97WaBkM+h4eP8lmtxBR5ZutN8864eEdUJ2w81o1nLxr9iKoS6dl8GHxB4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Message-Id: Date: Wed, 17 Apr 2024 19:25:24 +0000 commit 041f939e13b5c07434b3523323b97ecc2881bcf4 Author: Andrew Cooper AuthorDate: Tue Mar 26 19:01:37 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Introduce a "bhi-dis-s" boolean to match the other options we have for MSR_SPEC_CTRL values. Also introduce bhi_calculations(). Use BHI_DIS_S whenever possible. Guests which are levelled to be migration compatible with older CPUs can't see BHI_DIS_S, and Xen must fill in the difference to make the guest safe. Use the virt MSR_SPEC_CTRL infrastructure to force BHI_DIS_S behind the guest's back. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 62a1106415c5e8a49b45147ca84d54a58d471343) --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/spec_ctrl.c | 24 +++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl.h | 1 + 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 5e63e3d822..b4e96f407c 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2189,7 +2189,8 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). > {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, -> unpriv-mmio,gds-mit,div-scrub,lock-harden}= ]` +> unpriv-mmio,gds-mit,div-scrub,lock-harden, +> bhi-dis-s}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2268,6 +2269,11 @@ option can be used to force or prevent Xen using the feature itself. By default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by default. +On hardware supporting BHI_DIS_S (Branch History Injection Disable +Supervisor), the `bhi-dis-s=` option can be used to force or prevent Xen using +the feature itself. By default Xen will use BHI_DIS_S on hardware susceptible +to Branch History Injection. + On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` option can be used to force (the default) or prevent Xen from issuing branch prediction barriers on vcpu context switches. diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index f15baef8ad..c4d401b56b 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -58,6 +58,7 @@ #include #include #include +#include #include static bool_t __initdata opt_force_ept; @@ -642,6 +643,22 @@ static void vmx_cpuid_policy_changed(struct vcpu *v) vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } + if ( cpu_has_vmx_virt_spec_ctrl ) + { + /* + * If we're on BHI_DIS_S capable hardware, the short loop sequence is + * not sufficient to mitigate Native-BHI. If the VM can't see it + * (i.e. it's levelled with older hardware), force it behind the + * guests back for safey. + * + * Because there's not a real Host/Guest split of the MSR_SPEC_CTRL + * value, this only works as expected when Xen is using BHI_DIS_S too. + */ + bool force_bhi_dis_s = opt_bhi_dis_s && !cp->feat.bhi_ctrl; + + __vmwrite(SPEC_CTRL_MASK, force_bhi_dis_s ? SPEC_CTRL_BHI_DIS_S : 0); + } + /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ if ( cp->feat.ibrsb || cp->extd.ibpb ) vmx_clear_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 381ce21557..02a327bf32 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -58,6 +58,7 @@ static int8_t __initdata opt_ibrs = -1; int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; +int8_t __read_mostly opt_bhi_dis_s = -1; int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; @@ -274,6 +275,8 @@ static int __init parse_spec_ctrl(const char *s) opt_ssbd = val; else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) opt_psfd = val; + else if ( (val = parse_boolean("bhi-dis-s", s, ss)) >= 0 ) + opt_bhi_dis_s = val; /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) @@ -508,7 +511,7 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -525,6 +528,8 @@ static void __init print_details(enum ind_thunk thunk) (!boot_cpu_has(X86_FEATURE_PSFD) && !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", + !boot_cpu_has(X86_FEATURE_BHI_CTRL) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_BHI_DIS_S) ? " BHI_DIS_S+" : " BHI_DIS_S-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -1543,6 +1548,21 @@ static void __init gds_calculations(void) } } +/* + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + */ +static void __init bhi_calculations(void) +{ + if ( opt_bhi_dis_s == -1 ) + opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + + if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) + opt_bhi_dis_s = false; + + if ( opt_bhi_dis_s ) + default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; +} + void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); @@ -2038,6 +2058,8 @@ void __init init_speculation_mitigations(void) gds_calculations(); + bhi_calculations(); + print_details(thunk); /* diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 0e28851507..449419e4f9 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -89,6 +89,7 @@ static always_inline void spec_ctrl_new_guest_context(void) extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; +extern int8_t opt_bhi_dis_s; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; extern bool opt_branch_harden; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:25:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:25:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707728.1105929 (Exim 4.92) (envelope-from ) id 1rxAuV-0002RE-KL; Wed, 17 Apr 2024 19:25:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707728.1105929; Wed, 17 Apr 2024 19:25:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuV-0002R6-He; Wed, 17 Apr 2024 19:25:35 +0000 Received: by outflank-mailman (input) for mailman id 707728; Wed, 17 Apr 2024 19:25:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuU-0002Qv-C6 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuU-0004kK-BP for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAuU-0008Q6-Al for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=icwScYNGs0PFb4IEcItQlct7tz7EpXkdT51nXnuH+y8=; b=NBCDfypIHFS733dA6Jausg03kJ UCtNMOlU3E2c2AvtLShneOTmg2im/52JctReN88uEwlINBgT66fC84yUqWi90kTsSBYV8TW7XQalk hjDQ3r5s0i+k/mGQ9g4rN3iHuacOtgtXXuTZXl4/nGIblebngitJ9LbjVE7crUxIsmX0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Software BHB-clearing sequences Message-Id: Date: Wed, 17 Apr 2024 19:25:34 +0000 commit 3419b2a8fd0965b87b83aa314555a50059428df6 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Software BHB-clearing sequences Implement clear_bhb_{tsx,loops}() as per the BHI guidance. The loops variant is set up as the "short" sequence. Introduce SCF_entry_bhb and extend SPEC_CTRL_ENTRY_* with a conditional call to selected clearing routine. Note that due to a limitation in the ALTERNATIVE capability, the TEST/JZ can't be included alongside a CALL in a single alternative block. This is going to require further work to untangle. The BHB sequences (if used) must be after the restoration of Xen's MSR_SPEC_CTRL value, which must be accounted for when judging whether it is safe to skip the safety LFENCEs. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 954c983abceee97bf5f6230b9ae164f2c49a9aa9) --- xen/arch/x86/Makefile | 1 + xen/arch/x86/bhb-thunk.S | 98 +++++++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/vmx/entry.S | 12 +++++ xen/arch/x86/spec_ctrl.c | 39 ++++++++------- xen/include/asm-x86/cpufeature.h | 3 ++ xen/include/asm-x86/cpufeatures.h | 3 ++ xen/include/asm-x86/spec_ctrl.h | 3 +- xen/include/asm-x86/spec_ctrl_asm.h | 30 ++++++++++++ 8 files changed, 171 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 9389501645..417accd622 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -12,6 +12,7 @@ alternative-y := alternative.init.o alternative-$(CONFIG_LIVEPATCH) := obj-bin-y += $(alternative-y) obj-y += apic.o +obj-y += bhb-thunk.o obj-y += bitops.o obj-bin-y += bzimage.init.o obj-bin-y += clear_page.o diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S new file mode 100644 index 0000000000..f52cfb9bc2 --- /dev/null +++ b/xen/arch/x86/bhb-thunk.S @@ -0,0 +1,98 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Branch History Injection clearing sequences. + * + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + * + * Copyright (c) 2023, 2024 XenServer. + */ + .file __FILE__ + +#include + + .section .text.entry, "ax", @progbits + +/* + * Clear the Branch History Buffer using a TSX Abort. + * + * Any TSX Abort has a side effect of clearing the BHB, even when TSX is + * disabled for e.g. TAA mitigation reasons. + */ +ENTRY(clear_bhb_tsx) + .byte 0xc7, 0xf8; .long 1f - 0f /* xbegin 1f */ +0: .byte 0xc6, 0xf8, 0 /* xabort $0 */ + int3 +1: + ret + + .size clear_bhb_tsx, . - clear_bhb_tsx + .type clear_bhb_tsx, @function + +/* + * Clear the Branch History Buffer using the software sequence. + * + * Clobbers: %eax, %ecx + * + * This executes a specific number of taken branches, sufficient to displace + * all prior entries in the history tracker, therefore removing prior + * influence on subsequent BTB lookups. + * + * Structurally, it looks like this: + * + * call 1 + * call 2 + * ... 5x jmp loop + * call 2 + * ... 5x jmp loop + * ... 5x call2's deep + * + * ret + * ret + * ret + * ret + * + * The CALL/RETs are necessary to prevent the Loop Stream Detector from + * interfering. The alignment is for performance and not safety. + * + * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire + * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + */ +ENTRY(clear_bhb_loops) + mov $5, %ecx + + call 1f + jmp 5f + int3 + + .align 64 +1: call 2f + ret + int3 + + .align 64 +2: mov $5, %eax + +3: jmp 4f + int3 + +4: sub $1, %eax + jnz 3b + + sub $1, %ecx + jnz 1b + + ret +5: + /* + * The Intel sequence has an LFENCE here. The purpose is to ensure + * that all prior branches have executed, before dispatching a + * subsequent indirect branch. + * + * Xen's SPEC_CTRL_ENTRY_* blocks have safety LFENCEs at the end when + * protections are active, which suffices for this purpose. + */ + + ret + + .size clear_bhb_loops, . - clear_bhb_loops + .type clear_bhb_loops, @function diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 9250eb1839..1092d1918c 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -57,6 +57,18 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, CPUINFO_scf(%rsp) + jz .L_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 02a327bf32..77878d7f56 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2080,38 +2080,43 @@ void __init init_speculation_mitigations(void) /* * SPEC_CTRL_ENTRY_FROM_PV conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we're not using any prior conditional mitigation, - * then it's safe to drop the LFENCE. + * Otherwise, DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we do have it, or we're not using any + * prior conditional block, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); /* * SPEC_CTRL_ENTRY_FROM_INTR conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we have no protections active in the block that - * is skipped when interrupting guest context, then it's safe to drop - * the LFENCE. + * Otherwise DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we have it, or we have no protections + * active in the block that is skipped when interrupting guest + * context, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && - !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); /* * SPEC_CTRL_ENTRY_FROM_VMX conditional safety * - * Currently there are no safety actions with conditional branches, so - * no need for the extra safety LFENCE. + * A BHB sequence, if used, is the only conditional action, so if we + * don't have it, we don't need the safety LFENCE. */ - setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + if ( !cpu_has_bhb_seq ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } /* diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 892af11384..fd43408d35 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -178,6 +178,9 @@ /* Bugs. */ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) +#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ + boot_cpu_has(X86_SPEC_BHB_LOOPS)) + enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 0ca203530d..4df8f19d8a 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -55,5 +55,8 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ #define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ +#define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ +#define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 449419e4f9..7107b25fca 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -36,6 +36,7 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_entry_bhb (1 << 6) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -54,7 +55,7 @@ * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb | SCF_entry_bhb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index c66be1f94b..a5b51579e2 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -285,6 +285,17 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm @@ -323,6 +334,13 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm @@ -423,6 +441,18 @@ .L\@_skip_msr_spec_ctrl: + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + lfence .endm -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:25:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:25:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707729.1105932 (Exim 4.92) (envelope-from ) id 1rxAuf-0002Tv-Lh; Wed, 17 Apr 2024 19:25:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707729.1105932; Wed, 17 Apr 2024 19:25:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuf-0002To-J7; Wed, 17 Apr 2024 19:25:45 +0000 Received: by outflank-mailman (input) for mailman id 707729; Wed, 17 Apr 2024 19:25:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAue-0002Tg-FC for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAue-0004kS-EU for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAue-0008Qa-Do for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Z6eeJxQtIxAEIX7V1sjMClKI9BNmbxktKVqAHMmYcvc=; b=R/ldmuXFqSFonjw0zsyAmgdBwO K/aATAlbRa4ibGnRDnYppjkAHDFqrqYiNZI7f5TfGGIQ1o2gGTRCmIcNwaVQh4793e/fyaBsdl0ER AmEip9bMj/zqsiRaNdigAORPd3cxhZzB+OAdHkt/8nnhClM6+FaPlN3xBGzYEMA54U/g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Wire up the Native-BHI software sequences Message-Id: Date: Wed, 17 Apr 2024 19:25:44 +0000 commit 9efa5f2d3024b8d75030c1a46f29a809b01881c8 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Wire up the Native-BHI software sequences In the absence of BHI_DIS_S, mitigating Native-BHI requires the use of a software sequence. Introduce a new bhb-seq= option to select between avaialble sequences and bhb-entry= to control the per-PV/HVM actions like we have for other blocks. Activate the short sequence by default for PV and HVM guests on affected hardware if BHI_DIS_S isn't present. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 689ad48ce9cf4c38297cd126e7e003a1c13a3b9d) --- docs/misc/xen-command-line.pandoc | 25 +++++-- xen/arch/x86/spec_ctrl.c | 144 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 157 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index b4e96f407c..9cbbffc818 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2186,8 +2186,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, > bhi-dis-s}= ]` @@ -2212,10 +2213,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=` and `ibpb-entry=` options -offer fine grained control over the primitives by Xen. These impact Xen's -ability to protect itself, and/or Xen's ability to virtualise support for -guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=`, `ibpb-entry=` and `bhb-entry=` +options offer fine grained control over the primitives by Xen. These impact +Xen's ability to protect itself, and/or Xen's ability to virtualise support +for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2241,6 +2242,12 @@ guests to use. Return Stack Overflow if appropriate microcode has been loaded, but for performance reasons dom0 is unprotected by default. If it is necessary to protect dom0 too, boot with `spec-ctrl=ibpb-entry`. +* `bhb-entry=` offers control over whether BHB-clearing (Branch History + Buffer) sequences are used on entry to Xen. This is used by default on + hardware vulnerable to Branch History Injection, when the BHI_DIS_S control + is not available (see `bhi-dis-s`). The choice of scrubbing sequence can be + selected using the `bhb-seq=` option. If it is necessary to protect dom0 + too, boot with `spec-ctrl=bhb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` @@ -2248,6 +2255,12 @@ locations. The default thunk is `retpoline` (generally preferred), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and `lfence` (an `lfence; jmp *%reg` gadget). +On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing +sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` +options in order to mitigate Branch History Injection on affected hardware. +The default sequence is `short`, with `tsx` as an alternative available +capable hardware that can be opted in to. + On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. If Xen is not using IBRS itself, functionality is still set up so IBRS can be diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 77878d7f56..555d86882e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -44,6 +44,16 @@ static int8_t __read_mostly opt_ibpb_entry_pv = -1; static int8_t __read_mostly opt_ibpb_entry_hvm = -1; static bool __read_mostly opt_ibpb_entry_dom0; +static int8_t __read_mostly opt_bhb_entry_pv = -1; +static int8_t __read_mostly opt_bhb_entry_hvm = -1; +static bool __read_mostly opt_bhb_entry_dom0; +static enum bhb_thunk { + BHB_DEFAULT, + BHB_NONE, + BHB_TSX, + BHB_SHORT, +} opt_bhb_seq __initdata; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -126,8 +136,12 @@ static int __init parse_spec_ctrl(const char *s) opt_ibpb_entry_pv = 0; opt_ibpb_entry_hvm = 0; opt_ibpb_entry_dom0 = false; + opt_bhb_entry_pv = 0; + opt_bhb_entry_hvm = 0; + opt_bhb_entry_dom0 = false; opt_thunk = THUNK_JMP; + opt_bhb_seq = BHB_NONE; opt_ibrs = 0; opt_ibpb_ctxt_switch = false; opt_ssbd = false; @@ -156,6 +170,7 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_pv = val; opt_verw_pv = val; opt_ibpb_entry_pv = val; + opt_bhb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { @@ -163,6 +178,7 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_verw_hvm = val; opt_ibpb_entry_hvm = val; + opt_bhb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -250,6 +266,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("bhb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_bhb_entry_pv = opt_bhb_entry_hvm = + opt_bhb_entry_dom0 = val; + break; + + case -2: + s += strlen("bhb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_bhb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_bhb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -265,6 +303,19 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + else if ( !strncmp(s, "bhb-seq=", 8) ) + { + s += strlen("bhb-seq="); + + if ( !cmdline_strcmp(s, "none") ) + opt_bhb_seq = BHB_NONE; + else if ( !cmdline_strcmp(s, "tsx") ) + opt_bhb_seq = BHB_TSX; + else if ( !cmdline_strcmp(s, "short") ) + opt_bhb_seq = BHB_SHORT; + else + rc = -EINVAL; + } /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) @@ -511,11 +562,15 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", + opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", + opt_bhb_seq == BHB_NONE ? "" : + opt_bhb_seq == BHB_TSX ? "TSX, " : + opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -554,29 +609,33 @@ static void __init print_details(enum ind_thunk thunk) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -1551,16 +1610,85 @@ static void __init gds_calculations(void) /* * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html */ +static bool __init cpu_has_bug_bhi(void) +{ + /* BHI is only known to affect Intel Family 6 processors at this time. */ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return false; + + if ( boot_cpu_has(X86_FEATURE_BHI_NO) ) + return false; + + if ( cpu_has_hypervisor ) + return true; /* TODO: how to figure out out if we're really eIBRS levelled out? */ + + return cpu_has_eibrs; +} + static void __init bhi_calculations(void) { + bool has_bhi = cpu_has_bug_bhi(); + + /* + * To mitigate BHI, we want to use BHI_DIS_S wherever possible, or the + * short sequence otherwise. Other forms are available on request. + * + * We are repsonsbile for performing default-conversion on opt_bhi_dis_s + * and opt_bhb_seq, irrespective of succeptibility to BHI. + */ + if ( opt_bhi_dis_s == -1 ) - opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + opt_bhi_dis_s = has_bhi; if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) opt_bhi_dis_s = false; if ( opt_bhi_dis_s ) default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; + + if ( opt_bhb_seq == BHB_DEFAULT ) + { + /* + * If we're using BHI_DIS_S, or we're not succeptable, don't activate + * the thunks. + */ + if ( !has_bhi || opt_bhi_dis_s ) + opt_bhb_seq = BHB_NONE; + else + opt_bhb_seq = BHB_SHORT; + } + + /* + * We can use the TSX even if it's disabled for e.g. TAA reasons. + * However, fall back to the loop sequence if there is no trace of RTM at + * all, as XBEGIN will #UD. + */ + if ( opt_bhb_seq == BHB_TSX && !cpu_has_rtm && !cpu_has_rtm_always_abort && + !cpu_has_tsx_force_abort ) + opt_bhb_seq = BHB_SHORT; + + /* + * Only activate SCF_entry_bhb by for guests if a sequence is in place. + */ + if ( opt_bhb_entry_pv == -1 ) + opt_bhb_entry_pv = has_bhi && opt_bhb_seq != BHB_NONE; + if ( opt_bhb_entry_hvm == -1 ) + opt_bhb_entry_hvm = has_bhi && opt_bhb_seq != BHB_NONE; + + switch ( opt_bhb_seq ) + { + case BHB_SHORT: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); + break; + + case BHB_TSX: + setup_force_cpu_cap(X86_SPEC_BHB_TSX); + break; + + default: + break; + } } void spec_ctrl_init_domain(struct domain *d) @@ -1573,9 +1701,13 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); + bool bhb = ((pv ? opt_bhb_entry_pv : opt_bhb_entry_hvm) && + (d->domain_id != 0 || opt_bhb_entry_dom0)); + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | + (bhb ? SCF_entry_bhb : 0) | 0; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:25:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:25:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707730.1105937 (Exim 4.92) (envelope-from ) id 1rxAup-0002XK-P6; Wed, 17 Apr 2024 19:25:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707730.1105937; Wed, 17 Apr 2024 19:25:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAup-0002XC-MQ; Wed, 17 Apr 2024 19:25:55 +0000 Received: by outflank-mailman (input) for mailman id 707730; Wed, 17 Apr 2024 19:25:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuo-0002X2-IG for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuo-0004kZ-Hb for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAuo-0008R3-Gy for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:25:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yZ4xYP7hLkPCl9B94sSSMOnbSw4M6mfU9u/EWQP3ghU=; b=IyPkbyqOn7eryXSHQbEbhn67df sjeRxj08GAV9IK4dn4tNU8cqj0kzudNAQYJ6AqsgSdeRkICgY67KUzZi55+AM/jED4qxFv2tzCE++ fhZ/VmiKaEbixGT68U6cU638hXLLxgrDpuDcNbgJR4tbO5irEc3a0jidCgmp+HBT8sNk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/spec-ctrl: Support the "long" BHB loop sequence Message-Id: Date: Wed, 17 Apr 2024 19:25:54 +0000 commit adc7d540ae9d5e074ac56141a6d6e5462f47e70b Author: Andrew Cooper AuthorDate: Fri Mar 22 19:29:34 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 x86/spec-ctrl: Support the "long" BHB loop sequence Out of an abudnance of caution, implement the long loop too, and allowing for it to be opted in to. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit d5887c0decbd90e798b24ed696628645b04632fb) --- docs/misc/xen-command-line.pandoc | 4 ++-- xen/arch/x86/bhb-thunk.S | 8 ++++++-- xen/arch/x86/spec_ctrl.c | 10 +++++++++- xen/include/asm-x86/cpufeatures.h | 1 + 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 9cbbffc818..2dad1edd59 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2187,7 +2187,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, > {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx|long, > {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, @@ -2259,7 +2259,7 @@ On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` options in order to mitigate Branch History Injection on affected hardware. The default sequence is `short`, with `tsx` as an alternative available -capable hardware that can be opted in to. +capable hardware, and `long` that can be opted in to. On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S index f52cfb9bc2..7e866784f7 100644 --- a/xen/arch/x86/bhb-thunk.S +++ b/xen/arch/x86/bhb-thunk.S @@ -56,9 +56,13 @@ ENTRY(clear_bhb_tsx) * * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + * + * The "long" sequence (12 and 7) is for Alder Lake / Sapphire Rapids + * (i.e. Golden Cove and/or Gracemont cores). However, such CPUs are expected + * to use BHI_DIS_S in preference. */ ENTRY(clear_bhb_loops) - mov $5, %ecx + ALTERNATIVE "mov $5, %ecx", "mov $12, %ecx", X86_SPEC_BHB_LOOPS_LONG call 1f jmp 5f @@ -70,7 +74,7 @@ ENTRY(clear_bhb_loops) int3 .align 64 -2: mov $5, %eax +2: ALTERNATIVE "mov $5, %eax", "mov $7, %eax", X86_SPEC_BHB_LOOPS_LONG 3: jmp 4f int3 diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 555d86882e..6ce2815746 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -52,6 +52,7 @@ static enum bhb_thunk { BHB_NONE, BHB_TSX, BHB_SHORT, + BHB_LONG, } opt_bhb_seq __initdata; /* Cmdline controls for Xen's speculative settings. */ @@ -313,6 +314,8 @@ static int __init parse_spec_ctrl(const char *s) opt_bhb_seq = BHB_TSX; else if ( !cmdline_strcmp(s, "short") ) opt_bhb_seq = BHB_SHORT; + else if ( !cmdline_strcmp(s, "long") ) + opt_bhb_seq = BHB_LONG; else rc = -EINVAL; } @@ -570,7 +573,8 @@ static void __init print_details(enum ind_thunk thunk) opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", opt_bhb_seq == BHB_NONE ? "" : opt_bhb_seq == BHB_TSX ? "TSX, " : - opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", + opt_bhb_seq == BHB_SHORT ? "SHORT, " : + opt_bhb_seq == BHB_LONG ? "LONG, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -1678,6 +1682,10 @@ static void __init bhi_calculations(void) switch ( opt_bhb_seq ) { + case BHB_LONG: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS_LONG); + fallthrough; + case BHB_SHORT: setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); break; diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 4df8f19d8a..6a9df4ae0c 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -57,6 +57,7 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ #define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ +#define X86_SPEC_BHB_LOOPS_LONG X86_BUG(21) /* Upgrade clear_bhb_loops to the "long" sequence. */ /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:26:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:26:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707731.1105940 (Exim 4.92) (envelope-from ) id 1rxAuz-0002aR-QT; Wed, 17 Apr 2024 19:26:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707731.1105940; Wed, 17 Apr 2024 19:26:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuz-0002aJ-Ny; Wed, 17 Apr 2024 19:26:05 +0000 Received: by outflank-mailman (input) for mailman id 707731; Wed, 17 Apr 2024 19:26:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuy-0002a4-LE for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:26:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAuy-0004l9-KX for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:26:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAuy-0008SA-Jo for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:26:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GrUrrr2LAm1sZ/kDgG3p7SO0rafTRUVPVba4HWirz7s=; b=g5rpIuj4080V7PCU+gn21Y0wrv 7Tc61gXyIC6+u5jQHilzriRzaHcX57f2ZSF5zBD6ZApWFJIdXfaPHwbHN6GvrICXndhd++O9fwcnh +uFazl1dLm1aE7aTKsNKkPVXD4/mQZk8T+Df/W6FwcRtjtZqCnP+tIVgbU50aMz7smQ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] Update Xen version to 4.15.6 Message-Id: Date: Wed, 17 Apr 2024 19:26:04 +0000 commit 4e55b32a8d66388bddb21e327f134f14b1a9b004 Author: Andrew Cooper AuthorDate: Wed Mar 27 18:23:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:16:32 2024 +0100 Update Xen version to 4.15.6 Signed-off-by: Andrew Cooper --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index 3df09c361c..2cd249c308 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 15 -export XEN_EXTRAVERSION ?= .5$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .6$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:26:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:26:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707732.1105946 (Exim 4.92) (envelope-from ) id 1rxAvA-0002dN-SW; Wed, 17 Apr 2024 19:26:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707732.1105946; Wed, 17 Apr 2024 19:26:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAvA-0002dD-PN; Wed, 17 Apr 2024 19:26:16 +0000 Received: by outflank-mailman (input) for mailman id 707732; Wed, 17 Apr 2024 19:26:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAv8-0002d0-Ny for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:26:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAv8-0004lK-NH for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:26:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAv8-0008Sh-Md for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:26:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tVRUoQUbqsXT4uEth614gEWjJ7YdHFCDbUokNNidqGU=; b=QaRgT3hwhzEN1OfAlZRByY82nP ABgYLL6O4q4C4A0uRGQ8W1UnBkUhLfQyo6j2krKGpi1Xd1yMXnCHKOK9IUjnMwdjf2SyOvtC9sGE8 IN4kKT90uq0f1yVHV+zRZjRMTH77ckudFnmXbOR1U+lmX0F2IAFyd10v6/5kjfkZ+lSQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/entry: Fix build with older toolchains Message-Id: Date: Wed, 17 Apr 2024 19:26:14 +0000 commit ab125048b9ba462ce70b8dceb28c90fcac9675c3 Author: Andrew Cooper AuthorDate: Tue Apr 9 21:39:51 2024 +0100 Commit: Andrew Cooper CommitDate: Mon Apr 15 11:27:31 2024 +0100 x86/entry: Fix build with older toolchains Binutils older than 2.29 doesn't know INCSSPD. Fixes: 8e186f98ce0e ("x86: Use indirect calls in reset-stack infrastructure") Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini (cherry picked from commit a9fa82500818a8d8ce5f2843f1577bd2c29d088e) --- xen/arch/x86/x86_64/entry.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index e677071610..968176124f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -589,7 +589,9 @@ ENTRY(continue_pv_domain) * JMPed to. Drop the return address. */ add $8, %rsp +#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK +#endif call check_wakeup_from_wait ret_from_intr: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 19:26:27 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 19:26:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707733.1105950 (Exim 4.92) (envelope-from ) id 1rxAvK-0002fm-Tl; Wed, 17 Apr 2024 19:26:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707733.1105950; Wed, 17 Apr 2024 19:26:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAvK-0002fc-Ql; Wed, 17 Apr 2024 19:26:26 +0000 Received: by outflank-mailman (input) for mailman id 707733; Wed, 17 Apr 2024 19:26:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAvI-0002fM-Qp for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:26:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxAvI-0004lR-Q6 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:26:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxAvI-0008TA-PX for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 19:26:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1O1xV5++Ap8ONF8STrfyYsUnDDd/2+yGW89lww4B7Zg=; b=aH2LlUTPARa4vebdgejj9IR4j6 c0aMoCejn0HSaBGbOo31Ns6KLlkXGTTys+Kq+4RBqfyw89F2AQc52cWe5edIdX0sOu8v3+RjiFZAm L5wx9ia327WrO9Tsswq/8smc2jfOOTaeCq5B+/ENtw1lQAvpNwFx79qNSAfQ/C0Iqq+E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.15] x86/vmx: prevent fallthrough in vmx_set_reg() for handled registers Message-Id: Date: Wed, 17 Apr 2024 19:26:24 +0000 commit 0a1c1a01a8028a929d460a966c8f8e7384f5b3a6 Author: Roger Pau Monné AuthorDate: Mon Apr 15 11:22:31 2024 +0100 Commit: Andrew Cooper CommitDate: Mon Apr 15 11:28:15 2024 +0100 x86/vmx: prevent fallthrough in vmx_set_reg() for handled registers vmx_set_reg() logic is split into two parts, the top one handles registers that don't require loading the VMCS into context (ie: don't require a VMWRITE). The second half handles registers that do require the VMCS to be loaded. SPEC_CTRL MSR is handled differently depending on whether there's support for virtualize SPEC_CTRL. Without hardware help for virtualizing SPEC_CTRL the value is handled using MSR load lists, that don't require the VMCS to be loaded. When there's hardware assistance however the value is stored in the VMCS, and requires a VMWRITE. The lack of a return statement when handling SPEC_CTRL in the first half of the function leads to SPEC_CTRL being unconditionally handled as if the host had virtualize SPEC_CTRL, which means Xen will either hit an ASSERT in debug builds, or will attempt to perform a VMWRITE to an unhandled VMCS field if the host doesn't support the virtualize SPEC_CTRL feature. This bug occured because the context wasn't adjusted accordingly to account for the absence commit 0626219dcc6a ("x86/hvm: Drop hvm_{get,set}_guest_bndcfgs() and use {get,set}_regs() instead") in the 4.15 and 4.16 branches. Fix by returning early from the function if the register is handled without requiring the VMCS context to be loaded. Fixes: 295bf24af77c ('x86/vmx: Add support for virtualize SPEC_CTRL') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper (cherry picked from commit cd2df4561edef2c104f46f8d0998e8ccefdf9c5e) --- xen/arch/x86/hvm/vmx/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index c4d401b56b..3b7a57233b 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2524,7 +2524,7 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) __func__, v, reg, rc); domain_crash(d); } - break; + return; } /* Logic which maybe requires remote VMCS acquisition. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.15 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:55:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707807.1106073 (Exim 4.92) (envelope-from ) id 1rxEBE-0004v5-6h; Wed, 17 Apr 2024 22:55:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707807.1106073; Wed, 17 Apr 2024 22:55:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBE-0004ux-3s; Wed, 17 Apr 2024 22:55:04 +0000 Received: by outflank-mailman (input) for mailman id 707807; Wed, 17 Apr 2024 22:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBC-0004ur-FW for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBC-0008MT-Bs for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEBC-00031w-AS for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NLXKZt+X5bI5hCU4AuDWgU38m4/qSxyprhe4H0i76HY=; b=YMBVvQvvQwSQs6zsIAK+Dd/3PV FZV3NJXwSuto7naPYzaCNlhyQ1jGwf5/H5oiC4zjXcTnTsOykoH8IiwHcEF29zx7Jx603DpotKDHY spyX0ul2VnSy5tur0zWn6ZRSjNBTr7fMbmRabzh2ALlQKowMxNE0WSdlfH7CK+1stzRA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Fix BTC/SRSO mitigations Message-Id: Date: Wed, 17 Apr 2024 22:55:02 +0000 commit 28f5ceb0b19b13a7c0ebd125c587e469490ab872 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:47:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Fix BTC/SRSO mitigations We were looking for SCF_entry_ibpb in the wrong variable in the top-of-stack block, and xen_spec_ctrl won't have had bit 5 set because Xen doesn't understand SPEC_CTRL_RRSBA_DIS_U yet. This is XSA-455 / CVE-2024-31142. Fixes: 53a570b28569 ("x86/spec-ctrl: Support IBPB-on-entry") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index ad5ca50c12..d1ca530315 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 6e7725c11f..9416483c0b 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -102,7 +102,7 @@ jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) .endif jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:55:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:55:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707808.1106076 (Exim 4.92) (envelope-from ) id 1rxEBO-0004xE-7i; Wed, 17 Apr 2024 22:55:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707808.1106076; Wed, 17 Apr 2024 22:55:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBO-0004x7-5G; Wed, 17 Apr 2024 22:55:14 +0000 Received: by outflank-mailman (input) for mailman id 707808; Wed, 17 Apr 2024 22:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBM-0004wv-Gn for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBM-0008Md-Fu for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEBM-00032g-EC for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zZi721C3jXppXIloL0LA47NEpcUNKzngPfQ44crwByo=; b=mMvU7GGzYKWL7WBkJCS/DAE0an fFxWF+7MOHeq2jKMPtq5aJK0JttH7DNOuD39Xd68ceChAcL361kVlifd8Kj9fs4Oq5XESp9iFkHU8 PqPBJb7ucO7nZlKKVXg2ObSOm3UaMX9b9Myz1BBHKShtJv0SfgjNY1q0jnFrtxcZ7T3o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Expose IPRED_CTRL to guests Message-Id: Date: Wed, 17 Apr 2024 22:55:12 +0000 commit c5d815f0dd830b24be8a088e286a166f79f8bb73 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:58 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Expose IPRED_CTRL to guests The CPUID feature bit signals the presence of the IPRED_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 4dd6760706848de30f7c8b5f83462b9bcb070c91) --- tools/misc/xen-cpuid.c | 2 +- xen/arch/x86/msr.c | 6 ++++-- xen/include/asm-x86/msr-index.h | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 3 ++- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 0c792679e5..e59e17c722 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -212,7 +212,7 @@ static const char *const str_7d1[32] = static const char *const str_7d2[32] = { - [ 0] = "intel-psfd", + [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 22f86f2785..91b7402fba 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -306,8 +306,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) /* * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have - * separate CPUID features for this functionality, but only set will be - * active. + * separate CPUID features for some of this functionality, but only one + * vendors-worth will be active on a single host. */ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) { @@ -321,6 +321,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | (psfd ? SPEC_CTRL_PSFD : 0) | + (cp->feat.ipred_ctrl + ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index eb6295d8a7..cab836c88f 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -36,6 +36,8 @@ #define SPEC_CTRL_IBRS (_AC(1, ULL) << 0) #define SPEC_CTRL_STIBP (_AC(1, ULL) << 1) #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) +#define SPEC_CTRL_IPRED_DIS_U (_AC(1, ULL) << 3) +#define SPEC_CTRL_IPRED_DIS_S (_AC(1, ULL) << 4) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 7a9d8d05d3..96601c5c20 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -307,6 +307,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 3ad9263221..f68e3ff875 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -317,7 +317,8 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS], + IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, + IPRED_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:55:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:55:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707810.1106081 (Exim 4.92) (envelope-from ) id 1rxEBY-0004zi-9n; Wed, 17 Apr 2024 22:55:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707810.1106081; Wed, 17 Apr 2024 22:55:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBY-0004zb-6k; Wed, 17 Apr 2024 22:55:24 +0000 Received: by outflank-mailman (input) for mailman id 707810; Wed, 17 Apr 2024 22:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBW-0004zQ-KQ for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBW-0008Ms-JF for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEBW-00033E-IH for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1MplaqpE9U2BL2mWBF0+bkCqYHJsg4bdiVF5GjM1HlQ=; b=wEhupjcpLA1B4mR479qrK/plHy j0AVkOugAro3sOZDKODEhdmJThxnhogzNLm1jphuQSDTwYHnkYAhZXh3MOPQLt61wBkHDPILEpsII A76VMz7RiaCiEsTNbuUjg0rUbcwfcSAmguygSxOzgZJPGN67Uz4BIGwQjN/57izuRVNA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Expose RRSBA_CTRL to guests Message-Id: Date: Wed, 17 Apr 2024 22:55:22 +0000 commit 657f8b47577404071a619d84ad1dceb5f28f2025 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:59 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Expose RRSBA_CTRL to guests The CPUID feature bit signals the presence of the RRSBA_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 478e4787fa64b621061177a7843c452e9a19916d) --- tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 2 ++ xen/include/asm-x86/msr-index.h | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 5 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index e59e17c722..9b3378fca7 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -213,6 +213,7 @@ static const char *const str_7d1[32] = static const char *const str_7d2[32] = { [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", + [ 2] = "rrsba-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 91b7402fba..0000d4a4c2 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -323,6 +323,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) (psfd ? SPEC_CTRL_PSFD : 0) | (cp->feat.ipred_ctrl ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | + (cp->feat.rrsba_ctrl + ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index cab836c88f..2380d19558 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -38,6 +38,8 @@ #define SPEC_CTRL_SSBD (_AC(1, ULL) << 2) #define SPEC_CTRL_IPRED_DIS_U (_AC(1, ULL) << 3) #define SPEC_CTRL_IPRED_DIS_S (_AC(1, ULL) << 4) +#define SPEC_CTRL_RRSBA_DIS_U (_AC(1, ULL) << 5) +#define SPEC_CTRL_RRSBA_DIS_S (_AC(1, ULL) << 6) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) #define MSR_PRED_CMD 0x00000049 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 96601c5c20..f4563212d6 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -308,6 +308,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index f68e3ff875..a1742094a9 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -318,7 +318,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL], + IPRED_CTRL, RRSBA_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:55:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:55:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707811.1106084 (Exim 4.92) (envelope-from ) id 1rxEBi-000533-Cb; Wed, 17 Apr 2024 22:55:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707811.1106084; Wed, 17 Apr 2024 22:55:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBi-00052w-A9; Wed, 17 Apr 2024 22:55:34 +0000 Received: by outflank-mailman (input) for mailman id 707811; Wed, 17 Apr 2024 22:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBg-00052k-NS for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBg-0008N6-Ma for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEBg-00033h-Lb for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OENNe/qgK/vX5Txn5FBHGfGC4CEFIaa2ttp33R+TG+g=; b=cnLpIZZntbf4+Ovejhz0VJymtb KaBYLF8vKpQRV9yCHMpjd8i2Xeb+Dhk5JkQDIWLFk51KKqxNsVHxf6WyO9H4KTo2h5tdiP4fXMjeu zthx/fv6gzCJfmeE4Cfqsk7pvqTfR7/IKsCPRsBV00cAO834Nml+V/8WOS4JT2Yrgt8g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Expose BHI_CTRL to guests Message-Id: Date: Wed, 17 Apr 2024 22:55:32 +0000 commit 40d05ac943b8102ac32ee85912a89f9eaf46e850 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:14:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Expose BHI_CTRL to guests The CPUID feature bit signals the presence of the BHI_DIS_S control in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 583f1d0950529f3517b1741c2b21a028a82ba831) --- tools/misc/xen-cpuid.c | 1 + xen/arch/x86/msr.c | 1 + xen/include/asm-x86/msr-index.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/tools/gen-cpuid.py | 2 +- 5 files changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 9b3378fca7..700870f2f9 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -214,6 +214,7 @@ static const char *const str_7d2[32] = { [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", [ 2] = "rrsba-ctrl", + [ 4] = "bhi-ctrl", }; static const char *const str_m10Al[32] = diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 0000d4a4c2..4e67381d9a 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -325,6 +325,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | (cp->feat.rrsba_ctrl ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | + (cp->feat.bhi_ctrl ? SPEC_CTRL_BHI_DIS_S : 0) | 0); } diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 2380d19558..75775452a3 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -41,6 +41,7 @@ #define SPEC_CTRL_RRSBA_DIS_U (_AC(1, ULL) << 5) #define SPEC_CTRL_RRSBA_DIS_S (_AC(1, ULL) << 6) #define SPEC_CTRL_PSFD (_AC(1, ULL) << 7) +#define SPEC_CTRL_BHI_DIS_S (_AC(1, ULL) << 10) #define MSR_PRED_CMD 0x00000049 #define PRED_CMD_IBPB (_AC(1, ULL) << 0) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index f4563212d6..e440b1d07c 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -309,6 +309,7 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index a1742094a9..c4811ad319 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -318,7 +318,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL, RRSBA_CTRL], + IPRED_CTRL, RRSBA_CTRL, BHI_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:55:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:55:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707812.1106089 (Exim 4.92) (envelope-from ) id 1rxEBs-00056H-EQ; Wed, 17 Apr 2024 22:55:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707812.1106089; Wed, 17 Apr 2024 22:55:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBs-00056A-Bh; Wed, 17 Apr 2024 22:55:44 +0000 Received: by outflank-mailman (input) for mailman id 707812; Wed, 17 Apr 2024 22:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBq-00055v-RI for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEBq-0008NM-QX for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEBq-000348-P7 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kiBUE++xludeUwWXAOnHqqkC3QUcjvz7Dg/FtDFUdcM=; b=jGB5aK+cwAKN3cNv92fEzHjDn4 aBXiTbg3ixY8g8blixgbVb4avYDxU/qqeqEglXbCaiiGo8tZmAiz3951kclHtua6m5sW2qbak1etu oXD8Tr4jLgGEYn4kOAVj54kjDNSvoLtGs0qdLaTAwZJJyuscg6FSGVNT1RnIkvvP45Eg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] VMX: tertiary execution control infrastructure Message-Id: Date: Wed, 17 Apr 2024 22:55:42 +0000 commit 24178feda5e90085d34a5b2c70ff66c7671518d1 Author: Jan Beulich AuthorDate: Wed Feb 7 13:46:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 VMX: tertiary execution control infrastructure This is a prereq to enabling e.g. the MSRLIST feature. Note that the PROCBASED_CTLS3 MSR is different from other VMX feature reporting MSRs, in that all 64 bits report allowed 1-settings. vVMX code is left alone, though, for the time being. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 878159bf259bfbd7a40312829f1ea0ce1f6645e2) --- xen/arch/x86/hvm/vmx/vmcs.c | 57 ++++++++++++++++++++++++++++++++++---- xen/arch/x86/hvm/vmx/vmx.c | 6 ++++ xen/include/asm-x86/hvm/vmx/vmcs.h | 13 +++++++++ xen/include/asm-x86/hvm/vmx/vmx.h | 1 + xen/include/asm-x86/msr-index.h | 1 + 5 files changed, 72 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index c2a1d7280d..3402a65cec 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -173,6 +173,7 @@ static int parse_ept_param_runtime(const char *s) u32 vmx_pin_based_exec_control __read_mostly; u32 vmx_cpu_based_exec_control __read_mostly; u32 vmx_secondary_exec_control __read_mostly; +uint64_t vmx_tertiary_exec_control __read_mostly; u32 vmx_vmexit_control __read_mostly; u32 vmx_vmentry_control __read_mostly; u64 vmx_ept_vpid_cap __read_mostly; @@ -236,10 +237,32 @@ static u32 adjust_vmx_controls( return ctl; } -static bool_t cap_check(const char *name, u32 expected, u32 saw) +static uint64_t adjust_vmx_controls2( + const char *name, uint64_t ctl_min, uint64_t ctl_opt, unsigned int msr, + bool *mismatch) +{ + uint64_t vmx_msr, ctl = ctl_min | ctl_opt; + + rdmsrl(msr, vmx_msr); + + ctl &= vmx_msr; /* bit == 0 ==> must be zero */ + + /* Ensure minimum (required) set of control bits are supported. */ + if ( ctl_min & ~ctl ) + { + *mismatch = true; + printk("VMX: CPU%u has insufficient %s (%#lx; requires %#lx)\n", + smp_processor_id(), name, ctl, ctl_min); + } + + return ctl; +} + +static bool cap_check( + const char *name, unsigned long expected, unsigned long saw) { if ( saw != expected ) - printk("VMX %s: saw %#x expected %#x\n", name, saw, expected); + printk("VMX %s: saw %#lx expected %#lx\n", name, saw, expected); return saw != expected; } @@ -249,6 +272,7 @@ static int vmx_init_vmcs_config(bool bsp) u32 _vmx_pin_based_exec_control; u32 _vmx_cpu_based_exec_control; u32 _vmx_secondary_exec_control = 0; + uint64_t _vmx_tertiary_exec_control = 0; u64 _vmx_ept_vpid_cap = 0; u64 _vmx_misc_cap = 0; u32 _vmx_vmexit_control; @@ -282,7 +306,8 @@ static int vmx_init_vmcs_config(bool bsp) opt = (CPU_BASED_ACTIVATE_MSR_BITMAP | CPU_BASED_TPR_SHADOW | CPU_BASED_MONITOR_TRAP_FLAG | - CPU_BASED_ACTIVATE_SECONDARY_CONTROLS); + CPU_BASED_ACTIVATE_SECONDARY_CONTROLS | + CPU_BASED_ACTIVATE_TERTIARY_CONTROLS); _vmx_cpu_based_exec_control = adjust_vmx_controls( "CPU-Based Exec Control", min, opt, MSR_IA32_VMX_PROCBASED_CTLS, &mismatch); @@ -343,6 +368,15 @@ static int vmx_init_vmcs_config(bool bsp) MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); } + if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) + { + uint64_t opt = 0; + + _vmx_tertiary_exec_control = adjust_vmx_controls2( + "Tertiary Exec Control", 0, opt, + MSR_IA32_VMX_PROCBASED_CTLS3, &mismatch); + } + /* The IA32_VMX_EPT_VPID_CAP MSR exists only when EPT or VPID available */ if ( _vmx_secondary_exec_control & (SECONDARY_EXEC_ENABLE_EPT | SECONDARY_EXEC_ENABLE_VPID) ) @@ -473,6 +507,7 @@ static int vmx_init_vmcs_config(bool bsp) vmx_pin_based_exec_control = _vmx_pin_based_exec_control; vmx_cpu_based_exec_control = _vmx_cpu_based_exec_control; vmx_secondary_exec_control = _vmx_secondary_exec_control; + vmx_tertiary_exec_control = _vmx_tertiary_exec_control; vmx_ept_vpid_cap = _vmx_ept_vpid_cap; vmx_vmexit_control = _vmx_vmexit_control; vmx_vmentry_control = _vmx_vmentry_control; @@ -508,6 +543,9 @@ static int vmx_init_vmcs_config(bool bsp) mismatch |= cap_check( "Secondary Exec Control", vmx_secondary_exec_control, _vmx_secondary_exec_control); + mismatch |= cap_check( + "Tertiary Exec Control", + vmx_tertiary_exec_control, _vmx_tertiary_exec_control); mismatch |= cap_check( "VMExit Control", vmx_vmexit_control, _vmx_vmexit_control); @@ -1084,6 +1122,7 @@ static int construct_vmcs(struct vcpu *v) v->arch.hvm.vmx.exec_control |= CPU_BASED_RDTSC_EXITING; v->arch.hvm.vmx.secondary_exec_control = vmx_secondary_exec_control; + v->arch.hvm.vmx.tertiary_exec_control = vmx_tertiary_exec_control; /* * Disable features which we don't want active by default: @@ -1152,6 +1191,10 @@ static int construct_vmcs(struct vcpu *v) __vmwrite(SECONDARY_VM_EXEC_CONTROL, v->arch.hvm.vmx.secondary_exec_control); + if ( cpu_has_vmx_tertiary_exec_control ) + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); + /* MSR access bitmap. */ if ( cpu_has_vmx_msr_bitmap ) { @@ -2071,10 +2114,12 @@ void vmcs_dump_vcpu(struct vcpu *v) vmr(HOST_PERF_GLOBAL_CTRL)); printk("*** Control State ***\n"); - printk("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n", + printk("PinBased=%08x CPUBased=%08x\n", vmr32(PIN_BASED_VM_EXEC_CONTROL), - vmr32(CPU_BASED_VM_EXEC_CONTROL), - vmr32(SECONDARY_VM_EXEC_CONTROL)); + vmr32(CPU_BASED_VM_EXEC_CONTROL)); + printk("SecondaryExec=%08x TertiaryExec=%016lx\n", + vmr32(SECONDARY_VM_EXEC_CONTROL), + vmr(TERTIARY_VM_EXEC_CONTROL)); printk("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl, vmexit_ctl); printk("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n", vmr32(EXCEPTION_BITMAP), diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 54cb0553c2..2cbed4b21e 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -723,6 +723,12 @@ void vmx_update_secondary_exec_control(struct vcpu *v) v->arch.hvm.vmx.secondary_exec_control); } +void vmx_update_tertiary_exec_control(const struct vcpu *v) +{ + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); +} + void vmx_update_exception_bitmap(struct vcpu *v) { u32 bitmap = unlikely(v->arch.hvm.vmx.vmx_realmode) diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 8073af323b..9b246b802b 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -125,6 +125,7 @@ struct vmx_vcpu { /* Cache of cpu execution control. */ u32 exec_control; u32 secondary_exec_control; + uint64_t tertiary_exec_control; u32 exception_bitmap; uint64_t shadow_gs; @@ -207,6 +208,7 @@ void vmx_vmcs_reload(struct vcpu *v); #define CPU_BASED_RDTSC_EXITING 0x00001000 #define CPU_BASED_CR3_LOAD_EXITING 0x00008000 #define CPU_BASED_CR3_STORE_EXITING 0x00010000 +#define CPU_BASED_ACTIVATE_TERTIARY_CONTROLS 0x00020000 #define CPU_BASED_CR8_LOAD_EXITING 0x00080000 #define CPU_BASED_CR8_STORE_EXITING 0x00100000 #define CPU_BASED_TPR_SHADOW 0x00200000 @@ -269,6 +271,14 @@ extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_TSC_SCALING 0x02000000 extern u32 vmx_secondary_exec_control; +#define TERTIARY_EXEC_LOADIWKEY_EXITING BIT(0, UL) +#define TERTIARY_EXEC_ENABLE_HLAT BIT(1, UL) +#define TERTIARY_EXEC_EPT_PAGING_WRITE BIT(2, UL) +#define TERTIARY_EXEC_GUEST_PAGING_VERIFY BIT(3, UL) +#define TERTIARY_EXEC_IPI_VIRT BIT(4, UL) +#define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) +extern uint64_t vmx_tertiary_exec_control; + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -304,6 +314,8 @@ extern u64 vmx_ept_vpid_cap; (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_MSR_BITMAP) #define cpu_has_vmx_secondary_exec_control \ (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) +#define cpu_has_vmx_tertiary_exec_control \ + (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS) #define cpu_has_vmx_ept \ (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) #define cpu_has_vmx_dt_exiting \ @@ -423,6 +435,7 @@ enum vmcs_field { VIRT_EXCEPTION_INFO = 0x0000202a, XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, + TERTIARY_VM_EXEC_CONTROL = 0x00002034, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/include/asm-x86/hvm/vmx/vmx.h b/xen/include/asm-x86/hvm/vmx/vmx.h index 85530d2e0e..5053cdb2c2 100644 --- a/xen/include/asm-x86/hvm/vmx/vmx.h +++ b/xen/include/asm-x86/hvm/vmx/vmx.h @@ -102,6 +102,7 @@ void vmx_update_debug_state(struct vcpu *v); void vmx_update_exception_bitmap(struct vcpu *v); void vmx_update_cpu_exec_control(struct vcpu *v); void vmx_update_secondary_exec_control(struct vcpu *v); +void vmx_update_tertiary_exec_control(const struct vcpu *v); #define POSTED_INTR_ON 0 #define POSTED_INTR_SN 1 diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 75775452a3..9e3291b198 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -317,6 +317,7 @@ #define MSR_IA32_VMX_TRUE_EXIT_CTLS 0x48f #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 #define MSR_IA32_VMX_VMFUNC 0x491 +#define MSR_IA32_VMX_PROCBASED_CTLS3 0x492 /* K7/K8 MSRs. Not complete. See the architecture manual for a more complete list. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:55:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:55:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707813.1106092 (Exim 4.92) (envelope-from ) id 1rxEC2-000592-G1; Wed, 17 Apr 2024 22:55:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707813.1106092; Wed, 17 Apr 2024 22:55:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEC2-00058u-DS; Wed, 17 Apr 2024 22:55:54 +0000 Received: by outflank-mailman (input) for mailman id 707813; Wed, 17 Apr 2024 22:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEC0-00058i-UR for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEC0-0008Nd-Td for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEC0-00034a-Sk for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WqCtjYS0seNalvG7bH9QYG9RW0OMV02oCKCDBOI/ihc=; b=xse8xlX5nHSAB4Fov+CRH5iw3c FaIu3vTczx9A0pKVUIcVpkchDiQDPpFMvigB2sxinA0NaZgbqJNKfUKTOPi1RHdDXQjprX+HD9odc /72rWKa48a+LFa3vV+iveiuOlp4HX4I84qG/pFXPNC8akqVtsjSDcL3QOlfaKl26+/pA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch Message-Id: Date: Wed, 17 Apr 2024 22:55:52 +0000 commit 681edf55641513b789adea6fe219c9b75634f659 Author: Andrew Cooper AuthorDate: Wed Apr 3 17:43:42 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch It turns out there is something wonky on some but not all CPUs with MSR_TSX_FORCE_ABORT. The presence of RTM_ALWAYS_ABORT causes Xen to think it's safe to offer HLE/RTM to guests, but in this case, XBEGIN instructions genuinely #UD. Spot this case and try to back out as cleanly as we can. Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich (cherry picked from commit b33f191e3ca99458fdcea1cb5a29dfa4965d1604) --- xen/arch/x86/tsx.c | 55 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 287812ec2b..2eb797e352 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -1,5 +1,6 @@ #include #include +#include #include /* @@ -9,6 +10,7 @@ * -1 => Default, altered to 0/1 (if unspecified) by: * - TAA heuristics/settings for speculative safety * - "TSX vs PCR3" select for TSX memory ordering safety + * -2 => Implicit tsx=0 (from RTM_ALWAYS_ABORT vs RTM mismatch) * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) * * This is arranged such that the bottom bit encodes whether TSX is actually @@ -122,11 +124,50 @@ void tsx_init(void) if ( cpu_has_tsx_force_abort ) { + uint64_t val; + /* - * On an early TSX-enable Skylake part subject to the memory + * On an early TSX-enabled Skylake part subject to the memory * ordering erratum, with at least the March 2019 microcode. */ + rdmsrl(MSR_TSX_FORCE_ABORT, val); + + /* + * At the time of writing (April 2024), it was discovered that + * some parts (e.g. CoffeeLake 8th Gen, 06-9e-0a, ucode 0xf6) + * advertise RTM_ALWAYS_ABORT, but XBEGIN instructions #UD. Other + * similar parts (e.g. KabyLake Xeon-E3, 06-9e-09, ucode 0xf8) + * operate as expected. + * + * In this case: + * - RTM_ALWAYS_ABORT and MSR_TSX_FORCE_ABORT are enumerated. + * - XBEGIN instructions genuinely #UD. + * - MSR_TSX_FORCE_ABORT appears to be write-discard and fails to + * hold its value. + * - HLE and RTM are not enumerated, despite + * MSR_TSX_FORCE_ABORT.TSX_CPUID_CLEAR being clear. + * + * Spot RTM being unavailable without CLEAR_CPUID being set, and + * treat it as if no TSX is available at all. This will prevent + * Xen from thinking it's safe to offer HLE/RTM to VMs. + */ + if ( val == 0 && cpu_has_rtm_always_abort && !cpu_has_rtm ) + { + printk(XENLOG_ERR + "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RTM_ALWAYS_ABORT vs RTM mismatch\n", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_mask, this_cpu(cpu_sig).rev); + + setup_clear_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + setup_clear_cpu_cap(X86_FEATURE_TSX_FORCE_ABORT); + + if ( opt_tsx < 0 ) + opt_tsx = -2; + + goto done_probe; + } + /* * Probe for the June 2021 microcode which de-features TSX on * client parts. (Note - this is a subset of parts impacted by @@ -136,15 +177,8 @@ void tsx_init(void) * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. */ - if ( !has_rtm_always_abort ) - { - uint64_t val; - - rdmsrl(MSR_TSX_FORCE_ABORT, val); - - if ( val & TSX_ENABLE_RTM ) - has_rtm_always_abort = true; - } + if ( val & TSX_ENABLE_RTM ) + has_rtm_always_abort = true; /* * If no explicit tsx= option is provided, pick a default. @@ -199,6 +233,7 @@ void tsx_init(void) setup_force_cpu_cap(X86_FEATURE_RTM); } } + done_probe: /* * Note: MSR_TSX_CTRL is enumerated on TSX-enabled MDS_NO and later parts. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:56:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:56:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707814.1106096 (Exim 4.92) (envelope-from ) id 1rxECC-0005Bz-Hl; Wed, 17 Apr 2024 22:56:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707814.1106096; Wed, 17 Apr 2024 22:56:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECC-0005Br-Ev; Wed, 17 Apr 2024 22:56:04 +0000 Received: by outflank-mailman (input) for mailman id 707814; Wed, 17 Apr 2024 22:56:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECB-0005Bh-1R for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECB-0008OM-0b for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxECA-00035f-Vg for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WgbZp92ayl5UYSSyAbuHr9GHSKYdYacZgbblsAKelI8=; b=KtFJAIBMTiY80Vehn/GG5qMS8Z rgy/egbgsPwBePHSUWNZxqx1vZz+DoXcCVvcCxRKMW91HVJHJDc97HjlumIC+IrRIcAUekMbcllKu cPYnfW1EC+MOm8vYNawzPRCYukBK5zrwuqjJsR5Fg4lZ95e7742k26TxTBfzj3QiOVqQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] xen/wait: Remove indirect jump Message-Id: Date: Wed, 17 Apr 2024 22:56:02 +0000 commit 4682088e8f884d92eaec70409408b66b49b6d990 Author: Andrew Cooper AuthorDate: Fri Oct 22 16:07:07 2021 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 xen/wait: Remove indirect jump There is no need for this to be an indirect jump at all. Execution always returns to a specific location, so use a direct jump instead. Use a named label for the jump. As both 1 and 2 have disappeared as labels, rename 3 to skip to better describe its purpose. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit f03567bd7e8efc0f667a67905862e6047babdb7a) --- xen/common/wait.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/xen/common/wait.c b/xen/common/wait.c index 24716e7676..9276d76464 100644 --- a/xen/common/wait.c +++ b/xen/common/wait.c @@ -144,18 +144,16 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) "push %%r8; push %%r9; push %%r10; push %%r11;" "push %%r12; push %%r13; push %%r14; push %%r15;" - "call 1f;" - "1: addq $2f-1b,(%%rsp);" "sub %%esp,%%ecx;" "cmp %3,%%ecx;" - "ja 3f;" + "ja .L_skip;" "mov %%rsp,%%rsi;" /* check_wakeup_from_wait() longjmp()'s to this point. */ - "2: rep movsb;" + ".L_wq_resume: rep movsb;" "mov %%rsp,%%rsi;" - "3: pop %%rax;" + ".L_skip:" "pop %%r15; pop %%r14; pop %%r13; pop %%r12;" "pop %%r11; pop %%r10; pop %%r9; pop %%r8;" "pop %%rbp; pop %%rdx; pop %%rbx; pop %%rax" @@ -204,15 +202,14 @@ void check_wakeup_from_wait(void) } /* - * Hand-rolled longjmp(). Returns to the pointer on the top of - * wqv->stack, and lands on a `rep movs` instruction. All other GPRs are - * restored from the stack, so are available for use here. + * Hand-rolled longjmp(). Returns to __prepare_to_wait(), and lands on a + * `rep movs` instruction. All other GPRs are restored from the stack, so + * are available for use here. */ asm volatile ( - "mov %1,%%"__OP"sp; INDIRECT_JMP %[ip]" + "mov %1,%%"__OP"sp; jmp .L_wq_resume;" : : "S" (wqv->stack), "D" (wqv->esp), - "c" ((char *)get_cpu_info() - (char *)wqv->esp), - [ip] "r" (*(unsigned long *)wqv->stack) + "c" ((char *)get_cpu_info() - (char *)wqv->esp) : "memory" ); unreachable(); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:56:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:56:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707815.1106100 (Exim 4.92) (envelope-from ) id 1rxECM-0005FL-L6; Wed, 17 Apr 2024 22:56:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707815.1106100; Wed, 17 Apr 2024 22:56:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECM-0005FE-IU; Wed, 17 Apr 2024 22:56:14 +0000 Received: by outflank-mailman (input) for mailman id 707815; Wed, 17 Apr 2024 22:56:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECL-0005F3-4h for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECL-0008Of-3W for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxECL-000367-2m for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E3k2wDwhDcCQZ+eA/rtdP7h8VM+vU6YCvedxe53FZyc=; b=SlNTvCnuXe5M/oIuYTk3ddLyiJ d+WeBXlszWaU0yysPOezaSguAzFhRHmywx/qIwaBIhItct3F5aM2+w0SBZ2UJ3sLvcJlP/6Axf/Fb rJFk7QxjPYlR/VcRpQy6T2BoewpHsYYAW6ZvLPLHNl5xPi8BGh1VK6EcdceISIcR/FU8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests Message-Id: Date: Wed, 17 Apr 2024 22:56:13 +0000 commit 3e2504256174495cec7fc2288bc7619ae162b699 Author: Andrew Cooper AuthorDate: Tue Apr 9 15:03:05 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests All of these are prediction-mode (i.e. CPL) based. They don't operate as advertised in PV context. Fixes: 4dd676070684 ("x86/spec-ctrl: Expose IPRED_CTRL to guests") Fixes: 478e4787fa64 ("x86/spec-ctrl: Expose RRSBA_CTRL to guests") Fixes: 583f1d095052 ("x86/spec-ctrl: Expose BHI_CTRL to guests") Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 4b3da946ad7e3452761478ae683da842e7ff20d6) --- xen/include/public/arch-x86/cpufeatureset.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index e440b1d07c..5a694e040d 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -307,9 +307,9 @@ XEN_CPUFEATURE(SRSO_NO, 11*32+29) /*A Hardware not vulenrable to Spe /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*S MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*S MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*S MSR_SPEC_CTRL.BHI_DIS_S */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:56:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:56:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707816.1106105 (Exim 4.92) (envelope-from ) id 1rxECW-0005I6-Mk; Wed, 17 Apr 2024 22:56:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707816.1106105; Wed, 17 Apr 2024 22:56:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECW-0005Hy-K6; Wed, 17 Apr 2024 22:56:24 +0000 Received: by outflank-mailman (input) for mailman id 707816; Wed, 17 Apr 2024 22:56:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECV-0005Hq-75 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECV-0008Om-6P for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxECV-00036Y-5a for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7xbEXyb8E+SW2b3XLwYoZQjclneoPgpWdqjPNGdCLzc=; b=AaWVAqqSfEDdIzTTK7vsqGd+mv aQWn00Mdi1JJpQhIjlpICmbVRSuTjLQ4L83sisMlBPdTratRZlfM1Oelm590JVyxXHlKovR9wYSP1 5IimdPWWwbqbawZVgHWquwDfpG2YMl1XhdkEKjJlyaz1RJgLFc7s+TPdQV5TXzmBdRoY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional Message-Id: Date: Wed, 17 Apr 2024 22:56:23 +0000 commit 7db6066d2c4e9facc5095f0681b16bf15ca3a597 Author: Andrew Cooper AuthorDate: Mon Jul 18 14:15:08 2022 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Make svm_vmexit_spec_ctrl conditional The logic was written this way out of an abundance of caution, but the reality is that AMD parts don't currently have the RAS-flushing side effect, nor do they intend to gain it. This removes one WRMSR from the VMExit path by default on Zen2 systems. Fixes: 614cec7d79d7 ("x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c16a9eda77b2089206d5bc39ab6488c3793e11bf) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index d1ca530315..1974eaff97 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -114,15 +114,15 @@ __UNLIKELY_END(nsvm_hap) ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM .macro svm_vmexit_spec_ctrl - /* - * Write to MSR_SPEC_CTRL unconditionally, for the RAS[:32] - * flushing side effect. - */ - mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + cmp %edx, %eax + je 1f /* Skip write if value is correct. */ + mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr mov %al, CPUINFO_last_spec_ctrl(%rsp) +1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:56:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:56:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707817.1106108 (Exim 4.92) (envelope-from ) id 1rxECg-0005Ko-O2; Wed, 17 Apr 2024 22:56:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707817.1106108; Wed, 17 Apr 2024 22:56:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECg-0005Kh-La; Wed, 17 Apr 2024 22:56:34 +0000 Received: by outflank-mailman (input) for mailman id 707817; Wed, 17 Apr 2024 22:56:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECf-0005KY-HN for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECf-0008Ow-9l for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxECf-00036z-96 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JkFpDj8NWWR7oheOVWvpiebJ2vYJ75g7yIoRMNUKwc0=; b=3kpAyX5e5qgBl11hSnpk/mgvuf V0hA6GZLLNIj2j67R6rwVePz10EsUWVRlb84ADtXdRjEg6VbdA65BeTZTTAd00wDf2DVMcS5D4HQm ZdsFj1ez6APkVFd/3j6Nlyk+8z6NwSjPAnwQfJJOLInDTpHTlVg9Gnbxzj9nWae/zXns=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Rename spec_ctrl_flags to scf Message-Id: Date: Wed, 17 Apr 2024 22:56:33 +0000 commit 72103ce234f6f147c20751ae86531ac9b4af921a Author: Andrew Cooper AuthorDate: Thu Mar 28 11:57:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Rename spec_ctrl_flags to scf XSA-455 was ultimately caused by having fields with too-similar names. Both {xen,last}_spec_ctrl are fields containing an architectural MSR_SPEC_CTRL value. The spec_ctrl_flags field contains Xen-internal flags. To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which is also the prefix of the constants used by the fields. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit c62673c4334b3372ebd4292a7ac8185357e7ea27) --- xen/arch/x86/acpi/power.c | 4 ++-- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/setup.c | 2 +- xen/arch/x86/spec_ctrl.c | 18 +++++++++--------- xen/arch/x86/x86_64/asm-offsets.c | 2 +- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 2 +- xen/include/asm-x86/current.h | 2 +- xen/include/asm-x86/domain.h | 2 +- xen/include/asm-x86/spec_ctrl.h | 16 ++++++++-------- xen/include/asm-x86/spec_ctrl_asm.h | 22 +++++++++++----------- 14 files changed, 44 insertions(+), 44 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 1a7baeebe6..4d6650f407 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,7 @@ static int enter_state(u32 state) ci = get_cpu_info(); /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_IST_MASK; + ci->scf &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,7 +290,7 @@ static int enter_state(u32 state) panic("Missing previously available feature(s)\n"); /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); + ci->scf |= (default_scf & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index d5101ff1a6..440f518328 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2092,10 +2092,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the new spec_ctrl settings. */ - info->spec_ctrl_flags = - (info->spec_ctrl_flags & ~SCF_DOM_MASK) | - (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); + /* Update the top-of-stack block with the new speculation settings. */ + info->scf = + (info->scf & ~SCF_DOM_MASK) | + (nextd->arch.scf & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 1974eaff97..73c35bc27d 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index cdde76e138..4ee529c57a 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -111,7 +111,7 @@ UNLIKELY_END(realmode) BUILD_BUG_ON(SCF_verw & ~0xff) movzbl VCPU_vmx_launched(%rbx), %ecx shl $31, %ecx - movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax + movzbl CPUINFO_scf(%rsp), %eax and $SCF_verw, %eax or %eax, %ecx diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 3402a65cec..c5ef01f936 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1388,7 +1388,7 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); - if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + if ( !rc && (d->arch.scf & SCF_entry_ibpb) ) rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, VMX_MSR_HOST); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 5c72cd914a..d39056249e 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2032,7 +2032,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0a7af22a9b..68d505cab5 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -67,7 +67,7 @@ static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; uint8_t __read_mostly default_xen_spec_ctrl; -uint8_t __read_mostly default_spec_ctrl_flags; +uint8_t __read_mostly default_scf; paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; bool __read_mostly cpu_has_bug_l1tf; @@ -1081,7 +1081,7 @@ static void __init ibpb_calculations(void) * NMI/#MC, so can't interrupt Xen ahead of having already flushed the * BTB. */ - default_spec_ctrl_flags |= SCF_ist_ibpb; + default_scf |= SCF_ist_ibpb; } if ( opt_ibpb_entry_hvm ) setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); @@ -1582,7 +1582,7 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); - d->arch.spec_ctrl_flags = + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | 0; @@ -1687,7 +1687,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1698,7 +1698,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1828,7 +1828,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } /* @@ -1851,7 +1851,7 @@ void __init init_speculation_mitigations(void) * possible rogue RSB speculation. */ if ( !cpu_has_svm ) - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } srso_calculations(hw_smt_enabled); @@ -1864,7 +1864,7 @@ void __init init_speculation_mitigations(void) if ( opt_eager_fpu == -1 ) opt_eager_fpu = should_use_eager_fpu(); - /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ + /* (Re)init BSP state now that default_scf has been calculated. */ init_shadow_spec_ctrl_state(); /* @@ -2137,7 +2137,7 @@ void __init init_speculation_mitigations(void) { info->shadow_spec_ctrl = 0; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); } diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 4cd5938d7b..fba82d6436 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -154,7 +154,7 @@ void __dummy__(void) OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); - OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); + OFFSET(CPUINFO_scf, struct cpu_info, scf); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info)); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 3b2fbcd873..fab85eb733 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -164,8 +164,8 @@ ENTRY(compat_restore_all_guest) /* Account for ev/ec having already been popped off the stack. */ SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) + scf=STK_REL(CPUINFO_scf, CPUINFO_rip), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) .Lft0: iretq _ASM_PRE_EXTABLE(.Lft0, handle_exception) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 9b1fa9ed19..029b1efaac 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -683,7 +683,7 @@ UNLIKELY_END(exit_cr3) /* * When the CPU pushed this exception frame, it zero-extended eflags. * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of - * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs, + * scf and ver_sel above eflags, as we can't use any GPRs, * and we're at a random place on the stack, not in a CPUFINFO block. * * Account for ev/ec having already been popped off the stack. diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 8ea4aecc5e..138ad63165 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -57,7 +57,7 @@ struct cpu_info { unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; + uint8_t scf; /* SCF_* */ /* * The following field controls copying of the L4 page table of 64-bit diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h index 92937d9d73..147604fce9 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h @@ -319,7 +319,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ + uint8_t scf; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index a431fea587..8fc350abe2 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -21,10 +21,10 @@ #define __X86_SPEC_CTRL_H__ /* - * Encoding of: - * cpuinfo.spec_ctrl_flags - * default_spec_ctrl_flags - * domain.spec_ctrl_flags + * Encoding of Xen's speculation control flags in: + * cpuinfo.scf + * default_scf + * domain.scf * * Live settings are in the top-of-stack block, because they need to be * accessable when XPTI is active. Some settings are fixed from boot, some @@ -94,7 +94,7 @@ extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; -extern uint8_t default_spec_ctrl_flags; +extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; @@ -114,7 +114,7 @@ static inline void init_shadow_spec_ctrl_state(void) info->shadow_spec_ctrl = 0; info->xen_spec_ctrl = default_xen_spec_ctrl; - info->spec_ctrl_flags = default_spec_ctrl_flags; + info->scf = default_scf; /* * For least latency, the VERW selector should be a writeable data @@ -138,7 +138,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) */ info->shadow_spec_ctrl = val; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); @@ -187,7 +187,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. */ - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 9416483c0b..6e8b447fa5 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -51,7 +51,7 @@ * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow - * boolean in the per cpu spec_ctrl_flags. The synchronous use is: + * boolean in the per cpu scf. The synchronous use is: * * 1) Store guest value in shadow_spec_ctrl * 2) Set the use_shadow boolean @@ -98,11 +98,11 @@ * interrupting Xen. */ .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) .endif jz .L\@_skip @@ -177,8 +177,8 @@ #define STK_REL(field, top_of_stk) ((field) - (top_of_stk)) .macro SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) + scf=STK_REL(CPUINFO_scf, CPUINFO_error_code), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) /* * Requires \scf and \sel as %rsp-relative expressions * Clobbers eflags @@ -233,10 +233,10 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else - andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + andb $~SCF_use_shadow, CPUINFO_scf(%rsp) movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax .endif @@ -255,7 +255,7 @@ mov %eax, CPUINFO_shadow_spec_ctrl(%rsp) /* Set SPEC_CTRL shadowing *before* loading the guest value. */ - orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + orb $SCF_use_shadow, CPUINFO_scf(%rsp) mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx @@ -333,7 +333,7 @@ * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -358,7 +358,7 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx @@ -392,7 +392,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs * Clobbers %rax, %rbx, %rcx, %rdx */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx testb $SCF_ist_sc_msr, %bl jz .L\@_skip_sc_msr -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:56:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:56:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707818.1106112 (Exim 4.92) (envelope-from ) id 1rxECq-0005NQ-Pi; Wed, 17 Apr 2024 22:56:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707818.1106112; Wed, 17 Apr 2024 22:56:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECq-0005NJ-N7; Wed, 17 Apr 2024 22:56:44 +0000 Received: by outflank-mailman (input) for mailman id 707818; Wed, 17 Apr 2024 22:56:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECp-0005N9-Di for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECp-0008P7-Cu for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxECp-00037Q-C9 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TzXPwK5U9agh+ILC3bMThM1L1Jpw0aRZTN/DRwrkou8=; b=CO8M1DEa//LDEw/0sRu3znvc3Y B9b3Xv72itF0JTeh1DTMqhjctXCXsNs+3RyQi4m7yZJtxSIvDkozkxS7/13H0ZGaqFI7EfAkCAwTW SLreQQqNbKYmqjiOfzvhjK6ok6qMD4Fp/giK8tBNCsMDf0/q+NXMcmW0TR9zaqwRfg10=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Message-Id: Date: Wed, 17 Apr 2024 22:56:43 +0000 commit a8bb8926fd046cd7fa880a057b2675f33c1bfe77 Author: Andrew Cooper AuthorDate: Fri Mar 22 11:41:41 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Right now, we have a mix of safety strategies in different blocks, making the logic fragile and hard to follow. Start addressing this by having a safety LFENCE at the end of the blocks, which can be patched out if other safety criteria are met. This will allow us to simplify the sub-blocks. For SPEC_CTRL_ENTRY_FROM_IST, simply leave an LFENCE unconditionally at the end; the IST path is not a fast-path by any stretch of the imagination. For SPEC_CTRL_ENTRY_FROM_INTR, the existing description was incorrect. The IRET #GP path is non-fatal but can occur with the guest's choice of MSR_SPEC_CTRL. It is safe to skip the flush/barrier-like protections when interrupting Xen, but we must run DO_SPEC_CTRL_ENTRY irrespective. This will skip RSB stuffing which was previously unconditional even when interrupting Xen. AFAICT, this is a missing cleanup from commit 3fffaf9c13e9 ("x86/entry: Avoid using alternatives in NMI/#MC paths") where we split the IST entry path out of the main INTR entry path. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 94896de1a98c4289fe6fef9e16ef99fc6ef2efc4) --- xen/arch/x86/hvm/vmx/entry.S | 1 + xen/arch/x86/spec_ctrl.c | 52 +++++++++++++++++++++++++++++++++++++ xen/include/asm-x86/cpufeatures.h | 4 +++ xen/include/asm-x86/spec_ctrl_asm.h | 27 ++++++++++--------- 4 files changed, 72 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 4ee529c57a..8d5b683879 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -43,6 +43,7 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 68d505cab5..695830fc25 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2113,6 +2113,58 @@ void __init init_speculation_mitigations(void) print_details(thunk); + /* + * With the alternative blocks now chosen, see if we need any other + * adjustments for safety. + * + * We compile the LFENCE in, and patch it out if it's not needed. + * + * Notes: + * - SPEC_CTRL_ENTRY_FROM_SVM doesn't need an LFENCE because it has an + * unconditional STGI. + * - SPEC_CTRL_ENTRY_FROM_IST handles its own safety, without the use of + * alternatives. + * - DO_OVERWRITE_RSB has conditional branches in it, but it's an inline + * sequence. It is considered safe for uarch reasons. + */ + { + /* + * SPEC_CTRL_ENTRY_FROM_PV conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we're not using any prior conditional mitigation, + * then it's safe to drop the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); + + /* + * SPEC_CTRL_ENTRY_FROM_INTR conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we have no protections active in the block that + * is skipped when interrupting guest context, then it's safe to drop + * the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); + + /* + * SPEC_CTRL_ENTRY_FROM_VMX conditional safety + * + * Currently there are no safety actions with conditional branches, so + * no need for the extra safety LFENCE. + */ + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + } + /* * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard * any firmware settings. For performance reasons, when safe to do so, we diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 7e8221fd85..6422c66b0f 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -52,5 +52,9 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_BUG_CLFLUSH_MFENCE X86_BUG( 2) /* MFENCE needed to serialise CLFLUSH */ #define X86_BUG_IBPB_NO_RET X86_BUG( 3) /* IBPB doesn't flush the RSB/RAS */ +#define X86_SPEC_NO_LFENCE_ENTRY_PV X86_BUG(16) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_PV. */ +#define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ +#define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 6e8b447fa5..d536a79f28 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -278,25 +278,37 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm /* * Used after an exception or maskable interrupt, hitting Xen or PV context. - * There will either be a guest speculation context, or (barring fatal - * exceptions) a well-formed Xen speculation context. + * There will either be a guest speculation context, or a well-formed Xen + * speculation context, with the exception of one case. IRET #GP handling may + * have a guest choice of MSR_SPEC_CTRL. + * + * Therefore, we can skip the flush/barrier-like protections when hitting Xen, + * but we must still run the mode-based protections. */ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rcx, %rdx */ + testb $3, UREGS_cs(%rsp) + jz .L\@_skip + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV +.L\@_skip: ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm /* @@ -365,18 +377,9 @@ movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr - /* Opencoded UNLIKELY_START() with no condition. */ -UNLIKELY_DISPATCH_LABEL(\@_serialise): - .subsection 1 - /* - * In the case that we might need to set SPEC_CTRL.IBRS for safety, we - * need to ensure that an attacker can't poison the `jz .L\@_skip_wrmsr` - * to speculate around the WRMSR. As a result, we need a dispatch - * serialising instruction in the else clause. - */ .L\@_skip_msr_spec_ctrl: + lfence - UNLIKELY_END(\@_serialise) .endm /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:56:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:56:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707820.1106117 (Exim 4.92) (envelope-from ) id 1rxED0-0005Qm-SU; Wed, 17 Apr 2024 22:56:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707820.1106117; Wed, 17 Apr 2024 22:56:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxED0-0005Qf-Pt; Wed, 17 Apr 2024 22:56:54 +0000 Received: by outflank-mailman (input) for mailman id 707820; Wed, 17 Apr 2024 22:56:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECz-0005QV-Gm for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxECz-0008PI-G3 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxECz-00037r-FE for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:56:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+h0YajXQ2oOBQnahGeDFoECqdUxf9kG2I15bn+kw8DM=; b=Lz96Lhmxmzb1jMuJCfaAJHDvxO jYvr2agNlHjJMqbUlhMbbZJlhZjhnkhqIbnSUfhJb3XO2S0bhVYB6Y0buSb2zjVn088uGa49VpNky AqZQOilER0K3Z2Eb85xsjKpsyFIyz02FJDxmspxc1zMwONTEu5VKjjD7ktvICi+0+sxg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Message-Id: Date: Wed, 17 Apr 2024 22:56:53 +0000 commit 7b56af4be474b6adcb4d9d1fc1fe92bf7eebcae5 Author: Andrew Cooper AuthorDate: Fri Mar 22 15:52:06 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Other SPEC_CTRL_* paths already use %r14 like this, and it will allow for simplifications. All instances of SPEC_CTRL_ENTRY_FROM_PV are followed by a GET_STACK_END() invocation, so this change is only really logic and register shuffling. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22390697bf1b4cd3024f2d10893dec3c3ec08a9c) --- xen/arch/x86/x86_64/compat/entry.S | 4 +++- xen/arch/x86/x86_64/entry.S | 44 +++++++++++++++++++++----------------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index fab85eb733..a32b95f7c3 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,6 +18,8 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, EFRAME_entry_vector(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ @@ -25,7 +27,7 @@ ENTRY(entry_int82) CR4_PV32_RESTORE - GET_CURRENT(bx) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov %rsp, %rdi call do_entry_int82 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 029b1efaac..c52229d032 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -266,21 +266,22 @@ ENTRY(lstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Llstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Llstar_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx testb $TF_kernel_mode,VCPU_thread_flags(%rbx) jz switch_to_kernel @@ -303,23 +304,24 @@ ENTRY(cstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lcstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lcstar_cr3_okay: sti CR4_PV32_RESTORE - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx #ifdef CONFIG_PV32 movq VCPU_domain(%rbx), %rcx @@ -344,23 +346,24 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lsyse_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl @@ -398,17 +401,18 @@ ENTRY(int80_direct_trap) movl $0x80, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lint80_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lint80_cr3_okay: sti @@ -418,7 +422,7 @@ UNLIKELY_START(ne, msi_check) call check_for_unexpected_msi UNLIKELY_END(msi_check) - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov VCPU_trap_ctxt(%rbx), %rsi mov VCPU_domain(%rbx), %rax -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:57:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:57:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707821.1106121 (Exim 4.92) (envelope-from ) id 1rxEDA-0005Tx-UJ; Wed, 17 Apr 2024 22:57:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707821.1106121; Wed, 17 Apr 2024 22:57:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDA-0005Tp-RZ; Wed, 17 Apr 2024 22:57:04 +0000 Received: by outflank-mailman (input) for mailman id 707821; Wed, 17 Apr 2024 22:57:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxED9-0005TY-Jm for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxED9-0008Q6-Iz for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxED9-00039D-II for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=i6VQIoQceGXwGPOKM/RzlI0UHJmnX3AfiRBCns6zqls=; b=rF9fVbZXdSQpfoSuJZGbom7+GP eLnA4DPZ2JgP5AjZmjmhjPcFN2FeEguwQVEqqaU/IfjScrso87af7EapuXBlJDu5R3eS7YJQqnP3K lszkoGxJlm2UyGIDNrP+3C+vfZHmiAnAutnfa6g/Bw4sXbl9jjcCf3ZgORHOkP+hkVf8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} Message-Id: Date: Wed, 17 Apr 2024 22:57:03 +0000 commit 6107fa01870e33ab59969f5f21f959352a3670d5 Author: Andrew Cooper AuthorDate: Fri Mar 22 12:08:02 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} ... as we do in the exit paths too. This will allow simplification to the sub-blocks. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9607aeb6602b8ed9962404de3f5f90170ffddb66) --- xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++++------ xen/include/asm-x86/spec_ctrl_asm.h | 10 +++++++--- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index a32b95f7c3..ff462a92e0 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,7 +20,7 @@ ENTRY(entry_int82) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ sti diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index c52229d032..09f143354e 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -268,7 +268,7 @@ ENTRY(lstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -306,7 +306,7 @@ ENTRY(cstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -348,7 +348,7 @@ GLOBAL(sysenter_eflags_saved) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ @@ -403,7 +403,7 @@ ENTRY(int80_direct_trap) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -704,7 +704,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -738,7 +738,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index d536a79f28..de6a6e4ff1 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -268,9 +268,11 @@ */ .macro SPEC_CTRL_ENTRY_FROM_PV /* - * Requires %rsp=regs/cpuinfo, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs/cpuinfo, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ X86_FEATURE_IBPB_ENTRY_PV @@ -294,8 +296,10 @@ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + testb $3, UREGS_cs(%rsp) jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:57:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:57:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707822.1106125 (Exim 4.92) (envelope-from ) id 1rxEDK-0005Wj-Va; Wed, 17 Apr 2024 22:57:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707822.1106125; Wed, 17 Apr 2024 22:57:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDK-0005Wb-Sz; Wed, 17 Apr 2024 22:57:14 +0000 Received: by outflank-mailman (input) for mailman id 707822; Wed, 17 Apr 2024 22:57:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDJ-0005WS-Ml for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDJ-0008QO-M2 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEDJ-0003AS-LE for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=iEDeOh6unrBM4MdSTZvU3JySNjnKtjEsNsmK2JrVyOE=; b=AOObBWLwWPnOW49g4wu2Jge+jh GssJLlnlyJY+40Rd+nUWOymFQM74ry5eB7Huw0ZJvYGKVHztThW/W7s8K2qUmgQdPNAqV0iMoTKx+ rj3g+hZkRfjRKDErNu1XQzDhG0a3BVGwszCdZI2b1rJDjy9WxaYnXhQNFYLTBHFKJrLE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Simplify DO_COND_IBPB Message-Id: Date: Wed, 17 Apr 2024 22:57:13 +0000 commit 7efe5a0eee0e4f593c064b7f1b106acc74d8c7f9 Author: Andrew Cooper AuthorDate: Fri Mar 22 14:33:17 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Simplify DO_COND_IBPB With the prior refactoring, SPEC_CTRL_ENTRY_{PV,INTR} both load SCF into %ebx, and handle the conditional safety including skipping if interrupting Xen. Therefore, we can drop the maybexen parameter and the conditional safety. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 2378d16a931de0e62c03669169989e9437306abe) --- xen/include/asm-x86/spec_ctrl_asm.h | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index de6a6e4ff1..89edcf62fd 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -87,33 +87,21 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ -.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +.macro DO_COND_IBPB /* - * Requires %rsp=regs (also cpuinfo if !maybexen) - * Requires %r14=stack_end (if maybexen), %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rbx=SCF, %rdx=0 + * Clobbers %rax, %rcx * - * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen - * case, we can safely look at UREGS_cs to skip taking the hit when - * interrupting Xen. + * Conditionally issue IBPB if SCF_entry_ibpb is active. */ - .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) - jz .L\@_skip - testb $3, UREGS_cs(%rsp) - .else - testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) - .endif + testb $SCF_entry_ibpb, %bl jz .L\@_skip mov $MSR_PRED_CMD, %ecx mov $PRED_CMD_IBPB, %eax wrmsr - jmp .L\@_done .L\@_skip: - lfence -.L\@_done: .endm .macro DO_OVERWRITE_RSB tmp=rax xu @@ -273,8 +261,7 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -303,8 +290,7 @@ testb $3, UREGS_cs(%rsp) jz .L\@_skip - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -344,7 +330,7 @@ * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of: - * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_COND_IBPB * DO_OVERWRITE_RSB * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:57:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:57:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707823.1106129 (Exim 4.92) (envelope-from ) id 1rxEDV-0005ZT-0v; Wed, 17 Apr 2024 22:57:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707823.1106129; Wed, 17 Apr 2024 22:57:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDU-0005ZM-UT; Wed, 17 Apr 2024 22:57:24 +0000 Received: by outflank-mailman (input) for mailman id 707823; Wed, 17 Apr 2024 22:57:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDT-0005ZA-PT for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDT-0008Qd-Oo for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEDT-0003At-O6 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=G1WYENd83VG03daCKl8DYO3Xl22IcZs6Ll7hj90VLiU=; b=DV4+N3N46orRzWvIkxgmh+D351 Ir2agG5P3JbPOcnZBMfawbpkVkQANWkozwzNfEfvjV1fSM6ZvMS62LgYRSo/pF/2D1UmFec7Qm729 hqgjhIRd+Ki+5VykzgXAQ2kpsY5nvI6Ct0J8Aool/IAQ0XfG0cXdBawtgoXhZgSkWnjg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* Message-Id: Date: Wed, 17 Apr 2024 22:57:23 +0000 commit ec8f105f9c7744408ddea6b320d55703f9e0f522 Author: Andrew Cooper AuthorDate: Mon Mar 25 11:09:35 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* The complexity is getting out of hand. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 40dea83b75386cb693481cf340024ce093be5c0f) --- xen/arch/x86/hvm/svm/entry.S | 14 +++++++++ xen/arch/x86/hvm/vmx/entry.S | 14 +++++++++ xen/include/asm-x86/spec_ctrl_asm.h | 59 +++++++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 73c35bc27d..19a148ee32 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -100,6 +100,11 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular + * making type-confused RETs safe to use. This is not needed on Zen5 + * and later parts when SRSO_MSR_FIX (BP-SPEC-REDUCE) is in use. + */ .macro svm_vmexit_cond_ibpb testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb @@ -111,8 +116,17 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + /* + * RSB (RAS/RAP) stuffing is to prevents RET predictions following guest + * entries. This is not needed on Zen4 and later, when AutoIBRS is in + * use. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting, making indirect CALLs/JMPs + * safe to use. The guest's setting resides in the VMCB. + */ .macro svm_vmexit_spec_ctrl movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax movzbl CPUINFO_last_spec_ctrl(%rsp), %edx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 8d5b683879..008d76a6e1 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -34,8 +34,22 @@ ENTRY(vmx_asm_vmexit_handler) mov %rax,VCPU_hvm_guest_cr2(%rbx) /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* + * RSB stuffing is to prevents RET predictions following guest + * entries. This is *not* sufficient to flush all RSB entries on + * parts enumerating eIBRS, although the following restore_spec_ctrl + * does covers us. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting. The guest's value resides in + * the MSR load/save list. For Legacy IBRS, this flushes/inhibits + * indirect predictions and does not flush the RSB. For eIBRS, this + * prevents CALLs/JMPs using predictions learnt at a lower predictor + * mode, and it flushes the RSB. On eIBRS parts that also suffer from + * PBRSB, the prior RSB stuffing suffices to make the RSB safe. + */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 89edcf62fd..1cc20e37c2 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -261,10 +261,32 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. + */ ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * This is not needed if SMEP is active and the RSB is full-width. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. The + * guest can't change it's value behind Xen's back. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. + */ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV @@ -287,6 +309,14 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * All safety notes the same as SPEC_CTRL_ENTRY_FROM_PV, although there is + * a conditional jump skipping some actions when interrupting Xen. + * + * On Intel parts, the IRET #GP path ends up here with the guest's choice + * of MSR_SPEC_CTRL. + */ + testb $3, UREGS_cs(%rsp) jz .L\@_skip @@ -337,6 +367,19 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. The SVM path takes care of + * Host/Guest interactions prior to clearing GIF, and it's not used on the + * VMX path. + */ test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -346,6 +389,12 @@ .L\@_skip_ibpb: + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * SCF_ist_rsb is active if either PV or HVM protections are needed. The + * VMX path cannot guarantee to make the RSB safe ahead of taking an IST + * vector. + */ test $SCF_ist_rsb, %bl jz .L\@_skip_rsb @@ -353,6 +402,16 @@ .L\@_skip_rsb: + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. PV + * guests can't change their value behind Xen's back. HVM guests have + * their value stored in the MSR load/save list. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. On eIBRS parts that also + * suffer from PBRSB, the prior RSB stuffing suffices to make the RSB + * safe. + */ test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:57:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:57:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707824.1106134 (Exim 4.92) (envelope-from ) id 1rxEDf-0005c8-2s; Wed, 17 Apr 2024 22:57:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707824.1106134; Wed, 17 Apr 2024 22:57:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDe-0005c0-W2; Wed, 17 Apr 2024 22:57:34 +0000 Received: by outflank-mailman (input) for mailman id 707824; Wed, 17 Apr 2024 22:57:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDd-0005bo-T3 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDd-0008Qk-SJ for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEDd-0003BK-RU for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JO3SnwaoTh0TEkXcjdYg4RJn8MhX/JzD1DBSRMu6aRc=; b=ZtJJZO7QW8r2LdDcGourXhpc+q f9IB9HITyMtF5y6DR6w/KH5Au/TDE0gp6tpUNmVLn+u2mU30tfp9S+HbebyOl3rAoCybcZtTo6tVf bcy5B9gc/r8Fw41EhFrwO3EygnYsC1xGV0XjkrK/vN83MpijN2vFSi/ugjdpYiFC3+s4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/vmx: Add support for virtualize SPEC_CTRL Message-Id: Date: Wed, 17 Apr 2024 22:57:33 +0000 commit 295bf24af77c0556fe023ce727734fd27226b37c Author: Roger Pau Monne AuthorDate: Thu Feb 15 17:46:53 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/vmx: Add support for virtualize SPEC_CTRL The feature is defined in the tertiary exec control, and is available starting from Sapphire Rapids and Alder Lake CPUs. When enabled, two extra VMCS fields are used: SPEC_CTRL mask and shadow. Bits set in mask are not allowed to be toggled by the guest (either set or clear) and the value in the shadow field is the value the guest expects to be in the SPEC_CTRL register. By using it the hypervisor can force the value of SPEC_CTRL bits behind the guest back without having to trap all accesses to SPEC_CTRL, note that no bits are forced into the guest as part of this patch. It also allows getting rid of SPEC_CTRL in the guest MSR load list, since the value in the shadow field will be loaded by the hardware on vmentry. Signed-off-by: Roger Pau Monné Signed-off-by: Andrew Cooper (cherry picked from commit 97c5b8b657e41a6645de9d40713b881234417b49) --- xen/arch/x86/hvm/vmx/vmcs.c | 12 ++++++++- xen/arch/x86/hvm/vmx/vmx.c | 55 ++++++++++++++++++++++++++++++++------ xen/include/asm-x86/hvm/vmx/vmcs.h | 5 ++++ xen/include/asm-x86/msr.h | 7 +++-- 4 files changed, 68 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index c5ef01f936..806604358b 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -210,6 +210,7 @@ static void __init vmx_display_features(void) P(cpu_has_vmx_virt_exceptions, "Virtualisation Exceptions"); P(cpu_has_vmx_pml, "Page Modification Logging"); P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); + P(cpu_has_vmx_virt_spec_ctrl, "Virtualize SPEC_CTRL"); #undef P if ( !printed ) @@ -370,7 +371,7 @@ static int vmx_init_vmcs_config(bool bsp) if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) { - uint64_t opt = 0; + uint64_t opt = TERTIARY_EXEC_VIRT_SPEC_CTRL; _vmx_tertiary_exec_control = adjust_vmx_controls2( "Tertiary Exec Control", 0, opt, @@ -1379,6 +1380,12 @@ static int construct_vmcs(struct vcpu *v) if ( cpu_has_vmx_tsc_scaling ) __vmwrite(TSC_MULTIPLIER, d->arch.hvm.tsc_scaling_ratio); + if ( cpu_has_vmx_virt_spec_ctrl ) + { + __vmwrite(SPEC_CTRL_MASK, 0); + __vmwrite(SPEC_CTRL_SHADOW, 0); + } + /* will update HOST & GUEST_CR3 as reqd */ paging_update_paging_modes(v); @@ -2089,6 +2096,9 @@ void vmcs_dump_vcpu(struct vcpu *v) if ( v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY ) printk("InterruptStatus = %04x\n", vmr16(GUEST_INTR_STATUS)); + if ( cpu_has_vmx_virt_spec_ctrl ) + printk("SPEC_CTRL mask = 0x%016lx shadow = 0x%016lx\n", + vmr(SPEC_CTRL_MASK), vmr(SPEC_CTRL_SHADOW)); printk("*** Host State ***\n"); printk("RIP = 0x%016lx (%ps) RSP = 0x%016lx\n", diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 2cbed4b21e..c86aeeafb2 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -757,23 +757,28 @@ static void vmx_cpuid_policy_changed(struct vcpu *v) /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored. + * + * If VMX_VIRT_SPEC_CTRL is available, it is activated by default and the + * guest MSR_SPEC_CTRL value lives in the VMCS. Otherwise, it lives in + * the MSR load/save list. */ if ( cp->feat.ibrsb ) { vmx_clear_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); - if ( rc ) - goto out; + if ( !cpu_has_vmx_virt_spec_ctrl ) + { + rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); + if ( rc ) + goto out; + } } else { vmx_set_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); - if ( rc && rc != -ESRCH ) - goto out; - rc = 0; /* Tolerate -ESRCH */ + if ( !cpu_has_vmx_virt_spec_ctrl ) + vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ @@ -2583,9 +2588,14 @@ static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) uint64_t val = 0; int rc; + /* Logic which doesn't require remote VMCS acquisition. */ switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - fetched below. */ + break; + rc = vmx_read_guest_msr(v, reg, &val); if ( rc ) { @@ -2594,13 +2604,26 @@ static uint64_t vmx_get_reg(struct vcpu *v, unsigned int reg) domain_crash(d); } return val; + } + + /* Logic which maybe requires remote VMCS acquisition. */ + vmx_vmcs_enter(v); + switch ( reg ) + { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmread(SPEC_CTRL_SHADOW, &val); + break; default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x) Bad register\n", __func__, v, reg); domain_crash(d); - return 0; + break; } + vmx_vmcs_exit(v); + + return val; } static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) @@ -2608,9 +2631,14 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) struct domain *d = v->domain; int rc; + /* Logic which doesn't require remote VMCS acquisition. */ switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - set below. */ + break; + rc = vmx_write_guest_msr(v, reg, val); if ( rc ) { @@ -2619,12 +2647,23 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) domain_crash(d); } break; + } + + /* Logic which maybe requires remote VMCS acquisition. */ + vmx_vmcs_enter(v); + switch ( reg ) + { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmwrite(SPEC_CTRL_SHADOW, val); + break; default: printk(XENLOG_G_ERR "%s(%pv, 0x%08x, 0x%016"PRIx64") Bad register\n", __func__, v, reg, val); domain_crash(d); } + vmx_vmcs_exit(v); } static struct hvm_function_table __initdata vmx_function_table = { diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index 9b246b802b..2b4de99ed4 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -279,6 +279,9 @@ extern u32 vmx_secondary_exec_control; #define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) extern uint64_t vmx_tertiary_exec_control; +#define cpu_has_vmx_virt_spec_ctrl \ + (vmx_tertiary_exec_control & TERTIARY_EXEC_VIRT_SPEC_CTRL) + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -436,6 +439,8 @@ enum vmcs_field { XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, TERTIARY_VM_EXEC_CONTROL = 0x00002034, + SPEC_CTRL_MASK = 0x0000204a, + SPEC_CTRL_SHADOW = 0x0000204c, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/include/asm-x86/msr.h b/xen/include/asm-x86/msr.h index c37b9e771b..a7ad9bd189 100644 --- a/xen/include/asm-x86/msr.h +++ b/xen/include/asm-x86/msr.h @@ -289,8 +289,11 @@ struct vcpu_msrs * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. * - * For VT-x guests, the guest value is held in the MSR guest load/save - * list. + * For VT-x guests, one of two situations exist: + * + * - If hardware supports virtualized MSR_SPEC_CTRL, it is active by + * default and the guest value lives in the VMCS. + * - Otherwise, the guest value is held in the MSR load/save list. * * For SVM, the guest value lives in the VMCB, and hardware saves/restores * the host value automatically. However, guests run with the OR of the -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:57:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:57:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707825.1106138 (Exim 4.92) (envelope-from ) id 1rxEDp-0005fW-5t; Wed, 17 Apr 2024 22:57:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707825.1106138; Wed, 17 Apr 2024 22:57:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDp-0005fP-2c; Wed, 17 Apr 2024 22:57:45 +0000 Received: by outflank-mailman (input) for mailman id 707825; Wed, 17 Apr 2024 22:57:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDn-0005fA-Vw for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDn-0008Qy-VH for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEDn-0003Bl-Uf for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jtiggHqtHb9L1gxaFItqEip/L2sPt8/9PXYOHGpYFLI=; b=FY9nyv3HAQkDUYSnZplBejH454 0nQRUUVsgVyVNexBSe/nJUKk7D8yTjWm2ShmXOzqlrAt4lGTCGDyrV9JlQf4i0L3qiLRLHRZA+JUd 2rj/RbyPfnkNDnvia6Aa88y1blGRkxLXirn7h0PJ3dTWlNNKzSU8g90OyJByFRU5d0Fo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Message-Id: Date: Wed, 17 Apr 2024 22:57:43 +0000 commit cc6d74c001c57c6722c7084d6fa3468bae419150 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:43:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Right now, they're all bytes, but MSR_SPEC_CTRL has been steadily gaining new features. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 45dac88e78e8a2d9d8738eef884fe6730faf9e67) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/spec_ctrl.c | 2 +- xen/include/asm-x86/current.h | 4 ++-- xen/include/asm-x86/spec_ctrl.h | 2 +- xen/include/asm-x86/spec_ctrl_asm.h | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 19a148ee32..badfed87ae 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -61,14 +61,14 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ .macro svm_vmentry_spec_ctrl mov VCPU_arch_msrs(%rbx), %rax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_last_spec_ctrl(%rsp), %edx mov VCPUMSR_spec_ctrl_raw(%rax), %eax cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM @@ -128,14 +128,14 @@ __UNLIKELY_END(nsvm_hap) * safe to use. The guest's setting resides in the VMCB. */ .macro svm_vmexit_spec_ctrl - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_last_spec_ctrl(%rsp), %edx cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 008d76a6e1..9250eb1839 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -52,7 +52,7 @@ ENTRY(vmx_asm_vmexit_handler) */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax xor %edx, %edx wrmsr .endm diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 695830fc25..18e0f87df7 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -66,7 +66,7 @@ static bool __initdata opt_branch_harden = true; static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __read_mostly default_xen_spec_ctrl; +unsigned int __read_mostly default_xen_spec_ctrl; uint8_t __read_mostly default_scf; paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 138ad63165..2641573d52 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -55,8 +55,8 @@ struct cpu_info { /* See asm-x86/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; - uint8_t xen_spec_ctrl; - uint8_t last_spec_ctrl; + unsigned int xen_spec_ctrl; + unsigned int last_spec_ctrl; uint8_t scf; /* SCF_* */ /* diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 8fc350abe2..7048e5ee21 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -93,7 +93,7 @@ extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; -extern uint8_t default_xen_spec_ctrl; +extern unsigned int default_xen_spec_ctrl; extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index 1cc20e37c2..ccaa3d3506 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -222,10 +222,10 @@ setnz %al not %eax and %al, STACK_CPUINFO_FIELD(scf)(%r14) - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else andb $~SCF_use_shadow, CPUINFO_scf(%rsp) - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax .endif wrmsr @@ -423,7 +423,7 @@ /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr .L\@_skip_msr_spec_ctrl: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:57:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:57:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707826.1106140 (Exim 4.92) (envelope-from ) id 1rxEDz-0005iE-6Y; Wed, 17 Apr 2024 22:57:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707826.1106140; Wed, 17 Apr 2024 22:57:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDz-0005i7-45; Wed, 17 Apr 2024 22:57:55 +0000 Received: by outflank-mailman (input) for mailman id 707826; Wed, 17 Apr 2024 22:57:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDy-0005i1-2h for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEDy-0008R8-1v for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEDy-0003CS-1I for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:57:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kfZdFxrJuygwkRZU7BQxc5JmUrDeb1ccwbVUiC+x/Ho=; b=L11FabyYFASfUxVVa1L7u7ApgU pbB/8beqJ/bVRvuKzpP4Men3Z54ytYXxo3gmnDXnWlP0Hvz6tGRI7yj40P0Zau3wdGL9GiQu5JhR5 xDTLcLnBlcXasccHSSyHysC7S6za6lYB9Dp1PZC2r619yQ0RE9Y6fAiC4jZNT9R+qPJE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86: Use indirect calls in reset-stack infrastructure Message-Id: Date: Wed, 17 Apr 2024 22:57:54 +0000 commit 25a496fd22b7ef3b808c0dda35c4610ef41ef632 Author: Andrew Cooper AuthorDate: Fri Dec 22 17:44:48 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86: Use indirect calls in reset-stack infrastructure Mixing up JMP and CALL indirect targets leads a very fun form of speculative type confusion. A target which is expecting to be called CALLed needs a return address on the stack, and an indirect JMP doesn't place one there. An indirect JMP which predicts to a target intending to be CALLed can end up with a RET speculatively executing with a value from the JMPers stack frame. There are several ways get indirect JMPs in Xen. * From tailcall optimisations. These are safe because the compiler has arranged the stack to point at the callee's return address. * From jump tables. These are unsafe, but Xen is built with -fno-jump-tables to work around several compiler issues. * From reset_stack_and_jump_ind(), which is particularly unsafe. Because of the additional stack adjustment made, the value picked up off the stack is regs->r15 of the next vCPU to run. In order to mitigate this type confusion, we want to make all indirect targets be CALL targets, and remove the use of indirect JMP except via tailcall optimisation. Luckily due to XSA-348, all C target functions of reset_stack_and_jump_ind() are noreturn. {svm,vmx}_do_resume() exits via reset_stack_and_jump(); a direct JMP with entirely different prediction properties. idle_loop() is an infinite loop which eventually exits via reset_stack_and_jump_ind() from a new schedule. i.e. These paths are all fine having one extra return address on the stack. This leaves continue_pv_domain(), which is expecting to be a JMP target. Alter it to strip the return address off the stack, which is safe because there isn't actually a RET expecting to return to its caller. This allows us change reset_stack_and_jump_ind() to reset_stack_and_call_ind() in order to mitigate the speculative type confusion. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8e186f98ce0e35d1754ec9299da41ec98873b65c) --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/x86_64/entry.S | 8 ++++++++ xen/include/asm-x86/current.h | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 440f518328..1d44f6fc07 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2108,12 +2108,12 @@ void context_switch(struct vcpu *prev, struct vcpu *next) /* Ensure that the vcpu has an up-to-date time base. */ update_vcpu_system_time(next); - reset_stack_and_jump_ind(nextd->arch.ctxt_switch->tail); + reset_stack_and_call_ind(nextd->arch.ctxt_switch->tail); } void continue_running(struct vcpu *same) { - reset_stack_and_jump_ind(same->domain->arch.ctxt_switch->tail); + reset_stack_and_call_ind(same->domain->arch.ctxt_switch->tail); } int __sync_local_execstate(void) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 09f143354e..67ca00dbe1 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -637,6 +637,14 @@ ENTRY(dom_crash_sync_extable) #ifdef CONFIG_PV ENTRY(continue_pv_domain) ENDBR64 + + /* + * For speculative type confusion reasons, we're CALLed rather than + * JMPed to. Drop the return address. + */ + add $8, %rsp + ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK + call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h index 2641573d52..a0e7dbeaf9 100644 --- a/xen/include/asm-x86/current.h +++ b/xen/include/asm-x86/current.h @@ -197,8 +197,8 @@ unsigned long get_stack_dump_bottom (unsigned long sp); switch_stack_and_jump(fn, "jmp %c", "i") /* The constraint may only specify non-call-clobbered registers. */ -#define reset_stack_and_jump_ind(fn) \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b") +#define reset_stack_and_call_ind(fn) \ + switch_stack_and_jump(fn, "INDIRECT_CALL %", "b") /* * Which VCPU's state is currently running on each CPU? -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:58:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:58:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707827.1106145 (Exim 4.92) (envelope-from ) id 1rxEE9-0005lM-8H; Wed, 17 Apr 2024 22:58:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707827.1106145; Wed, 17 Apr 2024 22:58:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEE9-0005lE-5Z; Wed, 17 Apr 2024 22:58:05 +0000 Received: by outflank-mailman (input) for mailman id 707827; Wed, 17 Apr 2024 22:58:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEE8-0005l1-5T for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEE8-0008Rm-4g for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEE8-0003DR-40 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OIIB2Wwq+LXumkxFhjBs02KuOl9OdmcuyzPlTpe0zis=; b=KM4Bf/0BEZVjsyvJ4dwhVlIHuT LoJ8ONqD5MXHEnqewkbV+/BaSyNaFIB/toimcoYqGq2Y+nIRQUGJvbtZeTV3b8AMbkGE+pNmQDs2n 7qpfrbCq2/b75DRnUeEwSu0w8TEt5kGf/5VY64rQ5kO9AWKJqzoQHWqd+sG+bN6PC/60=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86: Drop INDIRECT_JMP Message-Id: Date: Wed, 17 Apr 2024 22:58:04 +0000 commit 21113031fc0db5ff3de8bfb7a441f06e169a931b Author: Andrew Cooper AuthorDate: Fri Dec 22 18:01:37 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86: Drop INDIRECT_JMP Indirect JMPs which are not tailcalls can lead to an unwelcome form of speculative type confusion, and we've removed the uses of INDIRECT_JMP to compensate. Remove the temptation to reintroduce new instances. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0b66d7ce3c0290eaad28bdafb35200052d012b14) --- xen/include/asm-x86/asm-defns.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/xen/include/asm-x86/asm-defns.h b/xen/include/asm-x86/asm-defns.h index 8bd9007731..7e22fcb9c0 100644 --- a/xen/include/asm-x86/asm-defns.h +++ b/xen/include/asm-x86/asm-defns.h @@ -20,10 +20,9 @@ .byte 0x0f, 0x01, 0xdd .endm -.macro INDIRECT_BRANCH insn:req arg:req +.macro INDIRECT_CALL arg:req /* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. + * Create an indirect call. arg is a single register. * * With no compiler support, this degrades into a plain indirect call/jmp. * With compiler support, dispatch to the correct __x86_indirect_thunk_* @@ -33,7 +32,7 @@ $done = 0 .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg + call __x86_indirect_thunk_r\reg $done = 1 .exitm .endif @@ -44,19 +43,10 @@ .endif .else - \insn *\arg + call *\arg .endif .endm -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp \arg -.endm - #ifdef CONFIG_XEN_IBT # define ENDBR64 endbr64 #else -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:58:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:58:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707828.1106149 (Exim 4.92) (envelope-from ) id 1rxEEJ-0005pb-9k; Wed, 17 Apr 2024 22:58:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707828.1106149; Wed, 17 Apr 2024 22:58:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEJ-0005pT-72; Wed, 17 Apr 2024 22:58:15 +0000 Received: by outflank-mailman (input) for mailman id 707828; Wed, 17 Apr 2024 22:58:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEI-0005pJ-8C for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEI-0008Rz-7S for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEEI-0003E0-6r for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2+gcoBFuTR6WpNl25s7EsfFMQoj+KAOJxa9SlevHE4c=; b=k9iwThe+CCqQLzxwbrT2EXwry8 cSvgxBhF4HtA+w/4Cy+3P0tC4FPWtqmE3b3a9whb0we2uJRUt7lG2SwtP818kpCh9dNzhGqNrqs+D oK9JXhTTQIUDVY4IjkxwWux88hSJPw+TbPPNO5U/sUXCf1DONStffFmlrAmZM0FE7LQk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/tsx: Expose RTM_ALWAYS_ABORT to guests Message-Id: Date: Wed, 17 Apr 2024 22:58:14 +0000 commit cf630e30dc4267d6b14ae95d345c8e3bb638ca82 Author: Andrew Cooper AuthorDate: Sat Apr 6 20:36:54 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/tsx: Expose RTM_ALWAYS_ABORT to guests A TSX Abort is one option mitigate Native-BHI, but a guest kernel doesn't get to see this if Xen has turned RTM off using MSR_TSX_{CTRL,FORCE_ABORT}. Therefore, the meaning of RTM_ALWAYS_ABORT has been adjusted to "XBEGIN won't fault", and it should be exposed to guests so they can make a better decision. Expose it in the max policy for any RTM-capable system. Offer it by default only if RTM has been disabled. Update test-tsx to account for this new meaning. While adjusting the logic in test_guest_policies(), take the opportunity to use feature names (now they're available) to make the logic easier to follow. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c94e2105924347de0d9f32065370e802a20cc829) --- tools/tests/tsx/test-tsx.c | 39 +++++++++++++++++++---------- xen/arch/x86/cpu-policy.c | 20 +++++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 47 insertions(+), 14 deletions(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index 0f4ea5f9c4..fab5c9a367 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -311,25 +311,25 @@ static void test_guest_policies(const struct cpu_policy *max, dump_tsx_details(max, "Max:"); dump_tsx_details(def, "Def:"); - if ( ((max->feat.raw[0].d | def->feat.raw[0].d) & - (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | - bitmaskof(X86_FEATURE_SRBDS_CTRL))) || - ((max->arch_caps.raw | def->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) + if ( max->feat.tsx_force_abort || def->feat.tsx_force_abort || + max->feat.srbds_ctrl || def->feat.srbds_ctrl || + max->arch_caps.tsx_ctrl || def->arch_caps.tsx_ctrl ) fail(" Xen-only TSX controls offered to guest\n"); switch ( rtm_behaviour ) { case RTM_UD: - if ( (max->feat.raw[0].b | def->feat.raw[0].b) & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) - fail(" HLE/RTM offered to guests despite not being available\n"); + if ( max->feat.hle || def->feat.hle || + max->feat.rtm || def->feat.rtm || + max->feat.rtm_always_abort || def->feat.rtm_always_abort ) + fail(" HLE/RTM/RTM_AA offered to guests despite not being available\n"); break; case RTM_ABORT: - if ( def->feat.raw[0].b & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) + if ( def->feat.hle || def->feat.rtm ) fail(" HLE/RTM offered to guests by default despite not being usable\n"); + if ( !def->feat.rtm_always_abort ) + fail(" RTM_AA not offered to guests by default despite being available\n"); break; case RTM_OK: @@ -340,6 +340,9 @@ static void test_guest_policies(const struct cpu_policy *max, if ( def->feat.hle ) fail(" Fail: HLE offered in default policy\n"); + + if ( def->feat.rtm && def->feat.rtm_always_abort ) + fail(" Fail: Both RTM and RTM_AA offered in default policy\n"); } static void test_def_max_policies(void) @@ -388,14 +391,13 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.hle || guest_policy.policy.feat.tsx_force_abort || - guest_policy.policy.feat.rtm_always_abort || guest_policy.policy.feat.srbds_ctrl || guest_policy.policy.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); if ( host.policy.feat.rtm ) { - unsigned int _7b0; + unsigned int _7b0, _7d0; /* * If host RTM is available, all combinations of guest flags should be @@ -403,6 +405,8 @@ static void test_guest(struct xen_domctl_createdomain *c) */ _7b0 = (guest_policy.policy.feat.raw[0].b ^= (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM))); + _7d0 = (guest_policy.policy.feat.raw[0].d ^= + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT)); /* Set the new policy. */ rc = xc_cpu_policy_set_domain(xch, domid, &guest_policy); @@ -426,10 +430,17 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.raw[0].b != _7b0 ) { - fail(" Expected CPUID.7[1].b 0x%08x differs from actual 0x%08x\n", + fail(" Expected CPUID.7[0].b 0x%08x differs from actual 0x%08x\n", _7b0, guest_policy.policy.feat.raw[0].b); goto out; } + + if ( guest_policy.policy.feat.raw[0].d != _7d0 ) + { + fail(" Expected CPUID.7[0].d 0x%08x differs from actual 0x%08x\n", + _7d0, guest_policy.policy.feat.raw[0].d); + goto out; + } } out: @@ -514,6 +525,8 @@ static void test_tsx(void) i, errno, strerror(errno)); } + dump_tsx_details(&host.policy, "Host:"); + rc = xc_physinfo(xch, &physinfo); if ( rc ) return fail("Failed to obtain physinfo: %d - %s\n", diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index c872afda3e..109b003538 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -457,6 +457,21 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) raw_cpu_policy.feat.clwb ) __set_bit(X86_FEATURE_CLWB, fs); } + + /* + * To mitigate Native-BHI, one option is to use a TSX Abort on capable + * systems. This is safe even if RTM has been disabled for other reasons + * via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel doesn't get to + * know this type of information. + * + * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to instead + * mean "XBEGIN won't fault". This is enough for a guest kernel to make + * an informed choice WRT mitigating Native-BHI. + * + * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT. + */ + if ( test_bit(X86_FEATURE_RTM, fs) ) + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -517,9 +532,14 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) * function as expected, but is technically compatible with the ISA. * * Do not advertise RTM to guests by default if it won't actually work. + * Instead, advertise RTM_ALWAYS_ABORT indicating that TSX Aborts are safe + * to use, e.g. for mitigating Native-BHI. */ if ( rtm_disabled ) + { __clear_bit(X86_FEATURE_RTM, fs); + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); + } } static void __init guest_common_feature_adjustments(uint32_t *fs) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 5a694e040d..855029aabd 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -276,7 +276,7 @@ XEN_CPUFEATURE(FSRM, 9*32+ 4) /*A Fast Short REP MOVS */ XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a VP2INTERSECT{D,Q} insns */ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A VERW clears microarchitectural buffers */ -XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! June 2021 TSX defeaturing in microcode. */ +XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! RTM disabled (but XBEGIN wont fault) */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*a SERIALIZE insn */ XEN_CPUFEATURE(HYBRID, 9*32+15) /* Heterogeneous platform */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:58:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:58:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707829.1106153 (Exim 4.92) (envelope-from ) id 1rxEET-0005se-BY; Wed, 17 Apr 2024 22:58:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707829.1106153; Wed, 17 Apr 2024 22:58:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEET-0005sW-8k; Wed, 17 Apr 2024 22:58:25 +0000 Received: by outflank-mailman (input) for mailman id 707829; Wed, 17 Apr 2024 22:58:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEES-0005sO-BM for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEES-0008SC-Ag for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEES-0003EX-A1 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gZ0vLBa9hIj08jQlH93tQvPZ8+Gl1jVI3h4fMiWMxpE=; b=P70pvMRYbOzIjFHa1TQAOQ4Jj3 oCPn2Lf6lB2SAl+J5JHY0DwtlkCgpMrps8dKM5VpqbX+IzgJNzIUSyMlZfywUgE3zQHMzZPKIhIoY YM00BeboyM6FqQgE6t+O8dGVlqeWRQuKsgkphyKEc1Cmk9sw3/M7h4wCKoCbfuuE79z8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Message-Id: Date: Wed, 17 Apr 2024 22:58:24 +0000 commit 028ef7630704f0c7254f5cd0ea5ffbacf92267f2 Author: Andrew Cooper AuthorDate: Tue Mar 26 19:01:37 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Introduce a "bhi-dis-s" boolean to match the other options we have for MSR_SPEC_CTRL values. Also introduce bhi_calculations(). Use BHI_DIS_S whenever possible. Guests which are levelled to be migration compatible with older CPUs can't see BHI_DIS_S, and Xen must fill in the difference to make the guest safe. Use the virt MSR_SPEC_CTRL infrastructure to force BHI_DIS_S behind the guest's back. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 62a1106415c5e8a49b45147ca84d54a58d471343) --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/spec_ctrl.c | 24 +++++++++++++++++++++++- xen/include/asm-x86/spec_ctrl.h | 1 + 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 33c32cfc1c..63f19b9c85 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2263,7 +2263,8 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). > {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, -> unpriv-mmio,gds-mit,div-scrub,lock-harden}= ]` +> unpriv-mmio,gds-mit,div-scrub,lock-harden, +> bhi-dis-s}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2342,6 +2343,11 @@ option can be used to force or prevent Xen using the feature itself. By default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by default. +On hardware supporting BHI_DIS_S (Branch History Injection Disable +Supervisor), the `bhi-dis-s=` option can be used to force or prevent Xen using +the feature itself. By default Xen will use BHI_DIS_S on hardware susceptible +to Branch History Injection. + On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` option can be used to force (the default) or prevent Xen from issuing branch prediction barriers on vcpu context switches. diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index c86aeeafb2..0041fdc88b 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -58,6 +58,7 @@ #include #include #include +#include #include static bool_t __initdata opt_force_ept; @@ -781,6 +782,22 @@ static void vmx_cpuid_policy_changed(struct vcpu *v) vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } + if ( cpu_has_vmx_virt_spec_ctrl ) + { + /* + * If we're on BHI_DIS_S capable hardware, the short loop sequence is + * not sufficient to mitigate Native-BHI. If the VM can't see it + * (i.e. it's levelled with older hardware), force it behind the + * guests back for safey. + * + * Because there's not a real Host/Guest split of the MSR_SPEC_CTRL + * value, this only works as expected when Xen is using BHI_DIS_S too. + */ + bool force_bhi_dis_s = opt_bhi_dis_s && !cp->feat.bhi_ctrl; + + __vmwrite(SPEC_CTRL_MASK, force_bhi_dis_s ? SPEC_CTRL_BHI_DIS_S : 0); + } + /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ if ( cp->feat.ibrsb || cp->extd.ibpb ) vmx_clear_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 18e0f87df7..2e890c5d54 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -58,6 +58,7 @@ static int8_t __initdata opt_ibrs = -1; int8_t __initdata opt_stibp = -1; bool __read_mostly opt_ssbd; int8_t __initdata opt_psfd = -1; +int8_t __read_mostly opt_bhi_dis_s = -1; int8_t __read_mostly opt_ibpb_ctxt_switch = -1; int8_t __read_mostly opt_eager_fpu = -1; @@ -274,6 +275,8 @@ static int __init parse_spec_ctrl(const char *s) opt_ssbd = val; else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) opt_psfd = val; + else if ( (val = parse_boolean("bhi-dis-s", s, ss)) >= 0 ) + opt_bhi_dis_s = val; /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) @@ -508,7 +511,7 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : @@ -525,6 +528,8 @@ static void __init print_details(enum ind_thunk thunk) (!boot_cpu_has(X86_FEATURE_PSFD) && !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", + !boot_cpu_has(X86_FEATURE_BHI_CTRL) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_BHI_DIS_S) ? " BHI_DIS_S+" : " BHI_DIS_S-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -1572,6 +1577,21 @@ static void __init gds_calculations(void) } } +/* + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + */ +static void __init bhi_calculations(void) +{ + if ( opt_bhi_dis_s == -1 ) + opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + + if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) + opt_bhi_dis_s = false; + + if ( opt_bhi_dis_s ) + default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; +} + void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); @@ -2111,6 +2131,8 @@ void __init init_speculation_mitigations(void) gds_calculations(); + bhi_calculations(); + print_details(thunk); /* diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 7048e5ee21..617209202b 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -89,6 +89,7 @@ static always_inline void spec_ctrl_new_guest_context(void) extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; +extern int8_t opt_bhi_dis_s; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:58:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:58:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707830.1106158 (Exim 4.92) (envelope-from ) id 1rxEEd-0005vy-F7; Wed, 17 Apr 2024 22:58:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707830.1106158; Wed, 17 Apr 2024 22:58:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEd-0005vq-Bc; Wed, 17 Apr 2024 22:58:35 +0000 Received: by outflank-mailman (input) for mailman id 707830; Wed, 17 Apr 2024 22:58:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEc-0005vg-ET for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEc-0008SN-Di for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEEc-0003Ey-Cz for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9n4922VxnXmSAaW+j85y9/nDf89i84yf4wUhVYa4DZI=; b=pTkRbS3jwKNBVU1UolyoKHibY2 aFz1oD9sCkRBlVHAp4IEY4ODsqZ6sV7HFScX5Z1o75K8ZX1IiUCiaX1F8RlRncnlonKJSk8WT5hgW qfFtv9+Rfbcqzbjcq00sjqbQiWal7RF36pD6tye/I9VJY3o/HarOgVy7cRL5qsAIjT+o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Software BHB-clearing sequences Message-Id: Date: Wed, 17 Apr 2024 22:58:34 +0000 commit 4e7d75c4a5e841cec840010edbc6dfcf3c8a7b61 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Software BHB-clearing sequences Implement clear_bhb_{tsx,loops}() as per the BHI guidance. The loops variant is set up as the "short" sequence. Introduce SCF_entry_bhb and extend SPEC_CTRL_ENTRY_* with a conditional call to selected clearing routine. Note that due to a limitation in the ALTERNATIVE capability, the TEST/JZ can't be included alongside a CALL in a single alternative block. This is going to require further work to untangle. The BHB sequences (if used) must be after the restoration of Xen's MSR_SPEC_CTRL value, which must be accounted for when judging whether it is safe to skip the safety LFENCEs. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 954c983abceee97bf5f6230b9ae164f2c49a9aa9) --- xen/arch/x86/Makefile | 1 + xen/arch/x86/bhb-thunk.S | 98 +++++++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/vmx/entry.S | 12 +++++ xen/arch/x86/spec_ctrl.c | 39 ++++++++------- xen/include/asm-x86/cpufeature.h | 3 ++ xen/include/asm-x86/cpufeatures.h | 3 ++ xen/include/asm-x86/spec_ctrl.h | 3 +- xen/include/asm-x86/spec_ctrl_asm.h | 30 ++++++++++++ 8 files changed, 171 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index eb63e54d93..70c596df6b 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -12,6 +12,7 @@ alternative-y := alternative.init.o alternative-$(CONFIG_LIVEPATCH) := obj-bin-y += $(alternative-y) obj-y += apic.o +obj-y += bhb-thunk.o obj-y += bitops.o obj-bin-y += bzimage.init.o obj-bin-y += clear_page.o diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S new file mode 100644 index 0000000000..f52cfb9bc2 --- /dev/null +++ b/xen/arch/x86/bhb-thunk.S @@ -0,0 +1,98 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Branch History Injection clearing sequences. + * + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + * + * Copyright (c) 2023, 2024 XenServer. + */ + .file __FILE__ + +#include + + .section .text.entry, "ax", @progbits + +/* + * Clear the Branch History Buffer using a TSX Abort. + * + * Any TSX Abort has a side effect of clearing the BHB, even when TSX is + * disabled for e.g. TAA mitigation reasons. + */ +ENTRY(clear_bhb_tsx) + .byte 0xc7, 0xf8; .long 1f - 0f /* xbegin 1f */ +0: .byte 0xc6, 0xf8, 0 /* xabort $0 */ + int3 +1: + ret + + .size clear_bhb_tsx, . - clear_bhb_tsx + .type clear_bhb_tsx, @function + +/* + * Clear the Branch History Buffer using the software sequence. + * + * Clobbers: %eax, %ecx + * + * This executes a specific number of taken branches, sufficient to displace + * all prior entries in the history tracker, therefore removing prior + * influence on subsequent BTB lookups. + * + * Structurally, it looks like this: + * + * call 1 + * call 2 + * ... 5x jmp loop + * call 2 + * ... 5x jmp loop + * ... 5x call2's deep + * + * ret + * ret + * ret + * ret + * + * The CALL/RETs are necessary to prevent the Loop Stream Detector from + * interfering. The alignment is for performance and not safety. + * + * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire + * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + */ +ENTRY(clear_bhb_loops) + mov $5, %ecx + + call 1f + jmp 5f + int3 + + .align 64 +1: call 2f + ret + int3 + + .align 64 +2: mov $5, %eax + +3: jmp 4f + int3 + +4: sub $1, %eax + jnz 3b + + sub $1, %ecx + jnz 1b + + ret +5: + /* + * The Intel sequence has an LFENCE here. The purpose is to ensure + * that all prior branches have executed, before dispatching a + * subsequent indirect branch. + * + * Xen's SPEC_CTRL_ENTRY_* blocks have safety LFENCEs at the end when + * protections are active, which suffices for this purpose. + */ + + ret + + .size clear_bhb_loops, . - clear_bhb_loops + .type clear_bhb_loops, @function diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 9250eb1839..1092d1918c 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -57,6 +57,18 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, CPUINFO_scf(%rsp) + jz .L_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2e890c5d54..2b0597938b 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2153,38 +2153,43 @@ void __init init_speculation_mitigations(void) /* * SPEC_CTRL_ENTRY_FROM_PV conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we're not using any prior conditional mitigation, - * then it's safe to drop the LFENCE. + * Otherwise, DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we do have it, or we're not using any + * prior conditional block, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); /* * SPEC_CTRL_ENTRY_FROM_INTR conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we have no protections active in the block that - * is skipped when interrupting guest context, then it's safe to drop - * the LFENCE. + * Otherwise DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we have it, or we have no protections + * active in the block that is skipped when interrupting guest + * context, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && - !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); /* * SPEC_CTRL_ENTRY_FROM_VMX conditional safety * - * Currently there are no safety actions with conditional branches, so - * no need for the extra safety LFENCE. + * A BHB sequence, if used, is the only conditional action, so if we + * don't have it, we don't need the safety LFENCE. */ - setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + if ( !cpu_has_bhb_seq ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } /* diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 1869732bcb..3935c0ad4a 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -177,6 +177,9 @@ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) +#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ + boot_cpu_has(X86_SPEC_BHB_LOOPS)) + enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index 6422c66b0f..bada8912e0 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -56,5 +56,8 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ #define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ +#define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ +#define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h index 617209202b..4439a1b243 100644 --- a/xen/include/asm-x86/spec_ctrl.h +++ b/xen/include/asm-x86/spec_ctrl.h @@ -36,6 +36,7 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_entry_bhb (1 << 6) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -54,7 +55,7 @@ * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb | SCF_entry_bhb) #ifndef __ASSEMBLY__ diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h index ccaa3d3506..3e1ef34606 100644 --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -290,6 +290,17 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm @@ -328,6 +339,13 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm @@ -428,6 +446,18 @@ .L\@_skip_msr_spec_ctrl: + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + lfence .endm -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:58:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:58:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707831.1106161 (Exim 4.92) (envelope-from ) id 1rxEEn-0005ya-Fi; Wed, 17 Apr 2024 22:58:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707831.1106161; Wed, 17 Apr 2024 22:58:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEn-0005yT-D7; Wed, 17 Apr 2024 22:58:45 +0000 Received: by outflank-mailman (input) for mailman id 707831; Wed, 17 Apr 2024 22:58:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEm-0005yK-HU for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEm-0008SZ-Gm for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEEm-0003FP-G6 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=sAxjm9FbaAwkghnQ5mVNon760/tSVjUxvV0wwfYJjpM=; b=1DentjQn+5+FNRrfjwRe5z6BUO nfKRMEOTeFq7TYIYimH9/YPHVO6bwjaRDXvaUaJ4Tnh5Ue+yJ+p05pA7toNkDDp/SFwDCloRaRJ5S xfEnFiXVb5unM1Xj46vSydt5zT2kh2VXhrQ3q21W4YjfutArGHa5HTszNZCtWSDgo0ZU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Wire up the Native-BHI software sequences Message-Id: Date: Wed, 17 Apr 2024 22:58:44 +0000 commit 27f9a778bd2538f06d02fd79f3381ff0a27f4987 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Wire up the Native-BHI software sequences In the absence of BHI_DIS_S, mitigating Native-BHI requires the use of a software sequence. Introduce a new bhb-seq= option to select between avaialble sequences and bhb-entry= to control the per-PV/HVM actions like we have for other blocks. Activate the short sequence by default for PV and HVM guests on affected hardware if BHI_DIS_S isn't present. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 689ad48ce9cf4c38297cd126e7e003a1c13a3b9d) --- docs/misc/xen-command-line.pandoc | 25 +++++-- xen/arch/x86/spec_ctrl.c | 144 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 157 insertions(+), 12 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 63f19b9c85..98fcfa3fa8 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2260,8 +2260,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, > bhi-dis-s}= ]` @@ -2286,10 +2287,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=` and `ibpb-entry=` options -offer fine grained control over the primitives by Xen. These impact Xen's -ability to protect itself, and/or Xen's ability to virtualise support for -guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=`, `ibpb-entry=` and `bhb-entry=` +options offer fine grained control over the primitives by Xen. These impact +Xen's ability to protect itself, and/or Xen's ability to virtualise support +for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2315,6 +2316,12 @@ guests to use. Return Stack Overflow if appropriate microcode has been loaded, but for performance reasons dom0 is unprotected by default. If it is necessary to protect dom0 too, boot with `spec-ctrl=ibpb-entry`. +* `bhb-entry=` offers control over whether BHB-clearing (Branch History + Buffer) sequences are used on entry to Xen. This is used by default on + hardware vulnerable to Branch History Injection, when the BHI_DIS_S control + is not available (see `bhi-dis-s`). The choice of scrubbing sequence can be + selected using the `bhb-seq=` option. If it is necessary to protect dom0 + too, boot with `spec-ctrl=bhb-entry`. If Xen was compiled with INDIRECT_THUNK support, `bti-thunk=` can be used to select which of the thunks gets patched into the `__x86_indirect_thunk_%reg` @@ -2322,6 +2329,12 @@ locations. The default thunk is `retpoline` (generally preferred), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and `lfence` (an `lfence; jmp *%reg` gadget). +On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing +sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` +options in order to mitigate Branch History Injection on affected hardware. +The default sequence is `short`, with `tsx` as an alternative available +capable hardware that can be opted in to. + On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. If Xen is not using IBRS itself, functionality is still set up so IBRS can be diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2b0597938b..4e6f18d0e1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -44,6 +44,16 @@ static int8_t __read_mostly opt_ibpb_entry_pv = -1; static int8_t __read_mostly opt_ibpb_entry_hvm = -1; static bool __read_mostly opt_ibpb_entry_dom0; +static int8_t __read_mostly opt_bhb_entry_pv = -1; +static int8_t __read_mostly opt_bhb_entry_hvm = -1; +static bool __read_mostly opt_bhb_entry_dom0; +static enum bhb_thunk { + BHB_DEFAULT, + BHB_NONE, + BHB_TSX, + BHB_SHORT, +} opt_bhb_seq __initdata; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -126,8 +136,12 @@ static int __init parse_spec_ctrl(const char *s) opt_ibpb_entry_pv = 0; opt_ibpb_entry_hvm = 0; opt_ibpb_entry_dom0 = false; + opt_bhb_entry_pv = 0; + opt_bhb_entry_hvm = 0; + opt_bhb_entry_dom0 = false; opt_thunk = THUNK_JMP; + opt_bhb_seq = BHB_NONE; opt_ibrs = 0; opt_ibpb_ctxt_switch = false; opt_ssbd = false; @@ -156,6 +170,7 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_pv = val; opt_verw_pv = val; opt_ibpb_entry_pv = val; + opt_bhb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { @@ -163,6 +178,7 @@ static int __init parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_verw_hvm = val; opt_ibpb_entry_hvm = val; + opt_bhb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -250,6 +266,28 @@ static int __init parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("bhb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_bhb_entry_pv = opt_bhb_entry_hvm = + opt_bhb_entry_dom0 = val; + break; + + case -2: + s += strlen("bhb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_bhb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_bhb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -265,6 +303,19 @@ static int __init parse_spec_ctrl(const char *s) else rc = -EINVAL; } + else if ( !strncmp(s, "bhb-seq=", 8) ) + { + s += strlen("bhb-seq="); + + if ( !cmdline_strcmp(s, "none") ) + opt_bhb_seq = BHB_NONE; + else if ( !cmdline_strcmp(s, "tsx") ) + opt_bhb_seq = BHB_TSX; + else if ( !cmdline_strcmp(s, "short") ) + opt_bhb_seq = BHB_SHORT; + else + rc = -EINVAL; + } /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) @@ -511,11 +562,15 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: BTI-Thunk %s, %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk == THUNK_NONE ? "N/A" : thunk == THUNK_RETPOLINE ? "RETPOLINE" : thunk == THUNK_LFENCE ? "LFENCE" : thunk == THUNK_JMP ? "JMP" : "?", + opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", + opt_bhb_seq == BHB_NONE ? "" : + opt_bhb_seq == BHB_TSX ? "TSX, " : + opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -554,29 +609,33 @@ static void __init print_details(enum ind_thunk thunk) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -1580,16 +1639,85 @@ static void __init gds_calculations(void) /* * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html */ +static bool __init cpu_has_bug_bhi(void) +{ + /* BHI is only known to affect Intel Family 6 processors at this time. */ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return false; + + if ( boot_cpu_has(X86_FEATURE_BHI_NO) ) + return false; + + if ( cpu_has_hypervisor ) + return true; /* TODO: how to figure out out if we're really eIBRS levelled out? */ + + return cpu_has_eibrs; +} + static void __init bhi_calculations(void) { + bool has_bhi = cpu_has_bug_bhi(); + + /* + * To mitigate BHI, we want to use BHI_DIS_S wherever possible, or the + * short sequence otherwise. Other forms are available on request. + * + * We are repsonsbile for performing default-conversion on opt_bhi_dis_s + * and opt_bhb_seq, irrespective of succeptibility to BHI. + */ + if ( opt_bhi_dis_s == -1 ) - opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + opt_bhi_dis_s = has_bhi; if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) opt_bhi_dis_s = false; if ( opt_bhi_dis_s ) default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; + + if ( opt_bhb_seq == BHB_DEFAULT ) + { + /* + * If we're using BHI_DIS_S, or we're not succeptable, don't activate + * the thunks. + */ + if ( !has_bhi || opt_bhi_dis_s ) + opt_bhb_seq = BHB_NONE; + else + opt_bhb_seq = BHB_SHORT; + } + + /* + * We can use the TSX even if it's disabled for e.g. TAA reasons. + * However, fall back to the loop sequence if there is no trace of RTM at + * all, as XBEGIN will #UD. + */ + if ( opt_bhb_seq == BHB_TSX && !cpu_has_rtm && !cpu_has_rtm_always_abort && + !cpu_has_tsx_force_abort ) + opt_bhb_seq = BHB_SHORT; + + /* + * Only activate SCF_entry_bhb by for guests if a sequence is in place. + */ + if ( opt_bhb_entry_pv == -1 ) + opt_bhb_entry_pv = has_bhi && opt_bhb_seq != BHB_NONE; + if ( opt_bhb_entry_hvm == -1 ) + opt_bhb_entry_hvm = has_bhi && opt_bhb_seq != BHB_NONE; + + switch ( opt_bhb_seq ) + { + case BHB_SHORT: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); + break; + + case BHB_TSX: + setup_force_cpu_cap(X86_SPEC_BHB_TSX); + break; + + default: + break; + } } void spec_ctrl_init_domain(struct domain *d) @@ -1602,9 +1730,13 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); + bool bhb = ((pv ? opt_bhb_entry_pv : opt_bhb_entry_hvm) && + (d->domain_id != 0 || opt_bhb_entry_dom0)); + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | + (bhb ? SCF_entry_bhb : 0) | 0; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:58:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:58:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707832.1106165 (Exim 4.92) (envelope-from ) id 1rxEEx-00061y-J3; Wed, 17 Apr 2024 22:58:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707832.1106165; Wed, 17 Apr 2024 22:58:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEx-00061q-GL; Wed, 17 Apr 2024 22:58:55 +0000 Received: by outflank-mailman (input) for mailman id 707832; Wed, 17 Apr 2024 22:58:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEw-00061e-KT for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEEw-0008Si-Jn for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEEw-0003Fr-JA for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:58:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m+WtJth0VJ8jntaALg6ROrbUPIMoYeo0oGLWT4g6oXU=; b=mudox5FphAWGhnm+RlaKG+sXFf 2/q6NHN1AGtefv1S0rLgB+L7BX/ui5bAmtxe5CTK7rWM9rfrzujj6LXHQxpIbh/p/S7cjCsQ6OfLv ZhNCQNiANwpwVZzZk6b13UHTgsaSAHPkD4DVZT8+L2zJJ20OXRGOjZ7XJumhTeHwROF8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec-ctrl: Support the "long" BHB loop sequence Message-Id: Date: Wed, 17 Apr 2024 22:58:54 +0000 commit fb263ffc1f7fc1975dc072a5ebbd9d6e9021337a Author: Andrew Cooper AuthorDate: Fri Mar 22 19:29:34 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 x86/spec-ctrl: Support the "long" BHB loop sequence Out of an abudnance of caution, implement the long loop too, and allowing for it to be opted in to. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit d5887c0decbd90e798b24ed696628645b04632fb) --- docs/misc/xen-command-line.pandoc | 4 ++-- xen/arch/x86/bhb-thunk.S | 8 ++++++-- xen/arch/x86/spec_ctrl.c | 10 +++++++++- xen/include/asm-x86/cpufeatures.h | 1 + 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 98fcfa3fa8..2703e5986f 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2261,7 +2261,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, > {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx|long, > {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, @@ -2333,7 +2333,7 @@ On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` options in order to mitigate Branch History Injection on affected hardware. The default sequence is `short`, with `tsx` as an alternative available -capable hardware that can be opted in to. +capable hardware, and `long` that can be opted in to. On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S index f52cfb9bc2..7e866784f7 100644 --- a/xen/arch/x86/bhb-thunk.S +++ b/xen/arch/x86/bhb-thunk.S @@ -56,9 +56,13 @@ ENTRY(clear_bhb_tsx) * * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + * + * The "long" sequence (12 and 7) is for Alder Lake / Sapphire Rapids + * (i.e. Golden Cove and/or Gracemont cores). However, such CPUs are expected + * to use BHI_DIS_S in preference. */ ENTRY(clear_bhb_loops) - mov $5, %ecx + ALTERNATIVE "mov $5, %ecx", "mov $12, %ecx", X86_SPEC_BHB_LOOPS_LONG call 1f jmp 5f @@ -70,7 +74,7 @@ ENTRY(clear_bhb_loops) int3 .align 64 -2: mov $5, %eax +2: ALTERNATIVE "mov $5, %eax", "mov $7, %eax", X86_SPEC_BHB_LOOPS_LONG 3: jmp 4f int3 diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 4e6f18d0e1..34e174754b 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -52,6 +52,7 @@ static enum bhb_thunk { BHB_NONE, BHB_TSX, BHB_SHORT, + BHB_LONG, } opt_bhb_seq __initdata; /* Cmdline controls for Xen's speculative settings. */ @@ -313,6 +314,8 @@ static int __init parse_spec_ctrl(const char *s) opt_bhb_seq = BHB_TSX; else if ( !cmdline_strcmp(s, "short") ) opt_bhb_seq = BHB_SHORT; + else if ( !cmdline_strcmp(s, "long") ) + opt_bhb_seq = BHB_LONG; else rc = -EINVAL; } @@ -570,7 +573,8 @@ static void __init print_details(enum ind_thunk thunk) opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", opt_bhb_seq == BHB_NONE ? "" : opt_bhb_seq == BHB_TSX ? "TSX, " : - opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", + opt_bhb_seq == BHB_SHORT ? "SHORT, " : + opt_bhb_seq == BHB_LONG ? "LONG, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -1707,6 +1711,10 @@ static void __init bhi_calculations(void) switch ( opt_bhb_seq ) { + case BHB_LONG: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS_LONG); + fallthrough; + case BHB_SHORT: setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); break; diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h index bada8912e0..ba3df174b7 100644 --- a/xen/include/asm-x86/cpufeatures.h +++ b/xen/include/asm-x86/cpufeatures.h @@ -58,6 +58,7 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ #define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ +#define X86_SPEC_BHB_LOOPS_LONG X86_BUG(21) /* Upgrade clear_bhb_loops to the "long" sequence. */ /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:59:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:59:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707833.1106169 (Exim 4.92) (envelope-from ) id 1rxEF7-00064q-KT; Wed, 17 Apr 2024 22:59:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707833.1106169; Wed, 17 Apr 2024 22:59:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEF7-00064i-Hp; Wed, 17 Apr 2024 22:59:05 +0000 Received: by outflank-mailman (input) for mailman id 707833; Wed, 17 Apr 2024 22:59:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEF6-00064b-NL for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:59:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEF6-0008TQ-Mc for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:59:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEF6-0003GX-Lv for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:59:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m2w31qMLpGpP3WWqiakP7hR5VP+R2CdVCPXVsyu8J0U=; b=1ZQsa23lxpgxp2F+531eiulf6b gqXjBYDfJfO4h0m4UpKlz6sHioFiyULSELow2Goud2Fub53RjWEDdmYIuASnRq2V5MGAZYbiqjDqx 8M0FHz+s5D7rkDdJGP47B59Y0MhlqyhmKmzZmD2LZ49i5JDkJ8mj3knTi+qR/7+52prU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] Update Xen version to 4.16.6 Message-Id: Date: Wed, 17 Apr 2024 22:59:04 +0000 commit 4b33780de790bd438dd7cbb6143b410d94f0f049 Author: Andrew Cooper AuthorDate: Wed Mar 27 18:23:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 17:10:28 2024 +0100 Update Xen version to 4.16.6 Signed-off-by: Andrew Cooper --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index 78db742049..cd10d93c0b 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 16 -export XEN_EXTRAVERSION ?= .5$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .6$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:59:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:59:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707834.1106173 (Exim 4.92) (envelope-from ) id 1rxEFH-00067a-Ln; Wed, 17 Apr 2024 22:59:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707834.1106173; Wed, 17 Apr 2024 22:59:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEFH-00067T-J7; Wed, 17 Apr 2024 22:59:15 +0000 Received: by outflank-mailman (input) for mailman id 707834; Wed, 17 Apr 2024 22:59:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEFG-00067E-Qe for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:59:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEFG-0008Td-Pp for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:59:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEFG-0003HC-Ok for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:59:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=21Uyyis1Q+lAa2fKVJRzQwZ9/8qcspptXtpTrYbYbiQ=; b=KOk6H9D3qMaxKv1jRES06nXpqq 60icLQ+ohkU/qxtkaGHKeMMnclGYLXT88PKi8hZjTCGf4e1mhuFBHVHbHAaNJmfwlWqPIgpIUw0yq fIYDvC1BL4POWmgpeDOtCMhQ5s3HgefQrvyKjDw/fAbvnpogKRqbL19XHca5nk1PYAh8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/entry: Fix build with older toolchains Message-Id: Date: Wed, 17 Apr 2024 22:59:14 +0000 commit 150f6cdbfe079816a0df8b9d57320ca42fc39d12 Author: Andrew Cooper AuthorDate: Tue Apr 9 21:39:51 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:36:31 2024 +0100 x86/entry: Fix build with older toolchains Binutils older than 2.29 doesn't know INCSSPD. Fixes: 8e186f98ce0e ("x86: Use indirect calls in reset-stack infrastructure") Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini (cherry picked from commit a9fa82500818a8d8ce5f2843f1577bd2c29d088e) --- xen/arch/x86/x86_64/entry.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 67ca00dbe1..e34be4801b 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -643,7 +643,9 @@ ENTRY(continue_pv_domain) * JMPed to. Drop the return address. */ add $8, %rsp +#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK +#endif call check_wakeup_from_wait ret_from_intr: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Wed Apr 17 22:59:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 17 Apr 2024 22:59:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707835.1106176 (Exim 4.92) (envelope-from ) id 1rxEFR-0006AJ-NF; Wed, 17 Apr 2024 22:59:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707835.1106176; Wed, 17 Apr 2024 22:59:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEFR-0006AC-Kh; Wed, 17 Apr 2024 22:59:25 +0000 Received: by outflank-mailman (input) for mailman id 707835; Wed, 17 Apr 2024 22:59:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEFQ-0006A5-TT for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:59:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxEFQ-0008Tm-Sg for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:59:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxEFQ-0003Hr-S3 for xen-changelog@lists.xenproject.org; Wed, 17 Apr 2024 22:59:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Vdd+Kb0Tdjn4653LzRSFU9YWJJ4WpbTfS3LdUqZfE+k=; b=GdxPkrgL6pKRiEW7YylmOzEEvz OZAckOq1T7bOOIIshOERDVrgs49A509NRRe5mw+HMYiTJBPZ1s6Mqiw6D6uUdO+/Zs9XQm/PGUB8U uBFrQAdOaw3iQ+hvLN6TQ9d3Rm9shbe5ie0x4NrJxUm4ZjZTRkdOqY0JOA8RlRbRJ96c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/vmx: prevent fallthrough in vmx_set_reg() for handled registers Message-Id: Date: Wed, 17 Apr 2024 22:59:24 +0000 commit cd2df4561edef2c104f46f8d0998e8ccefdf9c5e Author: Roger Pau Monné AuthorDate: Mon Apr 15 11:22:31 2024 +0100 Commit: Andrew Cooper CommitDate: Mon Apr 15 11:26:00 2024 +0100 x86/vmx: prevent fallthrough in vmx_set_reg() for handled registers vmx_set_reg() logic is split into two parts, the top one handles registers that don't require loading the VMCS into context (ie: don't require a VMWRITE). The second half handles registers that do require the VMCS to be loaded. SPEC_CTRL MSR is handled differently depending on whether there's support for virtualize SPEC_CTRL. Without hardware help for virtualizing SPEC_CTRL the value is handled using MSR load lists, that don't require the VMCS to be loaded. When there's hardware assistance however the value is stored in the VMCS, and requires a VMWRITE. The lack of a return statement when handling SPEC_CTRL in the first half of the function leads to SPEC_CTRL being unconditionally handled as if the host had virtualize SPEC_CTRL, which means Xen will either hit an ASSERT in debug builds, or will attempt to perform a VMWRITE to an unhandled VMCS field if the host doesn't support the virtualize SPEC_CTRL feature. This bug occured because the context wasn't adjusted accordingly to account for the absence commit 0626219dcc6a ("x86/hvm: Drop hvm_{get,set}_guest_bndcfgs() and use {get,set}_regs() instead") in the 4.15 and 4.16 branches. Fix by returning early from the function if the register is handled without requiring the VMCS context to be loaded. Fixes: 295bf24af77c ('x86/vmx: Add support for virtualize SPEC_CTRL') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper --- xen/arch/x86/hvm/vmx/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 0041fdc88b..d5112c8ecf 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2663,7 +2663,7 @@ static void vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) __func__, v, reg, rc); domain_crash(d); } - break; + return; } /* Logic which maybe requires remote VMCS acquisition. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:33:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:33:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707850.1106191 (Exim 4.92) (envelope-from ) id 1rxHaC-0007b3-DN; Thu, 18 Apr 2024 02:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707850.1106191; Thu, 18 Apr 2024 02:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaC-0007aw-Ao; Thu, 18 Apr 2024 02:33:04 +0000 Received: by outflank-mailman (input) for mailman id 707850; Thu, 18 Apr 2024 02:33:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaB-0007aa-2Z for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaA-0003MC-LN for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHaA-0006Hv-KO for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AMxuTCxXLo5aVW5GwstwbF8Je9/VIBTqO1gfSkl/waI=; b=XSr8uu+FXj6XQlAXiRQJ6A4NjD KUtaQdUC3lpilnp4suO+o9iOxBkF6J6OyzYzmN/GAPUh14/9S6IzIV5D2gjcVQs1LAWBeQqeFy4Et L/r7kdvQ+kBnU6IFfEbSmo9aOfEOEHvaQlybGXUjWePiMgRCZlnDNvybSg825Erc6Z6g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Fix BTC/SRSO mitigations Message-Id: Date: Thu, 18 Apr 2024 02:33:02 +0000 commit 19887194865cff7d87650c323d5c6b185dfe3ddc Author: Andrew Cooper AuthorDate: Tue Mar 26 22:47:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 x86/spec-ctrl: Fix BTC/SRSO mitigations We were looking for SCF_entry_ibpb in the wrong variable in the top-of-stack block, and xen_spec_ctrl won't have had bit 5 set because Xen doesn't understand SPEC_CTRL_RRSBA_DIS_U yet. This is XSA-455 / CVE-2024-31142. Fixes: 53a570b28569 ("x86/spec-ctrl: Support IBPB-on-entry") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 934f12cf5c..c19e964bc6 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -103,7 +103,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 97a97b2b82..e85db1a329 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -102,7 +102,7 @@ jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) .endif jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:33:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707851.1106194 (Exim 4.92) (envelope-from ) id 1rxHaL-0007eO-Ed; Thu, 18 Apr 2024 02:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707851.1106194; Thu, 18 Apr 2024 02:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaL-0007eF-CE; Thu, 18 Apr 2024 02:33:13 +0000 Received: by outflank-mailman (input) for mailman id 707851; Thu, 18 Apr 2024 02:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaK-0007e7-Po for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaK-0003MG-P1 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHaK-0006IZ-Nc for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D5/QfDz0VEOo76ol865t/+a01grmipMP08zTErxeLwQ=; b=bSAm822qZI+kmMD5J/Z3h0uUzi 90qpxKLMfTuBYRJYPpmi+MYtaVjyfZX5rLRRgsqvySx206J27dD+8Wo4pai7HFCDaiPSleBnpztXs GkRuwmxzmYMBf8aXW7CIzNFh4zz2xWevrArO1bcHPa9gKODOcmCFzzm113soHPwpCFhU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/APIC: finish genapic conversion to altcall Message-Id: Date: Thu, 18 Apr 2024 02:33:12 +0000 commit 88d5e21e165351feef0f17157005dece78275cea Author: Jan Beulich AuthorDate: Wed Jan 17 10:41:52 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 x86/APIC: finish genapic conversion to altcall While .probe() doesn't need fiddling with for being run only very early, init_apic_ldr() wants converting too despite not being on a frequently executed path: This way all pre-filled struct genapic instances can become __initconst_cf_clobber, thus allowing to eliminate 15 more ENDBR during the 2nd phase of alternatives patching. While fiddling with section annotations here, also move "genapic" itself to .data.ro_after_init. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit b1cc53753cba4c3253f2e1093a3a6a9a828314bf) --- xen/arch/x86/genapic/bigsmp.c | 2 +- xen/arch/x86/genapic/default.c | 2 +- xen/arch/x86/genapic/probe.c | 2 +- xen/arch/x86/genapic/x2apic.c | 6 +++--- xen/arch/x86/include/asm/mach-generic/mach_apic.h | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/genapic/bigsmp.c b/xen/arch/x86/genapic/bigsmp.c index 2000383ab0..7219ec53b0 100644 --- a/xen/arch/x86/genapic/bigsmp.c +++ b/xen/arch/x86/genapic/bigsmp.c @@ -41,7 +41,7 @@ static int __init cf_check probe_bigsmp(void) return def_to_bigsmp; } -const struct genapic __initconstrel apic_bigsmp = { +const struct genapic __initconst_cf_clobber apic_bigsmp = { APIC_INIT("bigsmp", probe_bigsmp), GENAPIC_PHYS }; diff --git a/xen/arch/x86/genapic/default.c b/xen/arch/x86/genapic/default.c index 2c63c1f917..a968836a18 100644 --- a/xen/arch/x86/genapic/default.c +++ b/xen/arch/x86/genapic/default.c @@ -14,7 +14,7 @@ #include /* should be called last. */ -const struct genapic __initconstrel apic_default = { +const struct genapic __initconst_cf_clobber apic_default = { APIC_INIT("default", NULL), GENAPIC_FLAT }; diff --git a/xen/arch/x86/genapic/probe.c b/xen/arch/x86/genapic/probe.c index ad57912f50..10ceeae4d2 100644 --- a/xen/arch/x86/genapic/probe.c +++ b/xen/arch/x86/genapic/probe.c @@ -16,7 +16,7 @@ #include #include -struct genapic __read_mostly genapic; +struct genapic __ro_after_init genapic; static const struct genapic *const __initconstrel apic_probe[] = { &apic_bigsmp, diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c index c64038adaa..eba09d7719 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c @@ -169,7 +169,7 @@ static void cf_check send_IPI_mask_x2apic_cluster( local_irq_restore(flags); } -static const struct genapic __initconstrel apic_x2apic_phys = { +static const struct genapic __initconst_cf_clobber apic_x2apic_phys = { APIC_INIT("x2apic_phys", NULL), .int_delivery_mode = dest_Fixed, .int_dest_mode = 0 /* physical delivery */, @@ -180,7 +180,7 @@ static const struct genapic __initconstrel apic_x2apic_phys = { .send_IPI_self = send_IPI_self_x2apic }; -static const struct genapic __initconstrel apic_x2apic_cluster = { +static const struct genapic __initconst_cf_clobber apic_x2apic_cluster = { APIC_INIT("x2apic_cluster", NULL), .int_delivery_mode = dest_LowestPrio, .int_dest_mode = 1 /* logical delivery */, @@ -198,7 +198,7 @@ static const struct genapic __initconstrel apic_x2apic_cluster = { * IPIs to be more efficiently delivered by not having to perform an ICR write * for each target CPU. */ -static const struct genapic __initconstrel apic_x2apic_mixed = { +static const struct genapic __initconst_cf_clobber apic_x2apic_mixed = { APIC_INIT("x2apic_mixed", NULL), /* diff --git a/xen/arch/x86/include/asm/mach-generic/mach_apic.h b/xen/arch/x86/include/asm/mach-generic/mach_apic.h index b6f6361c60..d9e02f0bc4 100644 --- a/xen/arch/x86/include/asm/mach-generic/mach_apic.h +++ b/xen/arch/x86/include/asm/mach-generic/mach_apic.h @@ -13,7 +13,7 @@ #define INT_DELIVERY_MODE (genapic.int_delivery_mode) #define INT_DEST_MODE (genapic.int_dest_mode) #define TARGET_CPUS ((const typeof(cpu_online_map) *)&cpu_online_map) -#define init_apic_ldr (genapic.init_apic_ldr) +#define init_apic_ldr() alternative_vcall(genapic.init_apic_ldr) #define cpu_mask_to_apicid(mask) ({ \ /* \ * There are a number of places where the address of a local variable \ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:33:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707852.1106199 (Exim 4.92) (envelope-from ) id 1rxHaV-0007h1-GG; Thu, 18 Apr 2024 02:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707852.1106199; Thu, 18 Apr 2024 02:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaV-0007gu-Di; Thu, 18 Apr 2024 02:33:23 +0000 Received: by outflank-mailman (input) for mailman id 707852; Thu, 18 Apr 2024 02:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaU-0007gj-TV for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaU-0003MS-SF for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHaU-0006JE-RJ for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=PbyY2d7FsgAkopbRExEhOCiguNz5pDyL962DND8EiO0=; b=HdTi0Z9YxOewwPeyOotwGgFy53 /EkXgvkJQrP7V4/UYpsFWd/7dpeZltmSyDqdKCl7KEVPYKTf4FCJ9Gk/MUITzKOHF+QR7f5uX30VA sgfFje6zkathSOIijhLUHpducee1xed8U94NsbEkOx3GExUOYAhnYQ0Jmnw3C92in8do=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] cpufreq: finish conversion to altcall Message-Id: Date: Thu, 18 Apr 2024 02:33:22 +0000 commit 653560e02d40c480d08032f3cf1e450db79f5d71 Author: Jan Beulich AuthorDate: Wed Jan 17 10:42:27 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 cpufreq: finish conversion to altcall Even functions used on infrequently executed paths want converting: This way all pre-filled struct cpufreq_driver instances can become __initconst_cf_clobber, thus allowing to eliminate another 15 ENDBR during the 2nd phase of alternatives patching. For acpi-cpufreq's optionally populated .get hook make sure alternatives patching can actually see the pointer. See also the code comment. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit 467ae515caee491e9b6ae1da8b9b98d094955822) --- xen/arch/x86/acpi/cpufreq/cpufreq.c | 17 ++++++++++++++++- xen/arch/x86/acpi/cpufreq/powernow.c | 3 ++- xen/drivers/acpi/pmstat.c | 3 ++- xen/drivers/cpufreq/cpufreq.c | 6 +++--- xen/drivers/cpufreq/utility.c | 6 +++--- 5 files changed, 26 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/acpi/cpufreq/cpufreq.c b/xen/arch/x86/acpi/cpufreq/cpufreq.c index c27cbb2304..5786943cfb 100644 --- a/xen/arch/x86/acpi/cpufreq/cpufreq.c +++ b/xen/arch/x86/acpi/cpufreq/cpufreq.c @@ -622,12 +622,14 @@ static int cf_check acpi_cpufreq_cpu_exit(struct cpufreq_policy *policy) return 0; } -static const struct cpufreq_driver __initconstrel acpi_cpufreq_driver = { +static const struct cpufreq_driver __initconst_cf_clobber +acpi_cpufreq_driver = { .name = "acpi-cpufreq", .verify = acpi_cpufreq_verify, .target = acpi_cpufreq_target, .init = acpi_cpufreq_cpu_init, .exit = acpi_cpufreq_cpu_exit, + .get = get_cur_freq_on_cpu, }; static int __init cf_check cpufreq_driver_init(void) @@ -653,6 +655,19 @@ static int __init cf_check cpufreq_driver_init(void) } presmp_initcall(cpufreq_driver_init); +static int __init cf_check cpufreq_driver_late_init(void) +{ + /* + * While acpi_cpufreq_driver wants to unconditionally have all hooks + * populated for __initconst_cf_clobber to have as much of an effect as + * possible, zap the .get hook here (but not in cpufreq_driver_init()), + * until acpi_cpufreq_cpu_init() knows whether it's wanted / needed. + */ + cpufreq_driver.get = NULL; + return 0; +} +__initcall(cpufreq_driver_late_init); + int cpufreq_cpu_init(unsigned int cpuid) { int ret; diff --git a/xen/arch/x86/acpi/cpufreq/powernow.c b/xen/arch/x86/acpi/cpufreq/powernow.c index d4c7dcd5d9..497bf24470 100644 --- a/xen/arch/x86/acpi/cpufreq/powernow.c +++ b/xen/arch/x86/acpi/cpufreq/powernow.c @@ -317,7 +317,8 @@ static int cf_check powernow_cpufreq_cpu_exit(struct cpufreq_policy *policy) return 0; } -static const struct cpufreq_driver __initconstrel powernow_cpufreq_driver = { +static const struct cpufreq_driver __initconst_cf_clobber +powernow_cpufreq_driver = { .name = "powernow", .verify = powernow_cpufreq_verify, .target = powernow_cpufreq_target, diff --git a/xen/drivers/acpi/pmstat.c b/xen/drivers/acpi/pmstat.c index 1bae635101..0c51c220a7 100644 --- a/xen/drivers/acpi/pmstat.c +++ b/xen/drivers/acpi/pmstat.c @@ -255,7 +255,8 @@ static int get_cpufreq_para(struct xen_sysctl_pm_op *op) return ret; op->u.get_para.cpuinfo_cur_freq = - cpufreq_driver.get ? cpufreq_driver.get(op->cpuid) : policy->cur; + cpufreq_driver.get ? alternative_call(cpufreq_driver.get, op->cpuid) + : policy->cur; op->u.get_para.cpuinfo_max_freq = policy->cpuinfo.max_freq; op->u.get_para.cpuinfo_min_freq = policy->cpuinfo.min_freq; op->u.get_para.scaling_cur_freq = policy->cur; diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c index a94520ee57..daa399bbec 100644 --- a/xen/drivers/cpufreq/cpufreq.c +++ b/xen/drivers/cpufreq/cpufreq.c @@ -240,7 +240,7 @@ int cpufreq_add_cpu(unsigned int cpu) policy->cpu = cpu; per_cpu(cpufreq_cpu_policy, cpu) = policy; - ret = cpufreq_driver.init(policy); + ret = alternative_call(cpufreq_driver.init, policy); if (ret) { free_cpumask_var(policy->cpus); xfree(policy); @@ -299,7 +299,7 @@ err1: cpumask_clear_cpu(cpu, cpufreq_dom->map); if (cpumask_empty(policy->cpus)) { - cpufreq_driver.exit(policy); + alternative_call(cpufreq_driver.exit, policy); free_cpumask_var(policy->cpus); xfree(policy); } @@ -363,7 +363,7 @@ int cpufreq_del_cpu(unsigned int cpu) cpumask_clear_cpu(cpu, cpufreq_dom->map); if (cpumask_empty(policy->cpus)) { - cpufreq_driver.exit(policy); + alternative_call(cpufreq_driver.exit, policy); free_cpumask_var(policy->cpus); xfree(policy); } diff --git a/xen/drivers/cpufreq/utility.c b/xen/drivers/cpufreq/utility.c index 9eb7ecedcd..ec7072078c 100644 --- a/xen/drivers/cpufreq/utility.c +++ b/xen/drivers/cpufreq/utility.c @@ -412,7 +412,7 @@ int cpufreq_update_turbo(int cpuid, int new_state) policy->turbo = new_state; if (cpufreq_driver.update) { - ret = cpufreq_driver.update(cpuid, policy); + ret = alternative_call(cpufreq_driver.update, cpuid, policy); if (ret) policy->turbo = curr_state; } @@ -448,7 +448,7 @@ int __cpufreq_set_policy(struct cpufreq_policy *data, return -EINVAL; /* verify the cpu speed can be set within this limit */ - ret = cpufreq_driver.verify(policy); + ret = alternative_call(cpufreq_driver.verify, policy); if (ret) return ret; @@ -456,7 +456,7 @@ int __cpufreq_set_policy(struct cpufreq_policy *data, data->max = policy->max; data->limits = policy->limits; if (cpufreq_driver.setpolicy) - return cpufreq_driver.setpolicy(data); + return alternative_call(cpufreq_driver.setpolicy, data); if (policy->governor != data->governor) { /* save old, working values */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:33:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:33:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707853.1106203 (Exim 4.92) (envelope-from ) id 1rxHag-0007ko-JZ; Thu, 18 Apr 2024 02:33:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707853.1106203; Thu, 18 Apr 2024 02:33:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHag-0007kg-Gd; Thu, 18 Apr 2024 02:33:34 +0000 Received: by outflank-mailman (input) for mailman id 707853; Thu, 18 Apr 2024 02:33:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaf-0007kK-0q for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHae-0003Mc-Vu for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHae-0006Jn-Ub for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kPtQZIzrnB841mJC5AFuLjPwyJTYsWLn4eHloJGtz0I=; b=Z6HaJKPcGgljjD/OMp1mkDK4O+ Ew3gbDw9Jhz4+uSLWGjktCik9JXKVwY7XAmzuJ6i6HAOrIb1c9K6yfdE3ros8ikLnfDcEENpFIwCh uap3/O8n8QQOeNzseZl1ErZ/i3rrYPAHQ7nRQFOl+TKf6o1jppRuFZbIbGYoAzQz+Ry0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/HPET: avoid an indirect call Message-Id: Date: Thu, 18 Apr 2024 02:33:32 +0000 commit 06c81ea90c18c71725f51dfff79d4c4396b53d6c Author: Jan Beulich AuthorDate: Wed Jan 17 10:43:02 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 x86/HPET: avoid an indirect call When this code was written, indirect branches still weren't considered much of a problem (besides being a little slower). Instead of a function pointer, pass a boolean to _disable_pit_irq(), thus allowing to eliminate two ENDBR (one of them in .text). Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 730d2637a8e5b98dc8e4e366179b4cedc496b3ad) --- xen/arch/x86/hpet.c | 4 ++-- xen/arch/x86/include/asm/hpet.h | 4 ++-- xen/arch/x86/time.c | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index bc164dd82c..50d788cb6e 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -563,7 +563,7 @@ static void cf_check handle_rtc_once(uint8_t index, uint8_t value) } } -void __init cf_check hpet_broadcast_init(void) +void __init hpet_broadcast_init(void) { u64 hpet_rate = hpet_setup(); u32 hpet_id, cfg; @@ -634,7 +634,7 @@ void __init cf_check hpet_broadcast_init(void) hpet_events->flags = HPET_EVT_LEGACY; } -void cf_check hpet_broadcast_resume(void) +void hpet_broadcast_resume(void) { u32 cfg; unsigned int i, n; diff --git a/xen/arch/x86/include/asm/hpet.h b/xen/arch/x86/include/asm/hpet.h index 9919f74730..f343fe4740 100644 --- a/xen/arch/x86/include/asm/hpet.h +++ b/xen/arch/x86/include/asm/hpet.h @@ -89,8 +89,8 @@ void hpet_disable_legacy_replacement_mode(void); * Temporarily use an HPET event counter for timer interrupt handling, * rather than using the LAPIC timer. Used for Cx state entry. */ -void cf_check hpet_broadcast_init(void); -void cf_check hpet_broadcast_resume(void); +void hpet_broadcast_init(void); +void hpet_broadcast_resume(void); void cf_check hpet_broadcast_enter(void); void cf_check hpet_broadcast_exit(void); int hpet_broadcast_is_available(void); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index b664ae4c83..4d1766284f 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -2288,7 +2288,7 @@ void __init early_time_init(void) } /* keep pit enabled for pit_broadcast working while cpuidle enabled */ -static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) +static int _disable_pit_irq(bool init) { int ret = 1; @@ -2303,13 +2303,13 @@ static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) */ if ( cpuidle_using_deep_cstate() && !boot_cpu_has(X86_FEATURE_ARAT) ) { - hpet_broadcast_setup(); + init ? hpet_broadcast_init() : hpet_broadcast_resume(); if ( !hpet_broadcast_is_available() ) { if ( xen_cpuidle > 0 ) { - printk("%ps() failed, turning to PIT broadcast\n", - hpet_broadcast_setup); + printk("hpet_broadcast_%s() failed, turning to PIT broadcast\n", + init ? "init" : "resume"); return -1; } ret = 0; @@ -2326,7 +2326,7 @@ static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) static int __init cf_check disable_pit_irq(void) { - if ( !_disable_pit_irq(hpet_broadcast_init) ) + if ( !_disable_pit_irq(true) ) { xen_cpuidle = 0; printk("CPUIDLE: disabled due to no HPET. " @@ -2387,7 +2387,7 @@ int time_resume(void) resume_platform_timer(); - if ( !_disable_pit_irq(hpet_broadcast_resume) ) + if ( !_disable_pit_irq(false) ) BUG(); init_percpu_time(); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:33:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:33:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707854.1106206 (Exim 4.92) (envelope-from ) id 1rxHaq-0007wd-KW; Thu, 18 Apr 2024 02:33:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707854.1106206; Thu, 18 Apr 2024 02:33:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaq-0007wW-I4; Thu, 18 Apr 2024 02:33:44 +0000 Received: by outflank-mailman (input) for mailman id 707854; Thu, 18 Apr 2024 02:33:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHap-0007ui-4O for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHap-0003Mj-3Z for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHap-0006KH-1m for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R4U0cGPaA0dRLsiw577/1GuXmVhTQoPS4BJtFJiaGzQ=; b=k5sI/y/g+Fq+BXrne4wdb+2Ww/ 0UrTy4NkP/BtuICpcd5dhyWHOyAfHO3HGr+8Cm55Ej+qrRPg/imI9UqqhYSF06ViPtdbg36usVuzH XeivLSwgRcfj7qh0QCrm0GSC4aYn5n/N4fveOuvEQxkzglBykhTHSNYY8+nR7cAE+3Vs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] core-parking: use alternative_call() Message-Id: Date: Thu, 18 Apr 2024 02:33:43 +0000 commit f4efbcf156fb408dcedf1fc88d3be595ec722ad0 Author: Jan Beulich AuthorDate: Mon Jan 22 13:38:24 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 core-parking: use alternative_call() This way we can arrange for core_parking_{performance,power}()'s ENDBR to also be zapped. For the decision to be taken before the 2nd alternative patching pass, the initcall needs to become a pre-SMP one, though. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 1bc07ebcac3b1bb2a378732bc0f9a19940e76faf) --- xen/common/core_parking.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index c4f01291c0..a970ffeab8 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -30,10 +30,11 @@ static DEFINE_SPINLOCK(accounting_lock); static uint32_t cur_idle_nums; static unsigned int core_parking_cpunum[NR_CPUS] = {[0 ... NR_CPUS-1] = -1}; -static const struct cp_policy { +struct cp_policy { char name[30]; unsigned int (*next)(unsigned int event); -} *__read_mostly core_parking_policy; +}; +static struct cp_policy __ro_after_init core_parking_policy; static enum core_parking_controller { POWER_FIRST, @@ -175,12 +176,13 @@ long cf_check core_parking_helper(void *data) unsigned int cpu; int ret = 0; - if ( !core_parking_policy ) + if ( !core_parking_policy.next ) return -EINVAL; while ( cur_idle_nums < idle_nums ) { - cpu = core_parking_policy->next(CORE_PARKING_INCREMENT); + cpu = alternative_call(core_parking_policy.next, + CORE_PARKING_INCREMENT); ret = cpu_down(cpu); if ( ret ) return ret; @@ -193,7 +195,8 @@ long cf_check core_parking_helper(void *data) while ( cur_idle_nums > idle_nums ) { - cpu = core_parking_policy->next(CORE_PARKING_DECREMENT); + cpu = alternative_call(core_parking_policy.next, + CORE_PARKING_DECREMENT); ret = cpu_up(cpu); if ( ret ) return ret; @@ -239,12 +242,12 @@ uint32_t get_cur_idle_nums(void) return cur_idle_nums; } -static const struct cp_policy power_first = { +static const struct cp_policy __initconst_cf_clobber power_first = { .name = "power", .next = core_parking_power, }; -static const struct cp_policy performance_first = { +static const struct cp_policy __initconst_cf_clobber performance_first = { .name = "performance", .next = core_parking_performance, }; @@ -254,7 +257,7 @@ static int __init register_core_parking_policy(const struct cp_policy *policy) if ( !policy || !policy->next ) return -EINVAL; - core_parking_policy = policy; + core_parking_policy = *policy; return 0; } @@ -269,4 +272,4 @@ static int __init cf_check core_parking_init(void) return ret; } -__initcall(core_parking_init); +presmp_initcall(core_parking_init); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:33:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:33:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707856.1106210 (Exim 4.92) (envelope-from ) id 1rxHb0-00084Q-M1; Thu, 18 Apr 2024 02:33:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707856.1106210; Thu, 18 Apr 2024 02:33:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHb0-00084J-JY; Thu, 18 Apr 2024 02:33:54 +0000 Received: by outflank-mailman (input) for mailman id 707856; Thu, 18 Apr 2024 02:33:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaz-00082a-80 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHaz-0003Mt-6h for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHaz-0006Kk-5n for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:33:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QpVpthQMpEyXQFktR+UnxbEHnV5CHbSP9Go9Q9cgOro=; b=W+gJODzdbTbFYzgssuPtk7G5RP ny0AkwYwILzkadhHJN7WWTIklJSSi8nbvUQLymq+cm6DuVwkPvTyGg41nYIKnL97nyJ214njgl6J9 KOJyPm38yO3qh0dAiJoGY2q40B+pDaxdv3+BUAGSKQRjQSYDVMGwEeJw572NvhvSR62Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/MTRR: avoid several indirect calls Message-Id: Date: Thu, 18 Apr 2024 02:33:53 +0000 commit aed8192f578fb02111f57eca0868c2262ada1341 Author: Jan Beulich AuthorDate: Mon Jan 22 13:39:23 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 x86/MTRR: avoid several indirect calls The use of (supposedly) vendor-specific hooks is a relic from the days when Xen was still possible to build as 32-bit binary. There's no expectation that a new need for such an abstraction would arise. Convert mttr_if to a mere boolean and all prior calls through it to direct ones, thus allowing to eliminate 6 ENDBR from .text. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit e9e0eb30d4d6565b411499ca826718b4b9acab68) --- xen/arch/x86/cpu/mtrr/generic.c | 26 +++++---------- xen/arch/x86/cpu/mtrr/main.c | 66 ++++++++++++++------------------------- xen/arch/x86/cpu/mtrr/mtrr.h | 37 ++++++---------------- xen/arch/x86/platform_hypercall.c | 2 +- 4 files changed, 40 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generic.c index 47aaf76226..837d3250f1 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -287,7 +287,7 @@ static void set_fixed_range(int msr, bool *changed, unsigned int *msrwords) } } -int cf_check generic_get_free_region( +int mtrr_get_free_region( unsigned long base, unsigned long size, int replace_reg) /* [SUMMARY] Get a free MTRR. The starting (base) address of the region. @@ -303,14 +303,14 @@ int cf_check generic_get_free_region( if (replace_reg >= 0 && replace_reg < max) return replace_reg; for (i = 0; i < max; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (lsize == 0) return i; } return -ENOSPC; } -static void cf_check generic_get_mtrr( +void mtrr_get( unsigned int reg, unsigned long *base, unsigned long *size, mtrr_type *type) { uint64_t _mask, _base; @@ -500,7 +500,7 @@ static void post_set(bool pge) spin_unlock(&set_atomicity_lock); } -static void cf_check generic_set_all(void) +void mtrr_set_all(void) { unsigned long mask, count; unsigned long flags; @@ -523,7 +523,7 @@ static void cf_check generic_set_all(void) } } -static void cf_check generic_set_mtrr( +void mtrr_set( unsigned int reg, unsigned long base, unsigned long size, mtrr_type type) /* [SUMMARY] Set variable MTRR register on the local CPU. The register to set. @@ -567,7 +567,7 @@ static void cf_check generic_set_mtrr( local_irq_restore(flags); } -int cf_check generic_validate_add_page( +int mtrr_validate_add_page( unsigned long base, unsigned long size, unsigned int type) { unsigned long lbase, last; @@ -586,21 +586,9 @@ int cf_check generic_validate_add_page( } -static int cf_check generic_have_wrcomb(void) +bool mtrr_have_wrcomb(void) { unsigned long config; rdmsrl(MSR_MTRRcap, config); return (config & (1ULL << 10)); } - -/* generic structure... - */ -const struct mtrr_ops generic_mtrr_ops = { - .use_intel_if = true, - .set_all = generic_set_all, - .get = generic_get_mtrr, - .get_free_region = generic_get_free_region, - .set = generic_set_mtrr, - .validate_add_page = generic_validate_add_page, - .have_wrcomb = generic_have_wrcomb, -}; diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index 4e01c8d6f9..dee59ea168 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -57,7 +57,7 @@ static DEFINE_MUTEX(mtrr_mutex); u64 __read_mostly size_or_mask; u64 __read_mostly size_and_mask; -const struct mtrr_ops *__read_mostly mtrr_if = NULL; +static bool __ro_after_init mtrr_if; static void set_mtrr(unsigned int reg, unsigned long base, unsigned long size, mtrr_type type); @@ -78,23 +78,12 @@ static const char *mtrr_attrib_to_str(int x) return (x <= 6) ? mtrr_strings[x] : "?"; } -/* Returns non-zero if we have the write-combining memory type */ -static int have_wrcomb(void) -{ - return (mtrr_if->have_wrcomb ? mtrr_if->have_wrcomb() : 0); -} - /* This function returns the number of variable MTRRs */ static void __init set_num_var_ranges(void) { - unsigned long config = 0; - - if (use_intel()) { - rdmsrl(MSR_MTRRcap, config); - } else if (is_cpu(AMD)) - config = 2; - else if (is_cpu(CENTAUR)) - config = 8; + unsigned long config; + + rdmsrl(MSR_MTRRcap, config); num_var_ranges = MASK_EXTR(config, MTRRcap_VCNT); } @@ -149,10 +138,10 @@ static void cf_check ipi_handler(void *info) if (data->smp_reg == ~0U) /* update all mtrr registers */ /* At the cpu hot-add time this will reinitialize mtrr * registres on the existing cpus. It is ok. */ - mtrr_if->set_all(); + mtrr_set_all(); else /* single mtrr register update */ - mtrr_if->set(data->smp_reg, data->smp_base, - data->smp_size, data->smp_type); + mtrr_set(data->smp_reg, data->smp_base, + data->smp_size, data->smp_type); atomic_dec(&data->count); while(atomic_read(&data->gate)) @@ -198,10 +187,9 @@ static inline int types_compatible(mtrr_type type1, mtrr_type type2) { * of CPUs. As each CPU disables interrupts, it'll decrement it once. We wait * until it hits 0 and proceed. We set the data.gate flag and reset data.count. * Meanwhile, they are waiting for that flag to be set. Once it's set, each - * CPU goes through the transition of updating MTRRs. The CPU vendors may each do it - * differently, so we call mtrr_if->set() callback and let them take care of it. - * When they're done, they again decrement data->count and wait for data.gate to - * be reset. + * CPU goes through the transition of updating MTRRs. + * When mtrr_set() is done, they again decrement data->count and wait for + * data.gate to be reset. * When we finish, we wait for data.count to hit 0 and toggle the data.gate flag. * Everyone then enables interrupts and we all continue on. * @@ -251,9 +239,9 @@ static void set_mtrr(unsigned int reg, unsigned long base, if (reg == ~0U) /* update all mtrr registers */ /* at boot or resume time, this will reinitialize the mtrrs on * the bp. It is ok. */ - mtrr_if->set_all(); + mtrr_set_all(); else /* update the single mtrr register */ - mtrr_if->set(reg,base,size,type); + mtrr_set(reg, base, size, type); /* wait for the others */ while (atomic_read(&data.count)) @@ -319,7 +307,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, if (!mtrr_if) return -ENXIO; - if ((error = mtrr_if->validate_add_page(base,size,type))) + if ((error = mtrr_validate_add_page(base, size, type))) return error; if (type >= MTRR_NUM_TYPES) { @@ -328,7 +316,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, } /* If the type is WC, check that this processor supports it */ - if ((type == MTRR_TYPE_WRCOMB) && !have_wrcomb()) { + if ((type == MTRR_TYPE_WRCOMB) && mtrr_have_wrcomb()) { printk(KERN_WARNING "mtrr: your processor doesn't support write-combining\n"); return -EOPNOTSUPP; @@ -350,7 +338,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, /* Search for existing MTRR */ mutex_lock(&mtrr_mutex); for (i = 0; i < num_var_ranges; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (!lsize || base > lbase + lsize - 1 || base + size - 1 < lbase) continue; /* At this point we know there is some kind of overlap/enclosure */ @@ -385,7 +373,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, goto out; } /* Search for an empty MTRR */ - i = mtrr_if->get_free_region(base, size, replace); + i = mtrr_get_free_region(base, size, replace); if (i >= 0) { set_mtrr(i, base, size, type); if (likely(replace < 0)) @@ -494,7 +482,7 @@ int mtrr_del_page(int reg, unsigned long base, unsigned long size) if (reg < 0) { /* Search for existing MTRR */ for (i = 0; i < max; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (lbase == base && lsize == size) { reg = i; break; @@ -510,7 +498,7 @@ int mtrr_del_page(int reg, unsigned long base, unsigned long size) printk(KERN_WARNING "mtrr: register: %d too big\n", reg); goto out; } - mtrr_if->get(reg, &lbase, &lsize, <ype); + mtrr_get(reg, &lbase, &lsize, <ype); if (lsize < 1) { printk(KERN_WARNING "mtrr: MTRR %d not used\n", reg); goto out; @@ -568,7 +556,7 @@ struct mtrr_value { void __init mtrr_bp_init(void) { if (cpu_has_mtrr) { - mtrr_if = &generic_mtrr_ops; + mtrr_if = true; size_or_mask = ~((1ULL << (paddr_bits - PAGE_SHIFT)) - 1); size_and_mask = ~size_or_mask & 0xfffff00000ULL; } @@ -576,14 +564,13 @@ void __init mtrr_bp_init(void) if (mtrr_if) { set_num_var_ranges(); init_table(); - if (use_intel()) - get_mtrr_state(); + get_mtrr_state(); } } void mtrr_ap_init(void) { - if (!mtrr_if || !use_intel() || hold_mtrr_updates_on_aps) + if (!mtrr_if || hold_mtrr_updates_on_aps) return; /* * Ideally we should hold mtrr_mutex here to avoid mtrr entries changed, @@ -612,32 +599,25 @@ void mtrr_save_state(void) void mtrr_aps_sync_begin(void) { - if (!use_intel()) - return; hold_mtrr_updates_on_aps = 1; } void mtrr_aps_sync_end(void) { - if (!use_intel()) - return; set_mtrr(~0U, 0, 0, 0); hold_mtrr_updates_on_aps = 0; } void mtrr_bp_restore(void) { - if (!use_intel()) - return; - mtrr_if->set_all(); + mtrr_set_all(); } static int __init cf_check mtrr_init_finialize(void) { if (!mtrr_if) return 0; - if (use_intel()) - mtrr_state_warn(); + mtrr_state_warn(); return 0; } __initcall(mtrr_init_finialize); diff --git a/xen/arch/x86/cpu/mtrr/mtrr.h b/xen/arch/x86/cpu/mtrr/mtrr.h index c7fd44daab..a9741e0cb0 100644 --- a/xen/arch/x86/cpu/mtrr/mtrr.h +++ b/xen/arch/x86/cpu/mtrr/mtrr.h @@ -6,40 +6,21 @@ #define MTRR_CHANGE_MASK_VARIABLE 0x02 #define MTRR_CHANGE_MASK_DEFTYPE 0x04 - -struct mtrr_ops { - u32 vendor; - bool use_intel_if; -// void (*init)(void); - void (*set)(unsigned int reg, unsigned long base, - unsigned long size, mtrr_type type); - void (*set_all)(void); - - void (*get)(unsigned int reg, unsigned long *base, - unsigned long *size, mtrr_type * type); - int (*get_free_region)(unsigned long base, unsigned long size, - int replace_reg); - int (*validate_add_page)(unsigned long base, unsigned long size, - unsigned int type); - int (*have_wrcomb)(void); -}; - -int cf_check generic_get_free_region( +void mtrr_get( + unsigned int reg, unsigned long *base, unsigned long *size, + mtrr_type *type); +void mtrr_set( + unsigned int reg, unsigned long base, unsigned long size, mtrr_type type); +void mtrr_set_all(void); +int mtrr_get_free_region( unsigned long base, unsigned long size, int replace_reg); -int cf_check generic_validate_add_page( +int mtrr_validate_add_page( unsigned long base, unsigned long size, unsigned int type); - -extern const struct mtrr_ops generic_mtrr_ops; +bool mtrr_have_wrcomb(void); void get_mtrr_state(void); -extern void set_mtrr_ops(const struct mtrr_ops *); - extern u64 size_or_mask, size_and_mask; -extern const struct mtrr_ops *mtrr_if; - -#define is_cpu(vnd) (mtrr_if && mtrr_if->vendor == X86_VENDOR_##vnd) -#define use_intel() (mtrr_if && mtrr_if->use_intel_if) extern unsigned int num_var_ranges; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index e7deee2268..27a799161a 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -299,7 +299,7 @@ ret_t do_platform_op( ret = -EINVAL; if ( op->u.read_memtype.reg < num_var_ranges ) { - mtrr_if->get(op->u.read_memtype.reg, &mfn, &nr_mfns, &type); + mtrr_get(op->u.read_memtype.reg, &mfn, &nr_mfns, &type); op->u.read_memtype.mfn = mfn; op->u.read_memtype.nr_mfns = nr_mfns; op->u.read_memtype.type = type; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:34:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:34:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707857.1106215 (Exim 4.92) (envelope-from ) id 1rxHbA-0008AG-O8; Thu, 18 Apr 2024 02:34:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707857.1106215; Thu, 18 Apr 2024 02:34:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbA-0008A8-L9; Thu, 18 Apr 2024 02:34:04 +0000 Received: by outflank-mailman (input) for mailman id 707857; Thu, 18 Apr 2024 02:34:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHb9-00089h-Aa for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHb9-0003NT-9i for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHb9-0006Lq-8z for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9SVFzSMf5FBCxt6XgVooB5TDY55wSON3EQ4aNBlOJK0=; b=Reu90xEx2trz4IUnHRL7JH55At TJdQhP2gvvpSI1mbBkOU2Lly2xDzrkKniyFjH5IvlODjJuanQl1ydmgzkO4/6o3jPKdj7l7EDdFJc GDCQZFTTjpK9H4b7xTqyiVPVsPMfDhkGfpV58wWFcr1i5U9T7QOiTMmBwgGyP4qCQ9xg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/PV: avoid indirect call for I/O emulation quirk hook Message-Id: Date: Thu, 18 Apr 2024 02:34:03 +0000 commit 796959c8bd04672cb93ccbb1bc2f79e35209e30b Author: Jan Beulich AuthorDate: Mon Jan 22 13:40:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:18 2024 +0100 x86/PV: avoid indirect call for I/O emulation quirk hook This way ioemul_handle_proliant_quirk() won't need ENDBR anymore. While touching this code, also - arrange for it to not be built at all when !PV, - add "const" to the last function parameter and bring the definition in sync with the declaration (for Misra). Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 1212af3e8c4d3a1350046d4fe0ca3b97b51e67de) --- xen/arch/x86/Makefile | 2 +- xen/arch/x86/include/asm/io.h | 10 +++++++--- xen/arch/x86/ioport_emulate.c | 9 ++++----- xen/arch/x86/pv/emul-priv-op.c | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index f213a6b56a..cb9d952659 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -43,7 +43,7 @@ obj-$(CONFIG_LIVEPATCH) += alternative.o livepatch.o obj-y += msi.o obj-y += msr.o obj-$(CONFIG_INDIRECT_THUNK) += indirect-thunk.o -obj-y += ioport_emulate.o +obj-$(CONFIG_PV) += ioport_emulate.o obj-y += irq.o obj-$(CONFIG_KEXEC) += machine_kexec.o obj-y += mm.o x86_64/mm.o diff --git a/xen/arch/x86/include/asm/io.h b/xen/arch/x86/include/asm/io.h index 92b784a861..9b19d2d389 100644 --- a/xen/arch/x86/include/asm/io.h +++ b/xen/arch/x86/include/asm/io.h @@ -47,10 +47,14 @@ __OUT(b,"b",char) __OUT(w,"w",short) __OUT(l,,int) -/* Function pointer used to handle platform specific I/O port emulation. */ +/* + * Boolean indicator and function used to handle platform specific I/O port + * emulation. + */ #define IOEMUL_QUIRK_STUB_BYTES 9 +extern bool ioemul_handle_quirk; struct cpu_user_regs; -extern unsigned int (*ioemul_handle_quirk)( - u8 opcode, char *io_emul_stub, struct cpu_user_regs *regs); +unsigned int ioemul_handle_proliant_quirk( + uint8_t opcode, char *io_emul_stub, const struct cpu_user_regs *regs); #endif diff --git a/xen/arch/x86/ioport_emulate.c b/xen/arch/x86/ioport_emulate.c index 6caeb3d470..0c1e389bc8 100644 --- a/xen/arch/x86/ioport_emulate.c +++ b/xen/arch/x86/ioport_emulate.c @@ -8,11 +8,10 @@ #include #include -unsigned int (*__read_mostly ioemul_handle_quirk)( - uint8_t opcode, char *io_emul_stub, struct cpu_user_regs *regs); +bool __ro_after_init ioemul_handle_quirk; -static unsigned int cf_check ioemul_handle_proliant_quirk( - u8 opcode, char *io_emul_stub, struct cpu_user_regs *regs) +unsigned int ioemul_handle_proliant_quirk( + uint8_t opcode, char *io_emul_stub, const struct cpu_user_regs *regs) { static const char stub[] = { 0x9c, /* pushf */ @@ -103,7 +102,7 @@ static const struct dmi_system_id __initconstrel ioport_quirks_tbl[] = { static int __init cf_check ioport_quirks_init(void) { if ( dmi_check_system(ioport_quirks_tbl) ) - ioemul_handle_quirk = ioemul_handle_proliant_quirk; + ioemul_handle_quirk = true; return 0; } diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 2c94beb10e..e429dfa4f0 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -124,7 +124,7 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, /* Some platforms might need to quirk the stub for specific inputs. */ if ( unlikely(ioemul_handle_quirk) ) { - quirk_bytes = ioemul_handle_quirk(opcode, p, ctxt->ctxt.regs); + quirk_bytes = ioemul_handle_proliant_quirk(opcode, p, ctxt->ctxt.regs); p += quirk_bytes; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:34:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:34:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707858.1106218 (Exim 4.92) (envelope-from ) id 1rxHbK-0008HC-Qb; Thu, 18 Apr 2024 02:34:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707858.1106218; Thu, 18 Apr 2024 02:34:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbK-0008H5-O3; Thu, 18 Apr 2024 02:34:14 +0000 Received: by outflank-mailman (input) for mailman id 707858; Thu, 18 Apr 2024 02:34:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbJ-0008Gv-DP for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbJ-0003Nc-Ce for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHbJ-0006Mr-Bz for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9U8J73BlXabh6eQn9L1C6PxEXOFTd3YDECuyixg8mIg=; b=Pf/E4speIfj4es87F6XoS3Y6zq kSWlqzHKZ6htfOfyDGl6wZRbM9XyOXdtHvNwDJ9Da/d2gRJ4blBr9Cp4JIea/77luiRlChaEBdOW0 1Eoc2rDQvzxtmbLGJHA/im9yxLMQhQoLx3PbL1azZvD9dmsExdpjrxsIxhyOQTA4/tBQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/MCE: separate BSP-only initialization Message-Id: Date: Thu, 18 Apr 2024 02:34:13 +0000 commit 2268aacc4324f6010058c2e3bbb214a280dc8078 Author: Jan Beulich AuthorDate: Mon Jan 22 13:40:32 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/MCE: separate BSP-only initialization Several function pointers are registered over and over again, when setting them once on the BSP suffices. Arrange for this in the vendor init functions and mark involved registration functions __init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 9f58616ddb1cc1870399de2202fafc7bf0d61694) --- xen/arch/x86/cpu/mcheck/mcaction.c | 2 +- xen/arch/x86/cpu/mcheck/mce.c | 15 ++++++--------- xen/arch/x86/cpu/mcheck/mce.h | 2 +- xen/arch/x86/cpu/mcheck/mce_amd.c | 20 +++++++++++++------- xen/arch/x86/cpu/mcheck/mce_intel.c | 10 +++++++--- 5 files changed, 28 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mcaction.c b/xen/arch/x86/cpu/mcheck/mcaction.c index f4f265c1bc..695fb61d7d 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.c +++ b/xen/arch/x86/cpu/mcheck/mcaction.c @@ -29,7 +29,7 @@ mci_action_add_pageoffline(int bank, struct mc_info *mi, mce_check_addr_t mc_check_addr = NULL; -void mce_register_addrcheck(mce_check_addr_t cbfunc) +void __init mce_register_addrcheck(mce_check_addr_t cbfunc) { mc_check_addr = cbfunc; } diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index f68e31b643..0b164e2027 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -84,7 +84,7 @@ static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs) static x86_mce_vector_t _machine_check_vector = unexpected_machine_check; -void x86_mce_vector_register(x86_mce_vector_t hdlr) +void __init x86_mce_vector_register(x86_mce_vector_t hdlr) { _machine_check_vector = hdlr; } @@ -107,7 +107,7 @@ void do_machine_check(const struct cpu_user_regs *regs) */ static x86_mce_callback_t mc_callback_bank_extended = NULL; -void x86_mce_callback_register(x86_mce_callback_t cbfunc) +void __init x86_mce_callback_register(x86_mce_callback_t cbfunc) { mc_callback_bank_extended = cbfunc; } @@ -118,7 +118,7 @@ void x86_mce_callback_register(x86_mce_callback_t cbfunc) */ static mce_recoverable_t mc_recoverable_scan = NULL; -void mce_recoverable_register(mce_recoverable_t cbfunc) +void __init mce_recoverable_register(mce_recoverable_t cbfunc) { mc_recoverable_scan = cbfunc; } @@ -182,7 +182,7 @@ static void mcabank_clear(int banknum) */ static mce_need_clearbank_t mc_need_clearbank_scan = NULL; -void mce_need_clearbank_register(mce_need_clearbank_t cbfunc) +void __init mce_need_clearbank_register(mce_need_clearbank_t cbfunc) { mc_need_clearbank_scan = cbfunc; } @@ -799,7 +799,7 @@ void mcheck_init(struct cpuinfo_x86 *c, bool bsp) { case X86_VENDOR_AMD: case X86_VENDOR_HYGON: - inited = amd_mcheck_init(c); + inited = amd_mcheck_init(c, bsp); break; case X86_VENDOR_INTEL: @@ -1913,11 +1913,8 @@ static void cf_check mce_softirq(void) * will help to collect and log those MCE errors. * Round2: Do all MCE processing logic as normal. */ -void mce_handler_init(void) +void __init mce_handler_init(void) { - if ( smp_processor_id() != 0 ) - return; - /* callback register, do we really need so many callback? */ /* mce handler data initialization */ spin_lock_init(&mce_logout_lock); diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index bea08bdc74..10ed059f7c 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -44,7 +44,7 @@ extern uint8_t cmci_apic_vector; extern bool lmce_support; /* Init functions */ -enum mcheck_type amd_mcheck_init(struct cpuinfo_x86 *c); +enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp); enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp); void amd_nonfatal_mcheck_init(struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c b/xen/arch/x86/cpu/mcheck/mce_amd.c index d7ae8919df..cf80e1a275 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.c +++ b/xen/arch/x86/cpu/mcheck/mce_amd.c @@ -284,7 +284,7 @@ int vmce_amd_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) } enum mcheck_type -amd_mcheck_init(struct cpuinfo_x86 *ci) +amd_mcheck_init(const struct cpuinfo_x86 *ci, bool bsp) { uint32_t i; enum mcequirk_amd_flags quirkflag = 0; @@ -294,9 +294,12 @@ amd_mcheck_init(struct cpuinfo_x86 *ci) /* Assume that machine check support is available. * The minimum provided support is at least the K8. */ - mce_handler_init(); - x86_mce_vector_register(mcheck_cmn_handler); - mce_need_clearbank_register(amd_need_clearbank_scan); + if ( bsp ) + { + mce_handler_init(); + x86_mce_vector_register(mcheck_cmn_handler); + mce_need_clearbank_register(amd_need_clearbank_scan); + } for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -336,9 +339,12 @@ amd_mcheck_init(struct cpuinfo_x86 *ci) ppin_msr = MSR_AMD_PPIN; } - x86_mce_callback_register(amd_f10_handler); - mce_recoverable_register(mc_amd_recoverable_scan); - mce_register_addrcheck(mc_amd_addrcheck); + if ( bsp ) + { + x86_mce_callback_register(amd_f10_handler); + mce_recoverable_register(mc_amd_recoverable_scan); + mce_register_addrcheck(mc_amd_addrcheck); + } return ci->x86_vendor == X86_VENDOR_HYGON ? mcheck_hygon : mcheck_amd_famXX; diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index ce7678f242..837a8c6d0c 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -814,7 +814,7 @@ static void intel_mce_post_reset(void) return; } -static void intel_init_mce(void) +static void intel_init_mce(bool bsp) { uint64_t msr_content; int i; @@ -840,6 +840,9 @@ static void intel_init_mce(void) if ( firstbank ) /* if cmci enabled, firstbank = 0 */ wrmsrl(MSR_IA32_MC0_STATUS, 0x0ULL); + if ( !bsp ) + return; + x86_mce_vector_register(mcheck_cmn_handler); mce_recoverable_register(intel_recoverable_scan); mce_need_clearbank_register(intel_need_clearbank_scan); @@ -979,9 +982,10 @@ enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp) intel_init_mca(c); - mce_handler_init(); + if ( bsp ) + mce_handler_init(); - intel_init_mce(); + intel_init_mce(bsp); intel_init_cmci(c); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:34:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:34:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707859.1106222 (Exim 4.92) (envelope-from ) id 1rxHbU-0008O1-SC; Thu, 18 Apr 2024 02:34:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707859.1106222; Thu, 18 Apr 2024 02:34:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbU-0008Nu-Ph; Thu, 18 Apr 2024 02:34:24 +0000 Received: by outflank-mailman (input) for mailman id 707859; Thu, 18 Apr 2024 02:34:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbT-0008No-Gb for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbT-0003Nj-Fk for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHbT-0006Nk-Ey for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TYWn/LlLbncDhTkiRfAngUlAY2Mt/96EcHxvpLMTKYE=; b=1fDq/TjfdRTERBme3jueEdLl+y j2Vaazd34SAPG9VlpdInYj4eWA/aVGXobmvS2nXprYiRdWeKTkMAQXdWUrde4wJm37dBsjx9ukkUT 3X/hYuf88vAL/0Q/ISnrbqGm4X1nZLWETGfkMibGQXa7ReHT4rsIbZbwRNesAICtSnhU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/MCE: switch some callback invocations to altcall Message-Id: Date: Thu, 18 Apr 2024 02:34:23 +0000 commit 90275d1cbfa3cbb2380028753349bcb6bc6f0717 Author: Jan Beulich AuthorDate: Mon Jan 22 13:41:07 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/MCE: switch some callback invocations to altcall While not performance critical, these hook invocations still would better be converted: This way all pre-filled (and newly introduced) struct mce_callback instances can become __initconst_cf_clobber, thus allowing to eliminate another 9 ENDBR during the 2nd phase of alternatives patching. While this means registering callbacks a little earlier, doing so is perhaps even advantageous, for having pointers be non-NULL earlier on. Only one set of callbacks would only ever be registered anyway, and neither of the respective initialization function can (subsequently) fail. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 85ba4d050f9f3c4286164f21660ae88435b7e83c) --- xen/arch/x86/cpu/mcheck/mcaction.c | 10 ++---- xen/arch/x86/cpu/mcheck/mcaction.h | 5 --- xen/arch/x86/cpu/mcheck/mce.c | 71 ++++++++++-------------------------- xen/arch/x86/cpu/mcheck/mce.h | 72 +++++++++++++++++++------------------ xen/arch/x86/cpu/mcheck/mce_amd.c | 26 +++++++------- xen/arch/x86/cpu/mcheck/mce_intel.c | 14 ++++---- 6 files changed, 80 insertions(+), 118 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mcaction.c b/xen/arch/x86/cpu/mcheck/mcaction.c index 695fb61d7d..bf7a0de965 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.c +++ b/xen/arch/x86/cpu/mcheck/mcaction.c @@ -27,13 +27,6 @@ mci_action_add_pageoffline(int bank, struct mc_info *mi, return rec; } -mce_check_addr_t mc_check_addr = NULL; - -void __init mce_register_addrcheck(mce_check_addr_t cbfunc) -{ - mc_check_addr = cbfunc; -} - void mc_memerr_dhandler(struct mca_binfo *binfo, enum mce_result *result, @@ -48,7 +41,8 @@ mc_memerr_dhandler(struct mca_binfo *binfo, int vmce_vcpuid; unsigned int mc_vcpuid; - if ( !mc_check_addr(bank->mc_status, bank->mc_misc, MC_ADDR_PHYSICAL) ) + if ( !alternative_call(mce_callbacks.check_addr, bank->mc_status, + bank->mc_misc, MC_ADDR_PHYSICAL) ) { dprintk(XENLOG_WARNING, "No physical address provided for memory error\n"); diff --git a/xen/arch/x86/cpu/mcheck/mcaction.h b/xen/arch/x86/cpu/mcheck/mcaction.h index 5cbe558fb0..6c79498cd2 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.h +++ b/xen/arch/x86/cpu/mcheck/mcaction.h @@ -12,9 +12,4 @@ mc_memerr_dhandler(struct mca_binfo *binfo, #define MC_ADDR_PHYSICAL 0 #define MC_ADDR_VIRTUAL 1 -typedef bool (*mce_check_addr_t)(uint64_t status, uint64_t misc, int addr_type); -extern void mce_register_addrcheck(mce_check_addr_t); - -extern mce_check_addr_t mc_check_addr; - #endif diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 0b164e2027..5b7b85a0b5 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -82,47 +82,21 @@ static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs) fatal_trap(regs, 1); } -static x86_mce_vector_t _machine_check_vector = unexpected_machine_check; - -void __init x86_mce_vector_register(x86_mce_vector_t hdlr) -{ - _machine_check_vector = hdlr; -} +struct mce_callbacks __ro_after_init mce_callbacks = { + .handler = unexpected_machine_check, +}; +static const typeof(mce_callbacks.handler) __initconst_cf_clobber __used + default_handler = unexpected_machine_check; /* Call the installed machine check handler for this CPU setup. */ void do_machine_check(const struct cpu_user_regs *regs) { mce_enter(); - _machine_check_vector(regs); + alternative_vcall(mce_callbacks.handler, regs); mce_exit(); } -/* - * Init machine check callback handler - * It is used to collect additional information provided by newer - * CPU families/models without the need to duplicate the whole handler. - * This avoids having many handlers doing almost nearly the same and each - * with its own tweaks ands bugs. - */ -static x86_mce_callback_t mc_callback_bank_extended = NULL; - -void __init x86_mce_callback_register(x86_mce_callback_t cbfunc) -{ - mc_callback_bank_extended = cbfunc; -} - -/* - * Machine check recoverable judgement callback handler - * It is used to judge whether an UC error is recoverable by software - */ -static mce_recoverable_t mc_recoverable_scan = NULL; - -void __init mce_recoverable_register(mce_recoverable_t cbfunc) -{ - mc_recoverable_scan = cbfunc; -} - struct mca_banks *mcabanks_alloc(unsigned int nr_mce_banks) { struct mca_banks *mb; @@ -174,19 +148,6 @@ static void mcabank_clear(int banknum) mca_wrmsr(MSR_IA32_MCx_STATUS(banknum), 0x0ULL); } -/* - * Judging whether to Clear Machine Check error bank callback handler - * According to Intel latest MCA OS Recovery Writer's Guide, - * whether the error MCA bank needs to be cleared is decided by the mca_source - * and MCi_status bit value. - */ -static mce_need_clearbank_t mc_need_clearbank_scan = NULL; - -void __init mce_need_clearbank_register(mce_need_clearbank_t cbfunc) -{ - mc_need_clearbank_scan = cbfunc; -} - /* * mce_logout_lock should only be used in the trap handler, * while MCIP has not been cleared yet in the global status @@ -227,7 +188,8 @@ static void mca_init_bank(enum mca_source who, struct mc_info *mi, int bank) if ( (mib->mc_status & MCi_STATUS_MISCV) && (mib->mc_status & MCi_STATUS_ADDRV) && - (mc_check_addr(mib->mc_status, mib->mc_misc, MC_ADDR_PHYSICAL)) && + alternative_call(mce_callbacks.check_addr, mib->mc_status, + mib->mc_misc, MC_ADDR_PHYSICAL) && (who == MCA_POLLER || who == MCA_CMCI_HANDLER) && (mfn_valid(_mfn(paddr_to_pfn(mib->mc_addr)))) ) { @@ -327,7 +289,7 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, * If no mc_recovery_scan callback handler registered, * this error is not recoverable */ - recover = mc_recoverable_scan ? 1 : 0; + recover = mce_callbacks.recoverable_scan; for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -344,8 +306,9 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, * decide whether to clear bank by MCi_STATUS bit value such as * OVER/UC/EN/PCC/S/AR */ - if ( mc_need_clearbank_scan ) - need_clear = mc_need_clearbank_scan(who, status); + if ( mce_callbacks.need_clearbank_scan ) + need_clear = alternative_call(mce_callbacks.need_clearbank_scan, + who, status); /* * If this is the first bank with valid MCA DATA, then @@ -381,12 +344,12 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, if ( recover && uc ) /* uc = true, recover = true, we need not panic. */ - recover = mc_recoverable_scan(status); + recover = alternative_call(mce_callbacks.recoverable_scan, status); mca_init_bank(who, mci, i); - if ( mc_callback_bank_extended ) - mc_callback_bank_extended(mci, i, status); + if ( mce_callbacks.info_collect ) + alternative_vcall(mce_callbacks.info_collect, mci, i, status); /* By default, need_clear = true */ if ( who != MCA_MCE_SCAN && need_clear ) @@ -1913,9 +1876,11 @@ static void cf_check mce_softirq(void) * will help to collect and log those MCE errors. * Round2: Do all MCE processing logic as normal. */ -void __init mce_handler_init(void) +void __init mce_handler_init(const struct mce_callbacks *cb) { /* callback register, do we really need so many callback? */ + mce_callbacks = *cb; + /* mce handler data initialization */ spin_lock_init(&mce_logout_lock); open_softirq(MACHINE_CHECK_SOFTIRQ, mce_softirq); diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index 10ed059f7c..6bd25d4101 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -62,20 +62,12 @@ void noreturn mc_panic(char *s); void x86_mc_get_cpu_info(unsigned, uint32_t *, uint16_t *, uint16_t *, uint32_t *, uint32_t *, uint32_t *, uint32_t *); -/* Register a handler for machine check exceptions. */ -typedef void (*x86_mce_vector_t)(const struct cpu_user_regs *regs); -extern void x86_mce_vector_register(x86_mce_vector_t); - /* * Common generic MCE handler that implementations may nominate * via x86_mce_vector_register. */ void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs); -/* Register a handler for judging whether mce is recoverable. */ -typedef bool (*mce_recoverable_t)(uint64_t status); -extern void mce_recoverable_register(mce_recoverable_t); - /* Read an MSR, checking for an interposed value first */ extern struct intpose_ent *intpose_lookup(unsigned int, uint64_t, uint64_t *); @@ -134,30 +126,6 @@ extern void mcheck_mca_clearbanks(struct mca_banks *); extern mctelem_cookie_t mcheck_mca_logout(enum mca_source, struct mca_banks *, struct mca_summary *, struct mca_banks *); -/* - * Register callbacks to be made during bank telemetry logout. - * Those callbacks are only available to those machine check handlers - * that call to the common mcheck_cmn_handler or who use the common - * telemetry logout function mcheck_mca_logout in error polling. - */ - -/* Register a handler for judging whether the bank need to be cleared */ -typedef bool (*mce_need_clearbank_t)(enum mca_source who, u64 status); -extern void mce_need_clearbank_register(mce_need_clearbank_t); - -/* - * Register a callback to collect additional information (typically non- - * architectural) provided by newer CPU families/models without the need - * to duplicate the whole handler resulting in various handlers each with - * its own tweaks and bugs. The callback receives an struct mc_info pointer - * which it can use with x86_mcinfo_reserve to add additional telemetry, - * the current MCA bank number we are reading telemetry from, and the - * MCi_STATUS value for that bank. - */ -typedef struct mcinfo_extended *(*x86_mce_callback_t) - (struct mc_info *, uint16_t, uint64_t); -extern void x86_mce_callback_register(x86_mce_callback_t); - void *x86_mcinfo_reserve(struct mc_info *mi, unsigned int size, unsigned int type); void x86_mcinfo_dump(struct mc_info *mi); @@ -198,8 +166,44 @@ static inline int mce_bank_msr(const struct vcpu *v, uint32_t msr) return 0; } -/* MC softirq */ -void mce_handler_init(void); +struct mce_callbacks { + void (*handler)(const struct cpu_user_regs *regs); + bool (*check_addr)(uint64_t status, uint64_t misc, int addr_type); + + /* Handler for judging whether mce is recoverable. */ + bool (*recoverable_scan)(uint64_t status); + + /* + * Callbacks to be made during bank telemetry logout. + * They are only available to those machine check handlers + * that call to the common mcheck_cmn_handler or who use the common + * telemetry logout function mcheck_mca_logout in error polling. + */ + + /* + * Judging whether to Clear Machine Check error bank callback handler. + * According to Intel latest MCA OS Recovery Writer's Guide, whether + * the error MCA bank needs to be cleared is decided by the mca_source + * and MCi_status bit value. + */ + bool (*need_clearbank_scan)(enum mca_source who, u64 status); + + /* + * Callback to collect additional information (typically non- + * architectural) provided by newer CPU families/models without the need + * to duplicate the whole handler resulting in various handlers each with + * its own tweaks and bugs. The callback receives an struct mc_info pointer + * which it can use with x86_mcinfo_reserve to add additional telemetry, + * the current MCA bank number we are reading telemetry from, and the + * MCi_STATUS value for that bank. + */ + struct mcinfo_extended *(*info_collect) + (struct mc_info *mi, uint16_t bank, uint64_t status); +}; + +extern struct mce_callbacks mce_callbacks; + +void mce_handler_init(const struct mce_callbacks *cb); extern const struct mca_error_handler *mce_dhandlers; extern const struct mca_error_handler *mce_uhandlers; diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c b/xen/arch/x86/cpu/mcheck/mce_amd.c index cf80e1a275..f401f54fab 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.c +++ b/xen/arch/x86/cpu/mcheck/mce_amd.c @@ -283,6 +283,19 @@ int vmce_amd_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) return 1; } +static const struct mce_callbacks __initconst_cf_clobber k8_callbacks = { + .handler = mcheck_cmn_handler, + .need_clearbank_scan = amd_need_clearbank_scan, +}; + +static const struct mce_callbacks __initconst_cf_clobber k10_callbacks = { + .handler = mcheck_cmn_handler, + .check_addr = mc_amd_addrcheck, + .recoverable_scan = mc_amd_recoverable_scan, + .need_clearbank_scan = amd_need_clearbank_scan, + .info_collect = amd_f10_handler, +}; + enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *ci, bool bsp) { @@ -295,11 +308,7 @@ amd_mcheck_init(const struct cpuinfo_x86 *ci, bool bsp) /* Assume that machine check support is available. * The minimum provided support is at least the K8. */ if ( bsp ) - { - mce_handler_init(); - x86_mce_vector_register(mcheck_cmn_handler); - mce_need_clearbank_register(amd_need_clearbank_scan); - } + mce_handler_init(ci->x86 == 0xf ? &k8_callbacks : &k10_callbacks); for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -339,13 +348,6 @@ amd_mcheck_init(const struct cpuinfo_x86 *ci, bool bsp) ppin_msr = MSR_AMD_PPIN; } - if ( bsp ) - { - x86_mce_callback_register(amd_f10_handler); - mce_recoverable_register(mc_amd_recoverable_scan); - mce_register_addrcheck(mc_amd_addrcheck); - } - return ci->x86_vendor == X86_VENDOR_HYGON ? mcheck_hygon : mcheck_amd_famXX; } diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index 837a8c6d0c..dc7e1e61a6 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -843,11 +843,6 @@ static void intel_init_mce(bool bsp) if ( !bsp ) return; - x86_mce_vector_register(mcheck_cmn_handler); - mce_recoverable_register(intel_recoverable_scan); - mce_need_clearbank_register(intel_need_clearbank_scan); - mce_register_addrcheck(intel_checkaddr); - mce_dhandlers = intel_mce_dhandlers; mce_dhandler_num = ARRAY_SIZE(intel_mce_dhandlers); mce_uhandlers = intel_mce_uhandlers; @@ -957,6 +952,13 @@ static int cf_check cpu_callback( return !rc ? NOTIFY_DONE : notifier_from_errno(rc); } +static const struct mce_callbacks __initconst_cf_clobber intel_callbacks = { + .handler = mcheck_cmn_handler, + .check_addr = intel_checkaddr, + .recoverable_scan = intel_recoverable_scan, + .need_clearbank_scan = intel_need_clearbank_scan, +}; + static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; @@ -983,7 +985,7 @@ enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp) intel_init_mca(c); if ( bsp ) - mce_handler_init(); + mce_handler_init(&intel_callbacks); intel_init_mce(bsp); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:34:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:34:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707860.1106227 (Exim 4.92) (envelope-from ) id 1rxHbe-00005v-Tr; Thu, 18 Apr 2024 02:34:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707860.1106227; Thu, 18 Apr 2024 02:34:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbe-00005o-RF; Thu, 18 Apr 2024 02:34:34 +0000 Received: by outflank-mailman (input) for mailman id 707860; Thu, 18 Apr 2024 02:34:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbd-00005f-KV for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbd-0003PO-Jo for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHbd-0006OV-IB for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=I8h1zz4LomXZ53PRq3YsV4cUd425oewYy79bOVzbLMM=; b=uKc8p64iH5bz5NHbngMaq4wP9K bGKu/GJa9PosAH31Sphtufbt2ZbrPncUZEINTFZ4VsDOvGabSPiIAW48Y+fywzBmcektfgfuc4fRf +Udd/O/+ILwYgkUr59Phw3J9mcGD0X63IihWEucZzXbQ6HfyYB8vPhMPQ+RjzHMg5adk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] IRQ: generalize [gs]et_irq_regs() Message-Id: Date: Thu, 18 Apr 2024 02:34:33 +0000 commit e356ac136aac6cddf26f0287112813a9344a8aed Author: Jan Beulich AuthorDate: Tue Jan 23 12:03:23 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 IRQ: generalize [gs]et_irq_regs() Move functions (and their data) to common code, and invoke the functions on Arm as well. This is in preparation of dropping the register parameters from handler functions. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Julien Grall (cherry picked from commit f67bddf3bccd99a5fee968c3b3f288db6a57d3be) --- xen/arch/arm/irq.c | 2 ++ xen/arch/x86/include/asm/irq.h | 21 --------------------- xen/arch/x86/irq.c | 2 -- xen/common/irq.c | 2 ++ xen/include/xen/irq.h | 21 +++++++++++++++++++++ 5 files changed, 25 insertions(+), 23 deletions(-) diff --git a/xen/arch/arm/irq.c b/xen/arch/arm/irq.c index fd0c15fffd..8649c636a3 100644 --- a/xen/arch/arm/irq.c +++ b/xen/arch/arm/irq.c @@ -229,6 +229,7 @@ void do_IRQ(struct cpu_user_regs *regs, unsigned int irq, int is_fiq) { struct irq_desc *desc = irq_to_desc(irq); struct irqaction *action; + struct cpu_user_regs *old_regs = set_irq_regs(regs); perfc_incr(irqs); @@ -296,6 +297,7 @@ out: out_no_end: spin_unlock(&desc->lock); irq_exit(); + set_irq_regs(old_regs); } void release_irq(unsigned int irq, const void *dev_id) diff --git a/xen/arch/x86/include/asm/irq.h b/xen/arch/x86/include/asm/irq.h index 823d627fd0..26850e5077 100644 --- a/xen/arch/x86/include/asm/irq.h +++ b/xen/arch/x86/include/asm/irq.h @@ -70,27 +70,6 @@ extern bool opt_noirqbalance; extern int opt_irq_vector_map; -/* - * Per-cpu current frame pointer - the location of the last exception frame on - * the stack - */ -DECLARE_PER_CPU(struct cpu_user_regs *, __irq_regs); - -static inline struct cpu_user_regs *get_irq_regs(void) -{ - return this_cpu(__irq_regs); -} - -static inline struct cpu_user_regs *set_irq_regs(struct cpu_user_regs *new_regs) -{ - struct cpu_user_regs *old_regs, **pp_regs = &this_cpu(__irq_regs); - - old_regs = *pp_regs; - *pp_regs = new_regs; - return old_regs; -} - - #define platform_legacy_irq(irq) ((irq) < 16) void cf_check event_check_interrupt(struct cpu_user_regs *regs); diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 51b4837cd3..abd6f577dd 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -53,8 +53,6 @@ static DEFINE_SPINLOCK(vector_lock); DEFINE_PER_CPU(vector_irq_t, vector_irq); -DEFINE_PER_CPU(struct cpu_user_regs *, __irq_regs); - static LIST_HEAD(irq_ratelimit_list); static DEFINE_SPINLOCK(irq_ratelimit_lock); static struct timer irq_ratelimit_timer; diff --git a/xen/common/irq.c b/xen/common/irq.c index 727cf8bd22..236cf171e2 100644 --- a/xen/common/irq.c +++ b/xen/common/irq.c @@ -1,6 +1,8 @@ #include #include +DEFINE_PER_CPU(struct cpu_user_regs *, irq_regs); + int init_one_irq_desc(struct irq_desc *desc) { int err; diff --git a/xen/include/xen/irq.h b/xen/include/xen/irq.h index 300625e56d..c93ef31a9c 100644 --- a/xen/include/xen/irq.h +++ b/xen/include/xen/irq.h @@ -130,6 +130,27 @@ void cf_check irq_actor_none(struct irq_desc *); #define irq_disable_none irq_actor_none #define irq_enable_none irq_actor_none +/* + * Per-cpu interrupted context register state - the inner-most interrupt frame + * on the stack. + */ +DECLARE_PER_CPU(struct cpu_user_regs *, irq_regs); + +static inline struct cpu_user_regs *get_irq_regs(void) +{ + return this_cpu(irq_regs); +} + +static inline struct cpu_user_regs *set_irq_regs(struct cpu_user_regs *new_regs) +{ + struct cpu_user_regs *old_regs, **pp_regs = &this_cpu(irq_regs); + + old_regs = *pp_regs; + *pp_regs = new_regs; + + return old_regs; +} + struct domain; struct vcpu; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:34:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:34:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707861.1106230 (Exim 4.92) (envelope-from ) id 1rxHbp-0000FB-0j; Thu, 18 Apr 2024 02:34:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707861.1106230; Thu, 18 Apr 2024 02:34:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbo-0000F3-UJ; Thu, 18 Apr 2024 02:34:44 +0000 Received: by outflank-mailman (input) for mailman id 707861; Thu, 18 Apr 2024 02:34:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbn-0000Ep-Nf for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbn-0003PV-Ms for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHbn-0006PT-M3 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n3/VNlrNmGOPO4TK3kcQF4jshkOE0EhhP0sZpZRGbHw=; b=TrMUXO4ZnJiEMa9QRY7ZHIDWMA V+EdJQjdzYXXgJN7T2beHxQm0hp79BMNZqFYoKSQjw/5UkNvtTDOxdFPMMLbzXuaaykJp+pTfLtxI oUj0HHMLIUTCP+HwWHup3uFVykCI0Y6KV86i2+GVIXe5F7GdA7wHhwv70WOCAK/MZbyY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Expose IPRED_CTRL to guests Message-Id: Date: Thu, 18 Apr 2024 02:34:43 +0000 commit 68468e5b0ff7f82518de6de8b74187f86a9b6e22 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:58 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Expose IPRED_CTRL to guests The CPUID feature bit signals the presence of the IPRED_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 4dd6760706848de30f7c8b5f83462b9bcb070c91) --- xen/arch/x86/msr.c | 6 ++++-- xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index f7192c1ddf..ac01553598 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -316,8 +316,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) /* * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have - * separate CPUID features for this functionality, but only set will be - * active. + * separate CPUID features for some of this functionality, but only one + * vendors-worth will be active on a single host. */ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) { @@ -331,6 +331,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | (psfd ? SPEC_CTRL_PSFD : 0) | + (cp->feat.ipred_ctrl + ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index bc971f3c6f..8708b934a0 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -295,7 +295,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /* MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /* MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 636ff44c8b..9d1e47cfcd 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -318,7 +318,8 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS], + IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, + IPRED_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:34:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:34:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707862.1106235 (Exim 4.92) (envelope-from ) id 1rxHbz-0000Ho-2W; Thu, 18 Apr 2024 02:34:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707862.1106235; Thu, 18 Apr 2024 02:34:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHby-0000Hg-Vp; Thu, 18 Apr 2024 02:34:54 +0000 Received: by outflank-mailman (input) for mailman id 707862; Thu, 18 Apr 2024 02:34:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbx-0000HK-QZ for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHbx-0003Pd-Ps for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHbx-0006QN-PB for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:34:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gIz9SZUrJLiLsQw1vfL8UugXWN3CMe2Vnu+vUk3D1HY=; b=OnGzjjzWlHzAqJTzsJvMs55TvR yvJyNaNW3L7xVHu58ANgfCG8AWSS6J/asT0nwbvMDsMBVhBVzCmBxtN3GBkAm8bhzBMFiGtoMwm98 0gxNNrUVPUUuz3kSEM2gaMeh3RosPuAqCyOdI6eTjCHBvbuvnh0AS4CCCfcPUclBGUsQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Expose RRSBA_CTRL to guests Message-Id: Date: Thu, 18 Apr 2024 02:34:53 +0000 commit b7559a0488ac286d92a09fc00614207b32abb72d Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:59 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Expose RRSBA_CTRL to guests The CPUID feature bit signals the presence of the RRSBA_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 478e4787fa64b621061177a7843c452e9a19916d) --- xen/arch/x86/msr.c | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index ac01553598..615314f1e1 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -333,6 +333,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) (psfd ? SPEC_CTRL_PSFD : 0) | (cp->feat.ipred_ctrl ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | + (cp->feat.rrsba_ctrl + ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 8708b934a0..0e1581cdac 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -296,7 +296,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /* MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 9d1e47cfcd..09acb9764c 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -319,7 +319,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL], + IPRED_CTRL, RRSBA_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:35:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:35:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707863.1106239 (Exim 4.92) (envelope-from ) id 1rxHc9-0000M9-3q; Thu, 18 Apr 2024 02:35:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707863.1106239; Thu, 18 Apr 2024 02:35:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHc9-0000M0-18; Thu, 18 Apr 2024 02:35:05 +0000 Received: by outflank-mailman (input) for mailman id 707863; Thu, 18 Apr 2024 02:35:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHc7-0000Lc-To for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHc7-0003QL-T5 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHc7-0006RU-SN for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qh8AZ+KYuyWCWpsA0/FA2Xy/Y0LsB14kPdaC7dG7JV4=; b=bajFtO8pdzAB5NRMdh1STwdBFd C6KhT0kqnI/O1aSB014KjOPo62W4OGDBgKLVFXCUbvh6RjLGvnf5uxkgU6evIHX8wT29vceEanApm rzHQYeVPJv1cWCeAgaVJm7yalLn/4kn3s05BI00F/0gsVI6+Tpf8FpOgy4KRSB7rE8vY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Expose BHI_CTRL to guests Message-Id: Date: Thu, 18 Apr 2024 02:35:03 +0000 commit 363745e52dc758bdfb2fd42d32f12276c80ed447 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:14:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Expose BHI_CTRL to guests The CPUID feature bit signals the presence of the BHI_DIS_S control in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 583f1d0950529f3517b1741c2b21a028a82ba831) --- xen/arch/x86/msr.c | 1 + xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 615314f1e1..51e6744e8f 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -335,6 +335,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | (cp->feat.rrsba_ctrl ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | + (cp->feat.bhi_ctrl ? SPEC_CTRL_BHI_DIS_S : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 0e1581cdac..51f238683c 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -297,7 +297,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 09acb9764c..a7c2ba3e5d 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -319,7 +319,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL, RRSBA_CTRL], + IPRED_CTRL, RRSBA_CTRL, BHI_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:35:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:35:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707864.1106243 (Exim 4.92) (envelope-from ) id 1rxHcJ-0000Ow-5O; Thu, 18 Apr 2024 02:35:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707864.1106243; Thu, 18 Apr 2024 02:35:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcJ-0000Om-2c; Thu, 18 Apr 2024 02:35:15 +0000 Received: by outflank-mailman (input) for mailman id 707864; Thu, 18 Apr 2024 02:35:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcI-0000Od-0Z for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcH-0003QS-W1 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHcH-0006SP-VN for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jzQMpYuj/xlxYxZgiAHYcpI7q8O6VCGu6mgBDVxRHrY=; b=UWkg5wOH/n8EoiRl35JnyriNv5 AUHazRpw7SpY3W7v+BhfGL/MSpMCGps+X22Wa082WJr2icq4bw30X2gJo06cPvH//75w0evQyHyNu UdvYNZKCe4Ixb/uBxeo/xhXqBzYqEdG3MyMxWy2VU7cXMtP7Jo4dbq2z/OHd3yYu8HoA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86: arrange for ENDBR zapping from _ctxt_switch_masking() Message-Id: Date: Thu, 18 Apr 2024 02:35:13 +0000 commit f2947a0da348eafc72e166dea14983f6d7c8300e Author: Jan Beulich AuthorDate: Mon Feb 5 10:44:46 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86: arrange for ENDBR zapping from _ctxt_switch_masking() While altcall is already used for them, the functions want announcing in .init.rodata.cf_clobber, even if the resulting static variables aren't otherwise used. While doing this also move ctxt_switch_masking to .data.ro_after_init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 044168fa3a65b6542bda5c21e373742de1bd5980) --- xen/arch/x86/cpu/amd.c | 5 +++++ xen/arch/x86/cpu/common.c | 2 +- xen/arch/x86/cpu/intel.c | 5 +++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 3d85e9797d..d5e9ad7598 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -258,6 +258,11 @@ static void cf_check amd_ctxt_switch_masking(const struct vcpu *next) #undef LAZY } +#ifdef CONFIG_XEN_IBT /* Announce the function to ENDBR clobbering logic. */ +static const typeof(ctxt_switch_masking) __initconst_cf_clobber __used csm = + amd_ctxt_switch_masking; +#endif + /* * Mask the features and extended features returned by CPUID. Parameters are * set from the boot line via two methods: diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 54ea7fa831..60e472da26 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -121,7 +121,7 @@ static const struct cpu_dev default_cpu = { static const struct cpu_dev *this_cpu = &default_cpu; static DEFINE_PER_CPU(uint64_t, msr_misc_features); -void (* __read_mostly ctxt_switch_masking)(const struct vcpu *next); +void (* __ro_after_init ctxt_switch_masking)(const struct vcpu *next); bool __init probe_cpuid_faulting(void) { diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 96723b5d44..532e845f66 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -220,6 +220,11 @@ static void cf_check intel_ctxt_switch_masking(const struct vcpu *next) #undef LAZY } +#ifdef CONFIG_XEN_IBT /* Announce the function to ENDBR clobbering logic. */ +static const typeof(ctxt_switch_masking) __initconst_cf_clobber __used csm = + intel_ctxt_switch_masking; +#endif + /* * opt_cpuid_mask_ecx/edx: cpuid.1[ecx, edx] feature mask. * For example, E8400[Intel Core 2 Duo Processor series] ecx = 0x0008E3FD, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:35:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:35:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707865.1106246 (Exim 4.92) (envelope-from ) id 1rxHcT-0000RY-6c; Thu, 18 Apr 2024 02:35:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707865.1106246; Thu, 18 Apr 2024 02:35:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcT-0000RQ-43; Thu, 18 Apr 2024 02:35:25 +0000 Received: by outflank-mailman (input) for mailman id 707865; Thu, 18 Apr 2024 02:35:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcS-0000RE-3P for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcS-0003Qg-2h for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHcS-0006TI-1y for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lwNomu0A+6Zl898m1tPwZ0nUaziG08a/AU+Z3GfzW/c=; b=XR1ynjuZ4+jH+T4ovjGtXqaDI4 MgHW7exCx1uyW6pzK/snmCEsBTbSQ/BaEJsz3fI74ZtMDHlX/DLJlVNvdPXOe4tx0LwIuaWNU4cD7 1TL1Ic5STz7S2eeXyRNM/wZfmXxFN3H4Qi66oXcj7kH1LAFBO2YyXulbmnMvbWdkhav4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/guest: finish conversion to altcall Message-Id: Date: Thu, 18 Apr 2024 02:35:24 +0000 commit d11255f909e4b77ae1d1aa7e928cdfca5964a574 Author: Jan Beulich AuthorDate: Mon Feb 5 10:45:31 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/guest: finish conversion to altcall While .setup() and .e820_fixup() don't need fiddling with for being run only very early, both .ap_setup() and .resume() want converting too: This way both pre-filled struct hypervisor_ops instances can become __initconst_cf_clobber, thus allowing to eliminate up to 5 more ENDBR (configuration dependent) during the 2nd phase of alternatives patching. While fiddling with section annotations here, also move "ops" itself to .data.ro_after_init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Acked-by: Paul Durrant (cherry picked from commit e931edccc53c9dd6e9a505ad0ff3a03d985669bc) --- xen/arch/x86/guest/hyperv/hyperv.c | 2 +- xen/arch/x86/guest/hypervisor.c | 6 +++--- xen/arch/x86/guest/xen/xen.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/guest/hyperv/hyperv.c b/xen/arch/x86/guest/hyperv/hyperv.c index b101ba3080..5c58a0c457 100644 --- a/xen/arch/x86/guest/hyperv/hyperv.c +++ b/xen/arch/x86/guest/hyperv/hyperv.c @@ -219,7 +219,7 @@ static int cf_check flush_tlb( return hyperv_flush_tlb(mask, va, flags); } -static const struct hypervisor_ops __initconstrel ops = { +static const struct hypervisor_ops __initconst_cf_clobber ops = { .name = "Hyper-V", .setup = setup, .ap_setup = ap_setup, diff --git a/xen/arch/x86/guest/hypervisor.c b/xen/arch/x86/guest/hypervisor.c index 366af1d650..c3e10c3586 100644 --- a/xen/arch/x86/guest/hypervisor.c +++ b/xen/arch/x86/guest/hypervisor.c @@ -25,7 +25,7 @@ #include #include -static struct hypervisor_ops __read_mostly ops; +static struct hypervisor_ops __ro_after_init ops; const char *__init hypervisor_probe(void) { @@ -61,7 +61,7 @@ void __init hypervisor_setup(void) int hypervisor_ap_setup(void) { if ( ops.ap_setup ) - return ops.ap_setup(); + return alternative_call(ops.ap_setup); return 0; } @@ -69,7 +69,7 @@ int hypervisor_ap_setup(void) void hypervisor_resume(void) { if ( ops.resume ) - ops.resume(); + alternative_vcall(ops.resume); } void __init hypervisor_e820_fixup(struct e820map *e820) diff --git a/xen/arch/x86/guest/xen/xen.c b/xen/arch/x86/guest/xen/xen.c index 9c2defaa66..c4cb16df38 100644 --- a/xen/arch/x86/guest/xen/xen.c +++ b/xen/arch/x86/guest/xen/xen.c @@ -330,7 +330,7 @@ static int cf_check flush_tlb( return xen_hypercall_hvm_op(HVMOP_flush_tlbs, NULL); } -static const struct hypervisor_ops __initconstrel ops = { +static const struct hypervisor_ops __initconst_cf_clobber ops = { .name = "Xen", .setup = setup, .ap_setup = ap_setup, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:35:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:35:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707866.1106251 (Exim 4.92) (envelope-from ) id 1rxHcd-0000UC-94; Thu, 18 Apr 2024 02:35:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707866.1106251; Thu, 18 Apr 2024 02:35:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcd-0000U4-5g; Thu, 18 Apr 2024 02:35:35 +0000 Received: by outflank-mailman (input) for mailman id 707866; Thu, 18 Apr 2024 02:35:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcc-0000Tx-8K for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcc-0003Qn-5j for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHcc-0006UM-4z for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yb1Zwqem6YRwWWvdSR5daUDFxjG4sTvDqAGKkMWyrDg=; b=RlkIEXLduYEZDA2ypMgqrZy9a6 RoQCvUntq+2GXG1iryZ1UnbDi/CYWt2DvX5KNYhPo1MIVHFZrT54cYlaLtgM6+6Q1X+Sg4ooGWJ6N CQ4EgwVLqJzb0MLlivnfS4neLmrBLEnvCqPRa0E3R6dqqy+RF6OtKIMJusq8iED5m3Ss=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/CPU: convert vendor hook invocations to altcall Message-Id: Date: Thu, 18 Apr 2024 02:35:34 +0000 commit 6b899fe735d040356ead7170e0fe10f6668624d0 Author: Jan Beulich AuthorDate: Mon Feb 5 10:48:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/CPU: convert vendor hook invocations to altcall While not performance critical, these hook invocations still want converting: This way all pre-filled struct cpu_dev instances can become __initconst_cf_clobber, thus allowing to eliminate further 8 ENDBR during the 2nd phase of alternatives patching (besides moving previously resident data to .init.*). Since all use sites need touching anyway, take the opportunity and also address a Misra C:2012 Rule 5.5 violation: Rename the this_cpu static variable. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit 660f8a75013c947fbe5358a640032a1f9f1eece5) --- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/cpu/centaur.c | 2 +- xen/arch/x86/cpu/common.c | 24 ++++++++++++------------ xen/arch/x86/cpu/hygon.c | 2 +- xen/arch/x86/cpu/intel.c | 2 +- xen/arch/x86/cpu/shanghai.c | 2 +- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index d5e9ad7598..2838725bab 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -1286,7 +1286,7 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) amd_log_freq(c); } -const struct cpu_dev amd_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber amd_cpu_dev = { .c_early_init = early_init_amd, .c_init = init_amd, }; diff --git a/xen/arch/x86/cpu/centaur.c b/xen/arch/x86/cpu/centaur.c index eac49d78db..750168d1e8 100644 --- a/xen/arch/x86/cpu/centaur.c +++ b/xen/arch/x86/cpu/centaur.c @@ -54,6 +54,6 @@ static void cf_check init_centaur(struct cpuinfo_x86 *c) init_c3(c); } -const struct cpu_dev centaur_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber centaur_cpu_dev = { .c_init = init_centaur, }; diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 60e472da26..88855f5773 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -115,10 +115,10 @@ static void cf_check default_init(struct cpuinfo_x86 * c) __clear_bit(X86_FEATURE_SEP, c->x86_capability); } -static const struct cpu_dev default_cpu = { +static const struct cpu_dev __initconst_cf_clobber __used default_cpu = { .c_init = default_init, }; -static const struct cpu_dev *this_cpu = &default_cpu; +static struct cpu_dev __ro_after_init actual_cpu; static DEFINE_PER_CPU(uint64_t, msr_misc_features); void (* __ro_after_init ctxt_switch_masking)(const struct vcpu *next); @@ -343,12 +343,13 @@ void __init early_cpu_init(void) c->x86_vendor = x86_cpuid_lookup_vendor(ebx, ecx, edx); switch (c->x86_vendor) { - case X86_VENDOR_INTEL: this_cpu = &intel_cpu_dev; break; - case X86_VENDOR_AMD: this_cpu = &amd_cpu_dev; break; - case X86_VENDOR_CENTAUR: this_cpu = ¢aur_cpu_dev; break; - case X86_VENDOR_SHANGHAI: this_cpu = &shanghai_cpu_dev; break; - case X86_VENDOR_HYGON: this_cpu = &hygon_cpu_dev; break; + case X86_VENDOR_INTEL: actual_cpu = intel_cpu_dev; break; + case X86_VENDOR_AMD: actual_cpu = amd_cpu_dev; break; + case X86_VENDOR_CENTAUR: actual_cpu = centaur_cpu_dev; break; + case X86_VENDOR_SHANGHAI: actual_cpu = shanghai_cpu_dev; break; + case X86_VENDOR_HYGON: actual_cpu = hygon_cpu_dev; break; default: + actual_cpu = default_cpu; printk(XENLOG_ERR "Unrecognised or unsupported CPU vendor '%.12s'\n", c->x86_vendor_id); @@ -434,8 +435,8 @@ static void generic_identify(struct cpuinfo_x86 *c) c->apicid = phys_pkg_id((ebx >> 24) & 0xFF, 0); c->phys_proc_id = c->apicid; - if (this_cpu->c_early_init) - this_cpu->c_early_init(c); + if (actual_cpu.c_early_init) + alternative_vcall(actual_cpu.c_early_init, c); /* c_early_init() may have adjusted cpuid levels/features. Reread. */ c->cpuid_level = cpuid_eax(0); @@ -540,9 +541,8 @@ void identify_cpu(struct cpuinfo_x86 *c) * At the end of this section, c->x86_capability better * indicate the features this CPU genuinely supports! */ - if (this_cpu->c_init) - this_cpu->c_init(c); - + if (actual_cpu.c_init) + alternative_vcall(actual_cpu.c_init, c); if (c == &boot_cpu_data && !opt_pku) setup_clear_cpu_cap(X86_FEATURE_PKU); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 361eb6fd41..0c7c97ebb7 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -88,7 +88,7 @@ static void cf_check init_hygon(struct cpuinfo_x86 *c) amd_log_freq(c); } -const struct cpu_dev hygon_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber hygon_cpu_dev = { .c_early_init = early_init_amd, .c_init = init_hygon, }; diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 532e845f66..2d439e0bd2 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -598,7 +598,7 @@ static void cf_check init_intel(struct cpuinfo_x86 *c) setup_clear_cpu_cap(X86_FEATURE_CLWB); } -const struct cpu_dev intel_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber intel_cpu_dev = { .c_early_init = early_init_intel, .c_init = init_intel, }; diff --git a/xen/arch/x86/cpu/shanghai.c b/xen/arch/x86/cpu/shanghai.c index 95ae544f8c..910f2c32f3 100644 --- a/xen/arch/x86/cpu/shanghai.c +++ b/xen/arch/x86/cpu/shanghai.c @@ -15,6 +15,6 @@ static void cf_check init_shanghai(struct cpuinfo_x86 *c) init_intel_cacheinfo(c); } -const struct cpu_dev shanghai_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber shanghai_cpu_dev = { .c_init = init_shanghai, }; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:35:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:35:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707867.1106254 (Exim 4.92) (envelope-from ) id 1rxHcn-0000XM-Be; Thu, 18 Apr 2024 02:35:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707867.1106254; Thu, 18 Apr 2024 02:35:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcn-0000XF-9C; Thu, 18 Apr 2024 02:35:45 +0000 Received: by outflank-mailman (input) for mailman id 707867; Thu, 18 Apr 2024 02:35:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcm-0000X7-9s for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcm-0003Qv-94 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHcm-0006VG-8J for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2FHX2de9jxQ44bpYeZhotOAdKrzSIaMMQANHtxfTZsw=; b=PRZg2f0N/h5ktB3ls3CxRXc9OG ls7YQlu0hEF49pz4WJdDh70sodyGmSYzaJVyLa8sf5UQCuCRE+OZlOS6D2u7IrslMKCAuPqWgZj/h AAyNifPb5QhTT0JbLAx/H31NWEC1YtzuUnC80y/AMYI7327AFxBAOLN7CVreuILbYIBU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] VMX: tertiary execution control infrastructure Message-Id: Date: Thu, 18 Apr 2024 02:35:44 +0000 commit 91c2a92231af71a50557c65e32e2f838ae3aed14 Author: Jan Beulich AuthorDate: Wed Feb 7 13:46:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 VMX: tertiary execution control infrastructure This is a prereq to enabling e.g. the MSRLIST feature. Note that the PROCBASED_CTLS3 MSR is different from other VMX feature reporting MSRs, in that all 64 bits report allowed 1-settings. vVMX code is left alone, though, for the time being. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 878159bf259bfbd7a40312829f1ea0ce1f6645e2) --- xen/arch/x86/hvm/vmx/vmcs.c | 57 +++++++++++++++++++++++++++++---- xen/arch/x86/hvm/vmx/vmx.c | 6 ++++ xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 13 ++++++++ xen/arch/x86/include/asm/hvm/vmx/vmx.h | 1 + xen/arch/x86/include/asm/msr-index.h | 1 + 5 files changed, 72 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index b5ecc51b43..49d51fb524 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -176,6 +176,7 @@ static int cf_check parse_ept_param_runtime(const char *s) u32 vmx_pin_based_exec_control __read_mostly; u32 vmx_cpu_based_exec_control __read_mostly; u32 vmx_secondary_exec_control __read_mostly; +uint64_t vmx_tertiary_exec_control __read_mostly; u32 vmx_vmexit_control __read_mostly; u32 vmx_vmentry_control __read_mostly; u64 vmx_ept_vpid_cap __read_mostly; @@ -241,10 +242,32 @@ static u32 adjust_vmx_controls( return ctl; } -static bool_t cap_check(const char *name, u32 expected, u32 saw) +static uint64_t adjust_vmx_controls2( + const char *name, uint64_t ctl_min, uint64_t ctl_opt, unsigned int msr, + bool *mismatch) +{ + uint64_t vmx_msr, ctl = ctl_min | ctl_opt; + + rdmsrl(msr, vmx_msr); + + ctl &= vmx_msr; /* bit == 0 ==> must be zero */ + + /* Ensure minimum (required) set of control bits are supported. */ + if ( ctl_min & ~ctl ) + { + *mismatch = true; + printk("VMX: CPU%u has insufficient %s (%#lx; requires %#lx)\n", + smp_processor_id(), name, ctl, ctl_min); + } + + return ctl; +} + +static bool cap_check( + const char *name, unsigned long expected, unsigned long saw) { if ( saw != expected ) - printk("VMX %s: saw %#x expected %#x\n", name, saw, expected); + printk("VMX %s: saw %#lx expected %#lx\n", name, saw, expected); return saw != expected; } @@ -254,6 +277,7 @@ static int vmx_init_vmcs_config(bool bsp) u32 _vmx_pin_based_exec_control; u32 _vmx_cpu_based_exec_control; u32 _vmx_secondary_exec_control = 0; + uint64_t _vmx_tertiary_exec_control = 0; u64 _vmx_ept_vpid_cap = 0; u64 _vmx_misc_cap = 0; u32 _vmx_vmexit_control; @@ -287,7 +311,8 @@ static int vmx_init_vmcs_config(bool bsp) opt = (CPU_BASED_ACTIVATE_MSR_BITMAP | CPU_BASED_TPR_SHADOW | CPU_BASED_MONITOR_TRAP_FLAG | - CPU_BASED_ACTIVATE_SECONDARY_CONTROLS); + CPU_BASED_ACTIVATE_SECONDARY_CONTROLS | + CPU_BASED_ACTIVATE_TERTIARY_CONTROLS); _vmx_cpu_based_exec_control = adjust_vmx_controls( "CPU-Based Exec Control", min, opt, MSR_IA32_VMX_PROCBASED_CTLS, &mismatch); @@ -351,6 +376,15 @@ static int vmx_init_vmcs_config(bool bsp) MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); } + if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) + { + uint64_t opt = 0; + + _vmx_tertiary_exec_control = adjust_vmx_controls2( + "Tertiary Exec Control", 0, opt, + MSR_IA32_VMX_PROCBASED_CTLS3, &mismatch); + } + /* The IA32_VMX_EPT_VPID_CAP MSR exists only when EPT or VPID available */ if ( _vmx_secondary_exec_control & (SECONDARY_EXEC_ENABLE_EPT | SECONDARY_EXEC_ENABLE_VPID) ) @@ -481,6 +515,7 @@ static int vmx_init_vmcs_config(bool bsp) vmx_pin_based_exec_control = _vmx_pin_based_exec_control; vmx_cpu_based_exec_control = _vmx_cpu_based_exec_control; vmx_secondary_exec_control = _vmx_secondary_exec_control; + vmx_tertiary_exec_control = _vmx_tertiary_exec_control; vmx_ept_vpid_cap = _vmx_ept_vpid_cap; vmx_vmexit_control = _vmx_vmexit_control; vmx_vmentry_control = _vmx_vmentry_control; @@ -516,6 +551,9 @@ static int vmx_init_vmcs_config(bool bsp) mismatch |= cap_check( "Secondary Exec Control", vmx_secondary_exec_control, _vmx_secondary_exec_control); + mismatch |= cap_check( + "Tertiary Exec Control", + vmx_tertiary_exec_control, _vmx_tertiary_exec_control); mismatch |= cap_check( "VMExit Control", vmx_vmexit_control, _vmx_vmexit_control); @@ -1092,6 +1130,7 @@ static int construct_vmcs(struct vcpu *v) v->arch.hvm.vmx.exec_control |= CPU_BASED_RDTSC_EXITING; v->arch.hvm.vmx.secondary_exec_control = vmx_secondary_exec_control; + v->arch.hvm.vmx.tertiary_exec_control = vmx_tertiary_exec_control; /* * Disable features which we don't want active by default: @@ -1146,6 +1185,10 @@ static int construct_vmcs(struct vcpu *v) __vmwrite(SECONDARY_VM_EXEC_CONTROL, v->arch.hvm.vmx.secondary_exec_control); + if ( cpu_has_vmx_tertiary_exec_control ) + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); + /* MSR access bitmap. */ if ( cpu_has_vmx_msr_bitmap ) { @@ -2069,10 +2112,12 @@ void vmcs_dump_vcpu(struct vcpu *v) vmr(HOST_PERF_GLOBAL_CTRL)); printk("*** Control State ***\n"); - printk("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n", + printk("PinBased=%08x CPUBased=%08x\n", vmr32(PIN_BASED_VM_EXEC_CONTROL), - vmr32(CPU_BASED_VM_EXEC_CONTROL), - vmr32(SECONDARY_VM_EXEC_CONTROL)); + vmr32(CPU_BASED_VM_EXEC_CONTROL)); + printk("SecondaryExec=%08x TertiaryExec=%016lx\n", + vmr32(SECONDARY_VM_EXEC_CONTROL), + vmr(TERTIARY_VM_EXEC_CONTROL)); printk("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl, vmexit_ctl); printk("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n", vmr32(EXCEPTION_BITMAP), diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index fed362bc32..26b6e4ca61 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -725,6 +725,12 @@ void vmx_update_secondary_exec_control(struct vcpu *v) v->arch.hvm.vmx.secondary_exec_control); } +void vmx_update_tertiary_exec_control(const struct vcpu *v) +{ + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); +} + void vmx_update_exception_bitmap(struct vcpu *v) { u32 bitmap = unlikely(v->arch.hvm.vmx.vmx_realmode) diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index 0af021d5f5..bbb0966fc3 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -125,6 +125,7 @@ struct vmx_vcpu { /* Cache of cpu execution control. */ u32 exec_control; u32 secondary_exec_control; + uint64_t tertiary_exec_control; u32 exception_bitmap; uint64_t shadow_gs; @@ -207,6 +208,7 @@ void vmx_vmcs_reload(struct vcpu *v); #define CPU_BASED_RDTSC_EXITING 0x00001000 #define CPU_BASED_CR3_LOAD_EXITING 0x00008000 #define CPU_BASED_CR3_STORE_EXITING 0x00010000 +#define CPU_BASED_ACTIVATE_TERTIARY_CONTROLS 0x00020000 #define CPU_BASED_CR8_LOAD_EXITING 0x00080000 #define CPU_BASED_CR8_STORE_EXITING 0x00100000 #define CPU_BASED_TPR_SHADOW 0x00200000 @@ -271,6 +273,14 @@ extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_NOTIFY_VM_EXITING 0x80000000 extern u32 vmx_secondary_exec_control; +#define TERTIARY_EXEC_LOADIWKEY_EXITING BIT(0, UL) +#define TERTIARY_EXEC_ENABLE_HLAT BIT(1, UL) +#define TERTIARY_EXEC_EPT_PAGING_WRITE BIT(2, UL) +#define TERTIARY_EXEC_GUEST_PAGING_VERIFY BIT(3, UL) +#define TERTIARY_EXEC_IPI_VIRT BIT(4, UL) +#define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) +extern uint64_t vmx_tertiary_exec_control; + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -307,6 +317,8 @@ extern u64 vmx_ept_vpid_cap; (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_MSR_BITMAP) #define cpu_has_vmx_secondary_exec_control \ (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) +#define cpu_has_vmx_tertiary_exec_control \ + (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS) #define cpu_has_vmx_ept \ (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) #define cpu_has_vmx_dt_exiting \ @@ -430,6 +442,7 @@ enum vmcs_field { VIRT_EXCEPTION_INFO = 0x0000202a, XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, + TERTIARY_VM_EXEC_CONTROL = 0x00002034, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h index 8e1e42ac47..4ff19488ea 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -102,6 +102,7 @@ void vmx_update_debug_state(struct vcpu *v); void vmx_update_exception_bitmap(struct vcpu *v); void vmx_update_cpu_exec_control(struct vcpu *v); void vmx_update_secondary_exec_control(struct vcpu *v); +void vmx_update_tertiary_exec_control(const struct vcpu *v); #define POSTED_INTR_ON 0 #define POSTED_INTR_SN 1 diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 9b5f67711f..521079191a 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -327,6 +327,7 @@ #define MSR_IA32_VMX_TRUE_EXIT_CTLS 0x48f #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 #define MSR_IA32_VMX_VMFUNC 0x491 +#define MSR_IA32_VMX_PROCBASED_CTLS3 0x492 /* K7/K8 MSRs. Not complete. See the architecture manual for a more complete list. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:35:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:35:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707868.1106258 (Exim 4.92) (envelope-from ) id 1rxHcy-0000a2-DE; Thu, 18 Apr 2024 02:35:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707868.1106258; Thu, 18 Apr 2024 02:35:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcy-0000Zv-Ai; Thu, 18 Apr 2024 02:35:56 +0000 Received: by outflank-mailman (input) for mailman id 707868; Thu, 18 Apr 2024 02:35:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcw-0000Zj-Cm for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHcw-0003R2-C1 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHcw-0006WF-BK for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:35:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yYGky0MRve7fr/zhcma1VyWo0Ty5sXwTa/+Q/iVeP6o=; b=XlpHqNBRpM+FTRk5nMFb/9oAkC 1KsqVg7vvwh1RePQh+0YFmPqttg0CukCIyzg9kjUeJMLvhRu7DSlVS5odBqJOQZaLsUJ7NR/yk+c/ tZy8mPyNQd5gIgPNzINyiyN/uQb0Qw4pDtq5/3TXjmaMZtCAISTES+D8CICRKN1JSLQk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Move __read_mostly data into __ro_after_init Message-Id: Date: Thu, 18 Apr 2024 02:35:54 +0000 commit a0bd738f9cd158306e046c7a6f3726128219e4eb Author: Andrew Cooper AuthorDate: Thu Mar 28 12:38:32 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Move __read_mostly data into __ro_after_init These variables predate the introduction of __ro_after_init, but all qualify. Update them to be consistent with the rest of the file. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 7a09966e7b2823b70f6d56d0cf66c11124f4a3c1) --- xen/arch/x86/spec_ctrl.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ac21af2c5c..0a2de88593 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -61,18 +61,18 @@ bool __ro_after_init opt_ssbd; int8_t __initdata opt_psfd = -1; int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; -int8_t __read_mostly opt_eager_fpu = -1; -int8_t __read_mostly opt_l1d_flush = -1; +int8_t __ro_after_init opt_eager_fpu = -1; +int8_t __ro_after_init opt_l1d_flush = -1; static bool __initdata opt_branch_harden = IS_ENABLED(CONFIG_SPECULATIVE_HARDEN_BRANCH); static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __read_mostly default_xen_spec_ctrl; -uint8_t __read_mostly default_spec_ctrl_flags; +uint8_t __ro_after_init default_xen_spec_ctrl; +uint8_t __ro_after_init default_spec_ctrl_flags; -paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; -bool __read_mostly cpu_has_bug_l1tf; +paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; +bool __ro_after_init cpu_has_bug_l1tf; static unsigned int __initdata l1d_maxphysaddr; static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ @@ -328,8 +328,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) } custom_param("spec-ctrl", parse_spec_ctrl); -int8_t __read_mostly opt_xpti_hwdom = -1; -int8_t __read_mostly opt_xpti_domu = -1; +int8_t __ro_after_init opt_xpti_hwdom = -1; +int8_t __ro_after_init opt_xpti_domu = -1; static __init void xpti_init_default(void) { @@ -393,8 +393,8 @@ static int __init cf_check parse_xpti(const char *s) } custom_param("xpti", parse_xpti); -int8_t __read_mostly opt_pv_l1tf_hwdom = -1; -int8_t __read_mostly opt_pv_l1tf_domu = -1; +int8_t __ro_after_init opt_pv_l1tf_hwdom = -1; +int8_t __ro_after_init opt_pv_l1tf_domu = -1; static int __init cf_check parse_pv_l1tf(const char *s) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:36:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:36:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707869.1106263 (Exim 4.92) (envelope-from ) id 1rxHd8-0000dB-F4; Thu, 18 Apr 2024 02:36:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707869.1106263; Thu, 18 Apr 2024 02:36:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHd8-0000d2-CI; Thu, 18 Apr 2024 02:36:06 +0000 Received: by outflank-mailman (input) for mailman id 707869; Thu, 18 Apr 2024 02:36:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHd6-0000cj-FV for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHd6-0003Rd-Em for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHd6-0006Xm-EB for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JMZGc1FSIaBO49H2k6o3KkttwTXEnWj0zNM5USOdzO4=; b=r3jelcDnAElS1HiZZnoyMH9+Kj 6eCN4zO2GzxfDnqZM5MDrsElgipvOJliZPIVFOePxgLqDR25URcdgFhcPi5TYmnUUsXny0GG9HORN ElXfIz9O9rlpEV1w5c7ptHNQNpnZzEu+fmbniBqc0kFoLmTpSQAGjjr/49JdF/u/nJ5U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch Message-Id: Date: Thu, 18 Apr 2024 02:36:04 +0000 commit 81ebc5abe77223783da0ae567408d8addebd83a7 Author: Andrew Cooper AuthorDate: Wed Apr 3 17:43:42 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch It turns out there is something wonky on some but not all CPUs with MSR_TSX_FORCE_ABORT. The presence of RTM_ALWAYS_ABORT causes Xen to think it's safe to offer HLE/RTM to guests, but in this case, XBEGIN instructions genuinely #UD. Spot this case and try to back out as cleanly as we can. Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich (cherry picked from commit b33f191e3ca99458fdcea1cb5a29dfa4965d1604) --- xen/arch/x86/tsx.c | 55 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 80c6f4cedd..a019400c96 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -1,5 +1,6 @@ #include #include +#include #include /* @@ -9,6 +10,7 @@ * -1 => Default, altered to 0/1 (if unspecified) by: * - TAA heuristics/settings for speculative safety * - "TSX vs PCR3" select for TSX memory ordering safety + * -2 => Implicit tsx=0 (from RTM_ALWAYS_ABORT vs RTM mismatch) * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) * * This is arranged such that the bottom bit encodes whether TSX is actually @@ -122,11 +124,50 @@ void tsx_init(void) if ( cpu_has_tsx_force_abort ) { + uint64_t val; + /* - * On an early TSX-enable Skylake part subject to the memory + * On an early TSX-enabled Skylake part subject to the memory * ordering erratum, with at least the March 2019 microcode. */ + rdmsrl(MSR_TSX_FORCE_ABORT, val); + + /* + * At the time of writing (April 2024), it was discovered that + * some parts (e.g. CoffeeLake 8th Gen, 06-9e-0a, ucode 0xf6) + * advertise RTM_ALWAYS_ABORT, but XBEGIN instructions #UD. Other + * similar parts (e.g. KabyLake Xeon-E3, 06-9e-09, ucode 0xf8) + * operate as expected. + * + * In this case: + * - RTM_ALWAYS_ABORT and MSR_TSX_FORCE_ABORT are enumerated. + * - XBEGIN instructions genuinely #UD. + * - MSR_TSX_FORCE_ABORT appears to be write-discard and fails to + * hold its value. + * - HLE and RTM are not enumerated, despite + * MSR_TSX_FORCE_ABORT.TSX_CPUID_CLEAR being clear. + * + * Spot RTM being unavailable without CLEAR_CPUID being set, and + * treat it as if no TSX is available at all. This will prevent + * Xen from thinking it's safe to offer HLE/RTM to VMs. + */ + if ( val == 0 && cpu_has_rtm_always_abort && !cpu_has_rtm ) + { + printk(XENLOG_ERR + "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RTM_ALWAYS_ABORT vs RTM mismatch\n", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_mask, this_cpu(cpu_sig).rev); + + setup_clear_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + setup_clear_cpu_cap(X86_FEATURE_TSX_FORCE_ABORT); + + if ( opt_tsx < 0 ) + opt_tsx = -2; + + goto done_probe; + } + /* * Probe for the June 2021 microcode which de-features TSX on * client parts. (Note - this is a subset of parts impacted by @@ -136,15 +177,8 @@ void tsx_init(void) * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. */ - if ( !has_rtm_always_abort ) - { - uint64_t val; - - rdmsrl(MSR_TSX_FORCE_ABORT, val); - - if ( val & TSX_ENABLE_RTM ) - has_rtm_always_abort = true; - } + if ( val & TSX_ENABLE_RTM ) + has_rtm_always_abort = true; /* * If no explicit tsx= option is provided, pick a default. @@ -199,6 +233,7 @@ void tsx_init(void) setup_force_cpu_cap(X86_FEATURE_RTM); } } + done_probe: /* * Note: MSR_TSX_CTRL is enumerated on TSX-enabled MDS_NO and later parts. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:36:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:36:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707870.1106266 (Exim 4.92) (envelope-from ) id 1rxHdI-0000fq-GE; Thu, 18 Apr 2024 02:36:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707870.1106266; Thu, 18 Apr 2024 02:36:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdI-0000fj-Dh; Thu, 18 Apr 2024 02:36:16 +0000 Received: by outflank-mailman (input) for mailman id 707870; Thu, 18 Apr 2024 02:36:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdG-0000fY-IM for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdG-0003Rn-Hd for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHdG-0006Yc-Gt for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IJad5FxlH3Y1W9k+G+urmqFjewOcz6Ido5iMwMDdga4=; b=E50O+93dT5rzFSj21adX6vdXAS gQ+XnVJbcAlIJp8ezJxpQqu8/BbRf/e8DTC36tZxqDooTHXA8e80dvI3LFjIEWrXPkO2X0/uEl+/8 M9eTW7q1mqhs0m8zrHIVFNqkj5AyWtAHYTqvprOLuKL0wyCquXkhL+VGVPMETVGeKkto=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/alternatives: fix .init section reference in _apply_alternatives() Message-Id: Date: Thu, 18 Apr 2024 02:36:14 +0000 commit e60fc805d8a2ee2822dc96715bca44ebed135a8c Author: Roger Pau Monné AuthorDate: Tue Apr 9 14:50:46 2024 +0200 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/alternatives: fix .init section reference in _apply_alternatives() The code in _apply_alternatives() will unconditionally attempt to read __initdata_cf_clobber_{start,end} when called as part of applying alternatives to a livepatch payload when Xen is using IBT. That leads to a page-fault as __initdata_cf_clobber_{start,end} living in .init section will have been unmapped by the time a livepatch gets loaded. Fix by adding a check that limits the clobbering of endbr64 instructions to boot time only. Fixes: 37ed5da851b8 ('x86/altcall: Optimise away endbr64 instruction where possible') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper (cherry picked from commit 4be1fef1e6572c2be0bd378902ffb62a6e73faeb) --- xen/arch/x86/alternative.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 1d59dffc46..8356414be7 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -338,7 +338,7 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, * Clobber endbr64 instructions now that altcall has finished optimising * all indirect branches to direct ones. */ - if ( force && cpu_has_xen_ibt ) + if ( force && cpu_has_xen_ibt && system_state < SYS_STATE_active ) { void *const *val; unsigned int clobbered = 0; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:36:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:36:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707871.1106271 (Exim 4.92) (envelope-from ) id 1rxHdS-0000iW-Ho; Thu, 18 Apr 2024 02:36:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707871.1106271; Thu, 18 Apr 2024 02:36:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdS-0000iO-FA; Thu, 18 Apr 2024 02:36:26 +0000 Received: by outflank-mailman (input) for mailman id 707871; Thu, 18 Apr 2024 02:36:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdQ-0000iC-LG for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdQ-0003Ru-KW for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHdQ-0006Z3-Jm for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MzNDXzqHTzszgFGfa10OZav+UsAhg4kPFmjgezRHGdU=; b=m6BYk9u/Z303ZFktE5yyQxL9V1 GJBNV02RqrAQ4YQFH4Pfa9++WUjTHncc/OqzKoAYC8q0sKV07UnSuRzmxq9fthdodP4C3nUK+7t4z L873jrDLojNfugjMOZf9KkCULsov2FuuGmvJv1Rz590Px1blBBoZICxtPyhfWqRYeIFI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests Message-Id: Date: Thu, 18 Apr 2024 02:36:24 +0000 commit d2b179ba6e308769f1b37637d1c746c3dbf55cc0 Author: Andrew Cooper AuthorDate: Tue Apr 9 15:03:05 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests All of these are prediction-mode (i.e. CPL) based. They don't operate as advertised in PV context. Fixes: 4dd676070684 ("x86/spec-ctrl: Expose IPRED_CTRL to guests") Fixes: 478e4787fa64 ("x86/spec-ctrl: Expose RRSBA_CTRL to guests") Fixes: 583f1d095052 ("x86/spec-ctrl: Expose BHI_CTRL to guests") Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 4b3da946ad7e3452761478ae683da842e7ff20d6) --- xen/include/public/arch-x86/cpufeatureset.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 51f238683c..63c8ac8486 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -295,9 +295,9 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*S MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*S MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*S MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:36:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:36:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707872.1106275 (Exim 4.92) (envelope-from ) id 1rxHdc-0000lm-LL; Thu, 18 Apr 2024 02:36:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707872.1106275; Thu, 18 Apr 2024 02:36:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdc-0000lf-Ik; Thu, 18 Apr 2024 02:36:36 +0000 Received: by outflank-mailman (input) for mailman id 707872; Thu, 18 Apr 2024 02:36:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHda-0000lN-Oj for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHda-0003S4-Nz for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHda-0006ZY-NH for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JK0s1N/+vDSJYzGhXymgJpNgvSvzzPjDWeLMNoH8d4s=; b=qyCXRKGoENEdVM/dd3Xvelxwek 81frAaadDPDBv+/E1lg/1ZdE3v57d8Qmi+j/zcNG/410P2TNSKDt9J/6Xfuj9F+9bzJ+D2YBMhcjj WMJpgIP+aWMS3uCBWXQkaRIPN4r6FtJ0Lelp3e2pfyoIKiwgFeGwJwSPqjHj4nMmEg54=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Rename spec_ctrl_flags to scf Message-Id: Date: Thu, 18 Apr 2024 02:36:34 +0000 commit 164c69bcee159b6f5c9f58d49fd3b715be75146f Author: Andrew Cooper AuthorDate: Thu Mar 28 11:57:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Rename spec_ctrl_flags to scf XSA-455 was ultimately caused by having fields with too-similar names. Both {xen,last}_spec_ctrl are fields containing an architectural MSR_SPEC_CTRL value. The spec_ctrl_flags field contains Xen-internal flags. To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which is also the prefix of the constants used by the fields. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit c62673c4334b3372ebd4292a7ac8185357e7ea27) --- xen/arch/x86/acpi/power.c | 4 ++-- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/include/asm/current.h | 2 +- xen/arch/x86/include/asm/domain.h | 2 +- xen/arch/x86/include/asm/spec_ctrl.h | 16 ++++++++-------- xen/arch/x86/include/asm/spec_ctrl_asm.h | 22 +++++++++++----------- xen/arch/x86/setup.c | 2 +- xen/arch/x86/spec_ctrl.c | 18 +++++++++--------- xen/arch/x86/x86_64/asm-offsets.c | 2 +- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 2 +- 14 files changed, 44 insertions(+), 44 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index b76f673acb..5cddb0f0f6 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,7 @@ static int enter_state(u32 state) ci = get_cpu_info(); /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_IST_MASK; + ci->scf &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,7 +290,7 @@ static int enter_state(u32 state) panic("Missing previously available feature(s)\n"); /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); + ci->scf |= (default_scf & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index aca9fa310c..228763b5e9 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2096,10 +2096,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the new spec_ctrl settings. */ - info->spec_ctrl_flags = - (info->spec_ctrl_flags & ~SCF_DOM_MASK) | - (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); + /* Update the top-of-stack block with the new speculation settings. */ + info->scf = + (info->scf & ~SCF_DOM_MASK) | + (nextd->arch.scf & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index c19e964bc6..0264e0bac2 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -103,7 +103,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index cdde76e138..4ee529c57a 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -111,7 +111,7 @@ UNLIKELY_END(realmode) BUILD_BUG_ON(SCF_verw & ~0xff) movzbl VCPU_vmx_launched(%rbx), %ecx shl $31, %ecx - movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax + movzbl CPUINFO_scf(%rsp), %eax and $SCF_verw, %eax or %eax, %ecx diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 49d51fb524..f0fb4874b8 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1386,7 +1386,7 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); - if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + if ( !rc && (d->arch.scf & SCF_entry_ibpb) ) rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, VMX_MSR_HOST); diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index da5e152a10..9cc8d8e3d4 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -57,7 +57,7 @@ struct cpu_info { unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; + uint8_t scf; /* SCF_* */ /* * The following field controls copying of the L4 page table of 64-bit diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h index 5293c0cde4..f90a268b01 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -324,7 +324,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ + uint8_t scf; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index a431fea587..8fc350abe2 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -21,10 +21,10 @@ #define __X86_SPEC_CTRL_H__ /* - * Encoding of: - * cpuinfo.spec_ctrl_flags - * default_spec_ctrl_flags - * domain.spec_ctrl_flags + * Encoding of Xen's speculation control flags in: + * cpuinfo.scf + * default_scf + * domain.scf * * Live settings are in the top-of-stack block, because they need to be * accessable when XPTI is active. Some settings are fixed from boot, some @@ -94,7 +94,7 @@ extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; -extern uint8_t default_spec_ctrl_flags; +extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; @@ -114,7 +114,7 @@ static inline void init_shadow_spec_ctrl_state(void) info->shadow_spec_ctrl = 0; info->xen_spec_ctrl = default_xen_spec_ctrl; - info->spec_ctrl_flags = default_spec_ctrl_flags; + info->scf = default_scf; /* * For least latency, the VERW selector should be a writeable data @@ -138,7 +138,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) */ info->shadow_spec_ctrl = val; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); @@ -187,7 +187,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. */ - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index e85db1a329..8c488be048 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -51,7 +51,7 @@ * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow - * boolean in the per cpu spec_ctrl_flags. The synchronous use is: + * boolean in the per cpu scf. The synchronous use is: * * 1) Store guest value in shadow_spec_ctrl * 2) Set the use_shadow boolean @@ -98,11 +98,11 @@ * interrupting Xen. */ .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) .endif jz .L\@_skip @@ -172,8 +172,8 @@ #define STK_REL(field, top_of_stk) ((field) - (top_of_stk)) .macro SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) + scf=STK_REL(CPUINFO_scf, CPUINFO_error_code), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) /* * Requires \scf and \sel as %rsp-relative expressions * Clobbers eflags @@ -228,10 +228,10 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else - andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + andb $~SCF_use_shadow, CPUINFO_scf(%rsp) movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax .endif @@ -250,7 +250,7 @@ mov %eax, CPUINFO_shadow_spec_ctrl(%rsp) /* Set SPEC_CTRL shadowing *before* loading the guest value. */ - orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + orb $SCF_use_shadow, CPUINFO_scf(%rsp) mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx @@ -328,7 +328,7 @@ * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -353,7 +353,7 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx @@ -387,7 +387,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs * Clobbers %rax, %rbx, %rcx, %rdx */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx testb $SCF_ist_sc_msr, %bl jz .L\@_skip_sc_msr diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 0c00ea875d..d47f156711 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1984,7 +1984,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0a2de88593..ab81ad457b 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -69,7 +69,7 @@ static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; uint8_t __ro_after_init default_xen_spec_ctrl; -uint8_t __ro_after_init default_spec_ctrl_flags; +uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; bool __ro_after_init cpu_has_bug_l1tf; @@ -1117,7 +1117,7 @@ static void __init ibpb_calculations(void) * NMI/#MC, so can't interrupt Xen ahead of having already flushed the * BTB. */ - default_spec_ctrl_flags |= SCF_ist_ibpb; + default_scf |= SCF_ist_ibpb; } if ( opt_ibpb_entry_hvm ) setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); @@ -1618,7 +1618,7 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); - d->arch.spec_ctrl_flags = + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | 0; @@ -1723,7 +1723,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1734,7 +1734,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1869,7 +1869,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } /* @@ -1892,7 +1892,7 @@ void __init init_speculation_mitigations(void) * possible rogue RSB speculation. */ if ( !cpu_has_svm ) - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } srso_calculations(hw_smt_enabled); @@ -1905,7 +1905,7 @@ void __init init_speculation_mitigations(void) if ( opt_eager_fpu == -1 ) opt_eager_fpu = should_use_eager_fpu(); - /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ + /* (Re)init BSP state now that default_scf has been calculated. */ init_shadow_spec_ctrl_state(); /* @@ -2178,7 +2178,7 @@ void __init init_speculation_mitigations(void) { info->shadow_spec_ctrl = 0; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); } diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 4cd5938d7b..fba82d6436 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -154,7 +154,7 @@ void __dummy__(void) OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); - OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); + OFFSET(CPUINFO_scf, struct cpu_info, scf); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info)); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 3b2fbcd873..fab85eb733 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -164,8 +164,8 @@ ENTRY(compat_restore_all_guest) /* Account for ev/ec having already been popped off the stack. */ SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) + scf=STK_REL(CPUINFO_scf, CPUINFO_rip), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) .Lft0: iretq _ASM_PRE_EXTABLE(.Lft0, handle_exception) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index ef517e2945..50fc048834 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -692,7 +692,7 @@ UNLIKELY_END(exit_cr3) /* * When the CPU pushed this exception frame, it zero-extended eflags. * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of - * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs, + * scf and ver_sel above eflags, as we can't use any GPRs, * and we're at a random place on the stack, not in a CPUFINFO block. * * Account for ev/ec having already been popped off the stack. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:36:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:36:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707873.1106280 (Exim 4.92) (envelope-from ) id 1rxHdl-0000oO-Nt; Thu, 18 Apr 2024 02:36:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707873.1106280; Thu, 18 Apr 2024 02:36:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdl-0000oG-KI; Thu, 18 Apr 2024 02:36:45 +0000 Received: by outflank-mailman (input) for mailman id 707873; Thu, 18 Apr 2024 02:36:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdk-0000o8-Rp for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdk-0003SB-R7 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHdk-0006a5-QS for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+aRcPLd+yHjj6ObCpB+MARc79S9ez6bbT3YmtX9+e1w=; b=4Zg+AQc3bJP8Q7SOsUhLRXtt7W Y8b4ymwsPq1EJaQwwB9B48YyShSr31cWe6fL+yloyXyFmgRMjBR38wj8ID8+nTStDyFXfGQlKlqkD rB0J4zPznYU88qYfk3+I8qUyJV2eQA7WfuHwI8Mtk6ie78Qu0ILLEacpI+2YmEIoXZvs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Message-Id: Date: Thu, 18 Apr 2024 02:36:44 +0000 commit 05f6fe7c39fe0c44807a51f6aa1d8ee1a38de197 Author: Andrew Cooper AuthorDate: Fri Mar 22 11:41:41 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Right now, we have a mix of safety strategies in different blocks, making the logic fragile and hard to follow. Start addressing this by having a safety LFENCE at the end of the blocks, which can be patched out if other safety criteria are met. This will allow us to simplify the sub-blocks. For SPEC_CTRL_ENTRY_FROM_IST, simply leave an LFENCE unconditionally at the end; the IST path is not a fast-path by any stretch of the imagination. For SPEC_CTRL_ENTRY_FROM_INTR, the existing description was incorrect. The IRET #GP path is non-fatal but can occur with the guest's choice of MSR_SPEC_CTRL. It is safe to skip the flush/barrier-like protections when interrupting Xen, but we must run DO_SPEC_CTRL_ENTRY irrespective. This will skip RSB stuffing which was previously unconditional even when interrupting Xen. AFAICT, this is a missing cleanup from commit 3fffaf9c13e9 ("x86/entry: Avoid using alternatives in NMI/#MC paths") where we split the IST entry path out of the main INTR entry path. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 94896de1a98c4289fe6fef9e16ef99fc6ef2efc4) --- xen/arch/x86/hvm/vmx/entry.S | 1 + xen/arch/x86/include/asm/cpufeatures.h | 4 +++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 27 +++++++++-------- xen/arch/x86/spec_ctrl.c | 52 ++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 4ee529c57a..8d5b683879 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -43,6 +43,7 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 7e8221fd85..6422c66b0f 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -52,5 +52,9 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_BUG_CLFLUSH_MFENCE X86_BUG( 2) /* MFENCE needed to serialise CLFLUSH */ #define X86_BUG_IBPB_NO_RET X86_BUG( 3) /* IBPB doesn't flush the RSB/RAS */ +#define X86_SPEC_NO_LFENCE_ENTRY_PV X86_BUG(16) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_PV. */ +#define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ +#define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 8c488be048..e58e5110d9 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -273,25 +273,37 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm /* * Used after an exception or maskable interrupt, hitting Xen or PV context. - * There will either be a guest speculation context, or (barring fatal - * exceptions) a well-formed Xen speculation context. + * There will either be a guest speculation context, or a well-formed Xen + * speculation context, with the exception of one case. IRET #GP handling may + * have a guest choice of MSR_SPEC_CTRL. + * + * Therefore, we can skip the flush/barrier-like protections when hitting Xen, + * but we must still run the mode-based protections. */ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rcx, %rdx */ + testb $3, UREGS_cs(%rsp) + jz .L\@_skip + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV +.L\@_skip: ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm /* @@ -360,18 +372,9 @@ movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr - /* Opencoded UNLIKELY_START() with no condition. */ -UNLIKELY_DISPATCH_LABEL(\@_serialise): - .subsection 1 - /* - * In the case that we might need to set SPEC_CTRL.IBRS for safety, we - * need to ensure that an attacker can't poison the `jz .L\@_skip_wrmsr` - * to speculate around the WRMSR. As a result, we need a dispatch - * serialising instruction in the else clause. - */ .L\@_skip_msr_spec_ctrl: + lfence - UNLIKELY_END(\@_serialise) .endm /* diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ab81ad457b..2b22deb891 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2154,6 +2154,58 @@ void __init init_speculation_mitigations(void) print_details(thunk); + /* + * With the alternative blocks now chosen, see if we need any other + * adjustments for safety. + * + * We compile the LFENCE in, and patch it out if it's not needed. + * + * Notes: + * - SPEC_CTRL_ENTRY_FROM_SVM doesn't need an LFENCE because it has an + * unconditional STGI. + * - SPEC_CTRL_ENTRY_FROM_IST handles its own safety, without the use of + * alternatives. + * - DO_OVERWRITE_RSB has conditional branches in it, but it's an inline + * sequence. It is considered safe for uarch reasons. + */ + { + /* + * SPEC_CTRL_ENTRY_FROM_PV conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we're not using any prior conditional mitigation, + * then it's safe to drop the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); + + /* + * SPEC_CTRL_ENTRY_FROM_INTR conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we have no protections active in the block that + * is skipped when interrupting guest context, then it's safe to drop + * the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); + + /* + * SPEC_CTRL_ENTRY_FROM_VMX conditional safety + * + * Currently there are no safety actions with conditional branches, so + * no need for the extra safety LFENCE. + */ + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + } + /* * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard * any firmware settings. For performance reasons, when safe to do so, we -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:36:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:36:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707874.1106282 (Exim 4.92) (envelope-from ) id 1rxHdv-0000r4-OW; Thu, 18 Apr 2024 02:36:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707874.1106282; Thu, 18 Apr 2024 02:36:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdv-0000qx-Lk; Thu, 18 Apr 2024 02:36:55 +0000 Received: by outflank-mailman (input) for mailman id 707874; Thu, 18 Apr 2024 02:36:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdu-0000qp-Uu for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHdu-0003SJ-UA for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHdu-0006as-TW for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:36:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jdHEneRNk6jRrZYBxzF31Ysrs0od9Cp5f01x/ujAt0o=; b=AEHWcdfUmCnu3q71pLQld4rNSI GjvhJDaOmkq+y7cIS9v3YfiKXFVjOmpnEgD/+x0rHqQwd7OrvmIHrXceyhmUGxWlDHMf6wGN3aLCM cmJV/Ru6LGba5MHmui+L/bVn3UJ0ofEWX3hYu5oVKZVHTytGj5SSBi7RhGqe9YNOjTy0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Message-Id: Date: Thu, 18 Apr 2024 02:36:54 +0000 commit 687691733f4834b7edfd52cae6339d43257a19b3 Author: Andrew Cooper AuthorDate: Fri Mar 22 15:52:06 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Other SPEC_CTRL_* paths already use %r14 like this, and it will allow for simplifications. All instances of SPEC_CTRL_ENTRY_FROM_PV are followed by a GET_STACK_END() invocation, so this change is only really logic and register shuffling. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22390697bf1b4cd3024f2d10893dec3c3ec08a9c) --- xen/arch/x86/x86_64/compat/entry.S | 4 +++- xen/arch/x86/x86_64/entry.S | 44 +++++++++++++++++++++----------------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index fab85eb733..a32b95f7c3 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,6 +18,8 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, EFRAME_entry_vector(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ @@ -25,7 +27,7 @@ ENTRY(entry_int82) CR4_PV32_RESTORE - GET_CURRENT(bx) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov %rsp, %rdi call do_entry_int82 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 50fc048834..78c00bdd19 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -266,21 +266,22 @@ ENTRY(lstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Llstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Llstar_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx testb $TF_kernel_mode,VCPU_thread_flags(%rbx) jz switch_to_kernel @@ -303,23 +304,24 @@ ENTRY(cstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lcstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lcstar_cr3_okay: sti CR4_PV32_RESTORE - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx #ifdef CONFIG_PV32 movq VCPU_domain(%rbx), %rcx @@ -344,23 +346,24 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lsyse_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl @@ -398,17 +401,18 @@ ENTRY(int80_direct_trap) movl $0x80, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lint80_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lint80_cr3_okay: sti @@ -418,7 +422,7 @@ UNLIKELY_START(ne, msi_check) call check_for_unexpected_msi UNLIKELY_END(msi_check) - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov VCPU_trap_ctxt(%rbx), %rsi mov VCPU_domain(%rbx), %rax -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:37:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:37:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707875.1106287 (Exim 4.92) (envelope-from ) id 1rxHe5-0000um-RT; Thu, 18 Apr 2024 02:37:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707875.1106287; Thu, 18 Apr 2024 02:37:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHe5-0000ue-Om; Thu, 18 Apr 2024 02:37:05 +0000 Received: by outflank-mailman (input) for mailman id 707875; Thu, 18 Apr 2024 02:37:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHe5-0000uR-1U for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHe5-0003Sw-0n for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHe5-0006dN-09 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zZQG7xmkA+d7sTvt6lSIG2q1ORhfEpfyJfuEVb5mNz8=; b=E9m3G9JMGrORrvxOxLkRpRZLc0 rZAxRYXoedmW9TFqQ/v3G1xCsDUhxFAaxlwo3eqIaGq2ifpr92VMk1crMxkxRlMB2DWn1+bqZw8Yh mFKFVaWder1QF7ccHxI8H6l+aquUMQ+BGji9DuO1q+cBzosAjpRN/rbF+owSXxI8KWhw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} Message-Id: Date: Thu, 18 Apr 2024 02:37:05 +0000 commit d2313bd20d36a452e0b4906da4814149a18e5acf Author: Andrew Cooper AuthorDate: Fri Mar 22 12:08:02 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} ... as we do in the exit paths too. This will allow simplification to the sub-blocks. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9607aeb6602b8ed9962404de3f5f90170ffddb66) --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 10 +++++++--- xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++++------ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index e58e5110d9..67f6963e8d 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -263,9 +263,11 @@ */ .macro SPEC_CTRL_ENTRY_FROM_PV /* - * Requires %rsp=regs/cpuinfo, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs/cpuinfo, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ X86_FEATURE_IBPB_ENTRY_PV @@ -289,8 +291,10 @@ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + testb $3, UREGS_cs(%rsp) jz .L\@_skip diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index a32b95f7c3..ff462a92e0 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,7 +20,7 @@ ENTRY(entry_int82) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ sti diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 78c00bdd19..801d241337 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -268,7 +268,7 @@ ENTRY(lstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -306,7 +306,7 @@ ENTRY(cstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -348,7 +348,7 @@ GLOBAL(sysenter_eflags_saved) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ @@ -403,7 +403,7 @@ ENTRY(int80_direct_trap) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -713,7 +713,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -747,7 +747,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:37:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:37:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707876.1106292 (Exim 4.92) (envelope-from ) id 1rxHeF-0000xQ-Tm; Thu, 18 Apr 2024 02:37:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707876.1106292; Thu, 18 Apr 2024 02:37:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHeF-0000xG-QE; Thu, 18 Apr 2024 02:37:15 +0000 Received: by outflank-mailman (input) for mailman id 707876; Thu, 18 Apr 2024 02:37:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHeF-0000xA-4O for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHeF-0003T6-3e for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHeF-0006eA-2z for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ioy5P9hRsi2qRO0Iyel5u+J8XjQkOBhOSOdzpe6HJ5E=; b=IJMvPr1kVjH3Al4MqZPJ4N+WkX sPsgPTX7HHqlJLBj5bw2eGsPONXNi0w52eq0mwcUJQxkSAdv2mteg3EeNAR+3Bp7+EWC0MC45247b iGTa2KFupQc3iBvdTkya1W/PLwWGPInFx0AIc0GQUuXxX1QOnH9KZfc1K5PY8ZJ1knAw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Simplify DO_COND_IBPB Message-Id: Date: Thu, 18 Apr 2024 02:37:15 +0000 commit b73f37b91ce05c28cb998ef4870198922fa2b17c Author: Andrew Cooper AuthorDate: Fri Mar 22 14:33:17 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Simplify DO_COND_IBPB With the prior refactoring, SPEC_CTRL_ENTRY_{PV,INTR} both load SCF into %ebx, and handle the conditional safety including skipping if interrupting Xen. Therefore, we can drop the maybexen parameter and the conditional safety. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 2378d16a931de0e62c03669169989e9437306abe) --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 67f6963e8d..8d171ecca2 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -87,33 +87,21 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ -.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +.macro DO_COND_IBPB /* - * Requires %rsp=regs (also cpuinfo if !maybexen) - * Requires %r14=stack_end (if maybexen), %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rbx=SCF, %rdx=0 + * Clobbers %rax, %rcx * - * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen - * case, we can safely look at UREGS_cs to skip taking the hit when - * interrupting Xen. + * Conditionally issue IBPB if SCF_entry_ibpb is active. */ - .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) - jz .L\@_skip - testb $3, UREGS_cs(%rsp) - .else - testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) - .endif + testb $SCF_entry_ibpb, %bl jz .L\@_skip mov $MSR_PRED_CMD, %ecx mov $PRED_CMD_IBPB, %eax wrmsr - jmp .L\@_done .L\@_skip: - lfence -.L\@_done: .endm .macro DO_OVERWRITE_RSB tmp=rax xu @@ -268,8 +256,7 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -298,8 +285,7 @@ testb $3, UREGS_cs(%rsp) jz .L\@_skip - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -339,7 +325,7 @@ * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of: - * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_COND_IBPB * DO_OVERWRITE_RSB * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:37:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:37:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707877.1106294 (Exim 4.92) (envelope-from ) id 1rxHeP-000108-UI; Thu, 18 Apr 2024 02:37:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707877.1106294; Thu, 18 Apr 2024 02:37:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHeP-000101-Ro; Thu, 18 Apr 2024 02:37:25 +0000 Received: by outflank-mailman (input) for mailman id 707877; Thu, 18 Apr 2024 02:37:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHeP-0000zt-7V for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHeP-0003TH-6o for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHeP-0006fF-60 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W55vVmm399xO7pjLswSRNgT7atFaIgwAYg/7pUidgtE=; b=I/yvDgwtfWWRY/rGyg6pQcYq8V kvkSQy4XwDXJ3zJYEe8lHW7MhE/rdzdn94xY2/j5kZLdl6jEBO0353T3RPJTptKKtELj3TfrkKhdY u9fc5hXxsTp9AcoUp9pFceyL+o5Ln6VwrC6auS7GYH7t/pInIR2+l4egm8MrpNedD7YQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* Message-Id: Date: Thu, 18 Apr 2024 02:37:25 +0000 commit 046f90e1b5c72ebc609eb1629c80cf5e077da02b Author: Andrew Cooper AuthorDate: Mon Mar 25 11:09:35 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* The complexity is getting out of hand. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 40dea83b75386cb693481cf340024ce093be5c0f) --- xen/arch/x86/hvm/svm/entry.S | 14 ++++++++ xen/arch/x86/hvm/vmx/entry.S | 14 ++++++++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 59 ++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 0264e0bac2..58d8a1bffa 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -102,6 +102,11 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular + * making type-confused RETs safe to use. This is not needed on Zen5 + * and later parts when SRSO_MSR_FIX (BP-SPEC-REDUCE) is in use. + */ .macro svm_vmexit_cond_ibpb testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb @@ -113,8 +118,17 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + /* + * RSB (RAS/RAP) stuffing is to prevents RET predictions following guest + * entries. This is not needed on Zen4 and later, when AutoIBRS is in + * use. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting, making indirect CALLs/JMPs + * safe to use. The guest's setting resides in the VMCB. + */ .macro svm_vmexit_spec_ctrl movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax movzbl CPUINFO_last_spec_ctrl(%rsp), %edx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 8d5b683879..008d76a6e1 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -34,8 +34,22 @@ ENTRY(vmx_asm_vmexit_handler) mov %rax,VCPU_hvm_guest_cr2(%rbx) /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* + * RSB stuffing is to prevents RET predictions following guest + * entries. This is *not* sufficient to flush all RSB entries on + * parts enumerating eIBRS, although the following restore_spec_ctrl + * does covers us. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting. The guest's value resides in + * the MSR load/save list. For Legacy IBRS, this flushes/inhibits + * indirect predictions and does not flush the RSB. For eIBRS, this + * prevents CALLs/JMPs using predictions learnt at a lower predictor + * mode, and it flushes the RSB. On eIBRS parts that also suffer from + * PBRSB, the prior RSB stuffing suffices to make the RSB safe. + */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 8d171ecca2..9531d046d7 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -256,10 +256,32 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. + */ ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * This is not needed if SMEP is active and the RSB is full-width. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. The + * guest can't change it's value behind Xen's back. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. + */ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV @@ -282,6 +304,14 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * All safety notes the same as SPEC_CTRL_ENTRY_FROM_PV, although there is + * a conditional jump skipping some actions when interrupting Xen. + * + * On Intel parts, the IRET #GP path ends up here with the guest's choice + * of MSR_SPEC_CTRL. + */ + testb $3, UREGS_cs(%rsp) jz .L\@_skip @@ -332,6 +362,19 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. The SVM path takes care of + * Host/Guest interactions prior to clearing GIF, and it's not used on the + * VMX path. + */ test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -341,6 +384,12 @@ .L\@_skip_ibpb: + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * SCF_ist_rsb is active if either PV or HVM protections are needed. The + * VMX path cannot guarantee to make the RSB safe ahead of taking an IST + * vector. + */ test $SCF_ist_rsb, %bl jz .L\@_skip_rsb @@ -348,6 +397,16 @@ .L\@_skip_rsb: + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. PV + * guests can't change their value behind Xen's back. HVM guests have + * their value stored in the MSR load/save list. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. On eIBRS parts that also + * suffer from PBRSB, the prior RSB stuffing suffices to make the RSB + * safe. + */ test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:37:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:37:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707878.1106299 (Exim 4.92) (envelope-from ) id 1rxHea-000131-0J; Thu, 18 Apr 2024 02:37:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707878.1106299; Thu, 18 Apr 2024 02:37:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHeZ-00012t-Tb; Thu, 18 Apr 2024 02:37:35 +0000 Received: by outflank-mailman (input) for mailman id 707878; Thu, 18 Apr 2024 02:37:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHeZ-00012j-At for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHeZ-0003TO-AC for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHeZ-0006g1-9X for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+M7obkDqUT75axISYxqM7PZ+k/DS0C3R1lSwihChP0c=; b=SqhMCMPTfXlYOXitoWaI96CPMD bGru4W3WdvOTtDfotddE4ioXm0JnwXv1jcgWnslwyBFNs35PfFxHZvTDxAQTuO597yf10Bbhy+Li8 YNVCYkUwcymTrtiJ/o7sp/9Ru21gjiQdRU+RN1sTy/Wwv2yYotGmskekSAv32VETBfmg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/vmx: Add support for virtualize SPEC_CTRL Message-Id: Date: Thu, 18 Apr 2024 02:37:35 +0000 commit 587298a707ea6c9afd3565a1f68fd43bc21038e9 Author: Roger Pau Monne AuthorDate: Thu Feb 15 17:46:53 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/vmx: Add support for virtualize SPEC_CTRL The feature is defined in the tertiary exec control, and is available starting from Sapphire Rapids and Alder Lake CPUs. When enabled, two extra VMCS fields are used: SPEC_CTRL mask and shadow. Bits set in mask are not allowed to be toggled by the guest (either set or clear) and the value in the shadow field is the value the guest expects to be in the SPEC_CTRL register. By using it the hypervisor can force the value of SPEC_CTRL bits behind the guest back without having to trap all accesses to SPEC_CTRL, note that no bits are forced into the guest as part of this patch. It also allows getting rid of SPEC_CTRL in the guest MSR load list, since the value in the shadow field will be loaded by the hardware on vmentry. Signed-off-by: Roger Pau Monné Signed-off-by: Andrew Cooper (cherry picked from commit 97c5b8b657e41a6645de9d40713b881234417b49) --- xen/arch/x86/hvm/vmx/vmcs.c | 12 ++++++++++- xen/arch/x86/hvm/vmx/vmx.c | 37 ++++++++++++++++++++++++++------- xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 5 +++++ xen/arch/x86/include/asm/msr.h | 7 +++++-- 4 files changed, 51 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index f0fb4874b8..11464c60ed 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -215,6 +215,7 @@ static void __init vmx_display_features(void) P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); P(cpu_has_vmx_bus_lock_detection, "Bus Lock Detection"); P(cpu_has_vmx_notify_vm_exiting, "Notify VM Exit"); + P(cpu_has_vmx_virt_spec_ctrl, "Virtualize SPEC_CTRL"); #undef P if ( !printed ) @@ -378,7 +379,7 @@ static int vmx_init_vmcs_config(bool bsp) if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) { - uint64_t opt = 0; + uint64_t opt = TERTIARY_EXEC_VIRT_SPEC_CTRL; _vmx_tertiary_exec_control = adjust_vmx_controls2( "Tertiary Exec Control", 0, opt, @@ -1377,6 +1378,12 @@ static int construct_vmcs(struct vcpu *v) if ( cpu_has_vmx_tsc_scaling ) __vmwrite(TSC_MULTIPLIER, d->arch.hvm.tsc_scaling_ratio); + if ( cpu_has_vmx_virt_spec_ctrl ) + { + __vmwrite(SPEC_CTRL_MASK, 0); + __vmwrite(SPEC_CTRL_SHADOW, 0); + } + /* will update HOST & GUEST_CR3 as reqd */ paging_update_paging_modes(v); @@ -2087,6 +2094,9 @@ void vmcs_dump_vcpu(struct vcpu *v) if ( v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY ) printk("InterruptStatus = %04x\n", vmr16(GUEST_INTR_STATUS)); + if ( cpu_has_vmx_virt_spec_ctrl ) + printk("SPEC_CTRL mask = 0x%016lx shadow = 0x%016lx\n", + vmr(SPEC_CTRL_MASK), vmr(SPEC_CTRL_SHADOW)); printk("*** Host State ***\n"); printk("RIP = 0x%016lx (%ps) RSP = 0x%016lx\n", diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 26b6e4ca61..38d6d78607 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -759,23 +759,28 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored. + * + * If VMX_VIRT_SPEC_CTRL is available, it is activated by default and the + * guest MSR_SPEC_CTRL value lives in the VMCS. Otherwise, it lives in + * the MSR load/save list. */ if ( cp->feat.ibrsb ) { vmx_clear_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); - if ( rc ) - goto out; + if ( !cpu_has_vmx_virt_spec_ctrl ) + { + rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); + if ( rc ) + goto out; + } } else { vmx_set_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); - if ( rc && rc != -ESRCH ) - goto out; - rc = 0; /* Tolerate -ESRCH */ + if ( !cpu_has_vmx_virt_spec_ctrl ) + vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ @@ -2592,6 +2597,10 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - fetched below. */ + break; + rc = vmx_read_guest_msr(v, reg, &val); if ( rc ) { @@ -2612,6 +2621,11 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmread(SPEC_CTRL_SHADOW, &val); + break; + case MSR_IA32_BNDCFGS: __vmread(GUEST_BNDCFGS, &val); break; @@ -2636,6 +2650,10 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - set below. */ + break; + rc = vmx_write_guest_msr(v, reg, val); if ( rc ) { @@ -2650,6 +2668,11 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmwrite(SPEC_CTRL_SHADOW, val); + break; + case MSR_IA32_BNDCFGS: __vmwrite(GUEST_BNDCFGS, val); break; diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index bbb0966fc3..63074a49c0 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -281,6 +281,9 @@ extern u32 vmx_secondary_exec_control; #define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) extern uint64_t vmx_tertiary_exec_control; +#define cpu_has_vmx_virt_spec_ctrl \ + (vmx_tertiary_exec_control & TERTIARY_EXEC_VIRT_SPEC_CTRL) + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -443,6 +446,8 @@ enum vmcs_field { XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, TERTIARY_VM_EXEC_CONTROL = 0x00002034, + SPEC_CTRL_MASK = 0x0000204a, + SPEC_CTRL_SHADOW = 0x0000204c, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index adda736efc..0309b7dfbe 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -290,8 +290,11 @@ struct vcpu_msrs * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. * - * For VT-x guests, the guest value is held in the MSR guest load/save - * list. + * For VT-x guests, one of two situations exist: + * + * - If hardware supports virtualized MSR_SPEC_CTRL, it is active by + * default and the guest value lives in the VMCS. + * - Otherwise, the guest value is held in the MSR load/save list. * * For SVM, the guest value lives in the VMCB, and hardware saves/restores * the host value automatically. However, guests run with the OR of the -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:37:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:37:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707879.1106303 (Exim 4.92) (envelope-from ) id 1rxHek-00016D-3x; Thu, 18 Apr 2024 02:37:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707879.1106303; Thu, 18 Apr 2024 02:37:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHek-000164-0S; Thu, 18 Apr 2024 02:37:46 +0000 Received: by outflank-mailman (input) for mailman id 707879; Thu, 18 Apr 2024 02:37:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHej-00015q-E3 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHej-0003TY-DE for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHej-0006gt-Ca for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8ddZRHPvGqR4XBnmBDiD3OS4OgiIi+Q5UI+d18Be6qE=; b=XoS2NqYBBHAd5wPR8CeQekz8tC erTqJ7nV7FOQ0+QaBdBDRq3Q5aQL36plaHC3jG4EI1jqnr0LyevIWKjtTWGN2JF955jdc5m1ig5zW ItyIP1KENJvuHm7vZcFd0m9KCc+eJHUiR/k6CxvNIeKnf2Bqa5t8EWVUpiQmeofLktTU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Message-Id: Date: Thu, 18 Apr 2024 02:37:45 +0000 commit e32ff92de8905f35b7e0e44b53100271b5992ce2 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:43:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Right now, they're all bytes, but MSR_SPEC_CTRL has been steadily gaining new features. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 45dac88e78e8a2d9d8738eef884fe6730faf9e67) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/include/asm/spec_ctrl.h | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 6 +++--- xen/arch/x86/spec_ctrl.c | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 58d8a1bffa..8779856fb5 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -63,14 +63,14 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ .macro svm_vmentry_spec_ctrl mov VCPU_arch_msrs(%rbx), %rax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_last_spec_ctrl(%rsp), %edx mov VCPUMSR_spec_ctrl_raw(%rax), %eax cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM @@ -130,14 +130,14 @@ __UNLIKELY_END(nsvm_hap) * safe to use. The guest's setting resides in the VMCB. */ .macro svm_vmexit_spec_ctrl - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_last_spec_ctrl(%rsp), %edx cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 008d76a6e1..9250eb1839 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -52,7 +52,7 @@ ENTRY(vmx_asm_vmexit_handler) */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax xor %edx, %edx wrmsr .endm diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index 9cc8d8e3d4..ba82b413e2 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -55,8 +55,8 @@ struct cpu_info { /* See asm/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; - uint8_t xen_spec_ctrl; - uint8_t last_spec_ctrl; + unsigned int xen_spec_ctrl; + unsigned int last_spec_ctrl; uint8_t scf; /* SCF_* */ /* diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 8fc350abe2..7048e5ee21 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -93,7 +93,7 @@ extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; -extern uint8_t default_xen_spec_ctrl; +extern unsigned int default_xen_spec_ctrl; extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 9531d046d7..d232172159 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -217,10 +217,10 @@ setnz %al not %eax and %al, STACK_CPUINFO_FIELD(scf)(%r14) - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else andb $~SCF_use_shadow, CPUINFO_scf(%rsp) - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax .endif wrmsr @@ -418,7 +418,7 @@ /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr .L\@_skip_msr_spec_ctrl: diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 2b22deb891..5ccd82f161 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -68,7 +68,7 @@ static bool __initdata opt_branch_harden = static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __ro_after_init default_xen_spec_ctrl; +unsigned int __ro_after_init default_xen_spec_ctrl; uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:37:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:37:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707880.1106307 (Exim 4.92) (envelope-from ) id 1rxHeu-00018p-4u; Thu, 18 Apr 2024 02:37:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707880.1106307; Thu, 18 Apr 2024 02:37:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHeu-00018e-1y; Thu, 18 Apr 2024 02:37:56 +0000 Received: by outflank-mailman (input) for mailman id 707880; Thu, 18 Apr 2024 02:37:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHet-00018W-Gz for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHet-0003Tf-GE for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHet-0006hu-Fd for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:37:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0ZNJAxUcecPhwRLJOd/kZ76qGE7dVdKJUEaHbQn735A=; b=lMwqrErOOCYP8J23yCsuu0Tn7+ YeIO9VpjC+/SJJDQbnKEp0KwXbWp3dgTPgmwN4rpB72QrucVzfiypbP7Varr61GzqJTQfCRH4QC2A fbAWu/h1M4RcDG1r2Wy2LgnsQ/c9ZZb/6DhX6hTv+hzkqgdGB6IHX0rRb5gDEIu2q5fM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86: Use indirect calls in reset-stack infrastructure Message-Id: Date: Thu, 18 Apr 2024 02:37:55 +0000 commit e2a2cfb4ddf05a76e072ea84172d6a83ba392d20 Author: Andrew Cooper AuthorDate: Fri Dec 22 17:44:48 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86: Use indirect calls in reset-stack infrastructure Mixing up JMP and CALL indirect targets leads a very fun form of speculative type confusion. A target which is expecting to be called CALLed needs a return address on the stack, and an indirect JMP doesn't place one there. An indirect JMP which predicts to a target intending to be CALLed can end up with a RET speculatively executing with a value from the JMPers stack frame. There are several ways get indirect JMPs in Xen. * From tailcall optimisations. These are safe because the compiler has arranged the stack to point at the callee's return address. * From jump tables. These are unsafe, but Xen is built with -fno-jump-tables to work around several compiler issues. * From reset_stack_and_jump_ind(), which is particularly unsafe. Because of the additional stack adjustment made, the value picked up off the stack is regs->r15 of the next vCPU to run. In order to mitigate this type confusion, we want to make all indirect targets be CALL targets, and remove the use of indirect JMP except via tailcall optimisation. Luckily due to XSA-348, all C target functions of reset_stack_and_jump_ind() are noreturn. {svm,vmx}_do_resume() exits via reset_stack_and_jump(); a direct JMP with entirely different prediction properties. idle_loop() is an infinite loop which eventually exits via reset_stack_and_jump_ind() from a new schedule. i.e. These paths are all fine having one extra return address on the stack. This leaves continue_pv_domain(), which is expecting to be a JMP target. Alter it to strip the return address off the stack, which is safe because there isn't actually a RET expecting to return to its caller. This allows us change reset_stack_and_jump_ind() to reset_stack_and_call_ind() in order to mitigate the speculative type confusion. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8e186f98ce0e35d1754ec9299da41ec98873b65c) --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/x86_64/entry.S | 8 ++++++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 228763b5e9..5dbd1d8a12 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2112,12 +2112,12 @@ void context_switch(struct vcpu *prev, struct vcpu *next) /* Ensure that the vcpu has an up-to-date time base. */ update_vcpu_system_time(next); - reset_stack_and_jump_ind(nextd->arch.ctxt_switch->tail); + reset_stack_and_call_ind(nextd->arch.ctxt_switch->tail); } void continue_running(struct vcpu *same) { - reset_stack_and_jump_ind(same->domain->arch.ctxt_switch->tail); + reset_stack_and_call_ind(same->domain->arch.ctxt_switch->tail); } int __sync_local_execstate(void) diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index ba82b413e2..2f723bcf1b 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -196,10 +196,10 @@ unsigned long get_stack_dump_bottom (unsigned long sp); switch_stack_and_jump(fn, "jmp %c", "i") /* The constraint may only specify non-call-clobbered registers. */ -#define reset_stack_and_jump_ind(fn) \ +#define reset_stack_and_call_ind(fn) \ ({ \ (void)((fn) == (void (*)(void))NULL); \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b"); \ + switch_stack_and_jump(fn, "INDIRECT_CALL %", "b"); \ }) /* diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 801d241337..9c256746ba 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -637,6 +637,14 @@ ENTRY(dom_crash_sync_extable) #ifdef CONFIG_PV ENTRY(continue_pv_domain) ENDBR64 + + /* + * For speculative type confusion reasons, we're CALLed rather than + * JMPed to. Drop the return address. + */ + add $8, %rsp + ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK + call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:38:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:38:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707881.1106311 (Exim 4.92) (envelope-from ) id 1rxHf5-0001C1-64; Thu, 18 Apr 2024 02:38:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707881.1106311; Thu, 18 Apr 2024 02:38:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHf5-0001Bt-3P; Thu, 18 Apr 2024 02:38:07 +0000 Received: by outflank-mailman (input) for mailman id 707881; Thu, 18 Apr 2024 02:38:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHf3-0001BY-Oa for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHf3-0003UF-Iu for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHf3-0006jH-IH for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JoHlS3j9dSeamFkS0wreLNLLi7zvsi7Zba9ftIZ5oYg=; b=ibZKafHbKD8C7qeiGz1+bLUs29 ECQr++0uz+Vwv264wM/BTMqXHKmpstVIycKNzJ6Gu+ZRtEjBUc3juxSN8Z3/c8pF5gZX9GbZc2KzR ANX5YqyEgpcN1wuheyQARWdAMA7xWKQHjXwqiKmkixd6i4HTVTx4FpbgdQxU/BUAIMDk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86: Drop INDIRECT_JMP Message-Id: Date: Thu, 18 Apr 2024 02:38:05 +0000 commit 801e251556c374ce3e84ca776f211e00431932ef Author: Andrew Cooper AuthorDate: Fri Dec 22 18:01:37 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86: Drop INDIRECT_JMP Indirect JMPs which are not tailcalls can lead to an unwelcome form of speculative type confusion, and we've removed the uses of INDIRECT_JMP to compensate. Remove the temptation to reintroduce new instances. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0b66d7ce3c0290eaad28bdafb35200052d012b14) --- xen/arch/x86/include/asm/asm-defns.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/include/asm/asm-defns.h b/xen/arch/x86/include/asm/asm-defns.h index 8bd9007731..7e22fcb9c0 100644 --- a/xen/arch/x86/include/asm/asm-defns.h +++ b/xen/arch/x86/include/asm/asm-defns.h @@ -20,10 +20,9 @@ .byte 0x0f, 0x01, 0xdd .endm -.macro INDIRECT_BRANCH insn:req arg:req +.macro INDIRECT_CALL arg:req /* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. + * Create an indirect call. arg is a single register. * * With no compiler support, this degrades into a plain indirect call/jmp. * With compiler support, dispatch to the correct __x86_indirect_thunk_* @@ -33,7 +32,7 @@ $done = 0 .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg + call __x86_indirect_thunk_r\reg $done = 1 .exitm .endif @@ -44,19 +43,10 @@ .endif .else - \insn *\arg + call *\arg .endif .endm -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp \arg -.endm - #ifdef CONFIG_XEN_IBT # define ENDBR64 endbr64 #else -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:38:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:38:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707882.1106315 (Exim 4.92) (envelope-from ) id 1rxHfF-0001G7-7O; Thu, 18 Apr 2024 02:38:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707882.1106315; Thu, 18 Apr 2024 02:38:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfF-0001Fz-4o; Thu, 18 Apr 2024 02:38:17 +0000 Received: by outflank-mailman (input) for mailman id 707882; Thu, 18 Apr 2024 02:38:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfD-0001Fg-Mw for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfD-0003UM-MD for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHfD-0006kA-LL for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=r/7bkxr4MBdDr3/VdGz/VAKBuoa7lkMZcrAnlUJ+irM=; b=IZaOO2C3JuQ5fMeIh4PB39lGvp XERyb4EiMi0OFs8EKySW8RSHV1CVA6eVTCC1n/JqoRGMaYcyRwUYcnyN8nteu2Uz+key9Fn8XgYL/ hmwt/ga1HCJFi/C1v/pQBgJvw5A7eC8nVaz3WhEcjQtI9B0fEDYy6GGbzAnLpvE3fsCE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/tsx: Expose RTM_ALWAYS_ABORT to guests Message-Id: Date: Thu, 18 Apr 2024 02:38:15 +0000 commit 02a424a7a8be13f6f85eb4fa2f43100b8e76f760 Author: Andrew Cooper AuthorDate: Sat Apr 6 20:36:54 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/tsx: Expose RTM_ALWAYS_ABORT to guests A TSX Abort is one option mitigate Native-BHI, but a guest kernel doesn't get to see this if Xen has turned RTM off using MSR_TSX_{CTRL,FORCE_ABORT}. Therefore, the meaning of RTM_ALWAYS_ABORT has been adjusted to "XBEGIN won't fault", and it should be exposed to guests so they can make a better decision. Expose it in the max policy for any RTM-capable system. Offer it by default only if RTM has been disabled. Update test-tsx to account for this new meaning. While adjusting the logic in test_guest_policies(), take the opportunity to use feature names (now they're available) to make the logic easier to follow. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c94e2105924347de0d9f32065370e802a20cc829) --- tools/tests/tsx/test-tsx.c | 39 +++++++++++++++++++---------- xen/arch/x86/cpu-policy.c | 20 +++++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 47 insertions(+), 14 deletions(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index 0f4ea5f9c4..fab5c9a367 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -311,25 +311,25 @@ static void test_guest_policies(const struct cpu_policy *max, dump_tsx_details(max, "Max:"); dump_tsx_details(def, "Def:"); - if ( ((max->feat.raw[0].d | def->feat.raw[0].d) & - (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | - bitmaskof(X86_FEATURE_SRBDS_CTRL))) || - ((max->arch_caps.raw | def->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) + if ( max->feat.tsx_force_abort || def->feat.tsx_force_abort || + max->feat.srbds_ctrl || def->feat.srbds_ctrl || + max->arch_caps.tsx_ctrl || def->arch_caps.tsx_ctrl ) fail(" Xen-only TSX controls offered to guest\n"); switch ( rtm_behaviour ) { case RTM_UD: - if ( (max->feat.raw[0].b | def->feat.raw[0].b) & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) - fail(" HLE/RTM offered to guests despite not being available\n"); + if ( max->feat.hle || def->feat.hle || + max->feat.rtm || def->feat.rtm || + max->feat.rtm_always_abort || def->feat.rtm_always_abort ) + fail(" HLE/RTM/RTM_AA offered to guests despite not being available\n"); break; case RTM_ABORT: - if ( def->feat.raw[0].b & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) + if ( def->feat.hle || def->feat.rtm ) fail(" HLE/RTM offered to guests by default despite not being usable\n"); + if ( !def->feat.rtm_always_abort ) + fail(" RTM_AA not offered to guests by default despite being available\n"); break; case RTM_OK: @@ -340,6 +340,9 @@ static void test_guest_policies(const struct cpu_policy *max, if ( def->feat.hle ) fail(" Fail: HLE offered in default policy\n"); + + if ( def->feat.rtm && def->feat.rtm_always_abort ) + fail(" Fail: Both RTM and RTM_AA offered in default policy\n"); } static void test_def_max_policies(void) @@ -388,14 +391,13 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.hle || guest_policy.policy.feat.tsx_force_abort || - guest_policy.policy.feat.rtm_always_abort || guest_policy.policy.feat.srbds_ctrl || guest_policy.policy.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); if ( host.policy.feat.rtm ) { - unsigned int _7b0; + unsigned int _7b0, _7d0; /* * If host RTM is available, all combinations of guest flags should be @@ -403,6 +405,8 @@ static void test_guest(struct xen_domctl_createdomain *c) */ _7b0 = (guest_policy.policy.feat.raw[0].b ^= (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM))); + _7d0 = (guest_policy.policy.feat.raw[0].d ^= + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT)); /* Set the new policy. */ rc = xc_cpu_policy_set_domain(xch, domid, &guest_policy); @@ -426,10 +430,17 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.raw[0].b != _7b0 ) { - fail(" Expected CPUID.7[1].b 0x%08x differs from actual 0x%08x\n", + fail(" Expected CPUID.7[0].b 0x%08x differs from actual 0x%08x\n", _7b0, guest_policy.policy.feat.raw[0].b); goto out; } + + if ( guest_policy.policy.feat.raw[0].d != _7d0 ) + { + fail(" Expected CPUID.7[0].d 0x%08x differs from actual 0x%08x\n", + _7d0, guest_policy.policy.feat.raw[0].d); + goto out; + } } out: @@ -514,6 +525,8 @@ static void test_tsx(void) i, errno, strerror(errno)); } + dump_tsx_details(&host.policy, "Host:"); + rc = xc_physinfo(xch, &physinfo); if ( rc ) return fail("Failed to obtain physinfo: %d - %s\n", diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index 24acd12ce2..e44de3cfcb 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -468,6 +468,21 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) */ __set_bit(X86_FEATURE_HTT, fs); __set_bit(X86_FEATURE_CMP_LEGACY, fs); + + /* + * To mitigate Native-BHI, one option is to use a TSX Abort on capable + * systems. This is safe even if RTM has been disabled for other reasons + * via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel doesn't get to + * know this type of information. + * + * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to instead + * mean "XBEGIN won't fault". This is enough for a guest kernel to make + * an informed choice WRT mitigating Native-BHI. + * + * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT. + */ + if ( test_bit(X86_FEATURE_RTM, fs) ) + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -540,9 +555,14 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) * function as expected, but is technically compatible with the ISA. * * Do not advertise RTM to guests by default if it won't actually work. + * Instead, advertise RTM_ALWAYS_ABORT indicating that TSX Aborts are safe + * to use, e.g. for mitigating Native-BHI. */ if ( rtm_disabled ) + { __clear_bit(X86_FEATURE_RTM, fs); + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); + } } static void __init guest_common_feature_adjustments(uint32_t *fs) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 63c8ac8486..0004fd4bf5 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -261,7 +261,7 @@ XEN_CPUFEATURE(FSRM, 9*32+ 4) /*A Fast Short REP MOVS */ XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a VP2INTERSECT{D,Q} insns */ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A VERW clears microarchitectural buffers */ -XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! June 2021 TSX defeaturing in microcode. */ +XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! RTM disabled (but XBEGIN wont fault) */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*A SERIALIZE insn */ XEN_CPUFEATURE(HYBRID, 9*32+15) /* Heterogeneous platform */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:38:27 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:38:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707883.1106319 (Exim 4.92) (envelope-from ) id 1rxHfP-0001IX-9C; Thu, 18 Apr 2024 02:38:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707883.1106319; Thu, 18 Apr 2024 02:38:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfP-0001IP-6F; Thu, 18 Apr 2024 02:38:27 +0000 Received: by outflank-mailman (input) for mailman id 707883; Thu, 18 Apr 2024 02:38:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfN-0001IB-QX for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfN-0003UT-Pp for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHfN-0006ky-Ow for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ufYaqRmh/9V/07uZdxX5V6qdjGSYzTtooZr7msE7bv8=; b=RLtNjZTmnFdKR2UNk3075O2uT0 1A6u6D5cKoMNvyURLNqoDha0QEmComSD+gOvQ1guP52aAzg8X7bzExJ+UmPrd1jYGXD06YKOCCPO7 zukZ7iitlF6pRiqm+UIrsjD5yutVUXx7iLwn9ck29XoI+RCGml16ehvl7JWwVEJvlxGA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Message-Id: Date: Thu, 18 Apr 2024 02:38:25 +0000 commit 7d3ad6775d59ad292c3b6431e8eb73e10d191298 Author: Andrew Cooper AuthorDate: Tue Mar 26 19:01:37 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Introduce a "bhi-dis-s" boolean to match the other options we have for MSR_SPEC_CTRL values. Also introduce bhi_calculations(). Use BHI_DIS_S whenever possible. Guests which are levelled to be migration compatible with older CPUs can't see BHI_DIS_S, and Xen must fill in the difference to make the guest safe. Use the virt MSR_SPEC_CTRL infrastructure to force BHI_DIS_S behind the guest's back. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 62a1106415c5e8a49b45147ca84d54a58d471343) --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/include/asm/spec_ctrl.h | 1 + xen/arch/x86/spec_ctrl.c | 24 +++++++++++++++++++++++- 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index e1d56407dd..0b0abf8983 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2327,7 +2327,8 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). > {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, -> unpriv-mmio,gds-mit,div-scrub,lock-harden}= ]` +> unpriv-mmio,gds-mit,div-scrub,lock-harden, +> bhi-dis-s}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2408,6 +2409,11 @@ option can be used to force or prevent Xen using the feature itself. By default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by default. +On hardware supporting BHI_DIS_S (Branch History Injection Disable +Supervisor), the `bhi-dis-s=` option can be used to force or prevent Xen using +the feature itself. By default Xen will use BHI_DIS_S on hardware susceptible +to Branch History Injection. + On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` option can be used to force (the default) or prevent Xen from issuing branch prediction barriers on vcpu context switches. diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 38d6d78607..e5259ed034 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -58,6 +58,7 @@ #include #include #include +#include #include static bool_t __initdata opt_force_ept; @@ -783,6 +784,22 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } + if ( cpu_has_vmx_virt_spec_ctrl ) + { + /* + * If we're on BHI_DIS_S capable hardware, the short loop sequence is + * not sufficient to mitigate Native-BHI. If the VM can't see it + * (i.e. it's levelled with older hardware), force it behind the + * guests back for safey. + * + * Because there's not a real Host/Guest split of the MSR_SPEC_CTRL + * value, this only works as expected when Xen is using BHI_DIS_S too. + */ + bool force_bhi_dis_s = opt_bhi_dis_s && !cp->feat.bhi_ctrl; + + __vmwrite(SPEC_CTRL_MASK, force_bhi_dis_s ? SPEC_CTRL_BHI_DIS_S : 0); + } + /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ if ( cp->feat.ibrsb || cp->extd.ibpb ) vmx_clear_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 7048e5ee21..617209202b 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -89,6 +89,7 @@ static always_inline void spec_ctrl_new_guest_context(void) extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; +extern int8_t opt_bhi_dis_s; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 5ccd82f161..085e37525d 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -59,6 +59,7 @@ static int8_t __initdata opt_ibrs = -1; int8_t __initdata opt_stibp = -1; bool __ro_after_init opt_ssbd; int8_t __initdata opt_psfd = -1; +int8_t __ro_after_init opt_bhi_dis_s = -1; int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; int8_t __ro_after_init opt_eager_fpu = -1; @@ -281,6 +282,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ssbd = val; else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) opt_psfd = val; + else if ( (val = parse_boolean("bhi-dis-s", s, ss)) >= 0 ) + opt_bhi_dis_s = val; /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) @@ -536,7 +539,7 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : @@ -554,6 +557,8 @@ static void __init print_details(enum ind_thunk thunk) (!boot_cpu_has(X86_FEATURE_PSFD) && !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", + !boot_cpu_has(X86_FEATURE_BHI_CTRL) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_BHI_DIS_S) ? " BHI_DIS_S+" : " BHI_DIS_S-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -1608,6 +1613,21 @@ static void __init gds_calculations(void) } } +/* + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + */ +static void __init bhi_calculations(void) +{ + if ( opt_bhi_dis_s == -1 ) + opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + + if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) + opt_bhi_dis_s = false; + + if ( opt_bhi_dis_s ) + default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; +} + void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); @@ -2152,6 +2172,8 @@ void __init init_speculation_mitigations(void) gds_calculations(); + bhi_calculations(); + print_details(thunk); /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:38:37 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:38:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707884.1106322 (Exim 4.92) (envelope-from ) id 1rxHfZ-0001Lv-Br; Thu, 18 Apr 2024 02:38:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707884.1106322; Thu, 18 Apr 2024 02:38:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfZ-0001Ln-9E; Thu, 18 Apr 2024 02:38:37 +0000 Received: by outflank-mailman (input) for mailman id 707884; Thu, 18 Apr 2024 02:38:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfX-0001LR-Th for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfX-0003Ua-Sn for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHfX-0006lv-S8 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GM6/y83UtttlB+6KWLEf85PydgDY7Axq5mzE4IuG1XE=; b=u4LY49z5FtGJysIQ6VJCFDuPsb 9bOJbsRVIITuQSVwi1scC8j0qY876ZZeM6KZNfo0GWsk+d971RStD19I8psj+Boqnh6g0mZWWDDF9 XeAIOdBPqwMoRQQGysSR6vv+32uPAWU6FHzNHmzgNTMyvGhPgRRs9hKrOjAbsY6hphOU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Software BHB-clearing sequences Message-Id: Date: Thu, 18 Apr 2024 02:38:35 +0000 commit 4abd50dc17ced2e1221226b7893c437acbbd0d1b Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Software BHB-clearing sequences Implement clear_bhb_{tsx,loops}() as per the BHI guidance. The loops variant is set up as the "short" sequence. Introduce SCF_entry_bhb and extend SPEC_CTRL_ENTRY_* with a conditional call to selected clearing routine. Note that due to a limitation in the ALTERNATIVE capability, the TEST/JZ can't be included alongside a CALL in a single alternative block. This is going to require further work to untangle. The BHB sequences (if used) must be after the restoration of Xen's MSR_SPEC_CTRL value, which must be accounted for when judging whether it is safe to skip the safety LFENCEs. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 954c983abceee97bf5f6230b9ae164f2c49a9aa9) --- xen/arch/x86/Makefile | 1 + xen/arch/x86/bhb-thunk.S | 98 ++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/vmx/entry.S | 12 ++++ xen/arch/x86/include/asm/cpufeature.h | 3 + xen/arch/x86/include/asm/cpufeatures.h | 3 + xen/arch/x86/include/asm/spec_ctrl.h | 3 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++++ xen/arch/x86/spec_ctrl.c | 39 +++++++------ 8 files changed, 171 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index cb9d952659..6a070a8cf8 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -14,6 +14,7 @@ alternative-y := alternative.init.o alternative-$(CONFIG_LIVEPATCH) := obj-bin-y += $(alternative-y) obj-y += apic.o +obj-y += bhb-thunk.o obj-y += bitops.o obj-bin-y += bzimage.init.o obj-bin-y += clear_page.o diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S new file mode 100644 index 0000000000..f52cfb9bc2 --- /dev/null +++ b/xen/arch/x86/bhb-thunk.S @@ -0,0 +1,98 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Branch History Injection clearing sequences. + * + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + * + * Copyright (c) 2023, 2024 XenServer. + */ + .file __FILE__ + +#include + + .section .text.entry, "ax", @progbits + +/* + * Clear the Branch History Buffer using a TSX Abort. + * + * Any TSX Abort has a side effect of clearing the BHB, even when TSX is + * disabled for e.g. TAA mitigation reasons. + */ +ENTRY(clear_bhb_tsx) + .byte 0xc7, 0xf8; .long 1f - 0f /* xbegin 1f */ +0: .byte 0xc6, 0xf8, 0 /* xabort $0 */ + int3 +1: + ret + + .size clear_bhb_tsx, . - clear_bhb_tsx + .type clear_bhb_tsx, @function + +/* + * Clear the Branch History Buffer using the software sequence. + * + * Clobbers: %eax, %ecx + * + * This executes a specific number of taken branches, sufficient to displace + * all prior entries in the history tracker, therefore removing prior + * influence on subsequent BTB lookups. + * + * Structurally, it looks like this: + * + * call 1 + * call 2 + * ... 5x jmp loop + * call 2 + * ... 5x jmp loop + * ... 5x call2's deep + * + * ret + * ret + * ret + * ret + * + * The CALL/RETs are necessary to prevent the Loop Stream Detector from + * interfering. The alignment is for performance and not safety. + * + * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire + * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + */ +ENTRY(clear_bhb_loops) + mov $5, %ecx + + call 1f + jmp 5f + int3 + + .align 64 +1: call 2f + ret + int3 + + .align 64 +2: mov $5, %eax + +3: jmp 4f + int3 + +4: sub $1, %eax + jnz 3b + + sub $1, %ecx + jnz 1b + + ret +5: + /* + * The Intel sequence has an LFENCE here. The purpose is to ensure + * that all prior branches have executed, before dispatching a + * subsequent indirect branch. + * + * Xen's SPEC_CTRL_ENTRY_* blocks have safety LFENCEs at the end when + * protections are active, which suffices for this purpose. + */ + + ret + + .size clear_bhb_loops, . - clear_bhb_loops + .type clear_bhb_loops, @function diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 9250eb1839..1092d1918c 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -57,6 +57,18 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, CPUINFO_scf(%rsp) + jz .L_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index a6b8af1296..b24d535080 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -181,6 +181,9 @@ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) +#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ + boot_cpu_has(X86_SPEC_BHB_LOOPS)) + enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 6422c66b0f..bada8912e0 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -56,5 +56,8 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ #define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ +#define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ +#define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 617209202b..4439a1b243 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -36,6 +36,7 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_entry_bhb (1 << 6) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -54,7 +55,7 @@ * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb | SCF_entry_bhb) #ifndef __ASSEMBLY__ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index d232172159..1d7c4f4a68 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -285,6 +285,17 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm @@ -323,6 +334,13 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm @@ -423,6 +441,18 @@ .L\@_skip_msr_spec_ctrl: + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + lfence .endm diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 085e37525d..546199fabe 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2194,38 +2194,43 @@ void __init init_speculation_mitigations(void) /* * SPEC_CTRL_ENTRY_FROM_PV conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we're not using any prior conditional mitigation, - * then it's safe to drop the LFENCE. + * Otherwise, DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we do have it, or we're not using any + * prior conditional block, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); /* * SPEC_CTRL_ENTRY_FROM_INTR conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we have no protections active in the block that - * is skipped when interrupting guest context, then it's safe to drop - * the LFENCE. + * Otherwise DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we have it, or we have no protections + * active in the block that is skipped when interrupting guest + * context, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && - !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); /* * SPEC_CTRL_ENTRY_FROM_VMX conditional safety * - * Currently there are no safety actions with conditional branches, so - * no need for the extra safety LFENCE. + * A BHB sequence, if used, is the only conditional action, so if we + * don't have it, we don't need the safety LFENCE. */ - setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + if ( !cpu_has_bhb_seq ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:38:47 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:38:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707885.1106327 (Exim 4.92) (envelope-from ) id 1rxHfj-0001Oc-Dg; Thu, 18 Apr 2024 02:38:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707885.1106327; Thu, 18 Apr 2024 02:38:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfj-0001OQ-Aj; Thu, 18 Apr 2024 02:38:47 +0000 Received: by outflank-mailman (input) for mailman id 707885; Thu, 18 Apr 2024 02:38:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfi-0001OH-0R for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfh-0003Ue-Vp for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHfh-0006mq-V7 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wFzay9oqisFoQhmN78XMOJSHF7OPI15syJ0kVFYiOdw=; b=jsnfRlIS//cV059PxWH2DVwCkY MN8GWJY1iTmEOCfbjKqmThUCStea0q7FIPRful4nQWQMUUn1+2sdI2slXqOgLsJeP8/KVpcNYnnh1 uMEWCe4JlbUVoCc767KqS4xn1uTWdHJ9+cIJtiVfznYmvoUZvJ4QRrR4r9d+KGNG7deE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Wire up the Native-BHI software sequences Message-Id: Date: Thu, 18 Apr 2024 02:38:45 +0000 commit eab897caca018c126f925247e4c9fd4aac54afdb Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Wire up the Native-BHI software sequences In the absence of BHI_DIS_S, mitigating Native-BHI requires the use of a software sequence. Introduce a new bhb-seq= option to select between avaialble sequences and bhb-entry= to control the per-PV/HVM actions like we have for other blocks. Activate the short sequence by default for PV and HVM guests on affected hardware if BHI_DIS_S isn't present. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 689ad48ce9cf4c38297cd126e7e003a1c13a3b9d) --- docs/misc/xen-command-line.pandoc | 25 +++++-- xen/arch/x86/spec_ctrl.c | 145 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 157 insertions(+), 13 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 0b0abf8983..0bd0588097 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2324,8 +2324,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, > bhi-dis-s}= ]` @@ -2350,10 +2351,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=` and `ibpb-entry=` options -offer fine grained control over the primitives by Xen. These impact Xen's -ability to protect itself, and/or Xen's ability to virtualise support for -guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=`, `ibpb-entry=` and `bhb-entry=` +options offer fine grained control over the primitives by Xen. These impact +Xen's ability to protect itself, and/or Xen's ability to virtualise support +for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2379,6 +2380,12 @@ guests to use. Return Stack Overflow if appropriate microcode has been loaded, but for performance reasons dom0 is unprotected by default. If it is necessary to protect dom0 too, boot with `spec-ctrl=ibpb-entry`. +* `bhb-entry=` offers control over whether BHB-clearing (Branch History + Buffer) sequences are used on entry to Xen. This is used by default on + hardware vulnerable to Branch History Injection, when the BHI_DIS_S control + is not available (see `bhi-dis-s`). The choice of scrubbing sequence can be + selected using the `bhb-seq=` option. If it is necessary to protect dom0 + too, boot with `spec-ctrl=bhb-entry`. If Xen was compiled with `CONFIG_INDIRECT_THUNK` support, `bti-thunk=` can be used to select which of the thunks gets patched into the @@ -2386,6 +2393,12 @@ used to select which of the thunks gets patched into the (generally preferred), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and `lfence` (an `lfence; jmp *%reg` gadget). +On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing +sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` +options in order to mitigate Branch History Injection on affected hardware. +The default sequence is `short`, with `tsx` as an alternative available +capable hardware that can be opted in to. + On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. If Xen is not using IBRS itself, functionality is still set up so IBRS can be diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 546199fabe..b53e9c4e7a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -45,6 +45,16 @@ static int8_t __ro_after_init opt_ibpb_entry_pv = -1; static int8_t __ro_after_init opt_ibpb_entry_hvm = -1; static bool __ro_after_init opt_ibpb_entry_dom0; +static int8_t __ro_after_init opt_bhb_entry_pv = -1; +static int8_t __ro_after_init opt_bhb_entry_hvm = -1; +static bool __ro_after_init opt_bhb_entry_dom0; +static enum bhb_thunk { + BHB_DEFAULT, + BHB_NONE, + BHB_TSX, + BHB_SHORT, +} opt_bhb_seq __initdata; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -128,8 +138,12 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ibpb_entry_pv = 0; opt_ibpb_entry_hvm = 0; opt_ibpb_entry_dom0 = false; + opt_bhb_entry_pv = 0; + opt_bhb_entry_hvm = 0; + opt_bhb_entry_dom0 = false; opt_thunk = THUNK_JMP; + opt_bhb_seq = BHB_NONE; opt_ibrs = 0; opt_ibpb_ctxt_switch = false; opt_ssbd = false; @@ -158,6 +172,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_pv = val; opt_verw_pv = val; opt_ibpb_entry_pv = val; + opt_bhb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { @@ -165,6 +180,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_verw_hvm = val; opt_ibpb_entry_hvm = val; + opt_bhb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -252,6 +268,28 @@ static int __init cf_check parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("bhb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_bhb_entry_pv = opt_bhb_entry_hvm = + opt_bhb_entry_dom0 = val; + break; + + case -2: + s += strlen("bhb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_bhb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_bhb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -272,6 +310,19 @@ static int __init cf_check parse_spec_ctrl(const char *s) else rc = -EINVAL; } + else if ( !strncmp(s, "bhb-seq=", 8) ) + { + s += strlen("bhb-seq="); + + if ( !cmdline_strcmp(s, "none") ) + opt_bhb_seq = BHB_NONE; + else if ( !cmdline_strcmp(s, "tsx") ) + opt_bhb_seq = BHB_TSX; + else if ( !cmdline_strcmp(s, "short") ) + opt_bhb_seq = BHB_SHORT; + else + rc = -EINVAL; + } /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) @@ -539,12 +590,16 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%s%s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : thunk == THUNK_LFENCE ? "LFENCE, " : thunk == THUNK_JMP ? "JMP, " : "?, ", + opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", + opt_bhb_seq == BHB_NONE ? "" : + opt_bhb_seq == BHB_TSX ? "TSX, " : + opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -583,11 +638,11 @@ static void __init print_details(enum ind_thunk thunk) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - amd_virt_spec_ctrl || + cpu_has_bhb_seq || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -595,20 +650,23 @@ static void __init print_details(enum ind_thunk thunk) boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -1616,16 +1674,85 @@ static void __init gds_calculations(void) /* * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html */ +static bool __init cpu_has_bug_bhi(void) +{ + /* BHI is only known to affect Intel Family 6 processors at this time. */ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return false; + + if ( boot_cpu_has(X86_FEATURE_BHI_NO) ) + return false; + + if ( cpu_has_hypervisor ) + return true; /* TODO: how to figure out out if we're really eIBRS levelled out? */ + + return cpu_has_eibrs; +} + static void __init bhi_calculations(void) { + bool has_bhi = cpu_has_bug_bhi(); + + /* + * To mitigate BHI, we want to use BHI_DIS_S wherever possible, or the + * short sequence otherwise. Other forms are available on request. + * + * We are repsonsbile for performing default-conversion on opt_bhi_dis_s + * and opt_bhb_seq, irrespective of succeptibility to BHI. + */ + if ( opt_bhi_dis_s == -1 ) - opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + opt_bhi_dis_s = has_bhi; if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) opt_bhi_dis_s = false; if ( opt_bhi_dis_s ) default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; + + if ( opt_bhb_seq == BHB_DEFAULT ) + { + /* + * If we're using BHI_DIS_S, or we're not succeptable, don't activate + * the thunks. + */ + if ( !has_bhi || opt_bhi_dis_s ) + opt_bhb_seq = BHB_NONE; + else + opt_bhb_seq = BHB_SHORT; + } + + /* + * We can use the TSX even if it's disabled for e.g. TAA reasons. + * However, fall back to the loop sequence if there is no trace of RTM at + * all, as XBEGIN will #UD. + */ + if ( opt_bhb_seq == BHB_TSX && !cpu_has_rtm && !cpu_has_rtm_always_abort && + !cpu_has_tsx_force_abort ) + opt_bhb_seq = BHB_SHORT; + + /* + * Only activate SCF_entry_bhb by for guests if a sequence is in place. + */ + if ( opt_bhb_entry_pv == -1 ) + opt_bhb_entry_pv = has_bhi && opt_bhb_seq != BHB_NONE; + if ( opt_bhb_entry_hvm == -1 ) + opt_bhb_entry_hvm = has_bhi && opt_bhb_seq != BHB_NONE; + + switch ( opt_bhb_seq ) + { + case BHB_SHORT: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); + break; + + case BHB_TSX: + setup_force_cpu_cap(X86_SPEC_BHB_TSX); + break; + + default: + break; + } } void spec_ctrl_init_domain(struct domain *d) @@ -1638,9 +1765,13 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); + bool bhb = ((pv ? opt_bhb_entry_pv : opt_bhb_entry_hvm) && + (d->domain_id != 0 || opt_bhb_entry_dom0)); + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | + (bhb ? SCF_entry_bhb : 0) | 0; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:38:57 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:38:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707886.1106331 (Exim 4.92) (envelope-from ) id 1rxHft-0001Rl-GC; Thu, 18 Apr 2024 02:38:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707886.1106331; Thu, 18 Apr 2024 02:38:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHft-0001Rd-DS; Thu, 18 Apr 2024 02:38:57 +0000 Received: by outflank-mailman (input) for mailman id 707886; Thu, 18 Apr 2024 02:38:56 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfs-0001RR-3J for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:56 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHfs-0003Uk-2a for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:56 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHfs-0006nd-1v for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:38:56 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=e6RoG5PiyEEl1VxYAqHdbn2ABSBiFEigV2fNpDWjCXo=; b=xK1rpHExse65fGhrtk2JJT8+Q3 1m5j2ubn8usc7ZLjDWk/ef4tzlTbBJZnGs/mYcP42zkBa9Z4YQIB4Qo6kgqOyY6wMKXnEybHu3i5C 8Vy+NgOAurCrCrGjtN4Isno+Ot4FWekXV1P+Bc3NK05QoxdIBDlPain/R8c37nz/INz0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec-ctrl: Support the "long" BHB loop sequence Message-Id: Date: Thu, 18 Apr 2024 02:38:56 +0000 commit 60859cc99033beb84da035fb1664ce6e9b698bc6 Author: Andrew Cooper AuthorDate: Fri Mar 22 19:29:34 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 x86/spec-ctrl: Support the "long" BHB loop sequence Out of an abudnance of caution, implement the long loop too, and allowing for it to be opted in to. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit d5887c0decbd90e798b24ed696628645b04632fb) --- docs/misc/xen-command-line.pandoc | 4 ++-- xen/arch/x86/bhb-thunk.S | 8 ++++++-- xen/arch/x86/include/asm/cpufeatures.h | 1 + xen/arch/x86/spec_ctrl.c | 10 +++++++++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 0bd0588097..fba5a8221b 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2325,7 +2325,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, > {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx|long, > {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, @@ -2397,7 +2397,7 @@ On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` options in order to mitigate Branch History Injection on affected hardware. The default sequence is `short`, with `tsx` as an alternative available -capable hardware that can be opted in to. +capable hardware, and `long` that can be opted in to. On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S index f52cfb9bc2..7e866784f7 100644 --- a/xen/arch/x86/bhb-thunk.S +++ b/xen/arch/x86/bhb-thunk.S @@ -56,9 +56,13 @@ ENTRY(clear_bhb_tsx) * * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + * + * The "long" sequence (12 and 7) is for Alder Lake / Sapphire Rapids + * (i.e. Golden Cove and/or Gracemont cores). However, such CPUs are expected + * to use BHI_DIS_S in preference. */ ENTRY(clear_bhb_loops) - mov $5, %ecx + ALTERNATIVE "mov $5, %ecx", "mov $12, %ecx", X86_SPEC_BHB_LOOPS_LONG call 1f jmp 5f @@ -70,7 +74,7 @@ ENTRY(clear_bhb_loops) int3 .align 64 -2: mov $5, %eax +2: ALTERNATIVE "mov $5, %eax", "mov $7, %eax", X86_SPEC_BHB_LOOPS_LONG 3: jmp 4f int3 diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index bada8912e0..ba3df174b7 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -58,6 +58,7 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ #define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ +#define X86_SPEC_BHB_LOOPS_LONG X86_BUG(21) /* Upgrade clear_bhb_loops to the "long" sequence. */ /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b53e9c4e7a..7697f9ad3f 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -53,6 +53,7 @@ static enum bhb_thunk { BHB_NONE, BHB_TSX, BHB_SHORT, + BHB_LONG, } opt_bhb_seq __initdata; /* Cmdline controls for Xen's speculative settings. */ @@ -320,6 +321,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_bhb_seq = BHB_TSX; else if ( !cmdline_strcmp(s, "short") ) opt_bhb_seq = BHB_SHORT; + else if ( !cmdline_strcmp(s, "long") ) + opt_bhb_seq = BHB_LONG; else rc = -EINVAL; } @@ -599,7 +602,8 @@ static void __init print_details(enum ind_thunk thunk) opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", opt_bhb_seq == BHB_NONE ? "" : opt_bhb_seq == BHB_TSX ? "TSX, " : - opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", + opt_bhb_seq == BHB_SHORT ? "SHORT, " : + opt_bhb_seq == BHB_LONG ? "LONG, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -1742,6 +1746,10 @@ static void __init bhi_calculations(void) switch ( opt_bhb_seq ) { + case BHB_LONG: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS_LONG); + fallthrough; + case BHB_SHORT: setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); break; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:39:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:39:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707887.1106335 (Exim 4.92) (envelope-from ) id 1rxHg3-0001Ue-HT; Thu, 18 Apr 2024 02:39:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707887.1106335; Thu, 18 Apr 2024 02:39:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHg3-0001UV-Et; Thu, 18 Apr 2024 02:39:07 +0000 Received: by outflank-mailman (input) for mailman id 707887; Thu, 18 Apr 2024 02:39:06 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHg2-0001UJ-71 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:39:06 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHg2-0003VR-6E for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:39:06 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHg2-0006oq-4i for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:39:06 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AbY1z5ojm591PyR2GLi0DIpXvjVOuZW6tSNDSDbVsL0=; b=weUPN3tSx6JQ8J2Ps7BdgTncDE Z0Xi35Vy10JM341NJ0nA18tlpJ5QaGrFgOcagXnfOEH0fIWnx4gT9DPlOTs/4DdHq+jBnlpVmBNP3 ets4RPgH5xfJb8HlhBJjd92IUBRT+QQ6aOu4q/5qoYtpsyLONl4ncupnW30DPEg3o/f4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] Update Xen version to 4.17.4 Message-Id: Date: Thu, 18 Apr 2024 02:39:06 +0000 commit ddc6fc980aca7b02fb7feeb9e737cb52249274d0 Author: Andrew Cooper AuthorDate: Wed Mar 27 18:23:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:48:19 2024 +0100 Update Xen version to 4.17.4 Signed-off-by: Andrew Cooper --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index bac3684a36..6f9c407332 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -6,7 +6,7 @@ this-makefile := $(call lastword,$(MAKEFILE_LIST)) # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 17 -export XEN_EXTRAVERSION ?= .4-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .4$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:39:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:39:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707888.1106338 (Exim 4.92) (envelope-from ) id 1rxHgD-0001Xa-Ig; Thu, 18 Apr 2024 02:39:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707888.1106338; Thu, 18 Apr 2024 02:39:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHgD-0001XT-GI; Thu, 18 Apr 2024 02:39:17 +0000 Received: by outflank-mailman (input) for mailman id 707888; Thu, 18 Apr 2024 02:39:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHgC-0001XC-A3 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:39:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHgC-0003VX-9E for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:39:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHgC-0006pV-8K for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:39:16 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pIHsgELQXwpp1NG53XmXZjLR7o7CBz8DwuY2guaZ0YQ=; b=IU8GRf/sAwwWufbEJLoqio3fFq r5NrDnkErlBXUFIkEybhcWftpGfLHp3Hi7Q5rFOrJFlQy1PLDPgEMC8qmkDGLVUolWWVPsLnue1P4 5t830XptRQUUieF9N41ZH4U5dGb25T/91BcZUqouT8g1kEMLhEdc2oBPiKC2z+1roPrc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] Release: Update CHANGELOG.md Message-Id: Date: Thu, 18 Apr 2024 02:39:16 +0000 commit d530627aaa9b6e03c7f911434bb342fca3d13300 Author: George Dunlap AuthorDate: Tue Apr 9 16:48:56 2024 +0100 Commit: George Dunlap CommitDate: Tue Apr 9 16:48:56 2024 +0100 Release: Update CHANGELOG.md Signed-off-by: George Dunlap --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 40bbe1d94f..c0018e17cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ Notable changes to Xen will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) +## [4.17.4](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.17.4) + ## [4.17.3](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.17.3) ### Changed -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 02:39:27 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 02:39:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707889.1106343 (Exim 4.92) (envelope-from ) id 1rxHgN-0001Zu-K7; Thu, 18 Apr 2024 02:39:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707889.1106343; Thu, 18 Apr 2024 02:39:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHgN-0001Zn-Hk; Thu, 18 Apr 2024 02:39:27 +0000 Received: by outflank-mailman (input) for mailman id 707889; Thu, 18 Apr 2024 02:39:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHgM-0001Zc-Cx for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:39:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxHgM-0003Ve-C4 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:39:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxHgM-0006py-BL for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 02:39:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TT1vYy/KmXW41pYqFecjTirNCDwr4dddK4+f7emTovw=; b=gvmDU0nv9dgLjiCuqNaKDXNRBs 3XlQ7EjJfsy5hOJprZxjqhJiKK6exIYlGK44NQwxDdZBYF4t0KTDhRmPo2NrPYjSOjyfoOzdTC41a h1WfTRj8U1LqX0ZPpT8MK75RwI9GwE36MxLvcHv1nVN8d5butQFbjgs++PJ8n8Fq2CUU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/entry: Fix build with older toolchains Message-Id: Date: Thu, 18 Apr 2024 02:39:26 +0000 commit 5d9a931fe2c1310dbfd946bbc1e22a177add4f5c Author: Andrew Cooper AuthorDate: Tue Apr 9 21:39:51 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:36:26 2024 +0100 x86/entry: Fix build with older toolchains Binutils older than 2.29 doesn't know INCSSPD. Fixes: 8e186f98ce0e ("x86: Use indirect calls in reset-stack infrastructure") Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini (cherry picked from commit a9fa82500818a8d8ce5f2843f1577bd2c29d088e) --- xen/arch/x86/x86_64/entry.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 9c256746ba..1ecf900eee 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -643,7 +643,9 @@ ENTRY(continue_pv_domain) * JMPed to. Drop the return address. */ add $8, %rsp +#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK +#endif call check_wakeup_from_wait ret_from_intr: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 06:33:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 06:33:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707940.1106386 (Exim 4.92) (envelope-from ) id 1rxLKS-0000JO-Es; Thu, 18 Apr 2024 06:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707940.1106386; Thu, 18 Apr 2024 06:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxLKS-0000JG-CO; Thu, 18 Apr 2024 06:33:04 +0000 Received: by outflank-mailman (input) for mailman id 707940; Thu, 18 Apr 2024 06:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxLKQ-0000JA-Jb for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 06:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxLKQ-0008Si-5p for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 06:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxLKQ-0002An-33 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 06:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=g1VSEa5Wwvp5XHf1Q1l4eSKKhcenagAzclm8SKYywJ0=; b=TN/8MbUwFP0BHJZqZ70wSY1QY0 s0tgbDiHYSlXEpgaV513l0TQ0deiJnLKxTT/NaZAZ0dvjoJF3w0dtaUM0g92ajvPWMdF3V0hB9/JI qs0DSK5ufgNFGaweWph3luNg3EkLmbwF9RITBKnoFGq58Jha1pHrPBDUqZXhHnTHlq/k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs/misra/rules.rst: add rule 5.5 Message-Id: Date: Thu, 18 Apr 2024 06:33:02 +0000 commit 487838f13ab3d3b6e0a85e982734732c14591000 Author: Stefano Stabellini AuthorDate: Thu Mar 14 17:35:03 2024 -0700 Commit: Stefano Stabellini CommitDate: Tue Apr 16 12:14:32 2024 -0700 docs/misra/rules.rst: add rule 5.5 Signed-off-by: Stefano Stabellini Acked-by: Bertrand Marquis --- docs/misra/rules.rst | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index 86f4ad0ab3..d3159af917 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -181,6 +181,21 @@ maintainers if you want to suggest a change. headers (xen/include/public/) are allowed to retain longer identifiers for backward compatibility. + * - `Rule 5.5 `_ + - Required + - Identifiers shall be distinct from macro names + - Macros expanding to their own name are allowed, e.g.:: + + #define x x + + Clashes between names of function-like macros and identifiers of + non-callable entities are allowed. Callable entities having an + identifier that is the same of the name of a + function-like macro are not allowed. Example (not allowed):: + + #define f(x, y) f(x, y) + void f(int x, int y); + * - `Rule 5.6 `_ - Required - A typedef name shall be a unique identifier -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 06:33:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 06:33:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.707942.1106390 (Exim 4.92) (envelope-from ) id 1rxLKc-0000NT-GP; Thu, 18 Apr 2024 06:33:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 707942.1106390; Thu, 18 Apr 2024 06:33:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxLKc-0000NL-Dq; Thu, 18 Apr 2024 06:33:14 +0000 Received: by outflank-mailman (input) for mailman id 707942; Thu, 18 Apr 2024 06:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxLKa-0000N7-9W for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 06:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxLKa-0008T6-8k for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 06:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxLKa-0002BH-7m for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 06:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=U2XAQakhZ4Sat4/9FjsVgU8PG6nX3K1Pj1QUhxWkcWo=; b=c4XqmodFnQrbJeHT7GZdtUkzuB HKqBdahQhYxV4FnyQZbDi1LYxX/KxWUaerjC45lPtQ4elo5ZCWakLoWxF3TIadmWINucdtPictd/h iRm5EnLT7LkxPpH/o53iqELjbEsH77+Jy2XQfxVHh3MpzObqqzdf4f73/CLu4t74awYo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs/misra: add Rule 16.4 Message-Id: Date: Thu, 18 Apr 2024 06:33:12 +0000 commit ad363fb17d720f1ad047775e1d7b70158f546c46 Author: Stefano Stabellini AuthorDate: Thu Mar 14 14:50:21 2024 -0700 Commit: Stefano Stabellini CommitDate: Tue Apr 16 12:15:16 2024 -0700 docs/misra: add Rule 16.4 Signed-off-by: Stefano Stabellini Acked-by: Bertrand Marquis --- docs/misra/rules.rst | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index d3159af917..b7b447e152 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -494,6 +494,31 @@ maintainers if you want to suggest a change. - In addition to break, also other unconditional flow control statements such as continue, return, goto are allowed. + * - `Rule 16.4 `_ + - Required + - Every switch statement shall have a default label + - Switch statements with enums as controlling expression don't need + a default label as gcc -Wall enables -Wswitch which warns (and + breaks the build as we use -Werror) if one of the enum labels is + missing from the switch. + + Switch statements with integer types as controlling expression + should have a default label: + + - if the switch is expected to handle all possible cases + explicitly, then a default label shall be added to handle + unexpected error conditions, using BUG(), ASSERT(), WARN(), + domain_crash(), or other appropriate methods; + + - if the switch is expected to handle a subset of all possible + cases, then an empty default label shall be added with an + in-code comment on top of the default label with a reason and + when possible a more detailed explanation. Example:: + + default: + /* Notifier pattern */ + break; + * - `Rule 16.2 `_ - Required - A switch label shall only be used when the most closely-enclosing -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:11:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:11:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708281.1107001 (Exim 4.92) (envelope-from ) id 1rxQbX-0000qf-Qz; Thu, 18 Apr 2024 12:11:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708281.1107001; Thu, 18 Apr 2024 12:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQbX-0000qY-OV; Thu, 18 Apr 2024 12:11:03 +0000 Received: by outflank-mailman (input) for mailman id 708281; Thu, 18 Apr 2024 12:11:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQbW-0000qS-Hh for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQbW-0007N9-8h for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQbW-0007Zu-5m for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=v587qhzwN61MwZaKVOyFgCMa8/ryKbrGnfObNj9vE0c=; b=Qo0r+gigjZaU1jCZCTlHPLbVM1 2BGZByGqApWAzWb/AWMAr7HKoV8cELUONaV/ofh5tAqY2GZqmA5crvet0aO+vFmvrHGagIpaoDxH2 kRZhysfblfnJtwgTq3BWeZUVluRz+8lxgYHrU3CobyAqnemFqnZP+ArNxm1g4Z1gZN8Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Fix BTC/SRSO mitigations Message-Id: Date: Thu, 18 Apr 2024 12:11:02 +0000 commit 6d4055b9a5d1d800d7f0e5584b9a0213bf25cd8b Author: Andrew Cooper AuthorDate: Tue Mar 26 22:47:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Fix BTC/SRSO mitigations We were looking for SCF_entry_ibpb in the wrong variable in the top-of-stack block, and xen_spec_ctrl won't have had bit 5 set because Xen doesn't understand SPEC_CTRL_RRSBA_DIS_U yet. This is XSA-455 / CVE-2024-31142. Fixes: 53a570b28569 ("x86/spec-ctrl: Support IBPB-on-entry") Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index c52528fed4..5f31d71698 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 13acebc75d..3c9aa56301 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -90,7 +90,7 @@ jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_xen_spec_ctrl(%rsp) + testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) .endif jz .L\@_skip -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:11:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:11:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708282.1107004 (Exim 4.92) (envelope-from ) id 1rxQbh-0000sj-Sk; Thu, 18 Apr 2024 12:11:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708282.1107004; Thu, 18 Apr 2024 12:11:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQbh-0000sc-Q0; Thu, 18 Apr 2024 12:11:13 +0000 Received: by outflank-mailman (input) for mailman id 708282; Thu, 18 Apr 2024 12:11:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQbg-0000sU-I1 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQbg-0007Ni-FP for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQbg-0007ai-Aq for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tfN0Q5L7WNFd162MhOH9/f8qwNkS9VR5eqk/hjAp+7g=; b=Yj+7exO6WPW5e95+JmUKXhOUrI oKeGhOdju137Wqc8RUB05uqFP55HRBntd0uso2+9R+9P/6Hf2bTcTjeDtjKOZoVAnPkzUnT40wGYE 02Fmx1LqgMNfjv2OmQ1u/49t9Hl8LEEpFfna0AGdMjEErlmUcTMWC1VjXboCgmeUoeGQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/APIC: finish genapic conversion to altcall Message-Id: Date: Thu, 18 Apr 2024 12:11:12 +0000 commit 6b8ee350885c20673585953719210d415ee96a4a Author: Jan Beulich AuthorDate: Wed Jan 17 10:41:52 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/APIC: finish genapic conversion to altcall While .probe() doesn't need fiddling with for being run only very early, init_apic_ldr() wants converting too despite not being on a frequently executed path: This way all pre-filled struct genapic instances can become __initconst_cf_clobber, thus allowing to eliminate 15 more ENDBR during the 2nd phase of alternatives patching. While fiddling with section annotations here, also move "genapic" itself to .data.ro_after_init. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit b1cc53753cba4c3253f2e1093a3a6a9a828314bf) --- xen/arch/x86/genapic/bigsmp.c | 2 +- xen/arch/x86/genapic/default.c | 2 +- xen/arch/x86/genapic/probe.c | 2 +- xen/arch/x86/genapic/x2apic.c | 6 +++--- xen/arch/x86/include/asm/mach-generic/mach_apic.h | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/genapic/bigsmp.c b/xen/arch/x86/genapic/bigsmp.c index 2000383ab0..7219ec53b0 100644 --- a/xen/arch/x86/genapic/bigsmp.c +++ b/xen/arch/x86/genapic/bigsmp.c @@ -41,7 +41,7 @@ static int __init cf_check probe_bigsmp(void) return def_to_bigsmp; } -const struct genapic __initconstrel apic_bigsmp = { +const struct genapic __initconst_cf_clobber apic_bigsmp = { APIC_INIT("bigsmp", probe_bigsmp), GENAPIC_PHYS }; diff --git a/xen/arch/x86/genapic/default.c b/xen/arch/x86/genapic/default.c index 2c63c1f917..a968836a18 100644 --- a/xen/arch/x86/genapic/default.c +++ b/xen/arch/x86/genapic/default.c @@ -14,7 +14,7 @@ #include /* should be called last. */ -const struct genapic __initconstrel apic_default = { +const struct genapic __initconst_cf_clobber apic_default = { APIC_INIT("default", NULL), GENAPIC_FLAT }; diff --git a/xen/arch/x86/genapic/probe.c b/xen/arch/x86/genapic/probe.c index ad57912f50..10ceeae4d2 100644 --- a/xen/arch/x86/genapic/probe.c +++ b/xen/arch/x86/genapic/probe.c @@ -16,7 +16,7 @@ #include #include -struct genapic __read_mostly genapic; +struct genapic __ro_after_init genapic; static const struct genapic *const __initconstrel apic_probe[] = { &apic_bigsmp, diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c index b88c7a96fe..371dd100c7 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c @@ -158,7 +158,7 @@ static void cf_check send_IPI_mask_x2apic_cluster( local_irq_restore(flags); } -static const struct genapic __initconstrel apic_x2apic_phys = { +static const struct genapic __initconst_cf_clobber apic_x2apic_phys = { APIC_INIT("x2apic_phys", NULL), .int_delivery_mode = dest_Fixed, .int_dest_mode = 0 /* physical delivery */, @@ -169,7 +169,7 @@ static const struct genapic __initconstrel apic_x2apic_phys = { .send_IPI_self = send_IPI_self_x2apic }; -static const struct genapic __initconstrel apic_x2apic_cluster = { +static const struct genapic __initconst_cf_clobber apic_x2apic_cluster = { APIC_INIT("x2apic_cluster", NULL), .int_delivery_mode = dest_LowestPrio, .int_dest_mode = 1 /* logical delivery */, @@ -187,7 +187,7 @@ static const struct genapic __initconstrel apic_x2apic_cluster = { * IPIs to be more efficiently delivered by not having to perform an ICR write * for each target CPU. */ -static const struct genapic __initconstrel apic_x2apic_mixed = { +static const struct genapic __initconst_cf_clobber apic_x2apic_mixed = { APIC_INIT("x2apic_mixed", NULL), /* diff --git a/xen/arch/x86/include/asm/mach-generic/mach_apic.h b/xen/arch/x86/include/asm/mach-generic/mach_apic.h index cf8b31b6e0..c0d8b232c9 100644 --- a/xen/arch/x86/include/asm/mach-generic/mach_apic.h +++ b/xen/arch/x86/include/asm/mach-generic/mach_apic.h @@ -10,7 +10,7 @@ #define INT_DELIVERY_MODE (genapic.int_delivery_mode) #define INT_DEST_MODE (genapic.int_dest_mode) #define TARGET_CPUS ((const typeof(cpu_online_map) *)&cpu_online_map) -#define init_apic_ldr (genapic.init_apic_ldr) +#define init_apic_ldr() alternative_vcall(genapic.init_apic_ldr) #define cpu_mask_to_apicid(mask) ({ \ /* \ * There are a number of places where the address of a local variable \ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:11:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:11:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708283.1107009 (Exim 4.92) (envelope-from ) id 1rxQbr-0000v7-UP; Thu, 18 Apr 2024 12:11:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708283.1107009; Thu, 18 Apr 2024 12:11:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQbr-0000uy-Rl; Thu, 18 Apr 2024 12:11:23 +0000 Received: by outflank-mailman (input) for mailman id 708283; Thu, 18 Apr 2024 12:11:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQbq-0000up-Lf for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQbq-0007Nt-J2 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQbq-0007bB-Hc for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Zfc9qLa+++jvXK05Y+Ki6D9WWul+f7WBvb5V+cNZioA=; b=YkhTXazuwPb/QMGx8KVPDuKE7n qrnnFjCZAJ+CDz+GORs58x6RwonbZRO71bRz8wxGwuyeXNLACMlv5m92GG5hMnRIpoi5flhu95xir 7co+gJrE1DAlp2Rjbrtwt9oGWaLqgLIoZuQCM3aY5KCZrhtMhGlIaZCULo0/qOVuBJ3M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] cpufreq: finish conversion to altcall Message-Id: Date: Thu, 18 Apr 2024 12:11:22 +0000 commit a44c2c9f89e53e6691b42217fb34d985b28f3cf0 Author: Jan Beulich AuthorDate: Wed Jan 17 10:42:27 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 cpufreq: finish conversion to altcall Even functions used on infrequently executed paths want converting: This way all pre-filled struct cpufreq_driver instances can become __initconst_cf_clobber, thus allowing to eliminate another 15 ENDBR during the 2nd phase of alternatives patching. For acpi-cpufreq's optionally populated .get hook make sure alternatives patching can actually see the pointer. See also the code comment. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit 467ae515caee491e9b6ae1da8b9b98d094955822) --- xen/arch/x86/acpi/cpufreq/cpufreq.c | 17 ++++++++++++++++- xen/arch/x86/acpi/cpufreq/hwp.c | 4 ++-- xen/arch/x86/acpi/cpufreq/powernow.c | 3 ++- xen/drivers/acpi/pmstat.c | 3 ++- xen/drivers/cpufreq/cpufreq.c | 6 +++--- xen/drivers/cpufreq/utility.c | 6 +++--- 6 files changed, 28 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/acpi/cpufreq/cpufreq.c b/xen/arch/x86/acpi/cpufreq/cpufreq.c index 61b62c370a..2b6ef99678 100644 --- a/xen/arch/x86/acpi/cpufreq/cpufreq.c +++ b/xen/arch/x86/acpi/cpufreq/cpufreq.c @@ -625,12 +625,14 @@ static int cf_check acpi_cpufreq_cpu_exit(struct cpufreq_policy *policy) return 0; } -static const struct cpufreq_driver __initconstrel acpi_cpufreq_driver = { +static const struct cpufreq_driver __initconst_cf_clobber +acpi_cpufreq_driver = { .name = "acpi-cpufreq", .verify = acpi_cpufreq_verify, .target = acpi_cpufreq_target, .init = acpi_cpufreq_cpu_init, .exit = acpi_cpufreq_cpu_exit, + .get = get_cur_freq_on_cpu, }; static int __init cf_check cpufreq_driver_init(void) @@ -675,6 +677,19 @@ static int __init cf_check cpufreq_driver_init(void) } presmp_initcall(cpufreq_driver_init); +static int __init cf_check cpufreq_driver_late_init(void) +{ + /* + * While acpi_cpufreq_driver wants to unconditionally have all hooks + * populated for __initconst_cf_clobber to have as much of an effect as + * possible, zap the .get hook here (but not in cpufreq_driver_init()), + * until acpi_cpufreq_cpu_init() knows whether it's wanted / needed. + */ + cpufreq_driver.get = NULL; + return 0; +} +__initcall(cpufreq_driver_late_init); + int cpufreq_cpu_init(unsigned int cpuid) { int ret; diff --git a/xen/arch/x86/acpi/cpufreq/hwp.c b/xen/arch/x86/acpi/cpufreq/hwp.c index 620149243d..e61212803e 100644 --- a/xen/arch/x86/acpi/cpufreq/hwp.c +++ b/xen/arch/x86/acpi/cpufreq/hwp.c @@ -513,8 +513,8 @@ static int cf_check hwp_cpufreq_update(int cpuid, struct cpufreq_policy *policy) return per_cpu(hwp_drv_data, cpuid)->ret; } -static const struct cpufreq_driver __initconstrel hwp_cpufreq_driver = -{ +static const struct cpufreq_driver __initconst_cf_clobber +hwp_cpufreq_driver = { .name = XEN_HWP_DRIVER_NAME, .verify = hwp_cpufreq_verify, .target = hwp_cpufreq_target, diff --git a/xen/arch/x86/acpi/cpufreq/powernow.c b/xen/arch/x86/acpi/cpufreq/powernow.c index 8e0784b69c..8a27ee82a5 100644 --- a/xen/arch/x86/acpi/cpufreq/powernow.c +++ b/xen/arch/x86/acpi/cpufreq/powernow.c @@ -317,7 +317,8 @@ static int cf_check powernow_cpufreq_cpu_exit(struct cpufreq_policy *policy) return 0; } -static const struct cpufreq_driver __initconstrel powernow_cpufreq_driver = { +static const struct cpufreq_driver __initconst_cf_clobber +powernow_cpufreq_driver = { .name = "powernow", .verify = powernow_cpufreq_verify, .target = powernow_cpufreq_target, diff --git a/xen/drivers/acpi/pmstat.c b/xen/drivers/acpi/pmstat.c index 85097d463c..803971bdb0 100644 --- a/xen/drivers/acpi/pmstat.c +++ b/xen/drivers/acpi/pmstat.c @@ -240,7 +240,8 @@ static int get_cpufreq_para(struct xen_sysctl_pm_op *op) return ret; op->u.get_para.cpuinfo_cur_freq = - cpufreq_driver.get ? cpufreq_driver.get(op->cpuid) : policy->cur; + cpufreq_driver.get ? alternative_call(cpufreq_driver.get, op->cpuid) + : policy->cur; op->u.get_para.cpuinfo_max_freq = policy->cpuinfo.max_freq; op->u.get_para.cpuinfo_min_freq = policy->cpuinfo.min_freq; op->u.get_para.turbo_enabled = cpufreq_get_turbo_status(op->cpuid); diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c index 6e5c400849..ce9468a60b 100644 --- a/xen/drivers/cpufreq/cpufreq.c +++ b/xen/drivers/cpufreq/cpufreq.c @@ -278,7 +278,7 @@ int cpufreq_add_cpu(unsigned int cpu) policy->cpu = cpu; per_cpu(cpufreq_cpu_policy, cpu) = policy; - ret = cpufreq_driver.init(policy); + ret = alternative_call(cpufreq_driver.init, policy); if (ret) { free_cpumask_var(policy->cpus); xfree(policy); @@ -337,7 +337,7 @@ err1: cpumask_clear_cpu(cpu, cpufreq_dom->map); if (cpumask_empty(policy->cpus)) { - cpufreq_driver.exit(policy); + alternative_call(cpufreq_driver.exit, policy); free_cpumask_var(policy->cpus); xfree(policy); } @@ -401,7 +401,7 @@ int cpufreq_del_cpu(unsigned int cpu) cpumask_clear_cpu(cpu, cpufreq_dom->map); if (cpumask_empty(policy->cpus)) { - cpufreq_driver.exit(policy); + alternative_call(cpufreq_driver.exit, policy); free_cpumask_var(policy->cpus); xfree(policy); } diff --git a/xen/drivers/cpufreq/utility.c b/xen/drivers/cpufreq/utility.c index 6831f62851..dbf8985969 100644 --- a/xen/drivers/cpufreq/utility.c +++ b/xen/drivers/cpufreq/utility.c @@ -413,7 +413,7 @@ int cpufreq_update_turbo(int cpuid, int new_state) policy->turbo = new_state; if (cpufreq_driver.update) { - ret = cpufreq_driver.update(cpuid, policy); + ret = alternative_call(cpufreq_driver.update, cpuid, policy); if (ret) policy->turbo = curr_state; } @@ -449,7 +449,7 @@ int __cpufreq_set_policy(struct cpufreq_policy *data, return -EINVAL; /* verify the cpu speed can be set within this limit */ - ret = cpufreq_driver.verify(policy); + ret = alternative_call(cpufreq_driver.verify, policy); if (ret) return ret; @@ -457,7 +457,7 @@ int __cpufreq_set_policy(struct cpufreq_policy *data, data->max = policy->max; data->limits = policy->limits; if (cpufreq_driver.setpolicy) - return cpufreq_driver.setpolicy(data); + return alternative_call(cpufreq_driver.setpolicy, data); if (policy->governor != data->governor) { /* save old, working values */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:11:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:11:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708284.1107013 (Exim 4.92) (envelope-from ) id 1rxQc1-0000xf-Vu; Thu, 18 Apr 2024 12:11:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708284.1107013; Thu, 18 Apr 2024 12:11:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQc1-0000xX-TP; Thu, 18 Apr 2024 12:11:33 +0000 Received: by outflank-mailman (input) for mailman id 708284; Thu, 18 Apr 2024 12:11:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQc0-0000x5-Nk for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQc0-0007O9-Mx for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQc0-0007bc-LI for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0Sf+n1hMTFoAOyxQ1IkgiOaCsKpfN4IFQCRS+cC5KEs=; b=OBDrqxCtMtvaZsBFIa+S/URyVb fXINjS0uw9sf81K8eZqcZfgdCkyIqldMSfPiqrlLdG7RNn/YcT2RrqfOGK0O/aEpela/qEo1horep 814Wjf+1eazkM9DXnW2+IIGvYKnVhYQ8zS4VjpGfV4KJvQt5K/pYIRzQ4LNSgPIX/+8I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/HPET: avoid an indirect call Message-Id: Date: Thu, 18 Apr 2024 12:11:32 +0000 commit ba951c5f29fb95f4688fbc52c78aafba6a7cfc4f Author: Jan Beulich AuthorDate: Wed Jan 17 10:43:02 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/HPET: avoid an indirect call When this code was written, indirect branches still weren't considered much of a problem (besides being a little slower). Instead of a function pointer, pass a boolean to _disable_pit_irq(), thus allowing to eliminate two ENDBR (one of them in .text). Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 730d2637a8e5b98dc8e4e366179b4cedc496b3ad) --- xen/arch/x86/hpet.c | 4 ++-- xen/arch/x86/include/asm/hpet.h | 4 ++-- xen/arch/x86/time.c | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hpet.c b/xen/arch/x86/hpet.c index 79c07f6a9e..317ef63fb5 100644 --- a/xen/arch/x86/hpet.c +++ b/xen/arch/x86/hpet.c @@ -563,7 +563,7 @@ static void cf_check handle_rtc_once(uint8_t index, uint8_t value) } } -void __init cf_check hpet_broadcast_init(void) +void __init hpet_broadcast_init(void) { u64 hpet_rate = hpet_setup(); u32 hpet_id, cfg; @@ -634,7 +634,7 @@ void __init cf_check hpet_broadcast_init(void) hpet_events->flags = HPET_EVT_LEGACY; } -void cf_check hpet_broadcast_resume(void) +void hpet_broadcast_resume(void) { u32 cfg; unsigned int i, n; diff --git a/xen/arch/x86/include/asm/hpet.h b/xen/arch/x86/include/asm/hpet.h index 9919f74730..f343fe4740 100644 --- a/xen/arch/x86/include/asm/hpet.h +++ b/xen/arch/x86/include/asm/hpet.h @@ -89,8 +89,8 @@ void hpet_disable_legacy_replacement_mode(void); * Temporarily use an HPET event counter for timer interrupt handling, * rather than using the LAPIC timer. Used for Cx state entry. */ -void cf_check hpet_broadcast_init(void); -void cf_check hpet_broadcast_resume(void); +void hpet_broadcast_init(void); +void hpet_broadcast_resume(void); void cf_check hpet_broadcast_enter(void); void cf_check hpet_broadcast_exit(void); int hpet_broadcast_is_available(void); diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index 6d33edd0ad..34ddb9633f 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -2427,7 +2427,7 @@ void __init early_time_init(void) } /* keep pit enabled for pit_broadcast working while cpuidle enabled */ -static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) +static int _disable_pit_irq(bool init) { int ret = 1; @@ -2442,13 +2442,13 @@ static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) */ if ( cpuidle_using_deep_cstate() && !boot_cpu_has(X86_FEATURE_ARAT) ) { - hpet_broadcast_setup(); + init ? hpet_broadcast_init() : hpet_broadcast_resume(); if ( !hpet_broadcast_is_available() ) { if ( xen_cpuidle > 0 ) { - printk("%ps() failed, turning to PIT broadcast\n", - hpet_broadcast_setup); + printk("hpet_broadcast_%s() failed, turning to PIT broadcast\n", + init ? "init" : "resume"); return -1; } ret = 0; @@ -2465,7 +2465,7 @@ static int _disable_pit_irq(void(*hpet_broadcast_setup)(void)) static int __init cf_check disable_pit_irq(void) { - if ( !_disable_pit_irq(hpet_broadcast_init) ) + if ( !_disable_pit_irq(true) ) { xen_cpuidle = 0; printk("CPUIDLE: disabled due to no HPET. " @@ -2526,7 +2526,7 @@ int time_resume(void) resume_platform_timer(); - if ( !_disable_pit_irq(hpet_broadcast_resume) ) + if ( !_disable_pit_irq(false) ) BUG(); init_percpu_time(); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:11:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:11:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708285.1107016 (Exim 4.92) (envelope-from ) id 1rxQcC-00010F-1B; Thu, 18 Apr 2024 12:11:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708285.1107016; Thu, 18 Apr 2024 12:11:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcB-000107-Uv; Thu, 18 Apr 2024 12:11:43 +0000 Received: by outflank-mailman (input) for mailman id 708285; Thu, 18 Apr 2024 12:11:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcA-0000zx-Qt for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcA-0007OM-Pz for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQcA-0007c3-P5 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=P7SUqbpJJQ8zA1sybFXeecSpEngMQ5+RrqPdoZzhYyY=; b=HDKVGx3FZRkbNHRnEXYjKiGwxE BZwouqNPmITXGgqqb7tXFiJhBwRBe3yHQ9mwtj3tsNgJ8kXRS0SyqsmbtHLMK3zKyOFQe7AvpYEfb cEVFDfaONj5SzAt7tsVMxUZHtv4kY68jWHt3YPXLEX4zm7XUkEhHbq/xC6TkdKRUF5nI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] core-parking: use alternative_call() Message-Id: Date: Thu, 18 Apr 2024 12:11:42 +0000 commit 5c5d4eeee4d36686fca0d807d816173339294189 Author: Jan Beulich AuthorDate: Mon Jan 22 13:38:24 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 core-parking: use alternative_call() This way we can arrange for core_parking_{performance,power}()'s ENDBR to also be zapped. For the decision to be taken before the 2nd alternative patching pass, the initcall needs to become a pre-SMP one, though. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 1bc07ebcac3b1bb2a378732bc0f9a19940e76faf) --- xen/common/core_parking.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index c4f01291c0..a970ffeab8 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -30,10 +30,11 @@ static DEFINE_SPINLOCK(accounting_lock); static uint32_t cur_idle_nums; static unsigned int core_parking_cpunum[NR_CPUS] = {[0 ... NR_CPUS-1] = -1}; -static const struct cp_policy { +struct cp_policy { char name[30]; unsigned int (*next)(unsigned int event); -} *__read_mostly core_parking_policy; +}; +static struct cp_policy __ro_after_init core_parking_policy; static enum core_parking_controller { POWER_FIRST, @@ -175,12 +176,13 @@ long cf_check core_parking_helper(void *data) unsigned int cpu; int ret = 0; - if ( !core_parking_policy ) + if ( !core_parking_policy.next ) return -EINVAL; while ( cur_idle_nums < idle_nums ) { - cpu = core_parking_policy->next(CORE_PARKING_INCREMENT); + cpu = alternative_call(core_parking_policy.next, + CORE_PARKING_INCREMENT); ret = cpu_down(cpu); if ( ret ) return ret; @@ -193,7 +195,8 @@ long cf_check core_parking_helper(void *data) while ( cur_idle_nums > idle_nums ) { - cpu = core_parking_policy->next(CORE_PARKING_DECREMENT); + cpu = alternative_call(core_parking_policy.next, + CORE_PARKING_DECREMENT); ret = cpu_up(cpu); if ( ret ) return ret; @@ -239,12 +242,12 @@ uint32_t get_cur_idle_nums(void) return cur_idle_nums; } -static const struct cp_policy power_first = { +static const struct cp_policy __initconst_cf_clobber power_first = { .name = "power", .next = core_parking_power, }; -static const struct cp_policy performance_first = { +static const struct cp_policy __initconst_cf_clobber performance_first = { .name = "performance", .next = core_parking_performance, }; @@ -254,7 +257,7 @@ static int __init register_core_parking_policy(const struct cp_policy *policy) if ( !policy || !policy->next ) return -EINVAL; - core_parking_policy = policy; + core_parking_policy = *policy; return 0; } @@ -269,4 +272,4 @@ static int __init cf_check core_parking_init(void) return ret; } -__initcall(core_parking_init); +presmp_initcall(core_parking_init); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:11:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:11:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708286.1107021 (Exim 4.92) (envelope-from ) id 1rxQcM-00013a-4P; Thu, 18 Apr 2024 12:11:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708286.1107021; Thu, 18 Apr 2024 12:11:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcM-00013T-1W; Thu, 18 Apr 2024 12:11:54 +0000 Received: by outflank-mailman (input) for mailman id 708286; Thu, 18 Apr 2024 12:11:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcK-00013J-Tg for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcK-0007OW-Sy for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQcK-0007cU-SC for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:11:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RxqRzJHJ4lqjXlkUeP70JyoLhHi708fw5j6hMw05lRQ=; b=tu1uNXECImTHTbosG+UzmeI/BG HariXq/SI7AMcqJP1mR7t0p0Mmh+Ale4IuFexqNu6SlIXHiUxk1QE2b9iLT2ANgZ1sISy4GgWdjn1 WFwOJbZDq/C9VpZB2ptCRvyIdJs6ASihDQ3p+x/56xIMGe2SrFNFbLUS0Ux62hwYLMD0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/MTRR: avoid several indirect calls Message-Id: Date: Thu, 18 Apr 2024 12:11:52 +0000 commit a2922d8097ecd8a778c871d5477c22620282bc03 Author: Jan Beulich AuthorDate: Mon Jan 22 13:39:23 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/MTRR: avoid several indirect calls The use of (supposedly) vendor-specific hooks is a relic from the days when Xen was still possible to build as 32-bit binary. There's no expectation that a new need for such an abstraction would arise. Convert mttr_if to a mere boolean and all prior calls through it to direct ones, thus allowing to eliminate 6 ENDBR from .text. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit e9e0eb30d4d6565b411499ca826718b4b9acab68) --- xen/arch/x86/cpu/mtrr/generic.c | 26 +++++---------- xen/arch/x86/cpu/mtrr/main.c | 66 ++++++++++++++------------------------- xen/arch/x86/cpu/mtrr/mtrr.h | 37 ++++++---------------- xen/arch/x86/platform_hypercall.c | 2 +- 4 files changed, 40 insertions(+), 91 deletions(-) diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generic.c index 660ae26c23..5e2d06980b 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -287,7 +287,7 @@ static void set_fixed_range(int msr, bool *changed, unsigned int *msrwords) } } -int cf_check generic_get_free_region( +int mtrr_get_free_region( unsigned long base, unsigned long size, int replace_reg) /* [SUMMARY] Get a free MTRR. The starting (base) address of the region. @@ -303,14 +303,14 @@ int cf_check generic_get_free_region( if (replace_reg >= 0 && replace_reg < max) return replace_reg; for (i = 0; i < max; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (lsize == 0) return i; } return -ENOSPC; } -static void cf_check generic_get_mtrr( +void mtrr_get( unsigned int reg, unsigned long *base, unsigned long *size, mtrr_type *type) { uint64_t _mask, _base; @@ -500,7 +500,7 @@ static void post_set(bool pge) spin_unlock(&set_atomicity_lock); } -static void cf_check generic_set_all(void) +void mtrr_set_all(void) { unsigned long mask, count; unsigned long flags; @@ -523,7 +523,7 @@ static void cf_check generic_set_all(void) } } -static void cf_check generic_set_mtrr( +void mtrr_set( unsigned int reg, unsigned long base, unsigned long size, mtrr_type type) /* [SUMMARY] Set variable MTRR register on the local CPU. The register to set. @@ -567,7 +567,7 @@ static void cf_check generic_set_mtrr( local_irq_restore(flags); } -int cf_check generic_validate_add_page( +int mtrr_validate_add_page( unsigned long base, unsigned long size, unsigned int type) { unsigned long lbase, last; @@ -586,21 +586,9 @@ int cf_check generic_validate_add_page( } -static int cf_check generic_have_wrcomb(void) +bool mtrr_have_wrcomb(void) { unsigned long config; rdmsrl(MSR_MTRRcap, config); return (config & (1ULL << 10)); } - -/* generic structure... - */ -const struct mtrr_ops generic_mtrr_ops = { - .use_intel_if = true, - .set_all = generic_set_all, - .get = generic_get_mtrr, - .get_free_region = generic_get_free_region, - .set = generic_set_mtrr, - .validate_add_page = generic_validate_add_page, - .have_wrcomb = generic_have_wrcomb, -}; diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index 2946003b84..55a4da54a7 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -57,7 +57,7 @@ static DEFINE_MUTEX(mtrr_mutex); u64 __read_mostly size_or_mask; u64 __read_mostly size_and_mask; -const struct mtrr_ops *__read_mostly mtrr_if = NULL; +static bool __ro_after_init mtrr_if; static void set_mtrr(unsigned int reg, unsigned long base, unsigned long size, mtrr_type type); @@ -78,23 +78,12 @@ static const char *mtrr_attrib_to_str(int x) return (x <= 6) ? mtrr_strings[x] : "?"; } -/* Returns non-zero if we have the write-combining memory type */ -static int have_wrcomb(void) -{ - return (mtrr_if->have_wrcomb ? mtrr_if->have_wrcomb() : 0); -} - /* This function returns the number of variable MTRRs */ static void __init set_num_var_ranges(void) { - unsigned long config = 0; - - if (use_intel()) { - rdmsrl(MSR_MTRRcap, config); - } else if (is_cpu(AMD)) - config = 2; - else if (is_cpu(CENTAUR)) - config = 8; + unsigned long config; + + rdmsrl(MSR_MTRRcap, config); num_var_ranges = MASK_EXTR(config, MTRRcap_VCNT); } @@ -149,10 +138,10 @@ static void cf_check ipi_handler(void *info) if (data->smp_reg == ~0U) /* update all mtrr registers */ /* At the cpu hot-add time this will reinitialize mtrr * registres on the existing cpus. It is ok. */ - mtrr_if->set_all(); + mtrr_set_all(); else /* single mtrr register update */ - mtrr_if->set(data->smp_reg, data->smp_base, - data->smp_size, data->smp_type); + mtrr_set(data->smp_reg, data->smp_base, + data->smp_size, data->smp_type); atomic_dec(&data->count); while(atomic_read(&data->gate)) @@ -198,10 +187,9 @@ static inline int types_compatible(mtrr_type type1, mtrr_type type2) { * of CPUs. As each CPU disables interrupts, it'll decrement it once. We wait * until it hits 0 and proceed. We set the data.gate flag and reset data.count. * Meanwhile, they are waiting for that flag to be set. Once it's set, each - * CPU goes through the transition of updating MTRRs. The CPU vendors may each do it - * differently, so we call mtrr_if->set() callback and let them take care of it. - * When they're done, they again decrement data->count and wait for data.gate to - * be reset. + * CPU goes through the transition of updating MTRRs. + * When mtrr_set() is done, they again decrement data->count and wait for + * data.gate to be reset. * When we finish, we wait for data.count to hit 0 and toggle the data.gate flag. * Everyone then enables interrupts and we all continue on. * @@ -251,9 +239,9 @@ static void set_mtrr(unsigned int reg, unsigned long base, if (reg == ~0U) /* update all mtrr registers */ /* at boot or resume time, this will reinitialize the mtrrs on * the bp. It is ok. */ - mtrr_if->set_all(); + mtrr_set_all(); else /* update the single mtrr register */ - mtrr_if->set(reg,base,size,type); + mtrr_set(reg, base, size, type); /* wait for the others */ while (atomic_read(&data.count)) @@ -319,7 +307,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, if (!mtrr_if) return -ENXIO; - if ((error = mtrr_if->validate_add_page(base,size,type))) + if ((error = mtrr_validate_add_page(base, size, type))) return error; if (type >= MTRR_NUM_TYPES) { @@ -328,7 +316,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, } /* If the type is WC, check that this processor supports it */ - if ((type == X86_MT_WC) && !have_wrcomb()) { + if ((type == X86_MT_WC) && mtrr_have_wrcomb()) { printk(KERN_WARNING "mtrr: your processor doesn't support write-combining\n"); return -EOPNOTSUPP; @@ -350,7 +338,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, /* Search for existing MTRR */ mutex_lock(&mtrr_mutex); for (i = 0; i < num_var_ranges; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (!lsize || base > lbase + lsize - 1 || base + size - 1 < lbase) continue; /* At this point we know there is some kind of overlap/enclosure */ @@ -385,7 +373,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, goto out; } /* Search for an empty MTRR */ - i = mtrr_if->get_free_region(base, size, replace); + i = mtrr_get_free_region(base, size, replace); if (i >= 0) { set_mtrr(i, base, size, type); if (likely(replace < 0)) @@ -494,7 +482,7 @@ int mtrr_del_page(int reg, unsigned long base, unsigned long size) if (reg < 0) { /* Search for existing MTRR */ for (i = 0; i < max; ++i) { - mtrr_if->get(i, &lbase, &lsize, <ype); + mtrr_get(i, &lbase, &lsize, <ype); if (lbase == base && lsize == size) { reg = i; break; @@ -510,7 +498,7 @@ int mtrr_del_page(int reg, unsigned long base, unsigned long size) printk(KERN_WARNING "mtrr: register: %d too big\n", reg); goto out; } - mtrr_if->get(reg, &lbase, &lsize, <ype); + mtrr_get(reg, &lbase, &lsize, <ype); if (lsize < 1) { printk(KERN_WARNING "mtrr: MTRR %d not used\n", reg); goto out; @@ -568,7 +556,7 @@ struct mtrr_value { void __init mtrr_bp_init(void) { if (cpu_has_mtrr) { - mtrr_if = &generic_mtrr_ops; + mtrr_if = true; size_or_mask = ~((1ULL << (paddr_bits - PAGE_SHIFT)) - 1); size_and_mask = ~size_or_mask & 0xfffff00000ULL; } @@ -576,14 +564,13 @@ void __init mtrr_bp_init(void) if (mtrr_if) { set_num_var_ranges(); init_table(); - if (use_intel()) - get_mtrr_state(); + get_mtrr_state(); } } void mtrr_ap_init(void) { - if (!mtrr_if || !use_intel() || hold_mtrr_updates_on_aps) + if (!mtrr_if || hold_mtrr_updates_on_aps) return; /* * Ideally we should hold mtrr_mutex here to avoid mtrr entries changed, @@ -612,32 +599,25 @@ void mtrr_save_state(void) void mtrr_aps_sync_begin(void) { - if (!use_intel()) - return; hold_mtrr_updates_on_aps = 1; } void mtrr_aps_sync_end(void) { - if (!use_intel()) - return; set_mtrr(~0U, 0, 0, 0); hold_mtrr_updates_on_aps = 0; } void mtrr_bp_restore(void) { - if (!use_intel()) - return; - mtrr_if->set_all(); + mtrr_set_all(); } static int __init cf_check mtrr_init_finialize(void) { if (!mtrr_if) return 0; - if (use_intel()) - mtrr_state_warn(); + mtrr_state_warn(); return 0; } __initcall(mtrr_init_finialize); diff --git a/xen/arch/x86/cpu/mtrr/mtrr.h b/xen/arch/x86/cpu/mtrr/mtrr.h index c7fd44daab..a9741e0cb0 100644 --- a/xen/arch/x86/cpu/mtrr/mtrr.h +++ b/xen/arch/x86/cpu/mtrr/mtrr.h @@ -6,40 +6,21 @@ #define MTRR_CHANGE_MASK_VARIABLE 0x02 #define MTRR_CHANGE_MASK_DEFTYPE 0x04 - -struct mtrr_ops { - u32 vendor; - bool use_intel_if; -// void (*init)(void); - void (*set)(unsigned int reg, unsigned long base, - unsigned long size, mtrr_type type); - void (*set_all)(void); - - void (*get)(unsigned int reg, unsigned long *base, - unsigned long *size, mtrr_type * type); - int (*get_free_region)(unsigned long base, unsigned long size, - int replace_reg); - int (*validate_add_page)(unsigned long base, unsigned long size, - unsigned int type); - int (*have_wrcomb)(void); -}; - -int cf_check generic_get_free_region( +void mtrr_get( + unsigned int reg, unsigned long *base, unsigned long *size, + mtrr_type *type); +void mtrr_set( + unsigned int reg, unsigned long base, unsigned long size, mtrr_type type); +void mtrr_set_all(void); +int mtrr_get_free_region( unsigned long base, unsigned long size, int replace_reg); -int cf_check generic_validate_add_page( +int mtrr_validate_add_page( unsigned long base, unsigned long size, unsigned int type); - -extern const struct mtrr_ops generic_mtrr_ops; +bool mtrr_have_wrcomb(void); void get_mtrr_state(void); -extern void set_mtrr_ops(const struct mtrr_ops *); - extern u64 size_or_mask, size_and_mask; -extern const struct mtrr_ops *mtrr_if; - -#define is_cpu(vnd) (mtrr_if && mtrr_if->vendor == X86_VENDOR_##vnd) -#define use_intel() (mtrr_if && mtrr_if->use_intel_if) extern unsigned int num_var_ranges; diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 9469de9045..f2fcd8afaf 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -299,7 +299,7 @@ ret_t do_platform_op( ret = -EINVAL; if ( op->u.read_memtype.reg < num_var_ranges ) { - mtrr_if->get(op->u.read_memtype.reg, &mfn, &nr_mfns, &type); + mtrr_get(op->u.read_memtype.reg, &mfn, &nr_mfns, &type); op->u.read_memtype.mfn = mfn; op->u.read_memtype.nr_mfns = nr_mfns; op->u.read_memtype.type = type; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:12:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:12:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708290.1107035 (Exim 4.92) (envelope-from ) id 1rxQcW-0001MT-Dc; Thu, 18 Apr 2024 12:12:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708290.1107035; Thu, 18 Apr 2024 12:12:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcW-0001MN-Al; Thu, 18 Apr 2024 12:12:04 +0000 Received: by outflank-mailman (input) for mailman id 708290; Thu, 18 Apr 2024 12:12:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcV-0001Ll-0b for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcU-0007P3-W2 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQcU-0007ds-V9 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ICGROqYG5ASk8Gm5Cewvff4ZA7PlaPjcxyKAkcvVh2g=; b=sHyKQmojgw6jh6dRGC1TVgDZqd kbP0kxIcW27TI6aBBPFGR3ws/ZN/MP0EtzowuoyVt9o1ReyHp5zo6EB9AhyyqGnznAaqKkmw+i7Lj +HLjNe/JS6dsfJBOvnDYjqgb3xcAs9NZU/bhuKRxrU4VxDavy1TUm47YxOW51fV4GoRc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/PV: avoid indirect call for I/O emulation quirk hook Message-Id: Date: Thu, 18 Apr 2024 12:12:02 +0000 commit b06cf0701adf9ebc7ca00c386f11b798c8416715 Author: Jan Beulich AuthorDate: Mon Jan 22 13:40:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/PV: avoid indirect call for I/O emulation quirk hook This way ioemul_handle_proliant_quirk() won't need ENDBR anymore. While touching this code, also - arrange for it to not be built at all when !PV, - add "const" to the last function parameter and bring the definition in sync with the declaration (for Misra). Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 1212af3e8c4d3a1350046d4fe0ca3b97b51e67de) --- xen/arch/x86/Makefile | 2 +- xen/arch/x86/include/asm/io.h | 10 +++++++--- xen/arch/x86/ioport_emulate.c | 9 ++++----- xen/arch/x86/pv/emul-priv-op.c | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index f3abdf9cd1..9f326b9e32 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -45,7 +45,7 @@ obj-$(CONFIG_LIVEPATCH) += alternative.o livepatch.o obj-y += msi.o obj-y += msr.o obj-$(CONFIG_INDIRECT_THUNK) += indirect-thunk.o -obj-y += ioport_emulate.o +obj-$(CONFIG_PV) += ioport_emulate.o obj-y += irq.o obj-$(CONFIG_KEXEC) += machine_kexec.o obj-y += mm.o x86_64/mm.o diff --git a/xen/arch/x86/include/asm/io.h b/xen/arch/x86/include/asm/io.h index 8c8a15bd06..9b19d2d389 100644 --- a/xen/arch/x86/include/asm/io.h +++ b/xen/arch/x86/include/asm/io.h @@ -47,10 +47,14 @@ __OUT(b,"b",char) __OUT(w,"w",short) __OUT(l,,int) -/* Function pointer used to handle platform specific I/O port emulation. */ +/* + * Boolean indicator and function used to handle platform specific I/O port + * emulation. + */ #define IOEMUL_QUIRK_STUB_BYTES 9 +extern bool ioemul_handle_quirk; struct cpu_user_regs; -extern unsigned int (*ioemul_handle_quirk)( - uint8_t opcode, char *io_emul_stub, struct cpu_user_regs *regs); +unsigned int ioemul_handle_proliant_quirk( + uint8_t opcode, char *io_emul_stub, const struct cpu_user_regs *regs); #endif diff --git a/xen/arch/x86/ioport_emulate.c b/xen/arch/x86/ioport_emulate.c index 6caeb3d470..0c1e389bc8 100644 --- a/xen/arch/x86/ioport_emulate.c +++ b/xen/arch/x86/ioport_emulate.c @@ -8,11 +8,10 @@ #include #include -unsigned int (*__read_mostly ioemul_handle_quirk)( - uint8_t opcode, char *io_emul_stub, struct cpu_user_regs *regs); +bool __ro_after_init ioemul_handle_quirk; -static unsigned int cf_check ioemul_handle_proliant_quirk( - u8 opcode, char *io_emul_stub, struct cpu_user_regs *regs) +unsigned int ioemul_handle_proliant_quirk( + uint8_t opcode, char *io_emul_stub, const struct cpu_user_regs *regs) { static const char stub[] = { 0x9c, /* pushf */ @@ -103,7 +102,7 @@ static const struct dmi_system_id __initconstrel ioport_quirks_tbl[] = { static int __init cf_check ioport_quirks_init(void) { if ( dmi_check_system(ioport_quirks_tbl) ) - ioemul_handle_quirk = ioemul_handle_proliant_quirk; + ioemul_handle_quirk = true; return 0; } diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index 0d9f84f458..f101510a1b 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -112,7 +112,7 @@ static io_emul_stub_t *io_emul_stub_setup(struct priv_op_ctxt *ctxt, u8 opcode, /* Some platforms might need to quirk the stub for specific inputs. */ if ( unlikely(ioemul_handle_quirk) ) { - quirk_bytes = ioemul_handle_quirk(opcode, p, ctxt->ctxt.regs); + quirk_bytes = ioemul_handle_proliant_quirk(opcode, p, ctxt->ctxt.regs); p += quirk_bytes; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:12:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:12:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708291.1107039 (Exim 4.92) (envelope-from ) id 1rxQcg-0001W9-FM; Thu, 18 Apr 2024 12:12:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708291.1107039; Thu, 18 Apr 2024 12:12:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcg-0001W0-CO; Thu, 18 Apr 2024 12:12:14 +0000 Received: by outflank-mailman (input) for mailman id 708291; Thu, 18 Apr 2024 12:12:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcf-0001T1-3T for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcf-0007PX-2n for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQcf-0007gU-23 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UDTnYUdvJWga/WdtaSOZMNWv0JR10p2z/T2JrvldPQQ=; b=CWJ0JNRJ9sJXfE8GdW0/HH1HMn 8KsNUk1pAhwdxQLmqNqMGC6/r4LnGObubrACY461tLxaJvrN4AJJhLO6aL8AOR2x+LjaLV/etzW0h qUFHv35zrbFBDWbgLQGw7Ap6/z8EmTEUnrogHLGRh2wOGm6OqP/ETvb2E4WRIX68xATk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/MCE: separate BSP-only initialization Message-Id: Date: Thu, 18 Apr 2024 12:12:13 +0000 commit 9fdbcd84d333c5aabef75e88c8e381a3c2661e48 Author: Jan Beulich AuthorDate: Mon Jan 22 13:40:32 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/MCE: separate BSP-only initialization Several function pointers are registered over and over again, when setting them once on the BSP suffices. Arrange for this in the vendor init functions and mark involved registration functions __init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 9f58616ddb1cc1870399de2202fafc7bf0d61694) --- xen/arch/x86/cpu/mcheck/mcaction.c | 2 +- xen/arch/x86/cpu/mcheck/mce.c | 15 ++++++--------- xen/arch/x86/cpu/mcheck/mce.h | 2 +- xen/arch/x86/cpu/mcheck/mce_amd.c | 20 +++++++++++++------- xen/arch/x86/cpu/mcheck/mce_intel.c | 10 +++++++--- 5 files changed, 28 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mcaction.c b/xen/arch/x86/cpu/mcheck/mcaction.c index f4f265c1bc..695fb61d7d 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.c +++ b/xen/arch/x86/cpu/mcheck/mcaction.c @@ -29,7 +29,7 @@ mci_action_add_pageoffline(int bank, struct mc_info *mi, mce_check_addr_t mc_check_addr = NULL; -void mce_register_addrcheck(mce_check_addr_t cbfunc) +void __init mce_register_addrcheck(mce_check_addr_t cbfunc) { mc_check_addr = cbfunc; } diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 6141b7eb9c..57044f7804 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -84,7 +84,7 @@ static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs) static x86_mce_vector_t _machine_check_vector = unexpected_machine_check; -void x86_mce_vector_register(x86_mce_vector_t hdlr) +void __init x86_mce_vector_register(x86_mce_vector_t hdlr) { _machine_check_vector = hdlr; } @@ -107,7 +107,7 @@ void do_machine_check(const struct cpu_user_regs *regs) */ static x86_mce_callback_t mc_callback_bank_extended = NULL; -void x86_mce_callback_register(x86_mce_callback_t cbfunc) +void __init x86_mce_callback_register(x86_mce_callback_t cbfunc) { mc_callback_bank_extended = cbfunc; } @@ -118,7 +118,7 @@ void x86_mce_callback_register(x86_mce_callback_t cbfunc) */ static mce_recoverable_t mc_recoverable_scan = NULL; -void mce_recoverable_register(mce_recoverable_t cbfunc) +void __init mce_recoverable_register(mce_recoverable_t cbfunc) { mc_recoverable_scan = cbfunc; } @@ -181,7 +181,7 @@ static void mcabank_clear(int banknum) */ static mce_need_clearbank_t mc_need_clearbank_scan = NULL; -void mce_need_clearbank_register(mce_need_clearbank_t cbfunc) +void __init mce_need_clearbank_register(mce_need_clearbank_t cbfunc) { mc_need_clearbank_scan = cbfunc; } @@ -798,7 +798,7 @@ void mcheck_init(struct cpuinfo_x86 *c, bool bsp) { case X86_VENDOR_AMD: case X86_VENDOR_HYGON: - inited = amd_mcheck_init(c); + inited = amd_mcheck_init(c, bsp); break; case X86_VENDOR_INTEL: @@ -1912,11 +1912,8 @@ static void cf_check mce_softirq(void) * will help to collect and log those MCE errors. * Round2: Do all MCE processing logic as normal. */ -void mce_handler_init(void) +void __init mce_handler_init(void) { - if ( smp_processor_id() != 0 ) - return; - /* callback register, do we really need so many callback? */ /* mce handler data initialization */ spin_lock_init(&mce_logout_lock); diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index b6fc9c3617..f2f70a0bb8 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -43,7 +43,7 @@ extern uint8_t cmci_apic_vector; extern bool lmce_support; /* Init functions */ -enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *c); +enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp); enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp); void amd_nonfatal_mcheck_init(struct cpuinfo_x86 *c); diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c b/xen/arch/x86/cpu/mcheck/mce_amd.c index 72f3feeaee..c8891de84d 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.c +++ b/xen/arch/x86/cpu/mcheck/mce_amd.c @@ -272,7 +272,7 @@ int vmce_amd_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) } enum mcheck_type -amd_mcheck_init(const struct cpuinfo_x86 *c) +amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp) { uint32_t i; enum mcequirk_amd_flags quirkflag = 0; @@ -282,9 +282,12 @@ amd_mcheck_init(const struct cpuinfo_x86 *c) /* Assume that machine check support is available. * The minimum provided support is at least the K8. */ - mce_handler_init(); - x86_mce_vector_register(mcheck_cmn_handler); - mce_need_clearbank_register(amd_need_clearbank_scan); + if ( bsp ) + { + mce_handler_init(); + x86_mce_vector_register(mcheck_cmn_handler); + mce_need_clearbank_register(amd_need_clearbank_scan); + } for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -324,9 +327,12 @@ amd_mcheck_init(const struct cpuinfo_x86 *c) ppin_msr = MSR_AMD_PPIN; } - x86_mce_callback_register(amd_f10_handler); - mce_recoverable_register(mc_amd_recoverable_scan); - mce_register_addrcheck(mc_amd_addrcheck); + if ( bsp ) + { + x86_mce_callback_register(amd_f10_handler); + mce_recoverable_register(mc_amd_recoverable_scan); + mce_register_addrcheck(mc_amd_addrcheck); + } return c->x86_vendor == X86_VENDOR_HYGON ? mcheck_hygon : mcheck_amd_famXX; diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index 4045c6591d..84619aadd3 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -820,7 +820,7 @@ static void intel_mce_post_reset(void) return; } -static void intel_init_mce(void) +static void intel_init_mce(bool bsp) { uint64_t msr_content; int i; @@ -846,6 +846,9 @@ static void intel_init_mce(void) if ( firstbank ) /* if cmci enabled, firstbank = 0 */ wrmsrl(MSR_IA32_MC0_STATUS, 0x0ULL); + if ( !bsp ) + return; + x86_mce_vector_register(mcheck_cmn_handler); mce_recoverable_register(intel_recoverable_scan); mce_need_clearbank_register(intel_need_clearbank_scan); @@ -985,9 +988,10 @@ enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp) intel_init_mca(c); - mce_handler_init(); + if ( bsp ) + mce_handler_init(); - intel_init_mce(); + intel_init_mce(bsp); intel_init_cmci(c); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:12:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:12:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708292.1107042 (Exim 4.92) (envelope-from ) id 1rxQcq-0001c6-Gi; Thu, 18 Apr 2024 12:12:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708292.1107042; Thu, 18 Apr 2024 12:12:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcq-0001c1-Dn; Thu, 18 Apr 2024 12:12:24 +0000 Received: by outflank-mailman (input) for mailman id 708292; Thu, 18 Apr 2024 12:12:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcp-0001bl-6t for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcp-0007Pj-67 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQcp-0007hQ-58 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gNlj5o8fymXzVKnMZdCMd8hFRwgQvQEEYvYxH6Ead4k=; b=o2aOuo/AJ2KVZeuaDORAmMX+jW 2ZL9jrhfPoj1bboOIFrlSaxtSnbJCxMMfNsz2IwTac+UpPIupJ3LmcVn8WyO26vXilRLhOiUeBtUb tjC65guAvV8IQsDsJBgZbpq/vE8JUOa7E6n/mLdS/zwI9CQzIgLi7Fs9oM3Nk7LtkSZY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/MCE: switch some callback invocations to altcall Message-Id: Date: Thu, 18 Apr 2024 12:12:23 +0000 commit f7bd03b6080b1601730fd702a449399aa8e6942c Author: Jan Beulich AuthorDate: Mon Jan 22 13:41:07 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/MCE: switch some callback invocations to altcall While not performance critical, these hook invocations still would better be converted: This way all pre-filled (and newly introduced) struct mce_callback instances can become __initconst_cf_clobber, thus allowing to eliminate another 9 ENDBR during the 2nd phase of alternatives patching. While this means registering callbacks a little earlier, doing so is perhaps even advantageous, for having pointers be non-NULL earlier on. Only one set of callbacks would only ever be registered anyway, and neither of the respective initialization function can (subsequently) fail. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 85ba4d050f9f3c4286164f21660ae88435b7e83c) --- xen/arch/x86/cpu/mcheck/mcaction.c | 10 ++---- xen/arch/x86/cpu/mcheck/mcaction.h | 5 --- xen/arch/x86/cpu/mcheck/mce.c | 71 ++++++++++-------------------------- xen/arch/x86/cpu/mcheck/mce.h | 72 +++++++++++++++++++------------------ xen/arch/x86/cpu/mcheck/mce_amd.c | 26 +++++++------- xen/arch/x86/cpu/mcheck/mce_intel.c | 14 ++++---- 6 files changed, 80 insertions(+), 118 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mcaction.c b/xen/arch/x86/cpu/mcheck/mcaction.c index 695fb61d7d..bf7a0de965 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.c +++ b/xen/arch/x86/cpu/mcheck/mcaction.c @@ -27,13 +27,6 @@ mci_action_add_pageoffline(int bank, struct mc_info *mi, return rec; } -mce_check_addr_t mc_check_addr = NULL; - -void __init mce_register_addrcheck(mce_check_addr_t cbfunc) -{ - mc_check_addr = cbfunc; -} - void mc_memerr_dhandler(struct mca_binfo *binfo, enum mce_result *result, @@ -48,7 +41,8 @@ mc_memerr_dhandler(struct mca_binfo *binfo, int vmce_vcpuid; unsigned int mc_vcpuid; - if ( !mc_check_addr(bank->mc_status, bank->mc_misc, MC_ADDR_PHYSICAL) ) + if ( !alternative_call(mce_callbacks.check_addr, bank->mc_status, + bank->mc_misc, MC_ADDR_PHYSICAL) ) { dprintk(XENLOG_WARNING, "No physical address provided for memory error\n"); diff --git a/xen/arch/x86/cpu/mcheck/mcaction.h b/xen/arch/x86/cpu/mcheck/mcaction.h index 5cbe558fb0..6c79498cd2 100644 --- a/xen/arch/x86/cpu/mcheck/mcaction.h +++ b/xen/arch/x86/cpu/mcheck/mcaction.h @@ -12,9 +12,4 @@ mc_memerr_dhandler(struct mca_binfo *binfo, #define MC_ADDR_PHYSICAL 0 #define MC_ADDR_VIRTUAL 1 -typedef bool (*mce_check_addr_t)(uint64_t status, uint64_t misc, int addr_type); -extern void mce_register_addrcheck(mce_check_addr_t); - -extern mce_check_addr_t mc_check_addr; - #endif diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 57044f7804..b07eb95dc2 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -82,47 +82,21 @@ static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs) fatal_trap(regs, 1); } -static x86_mce_vector_t _machine_check_vector = unexpected_machine_check; - -void __init x86_mce_vector_register(x86_mce_vector_t hdlr) -{ - _machine_check_vector = hdlr; -} +struct mce_callbacks __ro_after_init mce_callbacks = { + .handler = unexpected_machine_check, +}; +static const typeof(mce_callbacks.handler) __initconst_cf_clobber __used + default_handler = unexpected_machine_check; /* Call the installed machine check handler for this CPU setup. */ void do_machine_check(const struct cpu_user_regs *regs) { mce_enter(); - _machine_check_vector(regs); + alternative_vcall(mce_callbacks.handler, regs); mce_exit(); } -/* - * Init machine check callback handler - * It is used to collect additional information provided by newer - * CPU families/models without the need to duplicate the whole handler. - * This avoids having many handlers doing almost nearly the same and each - * with its own tweaks ands bugs. - */ -static x86_mce_callback_t mc_callback_bank_extended = NULL; - -void __init x86_mce_callback_register(x86_mce_callback_t cbfunc) -{ - mc_callback_bank_extended = cbfunc; -} - -/* - * Machine check recoverable judgement callback handler - * It is used to judge whether an UC error is recoverable by software - */ -static mce_recoverable_t mc_recoverable_scan = NULL; - -void __init mce_recoverable_register(mce_recoverable_t cbfunc) -{ - mc_recoverable_scan = cbfunc; -} - struct mca_banks *mcabanks_alloc(unsigned int nr) { struct mca_banks *mb; @@ -173,19 +147,6 @@ static void mcabank_clear(int banknum) mca_wrmsr(MSR_IA32_MCx_STATUS(banknum), 0x0ULL); } -/* - * Judging whether to Clear Machine Check error bank callback handler - * According to Intel latest MCA OS Recovery Writer's Guide, - * whether the error MCA bank needs to be cleared is decided by the mca_source - * and MCi_status bit value. - */ -static mce_need_clearbank_t mc_need_clearbank_scan = NULL; - -void __init mce_need_clearbank_register(mce_need_clearbank_t cbfunc) -{ - mc_need_clearbank_scan = cbfunc; -} - /* * mce_logout_lock should only be used in the trap handler, * while MCIP has not been cleared yet in the global status @@ -226,7 +187,8 @@ static void mca_init_bank(enum mca_source who, struct mc_info *mi, int bank) if ( (mib->mc_status & MCi_STATUS_MISCV) && (mib->mc_status & MCi_STATUS_ADDRV) && - (mc_check_addr(mib->mc_status, mib->mc_misc, MC_ADDR_PHYSICAL)) && + alternative_call(mce_callbacks.check_addr, mib->mc_status, + mib->mc_misc, MC_ADDR_PHYSICAL) && (who == MCA_POLLER || who == MCA_CMCI_HANDLER) && (mfn_valid(_mfn(paddr_to_pfn(mib->mc_addr)))) ) { @@ -326,7 +288,7 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, * If no mc_recovery_scan callback handler registered, * this error is not recoverable */ - recover = mc_recoverable_scan ? 1 : 0; + recover = mce_callbacks.recoverable_scan; for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -343,8 +305,9 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, * decide whether to clear bank by MCi_STATUS bit value such as * OVER/UC/EN/PCC/S/AR */ - if ( mc_need_clearbank_scan ) - need_clear = mc_need_clearbank_scan(who, status); + if ( mce_callbacks.need_clearbank_scan ) + need_clear = alternative_call(mce_callbacks.need_clearbank_scan, + who, status); /* * If this is the first bank with valid MCA DATA, then @@ -380,12 +343,12 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, if ( recover && uc ) /* uc = true, recover = true, we need not panic. */ - recover = mc_recoverable_scan(status); + recover = alternative_call(mce_callbacks.recoverable_scan, status); mca_init_bank(who, mci, i); - if ( mc_callback_bank_extended ) - mc_callback_bank_extended(mci, i, status); + if ( mce_callbacks.info_collect ) + alternative_vcall(mce_callbacks.info_collect, mci, i, status); /* By default, need_clear = true */ if ( who != MCA_MCE_SCAN && need_clear ) @@ -1912,9 +1875,11 @@ static void cf_check mce_softirq(void) * will help to collect and log those MCE errors. * Round2: Do all MCE processing logic as normal. */ -void __init mce_handler_init(void) +void __init mce_handler_init(const struct mce_callbacks *cb) { /* callback register, do we really need so many callback? */ + mce_callbacks = *cb; + /* mce handler data initialization */ spin_lock_init(&mce_logout_lock); open_softirq(MACHINE_CHECK_SOFTIRQ, mce_softirq); diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index f2f70a0bb8..7f26afae23 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -63,20 +63,12 @@ void x86_mc_get_cpu_info(unsigned cpu, uint32_t *chipid, uint16_t *coreid, unsigned *ncores, unsigned *ncores_active, unsigned *nthreads); -/* Register a handler for machine check exceptions. */ -typedef void (*x86_mce_vector_t)(const struct cpu_user_regs *regs); -extern void x86_mce_vector_register(x86_mce_vector_t hdlr); - /* * Common generic MCE handler that implementations may nominate * via x86_mce_vector_register. */ void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs); -/* Register a handler for judging whether mce is recoverable. */ -typedef bool (*mce_recoverable_t)(uint64_t status); -extern void mce_recoverable_register(mce_recoverable_t cbfunc); - /* Read an MSR, checking for an interposed value first */ extern struct intpose_ent *intpose_lookup(unsigned int cpu_nr, uint64_t msr, uint64_t *valp); @@ -137,30 +129,6 @@ extern mctelem_cookie_t mcheck_mca_logout(enum mca_source who, struct mca_summary *sp, struct mca_banks *clear_bank); -/* - * Register callbacks to be made during bank telemetry logout. - * Those callbacks are only available to those machine check handlers - * that call to the common mcheck_cmn_handler or who use the common - * telemetry logout function mcheck_mca_logout in error polling. - */ - -/* Register a handler for judging whether the bank need to be cleared */ -typedef bool (*mce_need_clearbank_t)(enum mca_source who, u64 status); -extern void mce_need_clearbank_register(mce_need_clearbank_t cbfunc); - -/* - * Register a callback to collect additional information (typically non- - * architectural) provided by newer CPU families/models without the need - * to duplicate the whole handler resulting in various handlers each with - * its own tweaks and bugs. The callback receives an struct mc_info pointer - * which it can use with x86_mcinfo_reserve to add additional telemetry, - * the current MCA bank number we are reading telemetry from, and the - * MCi_STATUS value for that bank. - */ -typedef struct mcinfo_extended *(*x86_mce_callback_t) - (struct mc_info *, uint16_t, uint64_t); -extern void x86_mce_callback_register(x86_mce_callback_t cbfunc); - void *x86_mcinfo_reserve(struct mc_info *mi, unsigned int size, unsigned int type); void x86_mcinfo_dump(struct mc_info *mi); @@ -201,8 +169,44 @@ static inline int mce_bank_msr(const struct vcpu *v, uint32_t msr) return 0; } -/* MC softirq */ -void mce_handler_init(void); +struct mce_callbacks { + void (*handler)(const struct cpu_user_regs *regs); + bool (*check_addr)(uint64_t status, uint64_t misc, int addr_type); + + /* Handler for judging whether mce is recoverable. */ + bool (*recoverable_scan)(uint64_t status); + + /* + * Callbacks to be made during bank telemetry logout. + * They are only available to those machine check handlers + * that call to the common mcheck_cmn_handler or who use the common + * telemetry logout function mcheck_mca_logout in error polling. + */ + + /* + * Judging whether to Clear Machine Check error bank callback handler. + * According to Intel latest MCA OS Recovery Writer's Guide, whether + * the error MCA bank needs to be cleared is decided by the mca_source + * and MCi_status bit value. + */ + bool (*need_clearbank_scan)(enum mca_source who, u64 status); + + /* + * Callback to collect additional information (typically non- + * architectural) provided by newer CPU families/models without the need + * to duplicate the whole handler resulting in various handlers each with + * its own tweaks and bugs. The callback receives an struct mc_info pointer + * which it can use with x86_mcinfo_reserve to add additional telemetry, + * the current MCA bank number we are reading telemetry from, and the + * MCi_STATUS value for that bank. + */ + struct mcinfo_extended *(*info_collect) + (struct mc_info *mi, uint16_t bank, uint64_t status); +}; + +extern struct mce_callbacks mce_callbacks; + +void mce_handler_init(const struct mce_callbacks *cb); extern const struct mca_error_handler *mce_dhandlers; extern const struct mca_error_handler *mce_uhandlers; diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c b/xen/arch/x86/cpu/mcheck/mce_amd.c index c8891de84d..3318b8204f 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.c +++ b/xen/arch/x86/cpu/mcheck/mce_amd.c @@ -271,6 +271,19 @@ int vmce_amd_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) return 1; } +static const struct mce_callbacks __initconst_cf_clobber k8_callbacks = { + .handler = mcheck_cmn_handler, + .need_clearbank_scan = amd_need_clearbank_scan, +}; + +static const struct mce_callbacks __initconst_cf_clobber k10_callbacks = { + .handler = mcheck_cmn_handler, + .check_addr = mc_amd_addrcheck, + .recoverable_scan = mc_amd_recoverable_scan, + .need_clearbank_scan = amd_need_clearbank_scan, + .info_collect = amd_f10_handler, +}; + enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp) { @@ -283,11 +296,7 @@ amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp) /* Assume that machine check support is available. * The minimum provided support is at least the K8. */ if ( bsp ) - { - mce_handler_init(); - x86_mce_vector_register(mcheck_cmn_handler); - mce_need_clearbank_register(amd_need_clearbank_scan); - } + mce_handler_init(c->x86 == 0xf ? &k8_callbacks : &k10_callbacks); for ( i = 0; i < this_cpu(nr_mce_banks); i++ ) { @@ -327,13 +336,6 @@ amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp) ppin_msr = MSR_AMD_PPIN; } - if ( bsp ) - { - x86_mce_callback_register(amd_f10_handler); - mce_recoverable_register(mc_amd_recoverable_scan); - mce_register_addrcheck(mc_amd_addrcheck); - } - return c->x86_vendor == X86_VENDOR_HYGON ? mcheck_hygon : mcheck_amd_famXX; } diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index 84619aadd3..a99f9cce9d 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -849,11 +849,6 @@ static void intel_init_mce(bool bsp) if ( !bsp ) return; - x86_mce_vector_register(mcheck_cmn_handler); - mce_recoverable_register(intel_recoverable_scan); - mce_need_clearbank_register(intel_need_clearbank_scan); - mce_register_addrcheck(intel_checkaddr); - mce_dhandlers = intel_mce_dhandlers; mce_dhandler_num = ARRAY_SIZE(intel_mce_dhandlers); mce_uhandlers = intel_mce_uhandlers; @@ -963,6 +958,13 @@ static int cf_check cpu_callback( return notifier_from_errno(rc); } +static const struct mce_callbacks __initconst_cf_clobber intel_callbacks = { + .handler = mcheck_cmn_handler, + .check_addr = intel_checkaddr, + .recoverable_scan = intel_recoverable_scan, + .need_clearbank_scan = intel_need_clearbank_scan, +}; + static struct notifier_block cpu_nfb = { .notifier_call = cpu_callback }; @@ -989,7 +991,7 @@ enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp) intel_init_mca(c); if ( bsp ) - mce_handler_init(); + mce_handler_init(&intel_callbacks); intel_init_mce(bsp); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:12:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:12:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708294.1107047 (Exim 4.92) (envelope-from ) id 1rxQd0-0001hh-Jg; Thu, 18 Apr 2024 12:12:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708294.1107047; Thu, 18 Apr 2024 12:12:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQd0-0001hZ-Gs; Thu, 18 Apr 2024 12:12:34 +0000 Received: by outflank-mailman (input) for mailman id 708294; Thu, 18 Apr 2024 12:12:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcz-0001hL-A4 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQcz-0007Pz-9H for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQcz-0007hr-8S for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ht7itsItT8NIynDe0+sRxnTbRAN3wgr9e5//f34U8uY=; b=LrSvb+oqwxerFrvey4CZSrAldN 5BYddGHtWal6/4/6+4QChx4OGI6km5ryjEEBof2D9Y+9PFCzLTsPey+hudXTGQbxdUVhAEm979AVR J84wcu/A9jSN7rTkB9qtcUMRFnYp5D3CZvz/cAZZAzcn2m/r2/0kmpflpYxaHxUX6rB0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] IRQ: generalize [gs]et_irq_regs() Message-Id: Date: Thu, 18 Apr 2024 12:12:33 +0000 commit 1fe30f552a1e7e5fb71afa8078ea5b075f8a390f Author: Jan Beulich AuthorDate: Tue Jan 23 12:03:23 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 IRQ: generalize [gs]et_irq_regs() Move functions (and their data) to common code, and invoke the functions on Arm as well. This is in preparation of dropping the register parameters from handler functions. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Reviewed-by: Julien Grall (cherry picked from commit f67bddf3bccd99a5fee968c3b3f288db6a57d3be) --- xen/arch/arm/irq.c | 2 ++ xen/arch/x86/include/asm/irq.h | 21 --------------------- xen/arch/x86/irq.c | 2 -- xen/common/irq.c | 2 ++ xen/include/xen/irq.h | 21 +++++++++++++++++++++ 5 files changed, 25 insertions(+), 23 deletions(-) diff --git a/xen/arch/arm/irq.c b/xen/arch/arm/irq.c index 1f05ecdee5..ae69fb4aeb 100644 --- a/xen/arch/arm/irq.c +++ b/xen/arch/arm/irq.c @@ -221,6 +221,7 @@ void do_IRQ(struct cpu_user_regs *regs, unsigned int irq, int is_fiq) { struct irq_desc *desc = irq_to_desc(irq); struct irqaction *action; + struct cpu_user_regs *old_regs = set_irq_regs(regs); perfc_incr(irqs); @@ -288,6 +289,7 @@ out: out_no_end: spin_unlock(&desc->lock); irq_exit(); + set_irq_regs(old_regs); } void release_irq(unsigned int irq, const void *dev_id) diff --git a/xen/arch/x86/include/asm/irq.h b/xen/arch/x86/include/asm/irq.h index 465ab39bb0..d7fb8ec7e8 100644 --- a/xen/arch/x86/include/asm/irq.h +++ b/xen/arch/x86/include/asm/irq.h @@ -70,27 +70,6 @@ extern bool opt_noirqbalance; extern int opt_irq_vector_map; -/* - * Per-cpu current frame pointer - the location of the last exception frame on - * the stack - */ -DECLARE_PER_CPU(struct cpu_user_regs *, __irq_regs); - -static inline struct cpu_user_regs *get_irq_regs(void) -{ - return this_cpu(__irq_regs); -} - -static inline struct cpu_user_regs *set_irq_regs(struct cpu_user_regs *new_regs) -{ - struct cpu_user_regs *old_regs, **pp_regs = &this_cpu(__irq_regs); - - old_regs = *pp_regs; - *pp_regs = new_regs; - return old_regs; -} - - #define platform_legacy_irq(irq) ((irq) < 16) void cf_check event_check_interrupt(struct cpu_user_regs *regs); diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 16d9fceba1..e07006391a 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -53,8 +53,6 @@ static DEFINE_SPINLOCK(vector_lock); DEFINE_PER_CPU(vector_irq_t, vector_irq); -DEFINE_PER_CPU(struct cpu_user_regs *, __irq_regs); - static LIST_HEAD(irq_ratelimit_list); static DEFINE_SPINLOCK(irq_ratelimit_lock); static struct timer irq_ratelimit_timer; diff --git a/xen/common/irq.c b/xen/common/irq.c index 727cf8bd22..236cf171e2 100644 --- a/xen/common/irq.c +++ b/xen/common/irq.c @@ -1,6 +1,8 @@ #include #include +DEFINE_PER_CPU(struct cpu_user_regs *, irq_regs); + int init_one_irq_desc(struct irq_desc *desc) { int err; diff --git a/xen/include/xen/irq.h b/xen/include/xen/irq.h index 58d462e8e6..65083135e1 100644 --- a/xen/include/xen/irq.h +++ b/xen/include/xen/irq.h @@ -131,6 +131,27 @@ void cf_check irq_actor_none(struct irq_desc *desc); #define irq_disable_none irq_actor_none #define irq_enable_none irq_actor_none +/* + * Per-cpu interrupted context register state - the inner-most interrupt frame + * on the stack. + */ +DECLARE_PER_CPU(struct cpu_user_regs *, irq_regs); + +static inline struct cpu_user_regs *get_irq_regs(void) +{ + return this_cpu(irq_regs); +} + +static inline struct cpu_user_regs *set_irq_regs(struct cpu_user_regs *new_regs) +{ + struct cpu_user_regs *old_regs, **pp_regs = &this_cpu(irq_regs); + + old_regs = *pp_regs; + *pp_regs = new_regs; + + return old_regs; +} + struct domain; struct vcpu; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:12:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:12:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708296.1107051 (Exim 4.92) (envelope-from ) id 1rxQdA-0001l1-Kz; Thu, 18 Apr 2024 12:12:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708296.1107051; Thu, 18 Apr 2024 12:12:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdA-0001ku-IF; Thu, 18 Apr 2024 12:12:44 +0000 Received: by outflank-mailman (input) for mailman id 708296; Thu, 18 Apr 2024 12:12:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQd9-0001kh-Ej for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQd9-0007QF-E2 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQd9-0007iI-BX for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=h+USskPuOMX7tSAQF/jm82h2aV8ei0uOjeVbMtdZ5ug=; b=3sQdOW+eDjOVKTBqmfUD9+R08Q KAiiDule5b6dVfR9rBqXNvFqICzryuzXXOiHn23yhnWyjUqwMkAKmTdYQfK0TTTwDFuK2WR8PS5/w lE1djn7UvZLijN1QLoIeQ4z0q5sApDW484BRli0JlgTKEvmo44atAQ54fhMnQyIN7sQM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Expose IPRED_CTRL to guests Message-Id: Date: Thu, 18 Apr 2024 12:12:43 +0000 commit fa7f2f9a8618f849380d203c7f18cc8ab12df5fa Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:58 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Expose IPRED_CTRL to guests The CPUID feature bit signals the presence of the IPRED_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 4dd6760706848de30f7c8b5f83462b9bcb070c91) --- xen/arch/x86/msr.c | 6 ++++-- xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index c33dc78cd8..54d3752e93 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -309,8 +309,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) /* * Caller to confirm that MSR_SPEC_CTRL is available. Intel and AMD have - * separate CPUID features for this functionality, but only set will be - * active. + * separate CPUID features for some of this functionality, but only one + * vendors-worth will be active on a single host. */ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) { @@ -324,6 +324,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) return (SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | (ssbd ? SPEC_CTRL_SSBD : 0) | (psfd ? SPEC_CTRL_PSFD : 0) | + (cp->feat.ipred_ctrl + ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index f3f745ef61..8b7e7d29eb 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -300,7 +300,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /* MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /* MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(DDP_CTRL, 13*32+ 3) /* MSR_SPEC_CTRL.DDP_DIS_U */ XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 9aa59ffdb1..18f0693d33 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -318,7 +318,8 @@ def crunch_numbers(state): # IBRSB/IBRS, and we pass this MSR directly to guests. Treating them # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. - IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS], + IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, + IPRED_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, AUTO_IBRS, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:12:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:12:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708297.1107054 (Exim 4.92) (envelope-from ) id 1rxQdK-0001pI-MK; Thu, 18 Apr 2024 12:12:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708297.1107054; Thu, 18 Apr 2024 12:12:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdK-0001pB-Jm; Thu, 18 Apr 2024 12:12:54 +0000 Received: by outflank-mailman (input) for mailman id 708297; Thu, 18 Apr 2024 12:12:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdJ-0001ow-Hl for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdJ-0007QS-H2 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQdJ-0007iz-GE for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:12:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VXnN0W1oYsBN1drOcU0/G9bVdDr+y2ma8WULvY6/UIs=; b=TJmma5nm6W92VrssCO+H4DVLKw XONCyoBJ+zSGT0SfrF6WV/CFcH/mgvLs6LhW2ICnRXnfcHhooQypvKMirGQ4M6iN8vWuccYuD0f7K FziPyPUVhLtMIf16xdqvVfx5vrArJ/cQnzZ9DwgvwUIU4ORgabqMFKxCZzawgtO4e/KI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Expose RRSBA_CTRL to guests Message-Id: Date: Thu, 18 Apr 2024 12:12:53 +0000 commit a5463998291c40f6ff3ed17cc3fdcbc0d28baf68 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:13:59 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Expose RRSBA_CTRL to guests The CPUID feature bit signals the presence of the RRSBA_DIS_{U,S} controls in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs. Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 478e4787fa64b621061177a7843c452e9a19916d) --- xen/arch/x86/msr.c | 2 ++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index 54d3752e93..d42f5bd6ef 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -326,6 +326,8 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) (psfd ? SPEC_CTRL_PSFD : 0) | (cp->feat.ipred_ctrl ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | + (cp->feat.rrsba_ctrl + ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 8b7e7d29eb..c6e614f478 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -301,7 +301,7 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /* MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(DDP_CTRL, 13*32+ 3) /* MSR_SPEC_CTRL.DDP_DIS_U */ XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 18f0693d33..8edb1ea10b 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -319,7 +319,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL], + IPRED_CTRL, RRSBA_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, AUTO_IBRS, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:13:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:13:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708298.1107059 (Exim 4.92) (envelope-from ) id 1rxQdU-0001sZ-Nu; Thu, 18 Apr 2024 12:13:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708298.1107059; Thu, 18 Apr 2024 12:13:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdU-0001sR-LH; Thu, 18 Apr 2024 12:13:04 +0000 Received: by outflank-mailman (input) for mailman id 708298; Thu, 18 Apr 2024 12:13:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdT-0001sG-Kr for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdT-0007Qs-K8 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQdT-0007jf-JM for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zBx19OPescaNBjeS3FkRm7PQF3KeKDW0Z3YuujtVhjo=; b=V3V8VzdalpU3O8DVn0SydArpGr 1qwPdhFyvGfku8QYrK0e4xCDmPMyiRYRPgxmVlt/OySgIwdvGOSZ8KKMzoiESctsT+2eKP54RtzeK vm8T16rpIractQ2YLoXi9LuSSiP+N7S8zbx+gVrbIZRt8vBSX+IVS7kJTT/ruJEZWdOw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Expose BHI_CTRL to guests Message-Id: Date: Thu, 18 Apr 2024 12:13:03 +0000 commit 0f6696a78059d4442515c6a80ff73db7b336c0c1 Author: Roger Pau Monné AuthorDate: Tue Jan 30 10:14:00 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Expose BHI_CTRL to guests The CPUID feature bit signals the presence of the BHI_DIS_S control in SPEC_CTRL MSR, first available in Intel AlderLake and Sapphire Rapids CPUs Xen already knows how to context switch MSR_SPEC_CTRL properly between guest and hypervisor context. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 583f1d0950529f3517b1741c2b21a028a82ba831) --- xen/arch/x86/msr.c | 1 + xen/include/public/arch-x86/cpufeatureset.h | 2 +- xen/tools/gen-cpuid.py | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index d42f5bd6ef..9babd441f9 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -328,6 +328,7 @@ uint64_t msr_spec_ctrl_valid_bits(const struct cpu_policy *cp) ? (SPEC_CTRL_IPRED_DIS_U | SPEC_CTRL_IPRED_DIS_S) : 0) | (cp->feat.rrsba_ctrl ? (SPEC_CTRL_RRSBA_DIS_U | SPEC_CTRL_RRSBA_DIS_S) : 0) | + (cp->feat.bhi_ctrl ? SPEC_CTRL_BHI_DIS_S : 0) | 0); } diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index c6e614f478..8b2744788d 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -303,7 +303,7 @@ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(DDP_CTRL, 13*32+ 3) /* MSR_SPEC_CTRL.DDP_DIS_U */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index 8edb1ea10b..02dd45a5ed 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -319,7 +319,7 @@ def crunch_numbers(state): # as dependent features simplifies Xen's logic, and prevents the guest # from seeing implausible configurations. IBRSB: [STIBP, SSBD, INTEL_PSFD, EIBRS, - IPRED_CTRL, RRSBA_CTRL], + IPRED_CTRL, RRSBA_CTRL, BHI_CTRL], IBRS: [AMD_STIBP, AMD_SSBD, PSFD, AUTO_IBRS, IBRS_ALWAYS, IBRS_FAST, IBRS_SAME_MODE], IBPB: [IBPB_RET, SBPB, IBPB_BRTYPE], -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:13:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:13:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708299.1107062 (Exim 4.92) (envelope-from ) id 1rxQde-0001xg-P6; Thu, 18 Apr 2024 12:13:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708299.1107062; Thu, 18 Apr 2024 12:13:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQde-0001xZ-Mi; Thu, 18 Apr 2024 12:13:14 +0000 Received: by outflank-mailman (input) for mailman id 708299; Thu, 18 Apr 2024 12:13:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdd-0001xO-Nd for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdd-0007RW-Mu for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQdd-0007kJ-MG for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LCTiImUhBx7uFL+DHZwRW3ZPkr3axLGW2Jzk4jAANUM=; b=vML7WD+B6f++DNcOFZtC0kf8DD a6kgbggXqXXzIem0KGtpInscraYy5BHDNwsJx7GxtWb8LuPMJ8GYxn93aSc2t7t2jSanN4D9J+3e6 NkmjOHcbae9KvUI95iQDo9zMpXrT+15QbuP+2hwMU5WccG+hgdeXn99/gd/8J/cT5SJ0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86: arrange for ENDBR zapping from _ctxt_switch_masking() Message-Id: Date: Thu, 18 Apr 2024 12:13:13 +0000 commit b6fad02a54da8c38a316eeebab22152f29ee0218 Author: Jan Beulich AuthorDate: Mon Feb 5 10:44:46 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86: arrange for ENDBR zapping from _ctxt_switch_masking() While altcall is already used for them, the functions want announcing in .init.rodata.cf_clobber, even if the resulting static variables aren't otherwise used. While doing this also move ctxt_switch_masking to .data.ro_after_init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper (cherry picked from commit 044168fa3a65b6542bda5c21e373742de1bd5980) --- xen/arch/x86/cpu/amd.c | 5 +++++ xen/arch/x86/cpu/common.c | 2 +- xen/arch/x86/cpu/intel.c | 5 +++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index d43288ae97..808cda46bc 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -258,6 +258,11 @@ static void cf_check amd_ctxt_switch_masking(const struct vcpu *next) #undef LAZY } +#ifdef CONFIG_XEN_IBT /* Announce the function to ENDBR clobbering logic. */ +static const typeof(ctxt_switch_masking) __initconst_cf_clobber __used csm = + amd_ctxt_switch_masking; +#endif + /* * Mask the features and extended features returned by CPUID. Parameters are * set from the boot line via two methods: diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 51509fece0..61e5e52151 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -119,7 +119,7 @@ static const struct cpu_dev default_cpu = { static const struct cpu_dev *this_cpu = &default_cpu; static DEFINE_PER_CPU(uint64_t, msr_misc_features); -void (* __read_mostly ctxt_switch_masking)(const struct vcpu *next); +void (* __ro_after_init ctxt_switch_masking)(const struct vcpu *next); bool __init probe_cpuid_faulting(void) { diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index aef8e4506c..19466b89e8 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -220,6 +220,11 @@ static void cf_check intel_ctxt_switch_masking(const struct vcpu *next) #undef LAZY } +#ifdef CONFIG_XEN_IBT /* Announce the function to ENDBR clobbering logic. */ +static const typeof(ctxt_switch_masking) __initconst_cf_clobber __used csm = + intel_ctxt_switch_masking; +#endif + /* * opt_cpuid_mask_ecx/edx: cpuid.1[ecx, edx] feature mask. * For example, E8400[Intel Core 2 Duo Processor series] ecx = 0x0008E3FD, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:13:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:13:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708300.1107066 (Exim 4.92) (envelope-from ) id 1rxQdo-00020X-R0; Thu, 18 Apr 2024 12:13:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708300.1107066; Thu, 18 Apr 2024 12:13:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdo-00020P-OD; Thu, 18 Apr 2024 12:13:24 +0000 Received: by outflank-mailman (input) for mailman id 708300; Thu, 18 Apr 2024 12:13:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdn-00020G-Qi for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdn-0007Rg-Pz for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQdn-0007kv-P5 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QBhDAb/LG0XnNTRwmJKBjI3BVU+qcWEp1XlCcN1z3Vg=; b=Ll+TMkDRqDgGTG4VwPvNRfzOZG r07makqmAGm+/ISNCmc/LZezCI5/KH3qUfSD9sqJ++5PSac1MJMud4N0B1YuOwJvHJ7TZPpFuZmHf BlJjOn39Hro6Q3LAuCybRbvqN3aPnG53M8ntzzRSf5nLQ2pB7v94xLg2GGgvcEI1aoj0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/guest: finish conversion to altcall Message-Id: Date: Thu, 18 Apr 2024 12:13:23 +0000 commit 8a8c6262814171a295008d15a153c88c3c10616b Author: Jan Beulich AuthorDate: Mon Feb 5 10:45:31 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/guest: finish conversion to altcall While .setup() and .e820_fixup() don't need fiddling with for being run only very early, both .ap_setup() and .resume() want converting too: This way both pre-filled struct hypervisor_ops instances can become __initconst_cf_clobber, thus allowing to eliminate up to 5 more ENDBR (configuration dependent) during the 2nd phase of alternatives patching. While fiddling with section annotations here, also move "ops" itself to .data.ro_after_init. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Acked-by: Paul Durrant (cherry picked from commit e931edccc53c9dd6e9a505ad0ff3a03d985669bc) --- xen/arch/x86/guest/hyperv/hyperv.c | 2 +- xen/arch/x86/guest/hypervisor.c | 6 +++--- xen/arch/x86/guest/xen/xen.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/guest/hyperv/hyperv.c b/xen/arch/x86/guest/hyperv/hyperv.c index 912099564e..6989af38f1 100644 --- a/xen/arch/x86/guest/hyperv/hyperv.c +++ b/xen/arch/x86/guest/hyperv/hyperv.c @@ -207,7 +207,7 @@ static int cf_check flush_tlb( return hyperv_flush_tlb(mask, va, flags); } -static const struct hypervisor_ops __initconstrel ops = { +static const struct hypervisor_ops __initconst_cf_clobber ops = { .name = "Hyper-V", .setup = setup, .ap_setup = ap_setup, diff --git a/xen/arch/x86/guest/hypervisor.c b/xen/arch/x86/guest/hypervisor.c index e0b046cc6c..ac80e83245 100644 --- a/xen/arch/x86/guest/hypervisor.c +++ b/xen/arch/x86/guest/hypervisor.c @@ -13,7 +13,7 @@ #include #include -static struct hypervisor_ops __read_mostly ops; +static struct hypervisor_ops __ro_after_init ops; const char *__init hypervisor_probe(void) { @@ -49,7 +49,7 @@ void __init hypervisor_setup(void) int hypervisor_ap_setup(void) { if ( ops.ap_setup ) - return ops.ap_setup(); + return alternative_call(ops.ap_setup); return 0; } @@ -57,7 +57,7 @@ int hypervisor_ap_setup(void) void hypervisor_resume(void) { if ( ops.resume ) - ops.resume(); + alternative_vcall(ops.resume); } void __init hypervisor_e820_fixup(void) diff --git a/xen/arch/x86/guest/xen/xen.c b/xen/arch/x86/guest/xen/xen.c index 2eed32fe46..44a689d439 100644 --- a/xen/arch/x86/guest/xen/xen.c +++ b/xen/arch/x86/guest/xen/xen.c @@ -318,7 +318,7 @@ static int cf_check flush_tlb( return xen_hypercall_hvm_op(HVMOP_flush_tlbs, NULL); } -static const struct hypervisor_ops __initconstrel ops = { +static const struct hypervisor_ops __initconst_cf_clobber ops = { .name = "Xen", .setup = setup, .ap_setup = ap_setup, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:13:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:13:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708301.1107070 (Exim 4.92) (envelope-from ) id 1rxQdy-00023u-TV; Thu, 18 Apr 2024 12:13:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708301.1107070; Thu, 18 Apr 2024 12:13:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdy-00023n-R1; Thu, 18 Apr 2024 12:13:34 +0000 Received: by outflank-mailman (input) for mailman id 708301; Thu, 18 Apr 2024 12:13:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdx-00023f-Tp for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQdx-0007Rr-Sz for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQdx-0007la-SB for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=tdzs4u0z9bg/sh1BaiNtRQmGsMEHKMHEiAyCGTMWyC0=; b=nXbCYn0anajoR5jRmaL5DcIUd+ CgfBIyQ2cpEFtGzMaLF1C7QIC/t7vXRcf+oSRgsfEoSAkvE5SkMD/+BcciotMyuyKPe9Yt0RtRFMg fLnXAhFHWCgrtu+YpPxVYVwnEPeSSK0L/mv74M/08LesyxWKf3LN1Nzij6YZ6auk8bTw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/CPU: convert vendor hook invocations to altcall Message-Id: Date: Thu, 18 Apr 2024 12:13:33 +0000 commit 4c2208d06cd03e54f97b98b4449dc717fc1dcee5 Author: Jan Beulich AuthorDate: Mon Feb 5 10:48:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/CPU: convert vendor hook invocations to altcall While not performance critical, these hook invocations still want converting: This way all pre-filled struct cpu_dev instances can become __initconst_cf_clobber, thus allowing to eliminate further 8 ENDBR during the 2nd phase of alternatives patching (besides moving previously resident data to .init.*). Since all use sites need touching anyway, take the opportunity and also address a Misra C:2012 Rule 5.5 violation: Rename the this_cpu static variable. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper (cherry picked from commit 660f8a75013c947fbe5358a640032a1f9f1eece5) --- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/cpu/centaur.c | 2 +- xen/arch/x86/cpu/common.c | 24 ++++++++++++------------ xen/arch/x86/cpu/hygon.c | 2 +- xen/arch/x86/cpu/intel.c | 2 +- xen/arch/x86/cpu/shanghai.c | 2 +- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 808cda46bc..ab92333673 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -1307,7 +1307,7 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) amd_log_freq(c); } -const struct cpu_dev amd_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber amd_cpu_dev = { .c_early_init = early_init_amd, .c_init = init_amd, }; diff --git a/xen/arch/x86/cpu/centaur.c b/xen/arch/x86/cpu/centaur.c index eac49d78db..750168d1e8 100644 --- a/xen/arch/x86/cpu/centaur.c +++ b/xen/arch/x86/cpu/centaur.c @@ -54,6 +54,6 @@ static void cf_check init_centaur(struct cpuinfo_x86 *c) init_c3(c); } -const struct cpu_dev centaur_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber centaur_cpu_dev = { .c_init = init_centaur, }; diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 61e5e52151..26eed2ade1 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -113,10 +113,10 @@ static void cf_check default_init(struct cpuinfo_x86 * c) __clear_bit(X86_FEATURE_SEP, c->x86_capability); } -static const struct cpu_dev default_cpu = { +static const struct cpu_dev __initconst_cf_clobber __used default_cpu = { .c_init = default_init, }; -static const struct cpu_dev *this_cpu = &default_cpu; +static struct cpu_dev __ro_after_init actual_cpu; static DEFINE_PER_CPU(uint64_t, msr_misc_features); void (* __ro_after_init ctxt_switch_masking)(const struct vcpu *next); @@ -336,12 +336,13 @@ void __init early_cpu_init(bool verbose) c->x86_vendor = x86_cpuid_lookup_vendor(ebx, ecx, edx); switch (c->x86_vendor) { - case X86_VENDOR_INTEL: this_cpu = &intel_cpu_dev; break; - case X86_VENDOR_AMD: this_cpu = &amd_cpu_dev; break; - case X86_VENDOR_CENTAUR: this_cpu = ¢aur_cpu_dev; break; - case X86_VENDOR_SHANGHAI: this_cpu = &shanghai_cpu_dev; break; - case X86_VENDOR_HYGON: this_cpu = &hygon_cpu_dev; break; + case X86_VENDOR_INTEL: actual_cpu = intel_cpu_dev; break; + case X86_VENDOR_AMD: actual_cpu = amd_cpu_dev; break; + case X86_VENDOR_CENTAUR: actual_cpu = centaur_cpu_dev; break; + case X86_VENDOR_SHANGHAI: actual_cpu = shanghai_cpu_dev; break; + case X86_VENDOR_HYGON: actual_cpu = hygon_cpu_dev; break; default: + actual_cpu = default_cpu; if (!verbose) break; printk(XENLOG_ERR @@ -448,8 +449,8 @@ static void generic_identify(struct cpuinfo_x86 *c) if (c->extended_cpuid_level >= 0x80000021) c->x86_capability[FEATURESET_e21a] = cpuid_eax(0x80000021); - if (this_cpu->c_early_init) - this_cpu->c_early_init(c); + if (actual_cpu.c_early_init) + alternative_vcall(actual_cpu.c_early_init, c); /* c_early_init() may have adjusted cpuid levels/features. Reread. */ c->cpuid_level = cpuid_eax(0); @@ -546,9 +547,8 @@ void identify_cpu(struct cpuinfo_x86 *c) * At the end of this section, c->x86_capability better * indicate the features this CPU genuinely supports! */ - if (this_cpu->c_init) - this_cpu->c_init(c); - + if (actual_cpu.c_init) + alternative_vcall(actual_cpu.c_init, c); /* * The vendor-specific functions might have changed features. Now diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index 42029f2145..f7508cc8fc 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -87,7 +87,7 @@ static void cf_check init_hygon(struct cpuinfo_x86 *c) amd_log_freq(c); } -const struct cpu_dev hygon_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber hygon_cpu_dev = { .c_early_init = early_init_amd, .c_init = init_hygon, }; diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 19466b89e8..deb7b70464 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -603,7 +603,7 @@ static void cf_check init_intel(struct cpuinfo_x86 *c) setup_clear_cpu_cap(X86_FEATURE_CLWB); } -const struct cpu_dev intel_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber intel_cpu_dev = { .c_early_init = early_init_intel, .c_init = init_intel, }; diff --git a/xen/arch/x86/cpu/shanghai.c b/xen/arch/x86/cpu/shanghai.c index 95ae544f8c..910f2c32f3 100644 --- a/xen/arch/x86/cpu/shanghai.c +++ b/xen/arch/x86/cpu/shanghai.c @@ -15,6 +15,6 @@ static void cf_check init_shanghai(struct cpuinfo_x86 *c) init_intel_cacheinfo(c); } -const struct cpu_dev shanghai_cpu_dev = { +const struct cpu_dev __initconst_cf_clobber shanghai_cpu_dev = { .c_init = init_shanghai, }; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:13:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:13:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708302.1107074 (Exim 4.92) (envelope-from ) id 1rxQe9-00029j-Uw; Thu, 18 Apr 2024 12:13:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708302.1107074; Thu, 18 Apr 2024 12:13:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQe9-00029c-SX; Thu, 18 Apr 2024 12:13:45 +0000 Received: by outflank-mailman (input) for mailman id 708302; Thu, 18 Apr 2024 12:13:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQe8-00027q-16 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQe8-0007S0-0E for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQe7-0007mD-Vb for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ClZWJyBfjs/BDOVV1FLmjqN/hLzfj6uuQb9sMAM5MmY=; b=uxx5MSFu/wRE1d5md1rZqBC9Dt bl5dusx8RYFfzhTTy1S8HadoRDmynr6+VJqTvhUl2dq0DWkW7BYgUJh0pPaUzM7Zlb8MbBU02hl2x oM+oIYBxMgk0iGCEHYf+jw8fcIFBKwaXmEQBOpu8WWXdWyulwjnkKXsdbRHz+Wx9FndM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] VMX: tertiary execution control infrastructure Message-Id: Date: Thu, 18 Apr 2024 12:13:43 +0000 commit 594dd0920f7eb6614fd5a7aab150db05f39572f3 Author: Jan Beulich AuthorDate: Wed Feb 7 13:46:11 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 VMX: tertiary execution control infrastructure This is a prereq to enabling e.g. the MSRLIST feature. Note that the PROCBASED_CTLS3 MSR is different from other VMX feature reporting MSRs, in that all 64 bits report allowed 1-settings. vVMX code is left alone, though, for the time being. Signed-off-by: Jan Beulich Reviewed-by: Roger Pau Monné (cherry picked from commit 878159bf259bfbd7a40312829f1ea0ce1f6645e2) --- xen/arch/x86/hvm/vmx/vmcs.c | 57 +++++++++++++++++++++++++++++---- xen/arch/x86/hvm/vmx/vmx.c | 6 ++++ xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 13 ++++++++ xen/arch/x86/include/asm/hvm/vmx/vmx.h | 1 + xen/arch/x86/include/asm/msr-index.h | 1 + 5 files changed, 72 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index e382aa16c5..04d32b18fd 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -164,6 +164,7 @@ static int cf_check parse_ept_param_runtime(const char *s) u32 vmx_pin_based_exec_control __read_mostly; u32 vmx_cpu_based_exec_control __read_mostly; u32 vmx_secondary_exec_control __read_mostly; +uint64_t vmx_tertiary_exec_control __read_mostly; u32 vmx_vmexit_control __read_mostly; u32 vmx_vmentry_control __read_mostly; u64 vmx_ept_vpid_cap __read_mostly; @@ -229,10 +230,32 @@ static u32 adjust_vmx_controls( return ctl; } -static bool_t cap_check(const char *name, u32 expected, u32 saw) +static uint64_t adjust_vmx_controls2( + const char *name, uint64_t ctl_min, uint64_t ctl_opt, unsigned int msr, + bool *mismatch) +{ + uint64_t vmx_msr, ctl = ctl_min | ctl_opt; + + rdmsrl(msr, vmx_msr); + + ctl &= vmx_msr; /* bit == 0 ==> must be zero */ + + /* Ensure minimum (required) set of control bits are supported. */ + if ( ctl_min & ~ctl ) + { + *mismatch = true; + printk("VMX: CPU%u has insufficient %s (%#lx; requires %#lx)\n", + smp_processor_id(), name, ctl, ctl_min); + } + + return ctl; +} + +static bool cap_check( + const char *name, unsigned long expected, unsigned long saw) { if ( saw != expected ) - printk("VMX %s: saw %#x expected %#x\n", name, saw, expected); + printk("VMX %s: saw %#lx expected %#lx\n", name, saw, expected); return saw != expected; } @@ -242,6 +265,7 @@ static int vmx_init_vmcs_config(bool bsp) u32 _vmx_pin_based_exec_control; u32 _vmx_cpu_based_exec_control; u32 _vmx_secondary_exec_control = 0; + uint64_t _vmx_tertiary_exec_control = 0; u64 _vmx_ept_vpid_cap = 0; u64 _vmx_misc_cap = 0; u32 _vmx_vmexit_control; @@ -275,7 +299,8 @@ static int vmx_init_vmcs_config(bool bsp) opt = (CPU_BASED_ACTIVATE_MSR_BITMAP | CPU_BASED_TPR_SHADOW | CPU_BASED_MONITOR_TRAP_FLAG | - CPU_BASED_ACTIVATE_SECONDARY_CONTROLS); + CPU_BASED_ACTIVATE_SECONDARY_CONTROLS | + CPU_BASED_ACTIVATE_TERTIARY_CONTROLS); _vmx_cpu_based_exec_control = adjust_vmx_controls( "CPU-Based Exec Control", min, opt, MSR_IA32_VMX_PROCBASED_CTLS, &mismatch); @@ -339,6 +364,15 @@ static int vmx_init_vmcs_config(bool bsp) MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); } + if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) + { + uint64_t opt = 0; + + _vmx_tertiary_exec_control = adjust_vmx_controls2( + "Tertiary Exec Control", 0, opt, + MSR_IA32_VMX_PROCBASED_CTLS3, &mismatch); + } + /* The IA32_VMX_EPT_VPID_CAP MSR exists only when EPT or VPID available */ if ( _vmx_secondary_exec_control & (SECONDARY_EXEC_ENABLE_EPT | SECONDARY_EXEC_ENABLE_VPID) ) @@ -469,6 +503,7 @@ static int vmx_init_vmcs_config(bool bsp) vmx_pin_based_exec_control = _vmx_pin_based_exec_control; vmx_cpu_based_exec_control = _vmx_cpu_based_exec_control; vmx_secondary_exec_control = _vmx_secondary_exec_control; + vmx_tertiary_exec_control = _vmx_tertiary_exec_control; vmx_ept_vpid_cap = _vmx_ept_vpid_cap; vmx_vmexit_control = _vmx_vmexit_control; vmx_vmentry_control = _vmx_vmentry_control; @@ -504,6 +539,9 @@ static int vmx_init_vmcs_config(bool bsp) mismatch |= cap_check( "Secondary Exec Control", vmx_secondary_exec_control, _vmx_secondary_exec_control); + mismatch |= cap_check( + "Tertiary Exec Control", + vmx_tertiary_exec_control, _vmx_tertiary_exec_control); mismatch |= cap_check( "VMExit Control", vmx_vmexit_control, _vmx_vmexit_control); @@ -1082,6 +1120,7 @@ static int construct_vmcs(struct vcpu *v) v->arch.hvm.vmx.exec_control |= CPU_BASED_RDTSC_EXITING; v->arch.hvm.vmx.secondary_exec_control = vmx_secondary_exec_control; + v->arch.hvm.vmx.tertiary_exec_control = vmx_tertiary_exec_control; /* * Disable features which we don't want active by default: @@ -1136,6 +1175,10 @@ static int construct_vmcs(struct vcpu *v) __vmwrite(SECONDARY_VM_EXEC_CONTROL, v->arch.hvm.vmx.secondary_exec_control); + if ( cpu_has_vmx_tertiary_exec_control ) + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); + /* MSR access bitmap. */ if ( cpu_has_vmx_msr_bitmap ) { @@ -2071,10 +2114,12 @@ void vmcs_dump_vcpu(struct vcpu *v) vmr(HOST_PERF_GLOBAL_CTRL)); printk("*** Control State ***\n"); - printk("PinBased=%08x CPUBased=%08x SecondaryExec=%08x\n", + printk("PinBased=%08x CPUBased=%08x\n", vmr32(PIN_BASED_VM_EXEC_CONTROL), - vmr32(CPU_BASED_VM_EXEC_CONTROL), - vmr32(SECONDARY_VM_EXEC_CONTROL)); + vmr32(CPU_BASED_VM_EXEC_CONTROL)); + printk("SecondaryExec=%08x TertiaryExec=%016lx\n", + vmr32(SECONDARY_VM_EXEC_CONTROL), + vmr(TERTIARY_VM_EXEC_CONTROL)); printk("EntryControls=%08x ExitControls=%08x\n", vmentry_ctl, vmexit_ctl); printk("ExceptionBitmap=%08x PFECmask=%08x PFECmatch=%08x\n", vmr32(EXCEPTION_BITMAP), diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index ae2157953a..b37c7bbcd2 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -760,6 +760,12 @@ void vmx_update_secondary_exec_control(struct vcpu *v) v->arch.hvm.vmx.secondary_exec_control); } +void vmx_update_tertiary_exec_control(const struct vcpu *v) +{ + __vmwrite(TERTIARY_VM_EXEC_CONTROL, + v->arch.hvm.vmx.tertiary_exec_control); +} + void vmx_update_exception_bitmap(struct vcpu *v) { u32 bitmap = unlikely(v->arch.hvm.vmx.vmx_realmode) diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index 8de9977eb3..68e9e3bf79 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -114,6 +114,7 @@ struct vmx_vcpu { /* Cache of cpu execution control. */ u32 exec_control; u32 secondary_exec_control; + uint64_t tertiary_exec_control; u32 exception_bitmap; uint64_t shadow_gs; @@ -196,6 +197,7 @@ void vmx_vmcs_reload(struct vcpu *v); #define CPU_BASED_RDTSC_EXITING 0x00001000 #define CPU_BASED_CR3_LOAD_EXITING 0x00008000 #define CPU_BASED_CR3_STORE_EXITING 0x00010000 +#define CPU_BASED_ACTIVATE_TERTIARY_CONTROLS 0x00020000 #define CPU_BASED_CR8_LOAD_EXITING 0x00080000 #define CPU_BASED_CR8_STORE_EXITING 0x00100000 #define CPU_BASED_TPR_SHADOW 0x00200000 @@ -260,6 +262,14 @@ extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_NOTIFY_VM_EXITING 0x80000000 extern u32 vmx_secondary_exec_control; +#define TERTIARY_EXEC_LOADIWKEY_EXITING BIT(0, UL) +#define TERTIARY_EXEC_ENABLE_HLAT BIT(1, UL) +#define TERTIARY_EXEC_EPT_PAGING_WRITE BIT(2, UL) +#define TERTIARY_EXEC_GUEST_PAGING_VERIFY BIT(3, UL) +#define TERTIARY_EXEC_IPI_VIRT BIT(4, UL) +#define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) +extern uint64_t vmx_tertiary_exec_control; + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -296,6 +306,8 @@ extern u64 vmx_ept_vpid_cap; (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_MSR_BITMAP) #define cpu_has_vmx_secondary_exec_control \ (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) +#define cpu_has_vmx_tertiary_exec_control \ + (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS) #define cpu_has_vmx_ept \ (vmx_secondary_exec_control & SECONDARY_EXEC_ENABLE_EPT) #define cpu_has_vmx_dt_exiting \ @@ -423,6 +435,7 @@ enum vmcs_field { VIRT_EXCEPTION_INFO = 0x0000202a, XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, + TERTIARY_VM_EXEC_CONTROL = 0x00002034, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h index c84acc221d..9d603e0bb4 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h @@ -81,6 +81,7 @@ void vmx_realmode(struct cpu_user_regs *regs); void vmx_update_exception_bitmap(struct vcpu *v); void vmx_update_cpu_exec_control(struct vcpu *v); void vmx_update_secondary_exec_control(struct vcpu *v); +void vmx_update_tertiary_exec_control(const struct vcpu *v); #define POSTED_INTR_ON 0 #define POSTED_INTR_SN 1 diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 85ef28a612..b1d4dfd261 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -349,6 +349,7 @@ #define MSR_IA32_VMX_TRUE_EXIT_CTLS 0x48f #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 #define MSR_IA32_VMX_VMFUNC 0x491 +#define MSR_IA32_VMX_PROCBASED_CTLS3 0x492 /* K7/K8 MSRs. Not complete. See the architecture manual for a more complete list. */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:13:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:13:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708303.1107078 (Exim 4.92) (envelope-from ) id 1rxQeK-0002HY-0Z; Thu, 18 Apr 2024 12:13:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708303.1107078; Thu, 18 Apr 2024 12:13:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQeJ-0002HQ-U2; Thu, 18 Apr 2024 12:13:55 +0000 Received: by outflank-mailman (input) for mailman id 708303; Thu, 18 Apr 2024 12:13:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQeI-0002HF-3r for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQeI-0007SF-33 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQeI-0007me-2O for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:13:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a5wbM3Q5t3+BpJP+8jn4jmzZgSlgNu7d/igFiZ2FIaA=; b=DO9oYSO0/OEzmpfwOQEwqFlpN3 ODBR6BHqiM+nTWswivpN8zbLArOu8Gw/fQvcyM1SvUaXz7aQ0jBshPEdoLETYWQ+iFrkqUxmeURWg sSIae+Zyge8CwicMDNa6+q4T1hGljEos3ikPUr66MYQHTf/TQVUQ4ermnelmnpFL7QaY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Move __read_mostly data into __ro_after_init Message-Id: Date: Thu, 18 Apr 2024 12:13:54 +0000 commit 125b1a7808ce9b5bc828dd22d5edbfa5c92d98a4 Author: Andrew Cooper AuthorDate: Thu Mar 28 12:38:32 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Move __read_mostly data into __ro_after_init These variables predate the introduction of __ro_after_init, but all qualify. Update them to be consistent with the rest of the file. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 7a09966e7b2823b70f6d56d0cf66c11124f4a3c1) --- xen/arch/x86/spec_ctrl.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 5dfc4ed69e..41c8174507 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -49,18 +49,18 @@ bool __ro_after_init opt_ssbd; static int8_t __initdata opt_psfd = -1; int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; -int8_t __read_mostly opt_eager_fpu = -1; -int8_t __read_mostly opt_l1d_flush = -1; +int8_t __ro_after_init opt_eager_fpu = -1; +int8_t __ro_after_init opt_l1d_flush = -1; static bool __initdata opt_branch_harden = IS_ENABLED(CONFIG_SPECULATIVE_HARDEN_BRANCH); static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __read_mostly default_xen_spec_ctrl; -uint8_t __read_mostly default_spec_ctrl_flags; +uint8_t __ro_after_init default_xen_spec_ctrl; +uint8_t __ro_after_init default_spec_ctrl_flags; -paddr_t __read_mostly l1tf_addr_mask, __read_mostly l1tf_safe_maddr; -bool __read_mostly cpu_has_bug_l1tf; +paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; +bool __ro_after_init cpu_has_bug_l1tf; static unsigned int __initdata l1d_maxphysaddr; static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ @@ -316,8 +316,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) } custom_param("spec-ctrl", parse_spec_ctrl); -int8_t __read_mostly opt_xpti_hwdom = -1; -int8_t __read_mostly opt_xpti_domu = -1; +int8_t __ro_after_init opt_xpti_hwdom = -1; +int8_t __ro_after_init opt_xpti_domu = -1; static __init void xpti_init_default(void) { @@ -381,8 +381,8 @@ static int __init cf_check parse_xpti(const char *s) } custom_param("xpti", parse_xpti); -int8_t __read_mostly opt_pv_l1tf_hwdom = -1; -int8_t __read_mostly opt_pv_l1tf_domu = -1; +int8_t __ro_after_init opt_pv_l1tf_hwdom = -1; +int8_t __ro_after_init opt_pv_l1tf_domu = -1; static int __init cf_check parse_pv_l1tf(const char *s) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:14:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:14:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708304.1107083 (Exim 4.92) (envelope-from ) id 1rxQeU-0002Se-2a; Thu, 18 Apr 2024 12:14:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708304.1107083; Thu, 18 Apr 2024 12:14:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQeT-0002SW-Vg; Thu, 18 Apr 2024 12:14:05 +0000 Received: by outflank-mailman (input) for mailman id 708304; Thu, 18 Apr 2024 12:14:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQeS-0002R8-6n for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQeS-0007Sc-60 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQeS-0007ni-59 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CPjMCS9963JzxvtecBWAyxZM4l5DQr9z4GG4AwyS63M=; b=DXFiEOxhBvhh1WS6s5lzI5kPFW I+8bFlPVA2b3j/F84QAEYEO+Lf7rS+fonipwx1yvGqZLRoAGD5085uJCm9XEwkCgeGQEojpLfok1Q m9b6oEvMT/goplpsvm5023pihp9xQ8vLTUucJkbkFYdJWVZMRJdW81XkdjFOCndjGJTI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch Message-Id: Date: Thu, 18 Apr 2024 12:14:04 +0000 commit 855e261337aab70c904ab5908b67daf8ad80b1a0 Author: Andrew Cooper AuthorDate: Wed Apr 3 17:43:42 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/tsx: Cope with RTM_ALWAYS_ABORT vs RTM mismatch It turns out there is something wonky on some but not all CPUs with MSR_TSX_FORCE_ABORT. The presence of RTM_ALWAYS_ABORT causes Xen to think it's safe to offer HLE/RTM to guests, but in this case, XBEGIN instructions genuinely #UD. Spot this case and try to back out as cleanly as we can. Signed-off-by: Andrew Cooper Tested-by: Marek Marczykowski-Górecki Acked-by: Jan Beulich (cherry picked from commit b33f191e3ca99458fdcea1cb5a29dfa4965d1604) --- xen/arch/x86/tsx.c | 55 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 50d8059f23..fbdd05971c 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -1,5 +1,6 @@ #include #include +#include #include /* @@ -9,6 +10,7 @@ * -1 => Default, altered to 0/1 (if unspecified) by: * - TAA heuristics/settings for speculative safety * - "TSX vs PCR3" select for TSX memory ordering safety + * -2 => Implicit tsx=0 (from RTM_ALWAYS_ABORT vs RTM mismatch) * -3 => Implicit tsx=1 (feed-through from spec-ctrl=0) * * This is arranged such that the bottom bit encodes whether TSX is actually @@ -114,11 +116,50 @@ void tsx_init(void) if ( cpu_has_tsx_force_abort ) { + uint64_t val; + /* - * On an early TSX-enable Skylake part subject to the memory + * On an early TSX-enabled Skylake part subject to the memory * ordering erratum, with at least the March 2019 microcode. */ + rdmsrl(MSR_TSX_FORCE_ABORT, val); + + /* + * At the time of writing (April 2024), it was discovered that + * some parts (e.g. CoffeeLake 8th Gen, 06-9e-0a, ucode 0xf6) + * advertise RTM_ALWAYS_ABORT, but XBEGIN instructions #UD. Other + * similar parts (e.g. KabyLake Xeon-E3, 06-9e-09, ucode 0xf8) + * operate as expected. + * + * In this case: + * - RTM_ALWAYS_ABORT and MSR_TSX_FORCE_ABORT are enumerated. + * - XBEGIN instructions genuinely #UD. + * - MSR_TSX_FORCE_ABORT appears to be write-discard and fails to + * hold its value. + * - HLE and RTM are not enumerated, despite + * MSR_TSX_FORCE_ABORT.TSX_CPUID_CLEAR being clear. + * + * Spot RTM being unavailable without CLEAR_CPUID being set, and + * treat it as if no TSX is available at all. This will prevent + * Xen from thinking it's safe to offer HLE/RTM to VMs. + */ + if ( val == 0 && cpu_has_rtm_always_abort && !cpu_has_rtm ) + { + printk(XENLOG_ERR + "FIRMWARE BUG: CPU %02x-%02x-%02x, ucode 0x%08x: RTM_ALWAYS_ABORT vs RTM mismatch\n", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_mask, this_cpu(cpu_sig).rev); + + setup_clear_cpu_cap(X86_FEATURE_RTM_ALWAYS_ABORT); + setup_clear_cpu_cap(X86_FEATURE_TSX_FORCE_ABORT); + + if ( opt_tsx < 0 ) + opt_tsx = -2; + + goto done_probe; + } + /* * Probe for the June 2021 microcode which de-features TSX on * client parts. (Note - this is a subset of parts impacted by @@ -128,15 +169,8 @@ void tsx_init(void) * read as zero if TSX_FORCE_ABORT.ENABLE_RTM has been set before * we run. */ - if ( !has_rtm_always_abort ) - { - uint64_t val; - - rdmsrl(MSR_TSX_FORCE_ABORT, val); - - if ( val & TSX_ENABLE_RTM ) - has_rtm_always_abort = true; - } + if ( val & TSX_ENABLE_RTM ) + has_rtm_always_abort = true; /* * If no explicit tsx= option is provided, pick a default. @@ -191,6 +225,7 @@ void tsx_init(void) setup_force_cpu_cap(X86_FEATURE_RTM); } } + done_probe: /* * Note: MSR_TSX_CTRL is enumerated on TSX-enabled MDS_NO and later parts. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:14:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:14:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708305.1107087 (Exim 4.92) (envelope-from ) id 1rxQee-0002Y0-5Q; Thu, 18 Apr 2024 12:14:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708305.1107087; Thu, 18 Apr 2024 12:14:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQee-0002Xs-2n; Thu, 18 Apr 2024 12:14:16 +0000 Received: by outflank-mailman (input) for mailman id 708305; Thu, 18 Apr 2024 12:14:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQec-0002Xg-9k for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQec-0007T6-8z for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQec-0007oH-86 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uyIQT+2EvJXOyi1HbsId3BrF97B/i99BDVEBNT9K1Z4=; b=ILjc2eDwBf9DsUiU1mftb70Rv9 J49VFb2U7kz4oyjqYrbdh9yvC5SotIN+TPutp3yumrDMXkQuDPE7k2FmofAlNbi/XIM/W7ITVc7Wo nIXYiZUp/JKQqGkRZnaYPFcBLsyg3JHDovGK+o3BdF5rfQ7dP34DWBNeJ2/qj6M9Bdwk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/alternatives: fix .init section reference in _apply_alternatives() Message-Id: Date: Thu, 18 Apr 2024 12:14:14 +0000 commit a482be921144493a344d9ec0a904ccb71657506f Author: Roger Pau Monné AuthorDate: Tue Apr 9 14:50:46 2024 +0200 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/alternatives: fix .init section reference in _apply_alternatives() The code in _apply_alternatives() will unconditionally attempt to read __initdata_cf_clobber_{start,end} when called as part of applying alternatives to a livepatch payload when Xen is using IBT. That leads to a page-fault as __initdata_cf_clobber_{start,end} living in .init section will have been unmapped by the time a livepatch gets loaded. Fix by adding a check that limits the clobbering of endbr64 instructions to boot time only. Fixes: 37ed5da851b8 ('x86/altcall: Optimise away endbr64 instruction where possible') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper (cherry picked from commit 4be1fef1e6572c2be0bd378902ffb62a6e73faeb) --- xen/arch/x86/alternative.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/alternative.c b/xen/arch/x86/alternative.c index 21af0e8258..2e7ba6e0b8 100644 --- a/xen/arch/x86/alternative.c +++ b/xen/arch/x86/alternative.c @@ -326,7 +326,7 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, * Clobber endbr64 instructions now that altcall has finished optimising * all indirect branches to direct ones. */ - if ( force && cpu_has_xen_ibt ) + if ( force && cpu_has_xen_ibt && system_state < SYS_STATE_active ) { void *const *val; unsigned int clobbered = 0; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:14:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:14:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708307.1107090 (Exim 4.92) (envelope-from ) id 1rxQeo-0002fL-6m; Thu, 18 Apr 2024 12:14:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708307.1107090; Thu, 18 Apr 2024 12:14:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQeo-0002fD-49; Thu, 18 Apr 2024 12:14:26 +0000 Received: by outflank-mailman (input) for mailman id 708307; Thu, 18 Apr 2024 12:14:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQem-0002ew-Ch for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQem-0007TR-By for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQem-0007p8-BD for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zOIigz+5YhKHEO5CH3ocedZsBuYV1bnhmTrhdDkg1hw=; b=c3kSMHgRj0M0pxPrGmoURHdbqn qJOAZ2ttYPVjvbZ38M4ldPGqVinAjIHi95lFDiZg/95I+oHIgo8Rmf0wlmc7eYJlRgCLHuzzY7MBm 8aO4O1vsSZKURIhP2iODITP0Mgf2FfkYY88JeWzmhFoD+L2/PBxHiGBdHhikLacKIojU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests Message-Id: Date: Thu, 18 Apr 2024 12:14:24 +0000 commit 32cdecf1c380db99cbf6934f051da04c20e74689 Author: Andrew Cooper AuthorDate: Tue Apr 9 15:03:05 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/cpuid: Don't expose {IPRED,RRSBA,BHI}_CTRL to PV guests All of these are prediction-mode (i.e. CPL) based. They don't operate as advertised in PV context. Fixes: 4dd676070684 ("x86/spec-ctrl: Expose IPRED_CTRL to guests") Fixes: 478e4787fa64 ("x86/spec-ctrl: Expose RRSBA_CTRL to guests") Fixes: 583f1d095052 ("x86/spec-ctrl: Expose BHI_CTRL to guests") Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 4b3da946ad7e3452761478ae683da842e7ff20d6) --- xen/include/public/arch-x86/cpufeatureset.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 8b2744788d..74d44fa431 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -300,10 +300,10 @@ XEN_CPUFEATURE(INTEL_PPIN, 12*32+ 0) /* Protected Processor Inventory /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ -XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*A MSR_SPEC_CTRL.IPRED_DIS_* */ -XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*A MSR_SPEC_CTRL.RRSBA_DIS_* */ +XEN_CPUFEATURE(IPRED_CTRL, 13*32+ 1) /*S MSR_SPEC_CTRL.IPRED_DIS_* */ +XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /*S MSR_SPEC_CTRL.RRSBA_DIS_* */ XEN_CPUFEATURE(DDP_CTRL, 13*32+ 3) /* MSR_SPEC_CTRL.DDP_DIS_U */ -XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*A MSR_SPEC_CTRL.BHI_DIS_S */ +XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /*S MSR_SPEC_CTRL.BHI_DIS_S */ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:14:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:14:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708308.1107095 (Exim 4.92) (envelope-from ) id 1rxQey-0002oP-8T; Thu, 18 Apr 2024 12:14:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708308.1107095; Thu, 18 Apr 2024 12:14:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQey-0002oH-5f; Thu, 18 Apr 2024 12:14:36 +0000 Received: by outflank-mailman (input) for mailman id 708308; Thu, 18 Apr 2024 12:14:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQew-0002o1-G8 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQew-0007V3-FR for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQew-0007q3-Ef for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3TfjMy3vP8hsHCNkxjSxd5KwXYtDilijDllx+dkFRwg=; b=PqOBD0WLhOSwkTD6wz3USPSoLJ iOTj+RL+D5xNCpKrDY85N6T1ivclS7pjjwa3V26up0nlQNYUmcpqlvMj5G9rFmFtIv5ImDWReQD8Q yTwqzTyDIdOWAt0UeJy2J8Lg2LWDwbxAb6eea+RtsfgM2Iv022j12wXZrgF+k0slT38s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Rename spec_ctrl_flags to scf Message-Id: Date: Thu, 18 Apr 2024 12:14:34 +0000 commit 57e5cab3decda418f89028de9f5854abd83c3c06 Author: Andrew Cooper AuthorDate: Thu Mar 28 11:57:25 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Rename spec_ctrl_flags to scf XSA-455 was ultimately caused by having fields with too-similar names. Both {xen,last}_spec_ctrl are fields containing an architectural MSR_SPEC_CTRL value. The spec_ctrl_flags field contains Xen-internal flags. To more-obviously distinguish the two, rename spec_ctrl_flags to scf, which is also the prefix of the constants used by the fields. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit c62673c4334b3372ebd4292a7ac8185357e7ea27) --- xen/arch/x86/acpi/power.c | 4 ++-- xen/arch/x86/domain.c | 8 ++++---- xen/arch/x86/hvm/svm/entry.S | 2 +- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/include/asm/current.h | 2 +- xen/arch/x86/include/asm/domain.h | 2 +- xen/arch/x86/include/asm/spec_ctrl.h | 16 ++++++++-------- xen/arch/x86/include/asm/spec_ctrl_asm.h | 22 +++++++++++----------- xen/arch/x86/setup.c | 2 +- xen/arch/x86/spec_ctrl.c | 18 +++++++++--------- xen/arch/x86/x86_64/asm-offsets.c | 2 +- xen/arch/x86/x86_64/compat/entry.S | 4 ++-- xen/arch/x86/x86_64/entry.S | 2 +- 14 files changed, 44 insertions(+), 44 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 81233738b1..f6ab522690 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -246,7 +246,7 @@ static int enter_state(u32 state) ci = get_cpu_info(); /* Avoid NMI/#MC using unsafe MSRs until we've reloaded microcode. */ - ci->spec_ctrl_flags &= ~SCF_IST_MASK; + ci->scf &= ~SCF_IST_MASK; ACPI_FLUSH_CPU_CACHE(); @@ -290,7 +290,7 @@ static int enter_state(u32 state) panic("Missing previously available feature(s)\n"); /* Re-enabled default NMI/#MC use of MSRs now microcode is loaded. */ - ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_IST_MASK); + ci->scf |= (default_scf & SCF_IST_MASK); if ( boot_cpu_has(X86_FEATURE_IBRSB) || boot_cpu_has(X86_FEATURE_IBRS) ) { diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 3712e36df9..13912f907b 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2109,10 +2109,10 @@ void context_switch(struct vcpu *prev, struct vcpu *next) } } - /* Update the top-of-stack block with the new spec_ctrl settings. */ - info->spec_ctrl_flags = - (info->spec_ctrl_flags & ~SCF_DOM_MASK) | - (nextd->arch.spec_ctrl_flags & SCF_DOM_MASK); + /* Update the top-of-stack block with the new speculation settings. */ + info->scf = + (info->scf & ~SCF_DOM_MASK) | + (nextd->arch.scf & SCF_DOM_MASK); } sched_context_switched(prev, next); diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 5f31d71698..56a5865c29 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -101,7 +101,7 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ .macro svm_vmexit_cond_ibpb - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb mov $MSR_PRED_CMD, %ecx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 1bead826ca..744cc5186a 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -111,7 +111,7 @@ UNLIKELY_END(realmode) BUILD_BUG_ON(SCF_verw & ~0xff) movzbl VCPU_vmx_launched(%rbx), %ecx shl $31, %ecx - movzbl CPUINFO_spec_ctrl_flags(%rsp), %eax + movzbl CPUINFO_scf(%rsp), %eax and $SCF_verw, %eax or %eax, %ecx diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 04d32b18fd..4b6ca7c193 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1376,7 +1376,7 @@ static int construct_vmcs(struct vcpu *v) rc = vmx_add_msr(v, MSR_FLUSH_CMD, FLUSH_CMD_L1D, VMX_MSR_GUEST_LOADONLY); - if ( !rc && (d->arch.spec_ctrl_flags & SCF_entry_ibpb) ) + if ( !rc && (d->arch.scf & SCF_entry_ibpb) ) rc = vmx_add_msr(v, MSR_PRED_CMD, PRED_CMD_IBPB, VMX_MSR_HOST); diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index da5e152a10..9cc8d8e3d4 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -57,7 +57,7 @@ struct cpu_info { unsigned int shadow_spec_ctrl; uint8_t xen_spec_ctrl; uint8_t last_spec_ctrl; - uint8_t spec_ctrl_flags; + uint8_t scf; /* SCF_* */ /* * The following field controls copying of the L4 page table of 64-bit diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h index 619e667938..237510fed3 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -324,7 +324,7 @@ struct arch_domain uint32_t pci_cf8; uint8_t cmos_idx; - uint8_t spec_ctrl_flags; /* See SCF_DOM_MASK */ + uint8_t scf; /* See SCF_DOM_MASK */ union { struct pv_domain pv; diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 011ab1db27..ee3119e128 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -9,10 +9,10 @@ #define __X86_SPEC_CTRL_H__ /* - * Encoding of: - * cpuinfo.spec_ctrl_flags - * default_spec_ctrl_flags - * domain.spec_ctrl_flags + * Encoding of Xen's speculation control flags in: + * cpuinfo.scf + * default_scf + * domain.scf * * Live settings are in the top-of-stack block, because they need to be * accessable when XPTI is active. Some settings are fixed from boot, some @@ -82,7 +82,7 @@ extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; extern uint8_t default_xen_spec_ctrl; -extern uint8_t default_spec_ctrl_flags; +extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; @@ -102,7 +102,7 @@ static inline void init_shadow_spec_ctrl_state(void) info->shadow_spec_ctrl = 0; info->xen_spec_ctrl = default_xen_spec_ctrl; - info->spec_ctrl_flags = default_spec_ctrl_flags; + info->scf = default_scf; /* * For least latency, the VERW selector should be a writeable data @@ -126,7 +126,7 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) */ info->shadow_spec_ctrl = val; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); @@ -175,7 +175,7 @@ static always_inline void spec_ctrl_exit_idle(struct cpu_info *info) * Disable shadowing before updating the MSR. There are no SMP issues * here; only local processor ordering concerns. */ - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); alternative_input("", "wrmsr", X86_FEATURE_SC_MSR_IDLE, "a" (val), "c" (MSR_SPEC_CTRL), "d" (0)); diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 3c9aa56301..f593c5d621 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -39,7 +39,7 @@ * shadowing logic. * * Factor 2 is harder. We maintain a shadow_spec_ctrl value, and a use_shadow - * boolean in the per cpu spec_ctrl_flags. The synchronous use is: + * boolean in the per cpu scf. The synchronous use is: * * 1) Store guest value in shadow_spec_ctrl * 2) Set the use_shadow boolean @@ -86,11 +86,11 @@ * interrupting Xen. */ .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) jz .L\@_skip testb $3, UREGS_cs(%rsp) .else - testb $SCF_entry_ibpb, CPUINFO_spec_ctrl_flags(%rsp) + testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) .endif jz .L\@_skip @@ -160,8 +160,8 @@ #define STK_REL(field, top_of_stk) ((field) - (top_of_stk)) .macro SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_error_code), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) + scf=STK_REL(CPUINFO_scf, CPUINFO_error_code), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_error_code) /* * Requires \scf and \sel as %rsp-relative expressions * Clobbers eflags @@ -216,10 +216,10 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else - andb $~SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + andb $~SCF_use_shadow, CPUINFO_scf(%rsp) movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax .endif @@ -238,7 +238,7 @@ mov %eax, CPUINFO_shadow_spec_ctrl(%rsp) /* Set SPEC_CTRL shadowing *before* loading the guest value. */ - orb $SCF_use_shadow, CPUINFO_spec_ctrl_flags(%rsp) + orb $SCF_use_shadow, CPUINFO_scf(%rsp) mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx @@ -316,7 +316,7 @@ * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -341,7 +341,7 @@ testb $3, UREGS_cs(%rsp) setnz %al not %eax - and %al, STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14) + and %al, STACK_CPUINFO_FIELD(scf)(%r14) /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx @@ -375,7 +375,7 @@ UNLIKELY_DISPATCH_LABEL(\@_serialise): * Requires %r12=ist_exit, %r14=stack_end, %rsp=regs * Clobbers %rax, %rbx, %rcx, %rdx */ - movzbl STACK_CPUINFO_FIELD(spec_ctrl_flags)(%r14), %ebx + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx testb $SCF_ist_sc_msr, %bl jz .L\@_skip_sc_msr diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index a3d3f797bb..25017b5d96 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2034,7 +2034,7 @@ void __init noreturn __start_xen(unsigned long mbi_p) if ( bsp_delay_spec_ctrl ) { - info->spec_ctrl_flags &= ~SCF_use_shadow; + info->scf &= ~SCF_use_shadow; barrier(); wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); info->last_spec_ctrl = default_xen_spec_ctrl; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 41c8174507..af13b32672 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -57,7 +57,7 @@ static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; uint8_t __ro_after_init default_xen_spec_ctrl; -uint8_t __ro_after_init default_spec_ctrl_flags; +uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; bool __ro_after_init cpu_has_bug_l1tf; @@ -1105,7 +1105,7 @@ static void __init ibpb_calculations(void) * NMI/#MC, so can't interrupt Xen ahead of having already flushed the * BTB. */ - default_spec_ctrl_flags |= SCF_ist_ibpb; + default_scf |= SCF_ist_ibpb; } if ( opt_ibpb_entry_hvm ) setup_force_cpu_cap(X86_FEATURE_IBPB_ENTRY_HVM); @@ -1606,7 +1606,7 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); - d->arch.spec_ctrl_flags = + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | 0; @@ -1711,7 +1711,7 @@ void __init init_speculation_mitigations(void) { if ( opt_msr_sc_pv ) { - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_PV); } @@ -1722,7 +1722,7 @@ void __init init_speculation_mitigations(void) * Xen's value is not restored atomically. An early NMI hitting * the VMExit path needs to restore Xen's value for safety. */ - default_spec_ctrl_flags |= SCF_ist_sc_msr; + default_scf |= SCF_ist_sc_msr; setup_force_cpu_cap(X86_FEATURE_SC_MSR_HVM); } } @@ -1857,7 +1857,7 @@ void __init init_speculation_mitigations(void) if ( opt_rsb_pv ) { setup_force_cpu_cap(X86_FEATURE_SC_RSB_PV); - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } /* @@ -1880,7 +1880,7 @@ void __init init_speculation_mitigations(void) * possible rogue RSB speculation. */ if ( !cpu_has_svm ) - default_spec_ctrl_flags |= SCF_ist_rsb; + default_scf |= SCF_ist_rsb; } srso_calculations(hw_smt_enabled); @@ -1893,7 +1893,7 @@ void __init init_speculation_mitigations(void) if ( opt_eager_fpu == -1 ) opt_eager_fpu = should_use_eager_fpu(); - /* (Re)init BSP state now that default_spec_ctrl_flags has been calculated. */ + /* (Re)init BSP state now that default_scf has been calculated. */ init_shadow_spec_ctrl_state(); /* @@ -2166,7 +2166,7 @@ void __init init_speculation_mitigations(void) { info->shadow_spec_ctrl = 0; barrier(); - info->spec_ctrl_flags |= SCF_use_shadow; + info->scf |= SCF_use_shadow; barrier(); } diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 85c7d0c989..9aa0970a18 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -154,7 +154,7 @@ void __dummy__(void) OFFSET(CPUINFO_shadow_spec_ctrl, struct cpu_info, shadow_spec_ctrl); OFFSET(CPUINFO_xen_spec_ctrl, struct cpu_info, xen_spec_ctrl); OFFSET(CPUINFO_last_spec_ctrl, struct cpu_info, last_spec_ctrl); - OFFSET(CPUINFO_spec_ctrl_flags, struct cpu_info, spec_ctrl_flags); + OFFSET(CPUINFO_scf, struct cpu_info, scf); OFFSET(CPUINFO_root_pgt_changed, struct cpu_info, root_pgt_changed); OFFSET(CPUINFO_use_pv_cr3, struct cpu_info, use_pv_cr3); DEFINE(CPUINFO_sizeof, sizeof(struct cpu_info)); diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 3bbe3a79a5..375dba9ad3 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -164,8 +164,8 @@ ENTRY(compat_restore_all_guest) /* Account for ev/ec having already been popped off the stack. */ SPEC_CTRL_COND_VERW \ - scf=STK_REL(CPUINFO_spec_ctrl_flags, CPUINFO_rip), \ - sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) + scf=STK_REL(CPUINFO_scf, CPUINFO_rip), \ + sel=STK_REL(CPUINFO_verw_sel, CPUINFO_rip) .Lft0: iretq _ASM_PRE_EXTABLE(.Lft0, handle_exception) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 2c7512130f..4e49ef259a 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -692,7 +692,7 @@ UNLIKELY_END(exit_cr3) /* * When the CPU pushed this exception frame, it zero-extended eflags. * For an IST exit, SPEC_CTRL_EXIT_TO_XEN stashed shadow copies of - * spec_ctrl_flags and ver_sel above eflags, as we can't use any GPRs, + * scf and ver_sel above eflags, as we can't use any GPRs, * and we're at a random place on the stack, not in a CPUFINFO block. * * Account for ev/ec having already been popped off the stack. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:14:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:14:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708309.1107100 (Exim 4.92) (envelope-from ) id 1rxQf8-0002r5-AH; Thu, 18 Apr 2024 12:14:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708309.1107100; Thu, 18 Apr 2024 12:14:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQf8-0002qx-7C; Thu, 18 Apr 2024 12:14:46 +0000 Received: by outflank-mailman (input) for mailman id 708309; Thu, 18 Apr 2024 12:14:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQf6-0002qi-JB for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQf6-0007V7-IP for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQf6-0007qh-Hh for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XRcE7Lwc41LHj5pW8AYLCJhUHk7N44jSEz0ufPMHTK8=; b=gcb+1lhYv4X2ANAVLbbiavIr23 Ui5UYFXSu77ejV4ajuY/U3e/jI000oamzcvfwhAAX/UGVsdj4sIJ0nHMNvVedv0addadKXIGMaEjM V9ITS9SSzMVSIgYP3R6Yta0PFMMh4SCoUHd+3HfyNidbbhFVquUGzEwROZT1sMDYgJpI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Message-Id: Date: Thu, 18 Apr 2024 12:14:44 +0000 commit e382cddcc289af75a51f277a06628c59ac7e2930 Author: Andrew Cooper AuthorDate: Fri Mar 22 11:41:41 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Rework conditional safety for SPEC_CTRL_ENTRY_* Right now, we have a mix of safety strategies in different blocks, making the logic fragile and hard to follow. Start addressing this by having a safety LFENCE at the end of the blocks, which can be patched out if other safety criteria are met. This will allow us to simplify the sub-blocks. For SPEC_CTRL_ENTRY_FROM_IST, simply leave an LFENCE unconditionally at the end; the IST path is not a fast-path by any stretch of the imagination. For SPEC_CTRL_ENTRY_FROM_INTR, the existing description was incorrect. The IRET #GP path is non-fatal but can occur with the guest's choice of MSR_SPEC_CTRL. It is safe to skip the flush/barrier-like protections when interrupting Xen, but we must run DO_SPEC_CTRL_ENTRY irrespective. This will skip RSB stuffing which was previously unconditional even when interrupting Xen. AFAICT, this is a missing cleanup from commit 3fffaf9c13e9 ("x86/entry: Avoid using alternatives in NMI/#MC paths") where we split the IST entry path out of the main INTR entry path. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 94896de1a98c4289fe6fef9e16ef99fc6ef2efc4) --- xen/arch/x86/hvm/vmx/entry.S | 1 + xen/arch/x86/include/asm/cpufeatures.h | 4 +++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 27 +++++++++-------- xen/arch/x86/spec_ctrl.c | 52 ++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 744cc5186a..241ec5ce07 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -43,6 +43,7 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */ diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 7e8221fd85..6422c66b0f 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -52,5 +52,9 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_BUG_CLFLUSH_MFENCE X86_BUG( 2) /* MFENCE needed to serialise CLFLUSH */ #define X86_BUG_IBPB_NO_RET X86_BUG( 3) /* IBPB doesn't flush the RSB/RAS */ +#define X86_SPEC_NO_LFENCE_ENTRY_PV X86_BUG(16) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_PV. */ +#define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ +#define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index f593c5d621..aa8c5e3c33 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -261,25 +261,37 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm /* * Used after an exception or maskable interrupt, hitting Xen or PV context. - * There will either be a guest speculation context, or (barring fatal - * exceptions) a well-formed Xen speculation context. + * There will either be a guest speculation context, or a well-formed Xen + * speculation context, with the exception of one case. IRET #GP handling may + * have a guest choice of MSR_SPEC_CTRL. + * + * Therefore, we can skip the flush/barrier-like protections when hitting Xen, + * but we must still run the mode-based protections. */ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 * Clobbers %rax, %rcx, %rdx */ + testb $3, UREGS_cs(%rsp) + jz .L\@_skip + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV +.L\@_skip: ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm /* @@ -348,18 +360,9 @@ movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr - /* Opencoded UNLIKELY_START() with no condition. */ -UNLIKELY_DISPATCH_LABEL(\@_serialise): - .subsection 1 - /* - * In the case that we might need to set SPEC_CTRL.IBRS for safety, we - * need to ensure that an attacker can't poison the `jz .L\@_skip_wrmsr` - * to speculate around the WRMSR. As a result, we need a dispatch - * serialising instruction in the else clause. - */ .L\@_skip_msr_spec_ctrl: + lfence - UNLIKELY_END(\@_serialise) .endm /* diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index af13b32672..b59f2f5425 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2142,6 +2142,58 @@ void __init init_speculation_mitigations(void) print_details(thunk); + /* + * With the alternative blocks now chosen, see if we need any other + * adjustments for safety. + * + * We compile the LFENCE in, and patch it out if it's not needed. + * + * Notes: + * - SPEC_CTRL_ENTRY_FROM_SVM doesn't need an LFENCE because it has an + * unconditional STGI. + * - SPEC_CTRL_ENTRY_FROM_IST handles its own safety, without the use of + * alternatives. + * - DO_OVERWRITE_RSB has conditional branches in it, but it's an inline + * sequence. It is considered safe for uarch reasons. + */ + { + /* + * SPEC_CTRL_ENTRY_FROM_PV conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we're not using any prior conditional mitigation, + * then it's safe to drop the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); + + /* + * SPEC_CTRL_ENTRY_FROM_INTR conditional safety + * + * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR as the last action. + * + * If we have it, or we have no protections active in the block that + * is skipped when interrupting guest context, then it's safe to drop + * the LFENCE. + */ + if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); + + /* + * SPEC_CTRL_ENTRY_FROM_VMX conditional safety + * + * Currently there are no safety actions with conditional branches, so + * no need for the extra safety LFENCE. + */ + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + } + /* * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard * any firmware settings. For performance reasons, when safe to do so, we -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:14:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:14:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708311.1107104 (Exim 4.92) (envelope-from ) id 1rxQfI-0002wV-Dx; Thu, 18 Apr 2024 12:14:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708311.1107104; Thu, 18 Apr 2024 12:14:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfI-0002wN-As; Thu, 18 Apr 2024 12:14:56 +0000 Received: by outflank-mailman (input) for mailman id 708311; Thu, 18 Apr 2024 12:14:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfG-0002wC-M9 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfG-0007VN-LL for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQfG-0007rL-Ka for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:14:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fguTAppaRsEHPMTl+QiQFsaZIhGc/LSssz+mTlNjeT0=; b=TVc2H6z+g+GdTMaVb7Dq3KQ9vm h58oE1SvA0ThzLqSFqVtgjHxWywbN+WKZwO8NM5CZsAM4Q90y3osV7hZk5PPtBNHz2KHsxcjqHer9 oie5yto/ViPm+bndXzCk0695/dThwRmw3ynhiiibZgNKZNs1F/kBHUyHLgbw9QRwiPWc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Message-Id: Date: Thu, 18 Apr 2024 12:14:54 +0000 commit 9bc337497cd39e68b899f21d600a6fc64bd5e7f8 Author: Andrew Cooper AuthorDate: Fri Mar 22 15:52:06 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/entry: Arrange for %r14 to be STACK_END across SPEC_CTRL_ENTRY_FROM_PV Other SPEC_CTRL_* paths already use %r14 like this, and it will allow for simplifications. All instances of SPEC_CTRL_ENTRY_FROM_PV are followed by a GET_STACK_END() invocation, so this change is only really logic and register shuffling. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 22390697bf1b4cd3024f2d10893dec3c3ec08a9c) --- xen/arch/x86/x86_64/compat/entry.S | 4 +++- xen/arch/x86/x86_64/entry.S | 44 +++++++++++++++++++++----------------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 375dba9ad3..98ea4f5a4a 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -18,6 +18,8 @@ ENTRY(entry_int82) movl $HYPERCALL_VECTOR, EFRAME_entry_vector(%rsp) SAVE_ALL compat=1 /* DPL1 gate, restricted to 32bit PV guests only. */ + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ @@ -25,7 +27,7 @@ ENTRY(entry_int82) CR4_PV32_RESTORE - GET_CURRENT(bx) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov %rsp, %rdi call do_entry_int82 diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 4e49ef259a..405281fa25 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -266,21 +266,22 @@ ENTRY(lstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Llstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Llstar_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx testb $TF_kernel_mode,VCPU_thread_flags(%rbx) jz switch_to_kernel @@ -303,23 +304,24 @@ ENTRY(cstar_enter) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lcstar_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lcstar_cr3_okay: sti CR4_PV32_RESTORE - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx #ifdef CONFIG_PV32 movq VCPU_domain(%rbx), %rcx @@ -344,23 +346,24 @@ GLOBAL(sysenter_eflags_saved) movl $TRAP_syscall, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lsyse_cr3_okay: sti - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl @@ -398,17 +401,18 @@ ENTRY(int80_direct_trap) movl $0x80, EFRAME_entry_vector(%rsp) SAVE_ALL + GET_STACK_END(14) + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(xen_cr3)(%rbx), %rcx + mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lint80_cr3_okay - movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%rbx) + movb $0, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) mov %rcx, %cr3 /* %r12 is still zero at this point. */ - mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%rbx) + mov %r12, STACK_CPUINFO_FIELD(xen_cr3)(%r14) .Lint80_cr3_okay: sti @@ -418,7 +422,7 @@ UNLIKELY_START(ne, msi_check) call check_for_unexpected_msi UNLIKELY_END(msi_check) - movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx mov VCPU_trap_ctxt(%rbx), %rsi mov VCPU_domain(%rbx), %rax -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:15:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:15:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708312.1107107 (Exim 4.92) (envelope-from ) id 1rxQfR-0002zR-F2; Thu, 18 Apr 2024 12:15:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708312.1107107; Thu, 18 Apr 2024 12:15:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfR-0002zK-CQ; Thu, 18 Apr 2024 12:15:05 +0000 Received: by outflank-mailman (input) for mailman id 708312; Thu, 18 Apr 2024 12:15:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfQ-0002zC-P1 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfQ-0007W0-OI for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQfQ-0007s5-Nd for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eDjVbOKFrfzYjP6aI96AbHHq0bvl4UYXQ7C1VI9T+C8=; b=xAR8OSvfgPgS/zOnPcT28xQx8h 19W3Tbb0ViY2KlRnf8AS06o1OVFiywivtEx1jefhQOJpMk/YTFxETVcHtDxWBww1AtkONPdQZYjeP QWwUcoOzo0faUL1f7zkELQOIZOGNZXl8Vt5z3XqZvU6QDIi9tRWKGaGo4ouID0ptYw3A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} Message-Id: Date: Thu, 18 Apr 2024 12:15:04 +0000 commit 5b28a4af1f3b98a9f2e69c868a178cac0afff7ec Author: Andrew Cooper AuthorDate: Fri Mar 22 12:08:02 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec_ctrl: Hold SCF in %ebx across SPEC_CTRL_ENTRY_{PV,INTR} ... as we do in the exit paths too. This will allow simplification to the sub-blocks. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 9607aeb6602b8ed9962404de3f5f90170ffddb66) --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 10 +++++++--- xen/arch/x86/x86_64/compat/entry.S | 2 +- xen/arch/x86/x86_64/entry.S | 12 ++++++------ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index aa8c5e3c33..667ec7ffe0 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -251,9 +251,11 @@ */ .macro SPEC_CTRL_ENTRY_FROM_PV /* - * Requires %rsp=regs/cpuinfo, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rsp=regs/cpuinfo, %r14=stack_end, %rdx=0 + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ X86_FEATURE_IBPB_ENTRY_PV @@ -277,8 +279,10 @@ .macro SPEC_CTRL_ENTRY_FROM_INTR /* * Requires %rsp=regs, %r14=stack_end, %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Clobbers %rax, %rbx, %rcx, %rdx */ + movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + testb $3, UREGS_cs(%rsp) jz .L\@_skip diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index 98ea4f5a4a..3c544e9a14 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -20,7 +20,7 @@ ENTRY(entry_int82) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ sti diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 405281fa25..1d7344117b 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -268,7 +268,7 @@ ENTRY(lstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -306,7 +306,7 @@ ENTRY(cstar_enter) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -348,7 +348,7 @@ GLOBAL(sysenter_eflags_saved) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ @@ -403,7 +403,7 @@ ENTRY(int80_direct_trap) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_PV /* Req: %rsp=regs/cpuinfo, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -713,7 +713,7 @@ ENTRY(common_interrupt) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx @@ -747,7 +747,7 @@ GLOBAL(handle_exception) GET_STACK_END(14) - SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: acd */ + SPEC_CTRL_ENTRY_FROM_INTR /* Req: %rsp=regs, %r14=end, %rdx=0, Clob: abcd */ /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:15:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:15:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708313.1107110 (Exim 4.92) (envelope-from ) id 1rxQfb-00032H-GO; Thu, 18 Apr 2024 12:15:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708313.1107110; Thu, 18 Apr 2024 12:15:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfb-000329-Dy; Thu, 18 Apr 2024 12:15:15 +0000 Received: by outflank-mailman (input) for mailman id 708313; Thu, 18 Apr 2024 12:15:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfa-000323-SB for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfa-0007WQ-RL for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQfa-0007sZ-Qc for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yfIa1++hdPXjniOpqe8bDDgANcUJTzxnc3gJvw0qC6M=; b=vPs2X6F4v+9j5xVx/LLshGM1hu /CJP26INKoHuLdAko01n6xyKc+YR7TMxSWknM2zWd2Q8/m7d1Iivx9KQ1D10ePIO5kZuLd/cF9G4L QypGilEpDqDwBeDGcHnE9oQ7IZhce4ha/x3mhE+zlYjE98OjaO8mURE0FsVPMkT0yD/Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Simplify DO_COND_IBPB Message-Id: Date: Thu, 18 Apr 2024 12:15:14 +0000 commit ccc6603b79749e45cbe638939fbb609342f440dd Author: Andrew Cooper AuthorDate: Fri Mar 22 14:33:17 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Simplify DO_COND_IBPB With the prior refactoring, SPEC_CTRL_ENTRY_{PV,INTR} both load SCF into %ebx, and handle the conditional safety including skipping if interrupting Xen. Therefore, we can drop the maybexen parameter and the conditional safety. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 2378d16a931de0e62c03669169989e9437306abe) --- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index 667ec7ffe0..c80717e421 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -75,33 +75,21 @@ * - SPEC_CTRL_EXIT_TO_{SVM,VMX} */ -.macro DO_SPEC_CTRL_COND_IBPB maybexen:req +.macro DO_COND_IBPB /* - * Requires %rsp=regs (also cpuinfo if !maybexen) - * Requires %r14=stack_end (if maybexen), %rdx=0 - * Clobbers %rax, %rcx, %rdx + * Requires %rbx=SCF, %rdx=0 + * Clobbers %rax, %rcx * - * Conditionally issue IBPB if SCF_entry_ibpb is active. In the maybexen - * case, we can safely look at UREGS_cs to skip taking the hit when - * interrupting Xen. + * Conditionally issue IBPB if SCF_entry_ibpb is active. */ - .if \maybexen - testb $SCF_entry_ibpb, STACK_CPUINFO_FIELD(scf)(%r14) - jz .L\@_skip - testb $3, UREGS_cs(%rsp) - .else - testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) - .endif + testb $SCF_entry_ibpb, %bl jz .L\@_skip mov $MSR_PRED_CMD, %ecx mov $PRED_CMD_IBPB, %eax wrmsr - jmp .L\@_done .L\@_skip: - lfence -.L\@_done: .endm .macro DO_OVERWRITE_RSB tmp=rax xu @@ -256,8 +244,7 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=0), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -286,8 +273,7 @@ testb $3, UREGS_cs(%rsp) jz .L\@_skip - ALTERNATIVE "", __stringify(DO_SPEC_CTRL_COND_IBPB maybexen=1), \ - X86_FEATURE_IBPB_ENTRY_PV + ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV @@ -327,7 +313,7 @@ * Clobbers %rax, %rbx, %rcx, %rdx * * This is logical merge of: - * DO_SPEC_CTRL_COND_IBPB maybexen=0 + * DO_COND_IBPB * DO_OVERWRITE_RSB * DO_SPEC_CTRL_ENTRY maybexen=1 * but with conditionals rather than alternatives. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:15:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:15:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708314.1107115 (Exim 4.92) (envelope-from ) id 1rxQfl-00036G-I2; Thu, 18 Apr 2024 12:15:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708314.1107115; Thu, 18 Apr 2024 12:15:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfl-000369-FT; Thu, 18 Apr 2024 12:15:25 +0000 Received: by outflank-mailman (input) for mailman id 708314; Thu, 18 Apr 2024 12:15:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfk-000362-V4 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfk-0007Wg-UP for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQfk-0007t9-Ti for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BLI5mdZMG4HyHlkMrRJXHBWda1PM0r6VFBGoeDvWw8g=; b=7GwXhRWxPPtuJll4qI+Kx6NefN KSBjTrTLC8EqOSYYrafdpOADK7vg4he+Xpz/rquW6n6JJZuIjgMCona9Cd9BfwGrBhrj2Sine+Acu Xq8lZ7pMbJwd8i3O4MDdC8HPWxgGbZ58SFUaIIXCT5CSLcwzr6owLKiFeol4ayI8/Mpg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* Message-Id: Date: Thu, 18 Apr 2024 12:15:24 +0000 commit a6cefb26866eac4d2f3ebdc54a7d0add4019900d Author: Andrew Cooper AuthorDate: Mon Mar 25 11:09:35 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Detail the safety properties in SPEC_CTRL_ENTRY_* The complexity is getting out of hand. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich (cherry picked from commit 40dea83b75386cb693481cf340024ce093be5c0f) --- xen/arch/x86/hvm/svm/entry.S | 14 ++++++++ xen/arch/x86/hvm/vmx/entry.S | 14 ++++++++ xen/arch/x86/include/asm/spec_ctrl_asm.h | 59 ++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 56a5865c29..9f15d9fb70 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -100,6 +100,11 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_ENTRY_FROM_SVM Req: %rsp=regs/cpuinfo, %rdx=0 Clob: acd */ + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular + * making type-confused RETs safe to use. This is not needed on Zen5 + * and later parts when SRSO_MSR_FIX (BP-SPEC-REDUCE) is in use. + */ .macro svm_vmexit_cond_ibpb testb $SCF_entry_ibpb, CPUINFO_scf(%rsp) jz .L_skip_ibpb @@ -111,8 +116,17 @@ __UNLIKELY_END(nsvm_hap) .endm ALTERNATIVE "", svm_vmexit_cond_ibpb, X86_FEATURE_IBPB_ENTRY_HVM + /* + * RSB (RAS/RAP) stuffing is to prevents RET predictions following guest + * entries. This is not needed on Zen4 and later, when AutoIBRS is in + * use. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting, making indirect CALLs/JMPs + * safe to use. The guest's setting resides in the VMCB. + */ .macro svm_vmexit_spec_ctrl movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax movzbl CPUINFO_last_spec_ctrl(%rsp), %edx diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 241ec5ce07..f52b3f0893 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -34,8 +34,22 @@ ENTRY(vmx_asm_vmexit_handler) mov %rax,VCPU_hvm_guest_cr2(%rbx) /* SPEC_CTRL_ENTRY_FROM_VMX Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ + /* + * RSB stuffing is to prevents RET predictions following guest + * entries. This is *not* sufficient to flush all RSB entries on + * parts enumerating eIBRS, although the following restore_spec_ctrl + * does covers us. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_HVM + /* + * Restore Xen's MSR_SPEC_CTRL setting. The guest's value resides in + * the MSR load/save list. For Legacy IBRS, this flushes/inhibits + * indirect predictions and does not flush the RSB. For eIBRS, this + * prevents CALLs/JMPs using predictions learnt at a lower predictor + * mode, and it flushes the RSB. On eIBRS parts that also suffer from + * PBRSB, the prior RSB stuffing suffices to make the RSB safe. + */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index c80717e421..e380c0579b 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -244,10 +244,32 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. + */ ALTERNATIVE "", DO_COND_IBPB, X86_FEATURE_IBPB_ENTRY_PV + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * This is not needed if SMEP is active and the RSB is full-width. + */ ALTERNATIVE "", DO_OVERWRITE_RSB, X86_FEATURE_SC_RSB_PV + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. The + * guest can't change it's value behind Xen's back. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. + */ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV @@ -270,6 +292,14 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * All safety notes the same as SPEC_CTRL_ENTRY_FROM_PV, although there is + * a conditional jump skipping some actions when interrupting Xen. + * + * On Intel parts, the IRET #GP path ends up here with the guest's choice + * of MSR_SPEC_CTRL. + */ + testb $3, UREGS_cs(%rsp) jz .L\@_skip @@ -320,6 +350,19 @@ */ movzbl STACK_CPUINFO_FIELD(scf)(%r14), %ebx + /* + * For all safety notes, 32bit PV guest kernels run in Ring 1 and are + * therefore supervisor (== Xen) in the architecture. As a result, most + * hardware isolation techniques do not work. + */ + + /* + * IBPB is to mitigate BTC/SRSO on AMD/Hygon parts, in particular making + * type-confused RETs safe to use. This is not needed on Zen5 and later + * parts when SRSO_U/S_NO is enumerated. The SVM path takes care of + * Host/Guest interactions prior to clearing GIF, and it's not used on the + * VMX path. + */ test $SCF_ist_ibpb, %bl jz .L\@_skip_ibpb @@ -329,6 +372,12 @@ .L\@_skip_ibpb: + /* + * RSB stuffing is to prevent RET predictions following guest entries. + * SCF_ist_rsb is active if either PV or HVM protections are needed. The + * VMX path cannot guarantee to make the RSB safe ahead of taking an IST + * vector. + */ test $SCF_ist_rsb, %bl jz .L\@_skip_rsb @@ -336,6 +385,16 @@ .L\@_skip_rsb: + /* + * Only used on Intel parts. Restore Xen's MSR_SPEC_CTRL setting. PV + * guests can't change their value behind Xen's back. HVM guests have + * their value stored in the MSR load/save list. For Legacy IBRS, this + * flushes/inhibits indirect predictions and does not flush the RSB. For + * eIBRS, this prevents CALLs/JMPs using predictions learnt at a lower + * predictor mode, and it flushes the RSB. On eIBRS parts that also + * suffer from PBRSB, the prior RSB stuffing suffices to make the RSB + * safe. + */ test $SCF_ist_sc_msr, %bl jz .L\@_skip_msr_spec_ctrl -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:15:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:15:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708315.1107118 (Exim 4.92) (envelope-from ) id 1rxQfv-0003KW-Jq; Thu, 18 Apr 2024 12:15:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708315.1107118; Thu, 18 Apr 2024 12:15:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfv-0003KP-Gv; Thu, 18 Apr 2024 12:15:35 +0000 Received: by outflank-mailman (input) for mailman id 708315; Thu, 18 Apr 2024 12:15:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfv-0003KF-2H for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQfv-0007Wt-1R for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQfv-0007tg-0h for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yBK8bfw/vAphnZVN0HVgWg7g2ZKdbeJWZUGFtWNYRUE=; b=0VxsAelgvTFVXrvq0l0JT9G9i/ G0+0zCvPNYeNBP8xD/mdiEsVln3TU9AGNeZtY3+8pmG6AvAWQM8P5x/zV0ajItUYwkyk7YxPEejW9 njWBlQI60iBG2TzKc+iIRhphqsn58uMX6qZvevlqVKc9tFh7n5PkxwnSMYk1hGFhcTII=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/vmx: Add support for virtualize SPEC_CTRL Message-Id: Date: Thu, 18 Apr 2024 12:15:35 +0000 commit fb12e8d8f7e2a8694b048057f6398f9bdd85be62 Author: Roger Pau Monne AuthorDate: Thu Feb 15 17:46:53 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/vmx: Add support for virtualize SPEC_CTRL The feature is defined in the tertiary exec control, and is available starting from Sapphire Rapids and Alder Lake CPUs. When enabled, two extra VMCS fields are used: SPEC_CTRL mask and shadow. Bits set in mask are not allowed to be toggled by the guest (either set or clear) and the value in the shadow field is the value the guest expects to be in the SPEC_CTRL register. By using it the hypervisor can force the value of SPEC_CTRL bits behind the guest back without having to trap all accesses to SPEC_CTRL, note that no bits are forced into the guest as part of this patch. It also allows getting rid of SPEC_CTRL in the guest MSR load list, since the value in the shadow field will be loaded by the hardware on vmentry. Signed-off-by: Roger Pau Monné Signed-off-by: Andrew Cooper (cherry picked from commit 97c5b8b657e41a6645de9d40713b881234417b49) --- xen/arch/x86/hvm/vmx/vmcs.c | 12 ++++++++++- xen/arch/x86/hvm/vmx/vmx.c | 37 ++++++++++++++++++++++++++------- xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 5 +++++ xen/arch/x86/include/asm/msr.h | 7 +++++-- 4 files changed, 51 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 4b6ca7c193..317522caf8 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -203,6 +203,7 @@ static void __init vmx_display_features(void) P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); P(cpu_has_vmx_bus_lock_detection, "Bus Lock Detection"); P(cpu_has_vmx_notify_vm_exiting, "Notify VM Exit"); + P(cpu_has_vmx_virt_spec_ctrl, "Virtualize SPEC_CTRL"); #undef P if ( !printed ) @@ -366,7 +367,7 @@ static int vmx_init_vmcs_config(bool bsp) if ( _vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_TERTIARY_CONTROLS ) { - uint64_t opt = 0; + uint64_t opt = TERTIARY_EXEC_VIRT_SPEC_CTRL; _vmx_tertiary_exec_control = adjust_vmx_controls2( "Tertiary Exec Control", 0, opt, @@ -1367,6 +1368,12 @@ static int construct_vmcs(struct vcpu *v) if ( cpu_has_vmx_tsc_scaling ) __vmwrite(TSC_MULTIPLIER, d->arch.hvm.tsc_scaling_ratio); + if ( cpu_has_vmx_virt_spec_ctrl ) + { + __vmwrite(SPEC_CTRL_MASK, 0); + __vmwrite(SPEC_CTRL_SHADOW, 0); + } + /* will update HOST & GUEST_CR3 as reqd */ paging_update_paging_modes(v); @@ -2089,6 +2096,9 @@ void vmcs_dump_vcpu(struct vcpu *v) if ( v->arch.hvm.vmx.secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY ) printk("InterruptStatus = %04x\n", vmr16(GUEST_INTR_STATUS)); + if ( cpu_has_vmx_virt_spec_ctrl ) + printk("SPEC_CTRL mask = 0x%016lx shadow = 0x%016lx\n", + vmr(SPEC_CTRL_MASK), vmr(SPEC_CTRL_SHADOW)); printk("*** Host State ***\n"); printk("RIP = 0x%016lx (%ps) RSP = 0x%016lx\n", diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index b37c7bbcd2..ab7e8e219c 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -818,23 +818,28 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) /* * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored. + * + * If VMX_VIRT_SPEC_CTRL is available, it is activated by default and the + * guest MSR_SPEC_CTRL value lives in the VMCS. Otherwise, it lives in + * the MSR load/save list. */ if ( cp->feat.ibrsb ) { vmx_clear_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); - if ( rc ) - goto out; + if ( !cpu_has_vmx_virt_spec_ctrl ) + { + rc = vmx_add_guest_msr(v, MSR_SPEC_CTRL, 0); + if ( rc ) + goto out; + } } else { vmx_set_msr_intercept(v, MSR_SPEC_CTRL, VMX_MSR_RW); - rc = vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); - if ( rc && rc != -ESRCH ) - goto out; - rc = 0; /* Tolerate -ESRCH */ + if ( !cpu_has_vmx_virt_spec_ctrl ) + vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ @@ -2636,6 +2641,10 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - fetched below. */ + break; + rc = vmx_read_guest_msr(v, reg, &val); if ( rc ) { @@ -2659,6 +2668,11 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, unsigned int reg) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmread(SPEC_CTRL_SHADOW, &val); + break; + case MSR_IA32_BNDCFGS: __vmread(GUEST_BNDCFGS, &val); break; @@ -2685,6 +2699,10 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) switch ( reg ) { case MSR_SPEC_CTRL: + if ( cpu_has_vmx_virt_spec_ctrl ) + /* Guest value in VMCS - set below. */ + break; + rc = vmx_write_guest_msr(v, reg, val); if ( rc ) { @@ -2705,6 +2723,11 @@ static void cf_check vmx_set_reg(struct vcpu *v, unsigned int reg, uint64_t val) vmx_vmcs_enter(v); switch ( reg ) { + case MSR_SPEC_CTRL: + ASSERT(cpu_has_vmx_virt_spec_ctrl); + __vmwrite(SPEC_CTRL_SHADOW, val); + break; + case MSR_IA32_BNDCFGS: __vmwrite(GUEST_BNDCFGS, val); break; diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h index 68e9e3bf79..0878bf616f 100644 --- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h @@ -270,6 +270,9 @@ extern u32 vmx_secondary_exec_control; #define TERTIARY_EXEC_VIRT_SPEC_CTRL BIT(7, UL) extern uint64_t vmx_tertiary_exec_control; +#define cpu_has_vmx_virt_spec_ctrl \ + (vmx_tertiary_exec_control & TERTIARY_EXEC_VIRT_SPEC_CTRL) + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 #define VMX_EPT_WALK_LENGTH_4_SUPPORTED 0x00000040 #define VMX_EPT_MEMORY_TYPE_UC 0x00000100 @@ -436,6 +439,8 @@ enum vmcs_field { XSS_EXIT_BITMAP = 0x0000202c, TSC_MULTIPLIER = 0x00002032, TERTIARY_VM_EXEC_CONTROL = 0x00002034, + SPEC_CTRL_MASK = 0x0000204a, + SPEC_CTRL_SHADOW = 0x0000204c, GUEST_PHYSICAL_ADDRESS = 0x00002400, VMCS_LINK_POINTER = 0x00002800, GUEST_IA32_DEBUGCTL = 0x00002802, diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 1d8ea9f26f..c95330a5a1 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -302,8 +302,11 @@ struct vcpu_msrs * For PV guests, this holds the guest kernel value. It is accessed on * every entry/exit path. * - * For VT-x guests, the guest value is held in the MSR guest load/save - * list. + * For VT-x guests, one of two situations exist: + * + * - If hardware supports virtualized MSR_SPEC_CTRL, it is active by + * default and the guest value lives in the VMCS. + * - Otherwise, the guest value is held in the MSR load/save list. * * For SVM, the guest value lives in the VMCB, and hardware saves/restores * the host value automatically. However, guests run with the OR of the -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:15:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:15:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708316.1107122 (Exim 4.92) (envelope-from ) id 1rxQg5-0003Tg-Ma; Thu, 18 Apr 2024 12:15:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708316.1107122; Thu, 18 Apr 2024 12:15:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQg5-0003TY-K3; Thu, 18 Apr 2024 12:15:45 +0000 Received: by outflank-mailman (input) for mailman id 708316; Thu, 18 Apr 2024 12:15:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQg5-0003TQ-5H for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQg5-0007X6-4Z for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQg5-0007uH-3o for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6S8iyr3fHL2aVJ0Eku36nkkCev6mLRk9WVeBfq9PR64=; b=il9BdfuAJVhNzFo7jdA9GCBKtv UGeoAWytqYET9U4EE1HMn4bgRsouC27VKwXAdPkijF5kT69lOM/k/bTtmmIxT2nCJOmnY+/4BZEAp pHouA0pZAjhFP3E6QIoKwycW/EYgnqavtjVPgM4lEmvVGgkUhOgcX5jdtBNdluVzmZ0k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Message-Id: Date: Thu, 18 Apr 2024 12:15:45 +0000 commit 40a679548008aec65b729bf829f76390a028fe90 Author: Andrew Cooper AuthorDate: Tue Mar 26 22:43:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Widen the {xen,last,default}_spec_ctrl fields Right now, they're all bytes, but MSR_SPEC_CTRL has been steadily gaining new features. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 45dac88e78e8a2d9d8738eef884fe6730faf9e67) --- xen/arch/x86/hvm/svm/entry.S | 10 +++++----- xen/arch/x86/hvm/vmx/entry.S | 2 +- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/include/asm/spec_ctrl.h | 2 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 6 +++--- xen/arch/x86/spec_ctrl.c | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/svm/entry.S b/xen/arch/x86/hvm/svm/entry.S index 9f15d9fb70..5f318629b4 100644 --- a/xen/arch/x86/hvm/svm/entry.S +++ b/xen/arch/x86/hvm/svm/entry.S @@ -61,14 +61,14 @@ __UNLIKELY_END(nsvm_hap) /* SPEC_CTRL_EXIT_TO_SVM Req: b=curr %rsp=regs/cpuinfo, Clob: acd */ .macro svm_vmentry_spec_ctrl mov VCPU_arch_msrs(%rbx), %rax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_last_spec_ctrl(%rsp), %edx mov VCPUMSR_spec_ctrl_raw(%rax), %eax cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: /* No Spectre v1 concerns. Execution will hit VMRUN imminently. */ .endm ALTERNATIVE "", svm_vmentry_spec_ctrl, X86_FEATURE_SC_MSR_HVM @@ -128,14 +128,14 @@ __UNLIKELY_END(nsvm_hap) * safe to use. The guest's setting resides in the VMCB. */ .macro svm_vmexit_spec_ctrl - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax - movzbl CPUINFO_last_spec_ctrl(%rsp), %edx + mov CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_last_spec_ctrl(%rsp), %edx cmp %edx, %eax je 1f /* Skip write if value is correct. */ mov $MSR_SPEC_CTRL, %ecx xor %edx, %edx wrmsr - mov %al, CPUINFO_last_spec_ctrl(%rsp) + mov %eax, CPUINFO_last_spec_ctrl(%rsp) 1: .endm ALTERNATIVE "", svm_vmexit_spec_ctrl, X86_FEATURE_SC_MSR_HVM diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index f52b3f0893..96b3d22080 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -52,7 +52,7 @@ ENTRY(vmx_asm_vmexit_handler) */ .macro restore_spec_ctrl mov $MSR_SPEC_CTRL, %ecx - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax xor %edx, %edx wrmsr .endm diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index 9cc8d8e3d4..ba82b413e2 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -55,8 +55,8 @@ struct cpu_info { /* See asm/spec_ctrl_asm.h for usage. */ unsigned int shadow_spec_ctrl; - uint8_t xen_spec_ctrl; - uint8_t last_spec_ctrl; + unsigned int xen_spec_ctrl; + unsigned int last_spec_ctrl; uint8_t scf; /* SCF_* */ /* diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index ee3119e128..95dd081f30 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -81,7 +81,7 @@ extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; extern bool bsp_delay_spec_ctrl; -extern uint8_t default_xen_spec_ctrl; +extern unsigned int default_xen_spec_ctrl; extern uint8_t default_scf; extern int8_t opt_xpti_hwdom, opt_xpti_domu; diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index e380c0579b..f697d17616 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -205,10 +205,10 @@ setnz %al not %eax and %al, STACK_CPUINFO_FIELD(scf)(%r14) - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax .else andb $~SCF_use_shadow, CPUINFO_scf(%rsp) - movzbl CPUINFO_xen_spec_ctrl(%rsp), %eax + mov CPUINFO_xen_spec_ctrl(%rsp), %eax .endif wrmsr @@ -406,7 +406,7 @@ /* Load Xen's intended value. */ mov $MSR_SPEC_CTRL, %ecx - movzbl STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax + mov STACK_CPUINFO_FIELD(xen_spec_ctrl)(%r14), %eax wrmsr .L\@_skip_msr_spec_ctrl: diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index b59f2f5425..0e53589f0e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -56,7 +56,7 @@ static bool __initdata opt_branch_harden = static bool __initdata opt_lock_harden; bool __initdata bsp_delay_spec_ctrl; -uint8_t __ro_after_init default_xen_spec_ctrl; +unsigned int __ro_after_init default_xen_spec_ctrl; uint8_t __ro_after_init default_scf; paddr_t __ro_after_init l1tf_addr_mask, __ro_after_init l1tf_safe_maddr; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:15:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:15:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708317.1107126 (Exim 4.92) (envelope-from ) id 1rxQgF-0003dZ-Nx; Thu, 18 Apr 2024 12:15:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708317.1107126; Thu, 18 Apr 2024 12:15:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgF-0003dS-LT; Thu, 18 Apr 2024 12:15:55 +0000 Received: by outflank-mailman (input) for mailman id 708317; Thu, 18 Apr 2024 12:15:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgF-0003dK-8Q for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgF-0007XE-7j for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQgF-0007ui-74 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:15:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gHRJQ66foqI13lIcHOX092AHNm8MFtVtDmch7B3MJtc=; b=PFtFKWisSAqzfHpzzAz8MJnO2i 4tMJ12jTzO1GZWgDiNwQlMrtjdok0gqeNAHSn0cwluWRQNcw/5EbiAVDkC9EWDuiYK0isbS9Ngs4B rxu3XrBW4tajXXpp0uo0ykXoi+uy+yVR6QCk7jbARfX+J3ocJ58bnfk4npZ5a1hbbuM4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86: Use indirect calls in reset-stack infrastructure Message-Id: Date: Thu, 18 Apr 2024 12:15:55 +0000 commit 9fd732d18d564001227c98ca8fa5da8eb348ede5 Author: Andrew Cooper AuthorDate: Fri Dec 22 17:44:48 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86: Use indirect calls in reset-stack infrastructure Mixing up JMP and CALL indirect targets leads a very fun form of speculative type confusion. A target which is expecting to be called CALLed needs a return address on the stack, and an indirect JMP doesn't place one there. An indirect JMP which predicts to a target intending to be CALLed can end up with a RET speculatively executing with a value from the JMPers stack frame. There are several ways get indirect JMPs in Xen. * From tailcall optimisations. These are safe because the compiler has arranged the stack to point at the callee's return address. * From jump tables. These are unsafe, but Xen is built with -fno-jump-tables to work around several compiler issues. * From reset_stack_and_jump_ind(), which is particularly unsafe. Because of the additional stack adjustment made, the value picked up off the stack is regs->r15 of the next vCPU to run. In order to mitigate this type confusion, we want to make all indirect targets be CALL targets, and remove the use of indirect JMP except via tailcall optimisation. Luckily due to XSA-348, all C target functions of reset_stack_and_jump_ind() are noreturn. {svm,vmx}_do_resume() exits via reset_stack_and_jump(); a direct JMP with entirely different prediction properties. idle_loop() is an infinite loop which eventually exits via reset_stack_and_jump_ind() from a new schedule. i.e. These paths are all fine having one extra return address on the stack. This leaves continue_pv_domain(), which is expecting to be a JMP target. Alter it to strip the return address off the stack, which is safe because there isn't actually a RET expecting to return to its caller. This allows us change reset_stack_and_jump_ind() to reset_stack_and_call_ind() in order to mitigate the speculative type confusion. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 8e186f98ce0e35d1754ec9299da41ec98873b65c) --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/include/asm/current.h | 4 ++-- xen/arch/x86/x86_64/entry.S | 8 ++++++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 13912f907b..307446273a 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -2125,12 +2125,12 @@ void context_switch(struct vcpu *prev, struct vcpu *next) /* Ensure that the vcpu has an up-to-date time base. */ update_vcpu_system_time(next); - reset_stack_and_jump_ind(nextd->arch.ctxt_switch->tail); + reset_stack_and_call_ind(nextd->arch.ctxt_switch->tail); } void continue_running(struct vcpu *same) { - reset_stack_and_jump_ind(same->domain->arch.ctxt_switch->tail); + reset_stack_and_call_ind(same->domain->arch.ctxt_switch->tail); } int __sync_local_execstate(void) diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/current.h index ba82b413e2..2f723bcf1b 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -196,10 +196,10 @@ unsigned long get_stack_dump_bottom (unsigned long sp); switch_stack_and_jump(fn, "jmp %c", "i") /* The constraint may only specify non-call-clobbered registers. */ -#define reset_stack_and_jump_ind(fn) \ +#define reset_stack_and_call_ind(fn) \ ({ \ (void)((fn) == (void (*)(void))NULL); \ - switch_stack_and_jump(fn, "INDIRECT_JMP %", "b"); \ + switch_stack_and_jump(fn, "INDIRECT_CALL %", "b"); \ }) /* diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 1d7344117b..ad7dd3b23b 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -637,6 +637,14 @@ ENTRY(dom_crash_sync_extable) #ifdef CONFIG_PV ENTRY(continue_pv_domain) ENDBR64 + + /* + * For speculative type confusion reasons, we're CALLed rather than + * JMPed to. Drop the return address. + */ + add $8, %rsp + ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK + call check_wakeup_from_wait ret_from_intr: GET_CURRENT(bx) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:16:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:16:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708318.1107131 (Exim 4.92) (envelope-from ) id 1rxQgQ-0003oK-Pc; Thu, 18 Apr 2024 12:16:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708318.1107131; Thu, 18 Apr 2024 12:16:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgQ-0003oA-N4; Thu, 18 Apr 2024 12:16:06 +0000 Received: by outflank-mailman (input) for mailman id 708318; Thu, 18 Apr 2024 12:16:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgP-0003o3-F4 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgP-0007XX-Ak for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQgP-0007vp-A1 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZiVuCCALfitCxHB+LPr6kNOX7p7fdVBGeEsMjd1YNjs=; b=TLuUSfHwNuDguYAHGSmrBPe42k 4iLTHcs1F0NR2BfPJr2a8uSzLRCb3HklPSHjUy0HJlqiLDGtocaVAYqqsGrVg2dn0hRCOMOn8IwWu /TACclHOKAZd9BVTzZ/xkogzBVeuajvDkXa2bnqQJ/pI1w2bf34WPhOEtocNXzdu0Z24=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86: Drop INDIRECT_JMP Message-Id: Date: Thu, 18 Apr 2024 12:16:05 +0000 commit 62844c4415f50e01ab46fa8bedc127cc098aa77b Author: Andrew Cooper AuthorDate: Fri Dec 22 18:01:37 2023 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86: Drop INDIRECT_JMP Indirect JMPs which are not tailcalls can lead to an unwelcome form of speculative type confusion, and we've removed the uses of INDIRECT_JMP to compensate. Remove the temptation to reintroduce new instances. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit 0b66d7ce3c0290eaad28bdafb35200052d012b14) --- xen/arch/x86/include/asm/asm-defns.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/include/asm/asm-defns.h b/xen/arch/x86/include/asm/asm-defns.h index 9a7073ced5..d55dd3bbc3 100644 --- a/xen/arch/x86/include/asm/asm-defns.h +++ b/xen/arch/x86/include/asm/asm-defns.h @@ -29,10 +29,9 @@ BUG /* Shouldn't return */ .endm -.macro INDIRECT_BRANCH insn:req arg:req +.macro INDIRECT_CALL arg:req /* - * Create an indirect branch. insn is one of call/jmp, arg is a single - * register. + * Create an indirect call. arg is a single register. * * With no compiler support, this degrades into a plain indirect call/jmp. * With compiler support, dispatch to the correct __x86_indirect_thunk_* @@ -42,7 +41,7 @@ $done = 0 .irp reg, ax, cx, dx, bx, bp, si, di, 8, 9, 10, 11, 12, 13, 14, 15 .ifeqs "\arg", "%r\reg" - \insn __x86_indirect_thunk_r\reg + call __x86_indirect_thunk_r\reg $done = 1 .exitm .endif @@ -53,19 +52,10 @@ .endif .else - \insn *\arg + call *\arg .endif .endm -/* Convenience wrappers. */ -.macro INDIRECT_CALL arg:req - INDIRECT_BRANCH call \arg -.endm - -.macro INDIRECT_JMP arg:req - INDIRECT_BRANCH jmp \arg -.endm - #ifdef CONFIG_XEN_IBT # define ENDBR64 endbr64 #else -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:16:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:16:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708319.1107136 (Exim 4.92) (envelope-from ) id 1rxQga-0003sv-Rv; Thu, 18 Apr 2024 12:16:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708319.1107136; Thu, 18 Apr 2024 12:16:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQga-0003sm-Oh; Thu, 18 Apr 2024 12:16:16 +0000 Received: by outflank-mailman (input) for mailman id 708319; Thu, 18 Apr 2024 12:16:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgZ-0003sa-EY for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgZ-0007Y3-Dn for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQgZ-0007wI-D9 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KdCmsdLtRgMcfSAaZZLPBltFlh0ptizXHP6yZ1m+9SQ=; b=4zNYo3CZ+cDN6EG52QHpKj84yV G6NKfbHww4OSzGy6ef7rHPvEwa6tg+2ZmmAFSB/sUs+HgZxUDcnFT5mni4+cv9Bmc8lU+4NAwaYJv E9F0PnokZzcNH4o8XnsxDvQngG6fsXq7qOezTvK3t8sdVx71VwpnRTBWkmg8GjZmrvh0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/tsx: Expose RTM_ALWAYS_ABORT to guests Message-Id: Date: Thu, 18 Apr 2024 12:16:15 +0000 commit 2be76f201814bd91a289d991e47746ca22c80c31 Author: Andrew Cooper AuthorDate: Sat Apr 6 20:36:54 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/tsx: Expose RTM_ALWAYS_ABORT to guests A TSX Abort is one option mitigate Native-BHI, but a guest kernel doesn't get to see this if Xen has turned RTM off using MSR_TSX_{CTRL,FORCE_ABORT}. Therefore, the meaning of RTM_ALWAYS_ABORT has been adjusted to "XBEGIN won't fault", and it should be exposed to guests so they can make a better decision. Expose it in the max policy for any RTM-capable system. Offer it by default only if RTM has been disabled. Update test-tsx to account for this new meaning. While adjusting the logic in test_guest_policies(), take the opportunity to use feature names (now they're available) to make the logic easier to follow. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich (cherry picked from commit c94e2105924347de0d9f32065370e802a20cc829) --- tools/tests/tsx/test-tsx.c | 39 +++++++++++++++++++---------- xen/arch/x86/cpu-policy.c | 20 +++++++++++++++ xen/include/public/arch-x86/cpufeatureset.h | 2 +- 3 files changed, 47 insertions(+), 14 deletions(-) diff --git a/tools/tests/tsx/test-tsx.c b/tools/tests/tsx/test-tsx.c index b7e1972ce8..5af04953f3 100644 --- a/tools/tests/tsx/test-tsx.c +++ b/tools/tests/tsx/test-tsx.c @@ -311,25 +311,25 @@ static void test_guest_policies(const struct cpu_policy *max, dump_tsx_details(max, "Max:"); dump_tsx_details(def, "Def:"); - if ( ((max->feat.raw[0].d | def->feat.raw[0].d) & - (bitmaskof(X86_FEATURE_TSX_FORCE_ABORT) | - bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT) | - bitmaskof(X86_FEATURE_SRBDS_CTRL))) || - ((max->arch_caps.raw | def->arch_caps.raw) & ARCH_CAPS_TSX_CTRL) ) + if ( max->feat.tsx_force_abort || def->feat.tsx_force_abort || + max->feat.srbds_ctrl || def->feat.srbds_ctrl || + max->arch_caps.tsx_ctrl || def->arch_caps.tsx_ctrl ) fail(" Xen-only TSX controls offered to guest\n"); switch ( rtm_behaviour ) { case RTM_UD: - if ( (max->feat.raw[0].b | def->feat.raw[0].b) & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) - fail(" HLE/RTM offered to guests despite not being available\n"); + if ( max->feat.hle || def->feat.hle || + max->feat.rtm || def->feat.rtm || + max->feat.rtm_always_abort || def->feat.rtm_always_abort ) + fail(" HLE/RTM/RTM_AA offered to guests despite not being available\n"); break; case RTM_ABORT: - if ( def->feat.raw[0].b & - (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM)) ) + if ( def->feat.hle || def->feat.rtm ) fail(" HLE/RTM offered to guests by default despite not being usable\n"); + if ( !def->feat.rtm_always_abort ) + fail(" RTM_AA not offered to guests by default despite being available\n"); break; case RTM_OK: @@ -340,6 +340,9 @@ static void test_guest_policies(const struct cpu_policy *max, if ( def->feat.hle ) fail(" Fail: HLE offered in default policy\n"); + + if ( def->feat.rtm && def->feat.rtm_always_abort ) + fail(" Fail: Both RTM and RTM_AA offered in default policy\n"); } static void test_def_max_policies(void) @@ -388,14 +391,13 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.hle || guest_policy.policy.feat.tsx_force_abort || - guest_policy.policy.feat.rtm_always_abort || guest_policy.policy.feat.srbds_ctrl || guest_policy.policy.arch_caps.tsx_ctrl ) fail(" Unexpected features advertised\n"); if ( host.policy.feat.rtm ) { - unsigned int _7b0; + unsigned int _7b0, _7d0; /* * If host RTM is available, all combinations of guest flags should be @@ -403,6 +405,8 @@ static void test_guest(struct xen_domctl_createdomain *c) */ _7b0 = (guest_policy.policy.feat.raw[0].b ^= (bitmaskof(X86_FEATURE_HLE) | bitmaskof(X86_FEATURE_RTM))); + _7d0 = (guest_policy.policy.feat.raw[0].d ^= + bitmaskof(X86_FEATURE_RTM_ALWAYS_ABORT)); /* Set the new policy. */ rc = xc_cpu_policy_set_domain(xch, domid, &guest_policy); @@ -426,10 +430,17 @@ static void test_guest(struct xen_domctl_createdomain *c) if ( guest_policy.policy.feat.raw[0].b != _7b0 ) { - fail(" Expected CPUID.7[1].b 0x%08x differs from actual 0x%08x\n", + fail(" Expected CPUID.7[0].b 0x%08x differs from actual 0x%08x\n", _7b0, guest_policy.policy.feat.raw[0].b); goto out; } + + if ( guest_policy.policy.feat.raw[0].d != _7d0 ) + { + fail(" Expected CPUID.7[0].d 0x%08x differs from actual 0x%08x\n", + _7d0, guest_policy.policy.feat.raw[0].d); + goto out; + } } out: @@ -514,6 +525,8 @@ static void test_tsx(void) i, errno, strerror(errno)); } + dump_tsx_details(&host.policy, "Host:"); + rc = xc_physinfo(xch, &physinfo); if ( rc ) return fail("Failed to obtain physinfo: %d - %s\n", diff --git a/xen/arch/x86/cpu-policy.c b/xen/arch/x86/cpu-policy.c index 85064e4a36..a822800f52 100644 --- a/xen/arch/x86/cpu-policy.c +++ b/xen/arch/x86/cpu-policy.c @@ -475,6 +475,21 @@ static void __init guest_common_max_feature_adjustments(uint32_t *fs) */ __set_bit(X86_FEATURE_HTT, fs); __set_bit(X86_FEATURE_CMP_LEGACY, fs); + + /* + * To mitigate Native-BHI, one option is to use a TSX Abort on capable + * systems. This is safe even if RTM has been disabled for other reasons + * via MSR_TSX_{CTRL,FORCE_ABORT}. However, a guest kernel doesn't get to + * know this type of information. + * + * Therefore the meaning of RTM_ALWAYS_ABORT has been adjusted, to instead + * mean "XBEGIN won't fault". This is enough for a guest kernel to make + * an informed choice WRT mitigating Native-BHI. + * + * If RTM-capable, we can run a VM which has seen RTM_ALWAYS_ABORT. + */ + if ( test_bit(X86_FEATURE_RTM, fs) ) + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); } static void __init guest_common_default_feature_adjustments(uint32_t *fs) @@ -547,9 +562,14 @@ static void __init guest_common_default_feature_adjustments(uint32_t *fs) * function as expected, but is technically compatible with the ISA. * * Do not advertise RTM to guests by default if it won't actually work. + * Instead, advertise RTM_ALWAYS_ABORT indicating that TSX Aborts are safe + * to use, e.g. for mitigating Native-BHI. */ if ( rtm_disabled ) + { __clear_bit(X86_FEATURE_RTM, fs); + __set_bit(X86_FEATURE_RTM_ALWAYS_ABORT, fs); + } } static void __init guest_common_feature_adjustments(uint32_t *fs) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 74d44fa431..2dd8018f24 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -263,7 +263,7 @@ XEN_CPUFEATURE(FSRM, 9*32+ 4) /*A Fast Short REP MOVS */ XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a VP2INTERSECT{D,Q} insns */ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A VERW clears microarchitectural buffers */ -XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! June 2021 TSX defeaturing in microcode. */ +XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! RTM disabled (but XBEGIN wont fault) */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*A SERIALIZE insn */ XEN_CPUFEATURE(HYBRID, 9*32+15) /* Heterogeneous platform */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:16:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:16:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708320.1107138 (Exim 4.92) (envelope-from ) id 1rxQgk-00041y-Sf; Thu, 18 Apr 2024 12:16:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708320.1107138; Thu, 18 Apr 2024 12:16:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgk-00041r-QF; Thu, 18 Apr 2024 12:16:26 +0000 Received: by outflank-mailman (input) for mailman id 708320; Thu, 18 Apr 2024 12:16:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgj-00041V-I9 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgj-0007YE-HA for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQgj-0007x0-GH for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Lghrj3OKJr8iNikA20kO4Zaz9dZJakprcyjVWquR/h8=; b=2I0hdgjDQ9XgaihR0QZgqbo4AM bHQHlLYCpNRKuj4U1phRT0NIEgKb+WhiGHCA20ciNBlVuRo7PLraZOcy1i6oq/XN22o9EFzgohaEJ S5+x7amnZTfP/2afVavywwc7DHJwf8MoP2EfcGwuVK+47gYlXPt2/k+eurvJJSGRU980=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Message-Id: Date: Thu, 18 Apr 2024 12:16:25 +0000 commit 73a4229807c3b237a0b6d2e03d0301d3725b8f1d Author: Andrew Cooper AuthorDate: Tue Mar 26 19:01:37 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Support BHI_DIS_S in order to mitigate BHI Introduce a "bhi-dis-s" boolean to match the other options we have for MSR_SPEC_CTRL values. Also introduce bhi_calculations(). Use BHI_DIS_S whenever possible. Guests which are levelled to be migration compatible with older CPUs can't see BHI_DIS_S, and Xen must fill in the difference to make the guest safe. Use the virt MSR_SPEC_CTRL infrastructure to force BHI_DIS_S behind the guest's back. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 62a1106415c5e8a49b45147ca84d54a58d471343) --- docs/misc/xen-command-line.pandoc | 8 +++++++- xen/arch/x86/hvm/vmx/vmx.c | 17 +++++++++++++++++ xen/arch/x86/include/asm/spec_ctrl.h | 1 + xen/arch/x86/spec_ctrl.c | 24 +++++++++++++++++++++++- 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 3f9f916718..4637dba916 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2373,7 +2373,8 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). > {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, -> unpriv-mmio,gds-mit,div-scrub,lock-harden}= ]` +> unpriv-mmio,gds-mit,div-scrub,lock-harden, +> bhi-dis-s}= ]` Controls for speculative execution sidechannel mitigations. By default, Xen will pick the most appropriate mitigations based on compiled in support, @@ -2454,6 +2455,11 @@ option can be used to force or prevent Xen using the feature itself. By default, Xen will not use PSFD. PSFD is implied by SSBD, and SSBD is off by default. +On hardware supporting BHI_DIS_S (Branch History Injection Disable +Supervisor), the `bhi-dis-s=` option can be used to force or prevent Xen using +the feature itself. By default Xen will use BHI_DIS_S on hardware susceptible +to Branch History Injection. + On hardware supporting IBPB (Indirect Branch Prediction Barrier), the `ibpb=` option can be used to force (the default) or prevent Xen from issuing branch prediction barriers on vcpu context switches. diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index ab7e8e219c..f410e509de 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -48,6 +48,7 @@ #include #include #include +#include #include static bool_t __initdata opt_force_ept; @@ -842,6 +843,22 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) vmx_del_msr(v, MSR_SPEC_CTRL, VMX_MSR_GUEST); } + if ( cpu_has_vmx_virt_spec_ctrl ) + { + /* + * If we're on BHI_DIS_S capable hardware, the short loop sequence is + * not sufficient to mitigate Native-BHI. If the VM can't see it + * (i.e. it's levelled with older hardware), force it behind the + * guests back for safey. + * + * Because there's not a real Host/Guest split of the MSR_SPEC_CTRL + * value, this only works as expected when Xen is using BHI_DIS_S too. + */ + bool force_bhi_dis_s = opt_bhi_dis_s && !cp->feat.bhi_ctrl; + + __vmwrite(SPEC_CTRL_MASK, force_bhi_dis_s ? SPEC_CTRL_BHI_DIS_S : 0); + } + /* MSR_PRED_CMD is safe to pass through if the guest knows about it. */ if ( cp->feat.ibrsb || cp->extd.ibpb ) vmx_clear_msr_intercept(v, MSR_PRED_CMD, VMX_MSR_RW); diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 95dd081f30..b2d2c25842 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -77,6 +77,7 @@ static always_inline void spec_ctrl_new_guest_context(void) extern int8_t opt_ibpb_ctxt_switch; extern bool opt_ssbd; +extern int8_t opt_bhi_dis_s; extern int8_t opt_eager_fpu; extern int8_t opt_l1d_flush; diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 0e53589f0e..6a1eb14cdf 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -47,6 +47,7 @@ static int8_t __initdata opt_ibrs = -1; static int8_t __initdata opt_stibp = -1; bool __ro_after_init opt_ssbd; static int8_t __initdata opt_psfd = -1; +int8_t __ro_after_init opt_bhi_dis_s = -1; int8_t __ro_after_init opt_ibpb_ctxt_switch = -1; int8_t __ro_after_init opt_eager_fpu = -1; @@ -269,6 +270,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ssbd = val; else if ( (val = parse_boolean("psfd", s, ss)) >= 0 ) opt_psfd = val; + else if ( (val = parse_boolean("bhi-dis-s", s, ss)) >= 0 ) + opt_bhi_dis_s = val; /* Misc settings. */ else if ( (val = parse_boolean("ibpb", s, ss)) >= 0 ) @@ -524,7 +527,7 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : @@ -542,6 +545,8 @@ static void __init print_details(enum ind_thunk thunk) (!boot_cpu_has(X86_FEATURE_PSFD) && !boot_cpu_has(X86_FEATURE_INTEL_PSFD)) ? "" : (default_xen_spec_ctrl & SPEC_CTRL_PSFD) ? " PSFD+" : " PSFD-", + !boot_cpu_has(X86_FEATURE_BHI_CTRL) ? "" : + (default_xen_spec_ctrl & SPEC_CTRL_BHI_DIS_S) ? " BHI_DIS_S+" : " BHI_DIS_S-", !(caps & ARCH_CAPS_TSX_CTRL) ? "" : (opt_tsx & 1) ? " TSX+" : " TSX-", !cpu_has_srbds_ctrl ? "" : @@ -1596,6 +1601,21 @@ static void __init gds_calculations(void) } } +/* + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + */ +static void __init bhi_calculations(void) +{ + if ( opt_bhi_dis_s == -1 ) + opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + + if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) + opt_bhi_dis_s = false; + + if ( opt_bhi_dis_s ) + default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; +} + void spec_ctrl_init_domain(struct domain *d) { bool pv = is_pv_domain(d); @@ -2140,6 +2160,8 @@ void __init init_speculation_mitigations(void) gds_calculations(); + bhi_calculations(); + print_details(thunk); /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:16:37 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:16:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708321.1107143 (Exim 4.92) (envelope-from ) id 1rxQgu-00047c-Vm; Thu, 18 Apr 2024 12:16:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708321.1107143; Thu, 18 Apr 2024 12:16:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgu-00047V-T9; Thu, 18 Apr 2024 12:16:36 +0000 Received: by outflank-mailman (input) for mailman id 708321; Thu, 18 Apr 2024 12:16:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgt-00047L-LO for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQgt-0007YP-KY for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQgt-0007xR-Ji for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wJtogPbOdlY1IuGLlexdRpMjN7td81peHkGeKh0qhgY=; b=Fa4+htHv7+HCQi391MOLjRqOFu FQM7xxgll9oZsfw/AjpTf6hkceFAxwEOKrG550S5XK+EuYaRCyDzxAYUxCe53GUv6d99AiXRQnylq tcYRuDt+3XdFw7u3VGxjw8dxCF3upB3Wtc60zvsWye72C/o29TyTtj1kzXgmV5+w2ZjE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Software BHB-clearing sequences Message-Id: Date: Thu, 18 Apr 2024 12:16:35 +0000 commit 72a357f4fa4e26fd7bc7dff0fdf1174caf90624e Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Software BHB-clearing sequences Implement clear_bhb_{tsx,loops}() as per the BHI guidance. The loops variant is set up as the "short" sequence. Introduce SCF_entry_bhb and extend SPEC_CTRL_ENTRY_* with a conditional call to selected clearing routine. Note that due to a limitation in the ALTERNATIVE capability, the TEST/JZ can't be included alongside a CALL in a single alternative block. This is going to require further work to untangle. The BHB sequences (if used) must be after the restoration of Xen's MSR_SPEC_CTRL value, which must be accounted for when judging whether it is safe to skip the safety LFENCEs. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 954c983abceee97bf5f6230b9ae164f2c49a9aa9) --- xen/arch/x86/Makefile | 1 + xen/arch/x86/bhb-thunk.S | 98 ++++++++++++++++++++++++++++++++ xen/arch/x86/hvm/vmx/entry.S | 12 ++++ xen/arch/x86/include/asm/cpufeature.h | 3 + xen/arch/x86/include/asm/cpufeatures.h | 3 + xen/arch/x86/include/asm/spec_ctrl.h | 3 +- xen/arch/x86/include/asm/spec_ctrl_asm.h | 30 ++++++++++ xen/arch/x86/spec_ctrl.c | 39 +++++++------ 8 files changed, 171 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 9f326b9e32..85b3f85608 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -15,6 +15,7 @@ alternative-y := alternative.init.o alternative-$(CONFIG_LIVEPATCH) := obj-bin-y += $(alternative-y) obj-y += apic.o +obj-y += bhb-thunk.o obj-y += bitops.o obj-bin-y += bzimage.init.o obj-bin-y += clear_page.o diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S new file mode 100644 index 0000000000..f52cfb9bc2 --- /dev/null +++ b/xen/arch/x86/bhb-thunk.S @@ -0,0 +1,98 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Branch History Injection clearing sequences. + * + * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html + * + * Copyright (c) 2023, 2024 XenServer. + */ + .file __FILE__ + +#include + + .section .text.entry, "ax", @progbits + +/* + * Clear the Branch History Buffer using a TSX Abort. + * + * Any TSX Abort has a side effect of clearing the BHB, even when TSX is + * disabled for e.g. TAA mitigation reasons. + */ +ENTRY(clear_bhb_tsx) + .byte 0xc7, 0xf8; .long 1f - 0f /* xbegin 1f */ +0: .byte 0xc6, 0xf8, 0 /* xabort $0 */ + int3 +1: + ret + + .size clear_bhb_tsx, . - clear_bhb_tsx + .type clear_bhb_tsx, @function + +/* + * Clear the Branch History Buffer using the software sequence. + * + * Clobbers: %eax, %ecx + * + * This executes a specific number of taken branches, sufficient to displace + * all prior entries in the history tracker, therefore removing prior + * influence on subsequent BTB lookups. + * + * Structurally, it looks like this: + * + * call 1 + * call 2 + * ... 5x jmp loop + * call 2 + * ... 5x jmp loop + * ... 5x call2's deep + * + * ret + * ret + * ret + * ret + * + * The CALL/RETs are necessary to prevent the Loop Stream Detector from + * interfering. The alignment is for performance and not safety. + * + * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire + * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + */ +ENTRY(clear_bhb_loops) + mov $5, %ecx + + call 1f + jmp 5f + int3 + + .align 64 +1: call 2f + ret + int3 + + .align 64 +2: mov $5, %eax + +3: jmp 4f + int3 + +4: sub $1, %eax + jnz 3b + + sub $1, %ecx + jnz 1b + + ret +5: + /* + * The Intel sequence has an LFENCE here. The purpose is to ensure + * that all prior branches have executed, before dispatching a + * subsequent indirect branch. + * + * Xen's SPEC_CTRL_ENTRY_* blocks have safety LFENCEs at the end when + * protections are active, which suffices for this purpose. + */ + + ret + + .size clear_bhb_loops, . - clear_bhb_loops + .type clear_bhb_loops, @function diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S index 96b3d22080..7233e771d8 100644 --- a/xen/arch/x86/hvm/vmx/entry.S +++ b/xen/arch/x86/hvm/vmx/entry.S @@ -57,6 +57,18 @@ ENTRY(vmx_asm_vmexit_handler) wrmsr .endm ALTERNATIVE "", restore_spec_ctrl, X86_FEATURE_SC_MSR_HVM + + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, CPUINFO_scf(%rsp) + jz .L_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_VMX /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 3c57f55de0..7a312c485e 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -228,6 +228,9 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) +#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ + boot_cpu_has(X86_SPEC_BHB_LOOPS)) + enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index 6422c66b0f..bada8912e0 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -56,5 +56,8 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_NO_LFENCE_ENTRY_INTR X86_BUG(17) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_INTR. */ #define X86_SPEC_NO_LFENCE_ENTRY_VMX X86_BUG(18) /* (No) safety LFENCE for SPEC_CTRL_ENTRY_VMX. */ +#define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ +#define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ + /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index b2d2c25842..72347ef2b9 100644 --- a/xen/arch/x86/include/asm/spec_ctrl.h +++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -24,6 +24,7 @@ #define SCF_verw (1 << 3) #define SCF_ist_ibpb (1 << 4) #define SCF_entry_ibpb (1 << 5) +#define SCF_entry_bhb (1 << 6) /* * The IST paths (NMI/#MC) can interrupt any arbitrary context. Some @@ -42,7 +43,7 @@ * Some speculative protections are per-domain. These settings are merged * into the top-of-stack block in the context switch path. */ -#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb) +#define SCF_DOM_MASK (SCF_verw | SCF_entry_ibpb | SCF_entry_bhb) #ifndef __ASSEMBLY__ diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h index f697d17616..989ff67db5 100644 --- a/xen/arch/x86/include/asm/spec_ctrl_asm.h +++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -273,6 +273,17 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=0), \ X86_FEATURE_SC_MSR_PV + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_PV .endm @@ -311,6 +322,13 @@ ALTERNATIVE "", __stringify(DO_SPEC_CTRL_ENTRY maybexen=1), \ X86_FEATURE_SC_MSR_PV + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + ALTERNATIVE "lfence", "", X86_SPEC_NO_LFENCE_ENTRY_INTR .endm @@ -411,6 +429,18 @@ .L\@_skip_msr_spec_ctrl: + /* + * Clear the BHB to mitigate BHI. Used on eIBRS parts, and uses RETs + * itself so must be after we've perfomed all the RET-safety we can. + */ + testb $SCF_entry_bhb, %bl + jz .L\@_skip_bhb + + ALTERNATIVE_2 "", \ + "call clear_bhb_loops", X86_SPEC_BHB_LOOPS, \ + "call clear_bhb_tsx", X86_SPEC_BHB_TSX +.L\@_skip_bhb: + lfence .endm diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 6a1eb14cdf..131127d856 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2182,38 +2182,43 @@ void __init init_speculation_mitigations(void) /* * SPEC_CTRL_ENTRY_FROM_PV conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we're not using any prior conditional mitigation, - * then it's safe to drop the LFENCE. + * Otherwise, DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we do have it, or we're not using any + * prior conditional block, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); /* * SPEC_CTRL_ENTRY_FROM_INTR conditional safety * - * DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an - * unconditional WRMSR as the last action. + * A BHB sequence, if used, is a conditional action and last. If we + * have this, then we must have the LFENCE. * - * If we have it, or we have no protections active in the block that - * is skipped when interrupting guest context, then it's safe to drop - * the LFENCE. + * Otherwise DO_SPEC_CTRL_ENTRY (X86_FEATURE_SC_MSR_PV if used) is an + * unconditional WRMSR. If we have it, or we have no protections + * active in the block that is skipped when interrupting guest + * context, then it's safe to drop the LFENCE. */ - if ( boot_cpu_has(X86_FEATURE_SC_MSR_PV) || - (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && - !boot_cpu_has(X86_FEATURE_SC_RSB_PV)) ) + if ( !cpu_has_bhb_seq && + (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || + (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && + !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_INTR); /* * SPEC_CTRL_ENTRY_FROM_VMX conditional safety * - * Currently there are no safety actions with conditional branches, so - * no need for the extra safety LFENCE. + * A BHB sequence, if used, is the only conditional action, so if we + * don't have it, we don't need the safety LFENCE. */ - setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); + if ( !cpu_has_bhb_seq ) + setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } /* -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:16:47 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:16:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708322.1107148 (Exim 4.92) (envelope-from ) id 1rxQh5-0004Ep-1d; Thu, 18 Apr 2024 12:16:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708322.1107148; Thu, 18 Apr 2024 12:16:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQh4-0004Eh-Uj; Thu, 18 Apr 2024 12:16:46 +0000 Received: by outflank-mailman (input) for mailman id 708322; Thu, 18 Apr 2024 12:16:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQh3-0004BX-OU for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQh3-0007Yc-Nf for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQh3-0007xv-Mu for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eE5iTs6ABw9LEJWxUzpIR1CGqjd3rDOXmbWYvk1NMag=; b=LuMOdwArA6OmdhZpH2iZ9q2h8U ll3ZQInJwiOIpTkyI6aZ7xwrXvu5oYrTPk6guCKX6qWJrAEovWwyjQF/V8mARegcNYNQgpGbD2MjW 50U3Q2HubT+wSIo76rcyTImgIFstEf5yGRhdLD+wv3Do0SWIy5cDd1fsd08numyvFU2k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Wire up the Native-BHI software sequences Message-Id: Date: Thu, 18 Apr 2024 12:16:45 +0000 commit 9be85b14aa7d174bfa5978cbbebf0fb3dc909f13 Author: Andrew Cooper AuthorDate: Thu Jun 8 19:41:44 2023 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Wire up the Native-BHI software sequences In the absence of BHI_DIS_S, mitigating Native-BHI requires the use of a software sequence. Introduce a new bhb-seq= option to select between avaialble sequences and bhb-entry= to control the per-PV/HVM actions like we have for other blocks. Activate the short sequence by default for PV and HVM guests on affected hardware if BHI_DIS_S isn't present. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit 689ad48ce9cf4c38297cd126e7e003a1c13a3b9d) --- docs/misc/xen-command-line.pandoc | 25 +++++-- xen/arch/x86/spec_ctrl.c | 145 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 157 insertions(+), 13 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 4637dba916..e551996e1c 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2370,8 +2370,9 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, -> {msr-sc,rsb,verw,ibpb-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,psfd, +> {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, > bhi-dis-s}= ]` @@ -2396,10 +2397,10 @@ in place for guests to use. Use of a positive boolean value for either of these options is invalid. -The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=` and `ibpb-entry=` options -offer fine grained control over the primitives by Xen. These impact Xen's -ability to protect itself, and/or Xen's ability to virtualise support for -guests to use. +The `pv=`, `hvm=`, `msr-sc=`, `rsb=`, `verw=`, `ibpb-entry=` and `bhb-entry=` +options offer fine grained control over the primitives by Xen. These impact +Xen's ability to protect itself, and/or Xen's ability to virtualise support +for guests to use. * `pv=` and `hvm=` offer control over all suboptions for PV and HVM guests respectively. @@ -2425,6 +2426,12 @@ guests to use. Return Stack Overflow if appropriate microcode has been loaded, but for performance reasons dom0 is unprotected by default. If it is necessary to protect dom0 too, boot with `spec-ctrl=ibpb-entry`. +* `bhb-entry=` offers control over whether BHB-clearing (Branch History + Buffer) sequences are used on entry to Xen. This is used by default on + hardware vulnerable to Branch History Injection, when the BHI_DIS_S control + is not available (see `bhi-dis-s`). The choice of scrubbing sequence can be + selected using the `bhb-seq=` option. If it is necessary to protect dom0 + too, boot with `spec-ctrl=bhb-entry`. If Xen was compiled with `CONFIG_INDIRECT_THUNK` support, `bti-thunk=` can be used to select which of the thunks gets patched into the @@ -2432,6 +2439,12 @@ used to select which of the thunks gets patched into the (generally preferred), with the alternatives being `jmp` (a `jmp *%reg` gadget, minimal overhead), and `lfence` (an `lfence; jmp *%reg` gadget). +On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing +sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` +options in order to mitigate Branch History Injection on affected hardware. +The default sequence is `short`, with `tsx` as an alternative available +capable hardware that can be opted in to. + On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. If Xen is not using IBRS itself, functionality is still set up so IBRS can be diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 131127d856..5ea04b48fa 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -33,6 +33,16 @@ static int8_t __ro_after_init opt_ibpb_entry_pv = -1; static int8_t __ro_after_init opt_ibpb_entry_hvm = -1; static bool __ro_after_init opt_ibpb_entry_dom0; +static int8_t __ro_after_init opt_bhb_entry_pv = -1; +static int8_t __ro_after_init opt_bhb_entry_hvm = -1; +static bool __ro_after_init opt_bhb_entry_dom0; +static enum bhb_thunk { + BHB_DEFAULT, + BHB_NONE, + BHB_TSX, + BHB_SHORT, +} opt_bhb_seq __initdata; + /* Cmdline controls for Xen's speculative settings. */ static enum ind_thunk { THUNK_DEFAULT, /* Decide which thunk to use at boot time. */ @@ -116,8 +126,12 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_ibpb_entry_pv = 0; opt_ibpb_entry_hvm = 0; opt_ibpb_entry_dom0 = false; + opt_bhb_entry_pv = 0; + opt_bhb_entry_hvm = 0; + opt_bhb_entry_dom0 = false; opt_thunk = THUNK_JMP; + opt_bhb_seq = BHB_NONE; opt_ibrs = 0; opt_ibpb_ctxt_switch = false; opt_ssbd = false; @@ -146,6 +160,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_pv = val; opt_verw_pv = val; opt_ibpb_entry_pv = val; + opt_bhb_entry_pv = val; } else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) { @@ -153,6 +168,7 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_rsb_hvm = val; opt_verw_hvm = val; opt_ibpb_entry_hvm = val; + opt_bhb_entry_hvm = val; } else if ( (val = parse_boolean("msr-sc", s, ss)) != -1 ) { @@ -240,6 +256,28 @@ static int __init cf_check parse_spec_ctrl(const char *s) break; } } + else if ( (val = parse_boolean("bhb-entry", s, ss)) != -1 ) + { + switch ( val ) + { + case 0: + case 1: + opt_bhb_entry_pv = opt_bhb_entry_hvm = + opt_bhb_entry_dom0 = val; + break; + + case -2: + s += strlen("bhb-entry="); + if ( (val = parse_boolean("pv", s, ss)) >= 0 ) + opt_bhb_entry_pv = val; + else if ( (val = parse_boolean("hvm", s, ss)) >= 0 ) + opt_bhb_entry_hvm = val; + else + default: + rc = -EINVAL; + break; + } + } /* Xen's speculative sidechannel mitigation settings. */ else if ( !strncmp(s, "bti-thunk=", 10) ) @@ -260,6 +298,19 @@ static int __init cf_check parse_spec_ctrl(const char *s) else rc = -EINVAL; } + else if ( !strncmp(s, "bhb-seq=", 8) ) + { + s += strlen("bhb-seq="); + + if ( !cmdline_strcmp(s, "none") ) + opt_bhb_seq = BHB_NONE; + else if ( !cmdline_strcmp(s, "tsx") ) + opt_bhb_seq = BHB_TSX; + else if ( !cmdline_strcmp(s, "short") ) + opt_bhb_seq = BHB_SHORT; + else + rc = -EINVAL; + } /* Bits in MSR_SPEC_CTRL. */ else if ( (val = parse_boolean("ibrs", s, ss)) >= 0 ) @@ -527,12 +578,16 @@ static void __init print_details(enum ind_thunk thunk) "\n"); /* Settings for Xen's protection, irrespective of guests. */ - printk(" Xen settings: %s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", + printk(" Xen settings: %s%s%s%sSPEC_CTRL: %s%s%s%s%s%s, Other:%s%s%s%s%s%s%s\n", thunk != THUNK_NONE ? "BTI-Thunk: " : "", thunk == THUNK_NONE ? "" : thunk == THUNK_RETPOLINE ? "RETPOLINE, " : thunk == THUNK_LFENCE ? "LFENCE, " : thunk == THUNK_JMP ? "JMP, " : "?, ", + opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", + opt_bhb_seq == BHB_NONE ? "" : + opt_bhb_seq == BHB_TSX ? "TSX, " : + opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -571,11 +626,11 @@ static void __init print_details(enum ind_thunk thunk) * mitigation support for guests. */ #ifdef CONFIG_HVM - printk(" Support for HVM VMs:%s%s%s%s%s%s%s\n", + printk(" Support for HVM VMs:%s%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - amd_virt_spec_ctrl || + cpu_has_bhb_seq || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -583,20 +638,23 @@ static void __init print_details(enum ind_thunk thunk) boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV - printk(" Support for PV VMs:%s%s%s%s%s%s\n", + printk(" Support for PV VMs:%s%s%s%s%s%s%s\n", (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || + cpu_has_bhb_seq || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", - boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : ""); + boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", + cpu_has_bhb_seq ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", @@ -1604,16 +1662,85 @@ static void __init gds_calculations(void) /* * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html */ +static bool __init cpu_has_bug_bhi(void) +{ + /* BHI is only known to affect Intel Family 6 processors at this time. */ + if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL || + boot_cpu_data.x86 != 6 ) + return false; + + if ( boot_cpu_has(X86_FEATURE_BHI_NO) ) + return false; + + if ( cpu_has_hypervisor ) + return true; /* TODO: how to figure out out if we're really eIBRS levelled out? */ + + return cpu_has_eibrs; +} + static void __init bhi_calculations(void) { + bool has_bhi = cpu_has_bug_bhi(); + + /* + * To mitigate BHI, we want to use BHI_DIS_S wherever possible, or the + * short sequence otherwise. Other forms are available on request. + * + * We are repsonsbile for performing default-conversion on opt_bhi_dis_s + * and opt_bhb_seq, irrespective of succeptibility to BHI. + */ + if ( opt_bhi_dis_s == -1 ) - opt_bhi_dis_s = !boot_cpu_has(X86_FEATURE_BHI_NO); + opt_bhi_dis_s = has_bhi; if ( !boot_cpu_has(X86_FEATURE_BHI_CTRL) ) opt_bhi_dis_s = false; if ( opt_bhi_dis_s ) default_xen_spec_ctrl |= SPEC_CTRL_BHI_DIS_S; + + if ( opt_bhb_seq == BHB_DEFAULT ) + { + /* + * If we're using BHI_DIS_S, or we're not succeptable, don't activate + * the thunks. + */ + if ( !has_bhi || opt_bhi_dis_s ) + opt_bhb_seq = BHB_NONE; + else + opt_bhb_seq = BHB_SHORT; + } + + /* + * We can use the TSX even if it's disabled for e.g. TAA reasons. + * However, fall back to the loop sequence if there is no trace of RTM at + * all, as XBEGIN will #UD. + */ + if ( opt_bhb_seq == BHB_TSX && !cpu_has_rtm && !cpu_has_rtm_always_abort && + !cpu_has_tsx_force_abort ) + opt_bhb_seq = BHB_SHORT; + + /* + * Only activate SCF_entry_bhb by for guests if a sequence is in place. + */ + if ( opt_bhb_entry_pv == -1 ) + opt_bhb_entry_pv = has_bhi && opt_bhb_seq != BHB_NONE; + if ( opt_bhb_entry_hvm == -1 ) + opt_bhb_entry_hvm = has_bhi && opt_bhb_seq != BHB_NONE; + + switch ( opt_bhb_seq ) + { + case BHB_SHORT: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); + break; + + case BHB_TSX: + setup_force_cpu_cap(X86_SPEC_BHB_TSX); + break; + + default: + break; + } } void spec_ctrl_init_domain(struct domain *d) @@ -1626,9 +1753,13 @@ void spec_ctrl_init_domain(struct domain *d) bool ibpb = ((pv ? opt_ibpb_entry_pv : opt_ibpb_entry_hvm) && (d->domain_id != 0 || opt_ibpb_entry_dom0)); + bool bhb = ((pv ? opt_bhb_entry_pv : opt_bhb_entry_hvm) && + (d->domain_id != 0 || opt_bhb_entry_dom0)); + d->arch.scf = (verw ? SCF_verw : 0) | (ibpb ? SCF_entry_ibpb : 0) | + (bhb ? SCF_entry_bhb : 0) | 0; } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:16:57 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:16:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708323.1107150 (Exim 4.92) (envelope-from ) id 1rxQhF-0004I9-3l; Thu, 18 Apr 2024 12:16:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708323.1107150; Thu, 18 Apr 2024 12:16:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhF-0004I2-1K; Thu, 18 Apr 2024 12:16:57 +0000 Received: by outflank-mailman (input) for mailman id 708323; Thu, 18 Apr 2024 12:16:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhD-0004Ho-Rg for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhD-0007Yr-Qs for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQhD-0007yM-Q4 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:16:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rEa1fOj1ZNYCoilL3/ar9URe62ysokHMdcoGMRWYBAI=; b=X18nLBmZNmPkg+wDGbjm/h707A YP6kqjtTpyLikxuV4fBQAV5Be9qwPbH9q6mff2ziIq2p7O/D2Px3Ow5DK81FoMDEFiFfGmTKqUek+ 9U2P50jGS68HQ0oH36pmHBtwIY44ncf/1kZmjcOfg8qKXclK5T2VTaPYTkyND3O2YOQ8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec-ctrl: Support the "long" BHB loop sequence Message-Id: Date: Thu, 18 Apr 2024 12:16:55 +0000 commit 40f2c69ad8f255aa93c1fc7c4d82577d32924ab1 Author: Andrew Cooper AuthorDate: Fri Mar 22 19:29:34 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 x86/spec-ctrl: Support the "long" BHB loop sequence Out of an abudnance of caution, implement the long loop too, and allowing for it to be opted in to. This is part of XSA-456 / CVE-2024-2201. Signed-off-by: Andrew Cooper Acked-by: Roger Pau Monné (cherry picked from commit d5887c0decbd90e798b24ed696628645b04632fb) --- docs/misc/xen-command-line.pandoc | 4 ++-- xen/arch/x86/bhb-thunk.S | 8 ++++++-- xen/arch/x86/include/asm/cpufeatures.h | 1 + xen/arch/x86/spec_ctrl.c | 10 +++++++++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index e551996e1c..10a09bbf23 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2371,7 +2371,7 @@ By default SSBD will be mitigated at runtime (i.e `ssbd=runtime`). ### spec-ctrl (x86) > `= List of [ , xen=, {pv,hvm}=, > {msr-sc,rsb,verw,{ibpb,bhb}-entry}=|{pv,hvm}=, -> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx, +> bti-thunk=retpoline|lfence|jmp,bhb-seq=short|tsx|long, > {ibrs,ibpb,ssbd,psfd, > eager-fpu,l1d-flush,branch-harden,srb-lock, > unpriv-mmio,gds-mit,div-scrub,lock-harden, @@ -2443,7 +2443,7 @@ On all hardware, `bhb-seq=` can be used to select which of the BHB-clearing sequences gets used. This interacts with the `bhb-entry=` and `bhi-dis-s=` options in order to mitigate Branch History Injection on affected hardware. The default sequence is `short`, with `tsx` as an alternative available -capable hardware that can be opted in to. +capable hardware, and `long` that can be opted in to. On hardware supporting IBRS (Indirect Branch Restricted Speculation), the `ibrs=` option can be used to force or prevent Xen using the feature itself. diff --git a/xen/arch/x86/bhb-thunk.S b/xen/arch/x86/bhb-thunk.S index f52cfb9bc2..7e866784f7 100644 --- a/xen/arch/x86/bhb-thunk.S +++ b/xen/arch/x86/bhb-thunk.S @@ -56,9 +56,13 @@ ENTRY(clear_bhb_tsx) * * The "short" sequence (5 and 5) is for CPUs prior to Alder Lake / Sapphire * Rapids (i.e. Cores prior to Golden Cove and/or Gracemont). + * + * The "long" sequence (12 and 7) is for Alder Lake / Sapphire Rapids + * (i.e. Golden Cove and/or Gracemont cores). However, such CPUs are expected + * to use BHI_DIS_S in preference. */ ENTRY(clear_bhb_loops) - mov $5, %ecx + ALTERNATIVE "mov $5, %ecx", "mov $12, %ecx", X86_SPEC_BHB_LOOPS_LONG call 1f jmp 5f @@ -70,7 +74,7 @@ ENTRY(clear_bhb_loops) int3 .align 64 -2: mov $5, %eax +2: ALTERNATIVE "mov $5, %eax", "mov $7, %eax", X86_SPEC_BHB_LOOPS_LONG 3: jmp 4f int3 diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h index bada8912e0..ba3df174b7 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -58,6 +58,7 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for #define X86_SPEC_BHB_TSX X86_BUG(19) /* Use clear_bhb_tsx for BHI mitigation. */ #define X86_SPEC_BHB_LOOPS X86_BUG(20) /* Use clear_bhb_loops for BHI mitigation.*/ +#define X86_SPEC_BHB_LOOPS_LONG X86_BUG(21) /* Upgrade clear_bhb_loops to the "long" sequence. */ /* Total number of capability words, inc synth and bug words. */ #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 5ea04b48fa..ba4349a024 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -41,6 +41,7 @@ static enum bhb_thunk { BHB_NONE, BHB_TSX, BHB_SHORT, + BHB_LONG, } opt_bhb_seq __initdata; /* Cmdline controls for Xen's speculative settings. */ @@ -308,6 +309,8 @@ static int __init cf_check parse_spec_ctrl(const char *s) opt_bhb_seq = BHB_TSX; else if ( !cmdline_strcmp(s, "short") ) opt_bhb_seq = BHB_SHORT; + else if ( !cmdline_strcmp(s, "long") ) + opt_bhb_seq = BHB_LONG; else rc = -EINVAL; } @@ -587,7 +590,8 @@ static void __init print_details(enum ind_thunk thunk) opt_bhb_seq != BHB_NONE ? "BHB-Seq: " : "", opt_bhb_seq == BHB_NONE ? "" : opt_bhb_seq == BHB_TSX ? "TSX, " : - opt_bhb_seq == BHB_SHORT ? "SHORT, " : "?, ", + opt_bhb_seq == BHB_SHORT ? "SHORT, " : + opt_bhb_seq == BHB_LONG ? "LONG, " : "?, ", (!boot_cpu_has(X86_FEATURE_IBRSB) && !boot_cpu_has(X86_FEATURE_IBRS)) ? "No" : (default_xen_spec_ctrl & SPEC_CTRL_IBRS) ? "IBRS+" : "IBRS-", @@ -1730,6 +1734,10 @@ static void __init bhi_calculations(void) switch ( opt_bhb_seq ) { + case BHB_LONG: + setup_force_cpu_cap(X86_SPEC_BHB_LOOPS_LONG); + fallthrough; + case BHB_SHORT: setup_force_cpu_cap(X86_SPEC_BHB_LOOPS); break; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:17:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:17:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708324.1107154 (Exim 4.92) (envelope-from ) id 1rxQhP-0004NQ-59; Thu, 18 Apr 2024 12:17:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708324.1107154; Thu, 18 Apr 2024 12:17:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhP-0004NJ-2k; Thu, 18 Apr 2024 12:17:07 +0000 Received: by outflank-mailman (input) for mailman id 708324; Thu, 18 Apr 2024 12:17:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhN-0004NA-UU for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:17:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhN-0007ZF-Tm for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:17:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQhN-00080V-T3 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:17:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7XMeXu2xoEgxiKAAjp/WxLY/rDLNolBZDfFf5PGtGQA=; b=KSryXPOC9tsjXxUW1yC7EYk4Dg d9YX1CGOsYk7MV8SAmu+sYdIWVv4CBbUFrtbVOSmimK1rAa+sg2GmqhAEzrqs/8jaG6HgO1b1gpSA IkPS/Etu7Ftseha8oG+QLSAFif1oR83U18tq6FESnlEg+vee9GiVa5BqG3mOjpOqdH+M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] Update Xen version to 4.18.2 Message-Id: Date: Thu, 18 Apr 2024 12:17:05 +0000 commit b2863e468e8119664be6f741e894eaf8783c4391 Author: Andrew Cooper AuthorDate: Wed Mar 27 18:23:18 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 9 16:45:01 2024 +0100 Update Xen version to 4.18.2 Signed-off-by: Andrew Cooper --- xen/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/Makefile b/xen/Makefile index affeef69da..657f6fa4e3 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -6,7 +6,7 @@ this-makefile := $(call lastword,$(MAKEFILE_LIST)) # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 18 -export XEN_EXTRAVERSION ?= .2-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .2$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:17:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:17:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708325.1107159 (Exim 4.92) (envelope-from ) id 1rxQhZ-0004TS-6q; Thu, 18 Apr 2024 12:17:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708325.1107159; Thu, 18 Apr 2024 12:17:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhZ-0004TK-4B; Thu, 18 Apr 2024 12:17:17 +0000 Received: by outflank-mailman (input) for mailman id 708325; Thu, 18 Apr 2024 12:17:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhY-0004RX-2m for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:17:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhY-0007Zi-28 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:17:16 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQhX-00081D-Vq for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:17:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/DRO9gNukhCtb9hTactVsIAPppxKXJFve4CNZsr8NRg=; b=HO4xN/34qBHxBbgz0cuntFePZu AheD5cJwUVE3O5pgnRnsQfIifDDLjVy9B2a4sogTE3gFzvlJkY5IwH8Vb5I6nj8ArcU3Xt+yksc0s VbXA1rKS5K6EdWKIqFAdgywH9jYWf0v30UKND7CUnfa2FDmTRy9/aAzb42idzDqakyv8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] Update CHANGELOG.md with 4.18.2 line Message-Id: Date: Thu, 18 Apr 2024 12:17:15 +0000 commit d152a0424677d8b78e00ed1270a583c5dafff16f Author: George Dunlap AuthorDate: Tue Apr 9 16:43:04 2024 +0100 Commit: George Dunlap CommitDate: Tue Apr 9 16:43:04 2024 +0100 Update CHANGELOG.md with 4.18.2 line Signed-off-by: George Dunlap --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5aa01dae5d..fa54d59df1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ Notable changes to Xen will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) +## [4.18.2](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.18.2) + ## [4.18.1](https://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.18.1) ### Added -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 12:17:27 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 12:17:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708326.1107162 (Exim 4.92) (envelope-from ) id 1rxQhj-0004XO-8G; Thu, 18 Apr 2024 12:17:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708326.1107162; Thu, 18 Apr 2024 12:17:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhj-0004XG-5h; Thu, 18 Apr 2024 12:17:27 +0000 Received: by outflank-mailman (input) for mailman id 708326; Thu, 18 Apr 2024 12:17:26 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhi-0004Wz-6D for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:17:26 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxQhi-0007aB-5P for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:17:26 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxQhi-00081h-4L for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 12:17:26 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6GPzfXzuAdqaDaDapEoB2PsvInqlPxjvKdHrsVNLDE8=; b=u37+vtCTw+N/JrdlCr9oFgc94i I8/KVt0cXeIBmKge4+PX8oVaPHTNklGNZS/LqvULus9d+uE97x4nm46V/NLCzFbQXNE4OluTinUvB bpG1rL3BMVN+9O8Yl2DBpBmS6KnKxUJnj2sJ1N8Xgv2iJEQ7oq6Wg0hIZEZdtkr1hjV0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/entry: Fix build with older toolchains Message-Id: Date: Thu, 18 Apr 2024 12:17:26 +0000 commit 2d38302c33b117aa9a417056db241aefc840c2f0 Author: Andrew Cooper AuthorDate: Tue Apr 9 21:39:51 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 11 16:36:11 2024 +0100 x86/entry: Fix build with older toolchains Binutils older than 2.29 doesn't know INCSSPD. Fixes: 8e186f98ce0e ("x86: Use indirect calls in reset-stack infrastructure") Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini (cherry picked from commit a9fa82500818a8d8ce5f2843f1577bd2c29d088e) --- xen/arch/x86/x86_64/entry.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index ad7dd3b23b..054fcb225f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -643,7 +643,9 @@ ENTRY(continue_pv_domain) * JMPed to. Drop the return address. */ add $8, %rsp +#ifdef CONFIG_XEN_SHSTK ALTERNATIVE "", "mov $2, %eax; incsspd %eax", X86_FEATURE_XEN_SHSTK +#endif call check_wakeup_from_wait ret_from_intr: -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 20:00:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 20:00:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708574.1107580 (Exim 4.92) (envelope-from ) id 1rxXvR-0003DQ-AF; Thu, 18 Apr 2024 20:00:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708574.1107580; Thu, 18 Apr 2024 20:00:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXvR-0003D4-7T; Thu, 18 Apr 2024 20:00:05 +0000 Received: by outflank-mailman (input) for mailman id 708574; Thu, 18 Apr 2024 20:00:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXvQ-0002zQ-FT for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXvQ-00005e-3q for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxXvQ-0005jT-21 for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qd/h6HfakFQYTbAXXjtnBvRc0DF94sP+sa49ee/MrqI=; b=aBLl2prvELlPzqrOrRtL3+l1FL Lk1oGU0ebttfHIb1FqjtlwfzMwtl/CyP5vaUCxaVyIQDDm0+51URBHabgmcZp2apN2m+20C9ILpHK QkAx5T+DoLkpCJr/Wq7pl5C0mtx6hxc8J69TDqoZOafWnBMNs3RSTq9WnephCKEU83tU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs/misra: mark the gzip folder as adopted code Message-Id: Date: Thu, 18 Apr 2024 20:00:04 +0000 commit 02fbb2d591e794d3da430a207af0449d0c8c9228 Author: Federico Serafini AuthorDate: Mon Apr 15 11:56:30 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 docs/misra: mark the gzip folder as adopted code Mark the whole gzip folder as adopted code and remove the redundant deviation of file inflate. Signed-off-by: Federico Serafini Acked-by: Andrew Cooper --- automation/eclair_analysis/ECLAIR/deviations.ecl | 5 ----- docs/misra/exclude-list.json | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 0230b41c6d..4287805819 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -148,11 +148,6 @@ const-qualified." # Series 8. # --doc_begin="The following file is imported from Linux: ignore for now." --file_tag+={adopted_r8_2,"^xen/common/inflate\\.c$"} --config=MC3R1.R8.2,reports+={deliberate,"any_area(any_loc(file(adopted_r8_2)))"} --doc_end - -doc_begin="The type ret_t is deliberately used and defined as int or long depending on the architecture." -config=MC3R1.R8.3,reports+={deliberate,"any_area(any_loc(text(^.*ret_t.*$)))"} -doc_end diff --git a/docs/misra/exclude-list.json b/docs/misra/exclude-list.json index 0956364158..cd69765427 100644 --- a/docs/misra/exclude-list.json +++ b/docs/misra/exclude-list.json @@ -118,7 +118,7 @@ "comment": "Imported from Linux, ignore for now" }, { - "rel_path": "common/gzip/inflate.c", + "rel_path": "common/gzip/*", "comment": "Imported from Linux, ignore for now" }, { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 20:00:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 20:00:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708575.1107583 (Exim 4.92) (envelope-from ) id 1rxXvb-0003RV-BI; Thu, 18 Apr 2024 20:00:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708575.1107583; Thu, 18 Apr 2024 20:00:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXvb-0003RO-8v; Thu, 18 Apr 2024 20:00:15 +0000 Received: by outflank-mailman (input) for mailman id 708575; Thu, 18 Apr 2024 20:00:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXva-0003RE-IR for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXva-000062-7I for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxXva-0005kz-5t for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JY5TDCxEbbjSGBSTi1UijNm+W9SY0gcySfC/Ggt7qXM=; b=S7v+1LkJJc1eUcxehPrxW127uv KcwcuY3lvOEyivQhxto9DLFM1svHm7tvb6hR6JqZf3GyBQOBVXtbI8NVJpE8fOn0QBsLIJPYZ2Tfk zfkAGpFzrxw8WIzEAneJA757ZYBsp/MpyX9v+tzU1hbCny2+oZBsq5FAWH7UXRHu96Qk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/efi: Rewrite DOS/PE magic checking without memcmp() Message-Id: Date: Thu, 18 Apr 2024 20:00:14 +0000 commit 4cd66fb56dc6972178f6543217b66bc122fbbd5a Author: Andrew Cooper AuthorDate: Tue Apr 16 16:21:34 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 xen/efi: Rewrite DOS/PE magic checking without memcmp() Misra Rule 21.16 doesn't like the use of memcmp() against character arrays (a string literal in this case). This is a rare piece of logic where we're looking for a magic marker that just happens to make sense when expressed as ASCII. Rewrite using plain compares. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini Acked-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/common/efi/pe.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/xen/common/efi/pe.c b/xen/common/efi/pe.c index a84992df9a..ef8a2543e0 100644 --- a/xen/common/efi/pe.c +++ b/xen/common/efi/pe.c @@ -111,7 +111,8 @@ const void *__init pe_find_section(const void *image, const UINTN image_size, UINTN offset, i; if ( image_size < sizeof(*dos) || - memcmp(dos->Magic, "MZ", 2) != 0 ) + dos->Magic[0] != 'M' || + dos->Magic[1] != 'Z' ) return NULL; offset = dos->ExeHeader; @@ -119,7 +120,10 @@ const void *__init pe_find_section(const void *image, const UINTN image_size, offset += sizeof(*pe); if ( image_size < offset || - memcmp(pe->Magic, "PE\0\0", 4) != 0 ) + pe->Magic[0] != 'P' || + pe->Magic[1] != 'E' || + pe->Magic[2] != '\0' || + pe->Magic[3] != '\0' ) return NULL; if ( pe->FileHeader.Machine != PE_HEADER_MACHINE ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 20:00:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 20:00:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708576.1107588 (Exim 4.92) (envelope-from ) id 1rxXvl-0003U6-Cu; Thu, 18 Apr 2024 20:00:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708576.1107588; Thu, 18 Apr 2024 20:00:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXvl-0003Ty-AL; Thu, 18 Apr 2024 20:00:25 +0000 Received: by outflank-mailman (input) for mailman id 708576; Thu, 18 Apr 2024 20:00:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXvk-0003Tq-BZ for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXvk-00006H-AN for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxXvk-0005mZ-9S for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WKeZ3Y23rSFSokkLjSa8AAuzog7EYSnFhHEoVS7IscU=; b=ElmV3ML/KBwIVtIV0kBMds9xL6 GXIleNl3nehk7PHF+1ztkGE4VS5c6t/Lv6lXySmERrNtizX2Il/U8rYjSNb/qpWSi8iwC2kj9CZJs xRfVsZpi9s99VUOpPAL5Evb+bLRrmb/oEXO7slknBk6DM0MLvm6IWmMgo0C7k94lx74A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/emul: Simplify segment override prefix decoding Message-Id: Date: Thu, 18 Apr 2024 20:00:24 +0000 commit 489a46c1775fdc0474261418dffef0e048848c82 Author: Andrew Cooper AuthorDate: Thu Dec 28 18:41:30 2023 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 x86/emul: Simplify segment override prefix decoding x86_seg_* uses architectural encodings. Therefore, we can fold the prefix handling cases together and derive the segment from the prefix byte itself. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/x86_emulate/decode.c | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/x86_emulate/decode.c b/xen/arch/x86/x86_emulate/decode.c index de836068fd..ee4cbdc000 100644 --- a/xen/arch/x86/x86_emulate/decode.c +++ b/xen/arch/x86/x86_emulate/decode.c @@ -1043,17 +1043,12 @@ int x86emul_decode(struct x86_emulate_state *s, case 0x67: /* address-size override */ ad_bytes = def_ad_bytes ^ (mode_64bit() ? 12 : 6); break; - case 0x2e: /* CS override / ignored in 64-bit mode */ + case 0x26: /* ES override */ + case 0x2e: /* CS override */ + case 0x36: /* SS override */ + case 0x3e: /* DS override, all ignored in 64-bit mode */ if ( !mode_64bit() ) - override_seg = x86_seg_cs; - break; - case 0x3e: /* DS override / ignored in 64-bit mode */ - if ( !mode_64bit() ) - override_seg = x86_seg_ds; - break; - case 0x26: /* ES override / ignored in 64-bit mode */ - if ( !mode_64bit() ) - override_seg = x86_seg_es; + override_seg = (b >> 3) & 3; break; case 0x64: /* FS override */ override_seg = x86_seg_fs; @@ -1061,10 +1056,6 @@ int x86emul_decode(struct x86_emulate_state *s, case 0x65: /* GS override */ override_seg = x86_seg_gs; break; - case 0x36: /* SS override / ignored in 64-bit mode */ - if ( !mode_64bit() ) - override_seg = x86_seg_ss; - break; case 0xf0: /* LOCK */ s->lock_prefix = true; break; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 20:00:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 20:00:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708577.1107593 (Exim 4.92) (envelope-from ) id 1rxXvv-0003Wg-Fh; Thu, 18 Apr 2024 20:00:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708577.1107593; Thu, 18 Apr 2024 20:00:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXvv-0003WY-Br; Thu, 18 Apr 2024 20:00:35 +0000 Received: by outflank-mailman (input) for mailman id 708577; Thu, 18 Apr 2024 20:00:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXvu-0003WK-Fb for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXvu-00006Q-El for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxXvu-0005n5-Cb for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6nGaccj5yPEZGx8ix4yXZvVvgJhFhMHGX5eLkOKWf8s=; b=N55D9g68kg8irUA8rd2wtENzWi rwoY48Dl2OMn9sV6PdS7kVl7uskdzBCI8MLNaf69N4GgmquFtzLdjthC1G+WTtf94kiFVXGbP97Vr LUKW5Cg4LbPb+MX0E5q6x2KdMEVgXrMtedMKhqMNnAUe8a1EnqFYZZ8agOImEuWydGBs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/gzip: Drop unused define checks Message-Id: Date: Thu, 18 Apr 2024 20:00:34 +0000 commit 492fe0778b2f1d41d040ff9569f8f36f9dca7dae Author: Daniel P. Smith AuthorDate: Wed Apr 17 10:37:11 2024 -0400 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 xen/gzip: Drop unused define checks Drop various macros and checks which are never used. Signed-off-by: Daniel P. Smith Reviewed-by: Andrew Cooper --- xen/common/gzip/gunzip.c | 2 -- xen/common/gzip/inflate.c | 36 +++++++++--------------------------- 2 files changed, 9 insertions(+), 29 deletions(-) diff --git a/xen/common/gzip/gunzip.c b/xen/common/gzip/gunzip.c index 2c6eae167d..fdccaa9159 100644 --- a/xen/common/gzip/gunzip.c +++ b/xen/common/gzip/gunzip.c @@ -22,8 +22,6 @@ static unsigned int __initdata inptr; /* Bytes in output buffer: */ static unsigned int __initdata outcnt; -#define OF(args) args - #define memzero(s, n) memset((s), 0, (n)) typedef unsigned char uch; diff --git a/xen/common/gzip/inflate.c b/xen/common/gzip/inflate.c index 58f263d9e8..fc9b466e0c 100644 --- a/xen/common/gzip/inflate.c +++ b/xen/common/gzip/inflate.c @@ -138,15 +138,15 @@ struct huft { /* Function prototypes */ -static int huft_build OF((unsigned *, unsigned, unsigned, - const ush *, const ush *, struct huft **, int *)); -static int huft_free OF((struct huft *)); -static int inflate_codes OF((struct huft *, struct huft *, int, int)); -static int inflate_stored OF((void)); -static int inflate_fixed OF((void)); -static int inflate_dynamic OF((void)); -static int inflate_block OF((int *)); -static int inflate OF((void)); +static int huft_build(unsigned *, unsigned, unsigned, + const ush *, const ush *, struct huft **, int *); +static int huft_free(struct huft *); +static int inflate_codes(struct huft *, struct huft *, int, int); +static int inflate_stored(void); +static int inflate_fixed(void); +static int inflate_dynamic(void); +static int inflate_block(int *); +static int inflate(void); /* The inflate algorithm uses a sliding 32 K byte window on the uncompressed @@ -661,7 +661,6 @@ static int __init inflate_codes( /* do the copy */ do { n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e); -#if !defined(NOMEMCPY) && !defined(DEBUG) if (w - d >= e) /* (this test assumes unsigned comparison) */ { memcpy(slide + w, slide + d, e); @@ -669,7 +668,6 @@ static int __init inflate_codes( d += e; } else /* do it slow to avoid memcpy() overlap */ -#endif /* !NOMEMCPY */ do { slide[w++] = slide[d++]; Tracevv((stderr, "%c", slide[w-1])); @@ -845,11 +843,7 @@ static int noinline __init inflate_dynamic(void) DEBG(" 288 || nd > 32) -#else if (nl > 286 || nd > 30) -#endif { ret = 1; /* bad lengths */ goto out; @@ -989,16 +979,11 @@ static int noinline __init inflate_dynamic(void) DEBG("dyn5d "); if (i == 1) { error("incomplete distance tree"); -#ifdef PKZIP_BUG_WORKAROUND - i = 0; - } -#else huft_free(td); } huft_free(tl); ret = i; /* incomplete code set */ goto out; -#endif } DEBG("dyn6 "); @@ -1096,9 +1081,6 @@ static int __init inflate(void) h = 0; do { hufts = 0; -#ifdef ARCH_HAS_DECOMP_WDOG - arch_decomp_wdog(); -#endif r = inflate_block(&e); if (r) return r; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 20:00:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 20:00:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708578.1107596 (Exim 4.92) (envelope-from ) id 1rxXw5-0003aA-HI; Thu, 18 Apr 2024 20:00:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708578.1107596; Thu, 18 Apr 2024 20:00:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXw5-0003a2-El; Thu, 18 Apr 2024 20:00:45 +0000 Received: by outflank-mailman (input) for mailman id 708578; Thu, 18 Apr 2024 20:00:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXw4-0003Zm-If for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXw4-00006X-Hw for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxXw4-0005nz-Gx for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Ld2AjkgecGBBtdL8clDBMz+tGK9LkmuYU9s+dX000E8=; b=hkKu2Nzl10Bq0YgFhKKSNQnxcQ GEWAhP92rtcOSd93myiQgzlh0Iyy1pccUebG5tpT9BvnlTX9FRgcIKFzl0ujcgSpH9j/CwHYOvFwR URETUgXWNgsin+vi7Y3+u/0GojSQ1JmZ/QLqyChn5EjV9IqBO9jGpMtycFOzYOFtB7jI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/gzip: Remove custom memory allocator Message-Id: Date: Thu, 18 Apr 2024 20:00:44 +0000 commit 052cf1dcdfb8563840d4a61843327687e7e64d73 Author: Daniel P. Smith AuthorDate: Wed Apr 17 10:37:13 2024 -0400 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 xen/gzip: Remove custom memory allocator All the other decompression routines use xmalloc_bytes(), thus there is no reason for gzip to be handling its own allocation of memory. In fact, there is a bug somewhere in the allocator as decompression started to break when adding additional allocations. Instead of troubleshooting the allocator, replace it with xmalloc_bytes(). Signed-off-by: Daniel P. Smith Reviewed-by: Andrew Cooper --- xen/common/gzip/gunzip.c | 17 ++--------------- xen/common/gzip/inflate.c | 46 ---------------------------------------------- 2 files changed, 2 insertions(+), 61 deletions(-) diff --git a/xen/common/gzip/gunzip.c b/xen/common/gzip/gunzip.c index fdccaa9159..53cee9ee17 100644 --- a/xen/common/gzip/gunzip.c +++ b/xen/common/gzip/gunzip.c @@ -4,12 +4,7 @@ #include #include -#define HEAPORDER 3 - static unsigned char *__initdata window; -#define memptr long -static memptr __initdata free_mem_ptr; -static memptr __initdata free_mem_end_ptr; #define WSIZE 0x80000000U @@ -22,6 +17,8 @@ static unsigned int __initdata inptr; /* Bytes in output buffer: */ static unsigned int __initdata outcnt; +#define malloc(a) xmalloc_bytes(a) +#define free(a) xfree(a) #define memzero(s, n) memset((s), 0, (n)) typedef unsigned char uch; @@ -107,14 +104,6 @@ __init int perform_gunzip(char *output, char *image, unsigned long image_len) return 1; window = (unsigned char *)output; - - free_mem_ptr = (unsigned long)alloc_xenheap_pages(HEAPORDER, 0); - if ( !free_mem_ptr ) - return -ENOMEM; - - free_mem_end_ptr = free_mem_ptr + (PAGE_SIZE << HEAPORDER); - init_allocator(); - inbuf = (unsigned char *)image; insize = image_len; inptr = 0; @@ -131,7 +120,5 @@ __init int perform_gunzip(char *output, char *image, unsigned long image_len) rc = 0; } - free_xenheap_pages((void *)free_mem_ptr, HEAPORDER); - return rc; } diff --git a/xen/common/gzip/inflate.c b/xen/common/gzip/inflate.c index fc9b466e0c..f2f953e80e 100644 --- a/xen/common/gzip/inflate.c +++ b/xen/common/gzip/inflate.c @@ -225,52 +225,6 @@ static const ush mask_bits[] = { #define NEEDBITS(n) {while(k<(n)){b|=((ulg)NEXTBYTE())<>=(n);k-=(n);} -#ifndef NO_INFLATE_MALLOC -/* A trivial malloc implementation, adapted from - * malloc by Hannu Savolainen 1993 and Matthias Urlichs 1994 - */ - -static unsigned long __initdata malloc_ptr; -static int __initdata malloc_count; - -static void __init init_allocator(void) -{ - malloc_ptr = free_mem_ptr; - malloc_count = 0; -} - -static void *__init malloc(int size) -{ - void *p; - - if (size < 0) - error("Malloc error"); - if (!malloc_ptr) - malloc_ptr = free_mem_ptr; - - malloc_ptr = (malloc_ptr + 3) & ~3; /* Align */ - - p = (void *)malloc_ptr; - malloc_ptr += size; - - if (free_mem_end_ptr && malloc_ptr >= free_mem_end_ptr) - error("Out of memory"); - - malloc_count++; - return p; -} - -static void __init free(void *where) -{ - malloc_count--; - if (!malloc_count) - malloc_ptr = free_mem_ptr; -} -#else -#define malloc(a) kmalloc(a, GFP_KERNEL) -#define free(a) kfree(a) -#endif - /* Huffman code decoding is performed using a multi-level table lookup. The fastest way to decode is to simply build a lookup table whose -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 18 20:00:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 18 Apr 2024 20:00:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708579.1107599 (Exim 4.92) (envelope-from ) id 1rxXwF-0003d4-Iu; Thu, 18 Apr 2024 20:00:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708579.1107599; Thu, 18 Apr 2024 20:00:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXwF-0003cx-GF; Thu, 18 Apr 2024 20:00:55 +0000 Received: by outflank-mailman (input) for mailman id 708579; Thu, 18 Apr 2024 20:00:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXwE-0003cp-Ld for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxXwE-00006e-Kt for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxXwE-0005ok-Jx for xen-changelog@lists.xenproject.org; Thu, 18 Apr 2024 20:00:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HqgTCVgXG2HUoO58Qfj/sPhYSW/cnsYonOf2CYwMjq8=; b=qsFIyxKTUl55HvzX3PqQsMXYdJ 653siaHNhZE2bFAOVOtDaKsN0/YsrJ6fIsOSsKox9RVra48gNOUc8qmY4+OloTf2n7Ig/u8OuHdxM D+jw4+ONSVr0WiEBnewFIRtzv9ehs7JBLy2/pzfhgLNZQmmY1Ws3vXPSWdvN0GJoPVz4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/gzip: Drop huffman code table tracking Message-Id: Date: Thu, 18 Apr 2024 20:00:54 +0000 commit 8763eb782b2c349efb44900ebe82369bf89e0568 Author: Daniel P. Smith AuthorDate: Wed Apr 17 10:37:16 2024 -0400 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 xen/gzip: Drop huffman code table tracking The memory usage tracking isn't used outside of a debugging option which can't compile under Xen anyway. Drop it. Signed-off-by: Daniel P. Smith Reviewed-by: Andrew Cooper --- xen/common/gzip/inflate.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/xen/common/gzip/inflate.c b/xen/common/gzip/inflate.c index f2f953e80e..a03903f731 100644 --- a/xen/common/gzip/inflate.c +++ b/xen/common/gzip/inflate.c @@ -266,10 +266,6 @@ static const int dbits = 6; /* bits in base distance lookup table */ #define BMAX 16 /* maximum bit length of any code (16 for explode) */ #define N_MAX 288 /* maximum number of codes in any set */ - -static unsigned __initdata hufts; /* track memory usage */ - - static int __init huft_build( unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ unsigned n, /* number of codes (assumed <= N_MAX) */ @@ -445,7 +441,6 @@ static int __init huft_build( goto out; } DEBG1("4 "); - hufts += z + 1; /* track memory usage */ *t = q + 1; /* link to list for huft_free() */ *(t = &(q->v.t)) = (struct huft *)NULL; u[h] = ++q; /* table starts after link */ @@ -1023,7 +1018,6 @@ static int __init inflate(void) { int e; /* last block flag */ int r; /* result code */ - unsigned h; /* maximum struct huft's malloc'ed */ /* initialize window, bit buffer */ wp = 0; @@ -1032,14 +1026,10 @@ static int __init inflate(void) /* decompress until the last block */ - h = 0; do { - hufts = 0; r = inflate_block(&e); if (r) return r; - if (hufts > h) - h = hufts; } while (!e); /* Undo too much lookahead. The next read will be byte aligned so we @@ -1055,9 +1045,6 @@ static int __init inflate(void) /* return success */ -#ifdef DEBUG - fprintf(stderr, "<%u> ", h); -#endif /* DEBUG */ return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:55:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708774.1107872 (Exim 4.92) (envelope-from ) id 1rxi9H-0005uu-Bt; Fri, 19 Apr 2024 06:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708774.1107872; Fri, 19 Apr 2024 06:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9H-0005um-9I; Fri, 19 Apr 2024 06:55:03 +0000 Received: by outflank-mailman (input) for mailman id 708774; Fri, 19 Apr 2024 06:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9G-0005uW-Dq for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9G-0003vO-2F for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxi9G-0007bo-1E for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ryUxJndmBwvp4yYL/T6TCB7PqwlgoEDOXllW55J8Fyg=; b=YNT5UeO3LvhEwps3vwbhfhWZkQ Ak089tI45TumpviFyh6FdQTUzqSz4V5+6FxhS5kReAZeSrVQzyH7FHjajiQ0w5a0ZgF/sCpv9C4U5 iOqFLqLXKauTIL+kxQL431DsDrRTu/FpkhO3ueFZI+Bmq8BEkr8bwqy1PTlvIMFO6Q2M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] public: s/int/int32_t Message-Id: Date: Fri, 19 Apr 2024 06:55:02 +0000 commit afab29d0882f1d6889c73302fdf04632a492c529 Author: Stefano Stabellini AuthorDate: Tue Apr 9 16:19:21 2024 -0700 Commit: Julien Grall CommitDate: Wed Apr 17 10:52:48 2024 +0100 public: s/int/int32_t Straightforward int -> int32_t and unsigned int -> uint32_t replacements in public headers. No ABI or semantic changes intended. Signed-off-by: Stefano Stabellini --- xen/include/public/kexec.h | 8 ++++---- xen/include/public/memory.h | 24 ++++++++++++------------ xen/include/public/physdev.h | 18 +++++++++--------- xen/include/public/sched.h | 6 +++--- xen/include/public/vcpu.h | 2 +- 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/xen/include/public/kexec.h b/xen/include/public/kexec.h index 40d79e936b..8d2a0ef697 100644 --- a/xen/include/public/kexec.h +++ b/xen/include/public/kexec.h @@ -105,7 +105,7 @@ typedef struct xen_kexec_image { */ #define KEXEC_CMD_kexec 0 typedef struct xen_kexec_exec { - int type; + int32_t type; } xen_kexec_exec_t; /* @@ -116,7 +116,7 @@ typedef struct xen_kexec_exec { #define KEXEC_CMD_kexec_load_v1 1 /* obsolete since 0x00040400 */ #define KEXEC_CMD_kexec_unload_v1 2 /* obsolete since 0x00040400 */ typedef struct xen_kexec_load_v1 { - int type; + int32_t type; xen_kexec_image_t image; } xen_kexec_load_v1_t; @@ -143,8 +143,8 @@ typedef struct xen_kexec_load_v1 { */ #define KEXEC_CMD_kexec_get_range 3 typedef struct xen_kexec_range { - int range; - int nr; + int32_t range; + int32_t nr; unsigned long size; unsigned long start; } xen_kexec_range_t; diff --git a/xen/include/public/memory.h b/xen/include/public/memory.h index 5e545ae9a4..9eb67d231d 100644 --- a/xen/include/public/memory.h +++ b/xen/include/public/memory.h @@ -61,13 +61,13 @@ struct xen_memory_reservation { /* Number of extents, and size/alignment of each (2^extent_order pages). */ xen_ulong_t nr_extents; - unsigned int extent_order; + uint32_t extent_order; #if __XEN_INTERFACE_VERSION__ >= 0x00030209 /* XENMEMF flags. */ - unsigned int mem_flags; + uint32_t mem_flags; #else - unsigned int address_bits; + uint32_t address_bits; #endif /* @@ -163,7 +163,7 @@ struct xen_machphys_mfn_list { * Size of the 'extent_start' array. Fewer entries will be filled if the * machphys table is smaller than max_extents * 2MB. */ - unsigned int max_extents; + uint32_t max_extents; /* * Pointer to buffer to fill with list of extent starts. If there are @@ -176,7 +176,7 @@ struct xen_machphys_mfn_list { * Number of extents written to the above array. This will be smaller * than 'max_extents' if the machphys table is smaller than max_e * 2MB. */ - unsigned int nr_extents; + uint32_t nr_extents; }; typedef struct xen_machphys_mfn_list xen_machphys_mfn_list_t; DEFINE_XEN_GUEST_HANDLE(xen_machphys_mfn_list_t); @@ -232,7 +232,7 @@ struct xen_add_to_physmap { /* Number of pages to go through for gmfn_range */ uint16_t size; - unsigned int space; /* => enum phys_map_space */ + uint32_t space; /* => enum phys_map_space */ #define XENMAPIDX_grant_table_status 0x80000000U @@ -274,7 +274,7 @@ struct xen_add_to_physmap_batch { /* OUT */ /* Per index error code. */ - XEN_GUEST_HANDLE(int) errs; + XEN_GUEST_HANDLE(int32_t) errs; }; typedef struct xen_add_to_physmap_batch xen_add_to_physmap_batch_t; DEFINE_XEN_GUEST_HANDLE(xen_add_to_physmap_batch_t); @@ -317,7 +317,7 @@ struct xen_memory_map { * return the number of entries which have been stored in * buffer. */ - unsigned int nr_entries; + uint32_t nr_entries; /* * Entries in the buffer are in the same format as returned by the @@ -591,7 +591,7 @@ struct xen_reserved_device_memory_map { * Gets set to the required number of entries when too low, * signaled by error code -ERANGE. */ - unsigned int nr_entries; + uint32_t nr_entries; /* OUT */ XEN_GUEST_HANDLE(xen_reserved_device_memory_t) buffer; /* IN */ @@ -711,9 +711,9 @@ struct xen_vnuma_topology_info { domid_t domid; uint16_t pad; /* IN/OUT */ - unsigned int nr_vnodes; - unsigned int nr_vcpus; - unsigned int nr_vmemranges; + uint32_t nr_vnodes; + uint32_t nr_vcpus; + uint32_t nr_vmemranges; /* OUT */ union { XEN_GUEST_HANDLE(uint) h; diff --git a/xen/include/public/physdev.h b/xen/include/public/physdev.h index f0c0d4727c..03ccf86618 100644 --- a/xen/include/public/physdev.h +++ b/xen/include/public/physdev.h @@ -142,17 +142,17 @@ DEFINE_XEN_GUEST_HANDLE(physdev_irq_t); struct physdev_map_pirq { domid_t domid; /* IN */ - int type; + int32_t type; /* IN (ignored for ..._MULTI_MSI) */ - int index; + int32_t index; /* IN or OUT */ - int pirq; + int32_t pirq; /* IN - high 16 bits hold segment for ..._MSI_SEG and ..._MULTI_MSI */ - int bus; + int32_t bus; /* IN */ - int devfn; + int32_t devfn; /* IN (also OUT for ..._MULTI_MSI) */ - int entry_nr; + int32_t entry_nr; /* IN */ uint64_t table_base; }; @@ -163,7 +163,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_map_pirq_t); struct physdev_unmap_pirq { domid_t domid; /* IN */ - int pirq; + int32_t pirq; }; typedef struct physdev_unmap_pirq physdev_unmap_pirq_t; @@ -224,7 +224,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_op_t); #define PHYSDEVOP_setup_gsi 21 struct physdev_setup_gsi { - int gsi; + int32_t gsi; /* IN */ uint8_t triggering; /* IN */ @@ -242,7 +242,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_setup_gsi_t); #define PHYSDEVOP_get_free_pirq 23 struct physdev_get_free_pirq { /* IN */ - int type; + int32_t type; /* OUT */ uint32_t pirq; }; diff --git a/xen/include/public/sched.h b/xen/include/public/sched.h index b4362c6a1d..57ac3df47b 100644 --- a/xen/include/public/sched.h +++ b/xen/include/public/sched.h @@ -116,14 +116,14 @@ /* ` } */ struct sched_shutdown { - unsigned int reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ + uint32_t reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ }; typedef struct sched_shutdown sched_shutdown_t; DEFINE_XEN_GUEST_HANDLE(sched_shutdown_t); struct sched_poll { XEN_GUEST_HANDLE(evtchn_port_t) ports; - unsigned int nr_ports; + uint32_t nr_ports; uint64_t timeout; }; typedef struct sched_poll sched_poll_t; @@ -131,7 +131,7 @@ DEFINE_XEN_GUEST_HANDLE(sched_poll_t); struct sched_remote_shutdown { domid_t domain_id; /* Remote domain ID */ - unsigned int reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ + uint32_t reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ }; typedef struct sched_remote_shutdown sched_remote_shutdown_t; DEFINE_XEN_GUEST_HANDLE(sched_remote_shutdown_t); diff --git a/xen/include/public/vcpu.h b/xen/include/public/vcpu.h index f7445ac0b0..2b8df2b0da 100644 --- a/xen/include/public/vcpu.h +++ b/xen/include/public/vcpu.h @@ -63,7 +63,7 @@ #define VCPUOP_get_runstate_info 4 struct vcpu_runstate_info { /* VCPU's current state (RUNSTATE_*). */ - int state; + int32_t state; /* When was current state entered (system time, ns)? */ uint64_t state_entry_time; /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:55:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708776.1107876 (Exim 4.92) (envelope-from ) id 1rxi9R-00066f-Dh; Fri, 19 Apr 2024 06:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708776.1107876; Fri, 19 Apr 2024 06:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9R-00066V-Ap; Fri, 19 Apr 2024 06:55:13 +0000 Received: by outflank-mailman (input) for mailman id 708776; Fri, 19 Apr 2024 06:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9Q-00065B-6L for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9Q-0003vg-5N for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxi9Q-0007cm-4T for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SM+IBIwVkYwUs+duOKBQUWnECfyrC59M62P+Z8C8Mgw=; b=oQduB+3Pygps6VAnfR5UPqnm2n 4LSzsaX1dbkx/WZaypaiYAdTlNHe+sXUAhWsN6geLaY1NaPNpTKLqTuX/ftAW/bA/hspfD/PLLsVO UwuGuU7kNdqD0kLuoYP2vdqct4JR+7qIHWYnF5elr0if7H1elbsk0OxLamY07OKHtfqM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs: arm: Update where Xen should be loaded in memory Message-Id: Date: Fri, 19 Apr 2024 06:55:12 +0000 commit 83e081b29e52b0ea946e30677e9caf86e9bcbc65 Author: Michal Orzel AuthorDate: Fri Apr 12 08:16:24 2024 +0200 Commit: Julien Grall CommitDate: Wed Apr 17 10:53:10 2024 +0100 docs: arm: Update where Xen should be loaded in memory Since commit 6cd046c501bc ("xen/arm: Enlarge identity map space to 10TB") Xen can be loaded below 10 TiB. Update docs accordingly. Take the opportunity to update stale links to Linux docs. Signed-off-by: Michal Orzel Reviewed-by: Luca Fancellu --- docs/misc/arm/booting.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/misc/arm/booting.txt b/docs/misc/arm/booting.txt index 547f58a7d9..21ae74837d 100644 --- a/docs/misc/arm/booting.txt +++ b/docs/misc/arm/booting.txt @@ -23,7 +23,7 @@ The exceptions to this on 32-bit ARM are as follows: The exceptions to this on 64-bit ARM are as follows: - Xen binary should be loaded in memory below 2 TiB. + Xen binary should be loaded in memory below 10 TiB. Booting Guests -------------- @@ -64,10 +64,10 @@ Xen relies on some settings the firmware has to configure in EL3 before starting [1] linux/Documentation/arm/booting.rst -Latest version: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/arm/booting.rst +Latest version: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/arch/arm/booting.rst [2] linux/Documentation/arm64/booting.rst -Latest version: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/arm64/booting.rst +Latest version: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/arch/arm64/booting.rst [3] legacy format header Latest version: https://source.denx.de/u-boot/u-boot/-/blob/master/include/image.h#L315 -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:55:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:55:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708777.1107879 (Exim 4.92) (envelope-from ) id 1rxi9b-0006Au-FD; Fri, 19 Apr 2024 06:55:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708777.1107879; Fri, 19 Apr 2024 06:55:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9b-0006Am-CG; Fri, 19 Apr 2024 06:55:23 +0000 Received: by outflank-mailman (input) for mailman id 708777; Fri, 19 Apr 2024 06:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9a-0006AG-9U for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9a-0003wE-8c for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxi9a-0007dV-7e for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8SphIyHfMIs1SspNGpO9iut/FABA4L/pTlQik4Lv8mQ=; b=UQxrWnMwLMcIB/AaSWBTiFjGIZ 51uffgMxAWRiBAEydib+osEVX6y0NpSxwyoFYhL+jKErsl6wq23jjwxnuniMKlBYKR3PcE8bE6LW9 Bw1FJ4cV4Nj9g9hLOvD6wq4j8HLlBagbEKAFGehjbfoafPZ0vFjDAMgRdqsNaotg5Oss=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] Revert "public: s/int/int32_t" Message-Id: Date: Fri, 19 Apr 2024 06:55:22 +0000 commit 2a9a19be134ee345831a0d5595a3050c50680466 Author: Julien Grall AuthorDate: Wed Apr 17 13:46:55 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 17 13:53:17 2024 +0100 Revert "public: s/int/int32_t" This reverts commit afab29d0882f1d6889c73302fdf04632a492c529. This is breaking the build. I mistakenly committed the wrong version. Signed-off-by: Julien Grall --- xen/include/public/kexec.h | 8 ++++---- xen/include/public/memory.h | 24 ++++++++++++------------ xen/include/public/physdev.h | 18 +++++++++--------- xen/include/public/sched.h | 6 +++--- xen/include/public/vcpu.h | 2 +- 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/xen/include/public/kexec.h b/xen/include/public/kexec.h index 8d2a0ef697..40d79e936b 100644 --- a/xen/include/public/kexec.h +++ b/xen/include/public/kexec.h @@ -105,7 +105,7 @@ typedef struct xen_kexec_image { */ #define KEXEC_CMD_kexec 0 typedef struct xen_kexec_exec { - int32_t type; + int type; } xen_kexec_exec_t; /* @@ -116,7 +116,7 @@ typedef struct xen_kexec_exec { #define KEXEC_CMD_kexec_load_v1 1 /* obsolete since 0x00040400 */ #define KEXEC_CMD_kexec_unload_v1 2 /* obsolete since 0x00040400 */ typedef struct xen_kexec_load_v1 { - int32_t type; + int type; xen_kexec_image_t image; } xen_kexec_load_v1_t; @@ -143,8 +143,8 @@ typedef struct xen_kexec_load_v1 { */ #define KEXEC_CMD_kexec_get_range 3 typedef struct xen_kexec_range { - int32_t range; - int32_t nr; + int range; + int nr; unsigned long size; unsigned long start; } xen_kexec_range_t; diff --git a/xen/include/public/memory.h b/xen/include/public/memory.h index 9eb67d231d..5e545ae9a4 100644 --- a/xen/include/public/memory.h +++ b/xen/include/public/memory.h @@ -61,13 +61,13 @@ struct xen_memory_reservation { /* Number of extents, and size/alignment of each (2^extent_order pages). */ xen_ulong_t nr_extents; - uint32_t extent_order; + unsigned int extent_order; #if __XEN_INTERFACE_VERSION__ >= 0x00030209 /* XENMEMF flags. */ - uint32_t mem_flags; + unsigned int mem_flags; #else - uint32_t address_bits; + unsigned int address_bits; #endif /* @@ -163,7 +163,7 @@ struct xen_machphys_mfn_list { * Size of the 'extent_start' array. Fewer entries will be filled if the * machphys table is smaller than max_extents * 2MB. */ - uint32_t max_extents; + unsigned int max_extents; /* * Pointer to buffer to fill with list of extent starts. If there are @@ -176,7 +176,7 @@ struct xen_machphys_mfn_list { * Number of extents written to the above array. This will be smaller * than 'max_extents' if the machphys table is smaller than max_e * 2MB. */ - uint32_t nr_extents; + unsigned int nr_extents; }; typedef struct xen_machphys_mfn_list xen_machphys_mfn_list_t; DEFINE_XEN_GUEST_HANDLE(xen_machphys_mfn_list_t); @@ -232,7 +232,7 @@ struct xen_add_to_physmap { /* Number of pages to go through for gmfn_range */ uint16_t size; - uint32_t space; /* => enum phys_map_space */ + unsigned int space; /* => enum phys_map_space */ #define XENMAPIDX_grant_table_status 0x80000000U @@ -274,7 +274,7 @@ struct xen_add_to_physmap_batch { /* OUT */ /* Per index error code. */ - XEN_GUEST_HANDLE(int32_t) errs; + XEN_GUEST_HANDLE(int) errs; }; typedef struct xen_add_to_physmap_batch xen_add_to_physmap_batch_t; DEFINE_XEN_GUEST_HANDLE(xen_add_to_physmap_batch_t); @@ -317,7 +317,7 @@ struct xen_memory_map { * return the number of entries which have been stored in * buffer. */ - uint32_t nr_entries; + unsigned int nr_entries; /* * Entries in the buffer are in the same format as returned by the @@ -591,7 +591,7 @@ struct xen_reserved_device_memory_map { * Gets set to the required number of entries when too low, * signaled by error code -ERANGE. */ - uint32_t nr_entries; + unsigned int nr_entries; /* OUT */ XEN_GUEST_HANDLE(xen_reserved_device_memory_t) buffer; /* IN */ @@ -711,9 +711,9 @@ struct xen_vnuma_topology_info { domid_t domid; uint16_t pad; /* IN/OUT */ - uint32_t nr_vnodes; - uint32_t nr_vcpus; - uint32_t nr_vmemranges; + unsigned int nr_vnodes; + unsigned int nr_vcpus; + unsigned int nr_vmemranges; /* OUT */ union { XEN_GUEST_HANDLE(uint) h; diff --git a/xen/include/public/physdev.h b/xen/include/public/physdev.h index 03ccf86618..f0c0d4727c 100644 --- a/xen/include/public/physdev.h +++ b/xen/include/public/physdev.h @@ -142,17 +142,17 @@ DEFINE_XEN_GUEST_HANDLE(physdev_irq_t); struct physdev_map_pirq { domid_t domid; /* IN */ - int32_t type; + int type; /* IN (ignored for ..._MULTI_MSI) */ - int32_t index; + int index; /* IN or OUT */ - int32_t pirq; + int pirq; /* IN - high 16 bits hold segment for ..._MSI_SEG and ..._MULTI_MSI */ - int32_t bus; + int bus; /* IN */ - int32_t devfn; + int devfn; /* IN (also OUT for ..._MULTI_MSI) */ - int32_t entry_nr; + int entry_nr; /* IN */ uint64_t table_base; }; @@ -163,7 +163,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_map_pirq_t); struct physdev_unmap_pirq { domid_t domid; /* IN */ - int32_t pirq; + int pirq; }; typedef struct physdev_unmap_pirq physdev_unmap_pirq_t; @@ -224,7 +224,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_op_t); #define PHYSDEVOP_setup_gsi 21 struct physdev_setup_gsi { - int32_t gsi; + int gsi; /* IN */ uint8_t triggering; /* IN */ @@ -242,7 +242,7 @@ DEFINE_XEN_GUEST_HANDLE(physdev_setup_gsi_t); #define PHYSDEVOP_get_free_pirq 23 struct physdev_get_free_pirq { /* IN */ - int32_t type; + int type; /* OUT */ uint32_t pirq; }; diff --git a/xen/include/public/sched.h b/xen/include/public/sched.h index 57ac3df47b..b4362c6a1d 100644 --- a/xen/include/public/sched.h +++ b/xen/include/public/sched.h @@ -116,14 +116,14 @@ /* ` } */ struct sched_shutdown { - uint32_t reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ + unsigned int reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ }; typedef struct sched_shutdown sched_shutdown_t; DEFINE_XEN_GUEST_HANDLE(sched_shutdown_t); struct sched_poll { XEN_GUEST_HANDLE(evtchn_port_t) ports; - uint32_t nr_ports; + unsigned int nr_ports; uint64_t timeout; }; typedef struct sched_poll sched_poll_t; @@ -131,7 +131,7 @@ DEFINE_XEN_GUEST_HANDLE(sched_poll_t); struct sched_remote_shutdown { domid_t domain_id; /* Remote domain ID */ - uint32_t reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ + unsigned int reason; /* SHUTDOWN_* => enum sched_shutdown_reason */ }; typedef struct sched_remote_shutdown sched_remote_shutdown_t; DEFINE_XEN_GUEST_HANDLE(sched_remote_shutdown_t); diff --git a/xen/include/public/vcpu.h b/xen/include/public/vcpu.h index 2b8df2b0da..f7445ac0b0 100644 --- a/xen/include/public/vcpu.h +++ b/xen/include/public/vcpu.h @@ -63,7 +63,7 @@ #define VCPUOP_get_runstate_info 4 struct vcpu_runstate_info { /* VCPU's current state (RUNSTATE_*). */ - int32_t state; + int state; /* When was current state entered (system time, ns)? */ uint64_t state_entry_time; /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:55:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:55:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708778.1107883 (Exim 4.92) (envelope-from ) id 1rxi9l-0006Eg-I5; Fri, 19 Apr 2024 06:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708778.1107883; Fri, 19 Apr 2024 06:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9l-0006EY-FS; Fri, 19 Apr 2024 06:55:33 +0000 Received: by outflank-mailman (input) for mailman id 708778; Fri, 19 Apr 2024 06:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9k-0006EJ-CR for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9k-0003wP-Be for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxi9k-0007eO-Ak for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0tTCblYcBVU5W79PmaRXdvlBMkEWUloyeeJZ6xvALbo=; b=xURg5783wREvDC0IWVnqiQFbqr dwMPcOosyk9Q2+h/Xb60hSqXWw1GI0AsC8fGysxmBGm8orUJfr0zeyzBC9BMPTYqOGAnRgrF168+4 n1XenU0jWENUKTKo4lr7WMG6SMmB3Gjrcxie0q0Xek4+T+hGfKf+oL/C90oBBbbuPbAg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs/misra: mark the gzip folder as adopted code Message-Id: Date: Fri, 19 Apr 2024 06:55:32 +0000 commit 02fbb2d591e794d3da430a207af0449d0c8c9228 Author: Federico Serafini AuthorDate: Mon Apr 15 11:56:30 2024 +0200 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 docs/misra: mark the gzip folder as adopted code Mark the whole gzip folder as adopted code and remove the redundant deviation of file inflate. Signed-off-by: Federico Serafini Acked-by: Andrew Cooper --- automation/eclair_analysis/ECLAIR/deviations.ecl | 5 ----- docs/misra/exclude-list.json | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 0230b41c6d..4287805819 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -148,11 +148,6 @@ const-qualified." # Series 8. # --doc_begin="The following file is imported from Linux: ignore for now." --file_tag+={adopted_r8_2,"^xen/common/inflate\\.c$"} --config=MC3R1.R8.2,reports+={deliberate,"any_area(any_loc(file(adopted_r8_2)))"} --doc_end - -doc_begin="The type ret_t is deliberately used and defined as int or long depending on the architecture." -config=MC3R1.R8.3,reports+={deliberate,"any_area(any_loc(text(^.*ret_t.*$)))"} -doc_end diff --git a/docs/misra/exclude-list.json b/docs/misra/exclude-list.json index 0956364158..cd69765427 100644 --- a/docs/misra/exclude-list.json +++ b/docs/misra/exclude-list.json @@ -118,7 +118,7 @@ "comment": "Imported from Linux, ignore for now" }, { - "rel_path": "common/gzip/inflate.c", + "rel_path": "common/gzip/*", "comment": "Imported from Linux, ignore for now" }, { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:55:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:55:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708779.1107888 (Exim 4.92) (envelope-from ) id 1rxi9v-0006IW-JR; Fri, 19 Apr 2024 06:55:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708779.1107888; Fri, 19 Apr 2024 06:55:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9v-0006IO-Gn; Fri, 19 Apr 2024 06:55:43 +0000 Received: by outflank-mailman (input) for mailman id 708779; Fri, 19 Apr 2024 06:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9u-0006IA-FP for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxi9u-0003wb-Ee for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxi9u-0007er-Df for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qPxc7D1nclfTWxpTKgucVhXjrqFd8QN28urUmaIHGps=; b=V8XTuTYK9LKiLIQr5gyKybrsJi WRf+cM54BgMwLXurz2QiW1/ywYsFbI8iFMsMS4ImZaSpnIyk+MmKdf/W8keEmBfzcKIL9fZEheonY SzLfMdTgANu3NDdoHtV7ScLHAvfGIkJIp9AoCP4PacHC2TkgSjpkfN300ov721BBU7YI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/efi: Rewrite DOS/PE magic checking without memcmp() Message-Id: Date: Fri, 19 Apr 2024 06:55:42 +0000 commit 4cd66fb56dc6972178f6543217b66bc122fbbd5a Author: Andrew Cooper AuthorDate: Tue Apr 16 16:21:34 2024 +0100 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 xen/efi: Rewrite DOS/PE magic checking without memcmp() Misra Rule 21.16 doesn't like the use of memcmp() against character arrays (a string literal in this case). This is a rare piece of logic where we're looking for a magic marker that just happens to make sense when expressed as ASCII. Rewrite using plain compares. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Stefano Stabellini Acked-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/common/efi/pe.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/xen/common/efi/pe.c b/xen/common/efi/pe.c index a84992df9a..ef8a2543e0 100644 --- a/xen/common/efi/pe.c +++ b/xen/common/efi/pe.c @@ -111,7 +111,8 @@ const void *__init pe_find_section(const void *image, const UINTN image_size, UINTN offset, i; if ( image_size < sizeof(*dos) || - memcmp(dos->Magic, "MZ", 2) != 0 ) + dos->Magic[0] != 'M' || + dos->Magic[1] != 'Z' ) return NULL; offset = dos->ExeHeader; @@ -119,7 +120,10 @@ const void *__init pe_find_section(const void *image, const UINTN image_size, offset += sizeof(*pe); if ( image_size < offset || - memcmp(pe->Magic, "PE\0\0", 4) != 0 ) + pe->Magic[0] != 'P' || + pe->Magic[1] != 'E' || + pe->Magic[2] != '\0' || + pe->Magic[3] != '\0' ) return NULL; if ( pe->FileHeader.Machine != PE_HEADER_MACHINE ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:55:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708780.1107892 (Exim 4.92) (envelope-from ) id 1rxiA5-0006LQ-Kq; Fri, 19 Apr 2024 06:55:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708780.1107892; Fri, 19 Apr 2024 06:55:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiA5-0006LI-IG; Fri, 19 Apr 2024 06:55:53 +0000 Received: by outflank-mailman (input) for mailman id 708780; Fri, 19 Apr 2024 06:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiA4-0006L7-IT for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiA4-0003wy-Hf for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxiA4-0007fR-Gn for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MpRIduF34ImSjkZPIhWAITmYItLVOIgS5ut+cYypDSM=; b=C2JQw+9eNDLLvzlqMtusRnc1EM m7VmGMsZD4Ks1iFs51SEcPeMG6VBXamZb0JhRCK6UQ0fIzaAfGfUWPJ/wk6i1oBFoy1ZwLU+Z0Lj0 +aW8effhnpXK7dvpCNGtfAFzOjkFv2rGTbfss0aiSihPLjhyt5nA8xIacYpTnA52f5t8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/emul: Simplify segment override prefix decoding Message-Id: Date: Fri, 19 Apr 2024 06:55:52 +0000 commit 489a46c1775fdc0474261418dffef0e048848c82 Author: Andrew Cooper AuthorDate: Thu Dec 28 18:41:30 2023 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 x86/emul: Simplify segment override prefix decoding x86_seg_* uses architectural encodings. Therefore, we can fold the prefix handling cases together and derive the segment from the prefix byte itself. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/x86_emulate/decode.c | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/x86_emulate/decode.c b/xen/arch/x86/x86_emulate/decode.c index de836068fd..ee4cbdc000 100644 --- a/xen/arch/x86/x86_emulate/decode.c +++ b/xen/arch/x86/x86_emulate/decode.c @@ -1043,17 +1043,12 @@ int x86emul_decode(struct x86_emulate_state *s, case 0x67: /* address-size override */ ad_bytes = def_ad_bytes ^ (mode_64bit() ? 12 : 6); break; - case 0x2e: /* CS override / ignored in 64-bit mode */ + case 0x26: /* ES override */ + case 0x2e: /* CS override */ + case 0x36: /* SS override */ + case 0x3e: /* DS override, all ignored in 64-bit mode */ if ( !mode_64bit() ) - override_seg = x86_seg_cs; - break; - case 0x3e: /* DS override / ignored in 64-bit mode */ - if ( !mode_64bit() ) - override_seg = x86_seg_ds; - break; - case 0x26: /* ES override / ignored in 64-bit mode */ - if ( !mode_64bit() ) - override_seg = x86_seg_es; + override_seg = (b >> 3) & 3; break; case 0x64: /* FS override */ override_seg = x86_seg_fs; @@ -1061,10 +1056,6 @@ int x86emul_decode(struct x86_emulate_state *s, case 0x65: /* GS override */ override_seg = x86_seg_gs; break; - case 0x36: /* SS override / ignored in 64-bit mode */ - if ( !mode_64bit() ) - override_seg = x86_seg_ss; - break; case 0xf0: /* LOCK */ s->lock_prefix = true; break; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:56:03 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:56:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708781.1107896 (Exim 4.92) (envelope-from ) id 1rxiAF-0006OT-MI; Fri, 19 Apr 2024 06:56:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708781.1107896; Fri, 19 Apr 2024 06:56:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAF-0006OL-Jb; Fri, 19 Apr 2024 06:56:03 +0000 Received: by outflank-mailman (input) for mailman id 708781; Fri, 19 Apr 2024 06:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAE-0006O2-Ld for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAE-0003xK-Kp for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxiAE-0007ge-Jw for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=QJ7D5P9rPks1kyghi8ImqQ/8VoFwm6XxywkTTBU3GeA=; b=YF3bgb3tRVxZ3ONMiTHF8x9fNg kYa/jI5Uw9AtKKgqsA/bIoM5KYfD3u0mtrz0GViY3eXvVNrIxQ6G3kClfrjT6Git+iaSyWpgeYc5J AqT4kSjilbHVQjbDzdE9q5oPVZ8Uv5OoykPxxXd52vae6spLz3HLJBHI9zBA0VA5kY8A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/gzip: Drop unused define checks Message-Id: Date: Fri, 19 Apr 2024 06:56:02 +0000 commit 492fe0778b2f1d41d040ff9569f8f36f9dca7dae Author: Daniel P. Smith AuthorDate: Wed Apr 17 10:37:11 2024 -0400 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 xen/gzip: Drop unused define checks Drop various macros and checks which are never used. Signed-off-by: Daniel P. Smith Reviewed-by: Andrew Cooper --- xen/common/gzip/gunzip.c | 2 -- xen/common/gzip/inflate.c | 36 +++++++++--------------------------- 2 files changed, 9 insertions(+), 29 deletions(-) diff --git a/xen/common/gzip/gunzip.c b/xen/common/gzip/gunzip.c index 2c6eae167d..fdccaa9159 100644 --- a/xen/common/gzip/gunzip.c +++ b/xen/common/gzip/gunzip.c @@ -22,8 +22,6 @@ static unsigned int __initdata inptr; /* Bytes in output buffer: */ static unsigned int __initdata outcnt; -#define OF(args) args - #define memzero(s, n) memset((s), 0, (n)) typedef unsigned char uch; diff --git a/xen/common/gzip/inflate.c b/xen/common/gzip/inflate.c index 58f263d9e8..fc9b466e0c 100644 --- a/xen/common/gzip/inflate.c +++ b/xen/common/gzip/inflate.c @@ -138,15 +138,15 @@ struct huft { /* Function prototypes */ -static int huft_build OF((unsigned *, unsigned, unsigned, - const ush *, const ush *, struct huft **, int *)); -static int huft_free OF((struct huft *)); -static int inflate_codes OF((struct huft *, struct huft *, int, int)); -static int inflate_stored OF((void)); -static int inflate_fixed OF((void)); -static int inflate_dynamic OF((void)); -static int inflate_block OF((int *)); -static int inflate OF((void)); +static int huft_build(unsigned *, unsigned, unsigned, + const ush *, const ush *, struct huft **, int *); +static int huft_free(struct huft *); +static int inflate_codes(struct huft *, struct huft *, int, int); +static int inflate_stored(void); +static int inflate_fixed(void); +static int inflate_dynamic(void); +static int inflate_block(int *); +static int inflate(void); /* The inflate algorithm uses a sliding 32 K byte window on the uncompressed @@ -661,7 +661,6 @@ static int __init inflate_codes( /* do the copy */ do { n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e); -#if !defined(NOMEMCPY) && !defined(DEBUG) if (w - d >= e) /* (this test assumes unsigned comparison) */ { memcpy(slide + w, slide + d, e); @@ -669,7 +668,6 @@ static int __init inflate_codes( d += e; } else /* do it slow to avoid memcpy() overlap */ -#endif /* !NOMEMCPY */ do { slide[w++] = slide[d++]; Tracevv((stderr, "%c", slide[w-1])); @@ -845,11 +843,7 @@ static int noinline __init inflate_dynamic(void) DEBG(" 288 || nd > 32) -#else if (nl > 286 || nd > 30) -#endif { ret = 1; /* bad lengths */ goto out; @@ -989,16 +979,11 @@ static int noinline __init inflate_dynamic(void) DEBG("dyn5d "); if (i == 1) { error("incomplete distance tree"); -#ifdef PKZIP_BUG_WORKAROUND - i = 0; - } -#else huft_free(td); } huft_free(tl); ret = i; /* incomplete code set */ goto out; -#endif } DEBG("dyn6 "); @@ -1096,9 +1081,6 @@ static int __init inflate(void) h = 0; do { hufts = 0; -#ifdef ARCH_HAS_DECOMP_WDOG - arch_decomp_wdog(); -#endif r = inflate_block(&e); if (r) return r; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:56:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:56:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708782.1107899 (Exim 4.92) (envelope-from ) id 1rxiAQ-0006RR-Ny; Fri, 19 Apr 2024 06:56:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708782.1107899; Fri, 19 Apr 2024 06:56:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAQ-0006RJ-LA; Fri, 19 Apr 2024 06:56:14 +0000 Received: by outflank-mailman (input) for mailman id 708782; Fri, 19 Apr 2024 06:56:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAO-0006Qz-P4 for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAO-0003xf-OK for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxiAO-0007hB-Ms for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6wloBVi5uwkHujuc221IAcg6POdCvgRi6M8HBHvB65A=; b=g9FbZMKcg9udOh2bpsyVwMD/J/ FO/Z7a4KPWFpPwOhLJ9H0ouoOeBZ8D9gnJMTBqRnmEUlg0yJPwNWIH+sDM3LuMHagWvVI1Z7V3Qx2 Y38Cp9jk3t1jdTNhh1Y23dmmvW4dJpdYDpYMRV/99LmJ133v96VvL69ASQx8TfSp5GhE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/gzip: Remove custom memory allocator Message-Id: Date: Fri, 19 Apr 2024 06:56:12 +0000 commit 052cf1dcdfb8563840d4a61843327687e7e64d73 Author: Daniel P. Smith AuthorDate: Wed Apr 17 10:37:13 2024 -0400 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 xen/gzip: Remove custom memory allocator All the other decompression routines use xmalloc_bytes(), thus there is no reason for gzip to be handling its own allocation of memory. In fact, there is a bug somewhere in the allocator as decompression started to break when adding additional allocations. Instead of troubleshooting the allocator, replace it with xmalloc_bytes(). Signed-off-by: Daniel P. Smith Reviewed-by: Andrew Cooper --- xen/common/gzip/gunzip.c | 17 ++--------------- xen/common/gzip/inflate.c | 46 ---------------------------------------------- 2 files changed, 2 insertions(+), 61 deletions(-) diff --git a/xen/common/gzip/gunzip.c b/xen/common/gzip/gunzip.c index fdccaa9159..53cee9ee17 100644 --- a/xen/common/gzip/gunzip.c +++ b/xen/common/gzip/gunzip.c @@ -4,12 +4,7 @@ #include #include -#define HEAPORDER 3 - static unsigned char *__initdata window; -#define memptr long -static memptr __initdata free_mem_ptr; -static memptr __initdata free_mem_end_ptr; #define WSIZE 0x80000000U @@ -22,6 +17,8 @@ static unsigned int __initdata inptr; /* Bytes in output buffer: */ static unsigned int __initdata outcnt; +#define malloc(a) xmalloc_bytes(a) +#define free(a) xfree(a) #define memzero(s, n) memset((s), 0, (n)) typedef unsigned char uch; @@ -107,14 +104,6 @@ __init int perform_gunzip(char *output, char *image, unsigned long image_len) return 1; window = (unsigned char *)output; - - free_mem_ptr = (unsigned long)alloc_xenheap_pages(HEAPORDER, 0); - if ( !free_mem_ptr ) - return -ENOMEM; - - free_mem_end_ptr = free_mem_ptr + (PAGE_SIZE << HEAPORDER); - init_allocator(); - inbuf = (unsigned char *)image; insize = image_len; inptr = 0; @@ -131,7 +120,5 @@ __init int perform_gunzip(char *output, char *image, unsigned long image_len) rc = 0; } - free_xenheap_pages((void *)free_mem_ptr, HEAPORDER); - return rc; } diff --git a/xen/common/gzip/inflate.c b/xen/common/gzip/inflate.c index fc9b466e0c..f2f953e80e 100644 --- a/xen/common/gzip/inflate.c +++ b/xen/common/gzip/inflate.c @@ -225,52 +225,6 @@ static const ush mask_bits[] = { #define NEEDBITS(n) {while(k<(n)){b|=((ulg)NEXTBYTE())<>=(n);k-=(n);} -#ifndef NO_INFLATE_MALLOC -/* A trivial malloc implementation, adapted from - * malloc by Hannu Savolainen 1993 and Matthias Urlichs 1994 - */ - -static unsigned long __initdata malloc_ptr; -static int __initdata malloc_count; - -static void __init init_allocator(void) -{ - malloc_ptr = free_mem_ptr; - malloc_count = 0; -} - -static void *__init malloc(int size) -{ - void *p; - - if (size < 0) - error("Malloc error"); - if (!malloc_ptr) - malloc_ptr = free_mem_ptr; - - malloc_ptr = (malloc_ptr + 3) & ~3; /* Align */ - - p = (void *)malloc_ptr; - malloc_ptr += size; - - if (free_mem_end_ptr && malloc_ptr >= free_mem_end_ptr) - error("Out of memory"); - - malloc_count++; - return p; -} - -static void __init free(void *where) -{ - malloc_count--; - if (!malloc_count) - malloc_ptr = free_mem_ptr; -} -#else -#define malloc(a) kmalloc(a, GFP_KERNEL) -#define free(a) kfree(a) -#endif - /* Huffman code decoding is performed using a multi-level table lookup. The fastest way to decode is to simply build a lookup table whose -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:56:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:56:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708783.1107905 (Exim 4.92) (envelope-from ) id 1rxiAa-0006UJ-QE; Fri, 19 Apr 2024 06:56:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708783.1107905; Fri, 19 Apr 2024 06:56:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAa-0006UB-Md; Fri, 19 Apr 2024 06:56:24 +0000 Received: by outflank-mailman (input) for mailman id 708783; Fri, 19 Apr 2024 06:56:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAY-0006Tb-S2 for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAY-0003y8-RJ for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxiAY-0007i6-Qa for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5ulCse+aHEyDIfEQqmHFAS3NLR35IeOVdEvHmJi9FKY=; b=ZBcDjW+eNTT9nZQ9Zf9ynJfzP2 SLEIvPCO/fGfEtLyP1c/rhmS7mq7FOGvnvvced8j960Lr1GC7zITFriDQo+YjHptrJ/vjw62TgziF bWHGMKcURoQcCE4w8r+C4+QXznAqcZBscuZC9bYoDLTmBNb7HsYXzcjtURxMySy8rqgc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/gzip: Drop huffman code table tracking Message-Id: Date: Fri, 19 Apr 2024 06:56:22 +0000 commit 8763eb782b2c349efb44900ebe82369bf89e0568 Author: Daniel P. Smith AuthorDate: Wed Apr 17 10:37:16 2024 -0400 Commit: Andrew Cooper CommitDate: Thu Apr 18 20:43:11 2024 +0100 xen/gzip: Drop huffman code table tracking The memory usage tracking isn't used outside of a debugging option which can't compile under Xen anyway. Drop it. Signed-off-by: Daniel P. Smith Reviewed-by: Andrew Cooper --- xen/common/gzip/inflate.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/xen/common/gzip/inflate.c b/xen/common/gzip/inflate.c index f2f953e80e..a03903f731 100644 --- a/xen/common/gzip/inflate.c +++ b/xen/common/gzip/inflate.c @@ -266,10 +266,6 @@ static const int dbits = 6; /* bits in base distance lookup table */ #define BMAX 16 /* maximum bit length of any code (16 for explode) */ #define N_MAX 288 /* maximum number of codes in any set */ - -static unsigned __initdata hufts; /* track memory usage */ - - static int __init huft_build( unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ unsigned n, /* number of codes (assumed <= N_MAX) */ @@ -445,7 +441,6 @@ static int __init huft_build( goto out; } DEBG1("4 "); - hufts += z + 1; /* track memory usage */ *t = q + 1; /* link to list for huft_free() */ *(t = &(q->v.t)) = (struct huft *)NULL; u[h] = ++q; /* table starts after link */ @@ -1023,7 +1018,6 @@ static int __init inflate(void) { int e; /* last block flag */ int r; /* result code */ - unsigned h; /* maximum struct huft's malloc'ed */ /* initialize window, bit buffer */ wp = 0; @@ -1032,14 +1026,10 @@ static int __init inflate(void) /* decompress until the last block */ - h = 0; do { - hufts = 0; r = inflate_block(&e); if (r) return r; - if (hufts > h) - h = hufts; } while (!e); /* Undo too much lookahead. The next read will be byte aligned so we @@ -1055,9 +1045,6 @@ static int __init inflate(void) /* return success */ -#ifdef DEBUG - fprintf(stderr, "<%u> ", h); -#endif /* DEBUG */ return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:56:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:56:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708785.1107908 (Exim 4.92) (envelope-from ) id 1rxiAm-0006XK-Re; Fri, 19 Apr 2024 06:56:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708785.1107908; Fri, 19 Apr 2024 06:56:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAm-0006XC-O9; Fri, 19 Apr 2024 06:56:36 +0000 Received: by outflank-mailman (input) for mailman id 708785; Fri, 19 Apr 2024 06:56:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAl-0006Wv-0f for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAk-0003yP-W8 for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxiAk-0007rw-VI for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OegUAjp2+u/64U9vffLF96W2MHm+bPUlm80E5j4n4Sw=; b=Uw4JWqnaKvpcNDGiGzY910AgX7 Dk7+H05BYLvmj3Z7MinVjZXspLO0fTQrbp7zhOrsuj+lbZPGMAfJTWRf7qdavGUlmZmoGIAJAL5hg d2TIfq5qvurCESfEGE4VLJ2DAdIAVgyIFGxQ4Fmu0K0265UJL4y0qG5gKBZufW808xdQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/MCE: move intel mcheck init code to separate file Message-Id: Date: Fri, 19 Apr 2024 06:56:34 +0000 commit 78d980071a0964a7dcf0d02b4a9066c16b5a7140 Author: Sergiy Kibrik AuthorDate: Fri Apr 19 08:45:23 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 19 08:45:23 2024 +0200 x86/MCE: move intel mcheck init code to separate file Separate Intel nonfatal MCE initialization code from generic MCE code, the same way it is done for AMD code. This is to be able to later make intel/amd MCE code optional in the build. Convert to Xen coding style. Clean up unused includes. Remove seemingly outdated comment about MCE check period. No functional change intended. Signed-off-by: Sergiy Kibrik Reviewed-by: Stefano Stabellini Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/mcheck/Makefile | 1 + xen/arch/x86/cpu/mcheck/intel-nonfatal.c | 86 ++++++++++++++++++++++++++++++++ xen/arch/x86/cpu/mcheck/mce.h | 1 + xen/arch/x86/cpu/mcheck/non-fatal.c | 82 +----------------------------- 4 files changed, 89 insertions(+), 81 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/Makefile b/xen/arch/x86/cpu/mcheck/Makefile index 0d63ff9096..f927f10b4d 100644 --- a/xen/arch/x86/cpu/mcheck/Makefile +++ b/xen/arch/x86/cpu/mcheck/Makefile @@ -2,6 +2,7 @@ obj-y += amd_nonfatal.o obj-y += mce_amd.o obj-y += mcaction.o obj-y += barrier.o +obj-y += intel-nonfatal.o obj-y += mctelem.o obj-y += mce.o obj-y += mce-apei.o diff --git a/xen/arch/x86/cpu/mcheck/intel-nonfatal.c b/xen/arch/x86/cpu/mcheck/intel-nonfatal.c new file mode 100644 index 0000000000..092a828812 --- /dev/null +++ b/xen/arch/x86/cpu/mcheck/intel-nonfatal.c @@ -0,0 +1,86 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Non Fatal Machine Check Exception Reporting + * (C) Copyright 2002 Dave Jones. + */ + +#include + +#include "mce.h" +#include "vmce.h" + +static struct timer mce_timer; + +#define MCE_PERIOD MILLISECS(8000) +#define MCE_PERIOD_MIN MILLISECS(2000) +#define MCE_PERIOD_MAX MILLISECS(16000) + +static uint64_t period = MCE_PERIOD; +static int adjust = 0; +static int variable_period = 1; + +static void cf_check mce_checkregs(void *info) +{ + mctelem_cookie_t mctc; + struct mca_summary bs; + static uint64_t dumpcount = 0; + + mctc = mcheck_mca_logout(MCA_POLLER, this_cpu( poll_bankmask), + &bs, NULL); + + if ( bs.errcnt && mctc != NULL ) + { + adjust++; + + /* + * If Dom0 enabled the VIRQ_MCA event, then notify it. + * Otherwise, if dom0 has had plenty of time to register + * the virq handler but still hasn't then dump telemetry + * to the Xen console. The call count may be incremented + * on multiple cpus at once and is indicative only - just + * a simple-minded attempt to avoid spamming the console + * for corrected errors in early startup. + */ + + if ( dom0_vmce_enabled() ) + { + mctelem_commit(mctc); + send_global_virq(VIRQ_MCA); + } + else if ( ++dumpcount >= 10 ) + { + x86_mcinfo_dump((struct mc_info *)mctelem_dataptr(mctc)); + mctelem_dismiss(mctc); + } + else + mctelem_dismiss(mctc); + } + else if ( mctc != NULL ) + mctelem_dismiss(mctc); +} + +static void cf_check mce_work_fn(void *data) +{ + on_each_cpu(mce_checkregs, NULL, 1); + + if ( variable_period ) + { + if ( adjust ) + period /= (adjust + 1); + else + period *= 2; + if ( period > MCE_PERIOD_MAX ) + period = MCE_PERIOD_MAX; + if ( period < MCE_PERIOD_MIN ) + period = MCE_PERIOD_MIN; + } + + set_timer(&mce_timer, NOW() + period); + adjust = 0; +} + +void __init intel_nonfatal_mcheck_init(struct cpuinfo_x86 *unused) +{ + init_timer(&mce_timer, mce_work_fn, NULL, 0); + set_timer(&mce_timer, NOW() + MCE_PERIOD); +} diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index 7f26afae23..4806405f96 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -47,6 +47,7 @@ enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp); enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp); void amd_nonfatal_mcheck_init(struct cpuinfo_x86 *c); +void intel_nonfatal_mcheck_init(struct cpuinfo_x86 *c); extern unsigned int firstbank; extern unsigned int ppin_msr; diff --git a/xen/arch/x86/cpu/mcheck/non-fatal.c b/xen/arch/x86/cpu/mcheck/non-fatal.c index 1c0c32ba08..33cacd15c2 100644 --- a/xen/arch/x86/cpu/mcheck/non-fatal.c +++ b/xen/arch/x86/cpu/mcheck/non-fatal.c @@ -7,84 +7,7 @@ * */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - #include "mce.h" -#include "vmce.h" - -static struct timer mce_timer; - -#define MCE_PERIOD MILLISECS(8000) -#define MCE_PERIOD_MIN MILLISECS(2000) -#define MCE_PERIOD_MAX MILLISECS(16000) - -static uint64_t period = MCE_PERIOD; -static int adjust = 0; -static int variable_period = 1; - -static void cf_check mce_checkregs(void *info) -{ - mctelem_cookie_t mctc; - struct mca_summary bs; - static uint64_t dumpcount = 0; - - mctc = mcheck_mca_logout(MCA_POLLER, this_cpu(poll_bankmask), - &bs, NULL); - - if (bs.errcnt && mctc != NULL) { - adjust++; - - /* If Dom0 enabled the VIRQ_MCA event, then notify it. - * Otherwise, if dom0 has had plenty of time to register - * the virq handler but still hasn't then dump telemetry - * to the Xen console. The call count may be incremented - * on multiple cpus at once and is indicative only - just - * a simple-minded attempt to avoid spamming the console - * for corrected errors in early startup. - */ - - if (dom0_vmce_enabled()) { - mctelem_commit(mctc); - send_global_virq(VIRQ_MCA); - } else if (++dumpcount >= 10) { - x86_mcinfo_dump((struct mc_info *)mctelem_dataptr(mctc)); - mctelem_dismiss(mctc); - } else { - mctelem_dismiss(mctc); - } - } else if (mctc != NULL) { - mctelem_dismiss(mctc); - } -} - -static void cf_check mce_work_fn(void *data) -{ - on_each_cpu(mce_checkregs, NULL, 1); - - if (variable_period) { - if (adjust) - period /= (adjust + 1); - else - period *= 2; - if (period > MCE_PERIOD_MAX) - period = MCE_PERIOD_MAX; - if (period < MCE_PERIOD_MIN) - period = MCE_PERIOD_MIN; - } - - set_timer(&mce_timer, NOW() + period); - adjust = 0; -} static int __init cf_check init_nonfatal_mce_checker(void) { @@ -106,13 +29,10 @@ static int __init cf_check init_nonfatal_mce_checker(void) /* Assume we are on K8 or newer AMD or Hygon CPU here */ amd_nonfatal_mcheck_init(c); break; - case X86_VENDOR_INTEL: - init_timer(&mce_timer, mce_work_fn, NULL, 0); - set_timer(&mce_timer, NOW() + MCE_PERIOD); + intel_nonfatal_mcheck_init(c); break; } - printk(KERN_INFO "mcheck_poll: Machine check polling timer started.\n"); return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:56:47 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:56:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708786.1107911 (Exim 4.92) (envelope-from ) id 1rxiAw-0006an-US; Fri, 19 Apr 2024 06:56:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708786.1107911; Fri, 19 Apr 2024 06:56:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAw-0006af-Rd; Fri, 19 Apr 2024 06:56:46 +0000 Received: by outflank-mailman (input) for mailman id 708786; Fri, 19 Apr 2024 06:56:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAv-0006aF-3P for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiAv-0003yf-2h for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxiAv-0007sP-1v for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R1UPKD+U5yzCM/TuKdIiN/6hUglxS+KvYoFBOJd9YTg=; b=rB8WIcKtj6AxEqMhO42c+vZLz1 aK2WGms1tKho5jQK1E9Aijt7Zmw3lUXm9N1Z7W6hr06hGZUreuph1U6R24+NFy21wW9qdJl/IG+n/ Yc6bMrSNuDzicHbNzLuBu2UcsI8hX1+Ir6C/gAcps10RhDKf37arHdgJRnFrc6wAjt9o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/ppc: mm-radix: Replace debug printing code with printk Message-Id: Date: Fri, 19 Apr 2024 06:56:45 +0000 commit 5b33845adffd818bc21d854618712a30254b080f Author: Shawn Anastasio AuthorDate: Fri Apr 19 08:46:29 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 19 08:46:29 2024 +0200 xen/ppc: mm-radix: Replace debug printing code with printk Now that we have common code building, there's no need to keep the old itoa64+debug print function in mm-radix.c Signed-off-by: Shawn Anastasio Reviewed-by: Jan Beulich --- xen/arch/ppc/mm-radix.c | 58 ++++++++++--------------------------------------- 1 file changed, 12 insertions(+), 46 deletions(-) diff --git a/xen/arch/ppc/mm-radix.c b/xen/arch/ppc/mm-radix.c index daa411a6fa..ab5a10695c 100644 --- a/xen/arch/ppc/mm-radix.c +++ b/xen/arch/ppc/mm-radix.c @@ -15,6 +15,12 @@ void enable_mmu(void); +#ifdef CONFIG_DEBUG +#define radix_dprintk(msg, ...) printk(XENLOG_DEBUG msg, ## __VA_ARGS__) +#else +#define radix_dprintk(...) +#endif + #define INITIAL_LVL1_PD_COUNT 1 #define INITIAL_LVL2_LVL3_PD_COUNT 2 #define INITIAL_LVL4_PT_COUNT 256 @@ -80,45 +86,6 @@ static __init struct lvl4_pt *lvl4_pt_pool_alloc(void) return &initial_lvl4_pt_pool[initial_lvl4_pt_pool_used++]; } -#ifndef NDEBUG -/* TODO: Remove once we get common/ building */ -static char *__init itoa64_hex(uint64_t val, char *out_buf, size_t buf_len) -{ - uint64_t cur; - size_t i = buf_len - 1; - - /* Null terminate buffer */ - out_buf[i] = '\0'; - - /* Add digits in reverse */ - cur = val; - while ( cur && i > 0 ) - { - out_buf[--i] = "0123456789ABCDEF"[cur % 16]; - cur /= 16; - } - - /* Pad to 16 digits */ - while ( i > 0 ) - out_buf[--i] = '0'; - - return out_buf + i; -} -#endif - -static void __init radix_dprint(uint64_t addr, const char *msg) -{ -#ifndef NDEBUG - char buf[sizeof("DEADBEEFCAFEBABA")]; - char *addr_s = itoa64_hex(addr, buf, sizeof(buf)); - - early_printk("(0x"); - early_printk(addr_s); - early_printk(") "); - early_printk(msg); -#endif -} - static void __init setup_initial_mapping(struct lvl1_pd *lvl1, vaddr_t map_start, vaddr_t map_end, @@ -186,27 +153,26 @@ static void __init setup_initial_mapping(struct lvl1_pd *lvl1, unsigned long paddr = (page_addr - map_start) + phys_base; unsigned long flags; - radix_dprint(paddr, "being mapped to "); - radix_dprint(page_addr, "!\n"); + radix_dprintk("%016lx being mapped to %016lx\n", paddr, page_addr); if ( is_kernel_text(page_addr) || is_kernel_inittext(page_addr) ) { - radix_dprint(page_addr, "being marked as TEXT (RX)\n"); + radix_dprintk("%016lx being marked as TEXT (RX)\n", page_addr); flags = PTE_XEN_RX; } else if ( is_kernel_rodata(page_addr) ) { - radix_dprint(page_addr, "being marked as RODATA (RO)\n"); + radix_dprintk("%016lx being marked as RODATA (RO)\n", page_addr); flags = PTE_XEN_RO; } else { - radix_dprint(page_addr, "being marked as DEFAULT (RW)\n"); + radix_dprintk("%016lx being marked as DEFAULT (RW)\n", page_addr); flags = PTE_XEN_RW; } *pte = paddr_to_pte(paddr, flags); - radix_dprint(paddr_to_pte(paddr, flags).pte, - "is result of PTE map!\n"); + radix_dprintk("%016lx is the result of PTE map\n", + paddr_to_pte(paddr, flags).pte); } else { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:56:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:56:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708790.1107927 (Exim 4.92) (envelope-from ) id 1rxiB6-0006ug-8J; Fri, 19 Apr 2024 06:56:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708790.1107927; Fri, 19 Apr 2024 06:56:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiB6-0006uW-4v; Fri, 19 Apr 2024 06:56:56 +0000 Received: by outflank-mailman (input) for mailman id 708790; Fri, 19 Apr 2024 06:56:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiB5-0006tz-6H for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiB5-0003yx-5X for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxiB5-0007tG-4h for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:56:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gsKpNHua2JoPizdeYdhJVCvodkbAOMgDKIulVIArH+w=; b=AOOveDUftTloWjQPpEPhSWxY41 jzgq2RwRsN3N275kdDbsV/6SxcLEEJBw7JW5F6NZbxQHNC/C09FwjoFl4NwZbxTUJHQPkvDEU+ccj tHuEWec//3Jyt3Nn83JQVtKm19fgroAu1UV1Xhsj6elNfUOFrgylWaoqni/DkqleGfPY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/riscv: introduce io.h Message-Id: Date: Fri, 19 Apr 2024 06:56:55 +0000 commit 58798e3f1f0609c773325274b654a8a946413d83 Author: Oleksii Kurochko AuthorDate: Fri Apr 19 08:47:13 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 19 08:47:13 2024 +0200 xen/riscv: introduce io.h The header taken form Linux 6.4.0-rc1 and is based on arch/riscv/include/asm/mmio.h with the following changes: - drop forcing of endianess for read*(), write*() functions as no matter what CPU endianness, what endianness a particular device (and hence its MMIO region(s)) is using is entirely independent. Hence conversion, where necessary, needs to occur at a layer up. Another one reason to drop endianess conversion here is: https://patchwork.kernel.org/project/linux-riscv/patch/20190411115623.5749-3-hch@lst.de/ One of the answers of the author of the commit: And we don't know if Linux will be around if that ever changes. The point is: a) the current RISC-V spec is LE only b) the current linux port is LE only except for this little bit There is no point in leaving just this bitrotting code around. It just confuses developers, (very very slightly) slows down compiles and will bitrot. It also won't be any significant help to a future developer down the road doing a hypothetical BE RISC-V Linux port. - drop unused argument of __io_ar() macros. - drop "#define _raw_{read,write}{b,w,l,d,q} _raw_{read,write}{b,w,l,d,q}" as they are unnecessary. - Adopt the Xen code style for this header, considering that significant changes are not anticipated in the future. In the event of any issues, adapting them to Xen style should be easily manageable. - drop unnecessary __r variables in macros read*_cpu() - update inline assembler constraints for addr argument for __raw_read{b,w,l,q} and __raw_write{b,w,l,q} to tell a compiler that *addr will be accessed. - add stubs for __raw_readq() and __raw_writeq() for RISCV_32 Addionally, to the header was added definions of ioremap_*(). Signed-off-by: Oleksii Kurochko Acked-by: Jan Beulich --- xen/arch/riscv/include/asm/io.h | 168 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 168 insertions(+) diff --git a/xen/arch/riscv/include/asm/io.h b/xen/arch/riscv/include/asm/io.h new file mode 100644 index 0000000000..8d9535e973 --- /dev/null +++ b/xen/arch/riscv/include/asm/io.h @@ -0,0 +1,168 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * The header taken form Linux 6.4.0-rc1 and is based on + * arch/riscv/include/asm/mmio.h with the following changes: + * - drop forcing of endianess for read*(), write*() functions as + * no matter what CPU endianness, what endianness a particular device + * (and hence its MMIO region(s)) is using is entirely independent. + * Hence conversion, where necessary, needs to occur at a layer up. + * Another one reason to drop endianess conversion is: + * https://patchwork.kernel.org/project/linux-riscv/patch/20190411115623.5749-3-hch@lst.de/ + * One of the answers of the author of the commit: + * And we don't know if Linux will be around if that ever changes. + * The point is: + * a) the current RISC-V spec is LE only + * b) the current linux port is LE only except for this little bit + * There is no point in leaving just this bitrotting code around. It + * just confuses developers, (very very slightly) slows down compiles + * and will bitrot. It also won't be any significant help to a future + * developer down the road doing a hypothetical BE RISC-V Linux port. + * - drop unused argument of __io_ar() macros. + * - drop "#define _raw_{read,write}{b,w,l,q} _raw_{read,write}{b,w,l,q}" + * as they are unnecessary. + * - Adopt the Xen code style for this header, considering that significant + * changes are not anticipated in the future. + * In the event of any issues, adapting them to Xen style should be easily + * manageable. + * - drop unnecessary __r variables in macros read*_cpu() + * - update inline assembler constraints for addr argument for + * __raw_read{b,w,l,q} and __raw_write{b,w,l,q} to tell a compiler that + * *addr will be accessed. + * + * Copyright (C) 1996-2000 Russell King + * Copyright (C) 2012 ARM Ltd. + * Copyright (C) 2014 Regents of the University of California + * Copyright (C) 2024 Vates + */ + +#ifndef _ASM_RISCV_IO_H +#define _ASM_RISCV_IO_H + +#include + +/* + * The RISC-V ISA doesn't yet specify how to query or modify PMAs, so we can't + * change the properties of memory regions. This should be fixed by the + * upcoming platform spec. + */ +#define ioremap_nocache(addr, size) ioremap(addr, size) +#define ioremap_wc(addr, size) ioremap(addr, size) +#define ioremap_wt(addr, size) ioremap(addr, size) + +/* Generic IO read/write. These perform native-endian accesses. */ +static inline void __raw_writeb(uint8_t val, volatile void __iomem *addr) +{ + asm volatile ( "sb %1, %0" + : "=m" (*(volatile uint8_t __force *)addr) : "r" (val) ); +} + +static inline void __raw_writew(uint16_t val, volatile void __iomem *addr) +{ + asm volatile ( "sh %1, %0" + : "=m" (*(volatile uint16_t __force *)addr) : "r" (val) ); +} + +static inline void __raw_writel(uint32_t val, volatile void __iomem *addr) +{ + asm volatile ( "sw %1, %0" + : "=m" (*(volatile uint32_t __force *)addr) : "r" (val) ); +} + +static inline void __raw_writeq(uint64_t val, volatile void __iomem *addr) +{ +#ifdef CONFIG_RISCV_32 + BUILD_BUG_ON("unimplemented"); +#else + asm volatile ( "sd %1, %0" + : "=m" (*(volatile uint64_t __force *)addr) : "r" (val) ); +#endif +} + +static inline uint8_t __raw_readb(const volatile void __iomem *addr) +{ + uint8_t val; + + asm volatile ( "lb %0, %1" : "=r" (val) + : "m" (*(const volatile uint8_t __force *)addr) ); + return val; +} + +static inline uint16_t __raw_readw(const volatile void __iomem *addr) +{ + uint16_t val; + + asm volatile ( "lh %0, %1" : "=r" (val) + : "m" (*(const volatile uint16_t __force *)addr) ); + return val; +} + +static inline uint32_t __raw_readl(const volatile void __iomem *addr) +{ + uint32_t val; + + asm volatile ( "lw %0, %1" : "=r" (val) + : "m" (*(const volatile uint32_t __force *)addr) ); + return val; +} + +static inline uint64_t __raw_readq(const volatile void __iomem *addr) +{ + uint64_t val; + +#ifdef CONFIG_RISCV_32 + BUILD_BUG_ON("unimplemented"); +#else + asm volatile ( "ld %0, %1" : "=r" (val) + : "m" (*(const volatile uint64_t __force *)addr) ); +#endif + + return val; +} + + +/* + * Unordered I/O memory access primitives. These are even more relaxed than + * the relaxed versions, as they don't even order accesses between successive + * operations to the I/O regions. + */ +#define readb_cpu(c) __raw_readb(c) +#define readw_cpu(c) __raw_readw(c) +#define readl_cpu(c) __raw_readl(c) +#define readq_cpu(c) __raw_readq(c) + +#define writeb_cpu(v, c) __raw_writeb(v, c) +#define writew_cpu(v, c) __raw_writew(v, c) +#define writel_cpu(v, c) __raw_writel(v, c) +#define writeq_cpu(v, c) __raw_writeq(v, c) + +/* + * I/O memory access primitives. Reads are ordered relative to any + * following Normal memory access. Writes are ordered relative to any prior + * Normal memory access. The memory barriers here are necessary as RISC-V + * doesn't define any ordering between the memory space and the I/O space. + */ +#define __io_br() do { } while (0) +#define __io_ar() asm volatile ( "fence i,r" : : : "memory" ); +#define __io_bw() asm volatile ( "fence w,o" : : : "memory" ); +#define __io_aw() do { } while (0) + +#define readb(c) ({ uint8_t v_; __io_br(); v_ = readb_cpu(c); __io_ar(); v_; }) +#define readw(c) ({ uint16_t v_; __io_br(); v_ = readw_cpu(c); __io_ar(); v_; }) +#define readl(c) ({ uint32_t v_; __io_br(); v_ = readl_cpu(c); __io_ar(); v_; }) +#define readq(c) ({ uint64_t v_; __io_br(); v_ = readq_cpu(c); __io_ar(); v_; }) + +#define writeb(v, c) ({ __io_bw(); writeb_cpu(v, c); __io_aw(); }) +#define writew(v, c) ({ __io_bw(); writew_cpu(v, c); __io_aw(); }) +#define writel(v, c) ({ __io_bw(); writel_cpu(v, c); __io_aw(); }) +#define writeq(v, c) ({ __io_bw(); writeq_cpu(v, c); __io_aw(); }) + +#endif /* _ASM_RISCV_IO_H */ + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:57:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:57:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708791.1107930 (Exim 4.92) (envelope-from ) id 1rxiBG-00076S-9H; Fri, 19 Apr 2024 06:57:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708791.1107930; Fri, 19 Apr 2024 06:57:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiBG-00076K-6f; Fri, 19 Apr 2024 06:57:06 +0000 Received: by outflank-mailman (input) for mailman id 708791; Fri, 19 Apr 2024 06:57:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiBF-000763-9B for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:57:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiBF-0003zO-8Q for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:57:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxiBF-0007vR-7Z for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:57:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qIHQI/e6VxjK67zS5HWov8KpWU7oT5l6jZ3JDKscETQ=; b=kN5XnYXOIuv2nKbctZLMkYTnjf Jd9+M5avwVaRgjzDOcx68bg8AQ73TADoyJcU4upw+csCLhUbFjzSwa4+X0JtHzHZ7H/Y1tldxHXLZ xJ+InrZEMBlqeFJuNlgiy+domd7twWAEB3JFI3caBKDD0DveC7zmVx0wmV0hdUXK9KH0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/riscv: add minimal stuff to page.h to build full Xen Message-Id: Date: Fri, 19 Apr 2024 06:57:05 +0000 commit 1d2d283818077e7cc491f04b9b047f878fb19534 Author: Oleksii Kurochko AuthorDate: Fri Apr 19 08:47:36 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 19 08:47:36 2024 +0200 xen/riscv: add minimal stuff to page.h to build full Xen Signed-off-by: Oleksii Kurochko Acked-by: Jan Beulich --- xen/arch/riscv/include/asm/page.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/xen/arch/riscv/include/asm/page.h b/xen/arch/riscv/include/asm/page.h index 95074e29b3..c831e16417 100644 --- a/xen/arch/riscv/include/asm/page.h +++ b/xen/arch/riscv/include/asm/page.h @@ -6,6 +6,7 @@ #ifndef __ASSEMBLY__ #include +#include #include #include @@ -32,6 +33,10 @@ #define PTE_LEAF_DEFAULT (PTE_VALID | PTE_READABLE | PTE_WRITABLE) #define PTE_TABLE (PTE_VALID) +#define PAGE_HYPERVISOR_RW (PTE_VALID | PTE_READABLE | PTE_WRITABLE) + +#define PAGE_HYPERVISOR PAGE_HYPERVISOR_RW + /* Calculate the offsets into the pagetables for a given VA */ #define pt_linear_offset(lvl, va) ((va) >> XEN_PT_LEVEL_SHIFT(lvl)) @@ -62,6 +67,20 @@ static inline bool pte_is_valid(pte_t p) return p.pte & PTE_VALID; } +static inline void invalidate_icache(void) +{ + BUG_ON("unimplemented"); +} + +#define clear_page(page) memset((void *)(page), 0, PAGE_SIZE) +#define copy_page(dp, sp) memcpy(dp, sp, PAGE_SIZE) + +/* TODO: Flush the dcache for an entire page. */ +static inline void flush_page_to_ram(unsigned long mfn, bool sync_icache) +{ + BUG_ON("unimplemented"); +} + #endif /* __ASSEMBLY__ */ #endif /* _ASM_RISCV_PAGE_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 06:57:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 06:57:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.708793.1107934 (Exim 4.92) (envelope-from ) id 1rxiBR-0007Cj-As; Fri, 19 Apr 2024 06:57:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 708793.1107934; Fri, 19 Apr 2024 06:57:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiBR-0007Cb-83; Fri, 19 Apr 2024 06:57:17 +0000 Received: by outflank-mailman (input) for mailman id 708793; Fri, 19 Apr 2024 06:57:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiBP-0007CD-CS for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:57:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxiBP-0003za-Bh for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:57:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxiBP-0007vu-AP for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 06:57:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bJTBMz9JBPvB1ea5BsFrQlcecQKb3sjMjTUdDOpTdRo=; b=vtCXOJpICd+FLfzDNF0ZWDtYE2 JJw0cHnBq4+eUuWvtIB73XmbrUdEAFVi6qcWFWGT/20T/9wuQC+7EArbtY7DcWQ/nglJ514RvziLo MlmZkDWHIh6MIGd9UitiBmZIc2F41GublqRGueqU7DVbt9wI91ow9XpPzNcKX8abDj0c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] eclair_analysis: deviate x86 emulator for Rule 16.2 Message-Id: Date: Fri, 19 Apr 2024 06:57:15 +0000 commit 5495ed0cd2c5c5570819f6cbfbeecc1876450163 Author: Nicola Vetrini AuthorDate: Fri Apr 19 08:51:24 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 19 08:51:24 2024 +0200 eclair_analysis: deviate x86 emulator for Rule 16.2 MISRA C Rule 16.2 states: "A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement". Since complying with this rule of the x86 emulator would lead to a lot of code duplication, it is deemed better to exempt those files for this guideline. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Stefano Stabellini --- automation/eclair_analysis/ECLAIR/deviations.ecl | 7 +++++++ docs/misra/deviations.rst | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 4287805819..d21f112a9b 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -353,6 +353,13 @@ therefore have the same behavior of a boolean" # Series 16. # +-doc_begin="Complying with the Rule would entail a lot of code duplication in the implementation of the x86 emulator, +therefore it is deemed better to leave such files as is." +-file_tag+={x86_emulate,"^xen/arch/x86/x86_emulate/.*$"} +-file_tag+={x86_svm_emulate,"^xen/arch/x86/hvm/svm/emulate\\.c$"} +-config=MC3R1.R16.2,reports+={deliberate, "any_area(any_loc(file(x86_emulate||x86_svm_emulate)))"} +-doc_end + -doc_begin="Switch clauses ending with continue, goto, return statements are safe." -config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 32b02905d1..ed0c1e8ed0 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -296,6 +296,12 @@ Deviations related to MISRA C:2012 Rules: therefore have the same behavior of a boolean. - Project-wide deviation; tagged as `deliberate` for ECLAIR. + * - R16.2 + - Complying with the Rule would entail a lot of code duplication in the + implementation of the x86 emulator, therefore it is deemed better to + leave such files as is. + - Tagged as `deliberate` for ECLAIR. + * - R16.3 - Switch clauses ending with continue, goto, return statements are safe. - Tagged as `safe` for ECLAIR. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 19 13:00:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 19 Apr 2024 13:00:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709087.1108329 (Exim 4.92) (envelope-from ) id 1rxnqW-00059s-PH; Fri, 19 Apr 2024 13:00:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709087.1108329; Fri, 19 Apr 2024 13:00:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxnqW-00059S-MH; Fri, 19 Apr 2024 13:00:04 +0000 Received: by outflank-mailman (input) for mailman id 709087; Fri, 19 Apr 2024 13:00:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxnqV-0004wQ-Tb for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 13:00:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxnqV-0002c1-HE for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 13:00:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxnqV-0005OS-DY for xen-changelog@lists.xenproject.org; Fri, 19 Apr 2024 13:00:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=T8651TFzqrEfU5ozH1tNIkPHqiwhKQ/u635UWu+uakc=; b=i01RDeAMvXN5DeOZsO5J8htWFV 0/0nsI8kHFHQPJHALuDFvCCDne3SdXYk5YhehUg13QY2lJm+js2Qd+MbcT0jxzuPIv3ld+nkoDDyx crPJshNj2p+butT3CrlGQw3qsare8DMYqH4sYszvu64sPLmwTRGmdROFU2MPIG3pl/Xs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/svm: Add flushbyasid in the supported features Message-Id: Date: Fri, 19 Apr 2024 13:00:03 +0000 commit 09cb855f33fb619c87d8d4250d3a980f568f151b Author: Vaishali Thakkar AuthorDate: Tue Apr 16 09:08:12 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 19 13:55:23 2024 +0100 x86/svm: Add flushbyasid in the supported features TLB Flush by ASID is missing in the list of supported features here. So, add it. Signed-off-by: Vaishali Thakkar Acked-by: Andrew Cooper --- xen/arch/x86/hvm/svm/svm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index a745acd903..4719fffae5 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2510,6 +2510,7 @@ const struct hvm_function_table * __init start_svm(void) P(cpu_has_svm_lbrv, "Last Branch Record (LBR) Virtualisation"); P(cpu_has_svm_nrips, "Next-RIP Saved on #VMEXIT"); P(cpu_has_svm_cleanbits, "VMCB Clean Bits"); + P(cpu_has_svm_flushbyasid, "TLB flush by ASID"); P(cpu_has_svm_decode, "DecodeAssists"); P(cpu_has_svm_vloadsave, "Virtual VMLOAD/VMSAVE"); P(cpu_has_svm_vgif, "Virtual GIF"); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sat Apr 20 00:33:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 20 Apr 2024 00:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709234.1108522 (Exim 4.92) (envelope-from ) id 1rxyf9-0005Up-OT; Sat, 20 Apr 2024 00:33:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709234.1108522; Sat, 20 Apr 2024 00:33:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyf9-0005Ug-Ll; Sat, 20 Apr 2024 00:33:03 +0000 Received: by outflank-mailman (input) for mailman id 709234; Sat, 20 Apr 2024 00:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyf8-0005Ua-8j for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyf8-0000G0-5b for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxyf8-0005M1-4b for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5TulvfXk+VheJkNpg8MJO2NuhbiFDGvrWnDzM0JflaQ=; b=PfvlJQzAOsn6hcu8eL0pB57761 rStVjJrZQKwJIMFHbppJRIjCtsi8basmfAjMjkZuBCXRqtf9XBufS1xRSfPQGHzNGa7BzHBJTJhXR 30d/OUJPKm5f25WhYXHweCJVzvbj1kX528qb66ltrZwL61Idn97jyh4Uk9zTAWw6UlhY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/MCE: move intel mcheck init code to separate file Message-Id: Date: Sat, 20 Apr 2024 00:33:02 +0000 commit 78d980071a0964a7dcf0d02b4a9066c16b5a7140 Author: Sergiy Kibrik AuthorDate: Fri Apr 19 08:45:23 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 19 08:45:23 2024 +0200 x86/MCE: move intel mcheck init code to separate file Separate Intel nonfatal MCE initialization code from generic MCE code, the same way it is done for AMD code. This is to be able to later make intel/amd MCE code optional in the build. Convert to Xen coding style. Clean up unused includes. Remove seemingly outdated comment about MCE check period. No functional change intended. Signed-off-by: Sergiy Kibrik Reviewed-by: Stefano Stabellini Reviewed-by: Jan Beulich --- xen/arch/x86/cpu/mcheck/Makefile | 1 + xen/arch/x86/cpu/mcheck/intel-nonfatal.c | 86 ++++++++++++++++++++++++++++++++ xen/arch/x86/cpu/mcheck/mce.h | 1 + xen/arch/x86/cpu/mcheck/non-fatal.c | 82 +----------------------------- 4 files changed, 89 insertions(+), 81 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/Makefile b/xen/arch/x86/cpu/mcheck/Makefile index 0d63ff9096..f927f10b4d 100644 --- a/xen/arch/x86/cpu/mcheck/Makefile +++ b/xen/arch/x86/cpu/mcheck/Makefile @@ -2,6 +2,7 @@ obj-y += amd_nonfatal.o obj-y += mce_amd.o obj-y += mcaction.o obj-y += barrier.o +obj-y += intel-nonfatal.o obj-y += mctelem.o obj-y += mce.o obj-y += mce-apei.o diff --git a/xen/arch/x86/cpu/mcheck/intel-nonfatal.c b/xen/arch/x86/cpu/mcheck/intel-nonfatal.c new file mode 100644 index 0000000000..092a828812 --- /dev/null +++ b/xen/arch/x86/cpu/mcheck/intel-nonfatal.c @@ -0,0 +1,86 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Non Fatal Machine Check Exception Reporting + * (C) Copyright 2002 Dave Jones. + */ + +#include + +#include "mce.h" +#include "vmce.h" + +static struct timer mce_timer; + +#define MCE_PERIOD MILLISECS(8000) +#define MCE_PERIOD_MIN MILLISECS(2000) +#define MCE_PERIOD_MAX MILLISECS(16000) + +static uint64_t period = MCE_PERIOD; +static int adjust = 0; +static int variable_period = 1; + +static void cf_check mce_checkregs(void *info) +{ + mctelem_cookie_t mctc; + struct mca_summary bs; + static uint64_t dumpcount = 0; + + mctc = mcheck_mca_logout(MCA_POLLER, this_cpu( poll_bankmask), + &bs, NULL); + + if ( bs.errcnt && mctc != NULL ) + { + adjust++; + + /* + * If Dom0 enabled the VIRQ_MCA event, then notify it. + * Otherwise, if dom0 has had plenty of time to register + * the virq handler but still hasn't then dump telemetry + * to the Xen console. The call count may be incremented + * on multiple cpus at once and is indicative only - just + * a simple-minded attempt to avoid spamming the console + * for corrected errors in early startup. + */ + + if ( dom0_vmce_enabled() ) + { + mctelem_commit(mctc); + send_global_virq(VIRQ_MCA); + } + else if ( ++dumpcount >= 10 ) + { + x86_mcinfo_dump((struct mc_info *)mctelem_dataptr(mctc)); + mctelem_dismiss(mctc); + } + else + mctelem_dismiss(mctc); + } + else if ( mctc != NULL ) + mctelem_dismiss(mctc); +} + +static void cf_check mce_work_fn(void *data) +{ + on_each_cpu(mce_checkregs, NULL, 1); + + if ( variable_period ) + { + if ( adjust ) + period /= (adjust + 1); + else + period *= 2; + if ( period > MCE_PERIOD_MAX ) + period = MCE_PERIOD_MAX; + if ( period < MCE_PERIOD_MIN ) + period = MCE_PERIOD_MIN; + } + + set_timer(&mce_timer, NOW() + period); + adjust = 0; +} + +void __init intel_nonfatal_mcheck_init(struct cpuinfo_x86 *unused) +{ + init_timer(&mce_timer, mce_work_fn, NULL, 0); + set_timer(&mce_timer, NOW() + MCE_PERIOD); +} diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index 7f26afae23..4806405f96 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -47,6 +47,7 @@ enum mcheck_type amd_mcheck_init(const struct cpuinfo_x86 *c, bool bsp); enum mcheck_type intel_mcheck_init(struct cpuinfo_x86 *c, bool bsp); void amd_nonfatal_mcheck_init(struct cpuinfo_x86 *c); +void intel_nonfatal_mcheck_init(struct cpuinfo_x86 *c); extern unsigned int firstbank; extern unsigned int ppin_msr; diff --git a/xen/arch/x86/cpu/mcheck/non-fatal.c b/xen/arch/x86/cpu/mcheck/non-fatal.c index 1c0c32ba08..33cacd15c2 100644 --- a/xen/arch/x86/cpu/mcheck/non-fatal.c +++ b/xen/arch/x86/cpu/mcheck/non-fatal.c @@ -7,84 +7,7 @@ * */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - #include "mce.h" -#include "vmce.h" - -static struct timer mce_timer; - -#define MCE_PERIOD MILLISECS(8000) -#define MCE_PERIOD_MIN MILLISECS(2000) -#define MCE_PERIOD_MAX MILLISECS(16000) - -static uint64_t period = MCE_PERIOD; -static int adjust = 0; -static int variable_period = 1; - -static void cf_check mce_checkregs(void *info) -{ - mctelem_cookie_t mctc; - struct mca_summary bs; - static uint64_t dumpcount = 0; - - mctc = mcheck_mca_logout(MCA_POLLER, this_cpu(poll_bankmask), - &bs, NULL); - - if (bs.errcnt && mctc != NULL) { - adjust++; - - /* If Dom0 enabled the VIRQ_MCA event, then notify it. - * Otherwise, if dom0 has had plenty of time to register - * the virq handler but still hasn't then dump telemetry - * to the Xen console. The call count may be incremented - * on multiple cpus at once and is indicative only - just - * a simple-minded attempt to avoid spamming the console - * for corrected errors in early startup. - */ - - if (dom0_vmce_enabled()) { - mctelem_commit(mctc); - send_global_virq(VIRQ_MCA); - } else if (++dumpcount >= 10) { - x86_mcinfo_dump((struct mc_info *)mctelem_dataptr(mctc)); - mctelem_dismiss(mctc); - } else { - mctelem_dismiss(mctc); - } - } else if (mctc != NULL) { - mctelem_dismiss(mctc); - } -} - -static void cf_check mce_work_fn(void *data) -{ - on_each_cpu(mce_checkregs, NULL, 1); - - if (variable_period) { - if (adjust) - period /= (adjust + 1); - else - period *= 2; - if (period > MCE_PERIOD_MAX) - period = MCE_PERIOD_MAX; - if (period < MCE_PERIOD_MIN) - period = MCE_PERIOD_MIN; - } - - set_timer(&mce_timer, NOW() + period); - adjust = 0; -} static int __init cf_check init_nonfatal_mce_checker(void) { @@ -106,13 +29,10 @@ static int __init cf_check init_nonfatal_mce_checker(void) /* Assume we are on K8 or newer AMD or Hygon CPU here */ amd_nonfatal_mcheck_init(c); break; - case X86_VENDOR_INTEL: - init_timer(&mce_timer, mce_work_fn, NULL, 0); - set_timer(&mce_timer, NOW() + MCE_PERIOD); + intel_nonfatal_mcheck_init(c); break; } - printk(KERN_INFO "mcheck_poll: Machine check polling timer started.\n"); return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 20 00:33:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 20 Apr 2024 00:33:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709235.1108526 (Exim 4.92) (envelope-from ) id 1rxyfJ-0005YB-Py; Sat, 20 Apr 2024 00:33:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709235.1108526; Sat, 20 Apr 2024 00:33:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfJ-0005Y4-N8; Sat, 20 Apr 2024 00:33:13 +0000 Received: by outflank-mailman (input) for mailman id 709235; Sat, 20 Apr 2024 00:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfI-0005Xu-9M for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfI-0000GG-8W for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxyfI-0005Mh-7f for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=aKvWsYPvdBUSqoftO1BJKsNE65zQ6NnhgX4lo7dCs6Y=; b=He3MjXMhjBpzN2Z/Gk+RoOwTRH gREXKVMUDKIM46vQg0PnNwi6Lb3C5PcGISVUxhP5scG7V/N9fYY4RxpXYcltcgOg8YUi8t9B0j2ZA O3Z5J09WbiLc7gItPsx0PCS6KjMig/S9vKxevRGJkr2R9kX+hNGs/cRjm4UmF8rpRZ94=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/ppc: mm-radix: Replace debug printing code with printk Message-Id: Date: Sat, 20 Apr 2024 00:33:12 +0000 commit 5b33845adffd818bc21d854618712a30254b080f Author: Shawn Anastasio AuthorDate: Fri Apr 19 08:46:29 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 19 08:46:29 2024 +0200 xen/ppc: mm-radix: Replace debug printing code with printk Now that we have common code building, there's no need to keep the old itoa64+debug print function in mm-radix.c Signed-off-by: Shawn Anastasio Reviewed-by: Jan Beulich --- xen/arch/ppc/mm-radix.c | 58 ++++++++++--------------------------------------- 1 file changed, 12 insertions(+), 46 deletions(-) diff --git a/xen/arch/ppc/mm-radix.c b/xen/arch/ppc/mm-radix.c index daa411a6fa..ab5a10695c 100644 --- a/xen/arch/ppc/mm-radix.c +++ b/xen/arch/ppc/mm-radix.c @@ -15,6 +15,12 @@ void enable_mmu(void); +#ifdef CONFIG_DEBUG +#define radix_dprintk(msg, ...) printk(XENLOG_DEBUG msg, ## __VA_ARGS__) +#else +#define radix_dprintk(...) +#endif + #define INITIAL_LVL1_PD_COUNT 1 #define INITIAL_LVL2_LVL3_PD_COUNT 2 #define INITIAL_LVL4_PT_COUNT 256 @@ -80,45 +86,6 @@ static __init struct lvl4_pt *lvl4_pt_pool_alloc(void) return &initial_lvl4_pt_pool[initial_lvl4_pt_pool_used++]; } -#ifndef NDEBUG -/* TODO: Remove once we get common/ building */ -static char *__init itoa64_hex(uint64_t val, char *out_buf, size_t buf_len) -{ - uint64_t cur; - size_t i = buf_len - 1; - - /* Null terminate buffer */ - out_buf[i] = '\0'; - - /* Add digits in reverse */ - cur = val; - while ( cur && i > 0 ) - { - out_buf[--i] = "0123456789ABCDEF"[cur % 16]; - cur /= 16; - } - - /* Pad to 16 digits */ - while ( i > 0 ) - out_buf[--i] = '0'; - - return out_buf + i; -} -#endif - -static void __init radix_dprint(uint64_t addr, const char *msg) -{ -#ifndef NDEBUG - char buf[sizeof("DEADBEEFCAFEBABA")]; - char *addr_s = itoa64_hex(addr, buf, sizeof(buf)); - - early_printk("(0x"); - early_printk(addr_s); - early_printk(") "); - early_printk(msg); -#endif -} - static void __init setup_initial_mapping(struct lvl1_pd *lvl1, vaddr_t map_start, vaddr_t map_end, @@ -186,27 +153,26 @@ static void __init setup_initial_mapping(struct lvl1_pd *lvl1, unsigned long paddr = (page_addr - map_start) + phys_base; unsigned long flags; - radix_dprint(paddr, "being mapped to "); - radix_dprint(page_addr, "!\n"); + radix_dprintk("%016lx being mapped to %016lx\n", paddr, page_addr); if ( is_kernel_text(page_addr) || is_kernel_inittext(page_addr) ) { - radix_dprint(page_addr, "being marked as TEXT (RX)\n"); + radix_dprintk("%016lx being marked as TEXT (RX)\n", page_addr); flags = PTE_XEN_RX; } else if ( is_kernel_rodata(page_addr) ) { - radix_dprint(page_addr, "being marked as RODATA (RO)\n"); + radix_dprintk("%016lx being marked as RODATA (RO)\n", page_addr); flags = PTE_XEN_RO; } else { - radix_dprint(page_addr, "being marked as DEFAULT (RW)\n"); + radix_dprintk("%016lx being marked as DEFAULT (RW)\n", page_addr); flags = PTE_XEN_RW; } *pte = paddr_to_pte(paddr, flags); - radix_dprint(paddr_to_pte(paddr, flags).pte, - "is result of PTE map!\n"); + radix_dprintk("%016lx is the result of PTE map\n", + paddr_to_pte(paddr, flags).pte); } else { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 20 00:33:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 20 Apr 2024 00:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709236.1108531 (Exim 4.92) (envelope-from ) id 1rxyfT-0005ao-Rz; Sat, 20 Apr 2024 00:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709236.1108531; Sat, 20 Apr 2024 00:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfT-0005ag-OZ; Sat, 20 Apr 2024 00:33:23 +0000 Received: by outflank-mailman (input) for mailman id 709236; Sat, 20 Apr 2024 00:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfS-0005aW-Da for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfS-0000GP-Cj for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxyfS-0005NF-AT for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=a35AC+CGHnYXDj+g9Sqntv93jd7AnjhCLKyd3n/0Ja4=; b=JDq+youatS5w7eA1PEglOQGIfn w+Vl3Qaq3uR5IE6tKVuEUPl67e/XQE2zAZyLooLAYa58sVe6hUk8waUA1a9ke6I/hPEhCg2091JYw P2uiKzZXNGmELAVLZnaV3kg8xLn7QiCSRxdoghdlyCn5RLNiwGh7Zhgo7RA0dgLyZd1k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/riscv: introduce io.h Message-Id: Date: Sat, 20 Apr 2024 00:33:22 +0000 commit 58798e3f1f0609c773325274b654a8a946413d83 Author: Oleksii Kurochko AuthorDate: Fri Apr 19 08:47:13 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 19 08:47:13 2024 +0200 xen/riscv: introduce io.h The header taken form Linux 6.4.0-rc1 and is based on arch/riscv/include/asm/mmio.h with the following changes: - drop forcing of endianess for read*(), write*() functions as no matter what CPU endianness, what endianness a particular device (and hence its MMIO region(s)) is using is entirely independent. Hence conversion, where necessary, needs to occur at a layer up. Another one reason to drop endianess conversion here is: https://patchwork.kernel.org/project/linux-riscv/patch/20190411115623.5749-3-hch@lst.de/ One of the answers of the author of the commit: And we don't know if Linux will be around if that ever changes. The point is: a) the current RISC-V spec is LE only b) the current linux port is LE only except for this little bit There is no point in leaving just this bitrotting code around. It just confuses developers, (very very slightly) slows down compiles and will bitrot. It also won't be any significant help to a future developer down the road doing a hypothetical BE RISC-V Linux port. - drop unused argument of __io_ar() macros. - drop "#define _raw_{read,write}{b,w,l,d,q} _raw_{read,write}{b,w,l,d,q}" as they are unnecessary. - Adopt the Xen code style for this header, considering that significant changes are not anticipated in the future. In the event of any issues, adapting them to Xen style should be easily manageable. - drop unnecessary __r variables in macros read*_cpu() - update inline assembler constraints for addr argument for __raw_read{b,w,l,q} and __raw_write{b,w,l,q} to tell a compiler that *addr will be accessed. - add stubs for __raw_readq() and __raw_writeq() for RISCV_32 Addionally, to the header was added definions of ioremap_*(). Signed-off-by: Oleksii Kurochko Acked-by: Jan Beulich --- xen/arch/riscv/include/asm/io.h | 168 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 168 insertions(+) diff --git a/xen/arch/riscv/include/asm/io.h b/xen/arch/riscv/include/asm/io.h new file mode 100644 index 0000000000..8d9535e973 --- /dev/null +++ b/xen/arch/riscv/include/asm/io.h @@ -0,0 +1,168 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * The header taken form Linux 6.4.0-rc1 and is based on + * arch/riscv/include/asm/mmio.h with the following changes: + * - drop forcing of endianess for read*(), write*() functions as + * no matter what CPU endianness, what endianness a particular device + * (and hence its MMIO region(s)) is using is entirely independent. + * Hence conversion, where necessary, needs to occur at a layer up. + * Another one reason to drop endianess conversion is: + * https://patchwork.kernel.org/project/linux-riscv/patch/20190411115623.5749-3-hch@lst.de/ + * One of the answers of the author of the commit: + * And we don't know if Linux will be around if that ever changes. + * The point is: + * a) the current RISC-V spec is LE only + * b) the current linux port is LE only except for this little bit + * There is no point in leaving just this bitrotting code around. It + * just confuses developers, (very very slightly) slows down compiles + * and will bitrot. It also won't be any significant help to a future + * developer down the road doing a hypothetical BE RISC-V Linux port. + * - drop unused argument of __io_ar() macros. + * - drop "#define _raw_{read,write}{b,w,l,q} _raw_{read,write}{b,w,l,q}" + * as they are unnecessary. + * - Adopt the Xen code style for this header, considering that significant + * changes are not anticipated in the future. + * In the event of any issues, adapting them to Xen style should be easily + * manageable. + * - drop unnecessary __r variables in macros read*_cpu() + * - update inline assembler constraints for addr argument for + * __raw_read{b,w,l,q} and __raw_write{b,w,l,q} to tell a compiler that + * *addr will be accessed. + * + * Copyright (C) 1996-2000 Russell King + * Copyright (C) 2012 ARM Ltd. + * Copyright (C) 2014 Regents of the University of California + * Copyright (C) 2024 Vates + */ + +#ifndef _ASM_RISCV_IO_H +#define _ASM_RISCV_IO_H + +#include + +/* + * The RISC-V ISA doesn't yet specify how to query or modify PMAs, so we can't + * change the properties of memory regions. This should be fixed by the + * upcoming platform spec. + */ +#define ioremap_nocache(addr, size) ioremap(addr, size) +#define ioremap_wc(addr, size) ioremap(addr, size) +#define ioremap_wt(addr, size) ioremap(addr, size) + +/* Generic IO read/write. These perform native-endian accesses. */ +static inline void __raw_writeb(uint8_t val, volatile void __iomem *addr) +{ + asm volatile ( "sb %1, %0" + : "=m" (*(volatile uint8_t __force *)addr) : "r" (val) ); +} + +static inline void __raw_writew(uint16_t val, volatile void __iomem *addr) +{ + asm volatile ( "sh %1, %0" + : "=m" (*(volatile uint16_t __force *)addr) : "r" (val) ); +} + +static inline void __raw_writel(uint32_t val, volatile void __iomem *addr) +{ + asm volatile ( "sw %1, %0" + : "=m" (*(volatile uint32_t __force *)addr) : "r" (val) ); +} + +static inline void __raw_writeq(uint64_t val, volatile void __iomem *addr) +{ +#ifdef CONFIG_RISCV_32 + BUILD_BUG_ON("unimplemented"); +#else + asm volatile ( "sd %1, %0" + : "=m" (*(volatile uint64_t __force *)addr) : "r" (val) ); +#endif +} + +static inline uint8_t __raw_readb(const volatile void __iomem *addr) +{ + uint8_t val; + + asm volatile ( "lb %0, %1" : "=r" (val) + : "m" (*(const volatile uint8_t __force *)addr) ); + return val; +} + +static inline uint16_t __raw_readw(const volatile void __iomem *addr) +{ + uint16_t val; + + asm volatile ( "lh %0, %1" : "=r" (val) + : "m" (*(const volatile uint16_t __force *)addr) ); + return val; +} + +static inline uint32_t __raw_readl(const volatile void __iomem *addr) +{ + uint32_t val; + + asm volatile ( "lw %0, %1" : "=r" (val) + : "m" (*(const volatile uint32_t __force *)addr) ); + return val; +} + +static inline uint64_t __raw_readq(const volatile void __iomem *addr) +{ + uint64_t val; + +#ifdef CONFIG_RISCV_32 + BUILD_BUG_ON("unimplemented"); +#else + asm volatile ( "ld %0, %1" : "=r" (val) + : "m" (*(const volatile uint64_t __force *)addr) ); +#endif + + return val; +} + + +/* + * Unordered I/O memory access primitives. These are even more relaxed than + * the relaxed versions, as they don't even order accesses between successive + * operations to the I/O regions. + */ +#define readb_cpu(c) __raw_readb(c) +#define readw_cpu(c) __raw_readw(c) +#define readl_cpu(c) __raw_readl(c) +#define readq_cpu(c) __raw_readq(c) + +#define writeb_cpu(v, c) __raw_writeb(v, c) +#define writew_cpu(v, c) __raw_writew(v, c) +#define writel_cpu(v, c) __raw_writel(v, c) +#define writeq_cpu(v, c) __raw_writeq(v, c) + +/* + * I/O memory access primitives. Reads are ordered relative to any + * following Normal memory access. Writes are ordered relative to any prior + * Normal memory access. The memory barriers here are necessary as RISC-V + * doesn't define any ordering between the memory space and the I/O space. + */ +#define __io_br() do { } while (0) +#define __io_ar() asm volatile ( "fence i,r" : : : "memory" ); +#define __io_bw() asm volatile ( "fence w,o" : : : "memory" ); +#define __io_aw() do { } while (0) + +#define readb(c) ({ uint8_t v_; __io_br(); v_ = readb_cpu(c); __io_ar(); v_; }) +#define readw(c) ({ uint16_t v_; __io_br(); v_ = readw_cpu(c); __io_ar(); v_; }) +#define readl(c) ({ uint32_t v_; __io_br(); v_ = readl_cpu(c); __io_ar(); v_; }) +#define readq(c) ({ uint64_t v_; __io_br(); v_ = readq_cpu(c); __io_ar(); v_; }) + +#define writeb(v, c) ({ __io_bw(); writeb_cpu(v, c); __io_aw(); }) +#define writew(v, c) ({ __io_bw(); writew_cpu(v, c); __io_aw(); }) +#define writel(v, c) ({ __io_bw(); writel_cpu(v, c); __io_aw(); }) +#define writeq(v, c) ({ __io_bw(); writeq_cpu(v, c); __io_aw(); }) + +#endif /* _ASM_RISCV_IO_H */ + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 20 00:33:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 20 Apr 2024 00:33:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709237.1108534 (Exim 4.92) (envelope-from ) id 1rxyfd-0005mV-Td; Sat, 20 Apr 2024 00:33:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709237.1108534; Sat, 20 Apr 2024 00:33:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfd-0005m3-Q1; Sat, 20 Apr 2024 00:33:33 +0000 Received: by outflank-mailman (input) for mailman id 709237; Sat, 20 Apr 2024 00:33:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfc-0005dJ-Gq for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfc-0000Go-G6 for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxyfc-0005Nk-En for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HR7H9kIy9el8ySBbxFtC0G4StuSfyQ6r6FZBndxtemU=; b=No7flkpqXEzPvm5DCIvUCibHMo XVS8SfcLAmoJhR6F8aDG2BQ9p2xICLwjnu+35W44je6I/RDhcx+cHtw0haR4ZI1afMlpRgTNEUhJA OFAbT6GgRw9TtD0Ej56iXphZU5Mbs7qG1Ru5m0uqLzOyfqLSi2Sef4JUgjZXkI7lHCBM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/riscv: add minimal stuff to page.h to build full Xen Message-Id: Date: Sat, 20 Apr 2024 00:33:32 +0000 commit 1d2d283818077e7cc491f04b9b047f878fb19534 Author: Oleksii Kurochko AuthorDate: Fri Apr 19 08:47:36 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 19 08:47:36 2024 +0200 xen/riscv: add minimal stuff to page.h to build full Xen Signed-off-by: Oleksii Kurochko Acked-by: Jan Beulich --- xen/arch/riscv/include/asm/page.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/xen/arch/riscv/include/asm/page.h b/xen/arch/riscv/include/asm/page.h index 95074e29b3..c831e16417 100644 --- a/xen/arch/riscv/include/asm/page.h +++ b/xen/arch/riscv/include/asm/page.h @@ -6,6 +6,7 @@ #ifndef __ASSEMBLY__ #include +#include #include #include @@ -32,6 +33,10 @@ #define PTE_LEAF_DEFAULT (PTE_VALID | PTE_READABLE | PTE_WRITABLE) #define PTE_TABLE (PTE_VALID) +#define PAGE_HYPERVISOR_RW (PTE_VALID | PTE_READABLE | PTE_WRITABLE) + +#define PAGE_HYPERVISOR PAGE_HYPERVISOR_RW + /* Calculate the offsets into the pagetables for a given VA */ #define pt_linear_offset(lvl, va) ((va) >> XEN_PT_LEVEL_SHIFT(lvl)) @@ -62,6 +67,20 @@ static inline bool pte_is_valid(pte_t p) return p.pte & PTE_VALID; } +static inline void invalidate_icache(void) +{ + BUG_ON("unimplemented"); +} + +#define clear_page(page) memset((void *)(page), 0, PAGE_SIZE) +#define copy_page(dp, sp) memcpy(dp, sp, PAGE_SIZE) + +/* TODO: Flush the dcache for an entire page. */ +static inline void flush_page_to_ram(unsigned long mfn, bool sync_icache) +{ + BUG_ON("unimplemented"); +} + #endif /* __ASSEMBLY__ */ #endif /* _ASM_RISCV_PAGE_H */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 20 00:33:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 20 Apr 2024 00:33:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709238.1108537 (Exim 4.92) (envelope-from ) id 1rxyfn-0005uR-Vg; Sat, 20 Apr 2024 00:33:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709238.1108537; Sat, 20 Apr 2024 00:33:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfn-0005uJ-Sv; Sat, 20 Apr 2024 00:33:43 +0000 Received: by outflank-mailman (input) for mailman id 709238; Sat, 20 Apr 2024 00:33:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfm-0005u6-K3 for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rxyfm-0000HH-JC for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rxyfm-0005OA-IC for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 00:33:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=W4+DgOLTfX7k9K8+c8J0aINPtP23LPCBK8hQbdDbJJg=; b=nLFiyKe60FWvX45hLS1hjYXHkH 0V3Q57W/Dbf8RDt6brBtkOS4bTGuIKwsiNexJ3h22L3QQ8VeJ3YJJuxkEd89YMHrWIQm9M+S36dGn e06rpY6mDl6XQYDJmHA0gvJ6dXPN5R5GGQaJzwGrB5ShE63aQ8XeM3XshYyD7/w7qfF0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] eclair_analysis: deviate x86 emulator for Rule 16.2 Message-Id: Date: Sat, 20 Apr 2024 00:33:42 +0000 commit 5495ed0cd2c5c5570819f6cbfbeecc1876450163 Author: Nicola Vetrini AuthorDate: Fri Apr 19 08:51:24 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 19 08:51:24 2024 +0200 eclair_analysis: deviate x86 emulator for Rule 16.2 MISRA C Rule 16.2 states: "A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement". Since complying with this rule of the x86 emulator would lead to a lot of code duplication, it is deemed better to exempt those files for this guideline. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Stefano Stabellini --- automation/eclair_analysis/ECLAIR/deviations.ecl | 7 +++++++ docs/misra/deviations.rst | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl index 4287805819..d21f112a9b 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -353,6 +353,13 @@ therefore have the same behavior of a boolean" # Series 16. # +-doc_begin="Complying with the Rule would entail a lot of code duplication in the implementation of the x86 emulator, +therefore it is deemed better to leave such files as is." +-file_tag+={x86_emulate,"^xen/arch/x86/x86_emulate/.*$"} +-file_tag+={x86_svm_emulate,"^xen/arch/x86/hvm/svm/emulate\\.c$"} +-config=MC3R1.R16.2,reports+={deliberate, "any_area(any_loc(file(x86_emulate||x86_svm_emulate)))"} +-doc_end + -doc_begin="Switch clauses ending with continue, goto, return statements are safe." -config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index 32b02905d1..ed0c1e8ed0 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -296,6 +296,12 @@ Deviations related to MISRA C:2012 Rules: therefore have the same behavior of a boolean. - Project-wide deviation; tagged as `deliberate` for ECLAIR. + * - R16.2 + - Complying with the Rule would entail a lot of code duplication in the + implementation of the x86 emulator, therefore it is deemed better to + leave such files as is. + - Tagged as `deliberate` for ECLAIR. + * - R16.3 - Switch clauses ending with continue, goto, return statements are safe. - Tagged as `safe` for ECLAIR. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 20 07:22:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 20 Apr 2024 07:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709300.1108551 (Exim 4.92) (envelope-from ) id 1ry52x-0005Kn-DY; Sat, 20 Apr 2024 07:22:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709300.1108551; Sat, 20 Apr 2024 07:22:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ry52x-0005Kf-B5; Sat, 20 Apr 2024 07:22:03 +0000 Received: by outflank-mailman (input) for mailman id 709300; Sat, 20 Apr 2024 07:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ry52w-0005KZ-6W for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 07:22:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ry52v-0007qg-U0 for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 07:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1ry52v-000272-Rd for xen-changelog@lists.xenproject.org; Sat, 20 Apr 2024 07:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gQ/Rr+kR0M396m1M1TrqH16RCotpqkxViaDpDeDVpTA=; b=tNAvlVHahjZf/YCYX2npVTIdoU LGYCW3TKz7kraOLNd0J7EfIPlVFsP1b88QPU4naIzrKwQh1PttbzKWkNofNkSrYMRkC0extjAr9pj BKm4dc2ddHvVOVWbNG48eKzjVY7Eoizmehajd4+qwlPhe59vLtLCIIpJr0r0smDPv9/8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/svm: Add flushbyasid in the supported features Message-Id: Date: Sat, 20 Apr 2024 07:22:01 +0000 commit 09cb855f33fb619c87d8d4250d3a980f568f151b Author: Vaishali Thakkar AuthorDate: Tue Apr 16 09:08:12 2024 +0000 Commit: Andrew Cooper CommitDate: Fri Apr 19 13:55:23 2024 +0100 x86/svm: Add flushbyasid in the supported features TLB Flush by ASID is missing in the list of supported features here. So, add it. Signed-off-by: Vaishali Thakkar Acked-by: Andrew Cooper --- xen/arch/x86/hvm/svm/svm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index a745acd903..4719fffae5 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2510,6 +2510,7 @@ const struct hvm_function_table * __init start_svm(void) P(cpu_has_svm_lbrv, "Last Branch Record (LBR) Virtualisation"); P(cpu_has_svm_nrips, "Next-RIP Saved on #VMEXIT"); P(cpu_has_svm_cleanbits, "VMCB Clean Bits"); + P(cpu_has_svm_flushbyasid, "TLB flush by ASID"); P(cpu_has_svm_decode, "DecodeAssists"); P(cpu_has_svm_vloadsave, "Virtual VMLOAD/VMSAVE"); P(cpu_has_svm_vgif, "Virtual GIF"); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 22 13:22:11 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 22 Apr 2024 13:22:11 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709952.1108988 (Exim 4.92) (envelope-from ) id 1rytcT-0007IZ-MQ; Mon, 22 Apr 2024 13:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709952.1108988; Mon, 22 Apr 2024 13:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcT-0007IS-Jy; Mon, 22 Apr 2024 13:22:05 +0000 Received: by outflank-mailman (input) for mailman id 709952; Mon, 22 Apr 2024 13:22:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcS-0007IJ-6H for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcR-0006PX-VP for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rytcR-00085Z-Sf for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5NWNnTI/ul3Fuw6un495+sB2uGQejottn1Kt5uQsYYw=; b=4a26c4+K2TzAkW37jsjMaa6T3F LKB1tRiCDRteL5R5OdyyY+czpLmuhqKE41cwuqy7IfHJo5Q9QJECkW8NTa/DunLfCmH+tRlbtS8ie g1EmyxQHV4UNZyzFg17ueIL76qFDSqfyMU42avexMOh2ymrUyEyZ6PnGufBxBn6zU0LA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/PVH: Use unsigned int for dom0 e820 index Message-Id: Date: Mon, 22 Apr 2024 13:22:03 +0000 commit 480179bc26f52cb598811173ec7fdc21adecfb13 Author: Jason Andryuk AuthorDate: Mon Apr 22 15:11:02 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:11:02 2024 +0200 x86/PVH: Use unsigned int for dom0 e820 index Switch to unsigned int for the dom0 e820 index. This eliminates the potential for array underflows, and the compiler might be able to generate better code. Requested-by: Jan Beulich Signed-off-by: Jason Andryuk Acked-by: Jan Beulich --- xen/arch/x86/hvm/dom0_build.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index d158f4d241..ac71d43a6b 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -569,7 +569,7 @@ static paddr_t __init find_kernel_memory( { paddr_t kernel_size = elf->dest_size; unsigned int align; - int i; + unsigned int i; if ( parms->phys_align != UNSET_ADDR32 ) align = parms->phys_align; @@ -579,7 +579,7 @@ static paddr_t __init find_kernel_memory( align = MB(2); /* Search backwards to find the highest address. */ - for ( i = d->arch.nr_e820 - 1; i >= 0 ; i-- ) + for ( i = d->arch.nr_e820; i--; ) { paddr_t start = d->arch.e820[i].addr; paddr_t end = start + d->arch.e820[i].size; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 22 13:22:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 22 Apr 2024 13:22:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709953.1108994 (Exim 4.92) (envelope-from ) id 1rytcc-0007KD-Oe; Mon, 22 Apr 2024 13:22:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709953.1108994; Mon, 22 Apr 2024 13:22:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcc-0007K3-LQ; Mon, 22 Apr 2024 13:22:14 +0000 Received: by outflank-mailman (input) for mailman id 709953; Mon, 22 Apr 2024 13:22:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcc-0007Jw-32 for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcc-0006Pf-2F for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rytcc-000879-1K for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=s248eCCedEAm/FP0nQznoZF2zT+WV/2hbCuDwKnLu58=; b=JlC9PQgB1D3vDIabLWu0hOwzZX MbnXGiHGg/iy+iXeSnJvruUHOgCBevwyk9c4CjMlBF/gOL5cDV22UYMcUJYgZu97WatEzUP5cKmFg VP8FhevQ0/c21IFpwDbsYvPzZG26fz48bm71l6fHpI4vzjP5QfciSpxRsIyZTn4DklWo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/domain: deviate MISRA C Rule 16.2 violation Message-Id: Date: Mon, 22 Apr 2024 13:22:14 +0000 commit 1fc166d6cd7a4b4b1ede9ffd2921d8b85cb93fdb Author: Nicola Vetrini AuthorDate: Mon Apr 22 15:11:38 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:11:38 2024 +0200 xen/domain: deviate MISRA C Rule 16.2 violation MISRA C Rule 16.2 states: "A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement". The PROGRESS_VCPU local helper specifies a case that is directly inside the compound statement of a for loop, hence violating the rule. To avoid this, the construct is deviated with a text-based deviation. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- docs/misra/safe.json | 8 ++++++++ xen/common/domain.c | 1 + 2 files changed, 9 insertions(+) diff --git a/docs/misra/safe.json b/docs/misra/safe.json index fe2bc18509..9b13bcf717 100644 --- a/docs/misra/safe.json +++ b/docs/misra/safe.json @@ -44,6 +44,14 @@ }, { "id": "SAF-5-safe", + "analyser": { + "eclair": "MC3R1.R16.2" + }, + "name": "MC3R1.R16.2: using a case label when the most closely-enclosing compound statement is not a switch statement", + "text": "A switch label enclosed by some compound statement that is not the body of a switch is permitted within local helper macros that are unlikely to be misused or misunderstood." + }, + { + "id": "SAF-6-safe", "analyser": {}, "name": "Sentinel", "text": "Next ID to be used" diff --git a/xen/common/domain.c b/xen/common/domain.c index 282c3ab623..6773f7fb90 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -457,6 +457,7 @@ static int domain_teardown(struct domain *d) for_each_vcpu ( d, v ) { + /* SAF-5-safe MISRA C Rule 16.2: switch label enclosed by for loop */ PROGRESS_VCPU(teardown); rc = vcpu_teardown(v); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 22 13:22:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 22 Apr 2024 13:22:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709954.1108997 (Exim 4.92) (envelope-from ) id 1rytcm-0007Mz-Po; Mon, 22 Apr 2024 13:22:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709954.1108997; Mon, 22 Apr 2024 13:22:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcm-0007Mq-My; Mon, 22 Apr 2024 13:22:24 +0000 Received: by outflank-mailman (input) for mailman id 709954; Mon, 22 Apr 2024 13:22:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcm-0007Mg-7M for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcm-0006QH-5D for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rytcm-00087c-4C for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Cv7NXrK3vDext4f03u3QZwEijztvjRHSJhXcnTyLilU=; b=MokCamKS1sQ3ZmNeCa3U1sIkVw yPrTLhHiNeq4QAbLMyYyKOXdbCe/3MTIgcQv3XWGXeW51J+aO4uoAX8+6aQzWKm/GutVUV2X2GgqM BTR+tOTiS30W4zCe37YfTtnHaCHnPpjQGzxkMVAzDyPvN7xzLMp+7+74mSUI+kxPc6ho=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/riscv: check whether the assembler has Zbb extension support Message-Id: Date: Mon, 22 Apr 2024 13:22:24 +0000 commit bc5827fad1e842bb902fc281889e6d3138c2ccab Author: Oleksii Kurochko AuthorDate: Mon Apr 22 15:12:03 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:12:03 2024 +0200 xen/riscv: check whether the assembler has Zbb extension support Update the argument of the as-insn for the Zbb case to verify that Zbb is supported not only by a compiler, but also by an assembler. Also, check-extenstion(ext_name, "insn") helper macro is introduced to check whether extension is supported by a compiler and an assembler. Signed-off-by: Oleksii Kurochko Acked-by: Jan Beulich --- xen/arch/riscv/arch.mk | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/xen/arch/riscv/arch.mk b/xen/arch/riscv/arch.mk index 9f3ed4ff06..05c113f2c2 100644 --- a/xen/arch/riscv/arch.mk +++ b/xen/arch/riscv/arch.mk @@ -11,9 +11,14 @@ riscv-march-$(CONFIG_RISCV_ISA_C) := $(riscv-march-y)c riscv-generic-flags := $(riscv-abi-y) -march=$(riscv-march-y) -zbb := $(call as-insn,$(CC) $(riscv-generic-flags)_zbb,"",_zbb) -zihintpause := $(call as-insn, \ - $(CC) $(riscv-generic-flags)_zihintpause,"pause",_zihintpause) +# check-extension: Check whether extenstion is supported by a compiler and +# an assembler. +# Usage: $(call check-extension,extension_name,"instr") +check-extension = $(call as-insn,$(CC) $(riscv-generic-flags)_$(1),$(2),_$(1)) + +zbb-insn := "andn t0, t0, t0" +zbb := $(call check-extension,zbb,$(zbb-insn)) +zihintpause := $(call check-extension,zihintpause,"pause") extensions := $(zbb) $(zihintpause) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 22 13:22:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 22 Apr 2024 13:22:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709955.1109001 (Exim 4.92) (envelope-from ) id 1rytcw-0007Py-RG; Mon, 22 Apr 2024 13:22:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709955.1109001; Mon, 22 Apr 2024 13:22:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcw-0007Pr-OR; Mon, 22 Apr 2024 13:22:34 +0000 Received: by outflank-mailman (input) for mailman id 709955; Mon, 22 Apr 2024 13:22:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcw-0007Ph-92 for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytcw-0006QO-8I for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rytcw-000882-7L for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=31kLtUAIUHBwp4ykt70MDvyg3qXUf4ZM3VNpBBOH1Lc=; b=FHJqZir752j2qT2vLX2cF1ZIwt TPQVLRr3gG+wK0FochLPjzBCslpK7/q3eK0wTRAJnA5y1XPCcdmgvRVn/MJEz6X/jd7Bby3f0a9KF q3xCJifZEFL0Nxw67F4xEV8CwSfedvYeIkcBuMOIQR67ReiqQyqxJ3P+bpj9M0tUwWSQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation/eclair_analysis: substitute deprecated service STD.emptrecd Message-Id: Date: Mon, 22 Apr 2024 13:22:34 +0000 commit 93d6e6efa8942fb068df799527f36be406fcd2bc Author: Nicola Vetrini AuthorDate: Mon Apr 22 15:12:47 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:12:47 2024 +0200 automation/eclair_analysis: substitute deprecated service STD.emptrecd The ECLAIR service STD.emptrecd (which checks for empty structures) is being deprecated; hence, as a preventive measure, STD.anonstct (which checks for structures with no named members, an UB in C99) is used here; the latter being a more general case than the previous one, this change does not affect the analysis. This new service is already supported by the current version of ECLAIR. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Julien Grall --- automation/eclair_analysis/ECLAIR/toolchain.ecl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automation/eclair_analysis/ECLAIR/toolchain.ecl b/automation/eclair_analysis/ECLAIR/toolchain.ecl index 71a1e2cce0..86e9a79b52 100644 --- a/automation/eclair_analysis/ECLAIR/toolchain.ecl +++ b/automation/eclair_analysis/ECLAIR/toolchain.ecl @@ -44,8 +44,8 @@ -doc_end -doc_begin="See Section \"6.19 Structures with No Members\" of "GCC_MANUAL"." --config=STD.emptrecd,behavior+={c99,GCC_ARM64,specified} --config=STD.emptrecd,behavior+={c99,GCC_X86_64,specified} +-config=STD.anonstct,behavior+={c99,GCC_ARM64,specified} +-config=STD.anonstct,behavior+={c99,GCC_X86_64,specified} -doc_end -doc_begin="See Section \"6.18 Arrays of Length Zero\" of "GCC_MANUAL"." -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 22 13:22:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 22 Apr 2024 13:22:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709956.1109005 (Exim 4.92) (envelope-from ) id 1rytd6-0007T8-Sl; Mon, 22 Apr 2024 13:22:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709956.1109005; Mon, 22 Apr 2024 13:22:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytd6-0007T0-Q1; Mon, 22 Apr 2024 13:22:44 +0000 Received: by outflank-mailman (input) for mailman id 709956; Mon, 22 Apr 2024 13:22:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytd6-0007Sq-CJ for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytd6-0006QY-BU for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rytd6-00088V-AO for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KQTopHUmKbyLCtmBrkb0jLQS+hoKpg7gtdD1ouOhV7w=; b=Fh3P+2NKc6+koHzhsMZjFXN7bT TjGboxGTaoMpxuiLhfzAJ0erqfsmKhzJnLgFydnYJo7bj4a5Q6PWVzh2G8/j49EL3K+xoTRijl9yg 0BoFEbjjmll6khlpAomrz1st4nFO9EQZckCP66EemZZba02tD0SIRN2DM7ph6+GnlArM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/video: add boot_video_info offset generation to asm-offsets Message-Id: Date: Mon, 22 Apr 2024 13:22:44 +0000 commit c3b40c95daa695b38c7c85e71d15198daca8234d Author: Roger Pau Monné AuthorDate: Mon Apr 22 15:13:00 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:13:00 2024 +0200 x86/video: add boot_video_info offset generation to asm-offsets Currently the offsets into the boot_video_info struct are manually encoded in video.S, which is fragile. Generate them in asm-offsets.c and switch the current code to use those instead. No functional change intended. Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper --- xen/arch/x86/boot/video.S | 83 +++++++++++++++------------------------ xen/arch/x86/x86_64/asm-offsets.c | 26 ++++++++++++ 2 files changed, 58 insertions(+), 51 deletions(-) diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index 0ae04f270f..f78906878a 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -26,32 +26,13 @@ /* Force 400 scan lines for standard modes (hack to fix bad BIOS behaviour */ #undef CONFIG_VIDEO_400_HACK -/* Positions of various video parameters passed to the kernel */ -/* (see also include/linux/tty.h) */ -#define PARAM_CURSOR_POS 0x00 -#define PARAM_VIDEO_MODE 0x02 -#define PARAM_VIDEO_COLS 0x03 -#define PARAM_VIDEO_LINES 0x04 -#define PARAM_HAVE_VGA 0x05 -#define PARAM_FONT_POINTS 0x06 -#define PARAM_CAPABILITIES 0x08 -#define PARAM_LFB_LINELENGTH 0x0c -#define PARAM_LFB_WIDTH 0x0e -#define PARAM_LFB_HEIGHT 0x10 -#define PARAM_LFB_DEPTH 0x12 -#define PARAM_LFB_BASE 0x14 -#define PARAM_LFB_SIZE 0x18 -#define PARAM_LFB_COLORS 0x1c -#define PARAM_VESAPM_SEG 0x24 -#define PARAM_VESAPM_OFF 0x26 -#define PARAM_VESA_ATTRIB 0x28 #define _param(param) bootsym(boot_vid_info)+(param) video: xorw %ax, %ax movw %ax, %gs # GS is zero cld call basic_detect # Basic adapter type testing (EGA/VGA/MDA/CGA) - cmpb $0,_param(PARAM_HAVE_VGA) + cmpb $0, _param(BVI_have_vga) je 1f # Bail if there's no VGA movw bootsym(boot_vid_mode), %ax # User selected video mode cmpw $ASK_VGA, %ax # Bring up the menu @@ -69,7 +50,7 @@ vid1: call store_edid # Detect if we have CGA, MDA, EGA or VGA and pass it to the kernel. basic_detect: - movb $0, _param(PARAM_HAVE_VGA) + movb $0, _param(BVI_have_vga) movb $0x12, %ah # Check EGA/VGA movb $0x10, %bl int $0x10 @@ -79,7 +60,7 @@ basic_detect: int $0x10 cmpb $0x1a, %al # 1a means VGA... jne basret # anything else is EGA. - incb _param(PARAM_HAVE_VGA) # We've detected a VGA + incb _param(BVI_have_vga) # We've detected a VGA basret: ret # Store the video mode parameters for later usage by the kernel. @@ -92,57 +73,57 @@ mode_params: movb $0x03, %ah # Read cursor position xorb %bh, %bh int $0x10 - movw %dx, _param(PARAM_CURSOR_POS) + movw %dx, _param(BVI_cursor_pos) movb $0x0f, %ah # Read page/mode/width int $0x10 - movw %ax, _param(PARAM_VIDEO_MODE) # Video mode and screen width + movw %ax, _param(BVI_video_mode) # Video mode and screen width movw %gs:(0x485), %ax # Font size - movw %ax, _param(PARAM_FONT_POINTS) # (valid only on EGA/VGA) + movw %ax, _param(BVI_font_points) # (valid only on EGA/VGA) movw bootsym(force_size), %ax # Forced size? orw %ax, %ax jz mopar1 - movb %ah, _param(PARAM_VIDEO_COLS) - movb %al, _param(PARAM_VIDEO_LINES) + movb %ah, _param(BVI_video_cols) + movb %al, _param(BVI_video_lines) ret mopar1: movb %gs:(0x484), %al # On EGA/VGA, use the EGA+ BIOS incb %al # location of max lines. -mopar2: movb %al, _param(PARAM_VIDEO_LINES) +mopar2: movb %al, _param(BVI_video_lines) ret # Fetching of VESA frame buffer parameters mopar_gr: movw $vesa_mode_info, %di - movb $0x23, _param(PARAM_HAVE_VGA) + movb $0x23, _param(BVI_have_vga) movw 16(%di), %ax - movw %ax, _param(PARAM_LFB_LINELENGTH) + movw %ax, _param(BVI_lfb_linelength) movw 18(%di), %ax - movw %ax, _param(PARAM_LFB_WIDTH) + movw %ax, _param(BVI_lfb_width) movw 20(%di), %ax - movw %ax, _param(PARAM_LFB_HEIGHT) + movw %ax, _param(BVI_lfb_height) movzbw 25(%di), %ax - movw %ax, _param(PARAM_LFB_DEPTH) + movw %ax, _param(BVI_lfb_depth) movl 40(%di), %eax - movl %eax, _param(PARAM_LFB_BASE) + movl %eax, _param(BVI_lfb_base) movl 31(%di), %eax - movl %eax, _param(PARAM_LFB_COLORS) + movl %eax, _param(BVI_lfb_colors) movl 35(%di), %eax - movl %eax, _param(PARAM_LFB_COLORS+4) + movl %eax, _param(BVI_lfb_colors+4) movw 0(%di), %ax - movw %ax, _param(PARAM_VESA_ATTRIB) + movw %ax, _param(BVI_vesa_attrib) # get video mem size movw $vesa_glob_info, %di movzwl 18(%di), %eax - movl %eax, _param(PARAM_LFB_SIZE) + movl %eax, _param(BVI_lfb_size) # store mode capabilities movl 10(%di), %eax - movl %eax, _param(PARAM_CAPABILITIES) + movl %eax, _param(BVI_capabilities) # switching the DAC to 8-bit is for <= 8 bpp only - cmpw $8, _param(PARAM_LFB_DEPTH) + cmpw $8, _param(BVI_lfb_depth) jg dac_done # get DAC switching capability @@ -160,16 +141,16 @@ mopar_gr: dac_set: # set color size to DAC size movzbw bootsym(dac_size), %ax - movb %al, _param(PARAM_LFB_COLORS+0) - movb %al, _param(PARAM_LFB_COLORS+2) - movb %al, _param(PARAM_LFB_COLORS+4) - movb %al, _param(PARAM_LFB_COLORS+6) + movb %al, _param(BVI_lfb_colors + 0) + movb %al, _param(BVI_lfb_colors + 2) + movb %al, _param(BVI_lfb_colors + 4) + movb %al, _param(BVI_lfb_colors + 6) # set color offsets to 0 - movb %ah, _param(PARAM_LFB_COLORS+1) - movb %ah, _param(PARAM_LFB_COLORS+3) - movb %ah, _param(PARAM_LFB_COLORS+5) - movb %ah, _param(PARAM_LFB_COLORS+7) + movb %ah, _param(BVI_lfb_colors + 1) + movb %ah, _param(BVI_lfb_colors + 3) + movb %ah, _param(BVI_lfb_colors + 5) + movb %ah, _param(BVI_lfb_colors + 7) dac_done: # get protected mode interface information @@ -180,8 +161,8 @@ dac_done: cmp $0x004f, %ax jnz no_pm - movw %es, _param(PARAM_VESAPM_SEG) - movw %di, _param(PARAM_VESAPM_OFF) + movw %es, _param(BVI_vesapm_seg) + movw %di, _param(BVI_vesapm_off) no_pm: pushw %ds popw %es @@ -1018,7 +999,7 @@ GLOBAL(boot_vid_info) .byte 80, 25 /* 80x25 */ .byte 1 /* isVGA */ .word 16 /* 8x16 font */ - .fill 0x28,1,0 + .space BVI_size - (. - boot_vid_info) GLOBAL(boot_edid_info) .fill 128,1,0x13 GLOBAL(boot_edid_caps) diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 3fe21c21b9..630bdc3945 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -16,6 +16,10 @@ #include #include +#ifdef CONFIG_VIDEO +# include "../boot/video.h" +#endif + #define DEFINE(_sym, _val) \ asm volatile ( "\n.ascii\"==>#define " #_sym " %0 /* " #_val " */<==\""\ :: "i" (_val) ) @@ -208,4 +212,26 @@ void __dummy__(void) OFFSET(DOMAIN_vm_assist, struct domain, vm_assist); BLANK(); + +#ifdef CONFIG_VIDEO + OFFSET(BVI_cursor_pos, struct boot_video_info, orig_x); + OFFSET(BVI_video_mode, struct boot_video_info, orig_video_mode); + OFFSET(BVI_video_cols, struct boot_video_info, orig_video_cols); + OFFSET(BVI_video_lines, struct boot_video_info, orig_video_lines); + OFFSET(BVI_have_vga, struct boot_video_info, orig_video_isVGA); + OFFSET(BVI_font_points, struct boot_video_info, orig_video_points); + OFFSET(BVI_capabilities, struct boot_video_info, capabilities); + OFFSET(BVI_lfb_linelength, struct boot_video_info, lfb_linelength); + OFFSET(BVI_lfb_width, struct boot_video_info, lfb_width); + OFFSET(BVI_lfb_height, struct boot_video_info, lfb_height); + OFFSET(BVI_lfb_depth, struct boot_video_info, lfb_depth); + OFFSET(BVI_lfb_base, struct boot_video_info, lfb_base); + OFFSET(BVI_lfb_size, struct boot_video_info, lfb_size); + OFFSET(BVI_lfb_colors, struct boot_video_info, colors); + OFFSET(BVI_vesapm_seg, struct boot_video_info, vesapm.seg); + OFFSET(BVI_vesapm_off, struct boot_video_info, vesapm.off); + OFFSET(BVI_vesa_attrib, struct boot_video_info, vesa_attrib); + DEFINE(BVI_size, sizeof(struct boot_video_info)); + BLANK(); +#endif /* CONFIG_VIDEO */ } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Mon Apr 22 13:22:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 22 Apr 2024 13:22:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.709957.1109009 (Exim 4.92) (envelope-from ) id 1rytdG-0007Vr-U7; Mon, 22 Apr 2024 13:22:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 709957.1109009; Mon, 22 Apr 2024 13:22:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytdG-0007Vj-RV; Mon, 22 Apr 2024 13:22:54 +0000 Received: by outflank-mailman (input) for mailman id 709957; Mon, 22 Apr 2024 13:22:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytdG-0007Va-Fi for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rytdG-0006Qf-Eu for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rytdG-000898-Dg for xen-changelog@lists.xenproject.org; Mon, 22 Apr 2024 13:22:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=23yjxGIS0szR0PxLGCGhWT5LtaKaNo/aWUncBFaym7Q=; b=nF6wG5GE8cYziEDXCzlIjBdzDd PPAa2daGJy7HKzZe6tuZ9QF6E9zj/P9oExACSr5i3rI4by0jdvu/AdabLpuqStbrVVsan484cb9S1 RM25Gpvalfq0JEtSBlJNkH4zjb9HR4b9dtTY+e6fMJnKFlWcsD2276vt9KJCGVWrEUGE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/pvh: zero VGA information Message-Id: Date: Mon, 22 Apr 2024 13:22:54 +0000 commit cccb7878f386fb8691b7e28957a562a66d9b875f Author: Roger Pau Monné AuthorDate: Mon Apr 22 15:13:30 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:13:30 2024 +0200 x86/pvh: zero VGA information PVH guests skip real mode VGA detection, and never have a VGA available, hence the default VGA selection is not applicable, and at worse can cause confusion when parsing Xen boot log. Zero the boot_vid_info structure when Xen is booted from the PVH entry point. This fixes Xen incorrectly reporting: (XEN) Video information: (XEN) VGA is text mode 80x25, font 8x16 When booted as a PVH guest. Reported-by: Andrew Cooper Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/boot/video.h | 2 ++ xen/arch/x86/guest/xen/pvh-boot.c | 9 +++++++++ xen/arch/x86/setup.c | 1 - 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/boot/video.h b/xen/arch/x86/boot/video.h index 6a7775d242..1203515f9e 100644 --- a/xen/arch/x86/boot/video.h +++ b/xen/arch/x86/boot/video.h @@ -67,6 +67,8 @@ struct boot_video_info { } vesapm; uint16_t vesa_attrib; /* 0x28 */ }; + +extern struct boot_video_info boot_vid_info; #endif /* __ASSEMBLY__ */ #endif /* __BOOT_VIDEO_H__ */ diff --git a/xen/arch/x86/guest/xen/pvh-boot.c b/xen/arch/x86/guest/xen/pvh-boot.c index 9cbe87b61b..cc57ab2cbc 100644 --- a/xen/arch/x86/guest/xen/pvh-boot.c +++ b/xen/arch/x86/guest/xen/pvh-boot.c @@ -15,6 +15,10 @@ #include +#ifdef CONFIG_VIDEO +# include "../../boot/video.h" +#endif + /* Initialised in head.S, before .bss is zeroed. */ bool __initdata pvh_boot; uint32_t __initdata pvh_start_info_pa; @@ -95,6 +99,11 @@ void __init pvh_init(multiboot_info_t **mbi, module_t **mod) ASSERT(xen_guest); get_memory_map(); + +#ifdef CONFIG_VIDEO + /* No VGA available when booted from the PVH entry point. */ + memset(&bootsym(boot_vid_info), 0, sizeof(boot_vid_info)); +#endif } void __init pvh_print_info(void) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 86cd8b9997..449a347653 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -646,7 +646,6 @@ static struct e820map __initdata boot_e820; #ifdef CONFIG_VIDEO # include "boot/video.h" -extern struct boot_video_info boot_vid_info; #endif static void __init parse_video_info(void) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 05:00:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 05:00:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710304.1109451 (Exim 4.92) (envelope-from ) id 1rz8GB-0006r7-7x; Tue, 23 Apr 2024 05:00:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710304.1109451; Tue, 23 Apr 2024 05:00:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8GB-0006qn-5D; Tue, 23 Apr 2024 05:00:03 +0000 Received: by outflank-mailman (input) for mailman id 710304; Tue, 23 Apr 2024 05:00:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8GA-0006Lo-8L for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8G9-0007iW-SD for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rz8G9-0002Lw-PT for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fzNd6uju3r98LzyAVBRpgsgJ6AMvf0S9GAXSAi+vLb0=; b=vHDTxHvg0Pt3Rp3wxluWRSa8e2 re63A96LVNIL3AOtM7jtXXO+GJPA/8DwlTW/xzG3koBh27rEg9hXEI3Bi0rpLVcfeCR5IrAHe0iTb zb7P47g13YqX2ZA2UC+3UnnsyYPG12rXuZPBQv79wjP207gmNdRSMjBS7oac0m1g4DJQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/PVH: Use unsigned int for dom0 e820 index Message-Id: Date: Tue, 23 Apr 2024 05:00:01 +0000 commit 480179bc26f52cb598811173ec7fdc21adecfb13 Author: Jason Andryuk AuthorDate: Mon Apr 22 15:11:02 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:11:02 2024 +0200 x86/PVH: Use unsigned int for dom0 e820 index Switch to unsigned int for the dom0 e820 index. This eliminates the potential for array underflows, and the compiler might be able to generate better code. Requested-by: Jan Beulich Signed-off-by: Jason Andryuk Acked-by: Jan Beulich --- xen/arch/x86/hvm/dom0_build.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index d158f4d241..ac71d43a6b 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -569,7 +569,7 @@ static paddr_t __init find_kernel_memory( { paddr_t kernel_size = elf->dest_size; unsigned int align; - int i; + unsigned int i; if ( parms->phys_align != UNSET_ADDR32 ) align = parms->phys_align; @@ -579,7 +579,7 @@ static paddr_t __init find_kernel_memory( align = MB(2); /* Search backwards to find the highest address. */ - for ( i = d->arch.nr_e820 - 1; i >= 0 ; i-- ) + for ( i = d->arch.nr_e820; i--; ) { paddr_t start = d->arch.e820[i].addr; paddr_t end = start + d->arch.e820[i].size; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 05:00:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 05:00:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710305.1109454 (Exim 4.92) (envelope-from ) id 1rz8GL-0007Xr-9B; Tue, 23 Apr 2024 05:00:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710305.1109454; Tue, 23 Apr 2024 05:00:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8GL-0007Xk-6b; Tue, 23 Apr 2024 05:00:13 +0000 Received: by outflank-mailman (input) for mailman id 710305; Tue, 23 Apr 2024 05:00:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8GK-0007Xa-0r for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8GJ-0007vx-Vp for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rz8GJ-0002NX-UR for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vcYQIP6QExngkwaTgAOnsemETD6G9HGo1OagrqLpi0s=; b=GxkSIMzdKQeIMtAXuZfMUjBCM2 nrGoWv+hDAFM2whFbRk5ogTTBcx2wYu3+6iGzzYbYvOeqL9QQhyxvTsYBH1PkgFDio7ImB/ZeeWYg HkzYHf60wJOZd7iocvtNmdVrWxG0MIDRxo2gHWNMWluwtF/fVkL+J5gx1L0pOVA7h7TA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/domain: deviate MISRA C Rule 16.2 violation Message-Id: Date: Tue, 23 Apr 2024 05:00:11 +0000 commit 1fc166d6cd7a4b4b1ede9ffd2921d8b85cb93fdb Author: Nicola Vetrini AuthorDate: Mon Apr 22 15:11:38 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:11:38 2024 +0200 xen/domain: deviate MISRA C Rule 16.2 violation MISRA C Rule 16.2 states: "A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement". The PROGRESS_VCPU local helper specifies a case that is directly inside the compound statement of a for loop, hence violating the rule. To avoid this, the construct is deviated with a text-based deviation. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- docs/misra/safe.json | 8 ++++++++ xen/common/domain.c | 1 + 2 files changed, 9 insertions(+) diff --git a/docs/misra/safe.json b/docs/misra/safe.json index fe2bc18509..9b13bcf717 100644 --- a/docs/misra/safe.json +++ b/docs/misra/safe.json @@ -44,6 +44,14 @@ }, { "id": "SAF-5-safe", + "analyser": { + "eclair": "MC3R1.R16.2" + }, + "name": "MC3R1.R16.2: using a case label when the most closely-enclosing compound statement is not a switch statement", + "text": "A switch label enclosed by some compound statement that is not the body of a switch is permitted within local helper macros that are unlikely to be misused or misunderstood." + }, + { + "id": "SAF-6-safe", "analyser": {}, "name": "Sentinel", "text": "Next ID to be used" diff --git a/xen/common/domain.c b/xen/common/domain.c index 282c3ab623..6773f7fb90 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -457,6 +457,7 @@ static int domain_teardown(struct domain *d) for_each_vcpu ( d, v ) { + /* SAF-5-safe MISRA C Rule 16.2: switch label enclosed by for loop */ PROGRESS_VCPU(teardown); rc = vcpu_teardown(v); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 05:00:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 05:00:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710306.1109459 (Exim 4.92) (envelope-from ) id 1rz8GV-0007a4-Ak; Tue, 23 Apr 2024 05:00:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710306.1109459; Tue, 23 Apr 2024 05:00:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8GV-0007Zx-80; Tue, 23 Apr 2024 05:00:23 +0000 Received: by outflank-mailman (input) for mailman id 710306; Tue, 23 Apr 2024 05:00:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8GU-0007Zn-4d for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8GU-0007wC-3p for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rz8GU-0002O5-1f for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FsOjKtsUQxK6Y+D8JBrBq6J9CqwdqVrWqTVBxJ68Vrw=; b=bG7BQ2sWSo/kr0R1GVouT8p3mq phzMi9t3x2R+XkqCJ0FE8m/pah6nZQX0PWYcTKbi2KvqJ9sf9jX6f4Jd9pZGFmskK5J9+tY1WsDmH FU8Sui1WM0Sz4bAUOUUS8K2sQwMXonVFkhcoA6pfbNw1Si0HbvnrUg8PDJnkzkYHcI0E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/riscv: check whether the assembler has Zbb extension support Message-Id: Date: Tue, 23 Apr 2024 05:00:22 +0000 commit bc5827fad1e842bb902fc281889e6d3138c2ccab Author: Oleksii Kurochko AuthorDate: Mon Apr 22 15:12:03 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:12:03 2024 +0200 xen/riscv: check whether the assembler has Zbb extension support Update the argument of the as-insn for the Zbb case to verify that Zbb is supported not only by a compiler, but also by an assembler. Also, check-extenstion(ext_name, "insn") helper macro is introduced to check whether extension is supported by a compiler and an assembler. Signed-off-by: Oleksii Kurochko Acked-by: Jan Beulich --- xen/arch/riscv/arch.mk | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/xen/arch/riscv/arch.mk b/xen/arch/riscv/arch.mk index 9f3ed4ff06..05c113f2c2 100644 --- a/xen/arch/riscv/arch.mk +++ b/xen/arch/riscv/arch.mk @@ -11,9 +11,14 @@ riscv-march-$(CONFIG_RISCV_ISA_C) := $(riscv-march-y)c riscv-generic-flags := $(riscv-abi-y) -march=$(riscv-march-y) -zbb := $(call as-insn,$(CC) $(riscv-generic-flags)_zbb,"",_zbb) -zihintpause := $(call as-insn, \ - $(CC) $(riscv-generic-flags)_zihintpause,"pause",_zihintpause) +# check-extension: Check whether extenstion is supported by a compiler and +# an assembler. +# Usage: $(call check-extension,extension_name,"instr") +check-extension = $(call as-insn,$(CC) $(riscv-generic-flags)_$(1),$(2),_$(1)) + +zbb-insn := "andn t0, t0, t0" +zbb := $(call check-extension,zbb,$(zbb-insn)) +zihintpause := $(call check-extension,zihintpause,"pause") extensions := $(zbb) $(zihintpause) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 05:00:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 05:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710307.1109463 (Exim 4.92) (envelope-from ) id 1rz8Gf-0007dB-CM; Tue, 23 Apr 2024 05:00:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710307.1109463; Tue, 23 Apr 2024 05:00:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8Gf-0007d3-9X; Tue, 23 Apr 2024 05:00:33 +0000 Received: by outflank-mailman (input) for mailman id 710307; Tue, 23 Apr 2024 05:00:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8Ge-0007co-7b for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8Ge-0007wc-6l for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rz8Ge-0002OY-5p for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=NABYHnBpD0xcNurjC11je2SBwiUVnUc13QE1Yztd8ys=; b=nNQGl8V1jcBaPaRoQW4F79ravQ 2oSZucGJFjLah6A3Y3xPY3ENbkQLhhUU8eoVs+1pCwghg5twkuQQtGsajONzt9trrxbrfD/1/ib36 TrLmYy+PXZYkJUBhkJZQ3cj8I7qEIx+stJPYUBEo5UUVfxByilLjUV1TYPPv0NHs+D4U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] automation/eclair_analysis: substitute deprecated service STD.emptrecd Message-Id: Date: Tue, 23 Apr 2024 05:00:32 +0000 commit 93d6e6efa8942fb068df799527f36be406fcd2bc Author: Nicola Vetrini AuthorDate: Mon Apr 22 15:12:47 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:12:47 2024 +0200 automation/eclair_analysis: substitute deprecated service STD.emptrecd The ECLAIR service STD.emptrecd (which checks for empty structures) is being deprecated; hence, as a preventive measure, STD.anonstct (which checks for structures with no named members, an UB in C99) is used here; the latter being a more general case than the previous one, this change does not affect the analysis. This new service is already supported by the current version of ECLAIR. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Julien Grall --- automation/eclair_analysis/ECLAIR/toolchain.ecl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automation/eclair_analysis/ECLAIR/toolchain.ecl b/automation/eclair_analysis/ECLAIR/toolchain.ecl index 71a1e2cce0..86e9a79b52 100644 --- a/automation/eclair_analysis/ECLAIR/toolchain.ecl +++ b/automation/eclair_analysis/ECLAIR/toolchain.ecl @@ -44,8 +44,8 @@ -doc_end -doc_begin="See Section \"6.19 Structures with No Members\" of "GCC_MANUAL"." --config=STD.emptrecd,behavior+={c99,GCC_ARM64,specified} --config=STD.emptrecd,behavior+={c99,GCC_X86_64,specified} +-config=STD.anonstct,behavior+={c99,GCC_ARM64,specified} +-config=STD.anonstct,behavior+={c99,GCC_X86_64,specified} -doc_end -doc_begin="See Section \"6.18 Arrays of Length Zero\" of "GCC_MANUAL"." -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 05:00:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 05:00:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710308.1109467 (Exim 4.92) (envelope-from ) id 1rz8Gp-0007fY-Dz; Tue, 23 Apr 2024 05:00:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710308.1109467; Tue, 23 Apr 2024 05:00:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8Gp-0007fR-Aw; Tue, 23 Apr 2024 05:00:43 +0000 Received: by outflank-mailman (input) for mailman id 710308; Tue, 23 Apr 2024 05:00:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8Go-0007fI-Ab for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8Go-0007wj-9i for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rz8Go-0002Oz-8o for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OO5r0RA1/qBw9bcHnQK0ZKSZda36DMueE75vdMH0ISY=; b=GDNMvVqj9J7CjfYgGbx8+4KE6M 1/YxTfyV77T5vZIeaMowpsH+p9+W0sE8At9aCCoHXGJAB4RFA4RAD/nDLp15ckFSwKzPoFYtU6DH9 Krk8tiS9y8leP7hRMARd59+SuyYcBCHAA6Nfg/ulepeU8P3KX1VRXKcuQ4/VcdJrF6mM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/video: add boot_video_info offset generation to asm-offsets Message-Id: Date: Tue, 23 Apr 2024 05:00:42 +0000 commit c3b40c95daa695b38c7c85e71d15198daca8234d Author: Roger Pau Monné AuthorDate: Mon Apr 22 15:13:00 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:13:00 2024 +0200 x86/video: add boot_video_info offset generation to asm-offsets Currently the offsets into the boot_video_info struct are manually encoded in video.S, which is fragile. Generate them in asm-offsets.c and switch the current code to use those instead. No functional change intended. Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper --- xen/arch/x86/boot/video.S | 83 +++++++++++++++------------------------ xen/arch/x86/x86_64/asm-offsets.c | 26 ++++++++++++ 2 files changed, 58 insertions(+), 51 deletions(-) diff --git a/xen/arch/x86/boot/video.S b/xen/arch/x86/boot/video.S index 0ae04f270f..f78906878a 100644 --- a/xen/arch/x86/boot/video.S +++ b/xen/arch/x86/boot/video.S @@ -26,32 +26,13 @@ /* Force 400 scan lines for standard modes (hack to fix bad BIOS behaviour */ #undef CONFIG_VIDEO_400_HACK -/* Positions of various video parameters passed to the kernel */ -/* (see also include/linux/tty.h) */ -#define PARAM_CURSOR_POS 0x00 -#define PARAM_VIDEO_MODE 0x02 -#define PARAM_VIDEO_COLS 0x03 -#define PARAM_VIDEO_LINES 0x04 -#define PARAM_HAVE_VGA 0x05 -#define PARAM_FONT_POINTS 0x06 -#define PARAM_CAPABILITIES 0x08 -#define PARAM_LFB_LINELENGTH 0x0c -#define PARAM_LFB_WIDTH 0x0e -#define PARAM_LFB_HEIGHT 0x10 -#define PARAM_LFB_DEPTH 0x12 -#define PARAM_LFB_BASE 0x14 -#define PARAM_LFB_SIZE 0x18 -#define PARAM_LFB_COLORS 0x1c -#define PARAM_VESAPM_SEG 0x24 -#define PARAM_VESAPM_OFF 0x26 -#define PARAM_VESA_ATTRIB 0x28 #define _param(param) bootsym(boot_vid_info)+(param) video: xorw %ax, %ax movw %ax, %gs # GS is zero cld call basic_detect # Basic adapter type testing (EGA/VGA/MDA/CGA) - cmpb $0,_param(PARAM_HAVE_VGA) + cmpb $0, _param(BVI_have_vga) je 1f # Bail if there's no VGA movw bootsym(boot_vid_mode), %ax # User selected video mode cmpw $ASK_VGA, %ax # Bring up the menu @@ -69,7 +50,7 @@ vid1: call store_edid # Detect if we have CGA, MDA, EGA or VGA and pass it to the kernel. basic_detect: - movb $0, _param(PARAM_HAVE_VGA) + movb $0, _param(BVI_have_vga) movb $0x12, %ah # Check EGA/VGA movb $0x10, %bl int $0x10 @@ -79,7 +60,7 @@ basic_detect: int $0x10 cmpb $0x1a, %al # 1a means VGA... jne basret # anything else is EGA. - incb _param(PARAM_HAVE_VGA) # We've detected a VGA + incb _param(BVI_have_vga) # We've detected a VGA basret: ret # Store the video mode parameters for later usage by the kernel. @@ -92,57 +73,57 @@ mode_params: movb $0x03, %ah # Read cursor position xorb %bh, %bh int $0x10 - movw %dx, _param(PARAM_CURSOR_POS) + movw %dx, _param(BVI_cursor_pos) movb $0x0f, %ah # Read page/mode/width int $0x10 - movw %ax, _param(PARAM_VIDEO_MODE) # Video mode and screen width + movw %ax, _param(BVI_video_mode) # Video mode and screen width movw %gs:(0x485), %ax # Font size - movw %ax, _param(PARAM_FONT_POINTS) # (valid only on EGA/VGA) + movw %ax, _param(BVI_font_points) # (valid only on EGA/VGA) movw bootsym(force_size), %ax # Forced size? orw %ax, %ax jz mopar1 - movb %ah, _param(PARAM_VIDEO_COLS) - movb %al, _param(PARAM_VIDEO_LINES) + movb %ah, _param(BVI_video_cols) + movb %al, _param(BVI_video_lines) ret mopar1: movb %gs:(0x484), %al # On EGA/VGA, use the EGA+ BIOS incb %al # location of max lines. -mopar2: movb %al, _param(PARAM_VIDEO_LINES) +mopar2: movb %al, _param(BVI_video_lines) ret # Fetching of VESA frame buffer parameters mopar_gr: movw $vesa_mode_info, %di - movb $0x23, _param(PARAM_HAVE_VGA) + movb $0x23, _param(BVI_have_vga) movw 16(%di), %ax - movw %ax, _param(PARAM_LFB_LINELENGTH) + movw %ax, _param(BVI_lfb_linelength) movw 18(%di), %ax - movw %ax, _param(PARAM_LFB_WIDTH) + movw %ax, _param(BVI_lfb_width) movw 20(%di), %ax - movw %ax, _param(PARAM_LFB_HEIGHT) + movw %ax, _param(BVI_lfb_height) movzbw 25(%di), %ax - movw %ax, _param(PARAM_LFB_DEPTH) + movw %ax, _param(BVI_lfb_depth) movl 40(%di), %eax - movl %eax, _param(PARAM_LFB_BASE) + movl %eax, _param(BVI_lfb_base) movl 31(%di), %eax - movl %eax, _param(PARAM_LFB_COLORS) + movl %eax, _param(BVI_lfb_colors) movl 35(%di), %eax - movl %eax, _param(PARAM_LFB_COLORS+4) + movl %eax, _param(BVI_lfb_colors+4) movw 0(%di), %ax - movw %ax, _param(PARAM_VESA_ATTRIB) + movw %ax, _param(BVI_vesa_attrib) # get video mem size movw $vesa_glob_info, %di movzwl 18(%di), %eax - movl %eax, _param(PARAM_LFB_SIZE) + movl %eax, _param(BVI_lfb_size) # store mode capabilities movl 10(%di), %eax - movl %eax, _param(PARAM_CAPABILITIES) + movl %eax, _param(BVI_capabilities) # switching the DAC to 8-bit is for <= 8 bpp only - cmpw $8, _param(PARAM_LFB_DEPTH) + cmpw $8, _param(BVI_lfb_depth) jg dac_done # get DAC switching capability @@ -160,16 +141,16 @@ mopar_gr: dac_set: # set color size to DAC size movzbw bootsym(dac_size), %ax - movb %al, _param(PARAM_LFB_COLORS+0) - movb %al, _param(PARAM_LFB_COLORS+2) - movb %al, _param(PARAM_LFB_COLORS+4) - movb %al, _param(PARAM_LFB_COLORS+6) + movb %al, _param(BVI_lfb_colors + 0) + movb %al, _param(BVI_lfb_colors + 2) + movb %al, _param(BVI_lfb_colors + 4) + movb %al, _param(BVI_lfb_colors + 6) # set color offsets to 0 - movb %ah, _param(PARAM_LFB_COLORS+1) - movb %ah, _param(PARAM_LFB_COLORS+3) - movb %ah, _param(PARAM_LFB_COLORS+5) - movb %ah, _param(PARAM_LFB_COLORS+7) + movb %ah, _param(BVI_lfb_colors + 1) + movb %ah, _param(BVI_lfb_colors + 3) + movb %ah, _param(BVI_lfb_colors + 5) + movb %ah, _param(BVI_lfb_colors + 7) dac_done: # get protected mode interface information @@ -180,8 +161,8 @@ dac_done: cmp $0x004f, %ax jnz no_pm - movw %es, _param(PARAM_VESAPM_SEG) - movw %di, _param(PARAM_VESAPM_OFF) + movw %es, _param(BVI_vesapm_seg) + movw %di, _param(BVI_vesapm_off) no_pm: pushw %ds popw %es @@ -1018,7 +999,7 @@ GLOBAL(boot_vid_info) .byte 80, 25 /* 80x25 */ .byte 1 /* isVGA */ .word 16 /* 8x16 font */ - .fill 0x28,1,0 + .space BVI_size - (. - boot_vid_info) GLOBAL(boot_edid_info) .fill 128,1,0x13 GLOBAL(boot_edid_caps) diff --git a/xen/arch/x86/x86_64/asm-offsets.c b/xen/arch/x86/x86_64/asm-offsets.c index 3fe21c21b9..630bdc3945 100644 --- a/xen/arch/x86/x86_64/asm-offsets.c +++ b/xen/arch/x86/x86_64/asm-offsets.c @@ -16,6 +16,10 @@ #include #include +#ifdef CONFIG_VIDEO +# include "../boot/video.h" +#endif + #define DEFINE(_sym, _val) \ asm volatile ( "\n.ascii\"==>#define " #_sym " %0 /* " #_val " */<==\""\ :: "i" (_val) ) @@ -208,4 +212,26 @@ void __dummy__(void) OFFSET(DOMAIN_vm_assist, struct domain, vm_assist); BLANK(); + +#ifdef CONFIG_VIDEO + OFFSET(BVI_cursor_pos, struct boot_video_info, orig_x); + OFFSET(BVI_video_mode, struct boot_video_info, orig_video_mode); + OFFSET(BVI_video_cols, struct boot_video_info, orig_video_cols); + OFFSET(BVI_video_lines, struct boot_video_info, orig_video_lines); + OFFSET(BVI_have_vga, struct boot_video_info, orig_video_isVGA); + OFFSET(BVI_font_points, struct boot_video_info, orig_video_points); + OFFSET(BVI_capabilities, struct boot_video_info, capabilities); + OFFSET(BVI_lfb_linelength, struct boot_video_info, lfb_linelength); + OFFSET(BVI_lfb_width, struct boot_video_info, lfb_width); + OFFSET(BVI_lfb_height, struct boot_video_info, lfb_height); + OFFSET(BVI_lfb_depth, struct boot_video_info, lfb_depth); + OFFSET(BVI_lfb_base, struct boot_video_info, lfb_base); + OFFSET(BVI_lfb_size, struct boot_video_info, lfb_size); + OFFSET(BVI_lfb_colors, struct boot_video_info, colors); + OFFSET(BVI_vesapm_seg, struct boot_video_info, vesapm.seg); + OFFSET(BVI_vesapm_off, struct boot_video_info, vesapm.off); + OFFSET(BVI_vesa_attrib, struct boot_video_info, vesa_attrib); + DEFINE(BVI_size, sizeof(struct boot_video_info)); + BLANK(); +#endif /* CONFIG_VIDEO */ } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 05:00:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 05:00:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710309.1109471 (Exim 4.92) (envelope-from ) id 1rz8Gz-0007i8-Fb; Tue, 23 Apr 2024 05:00:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710309.1109471; Tue, 23 Apr 2024 05:00:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8Gz-0007i1-Cb; Tue, 23 Apr 2024 05:00:53 +0000 Received: by outflank-mailman (input) for mailman id 710309; Tue, 23 Apr 2024 05:00:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8Gy-0007hp-DV for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rz8Gy-0007wq-Cb for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rz8Gy-0002Ps-Bm for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 05:00:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qChx7QSplCOu7SpseRnpuYJDTolUlbkx7ywCV+G6q3s=; b=eN4S2mOKqJeyGEwCYE6fykI/GS gAS5lnHf+hG/SoNClCyFXDFnwLPRoZH1KXQdaeHMUVPbqzNymLH6i/qkiBVBMsQuCB0a3tCq46EMG nhtjAFRCB+xpa0nikaRi3xLbR5l8dSPZ1GQvf45Hd4B9iv9wqYBr08G+ki0L+dP5vwHI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/pvh: zero VGA information Message-Id: Date: Tue, 23 Apr 2024 05:00:52 +0000 commit cccb7878f386fb8691b7e28957a562a66d9b875f Author: Roger Pau Monné AuthorDate: Mon Apr 22 15:13:30 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 22 15:13:30 2024 +0200 x86/pvh: zero VGA information PVH guests skip real mode VGA detection, and never have a VGA available, hence the default VGA selection is not applicable, and at worse can cause confusion when parsing Xen boot log. Zero the boot_vid_info structure when Xen is booted from the PVH entry point. This fixes Xen incorrectly reporting: (XEN) Video information: (XEN) VGA is text mode 80x25, font 8x16 When booted as a PVH guest. Reported-by: Andrew Cooper Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- xen/arch/x86/boot/video.h | 2 ++ xen/arch/x86/guest/xen/pvh-boot.c | 9 +++++++++ xen/arch/x86/setup.c | 1 - 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/boot/video.h b/xen/arch/x86/boot/video.h index 6a7775d242..1203515f9e 100644 --- a/xen/arch/x86/boot/video.h +++ b/xen/arch/x86/boot/video.h @@ -67,6 +67,8 @@ struct boot_video_info { } vesapm; uint16_t vesa_attrib; /* 0x28 */ }; + +extern struct boot_video_info boot_vid_info; #endif /* __ASSEMBLY__ */ #endif /* __BOOT_VIDEO_H__ */ diff --git a/xen/arch/x86/guest/xen/pvh-boot.c b/xen/arch/x86/guest/xen/pvh-boot.c index 9cbe87b61b..cc57ab2cbc 100644 --- a/xen/arch/x86/guest/xen/pvh-boot.c +++ b/xen/arch/x86/guest/xen/pvh-boot.c @@ -15,6 +15,10 @@ #include +#ifdef CONFIG_VIDEO +# include "../../boot/video.h" +#endif + /* Initialised in head.S, before .bss is zeroed. */ bool __initdata pvh_boot; uint32_t __initdata pvh_start_info_pa; @@ -95,6 +99,11 @@ void __init pvh_init(multiboot_info_t **mbi, module_t **mod) ASSERT(xen_guest); get_memory_map(); + +#ifdef CONFIG_VIDEO + /* No VGA available when booted from the PVH entry point. */ + memset(&bootsym(boot_vid_info), 0, sizeof(boot_vid_info)); +#endif } void __init pvh_print_info(void) diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 86cd8b9997..449a347653 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -646,7 +646,6 @@ static struct e820map __initdata boot_e820; #ifdef CONFIG_VIDEO # include "boot/video.h" -extern struct boot_video_info boot_vid_info; #endif static void __init parse_video_info(void) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 12:22:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 12:22:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710556.1109797 (Exim 4.92) (envelope-from ) id 1rzF9w-0000Hx-L1; Tue, 23 Apr 2024 12:22:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710556.1109797; Tue, 23 Apr 2024 12:22:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzF9w-0000Hp-IV; Tue, 23 Apr 2024 12:22:04 +0000 Received: by outflank-mailman (input) for mailman id 710556; Tue, 23 Apr 2024 12:22:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzF9v-0000Hj-FM for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzF9v-0007S4-7O for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzF9v-0004XW-6C for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rXV21Ma34tygqhggNTDGRt77fJdbp7k6C4i/Neh1/lg=; b=Zls4WQhkzYpJy26FjctR+EThj7 V2W1Vj9PRZqXMaNimmVy+J8/kdWp7HTyx1vpQH2rQEl2MNb6nLvEG/Eh3UehXMqNbNC/QJLIbk0H7 BAzr3Q1lSO3/RgUYG4UJ9ervOjmbeYqtYi77DbkqNbY+FiU/z7PMjKSvZfxfb9F44kDs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/rtc: Avoid UIP flag being set for longer than expected Message-Id: Date: Tue, 23 Apr 2024 12:22:03 +0000 commit 43a07069863b419433dee12c9b58c1f7ce70aa97 Author: Ross Lagerwall AuthorDate: Tue Apr 23 14:09:18 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:09:18 2024 +0200 x86/rtc: Avoid UIP flag being set for longer than expected In a test, OVMF reported an error initializing the RTC without indicating the precise nature of the error. The only plausible explanation I can find is as follows: As part of the initialization, OVMF reads register C and then reads register A repatedly until the UIP flag is not set. If this takes longer than 100 ms, OVMF fails and reports an error. This may happen with the following sequence of events: At guest time=0s, rtc_init() calls check_update_timer() which schedules update_timer for t=(1 - 244us). At t=1s, the update_timer function happens to have been called >= 244us late. In the timer callback, it sets the UIP flag and schedules update_timer2 for t=1s. Before update_timer2 runs, the guest reads register C which calls check_update_timer(). check_update_timer() stops the scheduled update_timer2 and since the guest time is now outside of the update cycle, it schedules update_timer for t=(2 - 244us). The UIP flag will therefore be set for a whole second from t=1 to t=2 while the guest repeatedly reads register A waiting for the UIP flag to clear. Fix it by clearing the UIP flag when scheduling update_timer. I was able to reproduce this issue with a synthetic test and this resolves the issue. Signed-off-by: Ross Lagerwall Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/rtc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index 4b31382619..4bb1c75055 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -202,6 +202,7 @@ static void check_update_timer(RTCState *s) } else { + s->hw.cmos_data[RTC_REG_A] &= ~RTC_UIP; next_update_time = (USEC_PER_SEC - guest_usec - 244) * NS_PER_USEC; expire_time = NOW() + next_update_time; s->next_update_time = expire_time; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 12:22:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 12:22:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710557.1109801 (Exim 4.92) (envelope-from ) id 1rzFA6-0000Jg-MW; Tue, 23 Apr 2024 12:22:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710557.1109801; Tue, 23 Apr 2024 12:22:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFA6-0000JY-Jt; Tue, 23 Apr 2024 12:22:14 +0000 Received: by outflank-mailman (input) for mailman id 710557; Tue, 23 Apr 2024 12:22:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFA5-0000JQ-BS for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFA5-0007SE-AY for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzFA5-0004ZX-9Z for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5dfLwRnex9zHmpLOBLDJNJbG/ePTKytgYJW0PtzA9q4=; b=Br7IJtsYuWv2vUVvFXfvJS4Ydo 5G6gRCu/cmT7UDd+sesNeR5mBTYMqH43IM9fyoT8zDLNRNGLoVQ9ZvD4wRyFgRD0eOwONNB1FzDmN Shh8jSNW6ihuWUZ0Jhe7mfvaEIT9lFoaARz+YZK3XIUyV3EZkYieAOc+m7GVVcQKrQ2s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/misc: xenwatchdogd: add parse_secs() Message-Id: Date: Tue, 23 Apr 2024 12:22:13 +0000 commit f0fa75c9ea9f03cf2c6f5e63d07664ca4b224dd6 Author: Leigh Brown AuthorDate: Tue Apr 23 14:09:50 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:09:50 2024 +0200 tools/misc: xenwatchdogd: add parse_secs() Create a new parse_secs() function to parse the timeout and sleep parameters. This ensures that non-numeric parameters are not accidentally treated as numbers. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index 112b706357..9fa772e49f 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -49,6 +49,18 @@ static void catch_usr1(int sig) done = true; } +static int parse_secs(const char *arg, const char *what) +{ + char *endptr; + unsigned long val; + + val = strtoul(arg, &endptr, 0); + if (val > INT_MAX || *endptr) + errx(EXIT_FAILURE, "invalid %s: '%s'", what, arg); + + return val; +} + int main(int argc, char **argv) { int id; @@ -64,16 +76,11 @@ int main(int argc, char **argv) if (h == NULL) err(EXIT_FAILURE, "xc_interface_open"); - t = strtoul(argv[1], NULL, 0); - if (t == ULONG_MAX) - err(EXIT_FAILURE, "strtoul"); + t = parse_secs(argv[1], "timeout"); s = t / 2; - if (argc == 3) { - s = strtoul(argv[2], NULL, 0); - if (s == ULONG_MAX) - err(EXIT_FAILURE, "strtoul"); - } + if (argc == 3) + s = parse_secs(argv[2], "sleep"); if (signal(SIGHUP, &catch_exit) == SIG_ERR) err(EXIT_FAILURE, "signal"); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 12:22:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 12:22:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710558.1109807 (Exim 4.92) (envelope-from ) id 1rzFAG-0000MX-OJ; Tue, 23 Apr 2024 12:22:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710558.1109807; Tue, 23 Apr 2024 12:22:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAG-0000MP-LL; Tue, 23 Apr 2024 12:22:24 +0000 Received: by outflank-mailman (input) for mailman id 710558; Tue, 23 Apr 2024 12:22:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAF-0000MC-FB for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAF-0007SR-EJ for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzFAF-0004aO-CY for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uX804g+J0pA6hTlAi9RLGU/39HFrSGSVl3XozxKTCYI=; b=h1O3R+Q6uAxLarIKpO1WEWVgbt kwOAEyJUjOX57eFejSwZO8s/IxViW0SKubIjTgueEXAdRW9pY7Fa9hZczrHW9akk4y8NtWpIAQIHy AHf7rNsbASbcSBqrUvhMUac/fKk6spTMpMKblZWUW28KtVZV4/CegWQEY7qnAAbHh10o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/misc: xenwatchdogd enhancements Message-Id: Date: Tue, 23 Apr 2024 12:22:23 +0000 commit e906bfae48b2f71607159e7f5589cb71f961351c Author: Leigh Brown AuthorDate: Tue Apr 23 14:10:03 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:10:03 2024 +0200 tools/misc: xenwatchdogd enhancements Add usage() function, the ability to run in the foreground, and the ability to disarm the watchdog timer when exiting. Add enhanced parameter parsing and validation, making use of getopt_long(). Check the number of parameters are correct, the timeout is at least two seconds (to allow a minimum sleep time of one second), and that the sleep time is at least one and less than the watchdog timeout. With these changes, the daemon will no longer instantly reboot the domain if you enter a zero timeout (or non-numeric parameter), and prevent the daemon consuming 100% of a CPU due to zero sleep time. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 94 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 84 insertions(+), 10 deletions(-) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index 9fa772e49f..a16d1efc13 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -10,6 +10,11 @@ #include #include #include +#include + +#define WDOG_MIN_TIMEOUT 2 +#define WDOG_MIN_SLEEP 1 +#define WDOG_EXIT_TIMEOUT 300 static xc_interface *h; static volatile bool safeexit = false; @@ -49,6 +54,26 @@ static void catch_usr1(int sig) done = true; } +static void __attribute__((noreturn)) usage(int exit_code) +{ + FILE *out = exit_code ? stderr : stdout; + + fprintf(out, + "Usage: xenwatchdog [OPTION]... []\n" + " -h, --help\t\tDisplay this help text and exit.\n" + " -F, --foreground\tRun in foreground.\n" + " -x, --safe-exit\tDisable watchdog on orderly exit.\n" + "\t\t\tNote: default is to set a %d second timeout on exit.\n\n" + " timeout\t\tInteger seconds to arm the watchdog each time.\n" + "\t\t\tNote: minimum timeout is %d seconds.\n\n" + " sleep\t\t\tInteger seconds to sleep between arming the watchdog.\n" + "\t\t\tNote: sleep must be at least %d and less than timeout.\n" + "\t\t\tIf not specified then set to half the timeout.\n", + WDOG_EXIT_TIMEOUT, WDOG_MIN_TIMEOUT, WDOG_MIN_SLEEP + ); + exit(exit_code); +} + static int parse_secs(const char *arg, const char *what) { char *endptr; @@ -66,22 +91,71 @@ int main(int argc, char **argv) int id; int t, s; int ret; + bool daemon = true; + + for ( ;; ) + { + int option_index = 0, c; + static const struct option long_options[] = + { + { "help", no_argument, NULL, 'h' }, + { "foreground", no_argument, NULL, 'F' }, + { "safe-exit", no_argument, NULL, 'x' }, + { NULL, 0, NULL, 0 }, + }; + + c = getopt_long(argc, argv, "hFxD", long_options, &option_index); + if (c == -1) + break; + + switch (c) + { + case 'h': + usage(EXIT_SUCCESS); + + case 'F': + daemon = false; + break; + + case 'x': + safeexit = true; + break; + + default: + usage(EXIT_FAILURE); + } + } - if (argc < 2) - errx(EXIT_FAILURE, "usage: %s ", argv[0]); + if (argc - optind < 1) + errx(EXIT_FAILURE, "timeout must be specified"); + + if (argc - optind > 2) + errx(EXIT_FAILURE, "too many arguments"); + + t = parse_secs(argv[optind], "timeout"); + if (t < WDOG_MIN_TIMEOUT) + errx(EXIT_FAILURE, "Error: timeout must be at least %d seconds", + WDOG_MIN_TIMEOUT); + + ++optind; + if (optind < argc) { + s = parse_secs(argv[optind], "sleep"); + if (s < WDOG_MIN_SLEEP) + errx(EXIT_FAILURE, "Error: sleep must be no less than %d", + WDOG_MIN_SLEEP); + if (s >= t) + errx(EXIT_FAILURE, "Error: sleep must be less than timeout"); + } + else + s = t / 2; - daemonize(); + if (daemon) + daemonize(); h = xc_interface_open(NULL, NULL, 0); if (h == NULL) err(EXIT_FAILURE, "xc_interface_open"); - t = parse_secs(argv[1], "timeout"); - - s = t / 2; - if (argc == 3) - s = parse_secs(argv[2], "sleep"); - if (signal(SIGHUP, &catch_exit) == SIG_ERR) err(EXIT_FAILURE, "signal"); if (signal(SIGINT, &catch_exit) == SIG_ERR) @@ -105,6 +179,6 @@ int main(int argc, char **argv) } // Zero seconds timeout will disarm the watchdog timer - xc_watchdog(h, id, safeexit ? 0 : 300); + xc_watchdog(h, id, safeexit ? 0 : WDOG_EXIT_TIMEOUT); return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 12:22:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 12:22:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710559.1109810 (Exim 4.92) (envelope-from ) id 1rzFAQ-0000Pz-PF; Tue, 23 Apr 2024 12:22:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710559.1109810; Tue, 23 Apr 2024 12:22:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAQ-0000Pr-Me; Tue, 23 Apr 2024 12:22:34 +0000 Received: by outflank-mailman (input) for mailman id 710559; Tue, 23 Apr 2024 12:22:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAP-0000PO-J2 for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAP-0007Sr-HV for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzFAP-0004at-GO for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TEA5IHaB6h9Z0yOCpxnvwbuNjYJCEJmJqtSEgqQrU64=; b=uqFaGChLH5ZUaiLiaqBIQKMtX5 y0XfhSxoRhA0BGtlAeCO62gGrwAbzJ5ycZ8LN8Oq9iTU710SBitKz2M5/tDzHt5nbmuRYrZdSTo5u +bgMgOXcHG5gF8Q/HVvEbk5ZWWolTOJKUCntbDIUoVcOaMGdR0mxkZG++8lXaxM6yIwg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/misc: Add xenwatchdogd.c copyright notice Message-Id: Date: Tue, 23 Apr 2024 12:22:33 +0000 commit 9c872b5766cde6cd9ebeb724a346aaee16e87c84 Author: Leigh Brown AuthorDate: Tue Apr 23 14:10:16 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:10:16 2024 +0200 tools/misc: Add xenwatchdogd.c copyright notice Add copyright notice and description of the program. Signed-off-by: Leigh Brown Acked-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index a16d1efc13..2884ca6ca9 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -1,3 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * xenwatchdogd.c + * + * Watchdog based on Xen hypercall watchdog interface. + * + * Copyright 2010 Citrix Ltd + * Copyright 2024 Leigh Brown + * + */ #include #include -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 12:22:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 12:22:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710560.1109814 (Exim 4.92) (envelope-from ) id 1rzFAa-0000Sf-QY; Tue, 23 Apr 2024 12:22:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710560.1109814; Tue, 23 Apr 2024 12:22:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAa-0000SX-Ny; Tue, 23 Apr 2024 12:22:44 +0000 Received: by outflank-mailman (input) for mailman id 710560; Tue, 23 Apr 2024 12:22:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAZ-0000SP-L7 for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAZ-0007T1-KK for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzFAZ-0004bQ-JT for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ILMkef/qJEbVxQOHzr5dTMN5Krj1G1sr/cGS2kH1cao=; b=hHusR40JsuZ/BkmTWMOcOsloya nL1LcjvePZaz1xlPJSIDYWvRpt6bVQ86EV6UAwDixiI6yCXfcFVqZuu1zcfjnvO7FPgsOTkqAHHI4 2ug1wI7BC/+Il78O0RcgN6hUX4y99QSaYSszwkAuwgVZEGvHzpYijrGf8pZy38ngKLDk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] docs/man: Add xenwatchdog manual page Message-Id: Date: Tue, 23 Apr 2024 12:22:43 +0000 commit 70d46b51e2f80f808c91f264f501cca1ca7af2b5 Author: Leigh Brown AuthorDate: Tue Apr 23 14:11:14 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:11:14 2024 +0200 docs/man: Add xenwatchdog manual page Add a manual page for xenwatchdogd. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- docs/man/xenwatchdogd.8.pod | 55 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/docs/man/xenwatchdogd.8.pod b/docs/man/xenwatchdogd.8.pod new file mode 100644 index 0000000000..b03ed53ee6 --- /dev/null +++ b/docs/man/xenwatchdogd.8.pod @@ -0,0 +1,55 @@ +=head1 NAME + +xenwatchdogd - Xen hypercall based watchdog daemon + +=head1 SYNOPSIS + +B [ I ] > [ > ] + +=head1 DESCRIPTION + +B arms the Xen watchdog timer to I every I +seconds. If the xenwatchdogd process dies or is delayed for more than +I seconds, then Xen will take the B action +specified in the domain configuration (see xl.cfg(5)). If B +is running in dom0, the whole system will reboot. + +=head1 OPTIONS + +=over 4 + +=item B<-h>, B<--help> + +Display a help message. + +=item B<-F>, B<--foreground> + +Run in the foreground. The default behaviour is to daemonize. + +=item B<-x>, B<--safe-exit> + +Disable watchdog on orderly exit. The default behaviour is to arm the +watchdog to 300 seconds to allow time for the domain to shutdown. See +also the B section. + +=item B + +The number of seconds to arm the Xen watchdog timer. This must be set to +a minimum of two. + +=item B + +The number of seconds to sleep in between calls to arm the Xen watchdog +timer. This must be at least one second, and less than the I +value. If not specified, it defaults to half the I value. + +=back + +=head1 SIGNALS + +B Will cause the program to disarm the watchdog timer and exit, +regardless of whether the B<--safe-exit> option was passed. + +=head1 AUTHOR + +Citrix Ltd and other contributors. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 12:22:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 12:22:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710561.1109818 (Exim 4.92) (envelope-from ) id 1rzFAk-0000VP-SE; Tue, 23 Apr 2024 12:22:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710561.1109818; Tue, 23 Apr 2024 12:22:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAk-0000VG-PR; Tue, 23 Apr 2024 12:22:54 +0000 Received: by outflank-mailman (input) for mailman id 710561; Tue, 23 Apr 2024 12:22:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAj-0000V1-Of for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAj-0007TB-NF for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzFAj-0004c9-MZ for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:22:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=pJZorPtQqu2dZe2rc/WVVd+DZAxRo43AFBD5746ckaA=; b=mT8a95sJCu6rvjklr+vvaXU9rm 4dJeVaZAlqMq1sEhjctHZrnyQM1P1XZz5CZPlmFwejqA/3uJj7qPY9+JnfrLX/W/DdzMfdIusNyui Evqcave85x6COQh0f1mINgH9UOr5Kt2xZWZrj6hlD8IXD8RhpkYQ98xhJtS2pxcWkWcE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen: introduce header file with section related symbols Message-Id: Date: Tue, 23 Apr 2024 12:22:53 +0000 commit f82c43a384913460892d4917d2a2f8c2b9399a5e Author: Roger Pau Monné AuthorDate: Tue Apr 23 14:12:04 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:12:04 2024 +0200 xen: introduce header file with section related symbols Start by declaring the beginning and end of the init section. No functional change intended. Requested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper --- xen/arch/arm/mmu/setup.c | 3 +-- xen/arch/x86/setup.c | 3 +-- xen/include/xen/sections.h | 17 +++++++++++++++++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mmu/setup.c b/xen/arch/arm/mmu/setup.c index c0cb17ca2e..f4bb424c3c 100644 --- a/xen/arch/arm/mmu/setup.c +++ b/xen/arch/arm/mmu/setup.c @@ -7,6 +7,7 @@ #include #include +#include #include #include @@ -62,8 +63,6 @@ vaddr_t directmap_virt_start __read_mostly; unsigned long directmap_base_pdx __read_mostly; #endif -extern char __init_begin[], __init_end[]; - /* Checking VA memory layout alignment. */ static void __init __maybe_unused build_assertions(void) { diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 449a347653..caf235c628 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -309,8 +310,6 @@ void __init discard_initial_images(void) initial_images = NULL; } -extern unsigned char __init_begin[], __init_end[]; - static void __init init_idle_domain(void) { scheduler_init(); diff --git a/xen/include/xen/sections.h b/xen/include/xen/sections.h new file mode 100644 index 0000000000..b6cb5604c2 --- /dev/null +++ b/xen/include/xen/sections.h @@ -0,0 +1,17 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef __XEN_SECTIONS_H__ +#define __XEN_SECTIONS_H__ + +/* SAF-0-safe */ +extern char __init_begin[], __init_end[]; + +#endif /* !__XEN_SECTIONS_H__ */ +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 12:23:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 12:23:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710562.1109822 (Exim 4.92) (envelope-from ) id 1rzFAu-0000Y5-Tf; Tue, 23 Apr 2024 12:23:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710562.1109822; Tue, 23 Apr 2024 12:23:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAu-0000Xx-Qq; Tue, 23 Apr 2024 12:23:04 +0000 Received: by outflank-mailman (input) for mailman id 710562; Tue, 23 Apr 2024 12:23:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAt-0000Xl-RD for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:23:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzFAt-0007Tb-QY for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:23:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzFAt-0004cn-PM for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 12:23:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=kW0n5LoO2cMRnql/EKXuL0WUkTLaa7vE2ZmtQ20ZuSI=; b=h7vZJKEiRQQvjZ24fGYVrZNUIi a6EYjd3R91FIuBQSFxt4K6KjLzmQKRIN5MJ65MXzvDxQ+NJaN9ToRmDo+po7Sda1y0wMc6tu7UTTG QXYPDyfEiUY5hvtMxyCbgeKWdJ2uQFuH4uHmbTwtWSP2JHf0efe9dVbqiRFx3uOKBXXE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/MTRR: correct inadvertently inverted WC check Message-Id: Date: Tue, 23 Apr 2024 12:23:03 +0000 commit 77e25f0e30ddd11e043e6fce84bf108ce7de5b6f Author: Jan Beulich AuthorDate: Tue Apr 23 14:13:48 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:13:48 2024 +0200 x86/MTRR: correct inadvertently inverted WC check The ! clearly got lost by mistake. Fixes: e9e0eb30d4d6 ("x86/MTRR: avoid several indirect calls") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/mtrr/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index 55a4da54a7..90b235f57e 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -316,7 +316,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, } /* If the type is WC, check that this processor supports it */ - if ((type == X86_MT_WC) && mtrr_have_wrcomb()) { + if ((type == X86_MT_WC) && !mtrr_have_wrcomb()) { printk(KERN_WARNING "mtrr: your processor doesn't support write-combining\n"); return -EOPNOTSUPP; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 23 21:55:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 23 Apr 2024 21:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.710978.1110571 (Exim 4.92) (envelope-from ) id 1rzO6S-00041V-Uq; Tue, 23 Apr 2024 21:55:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 710978.1110571; Tue, 23 Apr 2024 21:55:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzO6S-00041N-SI; Tue, 23 Apr 2024 21:55:04 +0000 Received: by outflank-mailman (input) for mailman id 710978; Tue, 23 Apr 2024 21:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzO6S-00041H-9h for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 21:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzO6R-0001bB-SU for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 21:55:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzO6R-00018b-R4 for xen-changelog@lists.xenproject.org; Tue, 23 Apr 2024 21:55:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1uTk6s4DlaonpxHjkye6S7sk/goP2VWQoeT63C8VDh8=; b=qaBB4wLovP+qBQBmBM5NAsuaX8 NjNmWZFrr7aBuo2ORzCz4yDaLVZuR53g4Q2AuWdNhq50pf7CExjdhiccLvzslCKtITM1ESJ0xK5mP 1RGSuWVVdul0amh3huADf9bH65+pgIb3Hs+NfB8yYSRfljUbQ4o9QORz39T/JaCcWaAw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/monitor: allow fast-singlestepping without enabling singlestep monitor Message-Id: Date: Tue, 23 Apr 2024 21:55:03 +0000 commit 410ef3343924b5a3928bbe8e392491992b322cf0 Author: Petr Beneš AuthorDate: Sun Apr 14 18:21:14 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 23 22:49:01 2024 +0100 x86/monitor: allow fast-singlestepping without enabling singlestep monitor Reorder the condition checks within the HVM_MONITOR_SINGLESTEP_BREAKPOINT case to enable fast singlestepping independently of the singlestep monitor being enabled. Previously, fast singlestepping required the singlestep monitor to be explicitly enabled through xc_monitor_singlestep, even though it operates entirely within Xen and does not generate external events. Signed-off-by: Petr Beneš Acked-by: Tamas K Lengyel --- xen/arch/x86/hvm/monitor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/monitor.c b/xen/arch/x86/hvm/monitor.c index 4f500beaf5..2a8ff07ec9 100644 --- a/xen/arch/x86/hvm/monitor.c +++ b/xen/arch/x86/hvm/monitor.c @@ -178,8 +178,6 @@ int hvm_monitor_debug(unsigned long rip, enum hvm_monitor_debug_type type, break; case HVM_MONITOR_SINGLESTEP_BREAKPOINT: - if ( !ad->monitor.singlestep_enabled ) - return 0; if ( curr->arch.hvm.fast_single_step.enabled ) { p2m_altp2m_check(curr, curr->arch.hvm.fast_single_step.p2midx); @@ -188,6 +186,8 @@ int hvm_monitor_debug(unsigned long rip, enum hvm_monitor_debug_type type, curr->arch.hvm.fast_single_step.p2midx = 0; return 0; } + if ( !ad->monitor.singlestep_enabled ) + return 0; req.reason = VM_EVENT_REASON_SINGLESTEP; req.u.singlestep.gfn = gfn_of_rip(rip); sync = true; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 13:00:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 13:00:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711429.1111382 (Exim 4.92) (envelope-from ) id 1rzcEE-0003nA-Rz; Wed, 24 Apr 2024 13:00:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711429.1111382; Wed, 24 Apr 2024 13:00:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEE-0003n1-OV; Wed, 24 Apr 2024 13:00:02 +0000 Received: by outflank-mailman (input) for mailman id 711429; Wed, 24 Apr 2024 13:00:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcED-0003Yy-Fp for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcED-0001l5-Er for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzcED-0002cF-Dw for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6Dpd9d7zBiaDvZE5bm73PQzgzVlC979EsHDg6+ev+7Y=; b=FdHZp193HQb6BTndDmXX7SKi/7 +82+54arj1q7I9cLeYahUGQ01HJx9cee8oEyyOZqaz6iPO1Bkym4LVjX1LFjXY0Mm2AIf3kAKhcQf /xbpwQmIjz4wn07/nm+JF40e1Uw+r5LwovbRkNFB49ZGytnroVm91saErD+vcvAO+00I=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/rtc: Avoid UIP flag being set for longer than expected Message-Id: Date: Wed, 24 Apr 2024 13:00:01 +0000 commit 43a07069863b419433dee12c9b58c1f7ce70aa97 Author: Ross Lagerwall AuthorDate: Tue Apr 23 14:09:18 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:09:18 2024 +0200 x86/rtc: Avoid UIP flag being set for longer than expected In a test, OVMF reported an error initializing the RTC without indicating the precise nature of the error. The only plausible explanation I can find is as follows: As part of the initialization, OVMF reads register C and then reads register A repatedly until the UIP flag is not set. If this takes longer than 100 ms, OVMF fails and reports an error. This may happen with the following sequence of events: At guest time=0s, rtc_init() calls check_update_timer() which schedules update_timer for t=(1 - 244us). At t=1s, the update_timer function happens to have been called >= 244us late. In the timer callback, it sets the UIP flag and schedules update_timer2 for t=1s. Before update_timer2 runs, the guest reads register C which calls check_update_timer(). check_update_timer() stops the scheduled update_timer2 and since the guest time is now outside of the update cycle, it schedules update_timer for t=(2 - 244us). The UIP flag will therefore be set for a whole second from t=1 to t=2 while the guest repeatedly reads register A waiting for the UIP flag to clear. Fix it by clearing the UIP flag when scheduling update_timer. I was able to reproduce this issue with a synthetic test and this resolves the issue. Signed-off-by: Ross Lagerwall Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/rtc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index 4b31382619..4bb1c75055 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -202,6 +202,7 @@ static void check_update_timer(RTCState *s) } else { + s->hw.cmos_data[RTC_REG_A] &= ~RTC_UIP; next_update_time = (USEC_PER_SEC - guest_usec - 244) * NS_PER_USEC; expire_time = NOW() + next_update_time; s->next_update_time = expire_time; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 13:00:12 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 13:00:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711430.1111385 (Exim 4.92) (envelope-from ) id 1rzcEO-0004QY-Su; Wed, 24 Apr 2024 13:00:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711430.1111385; Wed, 24 Apr 2024 13:00:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEO-0004QO-Q0; Wed, 24 Apr 2024 13:00:12 +0000 Received: by outflank-mailman (input) for mailman id 711430; Wed, 24 Apr 2024 13:00:11 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEN-0004QG-Is for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEN-0001nU-I4 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzcEN-0002d9-H4 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0u6tmRc/R+mocR7ab5/Vm4XwmbqKrjANffhqK2lY070=; b=o9KWPbaIw4vJ4L03T8jGKvNJ1/ v/9Iy5K42dfyX3TpOYQ/6zsVSQVvBRgBu+K4GSy8Du9ZOLBYNFyWkvO5Zcr0mUP02gq6fbxd/0yTg UH+EQQX2mjleLcZoJ1kEdJTd3My6loHcmZROMmPSaKcvRt0u0N1YeRT4dkZujxLXmMWU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/misc: xenwatchdogd: add parse_secs() Message-Id: Date: Wed, 24 Apr 2024 13:00:11 +0000 commit f0fa75c9ea9f03cf2c6f5e63d07664ca4b224dd6 Author: Leigh Brown AuthorDate: Tue Apr 23 14:09:50 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:09:50 2024 +0200 tools/misc: xenwatchdogd: add parse_secs() Create a new parse_secs() function to parse the timeout and sleep parameters. This ensures that non-numeric parameters are not accidentally treated as numbers. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index 112b706357..9fa772e49f 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -49,6 +49,18 @@ static void catch_usr1(int sig) done = true; } +static int parse_secs(const char *arg, const char *what) +{ + char *endptr; + unsigned long val; + + val = strtoul(arg, &endptr, 0); + if (val > INT_MAX || *endptr) + errx(EXIT_FAILURE, "invalid %s: '%s'", what, arg); + + return val; +} + int main(int argc, char **argv) { int id; @@ -64,16 +76,11 @@ int main(int argc, char **argv) if (h == NULL) err(EXIT_FAILURE, "xc_interface_open"); - t = strtoul(argv[1], NULL, 0); - if (t == ULONG_MAX) - err(EXIT_FAILURE, "strtoul"); + t = parse_secs(argv[1], "timeout"); s = t / 2; - if (argc == 3) { - s = strtoul(argv[2], NULL, 0); - if (s == ULONG_MAX) - err(EXIT_FAILURE, "strtoul"); - } + if (argc == 3) + s = parse_secs(argv[2], "sleep"); if (signal(SIGHUP, &catch_exit) == SIG_ERR) err(EXIT_FAILURE, "signal"); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 13:00:22 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 13:00:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711431.1111388 (Exim 4.92) (envelope-from ) id 1rzcEY-0004TM-U7; Wed, 24 Apr 2024 13:00:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711431.1111388; Wed, 24 Apr 2024 13:00:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEY-0004TF-RZ; Wed, 24 Apr 2024 13:00:22 +0000 Received: by outflank-mailman (input) for mailman id 711431; Wed, 24 Apr 2024 13:00:21 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEX-0004T3-Ld for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:21 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEX-0001ni-Ku for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:21 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzcEX-0002dm-K9 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:21 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=yipLc8B1U786RnKPRSjsMpm1DU+GKHqjopjMObgOfJo=; b=Prw/0c9BkCcE27MRn/4vwCMhXs veOW6r72JDxOLAskIyBCAiYol2K/MWfCG2n7MueLNblkJNGDtzxPQjgtzUXCbMArzFikkMblf6kCt veiIiE8x0k52rxbclHJdWEV+t3wsItYkncRSppe455nRa6aoLniANnyi4+pTjNEApMKE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/misc: xenwatchdogd enhancements Message-Id: Date: Wed, 24 Apr 2024 13:00:21 +0000 commit e906bfae48b2f71607159e7f5589cb71f961351c Author: Leigh Brown AuthorDate: Tue Apr 23 14:10:03 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:10:03 2024 +0200 tools/misc: xenwatchdogd enhancements Add usage() function, the ability to run in the foreground, and the ability to disarm the watchdog timer when exiting. Add enhanced parameter parsing and validation, making use of getopt_long(). Check the number of parameters are correct, the timeout is at least two seconds (to allow a minimum sleep time of one second), and that the sleep time is at least one and less than the watchdog timeout. With these changes, the daemon will no longer instantly reboot the domain if you enter a zero timeout (or non-numeric parameter), and prevent the daemon consuming 100% of a CPU due to zero sleep time. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 94 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 84 insertions(+), 10 deletions(-) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index 9fa772e49f..a16d1efc13 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -10,6 +10,11 @@ #include #include #include +#include + +#define WDOG_MIN_TIMEOUT 2 +#define WDOG_MIN_SLEEP 1 +#define WDOG_EXIT_TIMEOUT 300 static xc_interface *h; static volatile bool safeexit = false; @@ -49,6 +54,26 @@ static void catch_usr1(int sig) done = true; } +static void __attribute__((noreturn)) usage(int exit_code) +{ + FILE *out = exit_code ? stderr : stdout; + + fprintf(out, + "Usage: xenwatchdog [OPTION]... []\n" + " -h, --help\t\tDisplay this help text and exit.\n" + " -F, --foreground\tRun in foreground.\n" + " -x, --safe-exit\tDisable watchdog on orderly exit.\n" + "\t\t\tNote: default is to set a %d second timeout on exit.\n\n" + " timeout\t\tInteger seconds to arm the watchdog each time.\n" + "\t\t\tNote: minimum timeout is %d seconds.\n\n" + " sleep\t\t\tInteger seconds to sleep between arming the watchdog.\n" + "\t\t\tNote: sleep must be at least %d and less than timeout.\n" + "\t\t\tIf not specified then set to half the timeout.\n", + WDOG_EXIT_TIMEOUT, WDOG_MIN_TIMEOUT, WDOG_MIN_SLEEP + ); + exit(exit_code); +} + static int parse_secs(const char *arg, const char *what) { char *endptr; @@ -66,22 +91,71 @@ int main(int argc, char **argv) int id; int t, s; int ret; + bool daemon = true; + + for ( ;; ) + { + int option_index = 0, c; + static const struct option long_options[] = + { + { "help", no_argument, NULL, 'h' }, + { "foreground", no_argument, NULL, 'F' }, + { "safe-exit", no_argument, NULL, 'x' }, + { NULL, 0, NULL, 0 }, + }; + + c = getopt_long(argc, argv, "hFxD", long_options, &option_index); + if (c == -1) + break; + + switch (c) + { + case 'h': + usage(EXIT_SUCCESS); + + case 'F': + daemon = false; + break; + + case 'x': + safeexit = true; + break; + + default: + usage(EXIT_FAILURE); + } + } - if (argc < 2) - errx(EXIT_FAILURE, "usage: %s ", argv[0]); + if (argc - optind < 1) + errx(EXIT_FAILURE, "timeout must be specified"); + + if (argc - optind > 2) + errx(EXIT_FAILURE, "too many arguments"); + + t = parse_secs(argv[optind], "timeout"); + if (t < WDOG_MIN_TIMEOUT) + errx(EXIT_FAILURE, "Error: timeout must be at least %d seconds", + WDOG_MIN_TIMEOUT); + + ++optind; + if (optind < argc) { + s = parse_secs(argv[optind], "sleep"); + if (s < WDOG_MIN_SLEEP) + errx(EXIT_FAILURE, "Error: sleep must be no less than %d", + WDOG_MIN_SLEEP); + if (s >= t) + errx(EXIT_FAILURE, "Error: sleep must be less than timeout"); + } + else + s = t / 2; - daemonize(); + if (daemon) + daemonize(); h = xc_interface_open(NULL, NULL, 0); if (h == NULL) err(EXIT_FAILURE, "xc_interface_open"); - t = parse_secs(argv[1], "timeout"); - - s = t / 2; - if (argc == 3) - s = parse_secs(argv[2], "sleep"); - if (signal(SIGHUP, &catch_exit) == SIG_ERR) err(EXIT_FAILURE, "signal"); if (signal(SIGINT, &catch_exit) == SIG_ERR) @@ -105,6 +179,6 @@ int main(int argc, char **argv) } // Zero seconds timeout will disarm the watchdog timer - xc_watchdog(h, id, safeexit ? 0 : 300); + xc_watchdog(h, id, safeexit ? 0 : WDOG_EXIT_TIMEOUT); return 0; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 13:00:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 13:00:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711432.1111393 (Exim 4.92) (envelope-from ) id 1rzcEi-0004Vz-Vf; Wed, 24 Apr 2024 13:00:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711432.1111393; Wed, 24 Apr 2024 13:00:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEi-0004Vr-T5; Wed, 24 Apr 2024 13:00:32 +0000 Received: by outflank-mailman (input) for mailman id 711432; Wed, 24 Apr 2024 13:00:31 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEh-0004Vg-Om for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:31 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEh-0001nt-Nz for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:31 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzcEh-0002eV-NC for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:31 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uMIHEMHW4lItPfzwcvFgazWF/q4eBe1+qdnqbanzwQY=; b=0Q3+KYcqkIeA3gQLKphGHEJn8u Eeq4LWK1+cuEwZSSGWpXKC79aUx4n9bpZzF9o7FDZ9NNYWsAmMeH1/+Uuk0yTp6pPYZk9RCDPDpF8 mD4wrmVjZ7UUmMABY4ytubCdGKeZ8CYyJmxHHx+ut0/xUJyTnlnVvdTX8k5tXUkWphIk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/misc: Add xenwatchdogd.c copyright notice Message-Id: Date: Wed, 24 Apr 2024 13:00:31 +0000 commit 9c872b5766cde6cd9ebeb724a346aaee16e87c84 Author: Leigh Brown AuthorDate: Tue Apr 23 14:10:16 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:10:16 2024 +0200 tools/misc: Add xenwatchdogd.c copyright notice Add copyright notice and description of the program. Signed-off-by: Leigh Brown Acked-by: Anthony PERARD --- tools/misc/xenwatchdogd.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/misc/xenwatchdogd.c b/tools/misc/xenwatchdogd.c index a16d1efc13..2884ca6ca9 100644 --- a/tools/misc/xenwatchdogd.c +++ b/tools/misc/xenwatchdogd.c @@ -1,3 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * xenwatchdogd.c + * + * Watchdog based on Xen hypercall watchdog interface. + * + * Copyright 2010 Citrix Ltd + * Copyright 2024 Leigh Brown + * + */ #include #include -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 13:00:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 13:00:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711433.1111397 (Exim 4.92) (envelope-from ) id 1rzcEt-0004YY-18; Wed, 24 Apr 2024 13:00:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711433.1111397; Wed, 24 Apr 2024 13:00:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEs-0004YQ-UU; Wed, 24 Apr 2024 13:00:42 +0000 Received: by outflank-mailman (input) for mailman id 711433; Wed, 24 Apr 2024 13:00:41 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEr-0004YB-TT for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:41 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcEr-0001o0-Qn for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:41 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzcEr-0002ex-Pz for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:41 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=hE0ON4debusSczVrRUTYwnKOYzVvI0oXNM6NDdK7/yA=; b=g9E9gpzo+EK2qmSv83ixsqqYHW TmouSmv03nMhRFT/n8Gzg2okJDrigSnLL0lRc9B9TBL60GE/XkJ0Hg4WjMkAG4BTRUe3+N44uEH4s qFGm6I/EqjN98RthwKlHIXtzwqtQ7rurpD1oiIiNzZLtFo00PigwFZyCPUvWwXkekwGQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] docs/man: Add xenwatchdog manual page Message-Id: Date: Wed, 24 Apr 2024 13:00:41 +0000 commit 70d46b51e2f80f808c91f264f501cca1ca7af2b5 Author: Leigh Brown AuthorDate: Tue Apr 23 14:11:14 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:11:14 2024 +0200 docs/man: Add xenwatchdog manual page Add a manual page for xenwatchdogd. Signed-off-by: Leigh Brown Reviewed-by: Anthony PERARD --- docs/man/xenwatchdogd.8.pod | 55 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/docs/man/xenwatchdogd.8.pod b/docs/man/xenwatchdogd.8.pod new file mode 100644 index 0000000000..b03ed53ee6 --- /dev/null +++ b/docs/man/xenwatchdogd.8.pod @@ -0,0 +1,55 @@ +=head1 NAME + +xenwatchdogd - Xen hypercall based watchdog daemon + +=head1 SYNOPSIS + +B [ I ] > [ > ] + +=head1 DESCRIPTION + +B arms the Xen watchdog timer to I every I +seconds. If the xenwatchdogd process dies or is delayed for more than +I seconds, then Xen will take the B action +specified in the domain configuration (see xl.cfg(5)). If B +is running in dom0, the whole system will reboot. + +=head1 OPTIONS + +=over 4 + +=item B<-h>, B<--help> + +Display a help message. + +=item B<-F>, B<--foreground> + +Run in the foreground. The default behaviour is to daemonize. + +=item B<-x>, B<--safe-exit> + +Disable watchdog on orderly exit. The default behaviour is to arm the +watchdog to 300 seconds to allow time for the domain to shutdown. See +also the B section. + +=item B + +The number of seconds to arm the Xen watchdog timer. This must be set to +a minimum of two. + +=item B + +The number of seconds to sleep in between calls to arm the Xen watchdog +timer. This must be at least one second, and less than the I +value. If not specified, it defaults to half the I value. + +=back + +=head1 SIGNALS + +B Will cause the program to disarm the watchdog timer and exit, +regardless of whether the B<--safe-exit> option was passed. + +=head1 AUTHOR + +Citrix Ltd and other contributors. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 13:00:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 13:00:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711434.1111400 (Exim 4.92) (envelope-from ) id 1rzcF3-0004c9-2W; Wed, 24 Apr 2024 13:00:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711434.1111400; Wed, 24 Apr 2024 13:00:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcF2-0004c0-Vv; Wed, 24 Apr 2024 13:00:52 +0000 Received: by outflank-mailman (input) for mailman id 711434; Wed, 24 Apr 2024 13:00:51 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcF1-0004bl-Ub for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:51 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcF1-0001oQ-Tq for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:51 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzcF1-0002fj-T5 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:00:51 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=37SV4oqHPq2HP2sTKGkg73/TITcQnaNeUNfSmH2l5zg=; b=ljR1QKarFKpmTPcQ+cHsq42ESf iJwJJPnxBVMLU5zC2EYW2ChK//osxLsK/aLNAgg4Dvs+hdLXsFzhCs9iKBLJPnPbmEv8v1j/hbkRX dnFcR416ynYmowu+S2GZtPT53At4Ic90cpKFzBPsAJguzXwxnDmtHq7YlHiS93TxO83c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen: introduce header file with section related symbols Message-Id: Date: Wed, 24 Apr 2024 13:00:51 +0000 commit f82c43a384913460892d4917d2a2f8c2b9399a5e Author: Roger Pau Monné AuthorDate: Tue Apr 23 14:12:04 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:12:04 2024 +0200 xen: introduce header file with section related symbols Start by declaring the beginning and end of the init section. No functional change intended. Requested-by: Andrew Cooper Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper --- xen/arch/arm/mmu/setup.c | 3 +-- xen/arch/x86/setup.c | 3 +-- xen/include/xen/sections.h | 17 +++++++++++++++++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/mmu/setup.c b/xen/arch/arm/mmu/setup.c index c0cb17ca2e..f4bb424c3c 100644 --- a/xen/arch/arm/mmu/setup.c +++ b/xen/arch/arm/mmu/setup.c @@ -7,6 +7,7 @@ #include #include +#include #include #include @@ -62,8 +63,6 @@ vaddr_t directmap_virt_start __read_mostly; unsigned long directmap_base_pdx __read_mostly; #endif -extern char __init_begin[], __init_end[]; - /* Checking VA memory layout alignment. */ static void __init __maybe_unused build_assertions(void) { diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 449a347653..caf235c628 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -309,8 +310,6 @@ void __init discard_initial_images(void) initial_images = NULL; } -extern unsigned char __init_begin[], __init_end[]; - static void __init init_idle_domain(void) { scheduler_init(); diff --git a/xen/include/xen/sections.h b/xen/include/xen/sections.h new file mode 100644 index 0000000000..b6cb5604c2 --- /dev/null +++ b/xen/include/xen/sections.h @@ -0,0 +1,17 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef __XEN_SECTIONS_H__ +#define __XEN_SECTIONS_H__ + +/* SAF-0-safe */ +extern char __init_begin[], __init_end[]; + +#endif /* !__XEN_SECTIONS_H__ */ +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 13:01:03 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 13:01:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711436.1111404 (Exim 4.92) (envelope-from ) id 1rzcFD-0004eZ-3t; Wed, 24 Apr 2024 13:01:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711436.1111404; Wed, 24 Apr 2024 13:01:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcFD-0004eS-1O; Wed, 24 Apr 2024 13:01:03 +0000 Received: by outflank-mailman (input) for mailman id 711436; Wed, 24 Apr 2024 13:01:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcFC-0004eK-1F for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:01:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzcFC-0001ok-0O for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:01:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzcFB-0002h2-Vw for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 13:01:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rS30FMgeXNK9dMs4icdle6NsGff0EHntUy25tN7Oa70=; b=bu5mKpgorn++C5VLiO3JZWnRG+ 3jzIz3RGWC3Rr2zpdRXG4GPaCTjp0tbPORu7hkejNDL3WhFcJR1k9IfJSMD6FGJDXApr3OBdXHfNY v/kgE/59EHIUj3E30XOEznnWYefkQca/0yPY2dO8cE0V9pMNc8EuwC/WzNOQl/juCCss=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/MTRR: correct inadvertently inverted WC check Message-Id: Date: Wed, 24 Apr 2024 13:01:01 +0000 commit 77e25f0e30ddd11e043e6fce84bf108ce7de5b6f Author: Jan Beulich AuthorDate: Tue Apr 23 14:13:48 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 23 14:13:48 2024 +0200 x86/MTRR: correct inadvertently inverted WC check The ! clearly got lost by mistake. Fixes: e9e0eb30d4d6 ("x86/MTRR: avoid several indirect calls") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/cpu/mtrr/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index 55a4da54a7..90b235f57e 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -316,7 +316,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, } /* If the type is WC, check that this processor supports it */ - if ((type == X86_MT_WC) && mtrr_have_wrcomb()) { + if ((type == X86_MT_WC) && !mtrr_have_wrcomb()) { printk(KERN_WARNING "mtrr: your processor doesn't support write-combining\n"); return -EOPNOTSUPP; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 15:55:12 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 15:55:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711523.1111528 (Exim 4.92) (envelope-from ) id 1rzexd-0005Nk-Qu; Wed, 24 Apr 2024 15:55:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711523.1111528; Wed, 24 Apr 2024 15:55:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzexd-0005Nd-OQ; Wed, 24 Apr 2024 15:55:05 +0000 Received: by outflank-mailman (input) for mailman id 711523; Wed, 24 Apr 2024 15:55:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzexc-0005NW-Kj for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzexc-0004hn-7k for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzexc-0005U1-6h for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Iir7Cz893M1Ob7KZeoYMHx+eXCSeNYHJQthJUJXRzHI=; b=XNHiEiU4HU5Who3FKiB9/ujJlW TAOO6ubC0yQsGYz7kFHIOMynSPQmPFHeOKSzrbZVPy04RGEkOmpJfPV0MZatIpQcwIrH//KFap7xw iLZ9Dt/cQ9O//fLbZ2P1AyMb5r4FG2uUV3lYJ7Nl+yOXekMzZPsKKtX2266jwI8zJQoU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] svm/nestedsvm: Introduce nested capabilities bit Message-Id: Date: Wed, 24 Apr 2024 15:55:04 +0000 commit 0d19d3aab0d3032e3207561cff402604788964fe Author: George Dunlap AuthorDate: Mon Feb 5 01:39:00 2024 +0000 Commit: George Dunlap CommitDate: Wed Apr 24 16:36:25 2024 +0100 svm/nestedsvm: Introduce nested capabilities bit In order to make implementation and testing tractable, we will require specific host functionality. Add a nested_virt bit to hvm_funcs.caps, and return an error if a domain is created with nested virt and this bit isn't set. Create VMX and SVM callbacks to be executed from nestedhvm_setup(), which is guaranteed to execute after all command-line options have been procesed. For VMX, start with always enabling it if HAP is present; this shouldn't change current behvior. For SVM, require some basic functionality, adding a document explaining the rationale. NB that only SVM CPUID bits 0-7 have been considered. Bits 10-16 may be considered in a follow-up patch. Signed-off-by: George Dunlap Acked-by: Jan Beulich --- docs/designs/nested-svm-cpu-features.md | 111 +++++++++++++++++++++++++++++++ xen/arch/x86/domain.c | 6 ++ xen/arch/x86/hvm/nestedhvm.c | 10 +++ xen/arch/x86/hvm/svm/nestedsvm.c | 14 ++++ xen/arch/x86/hvm/vmx/vvmx.c | 7 ++ xen/arch/x86/include/asm/hvm/hvm.h | 16 ++++- xen/arch/x86/include/asm/hvm/nestedhvm.h | 4 ++ 7 files changed, 167 insertions(+), 1 deletion(-) diff --git a/docs/designs/nested-svm-cpu-features.md b/docs/designs/nested-svm-cpu-features.md new file mode 100644 index 0000000000..837a96df05 --- /dev/null +++ b/docs/designs/nested-svm-cpu-features.md @@ -0,0 +1,111 @@ +# Nested SVM (AMD) CPUID requirements + +The first step in making nested SVM production-ready is to make sure +that all features are implemented and well-tested. To make this +tractable, we will initially be limiting the "supported" range of +nested virt to a specific subset of host and guest features. This +document describes the criteria for deciding on features, and the +rationale behind each feature. + +For AMD, all virtualization-related features can be found in CPUID +leaf 8000000A:edx + +# Criteria + +- Processor support: At a minimum we want to support processors from + the last 5 years. All things being equal, we'd prefer to cover + older processors than not. Bits 0:7 were available in the very + earliest processors; and even through bit 15 we should be pretty + good support-wise. + +- Faithfulness to hardware: We need the behavior of the "virtual cpu" + from the L1 hypervisor's perspective to be as close as possible to + the original hardware. In particular, the behavior of the hardware + on error paths 1) is not easy to understand or test, 2) can be the + source of surprising vulnerabiliies. (See XSA-7 for an example of a + case where subtle error-handling differences can open up a privilege + escalation.) We should avoid emulating any bit of the hardware with + complex error paths if we can at all help it. + +- Cost of implementation: We want to minimize the cost of + implementation (where this includes bringing an existing sub-par + implementation up to speed). All things being equal, we'll favor a + configuration which does not require any new implementation. + +- Performance: All things being equal, we'd prefer to choose a set of + L0 / L1 CPUID bits that are faster than slower. + + +# Bits + +- 0 `NP` *Nested Paging*: Required both for L0 and L1. + + Based primarily on faithfulness and performance, as well as + potential cost of implementation. Available on earliest hardware, + so no compatibility issues. + +- 1 `LbrVirt` *LBR / debugging virtualization*: Require for L0 and L1. + + For L0 this is required for performance: There's no way to tell the + guests not to use the LBR-related registers; and if the guest does, + then you have to save and restore all LBR-related registers on + context switch, which is prohibitive. Furthermore, the additional + emulation risks a security-relevant difference to come up. + + Providing it to L1 when we have it in L0 is basically free, and + already implemented. + + Just require it and provide it. + +- 2 `SVML` *SVM Lock*: Not required for L0, not provided to L1 + + Seems to be aboult enabling an operating system to prevent "blue + pill" attacks against itself. + + Xen doesn't use it, nor provide it; so it would need to be + implementend. The best way to protect a guest OS is to leave nested + virt disabled in the tools. + +- 3 `NRIPS` NRIP Save: Require for both L0 and L1 + + If NRIPS is not present, the software interrupt injection + functionality can't be used; and Xen has to emulate it. That's + another source of potential security issues. If hardware supports + it, then providing it to guest is basically free. + +- 4 `TscRateMsr`: Not required by L0, not provided to L1 + + The main putative use for this would be trying to maintain an + invariant TSC across cores with different clock speeds, or after a + migrate. Unlike others, this doesn't have an error path to worry + about compatibility-wise; and according to tests done when nestedSVM + was first implemented, it's actually faster to emliate TscRateMSR in + the L0 hypervisor than for L1 to attempt to emulate it itself. + + However, using this properly in L0 will take some implementation + effort; and composing it properly with L1 will take even more + effort. Just leave it off for now. + + - 5 `VmcbClean`: VMCB Clean Bits: Not required by L0, provide to L1 + + This is a pure optimization, both on the side of the L0 and L1. The + implementaiton for L1 is entirely Xen-side, so can be provided even + on hardware that doesn't provide it. And it's purely an + optimization, so could be "implemented" by ignoring the bits + entirely. + + As such, we don't need to require it for L0; and as it's already + implemented, no reason not to provide it to L1. Before this feature + was available those bits were marked SBZ ("should be zero"); setting + them was already advertised to cause unpredictable behavior. + +- 6 `FlushByAsid`: Require for L0, provide to L1 + + This is cheap and easy to use for L0 and to provide to the L1; + there's no reson not to just pass it through. + +- 7 `DecodeAssists`: Require for L0, provide to L1 + + Using it in L0 reduces the chance that we'll make some sort of error + in the decode path. And if hardware supports it, it's easy enough + to provide to the L1. diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 4f851aa81f..20e83cf38b 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -673,6 +673,12 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config) */ config->flags |= XEN_DOMCTL_CDF_oos_off; + if ( nested_virt && !hvm_nested_virt_supported() ) + { + dprintk(XENLOG_INFO, "Nested virt requested but not available\n"); + return -EINVAL; + } + if ( nested_virt && !hap ) { dprintk(XENLOG_INFO, "Nested virt not supported without HAP\n"); diff --git a/xen/arch/x86/hvm/nestedhvm.c b/xen/arch/x86/hvm/nestedhvm.c index 12bf7172b8..451c4da6d4 100644 --- a/xen/arch/x86/hvm/nestedhvm.c +++ b/xen/arch/x86/hvm/nestedhvm.c @@ -150,6 +150,16 @@ static int __init cf_check nestedhvm_setup(void) __clear_bit(0x80, shadow_io_bitmap[0]); __clear_bit(0xed, shadow_io_bitmap[1]); + /* + * NB this must be called after all command-line processing has been + * done, so that if (for example) HAP is disabled, nested virt is + * disabled as well. + */ + if ( cpu_has_vmx ) + start_nested_vmx(&hvm_funcs); + else if ( cpu_has_svm ) + start_nested_svm(&hvm_funcs); + return 0; } __initcall(nestedhvm_setup); diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c index b50bfe6a28..35a2cbfd7d 100644 --- a/xen/arch/x86/hvm/svm/nestedsvm.c +++ b/xen/arch/x86/hvm/svm/nestedsvm.c @@ -1666,3 +1666,17 @@ void svm_nested_features_on_efer_update(struct vcpu *v) } } } + +void __init start_nested_svm(struct hvm_function_table *hvm_function_table) +{ + /* + * Required host functionality to support nested virt. See + * docs/designs/nested-svm-cpu-features.md for rationale. + */ + hvm_function_table->caps.nested_virt = + hvm_function_table->caps.hap && + cpu_has_svm_lbrv && + cpu_has_svm_nrips && + cpu_has_svm_flushbyasid && + cpu_has_svm_decode; +} diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c index ece0aa243a..39290c9861 100644 --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -2816,6 +2816,13 @@ void nvmx_set_cr_read_shadow(struct vcpu *v, unsigned int cr) __vmwrite(read_shadow_field, v->arch.hvm.nvcpu.guest_cr[cr]); } +void __init start_nested_vmx(struct hvm_function_table *hvm_function_table) +{ + /* TODO: Require hardware support before enabling nested virt */ + hvm_function_table->caps.nested_virt = + hvm_function_table->caps.hap; +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 899233fb25..0c9e6f1564 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -97,7 +97,10 @@ struct hvm_function_table { singlestep:1, /* Hardware virtual interrupt delivery enable? */ - virtual_intr_delivery:1; + virtual_intr_delivery:1, + + /* Nested virt capabilities */ + nested_virt:1; } caps; /* @@ -670,6 +673,12 @@ static inline bool hvm_altp2m_supported(void) return hvm_funcs.caps.altp2m; } +/* Returns true if we have the minimum hardware requirements for nested virt */ +static inline bool hvm_nested_virt_supported(void) +{ + return hvm_funcs.caps.nested_virt; +} + /* updates the current hardware p2m */ static inline void altp2m_vcpu_update_p2m(struct vcpu *v) { @@ -813,6 +822,11 @@ static inline bool hvm_hap_supported(void) return false; } +static inline bool hvm_nested_virt_supported(void) +{ + return false; +} + static inline bool nhvm_vmcx_hap_enabled(const struct vcpu *v) { ASSERT_UNREACHABLE(); diff --git a/xen/arch/x86/include/asm/hvm/nestedhvm.h b/xen/arch/x86/include/asm/hvm/nestedhvm.h index 56a2019e1b..0568acb25f 100644 --- a/xen/arch/x86/include/asm/hvm/nestedhvm.h +++ b/xen/arch/x86/include/asm/hvm/nestedhvm.h @@ -82,4 +82,8 @@ static inline bool vvmcx_valid(const struct vcpu *v) return vcpu_nestedhvm(v).nv_vvmcxaddr != INVALID_PADDR; } + +void start_nested_svm(struct hvm_function_table *); +void start_nested_vmx(struct hvm_function_table *); + #endif /* _HVM_NESTEDHVM_H */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 15:55:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 15:55:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711524.1111532 (Exim 4.92) (envelope-from ) id 1rzexn-0005PU-SQ; Wed, 24 Apr 2024 15:55:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711524.1111532; Wed, 24 Apr 2024 15:55:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzexn-0005PN-Py; Wed, 24 Apr 2024 15:55:15 +0000 Received: by outflank-mailman (input) for mailman id 711524; Wed, 24 Apr 2024 15:55:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzexm-0005PB-DV for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzexm-0004hu-Br for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzexm-0005UW-A3 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OpjGEFpzkmHagM4gebp1O2U3STdsXW1CyhGUhwKTSZ8=; b=q5eONjMVJAN5yFs1pk8Dfs5jmN gY6EP/5NX7aAVCRn0z4lIFwxpzCmuNkPGu4yrqEf5wFjcsZuakbjcz+acS2jTPG998MHKfb+v6gu3 GumtSZgHLO5MUDeAK2d5E53vdzOuBIzdR5eyrMX0mWLSTEgPxLA9O2OkRv68UpBZC6U4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/golang: When returning pointers, actually allocate structrues Message-Id: Date: Wed, 24 Apr 2024 15:55:14 +0000 commit 27c176d298cd5866d0ea2cfa5f9068730e57dd37 Author: George Dunlap AuthorDate: Fri Apr 19 10:57:04 2024 +0100 Commit: George Dunlap CommitDate: Wed Apr 24 16:42:16 2024 +0100 tools/golang: When returning pointers, actually allocate structrues In a handful of cases, it was decided to return a pointer to a structure rather than the plain structure itself, due to the size. However, in these cases the structure was never allocated, leading to a nil pointer exception when calling the relevant `fromC` method. Allocate structures before attempting to fill them in. Fixes: 453713b1750 ("golang/xenlight: Add host-related functionality") Reported-by: Tobias Fitschen Signed-off-by: George Dunlap Tested-by: Tobias Fitschen Acked-by: Nick Rosbrook --- tools/golang/xenlight/xenlight.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/golang/xenlight/xenlight.go b/tools/golang/xenlight/xenlight.go index a45c636952..d793f172e5 100644 --- a/tools/golang/xenlight/xenlight.go +++ b/tools/golang/xenlight/xenlight.go @@ -999,6 +999,7 @@ func (ctx *Context) GetPhysinfo() (physinfo *Physinfo, err error) { err = Error(ret) return } + physinfo = &Physinfo{} err = physinfo.fromC(&cphys) return @@ -1010,6 +1011,7 @@ func (ctx *Context) GetVersionInfo() (info *VersionInfo, err error) { cinfo = C.libxl_get_version_info(ctx.ctx) + info = &VersionInfo{} err = info.fromC(cinfo) return @@ -1027,6 +1029,7 @@ func (ctx *Context) DomainInfo(Id Domid) (di *Dominfo, err error) { return } + di = &Dominfo{} err = di.fromC(&cdi) return -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 15:55:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 15:55:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711525.1111539 (Exim 4.92) (envelope-from ) id 1rzexx-0005S4-VI; Wed, 24 Apr 2024 15:55:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711525.1111539; Wed, 24 Apr 2024 15:55:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzexx-0005Rw-RT; Wed, 24 Apr 2024 15:55:25 +0000 Received: by outflank-mailman (input) for mailman id 711525; Wed, 24 Apr 2024 15:55:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzexw-0005Rg-Ge for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzexw-0004i6-F6 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzexw-0005V2-E4 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=WtWSq16kdU8twlSIQpOfzEvYOcw+vkCLmUNN4ol/qds=; b=1t1g+WePivbrcVT/KdP1OHNveY X+r90hB5LrfzWVLLmhKQNMnn9Vxd0ujfqeTK78Mq3n804Wv4liSjmjyxisnLnHUN85mNgQW1IGpcc yLeyixgiG9FC99M2qlCfCud6PDMzuNVwFFh1lZwEjThNE3OxDkE1XB4jEYfcrOtH6Z6U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] golang/xenlight: Ensure comments aren't interpreted as docstrings Message-Id: Date: Wed, 24 Apr 2024 15:55:24 +0000 commit 9c08a88ad0a75878d6448c60d88ae898f7cc6427 Author: George Dunlap AuthorDate: Fri Apr 19 12:03:13 2024 +0100 Commit: George Dunlap CommitDate: Wed Apr 24 16:42:16 2024 +0100 golang/xenlight: Ensure comments aren't interpreted as docstrings Go has always interpreted a comment directly before a function as a docstring, so having the C function prototypes which the golang method is meant to wrap in the comment before was always a bit non-standard. However, recent versions of `go fmt` now attempt to normalize these docstrings as well, leading to strange changes, particularly if `go fmt` is run on save. Go through and put a space between non-docstring comments and methods, so that `go fmt` leaves the comments alone. No functional change. Signed-off-by: George Dunlap Acked-by: Nick Rosbrook --- tools/golang/xenlight/xenlight.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tools/golang/xenlight/xenlight.go b/tools/golang/xenlight/xenlight.go index d793f172e5..7f08657187 100644 --- a/tools/golang/xenlight/xenlight.go +++ b/tools/golang/xenlight/xenlight.go @@ -562,6 +562,7 @@ func (dt DomainType) String() (str string) { } // const char *libxl_scheduler_to_string(libxl_scheduler p); + func (s Scheduler) String() string { cs := C.libxl_scheduler_to_string(C.libxl_scheduler(s)) // No need to free const return value @@ -570,6 +571,7 @@ func (s Scheduler) String() string { } // int libxl_scheduler_from_string(const char *s, libxl_scheduler *e); + func (s *Scheduler) FromString(gstr string) (err error) { *s, err = SchedulerFromString(gstr) return @@ -594,6 +596,7 @@ func SchedulerFromString(name string) (s Scheduler, err error) { // libxl_cpupoolinfo * libxl_list_cpupool(libxl_ctx*, int *nb_pool_out); // void libxl_cpupoolinfo_list_free(libxl_cpupoolinfo *list, int nb_pool); + func (ctx *Context) ListCpupool() (list []Cpupoolinfo) { var nbPool C.int @@ -617,6 +620,7 @@ func (ctx *Context) ListCpupool() (list []Cpupoolinfo) { } // int libxl_cpupool_info(libxl_ctx *ctx, libxl_cpupoolinfo *info, uint32_t poolid); + func (ctx *Context) CpupoolInfo(Poolid uint32) (pool Cpupoolinfo, err error) { var c_cpupool C.libxl_cpupoolinfo @@ -638,6 +642,7 @@ func (ctx *Context) CpupoolInfo(Poolid uint32) (pool Cpupoolinfo, err error) { // uint32_t *poolid); // FIXME: uuid // FIXME: Setting poolid + func (ctx *Context) CpupoolCreate(Name string, Scheduler Scheduler, Cpumap Bitmap) (err error, Poolid uint32) { poolid := C.uint32_t(C.LIBXL_CPUPOOL_POOLID_ANY) name := C.CString(Name) @@ -666,6 +671,7 @@ func (ctx *Context) CpupoolCreate(Name string, Scheduler Scheduler, Cpumap Bitma } // int libxl_cpupool_destroy(libxl_ctx *ctx, uint32_t poolid); + func (ctx *Context) CpupoolDestroy(Poolid uint32) (err error) { ret := C.libxl_cpupool_destroy(ctx.ctx, C.uint32_t(Poolid)) if ret != 0 { @@ -677,6 +683,7 @@ func (ctx *Context) CpupoolDestroy(Poolid uint32) (err error) { } // int libxl_cpupool_cpuadd(libxl_ctx *ctx, uint32_t poolid, int cpu); + func (ctx *Context) CpupoolCpuadd(Poolid uint32, Cpu int) (err error) { ret := C.libxl_cpupool_cpuadd(ctx.ctx, C.uint32_t(Poolid), C.int(Cpu)) if ret != 0 { @@ -689,6 +696,7 @@ func (ctx *Context) CpupoolCpuadd(Poolid uint32, Cpu int) (err error) { // int libxl_cpupool_cpuadd_cpumap(libxl_ctx *ctx, uint32_t poolid, // const libxl_bitmap *cpumap); + func (ctx *Context) CpupoolCpuaddCpumap(Poolid uint32, Cpumap Bitmap) (err error) { var cbm C.libxl_bitmap if err = Cpumap.toC(&cbm); err != nil { @@ -706,6 +714,7 @@ func (ctx *Context) CpupoolCpuaddCpumap(Poolid uint32, Cpumap Bitmap) (err error } // int libxl_cpupool_cpuremove(libxl_ctx *ctx, uint32_t poolid, int cpu); + func (ctx *Context) CpupoolCpuremove(Poolid uint32, Cpu int) (err error) { ret := C.libxl_cpupool_cpuremove(ctx.ctx, C.uint32_t(Poolid), C.int(Cpu)) if ret != 0 { @@ -718,6 +727,7 @@ func (ctx *Context) CpupoolCpuremove(Poolid uint32, Cpu int) (err error) { // int libxl_cpupool_cpuremove_cpumap(libxl_ctx *ctx, uint32_t poolid, // const libxl_bitmap *cpumap); + func (ctx *Context) CpupoolCpuremoveCpumap(Poolid uint32, Cpumap Bitmap) (err error) { var cbm C.libxl_bitmap if err = Cpumap.toC(&cbm); err != nil { @@ -735,6 +745,7 @@ func (ctx *Context) CpupoolCpuremoveCpumap(Poolid uint32, Cpumap Bitmap) (err er } // int libxl_cpupool_rename(libxl_ctx *ctx, const char *name, uint32_t poolid); + func (ctx *Context) CpupoolRename(Name string, Poolid uint32) (err error) { name := C.CString(Name) defer C.free(unsafe.Pointer(name)) @@ -749,6 +760,7 @@ func (ctx *Context) CpupoolRename(Name string, Poolid uint32) (err error) { } // int libxl_cpupool_cpuadd_node(libxl_ctx *ctx, uint32_t poolid, int node, int *cpus); + func (ctx *Context) CpupoolCpuaddNode(Poolid uint32, Node int) (Cpus int, err error) { ccpus := C.int(0) @@ -764,6 +776,7 @@ func (ctx *Context) CpupoolCpuaddNode(Poolid uint32, Node int) (Cpus int, err er } // int libxl_cpupool_cpuremove_node(libxl_ctx *ctx, uint32_t poolid, int node, int *cpus); + func (ctx *Context) CpupoolCpuremoveNode(Poolid uint32, Node int) (Cpus int, err error) { ccpus := C.int(0) @@ -779,6 +792,7 @@ func (ctx *Context) CpupoolCpuremoveNode(Poolid uint32, Node int) (Cpus int, err } // int libxl_cpupool_movedomain(libxl_ctx *ctx, uint32_t poolid, uint32_t domid); + func (ctx *Context) CpupoolMovedomain(Poolid uint32, Id Domid) (err error) { ret := C.libxl_cpupool_movedomain(ctx.ctx, C.uint32_t(Poolid), C.uint32_t(Id)) if ret != 0 { @@ -792,6 +806,7 @@ func (ctx *Context) CpupoolMovedomain(Poolid uint32, Id Domid) (err error) { // // Utility functions // + func (ctx *Context) CpupoolFindByName(name string) (info Cpupoolinfo, found bool) { plist := ctx.ListCpupool() @@ -940,6 +955,7 @@ func (bm Bitmap) String() (s string) { } //int libxl_get_max_cpus(libxl_ctx *ctx); + func (ctx *Context) GetMaxCpus() (maxCpus int, err error) { ret := C.libxl_get_max_cpus(ctx.ctx) if ret < 0 { @@ -951,6 +967,7 @@ func (ctx *Context) GetMaxCpus() (maxCpus int, err error) { } //int libxl_get_online_cpus(libxl_ctx *ctx); + func (ctx *Context) GetOnlineCpus() (onCpus int, err error) { ret := C.libxl_get_online_cpus(ctx.ctx) if ret < 0 { @@ -962,6 +979,7 @@ func (ctx *Context) GetOnlineCpus() (onCpus int, err error) { } //int libxl_get_max_nodes(libxl_ctx *ctx); + func (ctx *Context) GetMaxNodes() (maxNodes int, err error) { ret := C.libxl_get_max_nodes(ctx.ctx) if ret < 0 { @@ -973,6 +991,7 @@ func (ctx *Context) GetMaxNodes() (maxNodes int, err error) { } //int libxl_get_free_memory(libxl_ctx *ctx, uint64_t *memkb); + func (ctx *Context) GetFreeMemory() (memkb uint64, err error) { var cmem C.uint64_t ret := C.libxl_get_free_memory(ctx.ctx, &cmem) @@ -988,6 +1007,7 @@ func (ctx *Context) GetFreeMemory() (memkb uint64, err error) { } //int libxl_get_physinfo(libxl_ctx *ctx, libxl_physinfo *physinfo) + func (ctx *Context) GetPhysinfo() (physinfo *Physinfo, err error) { var cphys C.libxl_physinfo C.libxl_physinfo_init(&cphys) @@ -1006,6 +1026,7 @@ func (ctx *Context) GetPhysinfo() (physinfo *Physinfo, err error) { } //const libxl_version_info* libxl_get_version_info(libxl_ctx *ctx); + func (ctx *Context) GetVersionInfo() (info *VersionInfo, err error) { var cinfo *C.libxl_version_info @@ -1045,6 +1066,7 @@ func (ctx *Context) DomainUnpause(Id Domid) (err error) { } //int libxl_domain_pause(libxl_ctx *ctx, uint32_t domain); + func (ctx *Context) DomainPause(id Domid) (err error) { ret := C.libxl_domain_pause(ctx.ctx, C.uint32_t(id), nil) @@ -1055,6 +1077,7 @@ func (ctx *Context) DomainPause(id Domid) (err error) { } //int libxl_domain_shutdown(libxl_ctx *ctx, uint32_t domid); + func (ctx *Context) DomainShutdown(id Domid) (err error) { ret := C.libxl_domain_shutdown(ctx.ctx, C.uint32_t(id), nil) @@ -1065,6 +1088,7 @@ func (ctx *Context) DomainShutdown(id Domid) (err error) { } //int libxl_domain_reboot(libxl_ctx *ctx, uint32_t domid); + func (ctx *Context) DomainReboot(id Domid) (err error) { ret := C.libxl_domain_reboot(ctx.ctx, C.uint32_t(id), nil) @@ -1076,6 +1100,7 @@ func (ctx *Context) DomainReboot(id Domid) (err error) { //libxl_dominfo * libxl_list_domain(libxl_ctx*, int *nb_domain_out); //void libxl_dominfo_list_free(libxl_dominfo *list, int nb_domain); + func (ctx *Context) ListDomain() (glist []Dominfo) { var nbDomain C.int clist := C.libxl_list_domain(ctx.ctx, &nbDomain) @@ -1098,6 +1123,7 @@ func (ctx *Context) ListDomain() (glist []Dominfo) { //libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, // int *nb_vcpu, int *nr_cpus_out); //void libxl_vcpuinfo_list_free(libxl_vcpuinfo *, int nr_vcpus); + func (ctx *Context) ListVcpu(id Domid) (glist []Vcpuinfo) { var nbVcpu C.int var nrCpu C.int @@ -1128,6 +1154,7 @@ func (ct ConsoleType) String() (str string) { //int libxl_console_get_tty(libxl_ctx *ctx, uint32_t domid, int cons_num, //libxl_console_type type, char **path); + func (ctx *Context) ConsoleGetTty(id Domid, consNum int, conType ConsoleType) (path string, err error) { var cpath *C.char ret := C.libxl_console_get_tty(ctx.ctx, C.uint32_t(id), C.int(consNum), C.libxl_console_type(conType), &cpath) @@ -1143,6 +1170,7 @@ func (ctx *Context) ConsoleGetTty(id Domid, consNum int, conType ConsoleType) (p //int libxl_primary_console_get_tty(libxl_ctx *ctx, uint32_t domid_vm, // char **path); + func (ctx *Context) PrimaryConsoleGetTty(domid uint32) (path string, err error) { var cpath *C.char ret := C.libxl_primary_console_get_tty(ctx.ctx, C.uint32_t(domid), &cpath) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 15:55:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 15:55:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711526.1111541 (Exim 4.92) (envelope-from ) id 1rzey7-0005Ug-Vq; Wed, 24 Apr 2024 15:55:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711526.1111541; Wed, 24 Apr 2024 15:55:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzey7-0005UY-T8; Wed, 24 Apr 2024 15:55:35 +0000 Received: by outflank-mailman (input) for mailman id 711526; Wed, 24 Apr 2024 15:55:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzey6-0005UE-Jv for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzey6-0004iD-Iy for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzey6-0005X9-HA for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 15:55:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=D+GP+wmoVdU7ENaoIhe2dHTUUTD5A4+mECGAv4P+tuc=; b=EfQq+zASo8hr2pwIWuCWtqS4dx UEso7CsCrfpDaYrMHOAGjBfSE/Ovd/Nral7REk9CPau0trVhFSsmlOpfM00yT/ccpzU+IjxvUgcyN 0g4o6SqxH7ui741VZuv/JcRtHkzcdthvoEvwt8rDoH4cvQ93trrmtawgPZj3bV6KTWcQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/golang: Run `go vet` as part of the build process Message-Id: Date: Wed, 24 Apr 2024 15:55:34 +0000 commit 6c04a0bf2c5824616c0bbc44bc4f07c64a5469be Author: George Dunlap AuthorDate: Fri Apr 19 11:35:57 2024 +0100 Commit: George Dunlap CommitDate: Wed Apr 24 16:42:16 2024 +0100 tools/golang: Run `go vet` as part of the build process Signed-off-by: George Dunlap Acked-by: Nick Rosbrook --- tools/golang/xenlight/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/golang/xenlight/Makefile b/tools/golang/xenlight/Makefile index c5bb6b94a8..645e7b3a82 100644 --- a/tools/golang/xenlight/Makefile +++ b/tools/golang/xenlight/Makefile @@ -29,6 +29,7 @@ $(subst .gen.,.%.,$(GOXL_GEN_FILES)): gengotypes.py $(LIBXL_SRC_DIR)/libxl_types # so that it can find the actual library. .PHONY: build build: xenlight.go $(GOXL_GEN_FILES) + CGO_CFLAGS="$(CFLAGS_libxenlight) $(CFLAGS_libxentoollog) $(APPEND_CFLAGS)" CGO_LDFLAGS="$(call xenlibs-ldflags,light toollog) $(APPEND_LDFLAGS)" $(GO) vet CGO_CFLAGS="$(CFLAGS_libxenlight) $(CFLAGS_libxentoollog) $(APPEND_CFLAGS)" CGO_LDFLAGS="$(call xenlibs-ldflags,light toollog) $(APPEND_LDFLAGS)" $(GO) build -x .PHONY: install -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:22:12 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711603.1111665 (Exim 4.92) (envelope-from ) id 1rzhFs-0002eI-A9; Wed, 24 Apr 2024 18:22:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711603.1111665; Wed, 24 Apr 2024 18:22:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhFs-0002eA-7Z; Wed, 24 Apr 2024 18:22:04 +0000 Received: by outflank-mailman (input) for mailman id 711603; Wed, 24 Apr 2024 18:22:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhFr-0002e1-Jr for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhFr-000801-DK for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhFr-0001h4-Bo for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JB+AoQRF19M8nzv/f+yCieljCc7WVk6tCgCncbd4sBY=; b=HThSw6yjJUDD2e48gcyua6flo4 4BDnuhYtoOeWKLqTAdlBSBorojBsZoURaDv/JSvOmKAqARU+WAQYIDyTTFL9+1nF/HOQ1re6ofGg0 EKGhiaEaYSihrUeJdNQzM48dBdeYKzMBkbeHwa7jFBYhGB5dJ8wN9WhzZo1V1WFa7amo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: remove stale addr_cells/size_cells in assign_shared_memory Message-Id: Date: Wed, 24 Apr 2024 18:22:03 +0000 commit ab327c8e8bcf6708a6d16b3f780c912f573c5f4f Author: Penny Zheng AuthorDate: Thu Apr 18 08:36:41 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: remove stale addr_cells/size_cells in assign_shared_memory Function parameters {addr_cells,size_cells} are stale parameters in assign_shared_memory, so we shall remove them. Signed-off-by: Penny Zheng Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/static-shmem.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index 9097bc8b15..cb268cd2ed 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -90,7 +90,6 @@ static mfn_t __init acquire_shared_memory_bank(struct domain *d, } static int __init assign_shared_memory(struct domain *d, - uint32_t addr_cells, uint32_t size_cells, paddr_t pbase, paddr_t psize, paddr_t gbase) { @@ -252,7 +251,6 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, * specified, so they should be assigned to dom_io. */ ret = assign_shared_memory(owner_dom_io ? dom_io : d, - addr_cells, size_cells, pbase, psize, gbase); if ( ret ) return ret; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:22:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:22:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711604.1111669 (Exim 4.92) (envelope-from ) id 1rzhG2-0002fy-CI; Wed, 24 Apr 2024 18:22:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711604.1111669; Wed, 24 Apr 2024 18:22:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhG2-0002fq-8y; Wed, 24 Apr 2024 18:22:14 +0000 Received: by outflank-mailman (input) for mailman id 711604; Wed, 24 Apr 2024 18:22:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhG1-0002fe-Hz for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhG1-000805-Gm for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhG1-0001hV-FM for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=SnATLXvuMBYzsh9nPlOSBCoJEi3hxd27d68IOFVjnRI=; b=ryviYP5JGTiufLzv1ZPU8+PNB9 yepZJpHGmu2LZfwmZ8DnFzy5uTWCtMh0NzD7t9Kw/I1yjx2kNCb8RNwqMYlLHXesBBziEjAFdAkzc lXMuqVrCczvhKDWhMiSnOcFImtiutdUt3rNigIwFzR3SFjyrHM4KsNPK2XXaIQoTUe1g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: avoid repetitive checking in process_shm_node Message-Id: Date: Wed, 24 Apr 2024 18:22:13 +0000 commit 6d14a742f823d34e0c59cae77f96ff24e34e98b3 Author: Penny Zheng AuthorDate: Thu Apr 18 08:36:42 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: avoid repetitive checking in process_shm_node Putting overlap and overflow checking in the loop is causing repetitive operation, so this commit extracts both checking outside the loop. Signed-off-by: Penny Zheng Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/static-shmem.c | 39 ++++++++++++++++----------------------- 1 file changed, 16 insertions(+), 23 deletions(-) diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index cb268cd2ed..40a0e860c7 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -349,7 +349,7 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, { const struct fdt_property *prop, *prop_id, *prop_role; const __be32 *cell; - paddr_t paddr, gaddr, size; + paddr_t paddr, gaddr, size, end; struct meminfo *mem = &bootinfo.reserved_mem; unsigned int i; int len; @@ -422,6 +422,13 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, return -EINVAL; } + end = paddr + size; + if ( end <= paddr ) + { + printk("fdt: static shared memory region %s overflow\n", shm_id); + return -EINVAL; + } + for ( i = 0; i < mem->nr_banks; i++ ) { /* @@ -441,30 +448,13 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, return -EINVAL; } } + else if ( strncmp(shm_id, mem->bank[i].shm_id, MAX_SHM_ID_LENGTH) != 0 ) + continue; else { - paddr_t end = paddr + size; - paddr_t bank_end = mem->bank[i].start + mem->bank[i].size; - - if ( (end <= paddr) || (bank_end <= mem->bank[i].start) ) - { - printk("fdt: static shared memory region %s overflow\n", shm_id); - return -EINVAL; - } - - if ( check_reserved_regions_overlap(paddr, size) ) - return -EINVAL; - else - { - if ( strcmp(shm_id, mem->bank[i].shm_id) != 0 ) - continue; - else - { - printk("fdt: different shared memory region could not share the same shm ID %s\n", - shm_id); - return -EINVAL; - } - } + printk("fdt: different shared memory region could not share the same shm ID %s\n", + shm_id); + return -EINVAL; } } @@ -472,6 +462,9 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, { if ( i < NR_MEM_BANKS ) { + if ( check_reserved_regions_overlap(paddr, size) ) + return -EINVAL; + /* Static shared memory shall be reserved from any other use. */ safe_strcpy(mem->bank[mem->nr_banks].shm_id, shm_id); mem->bank[mem->nr_banks].start = paddr; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:22:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:22:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711605.1111673 (Exim 4.92) (envelope-from ) id 1rzhGC-0002ie-DL; Wed, 24 Apr 2024 18:22:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711605.1111673; Wed, 24 Apr 2024 18:22:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGC-0002iX-AX; Wed, 24 Apr 2024 18:22:24 +0000 Received: by outflank-mailman (input) for mailman id 711605; Wed, 24 Apr 2024 18:22:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGB-0002iH-L1 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGB-00080K-KA for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhGB-0001hw-It for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TvsdM7khu4oL3pVOlOBwtTaXIVzd6Ve2KBlifH2gs68=; b=07MM1gxI0xwjJQ9evJ0KeC9v1e 00vLxE4AldConSiCv59Ot9Q5KeR7TE39sd1upQSLizmFiXPez00RQVqgRfxasjmKeLOYHIMhWp1zn 93lE5EDbMtAddGaGBV2cy9lwjlkNS04Ps5cxOWci5dtcEotVb/S6wOVRzBfdA3xmrYZM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Pass struct kernel_info parameter to make_{resv,shm}_memory_node Message-Id: Date: Wed, 24 Apr 2024 18:22:23 +0000 commit 8d5ff144773dd326ce526173655a919d471a8cfc Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:43 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Pass struct kernel_info parameter to make_{resv,shm}_memory_node The struct domain parameter is not used in make_resv_memory_node and in its called function make_shm_memory_node, so drop it from both functions, also, take the occasion to pass directly struct kernel_info, from which we can infer other parameters passed to the functions and drop them as well. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/dom0less-build.c | 3 +-- xen/arch/arm/domain_build.c | 3 +-- xen/arch/arm/include/asm/static-shmem.h | 9 ++++----- xen/arch/arm/static-shmem.c | 16 +++++++++------- 4 files changed, 15 insertions(+), 16 deletions(-) diff --git a/xen/arch/arm/dom0less-build.c b/xen/arch/arm/dom0less-build.c index fb63ec6fd1..0edc5357ca 100644 --- a/xen/arch/arm/dom0less-build.c +++ b/xen/arch/arm/dom0less-build.c @@ -645,8 +645,7 @@ static int __init prepare_dtb_domU(struct domain *d, struct kernel_info *kinfo) if ( ret ) goto err; - ret = make_resv_memory_node(d, kinfo->fdt, addrcells, sizecells, - &kinfo->shm_mem); + ret = make_resv_memory_node(kinfo, addrcells, sizecells); if ( ret ) goto err; diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 54232ed4cb..11d4e7d0b1 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -1769,8 +1769,7 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, return res; } - res = make_resv_memory_node(d, kinfo->fdt, addrcells, sizecells, - &kinfo->shm_mem); + res = make_resv_memory_node(kinfo, addrcells, sizecells); if ( res ) return res; } diff --git a/xen/arch/arm/include/asm/static-shmem.h b/xen/arch/arm/include/asm/static-shmem.h index 1536ff18b8..680594b684 100644 --- a/xen/arch/arm/include/asm/static-shmem.h +++ b/xen/arch/arm/include/asm/static-shmem.h @@ -7,8 +7,8 @@ #ifdef CONFIG_STATIC_SHM -int make_resv_memory_node(const struct domain *d, void *fdt, int addrcells, - int sizecells, const struct meminfo *mem); +int make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, + int sizecells); int process_shm(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node); @@ -26,9 +26,8 @@ int process_shm_node(const void *fdt, int node, uint32_t address_cells, #else /* !CONFIG_STATIC_SHM */ -static inline int make_resv_memory_node(const struct domain *d, void *fdt, - int addrcells, int sizecells, - const struct meminfo *mem) +static inline int make_resv_memory_node(const struct kernel_info *kinfo, + int addrcells, int sizecells) { return 0; } diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index 40a0e860c7..349b856676 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -277,10 +277,11 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, return 0; } -static int __init make_shm_memory_node(const struct domain *d, void *fdt, - int addrcells, int sizecells, - const struct meminfo *mem) +static int __init make_shm_memory_node(const struct kernel_info *kinfo, + int addrcells, int sizecells) { + const struct meminfo *mem = &kinfo->shm_mem; + void *fdt = kinfo->fdt; unsigned int i = 0; int res = 0; @@ -488,10 +489,11 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, return 0; } -int __init make_resv_memory_node(const struct domain *d, void *fdt, - int addrcells, int sizecells, - const struct meminfo *mem) +int __init make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, + int sizecells) { + const struct meminfo *mem = &kinfo->shm_mem; + void *fdt = kinfo->fdt; int res = 0; /* Placeholder for reserved-memory\0 */ const char resvbuf[16] = "reserved-memory"; @@ -518,7 +520,7 @@ int __init make_resv_memory_node(const struct domain *d, void *fdt, if ( res ) return res; - res = make_shm_memory_node(d, fdt, addrcells, sizecells, mem); + res = make_shm_memory_node(kinfo, addrcells, sizecells); if ( res ) return res; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:22:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:22:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711607.1111688 (Exim 4.92) (envelope-from ) id 1rzhGM-00030O-MX; Wed, 24 Apr 2024 18:22:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711607.1111688; Wed, 24 Apr 2024 18:22:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGM-00030I-Ir; Wed, 24 Apr 2024 18:22:34 +0000 Received: by outflank-mailman (input) for mailman id 711607; Wed, 24 Apr 2024 18:22:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGL-0002zp-OP for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGL-00080e-NN for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhGL-0001ix-Mi for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wPszfhQUaqrlZ/9qnK8TP71ChmpU1MvbvsSESsAxiTY=; b=hJKszaWKlPwbHxtRGVRdUlnjKW VV3HhMGArtMjzJj/nNDN0RzChV/TJMs++NCWhVyM6cLtVMYgzsZyIoJNTObnbSDPjm4eldopDytec ESIP5CBGPaCbFKDql7/5Gf7yA+Mr3BonYzGhn7ltoTUBocU2dGQWSd7fZFgvhVaEREK4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Introduce a generic way to access memory bank structures Message-Id: Date: Wed, 24 Apr 2024 18:22:33 +0000 commit 2209c1e35b479dff8ed3d3161001ffdefa0a704e Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:44 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Introduce a generic way to access memory bank structures Currently the 'struct meminfo' is defining a static defined array of 'struct membank' of NR_MEM_BANKS elements, some features like shared memory don't require such amount of memory allocation but might want to reuse existing code to manipulate this kind of structure that is just as 'struct meminfo' but less bulky. For this reason introduce a generic way to access this kind of structure using a new structure 'struct membanks', which implements all the fields needed by a structure related to memory banks without the need to specify at build time the size of the 'struct membank' array, using a flexible array member. Modify 'struct meminfo' to implement the field related to the new introduced structure, given the change all usage of this structure are updated in this way: - code accessing bootinfo.{mem,reserved_mem,acpi} field now uses 3 new introduced static inline helpers to access the new field of 'struct meminfo' named 'common'. - code accessing 'struct kernel_info *' member 'mem' now use the new introduced macro 'kernel_info_get_mem(...)' to access the new field of 'struct meminfo' named 'common'. - introduced KERNEL_INFO_INIT and BOOTINFO_INIT that from now on will be used to initialize 'struct kernel_info' and 'struct bootinfo' respectively, in order to initialize their 'struct meminfo' .common.max_banks members. Constify pointers where needed. Suggested-by: Julien Grall Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/acpi/domain_build.c | 6 +- xen/arch/arm/arm32/mmu/mm.c | 44 +++++++------- xen/arch/arm/arm64/mmu/mm.c | 2 +- xen/arch/arm/bootfdt.c | 39 ++++++++---- xen/arch/arm/dom0less-build.c | 16 ++--- xen/arch/arm/domain_build.c | 103 +++++++++++++++++--------------- xen/arch/arm/efi/efi-boot.h | 8 +-- xen/arch/arm/efi/efi-dom0.c | 13 ++-- xen/arch/arm/include/asm/domain_build.h | 2 +- xen/arch/arm/include/asm/kernel.h | 8 +++ xen/arch/arm/include/asm/setup.h | 40 ++++++++++++- xen/arch/arm/kernel.c | 12 ++-- xen/arch/arm/setup.c | 58 ++++++++++-------- xen/arch/arm/static-memory.c | 27 +++++---- xen/arch/arm/static-shmem.c | 34 ++++++----- 15 files changed, 249 insertions(+), 163 deletions(-) diff --git a/xen/arch/arm/acpi/domain_build.c b/xen/arch/arm/acpi/domain_build.c index b58389ce9e..ed895dd8f9 100644 --- a/xen/arch/arm/acpi/domain_build.c +++ b/xen/arch/arm/acpi/domain_build.c @@ -444,14 +444,14 @@ static int __init acpi_create_fadt(struct domain *d, struct membank tbl_add[]) } static int __init estimate_acpi_efi_size(struct domain *d, - struct kernel_info *kinfo) + const struct kernel_info *kinfo) { size_t efi_size, acpi_size, madt_size; u64 addr; struct acpi_table_rsdp *rsdp_tbl; struct acpi_table_header *table; - efi_size = estimate_efi_size(kinfo->mem.nr_banks); + efi_size = estimate_efi_size(kernel_info_get_mem(kinfo)->nr_banks); acpi_size = ROUNDUP(sizeof(struct acpi_table_fadt), 8); acpi_size += ROUNDUP(sizeof(struct acpi_table_stao), 8); @@ -546,7 +546,7 @@ int __init prepare_acpi(struct domain *d, struct kernel_info *kinfo) acpi_map_other_tables(d); acpi_create_efi_system_table(d, tbl_add); - acpi_create_efi_mmap_table(d, &kinfo->mem, tbl_add); + acpi_create_efi_mmap_table(d, kernel_info_get_mem(kinfo), tbl_add); /* Map the EFI and ACPI tables to Dom0 */ rc = map_regions_p2mt(d, diff --git a/xen/arch/arm/arm32/mmu/mm.c b/xen/arch/arm/arm32/mmu/mm.c index 0ab6ae52a6..84c89da909 100644 --- a/xen/arch/arm/arm32/mmu/mm.c +++ b/xen/arch/arm/arm32/mmu/mm.c @@ -42,6 +42,7 @@ static paddr_t __init consider_modules(paddr_t s, paddr_t e, uint32_t size, paddr_t align, int first_mod) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); const struct bootmodules *mi = &bootinfo.modules; int i; int nr; @@ -100,15 +101,14 @@ static paddr_t __init consider_modules(paddr_t s, paddr_t e, * possible kinds of bootmodules. * * When retrieving the corresponding reserved-memory addresses, we - * need to index the bootinfo.reserved_mem bank starting from 0, and - * only counting the reserved-memory modules. Hence, we need to use - * i - nr. + * need to index the reserved_mem bank starting from 0, and only counting + * the reserved-memory modules. Hence, we need to use i - nr. */ nr += mi->nr_mods; - for ( ; i - nr < bootinfo.reserved_mem.nr_banks; i++ ) + for ( ; i - nr < reserved_mem->nr_banks; i++ ) { - paddr_t r_s = bootinfo.reserved_mem.bank[i - nr].start; - paddr_t r_e = r_s + bootinfo.reserved_mem.bank[i - nr].size; + paddr_t r_s = reserved_mem->bank[i - nr].start; + paddr_t r_e = r_s + reserved_mem->bank[i - nr].size; if ( s < r_e && r_s < e ) { @@ -129,17 +129,18 @@ static paddr_t __init consider_modules(paddr_t s, paddr_t e, */ static paddr_t __init fit_xenheap_in_static_heap(uint32_t size, paddr_t align) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); unsigned int i; paddr_t end = 0, aligned_start, aligned_end; paddr_t bank_start, bank_size, bank_end; - for ( i = 0 ; i < bootinfo.reserved_mem.nr_banks; i++ ) + for ( i = 0 ; i < reserved_mem->nr_banks; i++ ) { - if ( bootinfo.reserved_mem.bank[i].type != MEMBANK_STATIC_HEAP ) + if ( reserved_mem->bank[i].type != MEMBANK_STATIC_HEAP ) continue; - bank_start = bootinfo.reserved_mem.bank[i].start; - bank_size = bootinfo.reserved_mem.bank[i].size; + bank_start = reserved_mem->bank[i].start; + bank_size = reserved_mem->bank[i].size; bank_end = bank_start + bank_size; if ( bank_size < size ) @@ -162,13 +163,14 @@ static paddr_t __init fit_xenheap_in_static_heap(uint32_t size, paddr_t align) void __init setup_mm(void) { + const struct membanks *mem = bootinfo_get_mem(); paddr_t ram_start, ram_end, ram_size, e, bank_start, bank_end, bank_size; paddr_t static_heap_end = 0, static_heap_size = 0; unsigned long heap_pages, xenheap_pages, domheap_pages; unsigned int i; const uint32_t ctr = READ_CP32(CTR); - if ( !bootinfo.mem.nr_banks ) + if ( !mem->nr_banks ) panic("No memory bank\n"); /* We only supports instruction caches implementing the IVIPT extension. */ @@ -177,14 +179,14 @@ void __init setup_mm(void) init_pdx(); - ram_start = bootinfo.mem.bank[0].start; - ram_size = bootinfo.mem.bank[0].size; + ram_start = mem->bank[0].start; + ram_size = mem->bank[0].size; ram_end = ram_start + ram_size; - for ( i = 1; i < bootinfo.mem.nr_banks; i++ ) + for ( i = 1; i < mem->nr_banks; i++ ) { - bank_start = bootinfo.mem.bank[i].start; - bank_size = bootinfo.mem.bank[i].size; + bank_start = mem->bank[i].start; + bank_size = mem->bank[i].size; bank_end = bank_start + bank_size; ram_size = ram_size + bank_size; @@ -196,13 +198,15 @@ void __init setup_mm(void) if ( bootinfo.static_heap ) { - for ( i = 0 ; i < bootinfo.reserved_mem.nr_banks; i++ ) + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); + + for ( i = 0 ; i < reserved_mem->nr_banks; i++ ) { - if ( bootinfo.reserved_mem.bank[i].type != MEMBANK_STATIC_HEAP ) + if ( reserved_mem->bank[i].type != MEMBANK_STATIC_HEAP ) continue; - bank_start = bootinfo.reserved_mem.bank[i].start; - bank_size = bootinfo.reserved_mem.bank[i].size; + bank_start = reserved_mem->bank[i].start; + bank_size = reserved_mem->bank[i].size; bank_end = bank_start + bank_size; static_heap_size += bank_size; diff --git a/xen/arch/arm/arm64/mmu/mm.c b/xen/arch/arm/arm64/mmu/mm.c index d2651c9486..f8aaf4ac18 100644 --- a/xen/arch/arm/arm64/mmu/mm.c +++ b/xen/arch/arm/arm64/mmu/mm.c @@ -194,7 +194,7 @@ static void __init setup_directmap_mappings(unsigned long base_mfn, void __init setup_mm(void) { - const struct meminfo *banks = &bootinfo.mem; + const struct membanks *banks = bootinfo_get_mem(); paddr_t ram_start = INVALID_PADDR; paddr_t ram_end = 0; paddr_t ram_size = 0; diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c index 35dbdf3384..4c80962f79 100644 --- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -17,6 +17,18 @@ #include #include +static void __init __maybe_unused build_assertions(void) +{ + /* + * Check that no padding is between struct membanks "bank" flexible array + * member and struct meminfo "bank" member + */ + BUILD_BUG_ON((offsetof(struct membanks, bank) != + offsetof(struct meminfo, bank))); + /* Ensure "struct membanks" is 8-byte aligned */ + BUILD_BUG_ON(alignof(struct membanks) != 8); +} + static bool __init device_tree_node_is_available(const void *fdt, int node) { const char *status; @@ -107,14 +119,14 @@ void __init device_tree_get_reg(const __be32 **cell, uint32_t address_cells, static int __init device_tree_get_meminfo(const void *fdt, int node, const char *prop_name, u32 address_cells, u32 size_cells, - void *data, enum membank_type type) + struct membanks *mem, + enum membank_type type) { const struct fdt_property *prop; unsigned int i, banks; const __be32 *cell; u32 reg_cells = address_cells + size_cells; paddr_t start, size; - struct meminfo *mem = data; if ( !device_tree_node_is_available(fdt, node) ) return 0; @@ -133,10 +145,10 @@ static int __init device_tree_get_meminfo(const void *fdt, int node, cell = (const __be32 *)prop->data; banks = fdt32_to_cpu(prop->len) / (reg_cells * sizeof (u32)); - for ( i = 0; i < banks && mem->nr_banks < NR_MEM_BANKS; i++ ) + for ( i = 0; i < banks && mem->nr_banks < mem->max_banks; i++ ) { device_tree_get_reg(&cell, address_cells, size_cells, &start, &size); - if ( mem == &bootinfo.reserved_mem && + if ( mem == bootinfo_get_reserved_mem() && check_reserved_regions_overlap(start, size) ) return -EINVAL; /* Some DT may describe empty bank, ignore them */ @@ -231,10 +243,10 @@ int __init device_tree_for_each_node(const void *fdt, int node, static int __init process_memory_node(const void *fdt, int node, const char *name, int depth, u32 address_cells, u32 size_cells, - void *data) + struct membanks *mem) { return device_tree_get_meminfo(fdt, node, "reg", address_cells, size_cells, - data, MEMBANK_DEFAULT); + mem, MEMBANK_DEFAULT); } static int __init process_reserved_memory_node(const void *fdt, int node, @@ -259,7 +271,7 @@ static int __init process_reserved_memory(const void *fdt, int node, { return device_tree_for_each_node(fdt, node, process_reserved_memory_node, - &bootinfo.reserved_mem); + bootinfo_get_reserved_mem()); } static void __init process_multiboot_node(const void *fdt, int node, @@ -358,7 +370,7 @@ static int __init process_chosen_node(const void *fdt, int node, rc = device_tree_get_meminfo(fdt, node, "xen,static-heap", address_cells, size_cells, - &bootinfo.reserved_mem, + bootinfo_get_reserved_mem(), MEMBANK_STATIC_HEAP); if ( rc ) return rc; @@ -420,7 +432,7 @@ static int __init process_domain_node(const void *fdt, int node, return 0; return device_tree_get_meminfo(fdt, node, "xen,static-mem", address_cells, - size_cells, &bootinfo.reserved_mem, + size_cells, bootinfo_get_reserved_mem(), MEMBANK_STATIC_DOMAIN); } @@ -438,7 +450,7 @@ static int __init early_scan_node(const void *fdt, if ( !efi_enabled(EFI_BOOT) && device_tree_node_matches(fdt, node, "memory") ) rc = process_memory_node(fdt, node, name, depth, - address_cells, size_cells, &bootinfo.mem); + address_cells, size_cells, bootinfo_get_mem()); else if ( depth == 1 && !dt_node_cmp(name, "reserved-memory") ) rc = process_reserved_memory(fdt, node, name, depth, address_cells, size_cells); @@ -459,8 +471,8 @@ static int __init early_scan_node(const void *fdt, static void __init early_print_info(void) { - struct meminfo *mi = &bootinfo.mem; - struct meminfo *mem_resv = &bootinfo.reserved_mem; + const struct membanks *mi = bootinfo_get_mem(); + const struct membanks *mem_resv = bootinfo_get_reserved_mem(); struct bootmodules *mods = &bootinfo.modules; struct bootcmdlines *cmds = &bootinfo.cmdlines; unsigned int i, j; @@ -537,6 +549,7 @@ static void __init swap_memory_node(void *_a, void *_b, size_t size) */ size_t __init boot_fdt_info(const void *fdt, paddr_t paddr) { + struct membanks *mem = bootinfo_get_mem(); int ret; ret = fdt_check_header(fdt); @@ -554,7 +567,7 @@ size_t __init boot_fdt_info(const void *fdt, paddr_t paddr) * bank in memory first. There is no requirement that the DT will provide * the banks sorted in ascending order. So sort them through. */ - sort(bootinfo.mem.bank, bootinfo.mem.nr_banks, sizeof(struct membank), + sort(mem->bank, mem->nr_banks, sizeof(struct membank), cmp_memory_node, swap_memory_node); early_print_info(); diff --git a/xen/arch/arm/dom0less-build.c b/xen/arch/arm/dom0less-build.c index 0edc5357ca..51cf03221d 100644 --- a/xen/arch/arm/dom0less-build.c +++ b/xen/arch/arm/dom0less-build.c @@ -50,6 +50,7 @@ bool __init is_dom0less_mode(void) static void __init allocate_memory(struct domain *d, struct kernel_info *kinfo) { + struct membanks *mem = kernel_info_get_mem(kinfo); unsigned int i; paddr_t bank_size; @@ -57,7 +58,7 @@ static void __init allocate_memory(struct domain *d, struct kernel_info *kinfo) /* Don't want format this as PRIpaddr (16 digit hex) */ (unsigned long)(kinfo->unassigned_mem >> 20), d); - kinfo->mem.nr_banks = 0; + mem->nr_banks = 0; bank_size = MIN(GUEST_RAM0_SIZE, kinfo->unassigned_mem); if ( !allocate_bank_memory(d, kinfo, gaddr_to_gfn(GUEST_RAM0_BASE), bank_size) ) @@ -71,15 +72,15 @@ static void __init allocate_memory(struct domain *d, struct kernel_info *kinfo) if ( kinfo->unassigned_mem ) goto fail; - for( i = 0; i < kinfo->mem.nr_banks; i++ ) + for( i = 0; i < mem->nr_banks; i++ ) { printk(XENLOG_INFO "%pd BANK[%d] %#"PRIpaddr"-%#"PRIpaddr" (%ldMB)\n", d, i, - kinfo->mem.bank[i].start, - kinfo->mem.bank[i].start + kinfo->mem.bank[i].size, + mem->bank[i].start, + mem->bank[i].start + mem->bank[i].size, /* Don't want format this as PRIpaddr (16 digit hex) */ - (unsigned long)(kinfo->mem.bank[i].size >> 20)); + (unsigned long)(mem->bank[i].size >> 20)); } return; @@ -641,7 +642,8 @@ static int __init prepare_dtb_domU(struct domain *d, struct kernel_info *kinfo) if ( ret ) goto err; - ret = make_memory_node(d, kinfo->fdt, addrcells, sizecells, &kinfo->mem); + ret = make_memory_node(d, kinfo->fdt, addrcells, sizecells, + kernel_info_get_mem(kinfo)); if ( ret ) goto err; @@ -740,7 +742,7 @@ static int __init alloc_xenstore_evtchn(struct domain *d) static int __init construct_domU(struct domain *d, const struct dt_device_node *node) { - struct kernel_info kinfo = {}; + struct kernel_info kinfo = KERNEL_INFO_INIT; const char *dom0less_enhanced; int rc; u64 mem; diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 11d4e7d0b1..02e4dcafe7 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -141,6 +141,7 @@ static bool __init insert_11_bank(struct domain *d, struct page_info *pg, unsigned int order) { + struct membanks *mem = kernel_info_get_mem(kinfo); unsigned int i; int res; mfn_t smfn; @@ -157,9 +158,9 @@ static bool __init insert_11_bank(struct domain *d, (unsigned long)(kinfo->unassigned_mem >> 20), order); - if ( kinfo->mem.nr_banks > 0 && + if ( mem->nr_banks > 0 && size < MB(128) && - start + size < kinfo->mem.bank[0].start ) + start + size < mem->bank[0].start ) { D11PRINT("Allocation below bank 0 is too small, not using\n"); goto fail; @@ -171,17 +172,17 @@ static bool __init insert_11_bank(struct domain *d, kinfo->unassigned_mem -= size; - if ( kinfo->mem.nr_banks == 0 ) + if ( mem->nr_banks == 0 ) { - kinfo->mem.bank[0].start = start; - kinfo->mem.bank[0].size = size; - kinfo->mem.nr_banks = 1; + mem->bank[0].start = start; + mem->bank[0].size = size; + mem->nr_banks = 1; return true; } - for( i = 0; i < kinfo->mem.nr_banks; i++ ) + for( i = 0; i < mem->nr_banks; i++ ) { - struct membank *bank = &kinfo->mem.bank[i]; + struct membank *bank = &mem->bank[i]; /* If possible merge new memory into the start of the bank */ if ( bank->start == start+size ) @@ -204,24 +205,24 @@ static bool __init insert_11_bank(struct domain *d, * could have inserted the memory into/before we would already * have done so, so this must be the right place. */ - if ( start + size < bank->start && kinfo->mem.nr_banks < NR_MEM_BANKS ) + if ( start + size < bank->start && mem->nr_banks < mem->max_banks ) { memmove(bank + 1, bank, - sizeof(*bank) * (kinfo->mem.nr_banks - i)); - kinfo->mem.nr_banks++; + sizeof(*bank) * (mem->nr_banks - i)); + mem->nr_banks++; bank->start = start; bank->size = size; return true; } } - if ( i == kinfo->mem.nr_banks && kinfo->mem.nr_banks < NR_MEM_BANKS ) + if ( i == mem->nr_banks && mem->nr_banks < mem->max_banks ) { - struct membank *bank = &kinfo->mem.bank[kinfo->mem.nr_banks]; + struct membank *bank = &mem->bank[mem->nr_banks]; bank->start = start; bank->size = size; - kinfo->mem.nr_banks++; + mem->nr_banks++; return true; } @@ -293,6 +294,7 @@ static void __init allocate_memory_11(struct domain *d, const unsigned int min_low_order = get_order_from_bytes(min_t(paddr_t, dom0_mem, MB(128))); const unsigned int min_order = get_order_from_bytes(MB(4)); + struct membanks *mem = kernel_info_get_mem(kinfo); struct page_info *pg; unsigned int order = get_allocation_size(kinfo->unassigned_mem); unsigned int i; @@ -311,7 +313,7 @@ static void __init allocate_memory_11(struct domain *d, /* Don't want format this as PRIpaddr (16 digit hex) */ (unsigned long)(kinfo->unassigned_mem >> 20)); - kinfo->mem.nr_banks = 0; + mem->nr_banks = 0; /* * First try and allocate the largest thing we can as low as @@ -349,7 +351,7 @@ static void __init allocate_memory_11(struct domain *d, * continue allocating from above the lowmem and fill in banks. */ order = get_allocation_size(kinfo->unassigned_mem); - while ( kinfo->unassigned_mem && kinfo->mem.nr_banks < NR_MEM_BANKS ) + while ( kinfo->unassigned_mem && mem->nr_banks < mem->max_banks ) { pg = alloc_domheap_pages(d, order, lowmem ? MEMF_bits(lowmem_bitsize) : 0); @@ -373,7 +375,7 @@ static void __init allocate_memory_11(struct domain *d, if ( !insert_11_bank(d, kinfo, pg, order) ) { - if ( kinfo->mem.nr_banks == NR_MEM_BANKS ) + if ( mem->nr_banks == mem->max_banks ) /* Nothing more we can do. */ break; @@ -403,14 +405,14 @@ static void __init allocate_memory_11(struct domain *d, panic("Failed to allocate requested dom0 memory. %ldMB unallocated\n", (unsigned long)kinfo->unassigned_mem >> 20); - for( i = 0; i < kinfo->mem.nr_banks; i++ ) + for( i = 0; i < mem->nr_banks; i++ ) { printk("BANK[%d] %#"PRIpaddr"-%#"PRIpaddr" (%ldMB)\n", i, - kinfo->mem.bank[i].start, - kinfo->mem.bank[i].start + kinfo->mem.bank[i].size, + mem->bank[i].start, + mem->bank[i].start + mem->bank[i].size, /* Don't want format this as PRIpaddr (16 digit hex) */ - (unsigned long)(kinfo->mem.bank[i].size >> 20)); + (unsigned long)(mem->bank[i].size >> 20)); } } @@ -418,6 +420,7 @@ static void __init allocate_memory_11(struct domain *d, bool __init allocate_bank_memory(struct domain *d, struct kernel_info *kinfo, gfn_t sgfn, paddr_t tot_size) { + struct membanks *mem = kernel_info_get_mem(kinfo); int res; struct page_info *pg; struct membank *bank; @@ -431,7 +434,7 @@ bool __init allocate_bank_memory(struct domain *d, struct kernel_info *kinfo, if ( tot_size == 0 ) return true; - bank = &kinfo->mem.bank[kinfo->mem.nr_banks]; + bank = &mem->bank[mem->nr_banks]; bank->start = gfn_to_gaddr(sgfn); bank->size = tot_size; @@ -471,7 +474,7 @@ bool __init allocate_bank_memory(struct domain *d, struct kernel_info *kinfo, tot_size -= (1ULL << (PAGE_SHIFT + order)); } - kinfo->mem.nr_banks++; + mem->nr_banks++; kinfo->unassigned_mem -= bank->size; return true; @@ -756,7 +759,7 @@ int __init domain_fdt_begin_node(void *fdt, const char *name, uint64_t unit) int __init make_memory_node(const struct domain *d, void *fdt, int addrcells, int sizecells, - struct meminfo *mem) + const struct membanks *mem) { unsigned int i; int res, reg_size = addrcells + sizecells; @@ -816,12 +819,12 @@ int __init make_memory_node(const struct domain *d, static int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, void *data) { - struct meminfo *ext_regions = data; + struct membanks *ext_regions = data; paddr_t start, size; paddr_t s = pfn_to_paddr(s_gfn); paddr_t e = pfn_to_paddr(e_gfn); - if ( ext_regions->nr_banks >= ARRAY_SIZE(ext_regions->bank) ) + if ( ext_regions->nr_banks >= ext_regions->max_banks ) return 0; /* @@ -863,9 +866,11 @@ static int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, * - grant table space */ static int __init find_unallocated_memory(const struct kernel_info *kinfo, - struct meminfo *ext_regions) + struct membanks *ext_regions) { - const struct meminfo *assign_mem = &kinfo->mem; + const struct membanks *kinfo_mem = kernel_info_get_mem(kinfo); + const struct membanks *mem = bootinfo_get_mem(); + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); struct rangeset *unalloc_mem; paddr_t start, end; unsigned int i; @@ -878,10 +883,10 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, return -ENOMEM; /* Start with all available RAM */ - for ( i = 0; i < bootinfo.mem.nr_banks; i++ ) + for ( i = 0; i < mem->nr_banks; i++ ) { - start = bootinfo.mem.bank[i].start; - end = bootinfo.mem.bank[i].start + bootinfo.mem.bank[i].size; + start = mem->bank[i].start; + end = mem->bank[i].start + mem->bank[i].size; res = rangeset_add_range(unalloc_mem, PFN_DOWN(start), PFN_DOWN(end - 1)); if ( res ) @@ -893,10 +898,10 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, } /* Remove RAM assigned to Dom0 */ - for ( i = 0; i < assign_mem->nr_banks; i++ ) + for ( i = 0; i < kinfo_mem->nr_banks; i++ ) { - start = assign_mem->bank[i].start; - end = assign_mem->bank[i].start + assign_mem->bank[i].size; + start = kinfo_mem->bank[i].start; + end = kinfo_mem->bank[i].start + kinfo_mem->bank[i].size; res = rangeset_remove_range(unalloc_mem, PFN_DOWN(start), PFN_DOWN(end - 1)); if ( res ) @@ -908,11 +913,10 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, } /* Remove reserved-memory regions */ - for ( i = 0; i < bootinfo.reserved_mem.nr_banks; i++ ) + for ( i = 0; i < reserved_mem->nr_banks; i++ ) { - start = bootinfo.reserved_mem.bank[i].start; - end = bootinfo.reserved_mem.bank[i].start + - bootinfo.reserved_mem.bank[i].size; + start = reserved_mem->bank[i].start; + end = reserved_mem->bank[i].start + reserved_mem->bank[i].size; res = rangeset_remove_range(unalloc_mem, PFN_DOWN(start), PFN_DOWN(end - 1)); if ( res ) @@ -990,7 +994,7 @@ static int __init handle_pci_range(const struct dt_device_node *dev, * - PCI aperture */ static int __init find_memory_holes(const struct kernel_info *kinfo, - struct meminfo *ext_regions) + struct membanks *ext_regions) { struct dt_device_node *np; struct rangeset *mem_holes; @@ -1080,19 +1084,20 @@ out: } static int __init find_domU_holes(const struct kernel_info *kinfo, - struct meminfo *ext_regions) + struct membanks *ext_regions) { unsigned int i; uint64_t bankend; const uint64_t bankbase[] = GUEST_RAM_BANK_BASES; const uint64_t banksize[] = GUEST_RAM_BANK_SIZES; + const struct membanks *kinfo_mem = kernel_info_get_mem(kinfo); int res = -ENOENT; for ( i = 0; i < GUEST_RAM_BANKS; i++ ) { struct membank *ext_bank = &(ext_regions->bank[ext_regions->nr_banks]); - ext_bank->start = ROUNDUP(bankbase[i] + kinfo->mem.bank[i].size, SZ_2M); + ext_bank->start = ROUNDUP(bankbase[i] + kinfo_mem->bank[i].size, SZ_2M); bankend = ~0ULL >> (64 - p2m_ipa_bits); bankend = min(bankend, bankbase[i] + banksize[i] - 1); @@ -1120,7 +1125,7 @@ int __init make_hypervisor_node(struct domain *d, gic_interrupt_t intr; int res; void *fdt = kinfo->fdt; - struct meminfo *ext_regions = NULL; + struct membanks *ext_regions = NULL; unsigned int i, nr_ext_regions; dt_dprintk("Create hypervisor node\n"); @@ -1156,10 +1161,12 @@ int __init make_hypervisor_node(struct domain *d, } else { - ext_regions = xzalloc(struct meminfo); + ext_regions = xzalloc_flex_struct(struct membanks, bank, NR_MEM_BANKS); if ( !ext_regions ) return -ENOMEM; + ext_regions->max_banks = NR_MEM_BANKS; + if ( is_domain_direct_mapped(d) ) { if ( !is_iommu_enabled(d) ) @@ -1728,6 +1735,7 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, if ( node == dt_host ) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); int addrcells = dt_child_n_addr_cells(node); int sizecells = dt_child_n_size_cells(node); @@ -1753,7 +1761,8 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, if ( res ) return res; - res = make_memory_node(d, kinfo->fdt, addrcells, sizecells, &kinfo->mem); + res = make_memory_node(d, kinfo->fdt, addrcells, sizecells, + kernel_info_get_mem(kinfo)); if ( res ) return res; @@ -1761,10 +1770,10 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, * Create a second memory node to store the ranges covering * reserved-memory regions. */ - if ( bootinfo.reserved_mem.nr_banks > 0 ) + if ( reserved_mem->nr_banks > 0 ) { res = make_memory_node(d, kinfo->fdt, addrcells, sizecells, - &bootinfo.reserved_mem); + reserved_mem); if ( res ) return res; } @@ -2038,7 +2047,7 @@ int __init construct_domain(struct domain *d, struct kernel_info *kinfo) static int __init construct_dom0(struct domain *d) { - struct kernel_info kinfo = {}; + struct kernel_info kinfo = KERNEL_INFO_INIT; int rc; /* Sanity! */ diff --git a/xen/arch/arm/efi/efi-boot.h b/xen/arch/arm/efi/efi-boot.h index 0cb29f90a0..199f526022 100644 --- a/xen/arch/arm/efi/efi-boot.h +++ b/xen/arch/arm/efi/efi-boot.h @@ -157,14 +157,14 @@ static void __init *lookup_fdt_config_table(EFI_SYSTEM_TABLE *sys_table) return fdt; } -static bool __init meminfo_add_bank(struct meminfo *mem, +static bool __init meminfo_add_bank(struct membanks *mem, EFI_MEMORY_DESCRIPTOR *desc) { struct membank *bank; paddr_t start = desc->PhysicalStart; paddr_t size = desc->NumberOfPages * EFI_PAGE_SIZE; - if ( mem->nr_banks >= NR_MEM_BANKS ) + if ( mem->nr_banks >= mem->max_banks ) return false; #ifdef CONFIG_ACPI if ( check_reserved_regions_overlap(start, size) ) @@ -198,7 +198,7 @@ static EFI_STATUS __init efi_process_memory_map_bootinfo(EFI_MEMORY_DESCRIPTOR * (desc_ptr->Type == EfiBootServicesCode || desc_ptr->Type == EfiBootServicesData))) ) { - if ( !meminfo_add_bank(&bootinfo.mem, desc_ptr) ) + if ( !meminfo_add_bank(bootinfo_get_mem(), desc_ptr) ) { PrintStr(L"Warning: All " __stringify(NR_MEM_BANKS) " bootinfo mem banks exhausted.\r\n"); @@ -208,7 +208,7 @@ static EFI_STATUS __init efi_process_memory_map_bootinfo(EFI_MEMORY_DESCRIPTOR * #ifdef CONFIG_ACPI else if ( desc_ptr->Type == EfiACPIReclaimMemory ) { - if ( !meminfo_add_bank(&bootinfo.acpi, desc_ptr) ) + if ( !meminfo_add_bank(bootinfo_get_acpi(), desc_ptr) ) { PrintStr(L"Error: All " __stringify(NR_MEM_BANKS) " acpi meminfo mem banks exhausted.\r\n"); diff --git a/xen/arch/arm/efi/efi-dom0.c b/xen/arch/arm/efi/efi-dom0.c index aae0f97911..baee8ab716 100644 --- a/xen/arch/arm/efi/efi-dom0.c +++ b/xen/arch/arm/efi/efi-dom0.c @@ -44,7 +44,7 @@ size_t __init estimate_efi_size(unsigned int mem_nr_banks) unsigned int acpi_mem_nr_banks = 0; if ( !acpi_disabled ) - acpi_mem_nr_banks = bootinfo.acpi.nr_banks; + acpi_mem_nr_banks = bootinfo_get_acpi()->nr_banks; size = ROUNDUP(est_size + ect_size + fw_vendor_size, 8); /* plus 1 for new created tables */ @@ -107,9 +107,10 @@ static void __init fill_efi_memory_descriptor(EFI_MEMORY_DESCRIPTOR *desc, } void __init acpi_create_efi_mmap_table(struct domain *d, - const struct meminfo *mem, + const struct membanks *mem, struct membank tbl_add[]) { + const struct membanks *acpi = bootinfo_get_acpi(); EFI_MEMORY_DESCRIPTOR *desc; unsigned int i; u8 *base_ptr; @@ -122,10 +123,10 @@ void __init acpi_create_efi_mmap_table(struct domain *d, fill_efi_memory_descriptor(desc, EfiConventionalMemory, mem->bank[i].start, mem->bank[i].size); - for ( i = 0; i < bootinfo.acpi.nr_banks; i++, desc++ ) + for ( i = 0; i < acpi->nr_banks; i++, desc++ ) fill_efi_memory_descriptor(desc, EfiACPIReclaimMemory, - bootinfo.acpi.bank[i].start, - bootinfo.acpi.bank[i].size); + acpi->bank[i].start, + acpi->bank[i].size); fill_efi_memory_descriptor(desc, EfiACPIReclaimMemory, d->arch.efi_acpi_gpa, d->arch.efi_acpi_len); @@ -133,7 +134,7 @@ void __init acpi_create_efi_mmap_table(struct domain *d, tbl_add[TBL_MMAP].start = d->arch.efi_acpi_gpa + acpi_get_table_offset(tbl_add, TBL_MMAP); tbl_add[TBL_MMAP].size = sizeof(EFI_MEMORY_DESCRIPTOR) - * (mem->nr_banks + bootinfo.acpi.nr_banks + 1); + * (mem->nr_banks + acpi->nr_banks + 1); } /* Create /hypervisor/uefi node for efi properties. */ diff --git a/xen/arch/arm/include/asm/domain_build.h b/xen/arch/arm/include/asm/domain_build.h index da9e6025f3..a6f276cc42 100644 --- a/xen/arch/arm/include/asm/domain_build.h +++ b/xen/arch/arm/include/asm/domain_build.h @@ -15,7 +15,7 @@ int make_cpus_node(const struct domain *d, void *fdt); int make_hypervisor_node(struct domain *d, const struct kernel_info *kinfo, int addrcells, int sizecells); int make_memory_node(const struct domain *d, void *fdt, int addrcells, - int sizecells, struct meminfo *mem); + int sizecells, const struct membanks *mem); int make_psci_node(void *fdt); int make_timer_node(const struct kernel_info *kinfo); void evtchn_allocate(struct domain *d); diff --git a/xen/arch/arm/include/asm/kernel.h b/xen/arch/arm/include/asm/kernel.h index 0a23e86c2d..d46f29ee6c 100644 --- a/xen/arch/arm/include/asm/kernel.h +++ b/xen/arch/arm/include/asm/kernel.h @@ -78,6 +78,14 @@ struct kernel_info { }; }; +#define kernel_info_get_mem(kinfo) (&(kinfo)->mem.common) + +#define KERNEL_INFO_INIT \ +{ \ + .mem.common.max_banks = NR_MEM_BANKS, \ + .shm_mem.common.max_banks = NR_MEM_BANKS, \ +} + /* * Probe the kernel to detemine its type and select a loader. * diff --git a/xen/arch/arm/include/asm/setup.h b/xen/arch/arm/include/asm/setup.h index d15a88d2e0..696f55db86 100644 --- a/xen/arch/arm/include/asm/setup.h +++ b/xen/arch/arm/include/asm/setup.h @@ -56,8 +56,14 @@ struct membank { #endif }; -struct meminfo { +struct membanks { unsigned int nr_banks; + unsigned int max_banks; + struct membank bank[]; +}; + +struct meminfo { + struct membanks common; struct membank bank[NR_MEM_BANKS]; }; @@ -107,6 +113,19 @@ struct bootinfo { bool static_heap; }; +#ifdef CONFIG_ACPI +#define BOOTINFO_ACPI_INIT .acpi.common.max_banks = NR_MEM_BANKS, +#else +#define BOOTINFO_ACPI_INIT +#endif + +#define BOOTINFO_INIT \ +{ \ + .mem.common.max_banks = NR_MEM_BANKS, \ + .reserved_mem.common.max_banks = NR_MEM_BANKS, \ + BOOTINFO_ACPI_INIT \ +} + struct map_range_data { struct domain *d; @@ -122,6 +141,23 @@ extern struct bootinfo bootinfo; extern domid_t max_init_domid; +static inline struct membanks *bootinfo_get_mem(void) +{ + return &bootinfo.mem.common; +} + +static inline struct membanks *bootinfo_get_reserved_mem(void) +{ + return &bootinfo.reserved_mem.common; +} + +#ifdef CONFIG_ACPI +static inline struct membanks *bootinfo_get_acpi(void) +{ + return &bootinfo.acpi.common; +} +#endif + void copy_from_paddr(void *dst, paddr_t paddr, unsigned long len); size_t estimate_efi_size(unsigned int mem_nr_banks); @@ -130,7 +166,7 @@ void acpi_create_efi_system_table(struct domain *d, struct membank tbl_add[]); void acpi_create_efi_mmap_table(struct domain *d, - const struct meminfo *mem, + const struct membanks *mem, struct membank tbl_add[]); int acpi_make_efi_nodes(void *fdt, struct membank tbl_add[]); diff --git a/xen/arch/arm/kernel.c b/xen/arch/arm/kernel.c index bc3e5bd6f9..674388fa11 100644 --- a/xen/arch/arm/kernel.c +++ b/xen/arch/arm/kernel.c @@ -45,13 +45,14 @@ static void __init place_modules(struct kernel_info *info, { /* Align DTB and initrd size to 2Mb. Linux only requires 4 byte alignment */ const struct bootmodule *mod = info->initrd_bootmodule; + const struct membanks *mem = kernel_info_get_mem(info); const paddr_t initrd_len = ROUNDUP(mod ? mod->size : 0, MB(2)); const paddr_t dtb_len = ROUNDUP(fdt_totalsize(info->fdt), MB(2)); const paddr_t modsize = initrd_len + dtb_len; /* Convenient */ - const paddr_t rambase = info->mem.bank[0].start; - const paddr_t ramsize = info->mem.bank[0].size; + const paddr_t rambase = mem->bank[0].start; + const paddr_t ramsize = mem->bank[0].size; const paddr_t ramend = rambase + ramsize; const paddr_t kernsize = ROUNDUP(kernend, MB(2)) - kernbase; const paddr_t ram128mb = rambase + MB(128); @@ -96,11 +97,12 @@ static void __init place_modules(struct kernel_info *info, static paddr_t __init kernel_zimage_place(struct kernel_info *info) { + const struct membanks *mem = kernel_info_get_mem(info); paddr_t load_addr; #ifdef CONFIG_ARM_64 if ( (info->type == DOMAIN_64BIT) && (info->zimage.start == 0) ) - return info->mem.bank[0].start + info->zimage.text_offset; + return mem->bank[0].start + info->zimage.text_offset; #endif /* @@ -113,8 +115,8 @@ static paddr_t __init kernel_zimage_place(struct kernel_info *info) { paddr_t load_end; - load_end = info->mem.bank[0].start + info->mem.bank[0].size; - load_end = MIN(info->mem.bank[0].start + MB(128), load_end); + load_end = mem->bank[0].start + mem->bank[0].size; + load_end = MIN(mem->bank[0].start + MB(128), load_end); load_addr = load_end - info->zimage.len; /* Align to 2MB */ diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index b9a7f61f73..e00dbb1351 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -48,7 +48,7 @@ #include #include -struct bootinfo __initdata bootinfo; +struct bootinfo __initdata bootinfo = BOOTINFO_INIT; /* * Sanitized version of cpuinfo containing only features available on all @@ -207,6 +207,7 @@ static void __init dt_unreserved_regions(paddr_t s, paddr_t e, void (*cb)(paddr_t ps, paddr_t pe), unsigned int first) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); unsigned int i, nr; int rc; @@ -240,14 +241,14 @@ static void __init dt_unreserved_regions(paddr_t s, paddr_t e, * kinds. * * When retrieving the corresponding reserved-memory addresses - * below, we need to index the bootinfo.reserved_mem bank starting + * below, we need to index the reserved_mem->bank starting * from 0, and only counting the reserved-memory modules. Hence, * we need to use i - nr. */ - for ( ; i - nr < bootinfo.reserved_mem.nr_banks; i++ ) + for ( ; i - nr < reserved_mem->nr_banks; i++ ) { - paddr_t r_s = bootinfo.reserved_mem.bank[i - nr].start; - paddr_t r_e = r_s + bootinfo.reserved_mem.bank[i - nr].size; + paddr_t r_s = reserved_mem->bank[i - nr].start; + paddr_t r_e = r_s + reserved_mem->bank[i - nr].size; if ( s < r_e && r_s < e ) { @@ -264,18 +265,18 @@ static void __init dt_unreserved_regions(paddr_t s, paddr_t e, * TODO: '*_end' could be 0 if the bank/region is at the end of the physical * address space. This is for now not handled as it requires more rework. */ -static bool __init meminfo_overlap_check(struct meminfo *meminfo, +static bool __init meminfo_overlap_check(const struct membanks *mem, paddr_t region_start, paddr_t region_size) { paddr_t bank_start = INVALID_PADDR, bank_end = 0; paddr_t region_end = region_start + region_size; - unsigned int i, bank_num = meminfo->nr_banks; + unsigned int i, bank_num = mem->nr_banks; for ( i = 0; i < bank_num; i++ ) { - bank_start = meminfo->bank[i].start; - bank_end = bank_start + meminfo->bank[i].size; + bank_start = mem->bank[i].start; + bank_end = bank_start + mem->bank[i].size; if ( region_end <= bank_start || region_start >= bank_end ) continue; @@ -339,8 +340,11 @@ void __init fw_unreserved_regions(paddr_t s, paddr_t e, bool __init check_reserved_regions_overlap(paddr_t region_start, paddr_t region_size) { - /* Check if input region is overlapping with bootinfo.reserved_mem banks */ - if ( meminfo_overlap_check(&bootinfo.reserved_mem, + /* + * Check if input region is overlapping with bootinfo_get_reserved_mem() + * banks + */ + if ( meminfo_overlap_check(bootinfo_get_reserved_mem(), region_start, region_size) ) return true; @@ -351,7 +355,7 @@ bool __init check_reserved_regions_overlap(paddr_t region_start, #ifdef CONFIG_ACPI /* Check if input region is overlapping with ACPI EfiACPIReclaimMemory */ - if ( meminfo_overlap_check(&bootinfo.acpi, region_start, region_size) ) + if ( meminfo_overlap_check(bootinfo_get_acpi(), region_start, region_size) ) return true; #endif @@ -580,6 +584,7 @@ static paddr_t __init next_module(paddr_t s, paddr_t *end) void __init init_pdx(void) { + const struct membanks *mem = bootinfo_get_mem(); paddr_t bank_start, bank_size, bank_end; /* @@ -592,18 +597,18 @@ void __init init_pdx(void) uint64_t mask = pdx_init_mask(0x0); int bank; - for ( bank = 0 ; bank < bootinfo.mem.nr_banks; bank++ ) + for ( bank = 0 ; bank < mem->nr_banks; bank++ ) { - bank_start = bootinfo.mem.bank[bank].start; - bank_size = bootinfo.mem.bank[bank].size; + bank_start = mem->bank[bank].start; + bank_size = mem->bank[bank].size; mask |= bank_start | pdx_region_mask(bank_start, bank_size); } - for ( bank = 0 ; bank < bootinfo.mem.nr_banks; bank++ ) + for ( bank = 0 ; bank < mem->nr_banks; bank++ ) { - bank_start = bootinfo.mem.bank[bank].start; - bank_size = bootinfo.mem.bank[bank].size; + bank_start = mem->bank[bank].start; + bank_size = mem->bank[bank].size; if (~mask & pdx_region_mask(bank_start, bank_size)) mask = 0; @@ -611,10 +616,10 @@ void __init init_pdx(void) pfn_pdx_hole_setup(mask >> PAGE_SHIFT); - for ( bank = 0 ; bank < bootinfo.mem.nr_banks; bank++ ) + for ( bank = 0 ; bank < mem->nr_banks; bank++ ) { - bank_start = bootinfo.mem.bank[bank].start; - bank_size = bootinfo.mem.bank[bank].size; + bank_start = mem->bank[bank].start; + bank_size = mem->bank[bank].size; bank_end = bank_start + bank_size; set_pdx_range(paddr_to_pfn(bank_start), @@ -636,18 +641,19 @@ void __init init_pdx(void) void __init populate_boot_allocator(void) { unsigned int i; - const struct meminfo *banks = &bootinfo.mem; + const struct membanks *banks = bootinfo_get_mem(); + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); paddr_t s, e; if ( bootinfo.static_heap ) { - for ( i = 0 ; i < bootinfo.reserved_mem.nr_banks; i++ ) + for ( i = 0 ; i < reserved_mem->nr_banks; i++ ) { - if ( bootinfo.reserved_mem.bank[i].type != MEMBANK_STATIC_HEAP ) + if ( reserved_mem->bank[i].type != MEMBANK_STATIC_HEAP ) continue; - s = bootinfo.reserved_mem.bank[i].start; - e = s + bootinfo.reserved_mem.bank[i].size; + s = reserved_mem->bank[i].start; + e = s + reserved_mem->bank[i].size; #ifdef CONFIG_ARM_32 /* Avoid the xenheap, note that the xenheap cannot across a bank */ if ( s <= mfn_to_maddr(directmap_mfn_start) && diff --git a/xen/arch/arm/static-memory.c b/xen/arch/arm/static-memory.c index cffbab7241..34bd12696a 100644 --- a/xen/arch/arm/static-memory.c +++ b/xen/arch/arm/static-memory.c @@ -85,6 +85,7 @@ static int __init parse_static_mem_prop(const struct dt_device_node *node, void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node) { + struct membanks *mem = kernel_info_get_mem(kinfo); u32 addr_cells, size_cells, reg_cells; unsigned int nr_banks, gbank, bank = 0; const uint64_t rambase[] = GUEST_RAM_BANK_BASES; @@ -106,7 +107,7 @@ void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, */ gbank = 0; gsize = ramsize[gbank]; - kinfo->mem.bank[gbank].start = rambase[gbank]; + mem->bank[gbank].start = rambase[gbank]; nr_banks = length / (reg_cells * sizeof (u32)); for ( ; bank < nr_banks; bank++ ) @@ -122,7 +123,7 @@ void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, while ( 1 ) { /* Map as much as possible the static range to the guest bank */ - if ( !append_static_memory_to_bank(d, &kinfo->mem.bank[gbank], smfn, + if ( !append_static_memory_to_bank(d, &mem->bank[gbank], smfn, min(psize, gsize)) ) goto fail; @@ -153,14 +154,14 @@ void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, /* Update to the next guest bank. */ gbank++; gsize = ramsize[gbank]; - kinfo->mem.bank[gbank].start = rambase[gbank]; + mem->bank[gbank].start = rambase[gbank]; } } tot_size += psize; } - kinfo->mem.nr_banks = ++gbank; + mem->nr_banks = ++gbank; kinfo->unassigned_mem -= tot_size; /* @@ -190,6 +191,7 @@ void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, void __init assign_static_memory_11(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node) { + struct membanks *mem = kernel_info_get_mem(kinfo); u32 addr_cells, size_cells, reg_cells; unsigned int nr_banks, bank = 0; const __be32 *cell; @@ -206,7 +208,7 @@ void __init assign_static_memory_11(struct domain *d, struct kernel_info *kinfo, reg_cells = addr_cells + size_cells; nr_banks = length / (reg_cells * sizeof(u32)); - if ( nr_banks > NR_MEM_BANKS ) + if ( nr_banks > mem->max_banks ) { printk(XENLOG_ERR "%pd: exceed max number of supported guest memory banks.\n", d); @@ -224,15 +226,15 @@ void __init assign_static_memory_11(struct domain *d, struct kernel_info *kinfo, d, bank, pbase, pbase + psize); /* One guest memory bank is matched with one physical memory bank. */ - kinfo->mem.bank[bank].start = pbase; - if ( !append_static_memory_to_bank(d, &kinfo->mem.bank[bank], + mem->bank[bank].start = pbase; + if ( !append_static_memory_to_bank(d, &mem->bank[bank], smfn, psize) ) goto fail; kinfo->unassigned_mem -= psize; } - kinfo->mem.nr_banks = nr_banks; + mem->nr_banks = nr_banks; /* * The property 'memory' should match the amount of memory given to @@ -257,14 +259,15 @@ void __init assign_static_memory_11(struct domain *d, struct kernel_info *kinfo, /* Static memory initialization */ void __init init_staticmem_pages(void) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); unsigned int bank; - for ( bank = 0 ; bank < bootinfo.reserved_mem.nr_banks; bank++ ) + for ( bank = 0 ; bank < reserved_mem->nr_banks; bank++ ) { - if ( bootinfo.reserved_mem.bank[bank].type == MEMBANK_STATIC_DOMAIN ) + if ( reserved_mem->bank[bank].type == MEMBANK_STATIC_DOMAIN ) { - mfn_t bank_start = _mfn(PFN_UP(bootinfo.reserved_mem.bank[bank].start)); - unsigned long bank_pages = PFN_DOWN(bootinfo.reserved_mem.bank[bank].size); + mfn_t bank_start = _mfn(PFN_UP(reserved_mem->bank[bank].start)); + unsigned long bank_pages = PFN_DOWN(reserved_mem->bank[bank].size); mfn_t bank_end = mfn_add(bank_start, bank_pages); if ( mfn_x(bank_end) <= mfn_x(bank_start) ) diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index 349b856676..11f3c0da81 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -10,22 +10,23 @@ static int __init acquire_nr_borrower_domain(struct domain *d, paddr_t pbase, paddr_t psize, unsigned long *nr_borrowers) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); unsigned int bank; /* Iterate reserved memory to find requested shm bank. */ - for ( bank = 0 ; bank < bootinfo.reserved_mem.nr_banks; bank++ ) + for ( bank = 0 ; bank < reserved_mem->nr_banks; bank++ ) { - paddr_t bank_start = bootinfo.reserved_mem.bank[bank].start; - paddr_t bank_size = bootinfo.reserved_mem.bank[bank].size; + paddr_t bank_start = reserved_mem->bank[bank].start; + paddr_t bank_size = reserved_mem->bank[bank].size; if ( (pbase == bank_start) && (psize == bank_size) ) break; } - if ( bank == bootinfo.reserved_mem.nr_banks ) + if ( bank == reserved_mem->nr_banks ) return -ENOENT; - *nr_borrowers = bootinfo.reserved_mem.bank[bank].nr_shm_borrowers; + *nr_borrowers = reserved_mem->bank[bank].nr_shm_borrowers; return 0; } @@ -157,17 +158,17 @@ static int __init assign_shared_memory(struct domain *d, return ret; } -static int __init append_shm_bank_to_domain(struct kernel_info *kinfo, +static int __init append_shm_bank_to_domain(struct membanks *shm_mem, paddr_t start, paddr_t size, const char *shm_id) { - if ( kinfo->shm_mem.nr_banks >= NR_MEM_BANKS ) + if ( shm_mem->nr_banks >= shm_mem->max_banks ) return -ENOMEM; - kinfo->shm_mem.bank[kinfo->shm_mem.nr_banks].start = start; - kinfo->shm_mem.bank[kinfo->shm_mem.nr_banks].size = size; - safe_strcpy(kinfo->shm_mem.bank[kinfo->shm_mem.nr_banks].shm_id, shm_id); - kinfo->shm_mem.nr_banks++; + shm_mem->bank[shm_mem->nr_banks].start = start; + shm_mem->bank[shm_mem->nr_banks].size = size; + safe_strcpy(shm_mem->bank[shm_mem->nr_banks].shm_id, shm_id); + shm_mem->nr_banks++; return 0; } @@ -269,7 +270,8 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, * Record static shared memory region info for later setting * up shm-node in guest device tree. */ - ret = append_shm_bank_to_domain(kinfo, gbase, psize, shm_id); + ret = append_shm_bank_to_domain(&kinfo->shm_mem.common, gbase, psize, + shm_id); if ( ret ) return ret; } @@ -280,7 +282,7 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, static int __init make_shm_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells) { - const struct meminfo *mem = &kinfo->shm_mem; + const struct membanks *mem = &kinfo->shm_mem.common; void *fdt = kinfo->fdt; unsigned int i = 0; int res = 0; @@ -351,7 +353,7 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, const struct fdt_property *prop, *prop_id, *prop_role; const __be32 *cell; paddr_t paddr, gaddr, size, end; - struct meminfo *mem = &bootinfo.reserved_mem; + struct membanks *mem = bootinfo_get_reserved_mem(); unsigned int i; int len; bool owner = false; @@ -461,7 +463,7 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, if ( i == mem->nr_banks ) { - if ( i < NR_MEM_BANKS ) + if (i < mem->max_banks) { if ( check_reserved_regions_overlap(paddr, size) ) return -EINVAL; @@ -492,7 +494,7 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, int __init make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells) { - const struct meminfo *mem = &kinfo->shm_mem; + const struct membanks *mem = &kinfo->shm_mem.common; void *fdt = kinfo->fdt; int res = 0; /* Placeholder for reserved-memory\0 */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:22:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:22:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711608.1111690 (Exim 4.92) (envelope-from ) id 1rzhGW-00036y-Ov; Wed, 24 Apr 2024 18:22:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711608.1111690; Wed, 24 Apr 2024 18:22:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGW-00036r-MR; Wed, 24 Apr 2024 18:22:44 +0000 Received: by outflank-mailman (input) for mailman id 711608; Wed, 24 Apr 2024 18:22:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGV-00036Y-R7 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGV-000811-QI for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhGV-0001js-PS for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BnWSEBZftLgE6CgDpXEZ1ZDYEu/tH1yRh3Kx4kAon9Q=; b=pDwfZ0H/gSrM/NYIxusGMxVazB 4cxH2Fy5zpP4jFY76omLUeGYwxU1fmyttb5iBkGUFmmbSO9Rdt/EPBxJDZfmBntdNk7nMyiF2UoIl xCMrbmjVICFPyopBcPe1ot9ppao4Ze1pch0Au/hSoAl4KSlaUQ/WkBbuvRrJ1sdCYzLo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Conditional compilation of kernel_info.shm_mem member Message-Id: Date: Wed, 24 Apr 2024 18:22:43 +0000 commit e13499b3c479f217f9d1fe9a1afac78e16dba116 Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:45 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Conditional compilation of kernel_info.shm_mem member The user of shm_mem member of the 'struct kernel_info' is only the code managing the static shared memory feature, which can be compiled out using CONFIG_STATIC_SHM, so in case the feature is not requested, that member won't be used and will waste memory space. To address this issue, protect the member with the Kconfig parameter and modify the signature of the only function using it to remove any reference to the member from outside the static-shmem module. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/include/asm/kernel.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/include/asm/kernel.h b/xen/arch/arm/include/asm/kernel.h index d46f29ee6c..eb3cb7809c 100644 --- a/xen/arch/arm/include/asm/kernel.h +++ b/xen/arch/arm/include/asm/kernel.h @@ -39,7 +39,9 @@ struct kernel_info { void *fdt; /* flat device tree */ paddr_t unassigned_mem; /* RAM not (yet) assigned to a bank */ struct meminfo mem; +#ifdef CONFIG_STATIC_SHM struct meminfo shm_mem; +#endif /* kernel entry point */ paddr_t entry; @@ -80,10 +82,16 @@ struct kernel_info { #define kernel_info_get_mem(kinfo) (&(kinfo)->mem.common) +#ifdef CONFIG_STATIC_SHM +#define KERNEL_INFO_SHM_MEM_INIT .shm_mem.common.max_banks = NR_MEM_BANKS, +#else +#define KERNEL_INFO_SHM_MEM_INIT +#endif + #define KERNEL_INFO_INIT \ { \ .mem.common.max_banks = NR_MEM_BANKS, \ - .shm_mem.common.max_banks = NR_MEM_BANKS, \ + KERNEL_INFO_SHM_MEM_INIT \ } /* -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:22:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:22:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711609.1111695 (Exim 4.92) (envelope-from ) id 1rzhGg-0003H2-Qs; Wed, 24 Apr 2024 18:22:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711609.1111695; Wed, 24 Apr 2024 18:22:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGg-0003Gk-O1; Wed, 24 Apr 2024 18:22:54 +0000 Received: by outflank-mailman (input) for mailman id 711609; Wed, 24 Apr 2024 18:22:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGf-0003FF-VE for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGf-00081V-T8 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhGf-0001kO-SQ for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:22:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MdSq1pQSZWt4yPWY9uEGzOIULIEf69ZuC4N36phSvu8=; b=Q5EmZbbKIbst8usE4tzz7Njo2r do34SiNB3CYdJY6/TOKA1mhFBYfPuoSpTPJLJXL/gfr/6BUqpDdgSIGRWIIoF1dgJl9kVT1agPBho NfjDwwYNMt7VdkUj2UKRSC1nKQnTJ8hypry73oGKrSJW8gE5PWdJig0JxaGjY0lhV/3U=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Avoid code duplication in find_unallocated_memory Message-Id: Date: Wed, 24 Apr 2024 18:22:53 +0000 commit b3e66aa1c23db7e70fd67ba110a7c802e2297393 Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:46 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Avoid code duplication in find_unallocated_memory The function find_unallocated_memory is using the same code to loop through 2 structure of the same type, in order to avoid code duplication, rework the code to have only one loop that goes through all the structures, this will be used to avoid duplication when the static shared memory banks will be introduced as a separate structure from reserved memory. Take the occasion to add the error code to the error message in case 'rangeset_remove_range' fails. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/domain_build.c | 53 ++++++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 02e4dcafe7..7c70382544 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -868,12 +868,14 @@ static int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, static int __init find_unallocated_memory(const struct kernel_info *kinfo, struct membanks *ext_regions) { - const struct membanks *kinfo_mem = kernel_info_get_mem(kinfo); const struct membanks *mem = bootinfo_get_mem(); - const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); + const struct membanks *mem_banks[] = { + kernel_info_get_mem(kinfo), + bootinfo_get_reserved_mem(), + }; struct rangeset *unalloc_mem; paddr_t start, end; - unsigned int i; + unsigned int i, j; int res; dt_dprintk("Find unallocated memory for extended regions\n"); @@ -897,35 +899,26 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, } } - /* Remove RAM assigned to Dom0 */ - for ( i = 0; i < kinfo_mem->nr_banks; i++ ) - { - start = kinfo_mem->bank[i].start; - end = kinfo_mem->bank[i].start + kinfo_mem->bank[i].size; - res = rangeset_remove_range(unalloc_mem, PFN_DOWN(start), - PFN_DOWN(end - 1)); - if ( res ) - { - printk(XENLOG_ERR "Failed to remove: %#"PRIpaddr"->%#"PRIpaddr"\n", - start, end); - goto out; - } - } - - /* Remove reserved-memory regions */ - for ( i = 0; i < reserved_mem->nr_banks; i++ ) - { - start = reserved_mem->bank[i].start; - end = reserved_mem->bank[i].start + reserved_mem->bank[i].size; - res = rangeset_remove_range(unalloc_mem, PFN_DOWN(start), - PFN_DOWN(end - 1)); - if ( res ) + /* + * Exclude the following regions: + * 1) Remove RAM assigned to Dom0 + * 2) Remove reserved memory + */ + for ( i = 0; i < ARRAY_SIZE(mem_banks); i++ ) + for ( j = 0; j < mem_banks[i]->nr_banks; j++ ) { - printk(XENLOG_ERR "Failed to remove: %#"PRIpaddr"->%#"PRIpaddr"\n", - start, end); - goto out; + start = mem_banks[i]->bank[j].start; + end = mem_banks[i]->bank[j].start + mem_banks[i]->bank[j].size; + res = rangeset_remove_range(unalloc_mem, PFN_DOWN(start), + PFN_DOWN(end - 1)); + if ( res ) + { + printk(XENLOG_ERR + "Failed to add: %#"PRIpaddr"->%#"PRIpaddr", error %d\n", + start, end, res); + goto out; + } } - } /* Remove grant table region */ if ( kinfo->gnttab_size ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:23:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:23:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711610.1111698 (Exim 4.92) (envelope-from ) id 1rzhGq-0003Kl-Ry; Wed, 24 Apr 2024 18:23:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711610.1111698; Wed, 24 Apr 2024 18:23:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGq-0003Kf-PV; Wed, 24 Apr 2024 18:23:04 +0000 Received: by outflank-mailman (input) for mailman id 711610; Wed, 24 Apr 2024 18:23:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGq-0003KR-0m for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhGq-00083P-01 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhGp-0001lE-VE for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=X4fnSfVKTnU0q+HS+mvbRl2CFLPLB8Lu0a3g0C+90/k=; b=uFweywPbN48USXdVS8hNuytR4v XgtsqCvhXSVo1RAfLSJTULl+Wo9TZ6+Dw8n1JlHYHfIt71h+c1pX+gZo3u0SxhiiawawDDwazSBoD TXy6qivkLawidM9iJqU1Hdy4YNSxKjXDoGj5qDK2E4usGhSA3GD7Q9mHumznKIJvYXBs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Avoid code duplication in check_reserved_regions_overlap Message-Id: Date: Wed, 24 Apr 2024 18:23:03 +0000 commit 9f657d883201f8149c118cb00c1b2d7692395f5a Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:47 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Avoid code duplication in check_reserved_regions_overlap The function check_reserved_regions_overlap is calling 'meminfo_overlap_check' on the same type of structure, this code can be written in a way to avoid code duplication, so rework the function to do that. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/setup.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index e00dbb1351..003b0446af 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -340,25 +340,27 @@ void __init fw_unreserved_regions(paddr_t s, paddr_t e, bool __init check_reserved_regions_overlap(paddr_t region_start, paddr_t region_size) { + const struct membanks *mem_banks[] = { + bootinfo_get_reserved_mem(), +#ifdef CONFIG_ACPI + bootinfo_get_acpi(), +#endif + }; + unsigned int i; + /* - * Check if input region is overlapping with bootinfo_get_reserved_mem() - * banks + * Check if input region is overlapping with reserved memory banks or + * ACPI EfiACPIReclaimMemory (when ACPI feature is enabled) */ - if ( meminfo_overlap_check(bootinfo_get_reserved_mem(), - region_start, region_size) ) - return true; + for ( i = 0; i < ARRAY_SIZE(mem_banks); i++ ) + if ( meminfo_overlap_check(mem_banks[i], region_start, region_size) ) + return true; /* Check if input region is overlapping with bootmodules */ if ( bootmodules_overlap_check(&bootinfo.modules, region_start, region_size) ) return true; -#ifdef CONFIG_ACPI - /* Check if input region is overlapping with ACPI EfiACPIReclaimMemory */ - if ( meminfo_overlap_check(bootinfo_get_acpi(), region_start, region_size) ) - return true; -#endif - return false; } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:23:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:23:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711611.1111703 (Exim 4.92) (envelope-from ) id 1rzhH0-0003PR-Tb; Wed, 24 Apr 2024 18:23:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711611.1111703; Wed, 24 Apr 2024 18:23:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhH0-0003PJ-Qw; Wed, 24 Apr 2024 18:23:14 +0000 Received: by outflank-mailman (input) for mailman id 711611; Wed, 24 Apr 2024 18:23:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhH0-0003P6-4Z for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhH0-00083W-2s for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhH0-0001lx-24 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6+rfApNnhIZoCAwEDwNUmmuCGMxO+yMUX5NUKPglTL8=; b=e7qHAVGXjQidKjKKCQxxqwbl++ 1BRTjtpkmxTHIZbhI2Em2SmWfkA4TZR7807rS+fl1oVbVk9N5F5jX0uOEm2/YBUqriiwDt/r2J5py cVTW+9hqK6boI3Oum/NwODZHQ+DJ6FBfkQOt3qb/LeyqBd7Ha0r5HVarKD5rFzUdyuQU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Introduce helper for static memory pages Message-Id: Date: Wed, 24 Apr 2024 18:23:14 +0000 commit e5816ad4e807f48374b44b4aae4156a6964eb342 Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:48 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Introduce helper for static memory pages Introduce a new helper function in the static-memory module that can be called to manage static memory banks, this is done to reuse the code when other modules would like to manage static memory banks that are not part of the reserved_mem structure, this is done because the static shared memory banks will be removed from reserved_mem. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/include/asm/static-memory.h | 13 +++++++++++++ xen/arch/arm/static-memory.c | 12 +----------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/xen/arch/arm/include/asm/static-memory.h b/xen/arch/arm/include/asm/static-memory.h index 3e3efd70c3..804166e541 100644 --- a/xen/arch/arm/include/asm/static-memory.h +++ b/xen/arch/arm/include/asm/static-memory.h @@ -3,10 +3,23 @@ #ifndef __ASM_STATIC_MEMORY_H_ #define __ASM_STATIC_MEMORY_H_ +#include #include #ifdef CONFIG_STATIC_MEMORY +static inline void init_staticmem_bank(const struct membank *bank) +{ + mfn_t bank_start = _mfn(PFN_UP(bank->start)); + unsigned long bank_pages = PFN_DOWN(bank->size); + mfn_t bank_end = mfn_add(bank_start, bank_pages); + + if ( mfn_x(bank_end) <= mfn_x(bank_start) ) + return; + + unprepare_staticmem_pages(mfn_to_page(bank_start), bank_pages, false); +} + void allocate_static_memory(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node); void assign_static_memory_11(struct domain *d, struct kernel_info *kinfo, diff --git a/xen/arch/arm/static-memory.c b/xen/arch/arm/static-memory.c index 34bd12696a..d4585c5a06 100644 --- a/xen/arch/arm/static-memory.c +++ b/xen/arch/arm/static-memory.c @@ -265,17 +265,7 @@ void __init init_staticmem_pages(void) for ( bank = 0 ; bank < reserved_mem->nr_banks; bank++ ) { if ( reserved_mem->bank[bank].type == MEMBANK_STATIC_DOMAIN ) - { - mfn_t bank_start = _mfn(PFN_UP(reserved_mem->bank[bank].start)); - unsigned long bank_pages = PFN_DOWN(reserved_mem->bank[bank].size); - mfn_t bank_end = mfn_add(bank_start, bank_pages); - - if ( mfn_x(bank_end) <= mfn_x(bank_start) ) - return; - - unprepare_staticmem_pages(mfn_to_page(bank_start), - bank_pages, false); - } + init_staticmem_bank(&reserved_mem->bank[bank]); } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:23:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:23:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711614.1111706 (Exim 4.92) (envelope-from ) id 1rzhHA-0003Tv-Vq; Wed, 24 Apr 2024 18:23:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711614.1111706; Wed, 24 Apr 2024 18:23:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHA-0003To-SR; Wed, 24 Apr 2024 18:23:24 +0000 Received: by outflank-mailman (input) for mailman id 711614; Wed, 24 Apr 2024 18:23:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHA-0003Tc-6m for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHA-00083d-5y for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhHA-0001mN-5B for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=obVLQjuhU2mrz0xbmOfkqU+JPIU/qqePVHq0T+71xVo=; b=hLFrq5JbqtSgjQWk2EKsfB+T8d pWD71z/FqosePiCmrIKoIjXILsUeJLgrpeGL+/Nc4J0JYO5glFEEzWhktfK8mTF6y1GiHdg9SqbC9 c7P2YFxXHAkXIVWbju+gaetR24fPzYz9juUprisQJBfmsVF+P5sH28eQWkJydEdRQlGA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: Reduce struct membank size on static shared memory Message-Id: Date: Wed, 24 Apr 2024 18:23:24 +0000 commit 2b557af19278c2108d8d7e610c870310d6df8a99 Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:49 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Reduce struct membank size on static shared memory Currently the memory footprint of the static shared memory feature is impacting all the struct meminfo instances with memory space that is not going to be used. To solve this issue, rework the static shared memory extra information linked to the memory bank to another structure, struct shmem_membank_extra, and exploit the struct membank padding to host a pointer to that structure in a union with the enum membank_type, with this trick the 'struct membank' has the same size with or without the static shared memory, given that the 'type' and 'shmem_extra' are never used at the same time, hence the 'struct membank' won't grow in size. Afterwards, create a new structure 'struct shared_meminfo' which has the same interface of 'struct meminfo', but requires less banks, defined by the number in NR_SHMEM_BANKS, which is 32 at the moment and should be enough for the current use cases, the value might be increased in te future if needed. Finally, this structure hosts also the extra information for the static shared memory banks. The fields 'bank' and 'extra' of this structure are meant to be linked by the index (e.g. extra[idx] will have the information for the bank[idx], for i=0..NR_SHMEM_BANKS), the convinient pointer 'shmem_extra' of 'struct membank' is then linked to the related 'extra' bank to ease the fruition when a function has access only to the 'struct membanks common' of 'struct shared_meminfo'. The last part of this work is to move the allocation of the static shared memory banks from the 'reserved_mem' to a new 'shmem' member of the 'struct bootinfo'. Change also the 'shm_mem' member type to be 'struct shared_meminfo' in order to match the above changes and allow a memory space reduction also in 'struct kernel_info'. Now that the structure Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/arm32/mmu/mm.c | 24 ++++++++++ xen/arch/arm/arm64/mmu/mm.c | 2 + xen/arch/arm/bootfdt.c | 1 + xen/arch/arm/domain_build.c | 5 +++ xen/arch/arm/include/asm/kernel.h | 4 +- xen/arch/arm/include/asm/setup.h | 41 +++++++++++++++-- xen/arch/arm/include/asm/static-shmem.h | 8 ++++ xen/arch/arm/setup.c | 25 ++++++++++- xen/arch/arm/static-shmem.c | 79 +++++++++++++++++++++++++-------- 9 files changed, 165 insertions(+), 24 deletions(-) diff --git a/xen/arch/arm/arm32/mmu/mm.c b/xen/arch/arm/arm32/mmu/mm.c index 84c89da909..23150122f7 100644 --- a/xen/arch/arm/arm32/mmu/mm.c +++ b/xen/arch/arm/arm32/mmu/mm.c @@ -8,6 +8,7 @@ #include #include #include +#include static unsigned long opt_xenheap_megabytes __initdata; integer_param("xenheap_megabytes", opt_xenheap_megabytes); @@ -43,6 +44,9 @@ static paddr_t __init consider_modules(paddr_t s, paddr_t e, int first_mod) { const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); +#ifdef CONFIG_STATIC_SHM + const struct membanks *shmem = bootinfo_get_shmem(); +#endif const struct bootmodules *mi = &bootinfo.modules; int i; int nr; @@ -119,6 +123,25 @@ static paddr_t __init consider_modules(paddr_t s, paddr_t e, return consider_modules(s, r_s, size, align, i + 1); } } + +#ifdef CONFIG_STATIC_SHM + nr += reserved_mem->nr_banks; + for ( ; i - nr < shmem->nr_banks; i++ ) + { + paddr_t r_s = shmem->bank[i - nr].start; + paddr_t r_e = r_s + shmem->bank[i - nr].size; + + if ( s < r_e && r_s < e ) + { + r_e = consider_modules(r_e, e, size, align, i + 1); + if ( r_e ) + return r_e; + + return consider_modules(s, r_s, size, align, i + 1); + } + } +#endif + return e; } @@ -295,6 +318,7 @@ void __init setup_mm(void) mfn_to_maddr(directmap_mfn_end)); init_staticmem_pages(); + init_sharedmem_pages(); } /* diff --git a/xen/arch/arm/arm64/mmu/mm.c b/xen/arch/arm/arm64/mmu/mm.c index f8aaf4ac18..293acb67e0 100644 --- a/xen/arch/arm/arm64/mmu/mm.c +++ b/xen/arch/arm/arm64/mmu/mm.c @@ -6,6 +6,7 @@ #include #include +#include /* Override macros from asm/page.h to make them work with mfn_t */ #undef virt_to_mfn @@ -236,6 +237,7 @@ void __init setup_mm(void) max_page = PFN_DOWN(ram_end); init_staticmem_pages(); + init_sharedmem_pages(); } /* diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c index 4c80962f79..4d708442a1 100644 --- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -511,6 +511,7 @@ static void __init early_print_info(void) mem_resv->bank[j].start, mem_resv->bank[j].start + mem_resv->bank[j].size - 1); } + early_print_info_shmem(); printk("\n"); for ( i = 0 ; i < cmds->nr_mods; i++ ) printk("CMDLINE[%"PRIpaddr"]:%s %s\n", cmds->cmdline[i].start, diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 7c70382544..2fc7feeae3 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -863,6 +863,7 @@ static int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, * regions we exclude every region assigned to Dom0 from the Host RAM: * - domain RAM * - reserved-memory + * - static shared memory * - grant table space */ static int __init find_unallocated_memory(const struct kernel_info *kinfo, @@ -872,6 +873,9 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, const struct membanks *mem_banks[] = { kernel_info_get_mem(kinfo), bootinfo_get_reserved_mem(), +#ifdef CONFIG_STATIC_SHM + bootinfo_get_shmem(), +#endif }; struct rangeset *unalloc_mem; paddr_t start, end; @@ -903,6 +907,7 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, * Exclude the following regions: * 1) Remove RAM assigned to Dom0 * 2) Remove reserved memory + * 3) Remove static shared memory (when the feature is enabled) */ for ( i = 0; i < ARRAY_SIZE(mem_banks); i++ ) for ( j = 0; j < mem_banks[i]->nr_banks; j++ ) diff --git a/xen/arch/arm/include/asm/kernel.h b/xen/arch/arm/include/asm/kernel.h index eb3cb7809c..16a2bfc01e 100644 --- a/xen/arch/arm/include/asm/kernel.h +++ b/xen/arch/arm/include/asm/kernel.h @@ -40,7 +40,7 @@ struct kernel_info { paddr_t unassigned_mem; /* RAM not (yet) assigned to a bank */ struct meminfo mem; #ifdef CONFIG_STATIC_SHM - struct meminfo shm_mem; + struct shared_meminfo shm_mem; #endif /* kernel entry point */ @@ -83,7 +83,7 @@ struct kernel_info { #define kernel_info_get_mem(kinfo) (&(kinfo)->mem.common) #ifdef CONFIG_STATIC_SHM -#define KERNEL_INFO_SHM_MEM_INIT .shm_mem.common.max_banks = NR_MEM_BANKS, +#define KERNEL_INFO_SHM_MEM_INIT .shm_mem.common.max_banks = NR_SHMEM_BANKS, #else #define KERNEL_INFO_SHM_MEM_INIT #endif diff --git a/xen/arch/arm/include/asm/setup.h b/xen/arch/arm/include/asm/setup.h index 696f55db86..28fb659fe9 100644 --- a/xen/arch/arm/include/asm/setup.h +++ b/xen/arch/arm/include/asm/setup.h @@ -9,6 +9,7 @@ #define MAX_FDT_SIZE SZ_2M #define NR_MEM_BANKS 256 +#define NR_SHMEM_BANKS 32 #define MAX_MODULES 32 /* Current maximum useful modules */ @@ -46,14 +47,20 @@ enum membank_type { /* Indicates the maximum number of characters(\0 included) for shm_id */ #define MAX_SHM_ID_LENGTH 16 +struct shmem_membank_extra { + char shm_id[MAX_SHM_ID_LENGTH]; + unsigned int nr_shm_borrowers; +}; + struct membank { paddr_t start; paddr_t size; - enum membank_type type; + union { + enum membank_type type; #ifdef CONFIG_STATIC_SHM - char shm_id[MAX_SHM_ID_LENGTH]; - unsigned int nr_shm_borrowers; + struct shmem_membank_extra *shmem_extra; #endif + }; }; struct membanks { @@ -67,6 +74,12 @@ struct meminfo { struct membank bank[NR_MEM_BANKS]; }; +struct shared_meminfo { + struct membanks common; + struct membank bank[NR_SHMEM_BANKS]; + struct shmem_membank_extra extra[NR_SHMEM_BANKS]; +}; + /* * The domU flag is set for kernels and ramdisks of "xen,domain" nodes. * The purpose of the domU flag is to avoid getting confused in @@ -109,6 +122,9 @@ struct bootinfo { struct bootcmdlines cmdlines; #ifdef CONFIG_ACPI struct meminfo acpi; +#endif +#ifdef CONFIG_STATIC_SHM + struct shared_meminfo shmem; #endif bool static_heap; }; @@ -119,11 +135,18 @@ struct bootinfo { #define BOOTINFO_ACPI_INIT #endif +#ifdef CONFIG_STATIC_SHM +#define BOOTINFO_SHMEM_INIT .shmem.common.max_banks = NR_SHMEM_BANKS, +#else +#define BOOTINFO_SHMEM_INIT +#endif + #define BOOTINFO_INIT \ { \ .mem.common.max_banks = NR_MEM_BANKS, \ .reserved_mem.common.max_banks = NR_MEM_BANKS, \ BOOTINFO_ACPI_INIT \ + BOOTINFO_SHMEM_INIT \ } struct map_range_data @@ -158,6 +181,18 @@ static inline struct membanks *bootinfo_get_acpi(void) } #endif +#ifdef CONFIG_STATIC_SHM +static inline struct membanks *bootinfo_get_shmem(void) +{ + return &bootinfo.shmem.common; +} + +static inline struct shmem_membank_extra *bootinfo_get_shmem_extra(void) +{ + return bootinfo.shmem.extra; +} +#endif + void copy_from_paddr(void *dst, paddr_t paddr, unsigned long len); size_t estimate_efi_size(unsigned int mem_nr_banks); diff --git a/xen/arch/arm/include/asm/static-shmem.h b/xen/arch/arm/include/asm/static-shmem.h index 680594b684..90aafc81e7 100644 --- a/xen/arch/arm/include/asm/static-shmem.h +++ b/xen/arch/arm/include/asm/static-shmem.h @@ -24,6 +24,10 @@ static inline int process_shm_chosen(struct domain *d, int process_shm_node(const void *fdt, int node, uint32_t address_cells, uint32_t size_cells); +void early_print_info_shmem(void); + +void init_sharedmem_pages(void); + #else /* !CONFIG_STATIC_SHM */ static inline int make_resv_memory_node(const struct kernel_info *kinfo, @@ -51,6 +55,10 @@ static inline int process_shm_node(const void *fdt, int node, return -EINVAL; } +static inline void early_print_info_shmem(void) {}; + +static inline void init_sharedmem_pages(void) {}; + #endif /* CONFIG_STATIC_SHM */ #endif /* __ASM_STATIC_SHMEM_H_ */ diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 003b0446af..d242674381 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -208,6 +208,9 @@ static void __init dt_unreserved_regions(paddr_t s, paddr_t e, unsigned int first) { const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); +#ifdef CONFIG_STATIC_SHM + const struct membanks *shmem = bootinfo_get_shmem(); +#endif unsigned int i, nr; int rc; @@ -258,6 +261,22 @@ static void __init dt_unreserved_regions(paddr_t s, paddr_t e, } } +#ifdef CONFIG_STATIC_SHM + nr += reserved_mem->nr_banks; + for ( ; i - nr < shmem->nr_banks; i++ ) + { + paddr_t r_s = shmem->bank[i - nr].start; + paddr_t r_e = r_s + shmem->bank[i - nr].size; + + if ( s < r_e && r_s < e ) + { + dt_unreserved_regions(r_e, e, cb, i + 1); + dt_unreserved_regions(s, r_s, cb, i + 1); + return; + } + } +#endif + cb(s, e); } @@ -344,13 +363,17 @@ bool __init check_reserved_regions_overlap(paddr_t region_start, bootinfo_get_reserved_mem(), #ifdef CONFIG_ACPI bootinfo_get_acpi(), +#endif +#ifdef CONFIG_STATIC_SHM + bootinfo_get_shmem(), #endif }; unsigned int i; /* * Check if input region is overlapping with reserved memory banks or - * ACPI EfiACPIReclaimMemory (when ACPI feature is enabled) + * ACPI EfiACPIReclaimMemory (when ACPI feature is enabled) or static + * shared memory banks (when static shared memory feature is enabled) */ for ( i = 0; i < ARRAY_SIZE(mem_banks); i++ ) if ( meminfo_overlap_check(mem_banks[i], region_start, region_size) ) diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index 11f3c0da81..fcf8227bf4 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -4,29 +4,40 @@ #include #include +#include #include +static void __init __maybe_unused build_assertions(void) +{ + /* + * Check that no padding is between struct membanks "bank" flexible array + * member and struct shared_meminfo "bank" member + */ + BUILD_BUG_ON((offsetof(struct membanks, bank) != + offsetof(struct shared_meminfo, bank))); +} + static int __init acquire_nr_borrower_domain(struct domain *d, paddr_t pbase, paddr_t psize, unsigned long *nr_borrowers) { - const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); + const struct membanks *shmem = bootinfo_get_shmem(); unsigned int bank; /* Iterate reserved memory to find requested shm bank. */ - for ( bank = 0 ; bank < reserved_mem->nr_banks; bank++ ) + for ( bank = 0 ; bank < shmem->nr_banks; bank++ ) { - paddr_t bank_start = reserved_mem->bank[bank].start; - paddr_t bank_size = reserved_mem->bank[bank].size; + paddr_t bank_start = shmem->bank[bank].start; + paddr_t bank_size = shmem->bank[bank].size; if ( (pbase == bank_start) && (psize == bank_size) ) break; } - if ( bank == reserved_mem->nr_banks ) + if ( bank == shmem->nr_banks ) return -ENOENT; - *nr_borrowers = reserved_mem->bank[bank].nr_shm_borrowers; + *nr_borrowers = shmem->bank[bank].shmem_extra->nr_shm_borrowers; return 0; } @@ -158,16 +169,22 @@ static int __init assign_shared_memory(struct domain *d, return ret; } -static int __init append_shm_bank_to_domain(struct membanks *shm_mem, - paddr_t start, paddr_t size, - const char *shm_id) +static int __init +append_shm_bank_to_domain(struct shared_meminfo *kinfo_shm_mem, paddr_t start, + paddr_t size, const char *shm_id) { + struct membanks *shm_mem = &kinfo_shm_mem->common; + struct shmem_membank_extra *shm_mem_extra; + if ( shm_mem->nr_banks >= shm_mem->max_banks ) return -ENOMEM; + shm_mem_extra = &kinfo_shm_mem->extra[shm_mem->nr_banks]; + shm_mem->bank[shm_mem->nr_banks].start = start; shm_mem->bank[shm_mem->nr_banks].size = size; - safe_strcpy(shm_mem->bank[shm_mem->nr_banks].shm_id, shm_id); + safe_strcpy(shm_mem_extra->shm_id, shm_id); + shm_mem->bank[shm_mem->nr_banks].shmem_extra = shm_mem_extra; shm_mem->nr_banks++; return 0; @@ -270,7 +287,7 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, * Record static shared memory region info for later setting * up shm-node in guest device tree. */ - ret = append_shm_bank_to_domain(&kinfo->shm_mem.common, gbase, psize, + ret = append_shm_bank_to_domain(&kinfo->shm_mem, gbase, psize, shm_id); if ( ret ) return ret; @@ -325,7 +342,8 @@ static int __init make_shm_memory_node(const struct kernel_info *kinfo, dt_dprintk("Shared memory bank %u: %#"PRIx64"->%#"PRIx64"\n", i, start, start + size); - res = fdt_property_string(fdt, "xen,id", mem->bank[i].shm_id); + res = fdt_property_string(fdt, "xen,id", + mem->bank[i].shmem_extra->shm_id); if ( res ) return res; @@ -353,7 +371,8 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, const struct fdt_property *prop, *prop_id, *prop_role; const __be32 *cell; paddr_t paddr, gaddr, size, end; - struct membanks *mem = bootinfo_get_reserved_mem(); + struct membanks *mem = bootinfo_get_shmem(); + struct shmem_membank_extra *shmem_extra = bootinfo_get_shmem_extra(); unsigned int i; int len; bool owner = false; @@ -442,7 +461,8 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, */ if ( paddr == mem->bank[i].start && size == mem->bank[i].size ) { - if ( strncmp(shm_id, mem->bank[i].shm_id, MAX_SHM_ID_LENGTH) == 0 ) + if ( strncmp(shm_id, shmem_extra[i].shm_id, + MAX_SHM_ID_LENGTH) == 0 ) break; else { @@ -451,7 +471,8 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, return -EINVAL; } } - else if ( strncmp(shm_id, mem->bank[i].shm_id, MAX_SHM_ID_LENGTH) != 0 ) + else if ( strncmp(shm_id, shmem_extra[i].shm_id, + MAX_SHM_ID_LENGTH) != 0 ) continue; else { @@ -469,10 +490,10 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, return -EINVAL; /* Static shared memory shall be reserved from any other use. */ - safe_strcpy(mem->bank[mem->nr_banks].shm_id, shm_id); + safe_strcpy(shmem_extra[mem->nr_banks].shm_id, shm_id); mem->bank[mem->nr_banks].start = paddr; mem->bank[mem->nr_banks].size = size; - mem->bank[mem->nr_banks].type = MEMBANK_STATIC_DOMAIN; + mem->bank[mem->nr_banks].shmem_extra = &shmem_extra[mem->nr_banks]; mem->nr_banks++; } else @@ -486,7 +507,7 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, * to calculate the reference count. */ if ( !owner ) - mem->bank[i].nr_shm_borrowers++; + shmem_extra[i].nr_shm_borrowers++; return 0; } @@ -531,6 +552,28 @@ int __init make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, return res; } +void __init early_print_info_shmem(void) +{ + const struct membanks *shmem = bootinfo_get_shmem(); + unsigned int bank; + + for ( bank = 0; bank < shmem->nr_banks; bank++ ) + { + printk(" SHMEM[%u]: %"PRIpaddr" - %"PRIpaddr"\n", bank, + shmem->bank[bank].start, + shmem->bank[bank].start + shmem->bank[bank].size - 1); + } +} + +void __init init_sharedmem_pages(void) +{ + const struct membanks *shmem = bootinfo_get_shmem(); + unsigned int bank; + + for ( bank = 0 ; bank < shmem->nr_banks; bank++ ) + init_staticmem_bank(&shmem->bank[bank]); +} + /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:23:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:23:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711615.1111711 (Exim 4.92) (envelope-from ) id 1rzhHM-0003Yg-2u; Wed, 24 Apr 2024 18:23:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711615.1111711; Wed, 24 Apr 2024 18:23:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHM-0003YY-08; Wed, 24 Apr 2024 18:23:36 +0000 Received: by outflank-mailman (input) for mailman id 711615; Wed, 24 Apr 2024 18:23:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHK-0003YH-9d for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHK-00083n-8w for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhHK-0001mo-8G for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Hs2+rk5ShKmFNBvIxC1fecDMWbuvUCBn7vfD1q2eM78=; b=T2ByFINYLKvgW7gPBz/MsAKxvo FMMsQG0HYEGbn9J4xLZlyUv5uUGnWabCMy3XhDg352YOIUigRz2gMvUJCukiolqJ/KOJGEa39blz7 /uhM870CeNiUT/JakqQlbt2nVjRVYzZuZRAbAbocug70EqOQ6Eqj34O8vJibSfHMpi6E=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: remove shm holes from extended regions Message-Id: Date: Wed, 24 Apr 2024 18:23:34 +0000 commit a0fee882c1404500470fe4e0ade1495dea6c1f04 Author: Penny Zheng AuthorDate: Thu Apr 18 08:36:50 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: remove shm holes from extended regions Static shared memory acts as reserved memory in guest, so it shall be excluded from extended regions. Extended regions are taken care of under three different scenarios: normal DomU, direct-map domain with iommu on, and direct-map domain with iommu off. For normal DomU, we create a new function "remove_shm_holes_for_domU", to firstly transfer original outputs into the format of "struct rangeset", then use "remove_shm_from_rangeset" to remove static shm from them. For direct-map domain with iommu on, after we get guest shm info from "kinfo", we use "remove_shm_from_rangeset" to remove static shm. For direct-map domain with iommu off, as static shm has already been taken care of through find_unallocated_memory, we do nothing. Signed-off-by: Penny Zheng Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/domain_build.c | 16 ++++-- xen/arch/arm/include/asm/domain_build.h | 2 + xen/arch/arm/include/asm/static-shmem.h | 18 +++++++ xen/arch/arm/static-shmem.c | 94 +++++++++++++++++++++++++++++++++ 4 files changed, 127 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 2fc7feeae3..0cc39b0bd7 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -816,8 +816,8 @@ int __init make_memory_node(const struct domain *d, return res; } -static int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, - void *data) +int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, + void *data) { struct membanks *ext_regions = data; paddr_t start, size; @@ -990,6 +990,8 @@ static int __init handle_pci_range(const struct dt_device_node *dev, * - MMIO * - Host RAM * - PCI aperture + * - Static shared memory regions, which are described by special property + * "xen,shared-mem" */ static int __init find_memory_holes(const struct kernel_info *kinfo, struct membanks *ext_regions) @@ -1017,6 +1019,11 @@ static int __init find_memory_holes(const struct kernel_info *kinfo, goto out; } + /* Remove static shared memory regions */ + res = remove_shm_from_rangeset(kinfo, mem_holes); + if ( res ) + goto out; + /* * Remove regions described by "reg" and "ranges" properties where * the memory is addressable (MMIO, RAM, PCI BAR, etc). @@ -1109,7 +1116,10 @@ static int __init find_domU_holes(const struct kernel_info *kinfo, res = 0; } - return res; + if ( res ) + return res; + + return remove_shm_holes_for_domU(kinfo, ext_regions); } int __init make_hypervisor_node(struct domain *d, diff --git a/xen/arch/arm/include/asm/domain_build.h b/xen/arch/arm/include/asm/domain_build.h index a6f276cc42..026d975da2 100644 --- a/xen/arch/arm/include/asm/domain_build.h +++ b/xen/arch/arm/include/asm/domain_build.h @@ -51,6 +51,8 @@ static inline int prepare_acpi(struct domain *d, struct kernel_info *kinfo) int prepare_acpi(struct domain *d, struct kernel_info *kinfo); #endif +int add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, void *data); + #endif /* diff --git a/xen/arch/arm/include/asm/static-shmem.h b/xen/arch/arm/include/asm/static-shmem.h index 90aafc81e7..2e8b138eb9 100644 --- a/xen/arch/arm/include/asm/static-shmem.h +++ b/xen/arch/arm/include/asm/static-shmem.h @@ -28,6 +28,12 @@ void early_print_info_shmem(void); void init_sharedmem_pages(void); +int remove_shm_from_rangeset(const struct kernel_info *kinfo, + struct rangeset *rangeset); + +int remove_shm_holes_for_domU(const struct kernel_info *kinfo, + struct membanks *ext_regions); + #else /* !CONFIG_STATIC_SHM */ static inline int make_resv_memory_node(const struct kernel_info *kinfo, @@ -59,6 +65,18 @@ static inline void early_print_info_shmem(void) {}; static inline void init_sharedmem_pages(void) {}; +static inline int remove_shm_from_rangeset(const struct kernel_info *kinfo, + struct rangeset *rangeset) +{ + return 0; +} + +static inline int remove_shm_holes_for_domU(const struct kernel_info *kinfo, + struct membanks *ext_regions) +{ + return 0; +} + #endif /* CONFIG_STATIC_SHM */ #endif /* __ASM_STATIC_SHMEM_H_ */ diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index fcf8227bf4..12e2df9399 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0-only */ #include +#include #include #include @@ -574,6 +575,99 @@ void __init init_sharedmem_pages(void) init_staticmem_bank(&shmem->bank[bank]); } +int __init remove_shm_from_rangeset(const struct kernel_info *kinfo, + struct rangeset *rangeset) +{ + const struct membanks *shm_mem = &kinfo->shm_mem.common; + unsigned int i; + + /* Remove static shared memory regions */ + for ( i = 0; i < shm_mem->nr_banks; i++ ) + { + paddr_t start, end; + int res; + + start = shm_mem->bank[i].start; + end = shm_mem->bank[i].start + shm_mem->bank[i].size; + res = rangeset_remove_range(rangeset, PFN_DOWN(start), + PFN_DOWN(end - 1)); + if ( res ) + { + printk(XENLOG_ERR + "Failed to remove: %#"PRIpaddr"->%#"PRIpaddr", error: %d\n", + start, end, res); + return -EINVAL; + } + } + + return 0; +} + +int __init remove_shm_holes_for_domU(const struct kernel_info *kinfo, + struct membanks *ext_regions) +{ + const struct membanks *shm_mem = &kinfo->shm_mem.common; + struct rangeset *guest_holes; + unsigned int i; + paddr_t start; + paddr_t end; + int res; + + /* No static shared memory region. */ + if ( shm_mem->nr_banks == 0 ) + return 0; + + dt_dprintk("Remove static shared memory holes from extended regions of DomU\n"); + + guest_holes = rangeset_new(NULL, NULL, 0); + if ( !guest_holes ) + return -ENOMEM; + + /* Copy extended regions sets into the rangeset */ + for ( i = 0; i < ext_regions->nr_banks; i++ ) + { + start = ext_regions->bank[i].start; + end = start + ext_regions->bank[i].size; + + res = rangeset_add_range(guest_holes, PFN_DOWN(start), + PFN_DOWN(end - 1)); + if ( res ) + { + printk(XENLOG_ERR + "Failed to add: %#"PRIpaddr"->%#"PRIpaddr", error: %d\n", + start, end, res); + goto out; + } + } + + /* Remove static shared memory regions */ + res = remove_shm_from_rangeset(kinfo, guest_holes); + if ( res ) + goto out; + + /* + * Take the interval of memory starting from the first extended region bank + * start address and ending to the end of the last extended region bank. + */ + i = ext_regions->nr_banks - 1; + start = ext_regions->bank[0].start; + end = ext_regions->bank[i].start + ext_regions->bank[i].size - 1; + + /* Reset original extended regions to hold new value */ + ext_regions->nr_banks = 0; + res = rangeset_report_ranges(guest_holes, PFN_DOWN(start), PFN_DOWN(end), + add_ext_regions, ext_regions); + if ( res ) + ext_regions->nr_banks = 0; + else if ( !ext_regions->nr_banks ) + res = -ENOENT; + + out: + rangeset_destroy(guest_holes); + + return res; +} + /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:23:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:23:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711616.1111715 (Exim 4.92) (envelope-from ) id 1rzhHW-0003g3-4S; Wed, 24 Apr 2024 18:23:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711616.1111715; Wed, 24 Apr 2024 18:23:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHW-0003fv-1e; Wed, 24 Apr 2024 18:23:46 +0000 Received: by outflank-mailman (input) for mailman id 711616; Wed, 24 Apr 2024 18:23:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHU-0003fU-Cd for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHU-000840-Bs for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhHU-0001nL-B7 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+rkCo8EFUZ/bA0V37C9JByiBmdaY8oHM3xMjtNE3f14=; b=L2vldOr522qpNaKhYxOTGch+c8 orXi7sQnd51UWDL0SJ5L6/YDzaYJJhefs4HI649JdUC0Gz5AqhqPIc1KVkK1v/NZtNuQ0jYphi242 jmaujH2KAyKl/+WexO3eRpKmGjJV2J6GgWMt5RBuEtrYc/+fr7b0pdbdF3VMFksV4XwQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: fix duplicate /reserved-memory node in Dom0 Message-Id: Date: Wed, 24 Apr 2024 18:23:44 +0000 commit 51a2b3f109189ec2f3ea9a14921e6976e6098577 Author: Penny Zheng AuthorDate: Thu Apr 18 08:36:51 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: fix duplicate /reserved-memory node in Dom0 In case there is a /reserved-memory node already present in the host dtb, current Xen codes would create yet another /reserved-memory node when the static shared memory feature is enabled and static shared memory regions are present. This would result in an incorrect device tree generation and hwdom would not be able to detect the static shared memory region. Avoid this issue by checking the presence of the /reserved-memory node and appending the nodes instead of generating a duplicate /reserved-memory. Make make_shm_memory_node externally visible and rename it to make_shm_resv_memory_node to make clear it produces childs for /reserved-memory. Signed-off-by: Penny Zheng Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/domain_build.c | 23 ++++++++++++++++++++--- xen/arch/arm/include/asm/static-shmem.h | 9 +++++++++ xen/arch/arm/static-shmem.c | 8 ++++---- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 0cc39b0bd7..68532ddc08 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -1640,6 +1640,7 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, DT_MATCH_PATH("/hypervisor"), { /* sentinel */ }, }; + static __initdata bool res_mem_node_found = false; struct dt_device_node *child; int res, i, nirq, irq_id; const char *name; @@ -1734,6 +1735,19 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, if ( res ) return res; + if ( dt_node_path_is_equal(node, "/reserved-memory") ) + { + res_mem_node_found = true; + /* + * Avoid duplicate /reserved-memory nodes in Device Tree, so add the + * static shared memory nodes there. + */ + res = make_shm_resv_memory_node(kinfo, dt_n_addr_cells(node), + dt_n_size_cells(node)); + if ( res ) + return res; + } + for ( child = node->child; child != NULL; child = child->sibling ) { res = handle_node(d, kinfo, child, p2mt); @@ -1786,9 +1800,12 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, return res; } - res = make_resv_memory_node(kinfo, addrcells, sizecells); - if ( res ) - return res; + if ( !res_mem_node_found ) + { + res = make_resv_memory_node(kinfo, addrcells, sizecells); + if ( res ) + return res; + } } res = fdt_end_node(kinfo->fdt); diff --git a/xen/arch/arm/include/asm/static-shmem.h b/xen/arch/arm/include/asm/static-shmem.h index 2e8b138eb9..7495a91e7a 100644 --- a/xen/arch/arm/include/asm/static-shmem.h +++ b/xen/arch/arm/include/asm/static-shmem.h @@ -34,6 +34,9 @@ int remove_shm_from_rangeset(const struct kernel_info *kinfo, int remove_shm_holes_for_domU(const struct kernel_info *kinfo, struct membanks *ext_regions); +int make_shm_resv_memory_node(const struct kernel_info *kinfo, int addrcells, + int sizecells); + #else /* !CONFIG_STATIC_SHM */ static inline int make_resv_memory_node(const struct kernel_info *kinfo, @@ -77,6 +80,12 @@ static inline int remove_shm_holes_for_domU(const struct kernel_info *kinfo, return 0; } +static inline int make_shm_resv_memory_node(const struct kernel_info *kinfo, + int addrcells, int sizecells) +{ + return 0; +} + #endif /* CONFIG_STATIC_SHM */ #endif /* __ASM_STATIC_SHMEM_H_ */ diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index 12e2df9399..c85f60dd1b 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -297,8 +297,8 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, return 0; } -static int __init make_shm_memory_node(const struct kernel_info *kinfo, - int addrcells, int sizecells) +int __init make_shm_resv_memory_node(const struct kernel_info *kinfo, + int addrcells, int sizecells) { const struct membanks *mem = &kinfo->shm_mem.common; void *fdt = kinfo->fdt; @@ -306,7 +306,7 @@ static int __init make_shm_memory_node(const struct kernel_info *kinfo, int res = 0; if ( mem->nr_banks == 0 ) - return -ENOENT; + return 0; /* * For each shared memory region, a range is exposed under @@ -544,7 +544,7 @@ int __init make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, if ( res ) return res; - res = make_shm_memory_node(kinfo, addrcells, sizecells); + res = make_shm_resv_memory_node(kinfo, addrcells, sizecells); if ( res ) return res; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Wed Apr 24 18:23:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Wed, 24 Apr 2024 18:23:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711617.1111719 (Exim 4.92) (envelope-from ) id 1rzhHg-0003oW-5d; Wed, 24 Apr 2024 18:23:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711617.1111719; Wed, 24 Apr 2024 18:23:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHg-0003oO-32; Wed, 24 Apr 2024 18:23:56 +0000 Received: by outflank-mailman (input) for mailman id 711617; Wed, 24 Apr 2024 18:23:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHe-0003nr-Fl for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzhHe-00084N-Ev for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzhHe-0001nv-E2 for xen-changelog@lists.xenproject.org; Wed, 24 Apr 2024 18:23:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=UyYP2sAmqB3TP88iw3J01z4ajq8I99j2RKUHccEtGMk=; b=ONnk6f6jP+/m9Uzy4irfozC0F3 6y9Rmr6Zc+L4pgBaKjnSgY0QNPEsALLAPe2B9kbI3pR0OZ0JqNFVsJ0hA1m9RbIs9wDq/lGOrZr6F nMQNlQyunVo3bLMMRXr46IxKuktHYbTU8P/qRmdXJIYIqG10bjlOctd1wnboPvT/DOdE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/arm: List static shared memory regions as /memory nodes Message-Id: Date: Wed, 24 Apr 2024 18:23:54 +0000 commit 7846f7699fea25502061a05ea847e942ea624f12 Author: Luca Fancellu AuthorDate: Mon Apr 22 12:02:07 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: List static shared memory regions as /memory nodes Currently Xen is not exporting the static shared memory regions to the device tree as /memory node, this commit is fixing this issue. Given that now make_memory_node needs a parameter 'struct kernel_info' in order to call the new function shm_mem_node_fill_reg_range, take the occasion to remove the unused struct domain parameter. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/dom0less-build.c | 2 +- xen/arch/arm/domain_build.c | 34 ++++++++++++++++++++++----------- xen/arch/arm/include/asm/domain_build.h | 2 +- xen/arch/arm/include/asm/static-shmem.h | 15 +++++++++++++++ xen/arch/arm/static-shmem.c | 23 ++++++++++++++++++++++ 5 files changed, 63 insertions(+), 13 deletions(-) diff --git a/xen/arch/arm/dom0less-build.c b/xen/arch/arm/dom0less-build.c index 51cf03221d..74f053c242 100644 --- a/xen/arch/arm/dom0less-build.c +++ b/xen/arch/arm/dom0less-build.c @@ -642,7 +642,7 @@ static int __init prepare_dtb_domU(struct domain *d, struct kernel_info *kinfo) if ( ret ) goto err; - ret = make_memory_node(d, kinfo->fdt, addrcells, sizecells, + ret = make_memory_node(kinfo, addrcells, sizecells, kernel_info_get_mem(kinfo)); if ( ret ) goto err; diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 68532ddc08..0784e4c5e3 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -756,15 +756,14 @@ int __init domain_fdt_begin_node(void *fdt, const char *name, uint64_t unit) return fdt_begin_node(fdt, buf); } -int __init make_memory_node(const struct domain *d, - void *fdt, - int addrcells, int sizecells, - const struct membanks *mem) +int __init make_memory_node(const struct kernel_info *kinfo, int addrcells, + int sizecells, const struct membanks *mem) { + void *fdt = kinfo->fdt; unsigned int i; int res, reg_size = addrcells + sizecells; int nr_cells = 0; - __be32 reg[NR_MEM_BANKS * 4 /* Worst case addrcells + sizecells */]; + __be32 reg[DT_MEM_NODE_REG_RANGE_SIZE]; __be32 *cells; if ( mem->nr_banks == 0 ) @@ -797,14 +796,28 @@ int __init make_memory_node(const struct domain *d, if ( mem->bank[i].type == MEMBANK_STATIC_DOMAIN ) continue; - dt_dprintk(" Bank %d: %#"PRIx64"->%#"PRIx64"\n", - i, start, start + size); - nr_cells += reg_size; BUG_ON(nr_cells >= ARRAY_SIZE(reg)); dt_child_set_range(&cells, addrcells, sizecells, start, size); } + /* + * static shared memory banks need to be listed as /memory node, so when + * this function is handling the normal memory, add the banks. + */ + if ( mem == kernel_info_get_mem(kinfo) ) + shm_mem_node_fill_reg_range(kinfo, reg, &nr_cells, addrcells, + sizecells); + + for ( cells = reg, i = 0; cells < reg + nr_cells; i++, cells += reg_size ) + { + uint64_t start = dt_read_number(cells, addrcells); + uint64_t size = dt_read_number(cells + addrcells, sizecells); + + dt_dprintk(" Bank %u: %#"PRIx64"->%#"PRIx64"\n", + i, start, start + size); + } + dt_dprintk("(reg size %d, nr cells %d)\n", reg_size, nr_cells); res = fdt_property(fdt, "reg", reg, nr_cells * sizeof(*reg)); @@ -1783,7 +1796,7 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, if ( res ) return res; - res = make_memory_node(d, kinfo->fdt, addrcells, sizecells, + res = make_memory_node(kinfo, addrcells, sizecells, kernel_info_get_mem(kinfo)); if ( res ) return res; @@ -1794,8 +1807,7 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, */ if ( reserved_mem->nr_banks > 0 ) { - res = make_memory_node(d, kinfo->fdt, addrcells, sizecells, - reserved_mem); + res = make_memory_node(kinfo, addrcells, sizecells, reserved_mem); if ( res ) return res; } diff --git a/xen/arch/arm/include/asm/domain_build.h b/xen/arch/arm/include/asm/domain_build.h index 026d975da2..45936212ca 100644 --- a/xen/arch/arm/include/asm/domain_build.h +++ b/xen/arch/arm/include/asm/domain_build.h @@ -14,7 +14,7 @@ int make_chosen_node(const struct kernel_info *kinfo); int make_cpus_node(const struct domain *d, void *fdt); int make_hypervisor_node(struct domain *d, const struct kernel_info *kinfo, int addrcells, int sizecells); -int make_memory_node(const struct domain *d, void *fdt, int addrcells, +int make_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells, const struct membanks *mem); int make_psci_node(void *fdt); int make_timer_node(const struct kernel_info *kinfo); diff --git a/xen/arch/arm/include/asm/static-shmem.h b/xen/arch/arm/include/asm/static-shmem.h index 7495a91e7a..3b6569e570 100644 --- a/xen/arch/arm/include/asm/static-shmem.h +++ b/xen/arch/arm/include/asm/static-shmem.h @@ -3,10 +3,15 @@ #ifndef __ASM_STATIC_SHMEM_H_ #define __ASM_STATIC_SHMEM_H_ +#include #include +#include #ifdef CONFIG_STATIC_SHM +/* Worst case /memory node reg element: (addrcells + sizecells) */ +#define DT_MEM_NODE_REG_RANGE_SIZE ((NR_MEM_BANKS + NR_SHMEM_BANKS) * 4) + int make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells); @@ -37,8 +42,14 @@ int remove_shm_holes_for_domU(const struct kernel_info *kinfo, int make_shm_resv_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells); +void shm_mem_node_fill_reg_range(const struct kernel_info *kinfo, __be32 *reg, + int *nr_cells, int addrcells, int sizecells); + #else /* !CONFIG_STATIC_SHM */ +/* Worst case /memory node reg element: (addrcells + sizecells) */ +#define DT_MEM_NODE_REG_RANGE_SIZE (NR_MEM_BANKS * 4) + static inline int make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells) { @@ -86,6 +97,10 @@ static inline int make_shm_resv_memory_node(const struct kernel_info *kinfo, return 0; } +static inline void shm_mem_node_fill_reg_range(const struct kernel_info *kinfo, + __be32 *reg, int *nr_cells, + int addrcells, int sizecells) {}; + #endif /* CONFIG_STATIC_SHM */ #endif /* __ASM_STATIC_SHMEM_H_ */ diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index c85f60dd1b..09f474ec60 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -1,5 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ +#include #include #include #include @@ -668,6 +669,28 @@ int __init remove_shm_holes_for_domU(const struct kernel_info *kinfo, return res; } +void __init shm_mem_node_fill_reg_range(const struct kernel_info *kinfo, + __be32 *reg, int *nr_cells, + int addrcells, int sizecells) +{ + const struct membanks *mem = &kinfo->shm_mem.common; + unsigned int i; + __be32 *cells; + + BUG_ON(!nr_cells || !reg); + + cells = ®[*nr_cells]; + for ( i = 0; i < mem->nr_banks; i++ ) + { + paddr_t start = mem->bank[i].start; + paddr_t size = mem->bank[i].size; + + *nr_cells += addrcells + sizecells; + BUG_ON(*nr_cells >= DT_MEM_NODE_REG_RANGE_SIZE); + dt_child_set_range(&cells, addrcells, sizecells, start, size); + } +} + /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 00:11:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 00:11:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711724.1111913 (Exim 4.92) (envelope-from ) id 1rzmhc-0001dC-MW; Thu, 25 Apr 2024 00:11:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711724.1111913; Thu, 25 Apr 2024 00:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzmhc-0001d4-Jk; Thu, 25 Apr 2024 00:11:04 +0000 Received: by outflank-mailman (input) for mailman id 711724; Thu, 25 Apr 2024 00:11:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzmhb-0001cy-Rg for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 00:11:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzmhb-0006g4-FG for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 00:11:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzmhb-0005Bi-DM for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 00:11:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=m0+yk4NuS+iNJ/PK0Rt/TrX53CM06ufFa2FxhSrHRq8=; b=bLp3VT79Ir3l7RR8976JUOzciw iBeDjwyPKwvF3l5Bt/GrtiKtZUdAZWZdB0/5RihZD278y1Dp3GzlJOfnTNPxxqdfS/67bCgz8P/Jq Rssm4/iyu8M/5uuIWvTjyQwQReW+U/UzrHcSSFk+mJF+9fOBsmp8MSiaUv/aMrrxYL5s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: Drop some of the non-debug variants of the same Arm jobs Message-Id: Date: Thu, 25 Apr 2024 00:11:03 +0000 commit c05b97fc7adc999e21529b8ead34ae16dcadb9e2 Author: Michal Orzel AuthorDate: Tue Apr 23 18:11:19 2024 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 24 16:49:41 2024 -0700 automation: Drop some of the non-debug variants of the same Arm jobs To save some bandwith that can be later on used to increase the test coverage by adding new tests, drop the following non-debug test/build jobs existing in both debug and non-debug variants: - static memory (arm64, arm32) - static shared memory (arm64) - static heap (arm64) - boot cpupools (arm64) - gzip (arm32) More generic tests existing in both variants were left unmodified. Signed-off-by: Michal Orzel Acked-by: Stefano Stabellini --- automation/gitlab-ci/build.yaml | 38 -------------------------------- automation/gitlab-ci/test.yaml | 48 ----------------------------------------- 2 files changed, 86 deletions(-) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index aac29ee13a..f3c934471f 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -392,16 +392,6 @@ debian-bookworm-gcc-arm32-debug-randconfig: HYPERVISOR_ONLY: y RANDCONFIG: y -debian-bookworm-gcc-arm32-staticmem: - extends: .gcc-arm32-cross-build - variables: - CONTAINER: debian:bookworm-arm64v8-arm32-gcc - HYPERVISOR_ONLY: y - EXTRA_XEN_CONFIG: | - CONFIG_EXPERT=y - CONFIG_UNSUPPORTED=y - CONFIG_STATIC_MEMORY=y - debian-bookworm-gcc-arm32-debug-staticmem: extends: .gcc-arm32-cross-build-debug variables: @@ -458,15 +448,6 @@ alpine-3.18-gcc-debug-arm64-randconfig: CONTAINER: alpine:3.18-arm64v8 RANDCONFIG: y -alpine-3.18-gcc-arm64-staticmem: - extends: .gcc-arm64-build - variables: - CONTAINER: alpine:3.18-arm64v8 - EXTRA_XEN_CONFIG: | - CONFIG_EXPERT=y - CONFIG_UNSUPPORTED=y - CONFIG_STATIC_MEMORY=y - alpine-3.18-gcc-debug-arm64-staticmem: extends: .gcc-arm64-build-debug variables: @@ -476,15 +457,6 @@ alpine-3.18-gcc-debug-arm64-staticmem: CONFIG_UNSUPPORTED=y CONFIG_STATIC_MEMORY=y -alpine-3.18-gcc-arm64-static-shared-mem: - extends: .gcc-arm64-build - variables: - CONTAINER: alpine:3.18-arm64v8 - EXTRA_XEN_CONFIG: | - CONFIG_UNSUPPORTED=y - CONFIG_STATIC_MEMORY=y - CONFIG_STATIC_SHM=y - alpine-3.18-gcc-debug-arm64-static-shared-mem: extends: .gcc-arm64-build-debug variables: @@ -494,16 +466,6 @@ alpine-3.18-gcc-debug-arm64-static-shared-mem: CONFIG_STATIC_MEMORY=y CONFIG_STATIC_SHM=y -alpine-3.18-gcc-arm64-boot-cpupools: - extends: .gcc-arm64-build - variables: - CONTAINER: alpine:3.18-arm64v8 - EXTRA_XEN_CONFIG: | - CONFIG_EXPERT=y - CONFIG_UNSUPPORTED=y - CONFIG_SCHED_NULL=y - CONFIG_BOOT_TIME_CPUPOOLS=y - alpine-3.18-gcc-debug-arm64-boot-cpupools: extends: .gcc-arm64-build-debug variables: diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 8b7b2e4da9..55a7831ad2 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -255,14 +255,6 @@ qemu-smoke-dom0less-arm64-gcc-debug: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64 -qemu-smoke-dom0less-arm64-gcc-staticmem: - extends: .qemu-arm64 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-mem 2>&1 | tee ${LOGFILE} - needs: - - *arm64-test-needs - - alpine-3.18-gcc-arm64-staticmem - qemu-smoke-dom0less-arm64-gcc-debug-staticmem: extends: .qemu-arm64 script: @@ -271,14 +263,6 @@ qemu-smoke-dom0less-arm64-gcc-debug-staticmem: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64-staticmem -qemu-smoke-dom0less-arm64-gcc-staticheap: - extends: .qemu-arm64 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-heap 2>&1 | tee ${LOGFILE} - needs: - - *arm64-test-needs - - alpine-3.18-gcc-arm64 - qemu-smoke-dom0less-arm64-gcc-debug-staticheap: extends: .qemu-arm64 script: @@ -287,14 +271,6 @@ qemu-smoke-dom0less-arm64-gcc-debug-staticheap: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64 -qemu-smoke-dom0less-arm64-gcc-static-shared-mem: - extends: .qemu-arm64 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-shared-mem 2>&1 | tee ${LOGFILE} - needs: - - *arm64-test-needs - - alpine-3.18-gcc-arm64-static-shared-mem - qemu-smoke-dom0less-arm64-gcc-debug-static-shared-mem: extends: .qemu-arm64 script: @@ -303,14 +279,6 @@ qemu-smoke-dom0less-arm64-gcc-debug-static-shared-mem: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64-static-shared-mem -qemu-smoke-dom0less-arm64-gcc-boot-cpupools: - extends: .qemu-arm64 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm64.sh boot-cpupools 2>&1 | tee ${LOGFILE} - needs: - - *arm64-test-needs - - alpine-3.18-gcc-arm64-boot-cpupools - qemu-smoke-dom0less-arm64-gcc-debug-boot-cpupools: extends: .qemu-arm64 script: @@ -359,14 +327,6 @@ qemu-smoke-dom0less-arm32-gcc-debug: - *arm32-test-needs - debian-bookworm-gcc-arm32-debug -qemu-smoke-dom0less-arm32-gcc-staticmem: - extends: .qemu-arm32 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm32.sh static-mem 2>&1 | tee ${LOGFILE} - needs: - - *arm32-test-needs - - debian-bookworm-gcc-arm32-staticmem - qemu-smoke-dom0less-arm32-gcc-debug-staticmem: extends: .qemu-arm32 script: @@ -375,14 +335,6 @@ qemu-smoke-dom0less-arm32-gcc-debug-staticmem: - *arm32-test-needs - debian-bookworm-gcc-arm32-debug-staticmem -qemu-smoke-dom0less-arm32-gcc-gzip: - extends: .qemu-arm32 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm32.sh gzip 2>&1 | tee ${LOGFILE} - needs: - - *arm32-test-needs - - debian-bookworm-gcc-arm32 - qemu-smoke-dom0less-arm32-gcc-debug-gzip: extends: .qemu-arm32 script: -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 00:11:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 00:11:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711725.1111917 (Exim 4.92) (envelope-from ) id 1rzmhm-0001fd-PP; Thu, 25 Apr 2024 00:11:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711725.1111917; Thu, 25 Apr 2024 00:11:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzmhm-0001fV-Ms; Thu, 25 Apr 2024 00:11:14 +0000 Received: by outflank-mailman (input) for mailman id 711725; Thu, 25 Apr 2024 00:11:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzmhl-0001fG-KD for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 00:11:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzmhl-0006gD-JN for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 00:11:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzmhl-0005Ce-HU for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 00:11:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HG5J47dfZnwUGAJPHjip1NTnoLVdDuDbbkvSSDbSzEo=; b=gm2TzUdquqOKjww9vzLJTT4FWJ ajTIGWq4ZYdTTIDrErhxNIxZU8z0oqkdkFmatV7qxf1kHwgFpW4jvkGZt59Pf6YDMbx9njaOVWBpq X6HBhcpw+me2mODpP7jlWjEushUgeMPpxHFfiePAO+5wamJG3l4/kPIJfIb0BTiyVxcM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: Add arm{64,32} earlyprintk jobs Message-Id: Date: Thu, 25 Apr 2024 00:11:13 +0000 commit db49973411462ba99de76956aad404ccc20bf383 Author: Michal Orzel AuthorDate: Tue Apr 23 18:11:20 2024 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 24 16:49:49 2024 -0700 automation: Add arm{64,32} earlyprintk jobs Introduce qemu based Arm earlyprintk test and build jobs to cover this feature in debug variant. The tests simply check for the presence of the last message printed by the bootstrap code before entering the C world. Signed-off-by: Michal Orzel Reviewed-by: Stefano Stabellini --- automation/gitlab-ci/build.yaml | 17 +++++++++++++++++ automation/gitlab-ci/test.yaml | 16 ++++++++++++++++ automation/scripts/qemu-smoke-dom0less-arm32.sh | 7 +++++++ automation/scripts/qemu-smoke-dom0less-arm64.sh | 5 +++++ 4 files changed, 45 insertions(+) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index f3c934471f..49d6265ad5 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -402,6 +402,15 @@ debian-bookworm-gcc-arm32-debug-staticmem: CONFIG_UNSUPPORTED=y CONFIG_STATIC_MEMORY=y +debian-bookworm-gcc-arm32-debug-earlyprintk: + extends: .gcc-arm32-cross-build-debug + variables: + CONTAINER: debian:bookworm-arm64v8-arm32-gcc + HYPERVISOR_ONLY: y + EXTRA_XEN_CONFIG: | + CONFIG_EARLY_UART_CHOICE_PL011=y + CONFIG_EARLY_UART_BASE_ADDRESS=0x9000000 + # Arm builds debian-bookworm-gcc-arm64: @@ -473,6 +482,14 @@ alpine-3.18-gcc-debug-arm64-boot-cpupools: EXTRA_XEN_CONFIG: | CONFIG_BOOT_TIME_CPUPOOLS=y +alpine-3.18-gcc-debug-arm64-earlyprintk: + extends: .gcc-arm64-build-debug + variables: + CONTAINER: alpine:3.18-arm64v8 + EXTRA_XEN_CONFIG: | + CONFIG_EARLY_UART_CHOICE_PL011=y + CONFIG_EARLY_UART_BASE_ADDRESS=0x9000000 + # RISC-V 64 cross-build .riscv-fixed-randconfig: variables: &riscv-fixed-randconfig diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 55a7831ad2..1e5d86763f 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -287,6 +287,14 @@ qemu-smoke-dom0less-arm64-gcc-debug-boot-cpupools: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64-boot-cpupools +qemu-smoke-dom0less-arm64-gcc-debug-earlyprintk: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh earlyprintk 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-debug-arm64-earlyprintk + qemu-xtf-dom0less-arm64-gcc-hyp-xen-version: extends: .qemu-arm64 script: @@ -359,6 +367,14 @@ qemu-smoke-dom0less-arm32-gcc-debug-without-dom0: - *arm32-test-needs - debian-bookworm-gcc-arm32-debug +qemu-smoke-dom0less-arm32-gcc-debug-earlyprintk: + extends: .qemu-arm32 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm32.sh earlyprintk 2>&1 | tee ${LOGFILE} + needs: + - *arm32-test-needs + - debian-bookworm-gcc-arm32-debug-earlyprintk + qemu-alpine-x86_64-gcc: extends: .qemu-x86-64 script: diff --git a/automation/scripts/qemu-smoke-dom0less-arm32.sh b/automation/scripts/qemu-smoke-dom0less-arm32.sh index e31b6b9014..1e2b939aad 100755 --- a/automation/scripts/qemu-smoke-dom0less-arm32.sh +++ b/automation/scripts/qemu-smoke-dom0less-arm32.sh @@ -53,6 +53,13 @@ echo \"${passed}\" " fi +if [[ "${test_variant}" == "earlyprintk" ]]; then + # Clear dom0 prompt + dom0_prompt="" + # Last early printk message before entering C world + passed="\- Ready \-" +fi + # dom0/domU rootfs # We are using the same rootfs for dom0 and domU. The only difference is # that for the former, we set explictly rdinit to /bin/sh, whereas for the diff --git a/automation/scripts/qemu-smoke-dom0less-arm64.sh b/automation/scripts/qemu-smoke-dom0less-arm64.sh index e748b8ef16..fc943a1a62 100755 --- a/automation/scripts/qemu-smoke-dom0less-arm64.sh +++ b/automation/scripts/qemu-smoke-dom0less-arm64.sh @@ -61,6 +61,11 @@ fi " fi +if [[ "${test_variant}" == "earlyprintk" ]]; then + # Last early printk message before entering C world + passed="\- Ready \-" +fi + # XXX QEMU looks for "efi-virtio.rom" even if it is unneeded curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom ./binaries/qemu-system-aarch64 \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 00:11:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 00:11:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711726.1111921 (Exim 4.92) (envelope-from ) id 1rzmhw-0001iA-RP; Thu, 25 Apr 2024 00:11:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711726.1111921; Thu, 25 Apr 2024 00:11:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzmhw-0001i3-OI; Thu, 25 Apr 2024 00:11:24 +0000 Received: by outflank-mailman (input) for mailman id 711726; Thu, 25 Apr 2024 00:11:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzmhv-0001ht-N1 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 00:11:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzmhv-0006gM-MD for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 00:11:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzmhv-0005DV-LN for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 00:11:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=wK+Ljl0YfBwoI2w/Xt5Y/XZ68xX5iQJp2uFjfmz5ZeU=; b=BMiZiT6VY1WjKOBySamOyMbkrk UbZcGV0Wh5yhjkprunMjK7nP2fJ5rFM8nt/Ib6ExS6U95KB85WSR1K4AeIO+pP1DpCEByXcYsE0Pi djv5tNnQ2ulozjbjuw7APV8LudjNJACaHeTVmCkk9tM3o+6RpR0dPrlcVGygxe0B8S98=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation: Add arm64 test for running Xen with GICv3 Message-Id: Date: Thu, 25 Apr 2024 00:11:23 +0000 commit 31d6b5b4a7c84818294dacca7a07e92f52393c9d Author: Michal Orzel AuthorDate: Tue Apr 23 18:11:21 2024 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 24 16:51:53 2024 -0700 automation: Add arm64 test for running Xen with GICv3 At the moment, all the Arm64 Qemu tests use GICv2 which is the default GIC version used by Qemu. Improve the coverage by adding a new test in which Qemu will be configured to have GICv3. Rename host device tree name to "virt.dtb" to be GIC version agnostic. Use "gic-version" Qemu option to select the version to use. Unless the test variant is set to "gicv3", version 2 will be used. Signed-off-by: Michal Orzel Reviewed-by: Stefano Stabellini --- automation/gitlab-ci/test.yaml | 8 ++++++++ automation/scripts/qemu-smoke-dom0less-arm64.sh | 19 ++++++++++++++----- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 1e5d86763f..ad249fa0a5 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -255,6 +255,14 @@ qemu-smoke-dom0less-arm64-gcc-debug: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64 +qemu-smoke-dom0less-arm64-gcc-debug-gicv3: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh gicv3 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-debug-arm64 + qemu-smoke-dom0less-arm64-gcc-debug-staticmem: extends: .qemu-arm64 script: diff --git a/automation/scripts/qemu-smoke-dom0less-arm64.sh b/automation/scripts/qemu-smoke-dom0less-arm64.sh index fc943a1a62..292c38a561 100755 --- a/automation/scripts/qemu-smoke-dom0less-arm64.sh +++ b/automation/scripts/qemu-smoke-dom0less-arm64.sh @@ -4,6 +4,9 @@ set -ex test_variant=$1 +# Default GIC version +gic_version="2" + if [ -z "${test_variant}" ]; then passed="ping test passed" domU_check=" @@ -66,16 +69,22 @@ if [[ "${test_variant}" == "earlyprintk" ]]; then passed="\- Ready \-" fi +if [[ "${test_variant}" == "gicv3" ]]; then + gic_version=3 + passed="${test_variant} test passed" + domU_check="echo \"${passed}\"" +fi + # XXX QEMU looks for "efi-virtio.rom" even if it is unneeded curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom ./binaries/qemu-system-aarch64 \ -machine virtualization=true \ - -cpu cortex-a57 -machine type=virt \ + -cpu cortex-a57 -machine type=virt,gic-version=$gic_version \ -m 2048 -smp 2 -display none \ - -machine dumpdtb=binaries/virt-gicv2.dtb + -machine dumpdtb=binaries/virt.dtb # XXX disable pl061 to avoid Linux crash -fdtput binaries/virt-gicv2.dtb -p -t s /pl061@9030000 status disabled +fdtput binaries/virt.dtb -p -t s /pl061@9030000 status disabled # Busybox mkdir -p initrd @@ -138,7 +147,7 @@ cd .. echo 'MEMORY_START="0x40000000" MEMORY_END="0x50000000" -DEVICE_TREE="virt-gicv2.dtb" +DEVICE_TREE="virt.dtb" XEN="xen" DOM0_KERNEL="Image" DOM0_RAMDISK="dom0-rootfs.cpio.gz" @@ -200,7 +209,7 @@ echo " virtio scan; dhcp; tftpb 0x40000000 boot.scr; source 0x40000000"| \ timeout -k 1 240 \ ./binaries/qemu-system-aarch64 \ -machine virtualization=true \ - -cpu cortex-a57 -machine type=virt \ + -cpu cortex-a57 -machine type=virt,gic-version=$gic_version \ -m 2048 -monitor none -serial stdio \ -smp 2 \ -no-reboot \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 05:55:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 05:55:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711800.1112034 (Exim 4.92) (envelope-from ) id 1rzs4U-0001n7-OG; Thu, 25 Apr 2024 05:55:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711800.1112034; Thu, 25 Apr 2024 05:55:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzs4U-0001mz-Lk; Thu, 25 Apr 2024 05:55:02 +0000 Received: by outflank-mailman (input) for mailman id 711800; Thu, 25 Apr 2024 05:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzs4U-0001mt-1i for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 05:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzs4U-0004Nj-0S for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 05:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzs4T-00065t-VC for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 05:55:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HSPLZLNlylrVg5nafpN0ZNwCNjTymdPaazhoyKGDuJM=; b=ViQiKL89D12/6Lyr9NSq//qeYb i9iIvZtL/x7AKwt0IyrbX7FC9J0Ja1LHjHjyP1480TmnJqSxFyS+W1yKKtr4746JHA/L4GX+p4bQA ESol2pQyn0ZNC123uQosHl1T1oy5OU31/dvg3SpTzhqqVdCNrt5fE1c8+CMMSunBCnGo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/monitor: allow fast-singlestepping without enabling singlestep monitor Message-Id: Date: Thu, 25 Apr 2024 05:55:01 +0000 commit 410ef3343924b5a3928bbe8e392491992b322cf0 Author: Petr Beneš AuthorDate: Sun Apr 14 18:21:14 2024 +0000 Commit: Andrew Cooper CommitDate: Tue Apr 23 22:49:01 2024 +0100 x86/monitor: allow fast-singlestepping without enabling singlestep monitor Reorder the condition checks within the HVM_MONITOR_SINGLESTEP_BREAKPOINT case to enable fast singlestepping independently of the singlestep monitor being enabled. Previously, fast singlestepping required the singlestep monitor to be explicitly enabled through xc_monitor_singlestep, even though it operates entirely within Xen and does not generate external events. Signed-off-by: Petr Beneš Acked-by: Tamas K Lengyel --- xen/arch/x86/hvm/monitor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/monitor.c b/xen/arch/x86/hvm/monitor.c index 4f500beaf5..2a8ff07ec9 100644 --- a/xen/arch/x86/hvm/monitor.c +++ b/xen/arch/x86/hvm/monitor.c @@ -178,8 +178,6 @@ int hvm_monitor_debug(unsigned long rip, enum hvm_monitor_debug_type type, break; case HVM_MONITOR_SINGLESTEP_BREAKPOINT: - if ( !ad->monitor.singlestep_enabled ) - return 0; if ( curr->arch.hvm.fast_single_step.enabled ) { p2m_altp2m_check(curr, curr->arch.hvm.fast_single_step.p2midx); @@ -188,6 +186,8 @@ int hvm_monitor_debug(unsigned long rip, enum hvm_monitor_debug_type type, curr->arch.hvm.fast_single_step.p2midx = 0; return 0; } + if ( !ad->monitor.singlestep_enabled ) + return 0; req.reason = VM_EVENT_REASON_SINGLESTEP; req.u.singlestep.gfn = gfn_of_rip(rip); sync = true; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:00:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:00:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711886.1112174 (Exim 4.92) (envelope-from ) id 1rzu1V-0000e4-Tm; Thu, 25 Apr 2024 08:00:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711886.1112174; Thu, 25 Apr 2024 08:00:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1V-0000ds-PG; Thu, 25 Apr 2024 08:00:05 +0000 Received: by outflank-mailman (input) for mailman id 711886; Thu, 25 Apr 2024 08:00:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1U-0000Ql-NV for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1U-0007B1-Ec for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu1U-0006NJ-Ci for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fvxZ15/GpOXScvLQW2yCAxSoy4hwa8Lf0qJccO9zCD4=; b=XH9CsI4L/90sahQx32Wh5S5sGe XvTTTPCrMLiSQxeeaM+wadLSlskFK6PJDTYppSqbBy/gh0Dns7S/HOqoh31fhQ+yhmleINxbi8nY1 MZAy0giQO8d+l4wEwbg78d2BcwIouBqn+nBFzn5L8Kb0L22dmiiI6Qrbjq9Ab87Ylb2g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] hotplug: Update block-tap Message-Id: Date: Thu, 25 Apr 2024 08:00:04 +0000 commit 76a484193dbb6a11b101c1d01a5088f468f93080 Author: Jason Andryuk AuthorDate: Thu Apr 25 09:46:56 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:46:56 2024 +0200 hotplug: Update block-tap Implement a sharing check like the regular block script. Checking tapback inside block-tap is too late since it needs to be running to transition the backend to InitWait before block-tap is run. tap-ctl check will be removed when the requirement for the blktap kernel driver is removed. Remove it now as it is of limited use. find_device() needs to be non-fatal allow a sharing check. Only write physical-device-path because that is all that tapback needs. Also write_dev doesn't handled files and would incorrectly store physical-device as 0:0 which would confuse the minor inside tapback Signed-off-by: Jason Andryuk Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/hotplug/Linux/block-tap | 169 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 157 insertions(+), 12 deletions(-) diff --git a/tools/hotplug/Linux/block-tap b/tools/hotplug/Linux/block-tap index 89247921b9..126e472786 100755 --- a/tools/hotplug/Linux/block-tap +++ b/tools/hotplug/Linux/block-tap @@ -18,11 +18,11 @@ # # Usage: # -# Target should be specified using the following syntax: +# Disks should be specified using the following syntax: # -# script=block-tap,vdev=xvda,target=: +# vdev=xvda,backendtype=tap,format=vhd,target=/srv/target.vhd # -# Type is either "aio" (for raw files), or "vhd" +# format is either "aio" (for raw files), or "vhd" dir=$(dirname "$0") . "$dir/block-common.sh" @@ -37,10 +37,6 @@ check_tools() if ! command -v tap-ctl > /dev/null 2>&1; then fatal "Unable to find tap-ctl tool" fi - modprobe blktap - if ! tap-ctl check >& /dev/null ; then - fatal "Blocktap kernel module not available" - fi } # Sets the following global variables based on the params field passed in as @@ -81,7 +77,109 @@ find_device() done if [ -z "$pid" ] || [ -z "$minor" ]; then - fatal "cannot find required parameters" + return 1 + fi + + return 0 +} + +count_using() +{ + local file="$1" + local dom + local dev + local f + + local i=0 + local base_path="$XENBUS_BASE_PATH/$XENBUS_TYPE" + for dom in $(xenstore-list "$base_path") + do + for dev in $(xenstore-list "$base_path/$dom") + do + f=$(xenstore_read_default "$base_path/$dom/$dev/params" "") + f=$(echo "$f" | cut -d ":" -f 2) + + if [ -n "$f" ] && [ "$file" = $f ] ; then + i=$(( i + 1 )) + fi + done + done + + echo "$i" +} + +# tap_shared is used to determine if a shared tap can be closed +# Since a stubdom and a guest both use the same tap, it can only +# be freed when there is a single one left. +tap_shared() { + [ $( count_using "$file" ) -gt 1 ] +} + +check_tap_sharing() +{ + local file="$1" + local mode="$2" + local dom + local dev + + local base_path="$XENBUS_BASE_PATH/$XENBUS_TYPE" + for dom in $(xenstore-list "$base_path") ; do + for dev in $(xenstore-list "$base_path/$dom") ; do + local f=$(xenstore_read_default "$base_path/$dom/$dev/params" "") + f=$(echo "$f" | cut -d ":" -f 2) + + if [ -n "$f" ] && [ "$file" = "$f" ] ; then + if [ "$mode" = 'w' ] ; then + if ! same_vm $dom ; then + echo "guest $f" + return + fi + else + local m=$(xenstore_read_default "$base_path/$dom/$dev/mode" + "") + m=$(canonicalise_mode "$m") + + if [ "$m" = 'w' ] ; then + if ! same_vm $dom ; then + echo "guest $f" + return + fi + fi + fi + fi + done + done + + echo 'ok' +} + +tap_create() +{ + if ! minor=$( tap-ctl allocate ) ; then + fatal "Could not allocate minor" + fi + + # Handle with or without kernel blktap + minor=${minor#/run/blktap-control/tapdisk/tapdisk-} + minor=${minor#/dev/xen/blktap-2/tapdev} + + # tap-ctl is spawning tapdisk which would hold the _lockfd open. + # Ensure it is closed before running tap-ctl spawn, which needs to be + # done in a subshell to continue holding the lock in the parent. + if ! pid=$( ( eval "exec $_lockfd>&-" ; tap-ctl spawn ) ) ; then + tap-ctl free -m "$minor" + fatal "Could not spawn tapdisk for $minor" + fi + + if ! tap-ctl attach -p "$pid" -m "$minor" ; then + tap-ctl free -m "$minor" + fatal "Could not attach $pid and $minor" + fi + + if ! tap-ctl open -p "$pid" -m "$minor" -a "$target" ; then + tap-ctl detach -p "$pid" -m "$minor" + tap-ctl free -m "$minor" + fatal "Could not open \"$target\"" fi } @@ -89,15 +187,54 @@ find_device() # the device add() { - dev=$(tap-ctl create -a $target) - write_dev $dev + local result + + claim_lock "block" + + if find_device; then + result=$( check_tap_sharing "$file" "$mode" ) + if [ "$result" != "ok" ] ; then + do_ebusy "tap $type file $file in use " "$mode" "${result%% *}" + fi + else + tap_create + fi + + # Create nbd unix path. find_device/tap_create set pid & minor + dev=$( printf "/run/blktap-control/nbd%ld.%d" "$pid" "$minor" ) + + xenstore_write "$XENBUS_PATH/pid" "$pid" + xenstore_write "$XENBUS_PATH/minor" "$minor" + # dev, as a unix socket, would end up with major:minor 0:0 in + # physical-device if write_dev were used. tapback would be thrown off by + # that incorrect minor, so just skip writing physical-device. + xenstore_write "$XENBUS_PATH/physical-device-path" "$dev" + + success + + release_lock "block" } # Disconnects the device remove() { - find_device - do_or_die tap-ctl destroy -p ${pid} -m ${minor} > /dev/null + local minor + local pid + + claim_lock "block" + + if tap_shared ; then + return + fi + + minor=$( xenstore_read "$XENBUS_PATH/minor" ) + pid=$( xenstore_read "$XENBUS_PATH/pid" ) + + [ -n "$minor" ] || fatal "minor missing" + [ -n "$pid" ] || fatal "pid missing" + do_or_die tap-ctl destroy -p "$pid" -m "$minor" > /dev/null + + release_lock "block" } command=$1 @@ -110,6 +247,14 @@ parse_target "$target" check_tools || exit 1 +mode=$( xenstore_read $XENBUS_PATH/mode ) +mode=$( canonicalise_mode $mode ) + +# needed for same_vm +FRONTEND_ID=$(xenstore_read "$XENBUS_PATH/frontend-id") +FRONTEND_UUID=$(xenstore_read_default \ + "/local/domain/$FRONTEND_ID/vm" 'unknown') + case $command in add) add -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:00:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:00:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711887.1112176 (Exim 4.92) (envelope-from ) id 1rzu1f-0000xj-TM; Thu, 25 Apr 2024 08:00:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711887.1112176; Thu, 25 Apr 2024 08:00:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1f-0000xb-Qh; Thu, 25 Apr 2024 08:00:15 +0000 Received: by outflank-mailman (input) for mailman id 711887; Thu, 25 Apr 2024 08:00:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1e-0000xP-Io for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1e-0007GB-I2 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu1e-0006OD-Gz for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2c6VuMhb2TFLyY6EaM6pBEqVyGSeMDxK+SbjujeFRTc=; b=pE+wUuSKQHS7rpjBVXRQZJxcUr YpUw6YPFCf4XHungo5eciA/XAb4MGQYPd6UgFEhXWlh4A/QxY8aDuRO1d2oHnDc6vGsW8+9In50OB 5WxDrXXKSqfDk/UAMpS/jYxZTsLPqn8VisvTYIAAIcsIk45kdA1WkM/yjtXYOfjvBxBw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libxl: Support blktap with HVM device model Message-Id: Date: Thu, 25 Apr 2024 08:00:14 +0000 commit d7c4d59b51929451a047e0fb62b229c67d6dd7be Author: Jason Andryuk AuthorDate: Thu Apr 25 09:47:52 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:47:52 2024 +0200 libxl: Support blktap with HVM device model blktap exposes disks over UNIX socket Network Block Device (NBD). Modify libxl__device_disk_find_local_path() to provide back the QEMU-formatted NBD path. This allows tapdisk to be used for booting an HVM. Use the nbd+unix:/// format specified by the protocol at https://github.com/NetworkBlockDevice/nbd/blob/master/doc/uri.md Signed-off-by: Jason Andryuk Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_disk.c | 18 ++++++++++++++---- tools/libs/light/libxl_dm.c | 1 - 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index fa7856f28c..1f1e5c6567 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -1361,7 +1361,8 @@ char *libxl__device_disk_find_local_path(libxl__gc *gc, * If the format isn't raw and / or we're using a script, then see * if the script has written a path to the "cooked" node */ - if (disk->script && guest_domid != INVALID_DOMID) { + if ((disk->script && guest_domid != INVALID_DOMID) || + disk->backend == LIBXL_DISK_BACKEND_TAP) { libxl__device device; char *be_path, *pdpath; int rc; @@ -1381,10 +1382,19 @@ char *libxl__device_disk_find_local_path(libxl__gc *gc, LOGD(DEBUG, guest_domid, "Attempting to read node %s", pdpath); path = libxl__xs_read(gc, XBT_NULL, pdpath); - if (path) + if (path) { LOGD(DEBUG, guest_domid, "Accessing cooked block device %s", path); - else - LOGD(DEBUG, guest_domid, "No physical-device-path, can't access locally."); + + /* tapdisk exposes disks locally over UNIX socket NBD. */ + if (disk->backend == LIBXL_DISK_BACKEND_TAP) { + path = libxl__sprintf(gc, "nbd+unix:///?socket=%s", path); + LOGD(DEBUG, guest_domid, + "Directly accessing local TAP target %s", path); + } + } else { + LOGD(DEBUG, guest_domid, + "No physical-device-path, can't access locally."); + } goto out; } diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 567ae1ec7e..ff8ddeec9a 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -1915,7 +1915,6 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, continue; } - assert(disks[i].backend != LIBXL_DISK_BACKEND_TAP); target_path = libxl__device_disk_find_local_path(gc, guest_domid, &disks[i], true); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:00:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:00:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711888.1112181 (Exim 4.92) (envelope-from ) id 1rzu1q-00010v-0M; Thu, 25 Apr 2024 08:00:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711888.1112181; Thu, 25 Apr 2024 08:00:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1p-00010m-TV; Thu, 25 Apr 2024 08:00:25 +0000 Received: by outflank-mailman (input) for mailman id 711888; Thu, 25 Apr 2024 08:00:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1o-00010d-OI for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1o-0007GI-N2 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu1o-0006PT-KF for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=HVhpVAWLUEQVqTd1Ue4lzvcUwKgvFj/AJ0p0AkdNy/E=; b=lu3D4WbBTIzzb47wp1E1ChWR5F Jsey7IsqycCvaX65mI94A0YxcyzHEiuJtlYlRfViiLqbHEKhqvREkSKtm7s4SPpgWesxtabWLVwby RW8NA7SveZr9XhzZP+C4cRcgDJw7tP5jlbmYYJpSwbGyaKDwMfRq/XtbxzKbGXJG/crI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] libelf: address violations of MISRA C Rule 20.7 Message-Id: Date: Thu, 25 Apr 2024 08:00:24 +0000 commit 8189230d80ec109e4d228e5fd72404a38cfea96f Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:48:11 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:48:11 2024 +0200 libelf: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/common/libelf/libelf-private.h | 2 +- xen/include/xen/libelf.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h index 98cac65bc5..197d7a7623 100644 --- a/xen/common/libelf/libelf-private.h +++ b/xen/common/libelf/libelf-private.h @@ -26,7 +26,7 @@ /* we would like to use elf->log_callback but we can't because * there is no vprintk in Xen */ #define elf_msg(elf, fmt, args ... ) \ - if (elf->verbose) printk(fmt, ## args ) + if ((elf)->verbose) printk(fmt, ## args ) #define elf_err(elf, fmt, args ... ) \ printk(fmt, ## args ) diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h index 9ac530acc2..a0675a4dc3 100644 --- a/xen/include/xen/libelf.h +++ b/xen/include/xen/libelf.h @@ -288,7 +288,7 @@ bool elf_access_ok(struct elf_binary * elf, #define elf_store_val(elf, type, ptr, val) \ ({ \ typeof(type) elf_store__val = (val); \ - elf_ptrval elf_store__targ = ptr; \ + elf_ptrval elf_store__targ = (ptr); \ if (elf_access_ok((elf), elf_store__targ, \ sizeof(elf_store__val))) { \ elf_memcpy_unchecked((void*)elf_store__targ, &elf_store__val, \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:00:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:00:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711889.1112184 (Exim 4.92) (envelope-from ) id 1rzu20-00013X-1B; Thu, 25 Apr 2024 08:00:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711889.1112184; Thu, 25 Apr 2024 08:00:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1z-00013P-Us; Thu, 25 Apr 2024 08:00:35 +0000 Received: by outflank-mailman (input) for mailman id 711889; Thu, 25 Apr 2024 08:00:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1y-00013E-Qv for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu1y-0007GQ-Q7 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu1y-0006RV-P9 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BYftOrQ/kYEsgpNUr3ZgBr3pGTnpyyMVUqpO996KumY=; b=Q/E2mrL22FLJJQSDJTr9nirWdn 0YIQ13nFKOigJcu4ZkvFQ0Pth4w5+7pvOjXHXIW5NPuBCY64X47/M0sTb66M3qozb2wsZuQy38K1Z /JeaEbaKQFRP045uDg42m5kaRmmNeTfa0K5CouFVus0TF1KunmE+QNS0WOb8cPmXm+bo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/page-defs: address violation of MISRA C Rule 20.7 Message-Id: Date: Thu, 25 Apr 2024 08:00:34 +0000 commit 0d02b75d7cd3a24989d7982f6a0b0c8da580074e Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:49:04 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:49:04 2024 +0200 xen/page-defs: address violation of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/include/xen/page-defs.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/include/xen/page-defs.h b/xen/include/xen/page-defs.h index 540f8b0b64..682da6b7b4 100644 --- a/xen/include/xen/page-defs.h +++ b/xen/include/xen/page-defs.h @@ -4,7 +4,8 @@ /* Helpers for different page granularities. */ #define PAGE_SIZE_GRAN(gran) ((paddr_t)1 << PAGE_SHIFT_##gran) #define PAGE_MASK_GRAN(gran) (-PAGE_SIZE_GRAN(gran)) -#define PAGE_ALIGN_GRAN(gran, addr) ((addr + ~PAGE_MASK_##gran) & PAGE_MASK_##gran) +#define PAGE_ALIGN_GRAN(gran, addr) (((addr) + ~PAGE_MASK_##gran) & \ + PAGE_MASK_##gran) #define PAGE_SHIFT_4K 12 #define PAGE_SIZE_4K PAGE_SIZE_GRAN(4K) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:00:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:00:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711890.1112187 (Exim 4.92) (envelope-from ) id 1rzu2A-00015q-2e; Thu, 25 Apr 2024 08:00:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711890.1112187; Thu, 25 Apr 2024 08:00:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2A-00015j-07; Thu, 25 Apr 2024 08:00:46 +0000 Received: by outflank-mailman (input) for mailman id 711890; Thu, 25 Apr 2024 08:00:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu28-00015d-Us for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu28-0007I4-U6 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu28-0006Ry-SH for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=YPqsddHDfpMWhU27cuR5o7LbazR/dKMpBcm0hDWA+lQ=; b=Pclzb0H3xz0Jy2RzwjNDn7QuHQ rkAgcrN/EIeF3Xd0fZ0crHbOBiiAksSFObkYg6lpCrwy4KLDrsyhmRTfQyMZ+Y4O/13SH2R1jQK2k oj+8ELEgnBOdcRBGT0DgQfTtFfX3Jl1VhiHdCRSWj+3xLLn0yPnz0ALCKzFmnnMDRDXk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/spinlock: address violations of MISRA C Rule 20.7 Message-Id: Date: Thu, 25 Apr 2024 08:00:44 +0000 commit 489d13da935de56bc593889bc756b71106aff190 Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:49:34 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:49:34 2024 +0200 xen/spinlock: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/common/spinlock.c | 2 +- xen/include/xen/spinlock.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 5aa9ba6188..558ea7ac35 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -269,7 +269,7 @@ void spin_debug_disable(void) profile->lock_cnt++; \ } #define LOCK_PROFILE_VAR(var, val) s_time_t var = (val) -#define LOCK_PROFILE_BLOCK(var) var = var ? : NOW() +#define LOCK_PROFILE_BLOCK(var) (var) = (var) ? : NOW() #define LOCK_PROFILE_BLKACC(tst, val) \ if ( tst ) \ { \ diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 18793c5e29..8825affb25 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -141,7 +141,7 @@ struct lock_profile_qhead { } \ prof->name = #l; \ prof->ptr.lockptr = &(s)->l; \ - prof->is_rlock = isr; \ + prof->is_rlock = (isr); \ prof->next = (s)->profile_head.elem_q; \ (s)->profile_head.elem_q = prof; \ } while( 0 ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:00:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:00:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711891.1112193 (Exim 4.92) (envelope-from ) id 1rzu2K-00018f-4j; Thu, 25 Apr 2024 08:00:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711891.1112193; Thu, 25 Apr 2024 08:00:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2K-00018X-1X; Thu, 25 Apr 2024 08:00:56 +0000 Received: by outflank-mailman (input) for mailman id 711891; Thu, 25 Apr 2024 08:00:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2J-00018K-1e for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2J-0007IG-0q for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu2I-0006Sw-WF for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:00:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dLD5wWWYCX/H9Og9kP8nWbhe8CDgmmsj36wKzqMXQq0=; b=M01vy2gHQAgKZDT1jMoYxKknlj K0+D+g8yGFzygDBGY0mP08Pirz6nRJEyPTJXsofMryvQmm+tcW3v+BGAu4L1lq8Y/WoH3HqJeGy/6 uXI9gLu8MGiEnp+WBAgF4sUE/QmbCNv8SHCaeyJjg65GfLGWxPdFHrc5K9R9l6H1E0Hs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/pci: address violation of MISRA C Rule 20.7 Message-Id: Date: Thu, 25 Apr 2024 08:00:54 +0000 commit 0440fcad2aa665479c8ffebdd17f31fcf4c55b5d Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:50:03 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:50:03 2024 +0200 x86/pci: address violation of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/include/asm/pci.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/include/asm/pci.h b/xen/arch/x86/include/asm/pci.h index 6bfe87e278..fd5480d67d 100644 --- a/xen/arch/x86/include/asm/pci.h +++ b/xen/arch/x86/include/asm/pci.h @@ -8,10 +8,10 @@ #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000U) >> 16) #define CF8_ENABLED(cf8) (!!((cf8) & 0x80000000U)) -#define IS_SNB_GFX(id) (id == 0x01068086 || id == 0x01168086 \ - || id == 0x01268086 || id == 0x01028086 \ - || id == 0x01128086 || id == 0x01228086 \ - || id == 0x010A8086 ) +#define IS_SNB_GFX(id) ((id) == 0x01068086 || (id) == 0x01168086 \ + || (id) == 0x01268086 || (id) == 0x01028086 \ + || (id) == 0x01128086 || (id) == 0x01228086 \ + || (id) == 0x010A8086 ) struct arch_pci_dev { vmask_t used_vectors; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:01:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:01:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711892.1112196 (Exim 4.92) (envelope-from ) id 1rzu2U-0001B1-5d; Thu, 25 Apr 2024 08:01:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711892.1112196; Thu, 25 Apr 2024 08:01:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2U-0001Au-34; Thu, 25 Apr 2024 08:01:06 +0000 Received: by outflank-mailman (input) for mailman id 711892; Thu, 25 Apr 2024 08:01:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2T-0001Am-5T for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2T-0007It-4i for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu2T-0006UW-2w for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uf1k8Cyu76PjUfTLz7A+SscxBX9PKVXng7O1HkIJwCo=; b=EG05nFYqZX9i/SeoO42NUoWCoh rBgIt7xFDX+Uv0+d6ZnzTBwheAF6jttv0Sz4AA8msEQ2gxEkzHkvDmNwFt5h16162huAgA7G5RdU5 dp9dRjv5dXZDQujFZXRX7BSepWmUASFSVXi6+6Q3Tihv6ENNLBZgTkreJAMeg0O5aPAs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/acpi: address violations of MISRA Rule 20.7 Message-Id: Date: Thu, 25 Apr 2024 08:01:05 +0000 commit 4f900035a4a8373805dd94e4247b4645d26f8c6d Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:50:33 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:50:33 2024 +0200 x86/acpi: address violations of MISRA Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index c6fa810a6b..610937f42e 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -422,12 +422,12 @@ static void tboot_sleep(u8 sleep_state) { uint32_t shutdown_type; -#define TB_COPY_GAS(tbg, g) \ - tbg.space_id = g.space_id; \ - tbg.bit_width = g.bit_width; \ - tbg.bit_offset = g.bit_offset; \ - tbg.access_width = g.access_width; \ - tbg.address = g.address; +#define TB_COPY_GAS(tbg, g) \ + (tbg).space_id = (g).space_id; \ + (tbg).bit_width = (g).bit_width; \ + (tbg).bit_offset = (g).bit_offset; \ + (tbg).access_width = (g).access_width; \ + (tbg).address = (g).address; /* sizes are not same (due to packing) so copy each one */ TB_COPY_GAS(g_tboot_shared->acpi_sinfo.pm1a_cnt_blk, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:01:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:01:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711893.1112200 (Exim 4.92) (envelope-from ) id 1rzu2e-0001Dn-78; Thu, 25 Apr 2024 08:01:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711893.1112200; Thu, 25 Apr 2024 08:01:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2e-0001Df-4X; Thu, 25 Apr 2024 08:01:16 +0000 Received: by outflank-mailman (input) for mailman id 711893; Thu, 25 Apr 2024 08:01:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2d-0001DX-8Q for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2d-0007J2-7d for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu2d-0006VM-6j for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=6NAh6AybTMcVCD4ADXP8xE3HgfUbyOhUKQgPIg1tqG4=; b=P+n7/2G4obuvD5XwgDI8WVdAPz cs4pgc3G2RALyQsXiytdteMkWvakQLQRhfBmpOOcFhYYHBo186gaMemEcKN38Y7uy8o0N6xLPBT/L 8hdw+BlGeNCsGezJ6C6SArhm8iIgvVjCprHi5HLk1/zYMtKfk4ejcRFQs1fcYdhjlfW4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/vhpet: address violations of MISRA C Rule 20.7 Message-Id: Date: Thu, 25 Apr 2024 08:01:15 +0000 commit c717d52a5d7aacfba768a7a2956ea9b634f295b7 Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:50:55 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:50:55 2024 +0200 x86/vhpet: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/hvm/hpet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/hpet.c b/xen/arch/x86/hvm/hpet.c index 1db9c0b60e..5f456221cb 100644 --- a/xen/arch/x86/hvm/hpet.c +++ b/xen/arch/x86/hvm/hpet.c @@ -43,11 +43,11 @@ ((s_time_t)((((tick) > (h)->hpet_to_ns_limit) ? \ ~0ULL : (tick) * (h)->hpet_to_ns_scale) >> 10)) -#define timer_config(h, n) (h->hpet.timers[n].config) +#define timer_config(h, n) ((h)->hpet.timers[n].config) #define timer_enabled(h, n) (timer_config(h, n) & HPET_TN_ENABLE) #define timer_is_periodic(h, n) (timer_config(h, n) & HPET_TN_PERIODIC) #define timer_is_32bit(h, n) (timer_config(h, n) & HPET_TN_32BIT) -#define hpet_enabled(h) (h->hpet.config & HPET_CFG_ENABLE) +#define hpet_enabled(h) ((h)->hpet.config & HPET_CFG_ENABLE) #define timer_level(h, n) (timer_config(h, n) & HPET_TN_LEVEL) #define timer_int_route(h, n) MASK_EXTR(timer_config(h, n), HPET_TN_ROUTE) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:01:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:01:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711894.1112204 (Exim 4.92) (envelope-from ) id 1rzu2o-0001GP-8P; Thu, 25 Apr 2024 08:01:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711894.1112204; Thu, 25 Apr 2024 08:01:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2o-0001GH-5s; Thu, 25 Apr 2024 08:01:26 +0000 Received: by outflank-mailman (input) for mailman id 711894; Thu, 25 Apr 2024 08:01:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2n-0001G5-BD for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2n-0007JA-AT for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu2n-0006WC-9h for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uFSbi2Eiga3/5DXRsSFP6+77IIJKU5RnWSzX8Ku9cHs=; b=I6s77lQ6rET0EOz+14wYaYzYXG uBJ8bp6JgEDDbDRhJrpAURV/awxivq0ytTjzOPR/xbpnhmycVxqJK9/AUl3bqLXc57k3Qfz0YbIK3 tvj6YwV7c9Tq0KyBGOKBDr45rcqsWs1TQWfsHMTZk52783JekC3CRlxw9Qyby1krfqRw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/debugreg: address violation of MISRA C Rule 20.7 Message-Id: Date: Thu, 25 Apr 2024 08:01:25 +0000 commit 445f66fe00a0a899610bd9217c796721d0054a94 Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:51:13 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:51:13 2024 +0200 x86/debugreg: address violation of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/include/asm/debugreg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/include/asm/debugreg.h b/xen/arch/x86/include/asm/debugreg.h index 2bdaf5d9aa..96c406ad53 100644 --- a/xen/arch/x86/include/asm/debugreg.h +++ b/xen/arch/x86/include/asm/debugreg.h @@ -67,7 +67,7 @@ #define DR_GENERAL_DETECT (0x00002000UL) /* General detect enable */ #define write_debugreg(reg, val) do { \ - unsigned long __val = val; \ + unsigned long __val = (val); \ asm volatile ( "mov %0,%%db" #reg : : "r" (__val) ); \ } while (0) #define read_debugreg(reg) ({ \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:01:37 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:01:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711896.1112207 (Exim 4.92) (envelope-from ) id 1rzu2z-0001J6-A2; Thu, 25 Apr 2024 08:01:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711896.1112207; Thu, 25 Apr 2024 08:01:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2z-0001Iy-7I; Thu, 25 Apr 2024 08:01:37 +0000 Received: by outflank-mailman (input) for mailman id 711896; Thu, 25 Apr 2024 08:01:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2x-0001In-EW for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu2x-0007JK-Dm for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu2x-0006XE-Cv for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7XTxwAVOxP9ANBYr/Jmp8n/XkA1DvSf8qJLGg0EjnxM=; b=YyeGOx99YbyzcVZsKQPGb1xah6 2XarXvjixkR/FKLkFX3Z8YfnAsjnurd4oqHqUGzgmdqa/EaGT9t9BPj0MOWr35nfm2SLHbpI6g3dB loJkQwhNKOtcJfFAdepsZzK7NBV+ycfgLtkuxfLW1DQ/byGPK3Gs++X3az0AOJGclL4o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/mm: address violations of MISRA C Rule 20.7 Message-Id: Date: Thu, 25 Apr 2024 08:01:35 +0000 commit 4a75f2ffc034544e383652e1485e13709e389f85 Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:51:31 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:51:31 2024 +0200 x86/mm: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 9141912ae5..87529db7d1 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -162,7 +162,7 @@ static uint32_t base_disallow_mask; #define L4_DISALLOW_MASK (base_disallow_mask) #define l1_disallow_mask(d) \ - ((d != dom_io) && \ + (((d) != dom_io) && \ (rangeset_is_empty((d)->iomem_caps) && \ rangeset_is_empty((d)->arch.ioport_caps) && \ !has_arch_pdevs(d) && \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:01:47 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:01:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711897.1112211 (Exim 4.92) (envelope-from ) id 1rzu39-0001M0-Co; Thu, 25 Apr 2024 08:01:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711897.1112211; Thu, 25 Apr 2024 08:01:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu39-0001Ls-A9; Thu, 25 Apr 2024 08:01:47 +0000 Received: by outflank-mailman (input) for mailman id 711897; Thu, 25 Apr 2024 08:01:45 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu37-0001Li-Hh for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:45 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu37-0007JT-Gx for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:45 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu37-0006YD-Fv for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:45 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=GtjwbcuwZWeQ4Y3PBgAiM/VaCo3czzGS937OvhQm2J0=; b=Ekt8EZdAjof+TUlTz/40NX5fBu cVj88Gwcf1guZWu8qetoR7AsHCFCAy38kav+qo4U42AHXJv+oChl3c2NCzUFPTJ531YsnThPigxtR n72QkVgA5q8HQ6zSUz7Ey400OPcPvCcH9rxb3nbURATe2L9oZznQ7gcItd0TkcV0iW68=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen-livepatch: fix parameter name parsing Message-Id: Date: Thu, 25 Apr 2024 08:01:45 +0000 commit fb2716a19190201ffb8d1b20cd9002f166000478 Author: Roger Pau Monné AuthorDate: Thu Apr 25 09:51:57 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:51:57 2024 +0200 xen-livepatch: fix parameter name parsing It's incorrect to restrict strncmp to the length of the command line input parameter, as then a user passing a rune like: % xen-livepatch up foo.livepatch Would match against the "upload" command, because the string comparison has been truncated to the length of the input argument. Use strcmp instead which doesn't truncate. Otherwise in order to keep using strncmp we would need to also check strings are of the same length before doing the comparison. Fixes: 05bb8afedede ('xen-xsplice: Tool to manipulate xsplice payloads') Signed-off-by: Roger Pau Monné Acked-by: Anthony PERARD --- tools/misc/xen-livepatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/misc/xen-livepatch.c b/tools/misc/xen-livepatch.c index 5bf9d9a32b..2c4f69e596 100644 --- a/tools/misc/xen-livepatch.c +++ b/tools/misc/xen-livepatch.c @@ -572,13 +572,13 @@ int main(int argc, char *argv[]) return 0; } for ( i = 0; i < ARRAY_SIZE(main_options); i++ ) - if (!strncmp(main_options[i].name, argv[1], strlen(argv[1]))) + if (!strcmp(main_options[i].name, argv[1])) break; if ( i == ARRAY_SIZE(main_options) ) { for ( j = 0; j < ARRAY_SIZE(action_options); j++ ) - if (!strncmp(action_options[j].name, argv[1], strlen(argv[1]))) + if (!strcmp(action_options[j].name, argv[1])) break; if ( j == ARRAY_SIZE(action_options) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:01:57 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:01:57 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711898.1112216 (Exim 4.92) (envelope-from ) id 1rzu3J-0001PA-EL; Thu, 25 Apr 2024 08:01:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711898.1112216; Thu, 25 Apr 2024 08:01:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3J-0001P2-Bd; Thu, 25 Apr 2024 08:01:57 +0000 Received: by outflank-mailman (input) for mailman id 711898; Thu, 25 Apr 2024 08:01:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3H-0001Oh-Ks for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3H-0007Jb-KA for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu3H-0006ZA-JM for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:01:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eILDQHqSgTwbqZza246HwxlY22qzIcR+bZHcVbKY1BU=; b=SECPzrG4ptYcDOE2N66+vqmqC7 GP38EUWg+jqXySDD3ZmwsgNZuMdskEO0EilfAlbOOgcWH8QC5uX3NZZy2oUy26EW3Rr02mRLnhAhu 1oErH8bWpcR8Xa8aTE92TBCueYLpI2JP0vz3t7zAoqvzwDEpS6mhu8FHYVXTTLmBubR4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] livepatch: introduce --force option Message-Id: Date: Thu, 25 Apr 2024 08:01:55 +0000 commit 62a72092a51792ab74d64ad7454c11e0c22629a2 Author: Roger Pau Monné AuthorDate: Thu Apr 25 09:52:16 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:52:16 2024 +0200 livepatch: introduce --force option Introduce a xen-livepatch tool --force option, that's propagated into the hyerpvisor for livepatch operations. The intention is for the option to be used to bypass some checks that would otherwise prevent the patch from being loaded. Re purpose the pad field in xen_sysctl_livepatch_op to be a flags field that applies to all livepatch operations. The flag is currently only set by the hypercall wrappers for the XEN_SYSCTL_LIVEPATCH_UPLOAD operation, as that's so far the only one where it will be used initially. Other uses can be added as required. Note that helpers would set the .pad field to 0, that's been removed since the structure is already zero initialized at definition. No functional usages of the new flag introduced in this patch. Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich Acked-by: Anthony PERARD --- tools/include/xenctrl.h | 3 ++- tools/libs/ctrl/xc_misc.c | 7 +++---- tools/misc/xen-livepatch.c | 21 +++++++++++++++++++-- xen/common/livepatch.c | 3 ++- xen/include/public/sysctl.h | 4 +++- 5 files changed, 29 insertions(+), 9 deletions(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 2ef8b4e054..4996855944 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -2555,7 +2555,8 @@ int xc_psr_get_hw_info(xc_interface *xch, uint32_t socket, #endif int xc_livepatch_upload(xc_interface *xch, - char *name, unsigned char *payload, uint32_t size); + char *name, unsigned char *payload, uint32_t size, + bool force); int xc_livepatch_get(xc_interface *xch, char *name, diff --git a/tools/libs/ctrl/xc_misc.c b/tools/libs/ctrl/xc_misc.c index 5ecdfa2c79..50282fd60d 100644 --- a/tools/libs/ctrl/xc_misc.c +++ b/tools/libs/ctrl/xc_misc.c @@ -576,7 +576,8 @@ int xc_getcpuinfo(xc_interface *xch, int max_cpus, int xc_livepatch_upload(xc_interface *xch, char *name, unsigned char *payload, - uint32_t size) + uint32_t size, + bool force) { int rc; struct xen_sysctl sysctl = {}; @@ -612,7 +613,7 @@ int xc_livepatch_upload(xc_interface *xch, sysctl.cmd = XEN_SYSCTL_livepatch_op; sysctl.u.livepatch.cmd = XEN_SYSCTL_LIVEPATCH_UPLOAD; - sysctl.u.livepatch.pad = 0; + sysctl.u.livepatch.flags = force ? LIVEPATCH_FLAG_FORCE : 0; sysctl.u.livepatch.u.upload.size = size; set_xen_guest_handle(sysctl.u.livepatch.u.upload.payload, local); @@ -656,7 +657,6 @@ int xc_livepatch_get(xc_interface *xch, sysctl.cmd = XEN_SYSCTL_livepatch_op; sysctl.u.livepatch.cmd = XEN_SYSCTL_LIVEPATCH_GET; - sysctl.u.livepatch.pad = 0; sysctl.u.livepatch.u.get.status.state = 0; sysctl.u.livepatch.u.get.status.rc = 0; @@ -985,7 +985,6 @@ static int _xc_livepatch_action(xc_interface *xch, sysctl.cmd = XEN_SYSCTL_livepatch_op; sysctl.u.livepatch.cmd = XEN_SYSCTL_LIVEPATCH_ACTION; - sysctl.u.livepatch.pad = 0; sysctl.u.livepatch.u.action.cmd = action; sysctl.u.livepatch.u.action.timeout = timeout; sysctl.u.livepatch.u.action.flags = flags; diff --git a/tools/misc/xen-livepatch.c b/tools/misc/xen-livepatch.c index 2c4f69e596..c16fb6862d 100644 --- a/tools/misc/xen-livepatch.c +++ b/tools/misc/xen-livepatch.c @@ -19,11 +19,15 @@ static xc_interface *xch; +/* Global option to disable checks. */ +static bool force; + void show_help(void) { fprintf(stderr, "xen-livepatch: live patching tool\n" - "Usage: xen-livepatch [args] [command-flags]\n" + "Usage: xen-livepatch [--force] [args] [command-flags]\n" + " Use --force option to bypass some checks.\n" " An unique name of payload. Up to %d characters.\n" "Commands:\n" " help display this help\n" @@ -240,7 +244,7 @@ static int upload_func(int argc, char *argv[]) return saved_errno; } printf("Uploading %s... ", filename); - rc = xc_livepatch_upload(xch, name, fbuf, len); + rc = xc_livepatch_upload(xch, name, fbuf, len, force); if ( rc ) { rc = errno; @@ -571,6 +575,19 @@ int main(int argc, char *argv[]) show_help(); return 0; } + + if ( strcmp("--force", argv[1]) ) + { + if ( argc <= 2 ) + { + show_help(); + return EXIT_FAILURE; + } + force = true; + argv++; + argc--; + } + for ( i = 0; i < ARRAY_SIZE(main_options); i++ ) if (!strcmp(main_options[i].name, argv[1])) break; diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 351a3e0b9a..502e264bc6 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -2125,7 +2125,8 @@ int livepatch_op(struct xen_sysctl_livepatch_op *livepatch) { int rc; - if ( livepatch->pad ) + if ( (livepatch->flags & ~LIVEPATCH_FLAGS_MASK) && + !(livepatch->flags & LIVEPATCH_FLAG_FORCE) ) return -EINVAL; switch ( livepatch->cmd ) diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index 9b19679cae..febaa4b16a 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -1139,7 +1139,9 @@ struct xen_sysctl_livepatch_action { struct xen_sysctl_livepatch_op { uint32_t cmd; /* IN: XEN_SYSCTL_LIVEPATCH_*. */ - uint32_t pad; /* IN: Always zero. */ + uint32_t flags; /* IN, flags. */ +#define LIVEPATCH_FLAG_FORCE (1u << 0) /* Skip some checks. */ +#define LIVEPATCH_FLAGS_MASK LIVEPATCH_FLAG_FORCE union { struct xen_sysctl_livepatch_upload upload; struct xen_sysctl_livepatch_list list; -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:02:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:02:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711899.1112220 (Exim 4.92) (envelope-from ) id 1rzu3T-0001SI-FW; Thu, 25 Apr 2024 08:02:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711899.1112220; Thu, 25 Apr 2024 08:02:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3T-0001S9-D2; Thu, 25 Apr 2024 08:02:07 +0000 Received: by outflank-mailman (input) for mailman id 711899; Thu, 25 Apr 2024 08:02:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3R-0001Rp-Nf for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3R-0007KF-N1 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu3R-0006b2-MA for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OvoF1yNvQmbSvphA+CdAbKizb4/PyKBB6fwDzrz1x5Q=; b=k5AwoE34ax3ExF9HrRxhLjWWqk lYe5gLDid0/nrFE5xA6Nww1aJsReeueSkfb6Xu3dyiyrYAWDbtiL/RwUrnkhKKAY8+G/ssaTCVKI8 mmLXaHSoibnfTUPtIEgi/LmUYXPTGsFM7ODEaDhdyvZM/G35+H/WXdWJbWNKukARskJU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/pci: add suffix 'U' to PCI_CONF_ADDRESS macro Message-Id: Date: Thu, 25 Apr 2024 08:02:05 +0000 commit ea3272f8457b46a3932a84253078524131e2c3ab Author: Alessandro Zucchelli AuthorDate: Thu Apr 25 09:52:51 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:52:51 2024 +0200 x86/pci: add suffix 'U' to PCI_CONF_ADDRESS macro This addresses violations of MISRA C:2012 Rule 7.2 which states as following: A “u” or “U” suffix shall be applied to all integer constants that are represented in an unsigned type. No functional change. Signed-off-by: Alessandro Zucchelli Acked-by: Jan Beulich --- xen/arch/x86/x86_64/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_64/pci.c b/xen/arch/x86/x86_64/pci.c index aad1c3f7cf..8d33429103 100644 --- a/xen/arch/x86/x86_64/pci.c +++ b/xen/arch/x86/x86_64/pci.c @@ -9,7 +9,7 @@ #include #define PCI_CONF_ADDRESS(sbdf, reg) \ - (0x80000000 | ((sbdf).bdf << 8) | ((reg) & ~3)) + (0x80000000U | ((sbdf).bdf << 8) | ((reg) & ~3)) uint8_t pci_conf_read8(pci_sbdf_t sbdf, unsigned int reg) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:02:17 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:02:17 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711900.1112223 (Exim 4.92) (envelope-from ) id 1rzu3d-0001Uv-HB; Thu, 25 Apr 2024 08:02:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711900.1112223; Thu, 25 Apr 2024 08:02:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3d-0001Un-ES; Thu, 25 Apr 2024 08:02:17 +0000 Received: by outflank-mailman (input) for mailman id 711900; Thu, 25 Apr 2024 08:02:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3b-0001Ub-Qc for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3b-0007KM-Pm for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu3b-0006bv-P1 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=bT1h8XTZijgT0egIAwx/msja7guHOTTSKyThJsGgjzw=; b=DIMZbleL5/dkh77IUakqSgJstO nI1Zirg2VThWhrXfMUWCzUQVR1+lLEpiNig7qWBRk3N3xeUD5KiLSjnvruvpLvowK7k8Tg9iBCYt5 qDk+fMsKiA4ESm4+xad8GmzgzlLTyvvlCgaoaB1dq0bnfy6bkdb1uveQbNp2cOo6hw6Y=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/msr: add suffix 'U' to MSR_AMD_CSTATE_CFG macro Message-Id: Date: Thu, 25 Apr 2024 08:02:15 +0000 commit 8c01d0e3361d827b552a8f5323c18a4d4f07e06a Author: Alessandro Zucchelli AuthorDate: Thu Apr 25 09:53:24 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:53:24 2024 +0200 x86/msr: add suffix 'U' to MSR_AMD_CSTATE_CFG macro This addresses violations of MISRA C:2012 Rule 7.2 which states as following: A “u” or “U” suffix shall be applied to all integer constants that are represented in an unsigned type. No functional change. Fixes: 652683e1aeaa ("x86/hvm: address violations of MISRA C:2012 Rule 7.2") Signed-off-by: Alessandro Zucchelli Acked-by: Jan Beulich --- xen/arch/x86/include/asm/msr-index.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 92dd9fa496..9cdb5b2625 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -236,7 +236,7 @@ #define MSR_VIRT_SPEC_CTRL _AC(0xc001011f, U) /* Layout matches MSR_SPEC_CTRL */ -#define MSR_AMD_CSTATE_CFG 0xc0010296 +#define MSR_AMD_CSTATE_CFG 0xc0010296U /* * Legacy MSR constants in need of cleanup. No new MSRs below this comment. -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:02:27 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:02:27 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711901.1112228 (Exim 4.92) (envelope-from ) id 1rzu3n-0001Xm-Ih; Thu, 25 Apr 2024 08:02:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711901.1112228; Thu, 25 Apr 2024 08:02:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3n-0001Xe-G4; Thu, 25 Apr 2024 08:02:27 +0000 Received: by outflank-mailman (input) for mailman id 711901; Thu, 25 Apr 2024 08:02:25 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3l-0001XR-TG for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:25 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3l-0007KW-Sb for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:25 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu3l-0006ck-Rp for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:25 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3S8IgEQamJ8vhYjuX1ajJyfPirsVePbgrbEirgdsx7o=; b=nQknTEM2PTk3Vr7Cfbbg1Pe0t+ RyuGUmIT11Qzc6Yo8Z1sLZQbKYHSdG3jVpCheJAR/s7KjnlTkfeBh/wUFbuKPBGvI0SV6XgQikMow T5QKAWLa/4SHBobEZFSA7YuxbYuHvAZajlUehXpxwxJNgZzbOMiSKtIqCTyC+eJ43yv0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/paging: vCPU host mode is always set Message-Id: Date: Thu, 25 Apr 2024 08:02:25 +0000 commit 9a73b4e21007cb51057bde55d05a7804a5769113 Author: Jan Beulich AuthorDate: Thu Apr 25 09:53:55 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:53:55 2024 +0200 x86/paging: vCPU host mode is always set ... thanks to paging_vcpu_init() being part of vCPU creation. Further if paging is enabled on a domain, it's also guaranteed to be either HAP or shadow. Drop respective unnecessary (parts of) conditionals. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/mm/paging.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 2961ca734d..bca320fffa 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -937,19 +937,12 @@ void paging_dump_vcpu_info(struct vcpu *v) { printk(" paging assistance: "); if ( paging_mode_shadow(v->domain) ) - { - if ( paging_get_hostmode(v) ) - printk("shadowed %u-on-%u\n", - paging_get_hostmode(v)->guest_levels, - paging_get_hostmode(v)->shadow.shadow_levels); - else - printk("not shadowed\n"); - } - else if ( paging_mode_hap(v->domain) && paging_get_hostmode(v) ) + printk("shadowed %u-on-%u\n", + paging_get_hostmode(v)->guest_levels, + paging_get_hostmode(v)->shadow.shadow_levels); + else printk("hap, %u levels\n", paging_get_hostmode(v)->guest_levels); - else - printk("none\n"); } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:02:37 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:02:37 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711902.1112232 (Exim 4.92) (envelope-from ) id 1rzu3x-0001a5-Jz; Thu, 25 Apr 2024 08:02:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711902.1112232; Thu, 25 Apr 2024 08:02:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3x-0001Zy-HR; Thu, 25 Apr 2024 08:02:37 +0000 Received: by outflank-mailman (input) for mailman id 711902; Thu, 25 Apr 2024 08:02:36 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3w-0001Zs-06 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:36 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu3v-0007Kd-VY for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:35 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu3v-0006dn-Um for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:35 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qZ8VP8yMEqMEyPfarpT1F1vEda6qrxA/PiuArE8JORI=; b=ffwoGFaUnktkpGinADBPpl5V5o P9dfVTjHTPRfuuuPOFVHPvh/06Osm7ugvLW/xqkFc8kCqLhFo/VN8lGdQnC+cdYRlHY62phMXaWwp ryEXTcdg7Aj2TdqCRqbs74ITEPLKvSk27jnHbDqrLqY+2Rdv6BJgES5Rol/E3kAn21wM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/shadow: correct shadow_vcpu_init()'s comment Message-Id: Date: Thu, 25 Apr 2024 08:02:35 +0000 commit bd5213384bb8f6a8805a67220acbf1b668305a0b Author: Jan Beulich AuthorDate: Thu Apr 25 09:54:28 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:54:28 2024 +0200 x86/shadow: correct shadow_vcpu_init()'s comment As of the commit referenced below the update_paging_modes() hook is per- domain and hence also set (already) during domain construction. Fixes: d0816a9085b5 ("x86/paging: move update_paging_modes() hook") Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/mm/shadow/common.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 8aa7b698f8..f93f0a4987 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -99,11 +99,12 @@ int shadow_domain_init(struct domain *d) return 0; } -/* Setup the shadow-specfic parts of a vcpu struct. Note: The most important - * job is to initialize the update_paging_modes() function pointer, which is - * used to initialized the rest of resources. Therefore, it really does not - * matter to have v->arch.paging.mode pointing to any mode, as long as it can - * be compiled. +/* + * Setup the shadow-specific parts of a vcpu struct. Note: The + * update_paging_modes() function pointer, which is used to initialize other + * resources, was already set during domain creation. Therefore it really does + * not matter to have v->arch.paging.mode pointing to any (legitimate) mode, + * as long as it can be compiled. */ void shadow_vcpu_init(struct vcpu *v) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 08:02:47 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 08:02:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.711903.1112235 (Exim 4.92) (envelope-from ) id 1rzu47-0001dB-Le; Thu, 25 Apr 2024 08:02:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 711903.1112235; Thu, 25 Apr 2024 08:02:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu47-0001d4-J8; Thu, 25 Apr 2024 08:02:47 +0000 Received: by outflank-mailman (input) for mailman id 711903; Thu, 25 Apr 2024 08:02:46 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu46-0001cg-2g for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:46 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzu46-0007Kq-22 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:46 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzu46-0006eM-1N for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 08:02:46 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n+CWbuwJk8PHrGpT/A62urdBDZ4cJTSsSPtgdhSrtqg=; b=dGXKTTmC1I0N+NBKgNEPuESzBc etONIkmGJqCFxDf/OtRnE0Wgf/2LA40e8uB/2c3UfuXhyKE85v8ubTjnGdWilCuSLyEymGYVLjuDy CYjubL/ykBm7R7ZS1VBMq2gbwVMoQ/ynQYm/CJAwSlRFGnxVlE8WKKIbG6uGC4IsDflU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/hap: Refactor boolean field assignments Message-Id: Date: Thu, 25 Apr 2024 08:02:46 +0000 commit 524eee7ce019da69df356a7bdd2174b94a6787b1 Author: Petr Beneš AuthorDate: Thu Apr 25 09:55:00 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:55:00 2024 +0200 x86/hap: Refactor boolean field assignments No functional change. Signed-off-by: Petr Beneš Acked-by: Jan Beulich --- xen/arch/x86/mm/hap/hap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 9f964c1d87..d2011fde24 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -522,7 +522,7 @@ int hap_enable(struct domain *d, u32 mode) goto out; } - d->arch.altp2m_active = 0; + d->arch.altp2m_active = false; } /* Now let other users see the new mode */ @@ -585,7 +585,7 @@ void hap_teardown(struct domain *d, bool *preempted) for_each_vcpu ( d, v ) altp2m_vcpu_disable_ve(v); - d->arch.altp2m_active = 0; + d->arch.altp2m_active = false; FREE_XENHEAP_PAGE(d->arch.altp2m_eptp); FREE_XENHEAP_PAGE(d->arch.altp2m_visible_eptp); -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 12:44:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 12:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712049.1112422 (Exim 4.92) (envelope-from ) id 1rzySL-0002CP-2w; Thu, 25 Apr 2024 12:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712049.1112422; Thu, 25 Apr 2024 12:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzySL-0002CH-0I; Thu, 25 Apr 2024 12:44:05 +0000 Received: by outflank-mailman (input) for mailman id 712049; Thu, 25 Apr 2024 12:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzySJ-00021l-UO for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 12:44:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rzySJ-0003mJ-Ov for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 12:44:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1rzySJ-0006yg-ME for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 12:44:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZzgcIvs5+mjJz/C5BmzPuTp9I2/hahoiAssNFkYGHg0=; b=TyYcMBHgSu0Pm8fKCUS3kjkil5 DNxQS+AZawUFNnsKhJ6oW5hH+J7MLolmN/qE6pcjA6SSJwHm1C05WBFGsBf69ZfbWL3ciAJrkhhik qQk7KTjSw/BxTwAOjyNiAt89ACd7B84iu+63Z2k2f3e/VuO9ongFA45PobbHdQ378Kso=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] tools/ocaml: Fix warnings in config.ml Message-Id: Date: Thu, 25 Apr 2024 12:44:03 +0000 commit 6d5111b10e084d841284a56e962c61ad274f589e Author: Edwin Török AuthorDate: Wed Mar 27 16:30:21 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 25 13:25:26 2024 +0100 tools/ocaml: Fix warnings in config.ml Fixes warnings such as: File "config.ml", line 102, characters 12-27: 102 | | Failure "int_of_string" -> append (k, "expect int arg") ^^^^^^^^^^^^^^^ Warning 52: Code should not depend on the actual values of this constructor's arguments. They are only for information and may change in future versions. (See manual section 9.5) Do not rely on the string values of the `Failure` exception, but use the `_opt` functions instead. Signed-off-by: Edwin Török Acked-by: Christian Lindig Tested-by: Andrew Cooper --- tools/ocaml/xenstored/config.ml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/tools/ocaml/xenstored/config.ml b/tools/ocaml/xenstored/config.ml index 95ef745a54..e0df236f73 100644 --- a/tools/ocaml/xenstored/config.ml +++ b/tools/ocaml/xenstored/config.ml @@ -83,25 +83,27 @@ let validate cf expected other = let err = ref [] in let append x = err := x :: !err in List.iter (fun (k, v) -> + let parse ~err_msg parser v f = + match parser v with + | None -> append (k, err_msg) + | Some r -> f r + in try if not (List.mem_assoc k expected) then other k v else let ty = List.assoc k expected in match ty with | Unit f -> f () - | Bool f -> f (bool_of_string v) + | Bool f -> parse ~err_msg:"expect bool arg" bool_of_string_opt v f | String f -> f v - | Int f -> f (int_of_string v) - | Float f -> f (float_of_string v) - | Set_bool r -> r := (bool_of_string v) + | Int f -> parse ~err_msg:"expect int arg" int_of_string_opt v f + | Float f -> parse ~err_msg:"expect float arg" float_of_string_opt v f + | Set_bool r -> parse ~err_msg:"expect bool arg" bool_of_string_opt v (fun x -> r := x) | Set_string r -> r := v - | Set_int r -> r := int_of_string v - | Set_float r -> r := (float_of_string v) + | Set_int r -> parse ~err_msg:"expect int arg" int_of_string_opt v (fun x -> r:= x) + | Set_float r -> parse ~err_msg:"expect float arg" float_of_string_opt v (fun x -> r := x) with | Not_found -> append (k, "unknown key") - | Failure "int_of_string" -> append (k, "expect int arg") - | Failure "bool_of_string" -> append (k, "expect bool arg") - | Failure "float_of_string" -> append (k, "expect float arg") | exn -> append (k, Printexc.to_string exn) ) cf; if !err != [] then raise (Error !err) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 14:44:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 14:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712130.1112559 (Exim 4.92) (envelope-from ) id 1s00KU-0008WB-8t; Thu, 25 Apr 2024 14:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712130.1112559; Thu, 25 Apr 2024 14:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00KU-0008W2-6D; Thu, 25 Apr 2024 14:44:06 +0000 Received: by outflank-mailman (input) for mailman id 712130; Thu, 25 Apr 2024 14:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00KS-0008Vw-Er for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00KS-0005uH-4N for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s00KS-0005Ov-2n for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=u+7GqnajRJ+chwk8Lc8FnbX6NravW0P4Q7HNoLFwxaw=; b=AGyh95hXUydlp+JeIuslzgKxM9 dH/H+dFkjHVR0RY9onj+sZgvJ2eK8IkYUn51PjvmKq8s4rtLzS0r8HChmfGb+Xn8mZEK+k7OuQESN Zsa4Io+vXH4QfJngejD+AAtDHcWo6jufRwNrz085Jj7TbUfxFrfaWKzwlrhZu+W+AEKQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec: fix reporting of BHB clearing usage from guest entry points Message-Id: Date: Thu, 25 Apr 2024 14:44:04 +0000 commit 049ab0b2c9f1f5edb54b505fef0bc575787dafe9 Author: Roger Pau Monné AuthorDate: Thu Apr 25 16:35:56 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 16:35:56 2024 +0200 x86/spec: fix reporting of BHB clearing usage from guest entry points Reporting whether the BHB clearing on entry is done for the different domains types based on cpu_has_bhb_seq is unhelpful, as that variable signals whether there's a BHB clearing sequence selected, but that alone doesn't imply that such sequence is used from the PV and/or HVM entry points. Instead use opt_bhb_entry_{pv,hvm} which do signal whether BHB clearing is performed on entry from PV/HVM. Fixes: 689ad48ce9cf ('x86/spec-ctrl: Wire up the Native-BHI software sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/spec_ctrl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index dd01e30844..1e831c1c10 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -634,7 +634,7 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - cpu_has_bhb_seq || amd_virt_spec_ctrl || + opt_bhb_entry_hvm || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -643,7 +643,7 @@ static void __init print_details(enum ind_thunk thunk) opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_hvm ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV @@ -651,14 +651,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - cpu_has_bhb_seq || + opt_bhb_entry_pv || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_pv ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 14:44:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 14:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712131.1112563 (Exim 4.92) (envelope-from ) id 1s00Kd-00008S-AT; Thu, 25 Apr 2024 14:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712131.1112563; Thu, 25 Apr 2024 14:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00Kd-00008K-7X; Thu, 25 Apr 2024 14:44:15 +0000 Received: by outflank-mailman (input) for mailman id 712131; Thu, 25 Apr 2024 14:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00Kc-000080-95 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00Kc-0005uf-8F for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s00Kc-0005PO-6X for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=LM5TMK2Ab+JKijBx5u6N4tUD03T59oeCiynj+fFeTSM=; b=5Vt7nlBde/5L1BywwmEvSPdjLG fLWLT+8s1tAjS23Ydx/GD9GWhuN1/u1TsmuyNt2YdPjXOI3so4yJSo9eHSmzgcry4poRzovJjW6g6 /OmN2/AgAsadUwnJ5eIXufjxruXfG8NwSlAyCpWCkL7mqTHZmLFQgHrOr98t8ZQNU8UE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/spec: adjust logic that elides lfence Message-Id: Date: Thu, 25 Apr 2024 14:44:14 +0000 commit 656ae8f1091bcefec9c46ec3ea3ac2118742d4f6 Author: Roger Pau Monné AuthorDate: Thu Apr 25 16:37:01 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 16:37:01 2024 +0200 x86/spec: adjust logic that elides lfence It's currently too restrictive by just checking whether there's a BHB clearing sequence selected. It should instead check whether BHB clearing is used on entry from PV or HVM specifically. Switch to use opt_bhb_entry_{pv,hvm} instead, and then remove cpu_has_bhb_seq since it no longer has any users. Reported-by: Jan Beulich Fixes: 954c983abcee ('x86/spec-ctrl: Software BHB-clearing sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/include/asm/cpufeature.h | 3 --- xen/arch/x86/spec_ctrl.c | 6 +++--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 743f11f989..9bc553681f 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -235,9 +235,6 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) -#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ - boot_cpu_has(X86_SPEC_BHB_LOOPS)) - enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 1e831c1c10..40f6ae0170 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2328,7 +2328,7 @@ void __init init_speculation_mitigations(void) * unconditional WRMSR. If we do have it, or we're not using any * prior conditional block, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); @@ -2344,7 +2344,7 @@ void __init init_speculation_mitigations(void) * active in the block that is skipped when interrupting guest * context, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) @@ -2356,7 +2356,7 @@ void __init init_speculation_mitigations(void) * A BHB sequence, if used, is the only conditional action, so if we * don't have it, we don't need the safety LFENCE. */ - if ( !cpu_has_bhb_seq ) + if ( !opt_bhb_entry_hvm ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 14:44:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 14:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712132.1112567 (Exim 4.92) (envelope-from ) id 1s00Kn-0000Km-Bg; Thu, 25 Apr 2024 14:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712132.1112567; Thu, 25 Apr 2024 14:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00Kn-0000Ke-91; Thu, 25 Apr 2024 14:44:25 +0000 Received: by outflank-mailman (input) for mailman id 712132; Thu, 25 Apr 2024 14:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00Km-0000KV-C2 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00Km-0005ur-BE for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s00Km-0005QC-AI for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=26R64WyjYTzGn93TMxAqJK5a30sywF1PeYZHkSNYVww=; b=HN/sGJgBWPNYkABdVU72CQTTmd DM5MNNEl13P9n3X9W5LTYSrKkxK7UzuLOxyGlZKk4Zg4Gdj37fhX65Ru4bNuaXoMDrvWEoeppsRDu vNtFaPTsVlN+AQdfE4pPbAD1uB0uswoXUcPGb4QZtvoGmuljLAJpgrn+Qr/BAEdWno1M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] MAINTAINERS: Update my email address Message-Id: Date: Thu, 25 Apr 2024 14:44:24 +0000 commit 7ea3a3e44feb81e47770d1f8d3c43e0bd93871cb Author: Anthony PERARD AuthorDate: Thu Apr 25 16:37:34 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 16:37:34 2024 +0200 MAINTAINERS: Update my email address Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- MAINTAINERS | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index d1850c134d..6ba7d2765f 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -208,7 +208,7 @@ Maintainers List (try to look for most precise areas first) 9PFSD M: Juergen Gross -M: Anthony PERARD +M: Anthony PERARD S: Supported F: tools/9pfsd/ @@ -381,7 +381,7 @@ F: xen/arch/x86/machine_kexec.c F: xen/arch/x86/x86_64/kexec_reloc.S LIBS -M: Anthony PERARD +M: Anthony PERARD R: Juergen Gross S: Supported F: tools/include/libxenvchan.h @@ -427,7 +427,7 @@ S: Supported F: tools/ocaml/ OVMF UPSTREAM -M: Anthony PERARD +M: Anthony PERARD S: Supported T: git https://xenbits.xenproject.org/git-http/ovmf.git @@ -460,7 +460,7 @@ T: git https://xenbits.xenproject.org/git-http/qemu-xen-traditional.git QEMU UPSTREAM M: Stefano Stabellini -M: Anthony Perard +M: Anthony Perard S: Supported T: git https://xenbits.xenproject.org/git-http/qemu-xen.git @@ -512,7 +512,7 @@ F: xen/arch/arm/include/asm/tee F: xen/arch/arm/tee/ TOOLSTACK -M: Anthony PERARD +M: Anthony PERARD S: Supported F: autogen.sh F: config/*.in -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 14:44:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 14:44:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712133.1112572 (Exim 4.92) (envelope-from ) id 1s00Kx-0000RC-ER; Thu, 25 Apr 2024 14:44:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712133.1112572; Thu, 25 Apr 2024 14:44:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00Kx-0000R4-AW; Thu, 25 Apr 2024 14:44:35 +0000 Received: by outflank-mailman (input) for mailman id 712133; Thu, 25 Apr 2024 14:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00Kw-0000Qv-FV for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s00Kw-0005uz-Ek for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s00Kw-0005Qr-DS for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 14:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=h97QLQLaPDcl/AwqEHWjxf3CNHhn6sg0eN1nGx/UfPM=; b=fFDI1XKI0fg4Q9fWq51lzPDdDb n4QEybeCtKxFw16yyymuHETzQyyKmIUTk4n2cpgs8Ji8YWymFEvzbI/UzTdv7V8abIyVMJre72wqo K5aBz5ffhjxP0MV1v9CRoejfgN6xbWmBis4p/udbASX/iiC+u9WQchTpMI/yEwp0YIls=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] VMX: no open-coding in vmx_get_cpl() Message-Id: Date: Thu, 25 Apr 2024 14:44:34 +0000 commit 23cd1207e7f6ee3e51fb42e11dba8d7cdb28e1e5 Author: Jan Beulich AuthorDate: Thu Apr 25 16:38:01 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 16:38:01 2024 +0200 VMX: no open-coding in vmx_get_cpl() Neither X86_SEG_AR_DPL nor MASK_EXTR() should really be avoided here, using literal number instead. No difference in generated code (with gcc13 at least). Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/hvm/vmx/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 0935762378..5f67a48592 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -1192,7 +1192,7 @@ unsigned int vmx_get_cpl(void) __vmread(GUEST_SS_AR_BYTES, &attr); - return (attr >> 5) & 3; + return MASK_EXTR(attr, X86_SEG_AR_DPL); } static unsigned int cf_check _vmx_get_cpl(struct vcpu *v) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:55:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:55:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712252.1112775 (Exim 4.92) (envelope-from ) id 1s05BQ-000418-2H; Thu, 25 Apr 2024 19:55:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712252.1112775; Thu, 25 Apr 2024 19:55:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05BP-000410-Vh; Thu, 25 Apr 2024 19:55:03 +0000 Received: by outflank-mailman (input) for mailman id 712252; Thu, 25 Apr 2024 19:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05BO-00040o-52 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05BO-0003bE-40 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05BO-0002ZJ-2x for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dWkNhH7NdA0KuCDyuP5RRYMNzLWoN4dpHV4i1WnWN6Q=; b=WhEFMeyW2Yf1+IKKYE651i+vbk KQqb/I8mp8RcONBOTs0Mu8eRX0/AoOmRn01pAc5DularGev1M0F9lBCkyx62wfwGEYqjqDq2Tocrd pmniZr7SPJvGIOIJSMHUTQBmS1T/2NtzLHHfnmCXPKMVhUAl19hQsxRH2yQ6dE2u59rg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] svm/nestedsvm: Introduce nested capabilities bit Message-Id: Date: Thu, 25 Apr 2024 19:55:02 +0000 commit 0d19d3aab0d3032e3207561cff402604788964fe Author: George Dunlap AuthorDate: Mon Feb 5 01:39:00 2024 +0000 Commit: George Dunlap CommitDate: Wed Apr 24 16:36:25 2024 +0100 svm/nestedsvm: Introduce nested capabilities bit In order to make implementation and testing tractable, we will require specific host functionality. Add a nested_virt bit to hvm_funcs.caps, and return an error if a domain is created with nested virt and this bit isn't set. Create VMX and SVM callbacks to be executed from nestedhvm_setup(), which is guaranteed to execute after all command-line options have been procesed. For VMX, start with always enabling it if HAP is present; this shouldn't change current behvior. For SVM, require some basic functionality, adding a document explaining the rationale. NB that only SVM CPUID bits 0-7 have been considered. Bits 10-16 may be considered in a follow-up patch. Signed-off-by: George Dunlap Acked-by: Jan Beulich --- docs/designs/nested-svm-cpu-features.md | 111 +++++++++++++++++++++++++++++++ xen/arch/x86/domain.c | 6 ++ xen/arch/x86/hvm/nestedhvm.c | 10 +++ xen/arch/x86/hvm/svm/nestedsvm.c | 14 ++++ xen/arch/x86/hvm/vmx/vvmx.c | 7 ++ xen/arch/x86/include/asm/hvm/hvm.h | 16 ++++- xen/arch/x86/include/asm/hvm/nestedhvm.h | 4 ++ 7 files changed, 167 insertions(+), 1 deletion(-) diff --git a/docs/designs/nested-svm-cpu-features.md b/docs/designs/nested-svm-cpu-features.md new file mode 100644 index 0000000000..837a96df05 --- /dev/null +++ b/docs/designs/nested-svm-cpu-features.md @@ -0,0 +1,111 @@ +# Nested SVM (AMD) CPUID requirements + +The first step in making nested SVM production-ready is to make sure +that all features are implemented and well-tested. To make this +tractable, we will initially be limiting the "supported" range of +nested virt to a specific subset of host and guest features. This +document describes the criteria for deciding on features, and the +rationale behind each feature. + +For AMD, all virtualization-related features can be found in CPUID +leaf 8000000A:edx + +# Criteria + +- Processor support: At a minimum we want to support processors from + the last 5 years. All things being equal, we'd prefer to cover + older processors than not. Bits 0:7 were available in the very + earliest processors; and even through bit 15 we should be pretty + good support-wise. + +- Faithfulness to hardware: We need the behavior of the "virtual cpu" + from the L1 hypervisor's perspective to be as close as possible to + the original hardware. In particular, the behavior of the hardware + on error paths 1) is not easy to understand or test, 2) can be the + source of surprising vulnerabiliies. (See XSA-7 for an example of a + case where subtle error-handling differences can open up a privilege + escalation.) We should avoid emulating any bit of the hardware with + complex error paths if we can at all help it. + +- Cost of implementation: We want to minimize the cost of + implementation (where this includes bringing an existing sub-par + implementation up to speed). All things being equal, we'll favor a + configuration which does not require any new implementation. + +- Performance: All things being equal, we'd prefer to choose a set of + L0 / L1 CPUID bits that are faster than slower. + + +# Bits + +- 0 `NP` *Nested Paging*: Required both for L0 and L1. + + Based primarily on faithfulness and performance, as well as + potential cost of implementation. Available on earliest hardware, + so no compatibility issues. + +- 1 `LbrVirt` *LBR / debugging virtualization*: Require for L0 and L1. + + For L0 this is required for performance: There's no way to tell the + guests not to use the LBR-related registers; and if the guest does, + then you have to save and restore all LBR-related registers on + context switch, which is prohibitive. Furthermore, the additional + emulation risks a security-relevant difference to come up. + + Providing it to L1 when we have it in L0 is basically free, and + already implemented. + + Just require it and provide it. + +- 2 `SVML` *SVM Lock*: Not required for L0, not provided to L1 + + Seems to be aboult enabling an operating system to prevent "blue + pill" attacks against itself. + + Xen doesn't use it, nor provide it; so it would need to be + implementend. The best way to protect a guest OS is to leave nested + virt disabled in the tools. + +- 3 `NRIPS` NRIP Save: Require for both L0 and L1 + + If NRIPS is not present, the software interrupt injection + functionality can't be used; and Xen has to emulate it. That's + another source of potential security issues. If hardware supports + it, then providing it to guest is basically free. + +- 4 `TscRateMsr`: Not required by L0, not provided to L1 + + The main putative use for this would be trying to maintain an + invariant TSC across cores with different clock speeds, or after a + migrate. Unlike others, this doesn't have an error path to worry + about compatibility-wise; and according to tests done when nestedSVM + was first implemented, it's actually faster to emliate TscRateMSR in + the L0 hypervisor than for L1 to attempt to emulate it itself. + + However, using this properly in L0 will take some implementation + effort; and composing it properly with L1 will take even more + effort. Just leave it off for now. + + - 5 `VmcbClean`: VMCB Clean Bits: Not required by L0, provide to L1 + + This is a pure optimization, both on the side of the L0 and L1. The + implementaiton for L1 is entirely Xen-side, so can be provided even + on hardware that doesn't provide it. And it's purely an + optimization, so could be "implemented" by ignoring the bits + entirely. + + As such, we don't need to require it for L0; and as it's already + implemented, no reason not to provide it to L1. Before this feature + was available those bits were marked SBZ ("should be zero"); setting + them was already advertised to cause unpredictable behavior. + +- 6 `FlushByAsid`: Require for L0, provide to L1 + + This is cheap and easy to use for L0 and to provide to the L1; + there's no reson not to just pass it through. + +- 7 `DecodeAssists`: Require for L0, provide to L1 + + Using it in L0 reduces the chance that we'll make some sort of error + in the decode path. And if hardware supports it, it's easy enough + to provide to the L1. diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 4f851aa81f..20e83cf38b 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -673,6 +673,12 @@ int arch_sanitise_domain_config(struct xen_domctl_createdomain *config) */ config->flags |= XEN_DOMCTL_CDF_oos_off; + if ( nested_virt && !hvm_nested_virt_supported() ) + { + dprintk(XENLOG_INFO, "Nested virt requested but not available\n"); + return -EINVAL; + } + if ( nested_virt && !hap ) { dprintk(XENLOG_INFO, "Nested virt not supported without HAP\n"); diff --git a/xen/arch/x86/hvm/nestedhvm.c b/xen/arch/x86/hvm/nestedhvm.c index 12bf7172b8..451c4da6d4 100644 --- a/xen/arch/x86/hvm/nestedhvm.c +++ b/xen/arch/x86/hvm/nestedhvm.c @@ -150,6 +150,16 @@ static int __init cf_check nestedhvm_setup(void) __clear_bit(0x80, shadow_io_bitmap[0]); __clear_bit(0xed, shadow_io_bitmap[1]); + /* + * NB this must be called after all command-line processing has been + * done, so that if (for example) HAP is disabled, nested virt is + * disabled as well. + */ + if ( cpu_has_vmx ) + start_nested_vmx(&hvm_funcs); + else if ( cpu_has_svm ) + start_nested_svm(&hvm_funcs); + return 0; } __initcall(nestedhvm_setup); diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c index b50bfe6a28..35a2cbfd7d 100644 --- a/xen/arch/x86/hvm/svm/nestedsvm.c +++ b/xen/arch/x86/hvm/svm/nestedsvm.c @@ -1666,3 +1666,17 @@ void svm_nested_features_on_efer_update(struct vcpu *v) } } } + +void __init start_nested_svm(struct hvm_function_table *hvm_function_table) +{ + /* + * Required host functionality to support nested virt. See + * docs/designs/nested-svm-cpu-features.md for rationale. + */ + hvm_function_table->caps.nested_virt = + hvm_function_table->caps.hap && + cpu_has_svm_lbrv && + cpu_has_svm_nrips && + cpu_has_svm_flushbyasid && + cpu_has_svm_decode; +} diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c index ece0aa243a..39290c9861 100644 --- a/xen/arch/x86/hvm/vmx/vvmx.c +++ b/xen/arch/x86/hvm/vmx/vvmx.c @@ -2816,6 +2816,13 @@ void nvmx_set_cr_read_shadow(struct vcpu *v, unsigned int cr) __vmwrite(read_shadow_field, v->arch.hvm.nvcpu.guest_cr[cr]); } +void __init start_nested_vmx(struct hvm_function_table *hvm_function_table) +{ + /* TODO: Require hardware support before enabling nested virt */ + hvm_function_table->caps.nested_virt = + hvm_function_table->caps.hap; +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/include/asm/hvm/hvm.h b/xen/arch/x86/include/asm/hvm/hvm.h index 899233fb25..0c9e6f1564 100644 --- a/xen/arch/x86/include/asm/hvm/hvm.h +++ b/xen/arch/x86/include/asm/hvm/hvm.h @@ -97,7 +97,10 @@ struct hvm_function_table { singlestep:1, /* Hardware virtual interrupt delivery enable? */ - virtual_intr_delivery:1; + virtual_intr_delivery:1, + + /* Nested virt capabilities */ + nested_virt:1; } caps; /* @@ -670,6 +673,12 @@ static inline bool hvm_altp2m_supported(void) return hvm_funcs.caps.altp2m; } +/* Returns true if we have the minimum hardware requirements for nested virt */ +static inline bool hvm_nested_virt_supported(void) +{ + return hvm_funcs.caps.nested_virt; +} + /* updates the current hardware p2m */ static inline void altp2m_vcpu_update_p2m(struct vcpu *v) { @@ -813,6 +822,11 @@ static inline bool hvm_hap_supported(void) return false; } +static inline bool hvm_nested_virt_supported(void) +{ + return false; +} + static inline bool nhvm_vmcx_hap_enabled(const struct vcpu *v) { ASSERT_UNREACHABLE(); diff --git a/xen/arch/x86/include/asm/hvm/nestedhvm.h b/xen/arch/x86/include/asm/hvm/nestedhvm.h index 56a2019e1b..0568acb25f 100644 --- a/xen/arch/x86/include/asm/hvm/nestedhvm.h +++ b/xen/arch/x86/include/asm/hvm/nestedhvm.h @@ -82,4 +82,8 @@ static inline bool vvmcx_valid(const struct vcpu *v) return vcpu_nestedhvm(v).nv_vvmcxaddr != INVALID_PADDR; } + +void start_nested_svm(struct hvm_function_table *); +void start_nested_vmx(struct hvm_function_table *); + #endif /* _HVM_NESTEDHVM_H */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:55:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:55:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712253.1112778 (Exim 4.92) (envelope-from ) id 1s05Ba-00045k-50; Thu, 25 Apr 2024 19:55:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712253.1112778; Thu, 25 Apr 2024 19:55:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Ba-00045b-2L; Thu, 25 Apr 2024 19:55:14 +0000 Received: by outflank-mailman (input) for mailman id 712253; Thu, 25 Apr 2024 19:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05BY-00045G-8I for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05BY-0003bi-7A for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05BY-0002a8-6I for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=R0fUM5vPe9/dtmNvXxeNQzvbuvuhv6C/pw6MojHTod0=; b=TfbugaIAlrLTn7ahaDoDBST/hr GymxBc0lffQXXXSc1UqK6gQfNfE+j3JDHk5Pe2QTeU46KCnAW1vOpfp1RIWEw9bwVh2CVsyaSIRAU Rl+d0UwjaoAxJsBdKY9mEqTkgX6Hn106+uuOr8xkQWYq7WK44baB3Tn/HKwtkIFRu7XI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/golang: When returning pointers, actually allocate structrues Message-Id: Date: Thu, 25 Apr 2024 19:55:12 +0000 commit 27c176d298cd5866d0ea2cfa5f9068730e57dd37 Author: George Dunlap AuthorDate: Fri Apr 19 10:57:04 2024 +0100 Commit: George Dunlap CommitDate: Wed Apr 24 16:42:16 2024 +0100 tools/golang: When returning pointers, actually allocate structrues In a handful of cases, it was decided to return a pointer to a structure rather than the plain structure itself, due to the size. However, in these cases the structure was never allocated, leading to a nil pointer exception when calling the relevant `fromC` method. Allocate structures before attempting to fill them in. Fixes: 453713b1750 ("golang/xenlight: Add host-related functionality") Reported-by: Tobias Fitschen Signed-off-by: George Dunlap Tested-by: Tobias Fitschen Acked-by: Nick Rosbrook --- tools/golang/xenlight/xenlight.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/golang/xenlight/xenlight.go b/tools/golang/xenlight/xenlight.go index a45c636952..d793f172e5 100644 --- a/tools/golang/xenlight/xenlight.go +++ b/tools/golang/xenlight/xenlight.go @@ -999,6 +999,7 @@ func (ctx *Context) GetPhysinfo() (physinfo *Physinfo, err error) { err = Error(ret) return } + physinfo = &Physinfo{} err = physinfo.fromC(&cphys) return @@ -1010,6 +1011,7 @@ func (ctx *Context) GetVersionInfo() (info *VersionInfo, err error) { cinfo = C.libxl_get_version_info(ctx.ctx) + info = &VersionInfo{} err = info.fromC(cinfo) return @@ -1027,6 +1029,7 @@ func (ctx *Context) DomainInfo(Id Domid) (di *Dominfo, err error) { return } + di = &Dominfo{} err = di.fromC(&cdi) return -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:55:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:55:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712254.1112783 (Exim 4.92) (envelope-from ) id 1s05Bk-00048U-6R; Thu, 25 Apr 2024 19:55:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712254.1112783; Thu, 25 Apr 2024 19:55:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Bk-00048M-3i; Thu, 25 Apr 2024 19:55:24 +0000 Received: by outflank-mailman (input) for mailman id 712254; Thu, 25 Apr 2024 19:55:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Bi-000480-BT for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Bi-0003bp-Aa for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05Bi-0002am-9E for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=EQWQ4xQxhzf/nELELuvCLdKExSshMAW1ZLqXnKAaTjo=; b=YP2NE0FuVmPNnpVlEljk5Vn13k iWhKskMOD7gCKa7nFrVq9zIShx12JV0j2WczqtV1zi/UdD/3A6hDW8FvrcSDd2drYbeeQOBKsY/eU aJk9IQnwWYs9Y7xizJwyd5Z+M7Q50GULWgzAY3wR0oUOtebbAzN4FCoIn4Omzhs9BOpM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] golang/xenlight: Ensure comments aren't interpreted as docstrings Message-Id: Date: Thu, 25 Apr 2024 19:55:22 +0000 commit 9c08a88ad0a75878d6448c60d88ae898f7cc6427 Author: George Dunlap AuthorDate: Fri Apr 19 12:03:13 2024 +0100 Commit: George Dunlap CommitDate: Wed Apr 24 16:42:16 2024 +0100 golang/xenlight: Ensure comments aren't interpreted as docstrings Go has always interpreted a comment directly before a function as a docstring, so having the C function prototypes which the golang method is meant to wrap in the comment before was always a bit non-standard. However, recent versions of `go fmt` now attempt to normalize these docstrings as well, leading to strange changes, particularly if `go fmt` is run on save. Go through and put a space between non-docstring comments and methods, so that `go fmt` leaves the comments alone. No functional change. Signed-off-by: George Dunlap Acked-by: Nick Rosbrook --- tools/golang/xenlight/xenlight.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tools/golang/xenlight/xenlight.go b/tools/golang/xenlight/xenlight.go index d793f172e5..7f08657187 100644 --- a/tools/golang/xenlight/xenlight.go +++ b/tools/golang/xenlight/xenlight.go @@ -562,6 +562,7 @@ func (dt DomainType) String() (str string) { } // const char *libxl_scheduler_to_string(libxl_scheduler p); + func (s Scheduler) String() string { cs := C.libxl_scheduler_to_string(C.libxl_scheduler(s)) // No need to free const return value @@ -570,6 +571,7 @@ func (s Scheduler) String() string { } // int libxl_scheduler_from_string(const char *s, libxl_scheduler *e); + func (s *Scheduler) FromString(gstr string) (err error) { *s, err = SchedulerFromString(gstr) return @@ -594,6 +596,7 @@ func SchedulerFromString(name string) (s Scheduler, err error) { // libxl_cpupoolinfo * libxl_list_cpupool(libxl_ctx*, int *nb_pool_out); // void libxl_cpupoolinfo_list_free(libxl_cpupoolinfo *list, int nb_pool); + func (ctx *Context) ListCpupool() (list []Cpupoolinfo) { var nbPool C.int @@ -617,6 +620,7 @@ func (ctx *Context) ListCpupool() (list []Cpupoolinfo) { } // int libxl_cpupool_info(libxl_ctx *ctx, libxl_cpupoolinfo *info, uint32_t poolid); + func (ctx *Context) CpupoolInfo(Poolid uint32) (pool Cpupoolinfo, err error) { var c_cpupool C.libxl_cpupoolinfo @@ -638,6 +642,7 @@ func (ctx *Context) CpupoolInfo(Poolid uint32) (pool Cpupoolinfo, err error) { // uint32_t *poolid); // FIXME: uuid // FIXME: Setting poolid + func (ctx *Context) CpupoolCreate(Name string, Scheduler Scheduler, Cpumap Bitmap) (err error, Poolid uint32) { poolid := C.uint32_t(C.LIBXL_CPUPOOL_POOLID_ANY) name := C.CString(Name) @@ -666,6 +671,7 @@ func (ctx *Context) CpupoolCreate(Name string, Scheduler Scheduler, Cpumap Bitma } // int libxl_cpupool_destroy(libxl_ctx *ctx, uint32_t poolid); + func (ctx *Context) CpupoolDestroy(Poolid uint32) (err error) { ret := C.libxl_cpupool_destroy(ctx.ctx, C.uint32_t(Poolid)) if ret != 0 { @@ -677,6 +683,7 @@ func (ctx *Context) CpupoolDestroy(Poolid uint32) (err error) { } // int libxl_cpupool_cpuadd(libxl_ctx *ctx, uint32_t poolid, int cpu); + func (ctx *Context) CpupoolCpuadd(Poolid uint32, Cpu int) (err error) { ret := C.libxl_cpupool_cpuadd(ctx.ctx, C.uint32_t(Poolid), C.int(Cpu)) if ret != 0 { @@ -689,6 +696,7 @@ func (ctx *Context) CpupoolCpuadd(Poolid uint32, Cpu int) (err error) { // int libxl_cpupool_cpuadd_cpumap(libxl_ctx *ctx, uint32_t poolid, // const libxl_bitmap *cpumap); + func (ctx *Context) CpupoolCpuaddCpumap(Poolid uint32, Cpumap Bitmap) (err error) { var cbm C.libxl_bitmap if err = Cpumap.toC(&cbm); err != nil { @@ -706,6 +714,7 @@ func (ctx *Context) CpupoolCpuaddCpumap(Poolid uint32, Cpumap Bitmap) (err error } // int libxl_cpupool_cpuremove(libxl_ctx *ctx, uint32_t poolid, int cpu); + func (ctx *Context) CpupoolCpuremove(Poolid uint32, Cpu int) (err error) { ret := C.libxl_cpupool_cpuremove(ctx.ctx, C.uint32_t(Poolid), C.int(Cpu)) if ret != 0 { @@ -718,6 +727,7 @@ func (ctx *Context) CpupoolCpuremove(Poolid uint32, Cpu int) (err error) { // int libxl_cpupool_cpuremove_cpumap(libxl_ctx *ctx, uint32_t poolid, // const libxl_bitmap *cpumap); + func (ctx *Context) CpupoolCpuremoveCpumap(Poolid uint32, Cpumap Bitmap) (err error) { var cbm C.libxl_bitmap if err = Cpumap.toC(&cbm); err != nil { @@ -735,6 +745,7 @@ func (ctx *Context) CpupoolCpuremoveCpumap(Poolid uint32, Cpumap Bitmap) (err er } // int libxl_cpupool_rename(libxl_ctx *ctx, const char *name, uint32_t poolid); + func (ctx *Context) CpupoolRename(Name string, Poolid uint32) (err error) { name := C.CString(Name) defer C.free(unsafe.Pointer(name)) @@ -749,6 +760,7 @@ func (ctx *Context) CpupoolRename(Name string, Poolid uint32) (err error) { } // int libxl_cpupool_cpuadd_node(libxl_ctx *ctx, uint32_t poolid, int node, int *cpus); + func (ctx *Context) CpupoolCpuaddNode(Poolid uint32, Node int) (Cpus int, err error) { ccpus := C.int(0) @@ -764,6 +776,7 @@ func (ctx *Context) CpupoolCpuaddNode(Poolid uint32, Node int) (Cpus int, err er } // int libxl_cpupool_cpuremove_node(libxl_ctx *ctx, uint32_t poolid, int node, int *cpus); + func (ctx *Context) CpupoolCpuremoveNode(Poolid uint32, Node int) (Cpus int, err error) { ccpus := C.int(0) @@ -779,6 +792,7 @@ func (ctx *Context) CpupoolCpuremoveNode(Poolid uint32, Node int) (Cpus int, err } // int libxl_cpupool_movedomain(libxl_ctx *ctx, uint32_t poolid, uint32_t domid); + func (ctx *Context) CpupoolMovedomain(Poolid uint32, Id Domid) (err error) { ret := C.libxl_cpupool_movedomain(ctx.ctx, C.uint32_t(Poolid), C.uint32_t(Id)) if ret != 0 { @@ -792,6 +806,7 @@ func (ctx *Context) CpupoolMovedomain(Poolid uint32, Id Domid) (err error) { // // Utility functions // + func (ctx *Context) CpupoolFindByName(name string) (info Cpupoolinfo, found bool) { plist := ctx.ListCpupool() @@ -940,6 +955,7 @@ func (bm Bitmap) String() (s string) { } //int libxl_get_max_cpus(libxl_ctx *ctx); + func (ctx *Context) GetMaxCpus() (maxCpus int, err error) { ret := C.libxl_get_max_cpus(ctx.ctx) if ret < 0 { @@ -951,6 +967,7 @@ func (ctx *Context) GetMaxCpus() (maxCpus int, err error) { } //int libxl_get_online_cpus(libxl_ctx *ctx); + func (ctx *Context) GetOnlineCpus() (onCpus int, err error) { ret := C.libxl_get_online_cpus(ctx.ctx) if ret < 0 { @@ -962,6 +979,7 @@ func (ctx *Context) GetOnlineCpus() (onCpus int, err error) { } //int libxl_get_max_nodes(libxl_ctx *ctx); + func (ctx *Context) GetMaxNodes() (maxNodes int, err error) { ret := C.libxl_get_max_nodes(ctx.ctx) if ret < 0 { @@ -973,6 +991,7 @@ func (ctx *Context) GetMaxNodes() (maxNodes int, err error) { } //int libxl_get_free_memory(libxl_ctx *ctx, uint64_t *memkb); + func (ctx *Context) GetFreeMemory() (memkb uint64, err error) { var cmem C.uint64_t ret := C.libxl_get_free_memory(ctx.ctx, &cmem) @@ -988,6 +1007,7 @@ func (ctx *Context) GetFreeMemory() (memkb uint64, err error) { } //int libxl_get_physinfo(libxl_ctx *ctx, libxl_physinfo *physinfo) + func (ctx *Context) GetPhysinfo() (physinfo *Physinfo, err error) { var cphys C.libxl_physinfo C.libxl_physinfo_init(&cphys) @@ -1006,6 +1026,7 @@ func (ctx *Context) GetPhysinfo() (physinfo *Physinfo, err error) { } //const libxl_version_info* libxl_get_version_info(libxl_ctx *ctx); + func (ctx *Context) GetVersionInfo() (info *VersionInfo, err error) { var cinfo *C.libxl_version_info @@ -1045,6 +1066,7 @@ func (ctx *Context) DomainUnpause(Id Domid) (err error) { } //int libxl_domain_pause(libxl_ctx *ctx, uint32_t domain); + func (ctx *Context) DomainPause(id Domid) (err error) { ret := C.libxl_domain_pause(ctx.ctx, C.uint32_t(id), nil) @@ -1055,6 +1077,7 @@ func (ctx *Context) DomainPause(id Domid) (err error) { } //int libxl_domain_shutdown(libxl_ctx *ctx, uint32_t domid); + func (ctx *Context) DomainShutdown(id Domid) (err error) { ret := C.libxl_domain_shutdown(ctx.ctx, C.uint32_t(id), nil) @@ -1065,6 +1088,7 @@ func (ctx *Context) DomainShutdown(id Domid) (err error) { } //int libxl_domain_reboot(libxl_ctx *ctx, uint32_t domid); + func (ctx *Context) DomainReboot(id Domid) (err error) { ret := C.libxl_domain_reboot(ctx.ctx, C.uint32_t(id), nil) @@ -1076,6 +1100,7 @@ func (ctx *Context) DomainReboot(id Domid) (err error) { //libxl_dominfo * libxl_list_domain(libxl_ctx*, int *nb_domain_out); //void libxl_dominfo_list_free(libxl_dominfo *list, int nb_domain); + func (ctx *Context) ListDomain() (glist []Dominfo) { var nbDomain C.int clist := C.libxl_list_domain(ctx.ctx, &nbDomain) @@ -1098,6 +1123,7 @@ func (ctx *Context) ListDomain() (glist []Dominfo) { //libxl_vcpuinfo *libxl_list_vcpu(libxl_ctx *ctx, uint32_t domid, // int *nb_vcpu, int *nr_cpus_out); //void libxl_vcpuinfo_list_free(libxl_vcpuinfo *, int nr_vcpus); + func (ctx *Context) ListVcpu(id Domid) (glist []Vcpuinfo) { var nbVcpu C.int var nrCpu C.int @@ -1128,6 +1154,7 @@ func (ct ConsoleType) String() (str string) { //int libxl_console_get_tty(libxl_ctx *ctx, uint32_t domid, int cons_num, //libxl_console_type type, char **path); + func (ctx *Context) ConsoleGetTty(id Domid, consNum int, conType ConsoleType) (path string, err error) { var cpath *C.char ret := C.libxl_console_get_tty(ctx.ctx, C.uint32_t(id), C.int(consNum), C.libxl_console_type(conType), &cpath) @@ -1143,6 +1170,7 @@ func (ctx *Context) ConsoleGetTty(id Domid, consNum int, conType ConsoleType) (p //int libxl_primary_console_get_tty(libxl_ctx *ctx, uint32_t domid_vm, // char **path); + func (ctx *Context) PrimaryConsoleGetTty(domid uint32) (path string, err error) { var cpath *C.char ret := C.libxl_primary_console_get_tty(ctx.ctx, C.uint32_t(domid), &cpath) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:55:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:55:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712255.1112787 (Exim 4.92) (envelope-from ) id 1s05Bt-0004BU-7l; Thu, 25 Apr 2024 19:55:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712255.1112787; Thu, 25 Apr 2024 19:55:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Bt-0004BN-5B; Thu, 25 Apr 2024 19:55:33 +0000 Received: by outflank-mailman (input) for mailman id 712255; Thu, 25 Apr 2024 19:55:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Bs-0004BC-Fg for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Bs-0003c4-E4 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05Bs-0002cl-Ce for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=DEgLAlUB8LUHsSSfS6kGTZ2RWOnRCQFEcu7mqkInpgs=; b=IyEqdiAiWxJ8kfs5k5f8LAv1Co oB6/xAelnzv883ecL4np6XQhbng/OrV4K1e7jVmwSra4dlI8Cpa7RMDUrYRRq/PO0jKGByd0IdW4X XZ1E26UgocxlntAm9vyRk13YsIir5G0+OYtPZu+S/uPqh9KEVWStY+RvNeKn3g1WftMo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/golang: Run `go vet` as part of the build process Message-Id: Date: Thu, 25 Apr 2024 19:55:32 +0000 commit 6c04a0bf2c5824616c0bbc44bc4f07c64a5469be Author: George Dunlap AuthorDate: Fri Apr 19 11:35:57 2024 +0100 Commit: George Dunlap CommitDate: Wed Apr 24 16:42:16 2024 +0100 tools/golang: Run `go vet` as part of the build process Signed-off-by: George Dunlap Acked-by: Nick Rosbrook --- tools/golang/xenlight/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/golang/xenlight/Makefile b/tools/golang/xenlight/Makefile index c5bb6b94a8..645e7b3a82 100644 --- a/tools/golang/xenlight/Makefile +++ b/tools/golang/xenlight/Makefile @@ -29,6 +29,7 @@ $(subst .gen.,.%.,$(GOXL_GEN_FILES)): gengotypes.py $(LIBXL_SRC_DIR)/libxl_types # so that it can find the actual library. .PHONY: build build: xenlight.go $(GOXL_GEN_FILES) + CGO_CFLAGS="$(CFLAGS_libxenlight) $(CFLAGS_libxentoollog) $(APPEND_CFLAGS)" CGO_LDFLAGS="$(call xenlibs-ldflags,light toollog) $(APPEND_LDFLAGS)" $(GO) vet CGO_CFLAGS="$(CFLAGS_libxenlight) $(CFLAGS_libxentoollog) $(APPEND_CFLAGS)" CGO_LDFLAGS="$(call xenlibs-ldflags,light toollog) $(APPEND_LDFLAGS)" $(GO) build -x .PHONY: install -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:55:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:55:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712256.1112791 (Exim 4.92) (envelope-from ) id 1s05C3-0004EY-9D; Thu, 25 Apr 2024 19:55:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712256.1112791; Thu, 25 Apr 2024 19:55:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05C3-0004EK-6g; Thu, 25 Apr 2024 19:55:43 +0000 Received: by outflank-mailman (input) for mailman id 712256; Thu, 25 Apr 2024 19:55:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05C2-0004E6-I3 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05C2-0003cW-HB for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05C2-0002dD-GE for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Eadp0T29OSCzA9qfT5CmD6qwtUEMuBwRZrfqM+O727A=; b=WXeDHokj1iQ0c9QWNhFYjT186N zS3DGg3ZX/SzyUEcvKMgiCuv8iOPbKBpB6jT6+dqNBReWvApSaFD8kaaL2UGQeyDtKiJh7LL7n1k0 /gJfIrXIDIWJq94mOIRhnPKthsgo6TMYp4p74YMPz3SwmxLqpt3QL8mDpNfLQRt/9jRE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: remove stale addr_cells/size_cells in assign_shared_memory Message-Id: Date: Thu, 25 Apr 2024 19:55:42 +0000 commit ab327c8e8bcf6708a6d16b3f780c912f573c5f4f Author: Penny Zheng AuthorDate: Thu Apr 18 08:36:41 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: remove stale addr_cells/size_cells in assign_shared_memory Function parameters {addr_cells,size_cells} are stale parameters in assign_shared_memory, so we shall remove them. Signed-off-by: Penny Zheng Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/static-shmem.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index 9097bc8b15..cb268cd2ed 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -90,7 +90,6 @@ static mfn_t __init acquire_shared_memory_bank(struct domain *d, } static int __init assign_shared_memory(struct domain *d, - uint32_t addr_cells, uint32_t size_cells, paddr_t pbase, paddr_t psize, paddr_t gbase) { @@ -252,7 +251,6 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, * specified, so they should be assigned to dom_io. */ ret = assign_shared_memory(owner_dom_io ? dom_io : d, - addr_cells, size_cells, pbase, psize, gbase); if ( ret ) return ret; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:55:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:55:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712257.1112795 (Exim 4.92) (envelope-from ) id 1s05CD-0004Hs-Ad; Thu, 25 Apr 2024 19:55:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712257.1112795; Thu, 25 Apr 2024 19:55:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05CD-0004Hl-86; Thu, 25 Apr 2024 19:55:53 +0000 Received: by outflank-mailman (input) for mailman id 712257; Thu, 25 Apr 2024 19:55:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05CC-0004He-L1 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05CC-0003dw-KG for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05CC-0002dg-JN for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:55:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=1AAPwfgqDrnlcAwjjEfethwYO6QqLrtQryNtyj4HuRw=; b=GWSwEWmya4UbxI4cKc/KGuumo/ ljxFejREVq6utUujtZv6SVm6MxsBjZWlX4V8wsR8iW+0740CGuYoJyfCdBG2TBQJt7wJpFo9Nrsmv LELO8kZ42wPiRgTIRuYLDZ+p8Kj65Zt/uvUGbq+WsEZc37bEr7hlB3DB8adWVvlTVT4k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: avoid repetitive checking in process_shm_node Message-Id: Date: Thu, 25 Apr 2024 19:55:52 +0000 commit 6d14a742f823d34e0c59cae77f96ff24e34e98b3 Author: Penny Zheng AuthorDate: Thu Apr 18 08:36:42 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: avoid repetitive checking in process_shm_node Putting overlap and overflow checking in the loop is causing repetitive operation, so this commit extracts both checking outside the loop. Signed-off-by: Penny Zheng Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/static-shmem.c | 39 ++++++++++++++++----------------------- 1 file changed, 16 insertions(+), 23 deletions(-) diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index cb268cd2ed..40a0e860c7 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -349,7 +349,7 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, { const struct fdt_property *prop, *prop_id, *prop_role; const __be32 *cell; - paddr_t paddr, gaddr, size; + paddr_t paddr, gaddr, size, end; struct meminfo *mem = &bootinfo.reserved_mem; unsigned int i; int len; @@ -422,6 +422,13 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, return -EINVAL; } + end = paddr + size; + if ( end <= paddr ) + { + printk("fdt: static shared memory region %s overflow\n", shm_id); + return -EINVAL; + } + for ( i = 0; i < mem->nr_banks; i++ ) { /* @@ -441,30 +448,13 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, return -EINVAL; } } + else if ( strncmp(shm_id, mem->bank[i].shm_id, MAX_SHM_ID_LENGTH) != 0 ) + continue; else { - paddr_t end = paddr + size; - paddr_t bank_end = mem->bank[i].start + mem->bank[i].size; - - if ( (end <= paddr) || (bank_end <= mem->bank[i].start) ) - { - printk("fdt: static shared memory region %s overflow\n", shm_id); - return -EINVAL; - } - - if ( check_reserved_regions_overlap(paddr, size) ) - return -EINVAL; - else - { - if ( strcmp(shm_id, mem->bank[i].shm_id) != 0 ) - continue; - else - { - printk("fdt: different shared memory region could not share the same shm ID %s\n", - shm_id); - return -EINVAL; - } - } + printk("fdt: different shared memory region could not share the same shm ID %s\n", + shm_id); + return -EINVAL; } } @@ -472,6 +462,9 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, { if ( i < NR_MEM_BANKS ) { + if ( check_reserved_regions_overlap(paddr, size) ) + return -EINVAL; + /* Static shared memory shall be reserved from any other use. */ safe_strcpy(mem->bank[mem->nr_banks].shm_id, shm_id); mem->bank[mem->nr_banks].start = paddr; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:56:03 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:56:03 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712258.1112799 (Exim 4.92) (envelope-from ) id 1s05CN-0004KW-CM; Thu, 25 Apr 2024 19:56:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712258.1112799; Thu, 25 Apr 2024 19:56:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05CN-0004KP-9h; Thu, 25 Apr 2024 19:56:03 +0000 Received: by outflank-mailman (input) for mailman id 712258; Thu, 25 Apr 2024 19:56:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05CM-0004KH-OG for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05CM-0003eG-NU for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05CM-0002em-MW for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KDBOTePoFWlD74WjxMQQ5HnJRPxew8A/IYhP1qyhh0o=; b=w04WWuxNB+uCbe/h4BZjSHfIl/ QcID5U8VZU05MRYUnBEBXkOoulQOukJq7/Gq2XCA+zsEy7nJtuQqFRuruuhpXPp0uarW26KCpmJru mP5SFtJSyAyFowlrTc05JDSHjGHF3ryWIH4ressy8xYqm9GY9JHqyhDtULfMvZ8ijlfs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Pass struct kernel_info parameter to make_{resv,shm}_memory_node Message-Id: Date: Thu, 25 Apr 2024 19:56:02 +0000 commit 8d5ff144773dd326ce526173655a919d471a8cfc Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:43 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Pass struct kernel_info parameter to make_{resv,shm}_memory_node The struct domain parameter is not used in make_resv_memory_node and in its called function make_shm_memory_node, so drop it from both functions, also, take the occasion to pass directly struct kernel_info, from which we can infer other parameters passed to the functions and drop them as well. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/dom0less-build.c | 3 +-- xen/arch/arm/domain_build.c | 3 +-- xen/arch/arm/include/asm/static-shmem.h | 9 ++++----- xen/arch/arm/static-shmem.c | 16 +++++++++------- 4 files changed, 15 insertions(+), 16 deletions(-) diff --git a/xen/arch/arm/dom0less-build.c b/xen/arch/arm/dom0less-build.c index fb63ec6fd1..0edc5357ca 100644 --- a/xen/arch/arm/dom0less-build.c +++ b/xen/arch/arm/dom0less-build.c @@ -645,8 +645,7 @@ static int __init prepare_dtb_domU(struct domain *d, struct kernel_info *kinfo) if ( ret ) goto err; - ret = make_resv_memory_node(d, kinfo->fdt, addrcells, sizecells, - &kinfo->shm_mem); + ret = make_resv_memory_node(kinfo, addrcells, sizecells); if ( ret ) goto err; diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 54232ed4cb..11d4e7d0b1 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -1769,8 +1769,7 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, return res; } - res = make_resv_memory_node(d, kinfo->fdt, addrcells, sizecells, - &kinfo->shm_mem); + res = make_resv_memory_node(kinfo, addrcells, sizecells); if ( res ) return res; } diff --git a/xen/arch/arm/include/asm/static-shmem.h b/xen/arch/arm/include/asm/static-shmem.h index 1536ff18b8..680594b684 100644 --- a/xen/arch/arm/include/asm/static-shmem.h +++ b/xen/arch/arm/include/asm/static-shmem.h @@ -7,8 +7,8 @@ #ifdef CONFIG_STATIC_SHM -int make_resv_memory_node(const struct domain *d, void *fdt, int addrcells, - int sizecells, const struct meminfo *mem); +int make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, + int sizecells); int process_shm(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node); @@ -26,9 +26,8 @@ int process_shm_node(const void *fdt, int node, uint32_t address_cells, #else /* !CONFIG_STATIC_SHM */ -static inline int make_resv_memory_node(const struct domain *d, void *fdt, - int addrcells, int sizecells, - const struct meminfo *mem) +static inline int make_resv_memory_node(const struct kernel_info *kinfo, + int addrcells, int sizecells) { return 0; } diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index 40a0e860c7..349b856676 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -277,10 +277,11 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, return 0; } -static int __init make_shm_memory_node(const struct domain *d, void *fdt, - int addrcells, int sizecells, - const struct meminfo *mem) +static int __init make_shm_memory_node(const struct kernel_info *kinfo, + int addrcells, int sizecells) { + const struct meminfo *mem = &kinfo->shm_mem; + void *fdt = kinfo->fdt; unsigned int i = 0; int res = 0; @@ -488,10 +489,11 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, return 0; } -int __init make_resv_memory_node(const struct domain *d, void *fdt, - int addrcells, int sizecells, - const struct meminfo *mem) +int __init make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, + int sizecells) { + const struct meminfo *mem = &kinfo->shm_mem; + void *fdt = kinfo->fdt; int res = 0; /* Placeholder for reserved-memory\0 */ const char resvbuf[16] = "reserved-memory"; @@ -518,7 +520,7 @@ int __init make_resv_memory_node(const struct domain *d, void *fdt, if ( res ) return res; - res = make_shm_memory_node(d, fdt, addrcells, sizecells, mem); + res = make_shm_memory_node(kinfo, addrcells, sizecells); if ( res ) return res; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:56:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:56:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712259.1112803 (Exim 4.92) (envelope-from ) id 1s05CX-0004O9-Fa; Thu, 25 Apr 2024 19:56:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712259.1112803; Thu, 25 Apr 2024 19:56:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05CX-0004O2-Cc; Thu, 25 Apr 2024 19:56:13 +0000 Received: by outflank-mailman (input) for mailman id 712259; Thu, 25 Apr 2024 19:56:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05CW-0004Ns-Rz for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05CW-0003ef-R7 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05CW-0002fI-QE for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0AU4GfpFiaBdvKrA49wQuWAj7xwNGpx1x7M4vx+U4pE=; b=j65d+SR6P1Gl+em6D5EXDurnQs QzHiI5qIoxCYRO2IzWazbb+8dSnA25GupLnWekNjAJNZYGE9MO9q0nIN8xsLH/TQ3GaWqBv6D/5Gk yVhsPJGr4vJ/1w4ayIXmLxeJossMvl5v+zSZlkP3CxlaNaMbWnkvC5uzaVsK0Lu+l9z8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Introduce a generic way to access memory bank structures Message-Id: Date: Thu, 25 Apr 2024 19:56:12 +0000 commit 2209c1e35b479dff8ed3d3161001ffdefa0a704e Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:44 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Introduce a generic way to access memory bank structures Currently the 'struct meminfo' is defining a static defined array of 'struct membank' of NR_MEM_BANKS elements, some features like shared memory don't require such amount of memory allocation but might want to reuse existing code to manipulate this kind of structure that is just as 'struct meminfo' but less bulky. For this reason introduce a generic way to access this kind of structure using a new structure 'struct membanks', which implements all the fields needed by a structure related to memory banks without the need to specify at build time the size of the 'struct membank' array, using a flexible array member. Modify 'struct meminfo' to implement the field related to the new introduced structure, given the change all usage of this structure are updated in this way: - code accessing bootinfo.{mem,reserved_mem,acpi} field now uses 3 new introduced static inline helpers to access the new field of 'struct meminfo' named 'common'. - code accessing 'struct kernel_info *' member 'mem' now use the new introduced macro 'kernel_info_get_mem(...)' to access the new field of 'struct meminfo' named 'common'. - introduced KERNEL_INFO_INIT and BOOTINFO_INIT that from now on will be used to initialize 'struct kernel_info' and 'struct bootinfo' respectively, in order to initialize their 'struct meminfo' .common.max_banks members. Constify pointers where needed. Suggested-by: Julien Grall Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/acpi/domain_build.c | 6 +- xen/arch/arm/arm32/mmu/mm.c | 44 +++++++------- xen/arch/arm/arm64/mmu/mm.c | 2 +- xen/arch/arm/bootfdt.c | 39 ++++++++---- xen/arch/arm/dom0less-build.c | 16 ++--- xen/arch/arm/domain_build.c | 103 +++++++++++++++++--------------- xen/arch/arm/efi/efi-boot.h | 8 +-- xen/arch/arm/efi/efi-dom0.c | 13 ++-- xen/arch/arm/include/asm/domain_build.h | 2 +- xen/arch/arm/include/asm/kernel.h | 8 +++ xen/arch/arm/include/asm/setup.h | 40 ++++++++++++- xen/arch/arm/kernel.c | 12 ++-- xen/arch/arm/setup.c | 58 ++++++++++-------- xen/arch/arm/static-memory.c | 27 +++++---- xen/arch/arm/static-shmem.c | 34 ++++++----- 15 files changed, 249 insertions(+), 163 deletions(-) diff --git a/xen/arch/arm/acpi/domain_build.c b/xen/arch/arm/acpi/domain_build.c index b58389ce9e..ed895dd8f9 100644 --- a/xen/arch/arm/acpi/domain_build.c +++ b/xen/arch/arm/acpi/domain_build.c @@ -444,14 +444,14 @@ static int __init acpi_create_fadt(struct domain *d, struct membank tbl_add[]) } static int __init estimate_acpi_efi_size(struct domain *d, - struct kernel_info *kinfo) + const struct kernel_info *kinfo) { size_t efi_size, acpi_size, madt_size; u64 addr; struct acpi_table_rsdp *rsdp_tbl; struct acpi_table_header *table; - efi_size = estimate_efi_size(kinfo->mem.nr_banks); + efi_size = estimate_efi_size(kernel_info_get_mem(kinfo)->nr_banks); acpi_size = ROUNDUP(sizeof(struct acpi_table_fadt), 8); acpi_size += ROUNDUP(sizeof(struct acpi_table_stao), 8); @@ -546,7 +546,7 @@ int __init prepare_acpi(struct domain *d, struct kernel_info *kinfo) acpi_map_other_tables(d); acpi_create_efi_system_table(d, tbl_add); - acpi_create_efi_mmap_table(d, &kinfo->mem, tbl_add); + acpi_create_efi_mmap_table(d, kernel_info_get_mem(kinfo), tbl_add); /* Map the EFI and ACPI tables to Dom0 */ rc = map_regions_p2mt(d, diff --git a/xen/arch/arm/arm32/mmu/mm.c b/xen/arch/arm/arm32/mmu/mm.c index 0ab6ae52a6..84c89da909 100644 --- a/xen/arch/arm/arm32/mmu/mm.c +++ b/xen/arch/arm/arm32/mmu/mm.c @@ -42,6 +42,7 @@ static paddr_t __init consider_modules(paddr_t s, paddr_t e, uint32_t size, paddr_t align, int first_mod) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); const struct bootmodules *mi = &bootinfo.modules; int i; int nr; @@ -100,15 +101,14 @@ static paddr_t __init consider_modules(paddr_t s, paddr_t e, * possible kinds of bootmodules. * * When retrieving the corresponding reserved-memory addresses, we - * need to index the bootinfo.reserved_mem bank starting from 0, and - * only counting the reserved-memory modules. Hence, we need to use - * i - nr. + * need to index the reserved_mem bank starting from 0, and only counting + * the reserved-memory modules. Hence, we need to use i - nr. */ nr += mi->nr_mods; - for ( ; i - nr < bootinfo.reserved_mem.nr_banks; i++ ) + for ( ; i - nr < reserved_mem->nr_banks; i++ ) { - paddr_t r_s = bootinfo.reserved_mem.bank[i - nr].start; - paddr_t r_e = r_s + bootinfo.reserved_mem.bank[i - nr].size; + paddr_t r_s = reserved_mem->bank[i - nr].start; + paddr_t r_e = r_s + reserved_mem->bank[i - nr].size; if ( s < r_e && r_s < e ) { @@ -129,17 +129,18 @@ static paddr_t __init consider_modules(paddr_t s, paddr_t e, */ static paddr_t __init fit_xenheap_in_static_heap(uint32_t size, paddr_t align) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); unsigned int i; paddr_t end = 0, aligned_start, aligned_end; paddr_t bank_start, bank_size, bank_end; - for ( i = 0 ; i < bootinfo.reserved_mem.nr_banks; i++ ) + for ( i = 0 ; i < reserved_mem->nr_banks; i++ ) { - if ( bootinfo.reserved_mem.bank[i].type != MEMBANK_STATIC_HEAP ) + if ( reserved_mem->bank[i].type != MEMBANK_STATIC_HEAP ) continue; - bank_start = bootinfo.reserved_mem.bank[i].start; - bank_size = bootinfo.reserved_mem.bank[i].size; + bank_start = reserved_mem->bank[i].start; + bank_size = reserved_mem->bank[i].size; bank_end = bank_start + bank_size; if ( bank_size < size ) @@ -162,13 +163,14 @@ static paddr_t __init fit_xenheap_in_static_heap(uint32_t size, paddr_t align) void __init setup_mm(void) { + const struct membanks *mem = bootinfo_get_mem(); paddr_t ram_start, ram_end, ram_size, e, bank_start, bank_end, bank_size; paddr_t static_heap_end = 0, static_heap_size = 0; unsigned long heap_pages, xenheap_pages, domheap_pages; unsigned int i; const uint32_t ctr = READ_CP32(CTR); - if ( !bootinfo.mem.nr_banks ) + if ( !mem->nr_banks ) panic("No memory bank\n"); /* We only supports instruction caches implementing the IVIPT extension. */ @@ -177,14 +179,14 @@ void __init setup_mm(void) init_pdx(); - ram_start = bootinfo.mem.bank[0].start; - ram_size = bootinfo.mem.bank[0].size; + ram_start = mem->bank[0].start; + ram_size = mem->bank[0].size; ram_end = ram_start + ram_size; - for ( i = 1; i < bootinfo.mem.nr_banks; i++ ) + for ( i = 1; i < mem->nr_banks; i++ ) { - bank_start = bootinfo.mem.bank[i].start; - bank_size = bootinfo.mem.bank[i].size; + bank_start = mem->bank[i].start; + bank_size = mem->bank[i].size; bank_end = bank_start + bank_size; ram_size = ram_size + bank_size; @@ -196,13 +198,15 @@ void __init setup_mm(void) if ( bootinfo.static_heap ) { - for ( i = 0 ; i < bootinfo.reserved_mem.nr_banks; i++ ) + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); + + for ( i = 0 ; i < reserved_mem->nr_banks; i++ ) { - if ( bootinfo.reserved_mem.bank[i].type != MEMBANK_STATIC_HEAP ) + if ( reserved_mem->bank[i].type != MEMBANK_STATIC_HEAP ) continue; - bank_start = bootinfo.reserved_mem.bank[i].start; - bank_size = bootinfo.reserved_mem.bank[i].size; + bank_start = reserved_mem->bank[i].start; + bank_size = reserved_mem->bank[i].size; bank_end = bank_start + bank_size; static_heap_size += bank_size; diff --git a/xen/arch/arm/arm64/mmu/mm.c b/xen/arch/arm/arm64/mmu/mm.c index d2651c9486..f8aaf4ac18 100644 --- a/xen/arch/arm/arm64/mmu/mm.c +++ b/xen/arch/arm/arm64/mmu/mm.c @@ -194,7 +194,7 @@ static void __init setup_directmap_mappings(unsigned long base_mfn, void __init setup_mm(void) { - const struct meminfo *banks = &bootinfo.mem; + const struct membanks *banks = bootinfo_get_mem(); paddr_t ram_start = INVALID_PADDR; paddr_t ram_end = 0; paddr_t ram_size = 0; diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c index 35dbdf3384..4c80962f79 100644 --- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -17,6 +17,18 @@ #include #include +static void __init __maybe_unused build_assertions(void) +{ + /* + * Check that no padding is between struct membanks "bank" flexible array + * member and struct meminfo "bank" member + */ + BUILD_BUG_ON((offsetof(struct membanks, bank) != + offsetof(struct meminfo, bank))); + /* Ensure "struct membanks" is 8-byte aligned */ + BUILD_BUG_ON(alignof(struct membanks) != 8); +} + static bool __init device_tree_node_is_available(const void *fdt, int node) { const char *status; @@ -107,14 +119,14 @@ void __init device_tree_get_reg(const __be32 **cell, uint32_t address_cells, static int __init device_tree_get_meminfo(const void *fdt, int node, const char *prop_name, u32 address_cells, u32 size_cells, - void *data, enum membank_type type) + struct membanks *mem, + enum membank_type type) { const struct fdt_property *prop; unsigned int i, banks; const __be32 *cell; u32 reg_cells = address_cells + size_cells; paddr_t start, size; - struct meminfo *mem = data; if ( !device_tree_node_is_available(fdt, node) ) return 0; @@ -133,10 +145,10 @@ static int __init device_tree_get_meminfo(const void *fdt, int node, cell = (const __be32 *)prop->data; banks = fdt32_to_cpu(prop->len) / (reg_cells * sizeof (u32)); - for ( i = 0; i < banks && mem->nr_banks < NR_MEM_BANKS; i++ ) + for ( i = 0; i < banks && mem->nr_banks < mem->max_banks; i++ ) { device_tree_get_reg(&cell, address_cells, size_cells, &start, &size); - if ( mem == &bootinfo.reserved_mem && + if ( mem == bootinfo_get_reserved_mem() && check_reserved_regions_overlap(start, size) ) return -EINVAL; /* Some DT may describe empty bank, ignore them */ @@ -231,10 +243,10 @@ int __init device_tree_for_each_node(const void *fdt, int node, static int __init process_memory_node(const void *fdt, int node, const char *name, int depth, u32 address_cells, u32 size_cells, - void *data) + struct membanks *mem) { return device_tree_get_meminfo(fdt, node, "reg", address_cells, size_cells, - data, MEMBANK_DEFAULT); + mem, MEMBANK_DEFAULT); } static int __init process_reserved_memory_node(const void *fdt, int node, @@ -259,7 +271,7 @@ static int __init process_reserved_memory(const void *fdt, int node, { return device_tree_for_each_node(fdt, node, process_reserved_memory_node, - &bootinfo.reserved_mem); + bootinfo_get_reserved_mem()); } static void __init process_multiboot_node(const void *fdt, int node, @@ -358,7 +370,7 @@ static int __init process_chosen_node(const void *fdt, int node, rc = device_tree_get_meminfo(fdt, node, "xen,static-heap", address_cells, size_cells, - &bootinfo.reserved_mem, + bootinfo_get_reserved_mem(), MEMBANK_STATIC_HEAP); if ( rc ) return rc; @@ -420,7 +432,7 @@ static int __init process_domain_node(const void *fdt, int node, return 0; return device_tree_get_meminfo(fdt, node, "xen,static-mem", address_cells, - size_cells, &bootinfo.reserved_mem, + size_cells, bootinfo_get_reserved_mem(), MEMBANK_STATIC_DOMAIN); } @@ -438,7 +450,7 @@ static int __init early_scan_node(const void *fdt, if ( !efi_enabled(EFI_BOOT) && device_tree_node_matches(fdt, node, "memory") ) rc = process_memory_node(fdt, node, name, depth, - address_cells, size_cells, &bootinfo.mem); + address_cells, size_cells, bootinfo_get_mem()); else if ( depth == 1 && !dt_node_cmp(name, "reserved-memory") ) rc = process_reserved_memory(fdt, node, name, depth, address_cells, size_cells); @@ -459,8 +471,8 @@ static int __init early_scan_node(const void *fdt, static void __init early_print_info(void) { - struct meminfo *mi = &bootinfo.mem; - struct meminfo *mem_resv = &bootinfo.reserved_mem; + const struct membanks *mi = bootinfo_get_mem(); + const struct membanks *mem_resv = bootinfo_get_reserved_mem(); struct bootmodules *mods = &bootinfo.modules; struct bootcmdlines *cmds = &bootinfo.cmdlines; unsigned int i, j; @@ -537,6 +549,7 @@ static void __init swap_memory_node(void *_a, void *_b, size_t size) */ size_t __init boot_fdt_info(const void *fdt, paddr_t paddr) { + struct membanks *mem = bootinfo_get_mem(); int ret; ret = fdt_check_header(fdt); @@ -554,7 +567,7 @@ size_t __init boot_fdt_info(const void *fdt, paddr_t paddr) * bank in memory first. There is no requirement that the DT will provide * the banks sorted in ascending order. So sort them through. */ - sort(bootinfo.mem.bank, bootinfo.mem.nr_banks, sizeof(struct membank), + sort(mem->bank, mem->nr_banks, sizeof(struct membank), cmp_memory_node, swap_memory_node); early_print_info(); diff --git a/xen/arch/arm/dom0less-build.c b/xen/arch/arm/dom0less-build.c index 0edc5357ca..51cf03221d 100644 --- a/xen/arch/arm/dom0less-build.c +++ b/xen/arch/arm/dom0less-build.c @@ -50,6 +50,7 @@ bool __init is_dom0less_mode(void) static void __init allocate_memory(struct domain *d, struct kernel_info *kinfo) { + struct membanks *mem = kernel_info_get_mem(kinfo); unsigned int i; paddr_t bank_size; @@ -57,7 +58,7 @@ static void __init allocate_memory(struct domain *d, struct kernel_info *kinfo) /* Don't want format this as PRIpaddr (16 digit hex) */ (unsigned long)(kinfo->unassigned_mem >> 20), d); - kinfo->mem.nr_banks = 0; + mem->nr_banks = 0; bank_size = MIN(GUEST_RAM0_SIZE, kinfo->unassigned_mem); if ( !allocate_bank_memory(d, kinfo, gaddr_to_gfn(GUEST_RAM0_BASE), bank_size) ) @@ -71,15 +72,15 @@ static void __init allocate_memory(struct domain *d, struct kernel_info *kinfo) if ( kinfo->unassigned_mem ) goto fail; - for( i = 0; i < kinfo->mem.nr_banks; i++ ) + for( i = 0; i < mem->nr_banks; i++ ) { printk(XENLOG_INFO "%pd BANK[%d] %#"PRIpaddr"-%#"PRIpaddr" (%ldMB)\n", d, i, - kinfo->mem.bank[i].start, - kinfo->mem.bank[i].start + kinfo->mem.bank[i].size, + mem->bank[i].start, + mem->bank[i].start + mem->bank[i].size, /* Don't want format this as PRIpaddr (16 digit hex) */ - (unsigned long)(kinfo->mem.bank[i].size >> 20)); + (unsigned long)(mem->bank[i].size >> 20)); } return; @@ -641,7 +642,8 @@ static int __init prepare_dtb_domU(struct domain *d, struct kernel_info *kinfo) if ( ret ) goto err; - ret = make_memory_node(d, kinfo->fdt, addrcells, sizecells, &kinfo->mem); + ret = make_memory_node(d, kinfo->fdt, addrcells, sizecells, + kernel_info_get_mem(kinfo)); if ( ret ) goto err; @@ -740,7 +742,7 @@ static int __init alloc_xenstore_evtchn(struct domain *d) static int __init construct_domU(struct domain *d, const struct dt_device_node *node) { - struct kernel_info kinfo = {}; + struct kernel_info kinfo = KERNEL_INFO_INIT; const char *dom0less_enhanced; int rc; u64 mem; diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 11d4e7d0b1..02e4dcafe7 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -141,6 +141,7 @@ static bool __init insert_11_bank(struct domain *d, struct page_info *pg, unsigned int order) { + struct membanks *mem = kernel_info_get_mem(kinfo); unsigned int i; int res; mfn_t smfn; @@ -157,9 +158,9 @@ static bool __init insert_11_bank(struct domain *d, (unsigned long)(kinfo->unassigned_mem >> 20), order); - if ( kinfo->mem.nr_banks > 0 && + if ( mem->nr_banks > 0 && size < MB(128) && - start + size < kinfo->mem.bank[0].start ) + start + size < mem->bank[0].start ) { D11PRINT("Allocation below bank 0 is too small, not using\n"); goto fail; @@ -171,17 +172,17 @@ static bool __init insert_11_bank(struct domain *d, kinfo->unassigned_mem -= size; - if ( kinfo->mem.nr_banks == 0 ) + if ( mem->nr_banks == 0 ) { - kinfo->mem.bank[0].start = start; - kinfo->mem.bank[0].size = size; - kinfo->mem.nr_banks = 1; + mem->bank[0].start = start; + mem->bank[0].size = size; + mem->nr_banks = 1; return true; } - for( i = 0; i < kinfo->mem.nr_banks; i++ ) + for( i = 0; i < mem->nr_banks; i++ ) { - struct membank *bank = &kinfo->mem.bank[i]; + struct membank *bank = &mem->bank[i]; /* If possible merge new memory into the start of the bank */ if ( bank->start == start+size ) @@ -204,24 +205,24 @@ static bool __init insert_11_bank(struct domain *d, * could have inserted the memory into/before we would already * have done so, so this must be the right place. */ - if ( start + size < bank->start && kinfo->mem.nr_banks < NR_MEM_BANKS ) + if ( start + size < bank->start && mem->nr_banks < mem->max_banks ) { memmove(bank + 1, bank, - sizeof(*bank) * (kinfo->mem.nr_banks - i)); - kinfo->mem.nr_banks++; + sizeof(*bank) * (mem->nr_banks - i)); + mem->nr_banks++; bank->start = start; bank->size = size; return true; } } - if ( i == kinfo->mem.nr_banks && kinfo->mem.nr_banks < NR_MEM_BANKS ) + if ( i == mem->nr_banks && mem->nr_banks < mem->max_banks ) { - struct membank *bank = &kinfo->mem.bank[kinfo->mem.nr_banks]; + struct membank *bank = &mem->bank[mem->nr_banks]; bank->start = start; bank->size = size; - kinfo->mem.nr_banks++; + mem->nr_banks++; return true; } @@ -293,6 +294,7 @@ static void __init allocate_memory_11(struct domain *d, const unsigned int min_low_order = get_order_from_bytes(min_t(paddr_t, dom0_mem, MB(128))); const unsigned int min_order = get_order_from_bytes(MB(4)); + struct membanks *mem = kernel_info_get_mem(kinfo); struct page_info *pg; unsigned int order = get_allocation_size(kinfo->unassigned_mem); unsigned int i; @@ -311,7 +313,7 @@ static void __init allocate_memory_11(struct domain *d, /* Don't want format this as PRIpaddr (16 digit hex) */ (unsigned long)(kinfo->unassigned_mem >> 20)); - kinfo->mem.nr_banks = 0; + mem->nr_banks = 0; /* * First try and allocate the largest thing we can as low as @@ -349,7 +351,7 @@ static void __init allocate_memory_11(struct domain *d, * continue allocating from above the lowmem and fill in banks. */ order = get_allocation_size(kinfo->unassigned_mem); - while ( kinfo->unassigned_mem && kinfo->mem.nr_banks < NR_MEM_BANKS ) + while ( kinfo->unassigned_mem && mem->nr_banks < mem->max_banks ) { pg = alloc_domheap_pages(d, order, lowmem ? MEMF_bits(lowmem_bitsize) : 0); @@ -373,7 +375,7 @@ static void __init allocate_memory_11(struct domain *d, if ( !insert_11_bank(d, kinfo, pg, order) ) { - if ( kinfo->mem.nr_banks == NR_MEM_BANKS ) + if ( mem->nr_banks == mem->max_banks ) /* Nothing more we can do. */ break; @@ -403,14 +405,14 @@ static void __init allocate_memory_11(struct domain *d, panic("Failed to allocate requested dom0 memory. %ldMB unallocated\n", (unsigned long)kinfo->unassigned_mem >> 20); - for( i = 0; i < kinfo->mem.nr_banks; i++ ) + for( i = 0; i < mem->nr_banks; i++ ) { printk("BANK[%d] %#"PRIpaddr"-%#"PRIpaddr" (%ldMB)\n", i, - kinfo->mem.bank[i].start, - kinfo->mem.bank[i].start + kinfo->mem.bank[i].size, + mem->bank[i].start, + mem->bank[i].start + mem->bank[i].size, /* Don't want format this as PRIpaddr (16 digit hex) */ - (unsigned long)(kinfo->mem.bank[i].size >> 20)); + (unsigned long)(mem->bank[i].size >> 20)); } } @@ -418,6 +420,7 @@ static void __init allocate_memory_11(struct domain *d, bool __init allocate_bank_memory(struct domain *d, struct kernel_info *kinfo, gfn_t sgfn, paddr_t tot_size) { + struct membanks *mem = kernel_info_get_mem(kinfo); int res; struct page_info *pg; struct membank *bank; @@ -431,7 +434,7 @@ bool __init allocate_bank_memory(struct domain *d, struct kernel_info *kinfo, if ( tot_size == 0 ) return true; - bank = &kinfo->mem.bank[kinfo->mem.nr_banks]; + bank = &mem->bank[mem->nr_banks]; bank->start = gfn_to_gaddr(sgfn); bank->size = tot_size; @@ -471,7 +474,7 @@ bool __init allocate_bank_memory(struct domain *d, struct kernel_info *kinfo, tot_size -= (1ULL << (PAGE_SHIFT + order)); } - kinfo->mem.nr_banks++; + mem->nr_banks++; kinfo->unassigned_mem -= bank->size; return true; @@ -756,7 +759,7 @@ int __init domain_fdt_begin_node(void *fdt, const char *name, uint64_t unit) int __init make_memory_node(const struct domain *d, void *fdt, int addrcells, int sizecells, - struct meminfo *mem) + const struct membanks *mem) { unsigned int i; int res, reg_size = addrcells + sizecells; @@ -816,12 +819,12 @@ int __init make_memory_node(const struct domain *d, static int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, void *data) { - struct meminfo *ext_regions = data; + struct membanks *ext_regions = data; paddr_t start, size; paddr_t s = pfn_to_paddr(s_gfn); paddr_t e = pfn_to_paddr(e_gfn); - if ( ext_regions->nr_banks >= ARRAY_SIZE(ext_regions->bank) ) + if ( ext_regions->nr_banks >= ext_regions->max_banks ) return 0; /* @@ -863,9 +866,11 @@ static int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, * - grant table space */ static int __init find_unallocated_memory(const struct kernel_info *kinfo, - struct meminfo *ext_regions) + struct membanks *ext_regions) { - const struct meminfo *assign_mem = &kinfo->mem; + const struct membanks *kinfo_mem = kernel_info_get_mem(kinfo); + const struct membanks *mem = bootinfo_get_mem(); + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); struct rangeset *unalloc_mem; paddr_t start, end; unsigned int i; @@ -878,10 +883,10 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, return -ENOMEM; /* Start with all available RAM */ - for ( i = 0; i < bootinfo.mem.nr_banks; i++ ) + for ( i = 0; i < mem->nr_banks; i++ ) { - start = bootinfo.mem.bank[i].start; - end = bootinfo.mem.bank[i].start + bootinfo.mem.bank[i].size; + start = mem->bank[i].start; + end = mem->bank[i].start + mem->bank[i].size; res = rangeset_add_range(unalloc_mem, PFN_DOWN(start), PFN_DOWN(end - 1)); if ( res ) @@ -893,10 +898,10 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, } /* Remove RAM assigned to Dom0 */ - for ( i = 0; i < assign_mem->nr_banks; i++ ) + for ( i = 0; i < kinfo_mem->nr_banks; i++ ) { - start = assign_mem->bank[i].start; - end = assign_mem->bank[i].start + assign_mem->bank[i].size; + start = kinfo_mem->bank[i].start; + end = kinfo_mem->bank[i].start + kinfo_mem->bank[i].size; res = rangeset_remove_range(unalloc_mem, PFN_DOWN(start), PFN_DOWN(end - 1)); if ( res ) @@ -908,11 +913,10 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, } /* Remove reserved-memory regions */ - for ( i = 0; i < bootinfo.reserved_mem.nr_banks; i++ ) + for ( i = 0; i < reserved_mem->nr_banks; i++ ) { - start = bootinfo.reserved_mem.bank[i].start; - end = bootinfo.reserved_mem.bank[i].start + - bootinfo.reserved_mem.bank[i].size; + start = reserved_mem->bank[i].start; + end = reserved_mem->bank[i].start + reserved_mem->bank[i].size; res = rangeset_remove_range(unalloc_mem, PFN_DOWN(start), PFN_DOWN(end - 1)); if ( res ) @@ -990,7 +994,7 @@ static int __init handle_pci_range(const struct dt_device_node *dev, * - PCI aperture */ static int __init find_memory_holes(const struct kernel_info *kinfo, - struct meminfo *ext_regions) + struct membanks *ext_regions) { struct dt_device_node *np; struct rangeset *mem_holes; @@ -1080,19 +1084,20 @@ out: } static int __init find_domU_holes(const struct kernel_info *kinfo, - struct meminfo *ext_regions) + struct membanks *ext_regions) { unsigned int i; uint64_t bankend; const uint64_t bankbase[] = GUEST_RAM_BANK_BASES; const uint64_t banksize[] = GUEST_RAM_BANK_SIZES; + const struct membanks *kinfo_mem = kernel_info_get_mem(kinfo); int res = -ENOENT; for ( i = 0; i < GUEST_RAM_BANKS; i++ ) { struct membank *ext_bank = &(ext_regions->bank[ext_regions->nr_banks]); - ext_bank->start = ROUNDUP(bankbase[i] + kinfo->mem.bank[i].size, SZ_2M); + ext_bank->start = ROUNDUP(bankbase[i] + kinfo_mem->bank[i].size, SZ_2M); bankend = ~0ULL >> (64 - p2m_ipa_bits); bankend = min(bankend, bankbase[i] + banksize[i] - 1); @@ -1120,7 +1125,7 @@ int __init make_hypervisor_node(struct domain *d, gic_interrupt_t intr; int res; void *fdt = kinfo->fdt; - struct meminfo *ext_regions = NULL; + struct membanks *ext_regions = NULL; unsigned int i, nr_ext_regions; dt_dprintk("Create hypervisor node\n"); @@ -1156,10 +1161,12 @@ int __init make_hypervisor_node(struct domain *d, } else { - ext_regions = xzalloc(struct meminfo); + ext_regions = xzalloc_flex_struct(struct membanks, bank, NR_MEM_BANKS); if ( !ext_regions ) return -ENOMEM; + ext_regions->max_banks = NR_MEM_BANKS; + if ( is_domain_direct_mapped(d) ) { if ( !is_iommu_enabled(d) ) @@ -1728,6 +1735,7 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, if ( node == dt_host ) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); int addrcells = dt_child_n_addr_cells(node); int sizecells = dt_child_n_size_cells(node); @@ -1753,7 +1761,8 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, if ( res ) return res; - res = make_memory_node(d, kinfo->fdt, addrcells, sizecells, &kinfo->mem); + res = make_memory_node(d, kinfo->fdt, addrcells, sizecells, + kernel_info_get_mem(kinfo)); if ( res ) return res; @@ -1761,10 +1770,10 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, * Create a second memory node to store the ranges covering * reserved-memory regions. */ - if ( bootinfo.reserved_mem.nr_banks > 0 ) + if ( reserved_mem->nr_banks > 0 ) { res = make_memory_node(d, kinfo->fdt, addrcells, sizecells, - &bootinfo.reserved_mem); + reserved_mem); if ( res ) return res; } @@ -2038,7 +2047,7 @@ int __init construct_domain(struct domain *d, struct kernel_info *kinfo) static int __init construct_dom0(struct domain *d) { - struct kernel_info kinfo = {}; + struct kernel_info kinfo = KERNEL_INFO_INIT; int rc; /* Sanity! */ diff --git a/xen/arch/arm/efi/efi-boot.h b/xen/arch/arm/efi/efi-boot.h index 0cb29f90a0..199f526022 100644 --- a/xen/arch/arm/efi/efi-boot.h +++ b/xen/arch/arm/efi/efi-boot.h @@ -157,14 +157,14 @@ static void __init *lookup_fdt_config_table(EFI_SYSTEM_TABLE *sys_table) return fdt; } -static bool __init meminfo_add_bank(struct meminfo *mem, +static bool __init meminfo_add_bank(struct membanks *mem, EFI_MEMORY_DESCRIPTOR *desc) { struct membank *bank; paddr_t start = desc->PhysicalStart; paddr_t size = desc->NumberOfPages * EFI_PAGE_SIZE; - if ( mem->nr_banks >= NR_MEM_BANKS ) + if ( mem->nr_banks >= mem->max_banks ) return false; #ifdef CONFIG_ACPI if ( check_reserved_regions_overlap(start, size) ) @@ -198,7 +198,7 @@ static EFI_STATUS __init efi_process_memory_map_bootinfo(EFI_MEMORY_DESCRIPTOR * (desc_ptr->Type == EfiBootServicesCode || desc_ptr->Type == EfiBootServicesData))) ) { - if ( !meminfo_add_bank(&bootinfo.mem, desc_ptr) ) + if ( !meminfo_add_bank(bootinfo_get_mem(), desc_ptr) ) { PrintStr(L"Warning: All " __stringify(NR_MEM_BANKS) " bootinfo mem banks exhausted.\r\n"); @@ -208,7 +208,7 @@ static EFI_STATUS __init efi_process_memory_map_bootinfo(EFI_MEMORY_DESCRIPTOR * #ifdef CONFIG_ACPI else if ( desc_ptr->Type == EfiACPIReclaimMemory ) { - if ( !meminfo_add_bank(&bootinfo.acpi, desc_ptr) ) + if ( !meminfo_add_bank(bootinfo_get_acpi(), desc_ptr) ) { PrintStr(L"Error: All " __stringify(NR_MEM_BANKS) " acpi meminfo mem banks exhausted.\r\n"); diff --git a/xen/arch/arm/efi/efi-dom0.c b/xen/arch/arm/efi/efi-dom0.c index aae0f97911..baee8ab716 100644 --- a/xen/arch/arm/efi/efi-dom0.c +++ b/xen/arch/arm/efi/efi-dom0.c @@ -44,7 +44,7 @@ size_t __init estimate_efi_size(unsigned int mem_nr_banks) unsigned int acpi_mem_nr_banks = 0; if ( !acpi_disabled ) - acpi_mem_nr_banks = bootinfo.acpi.nr_banks; + acpi_mem_nr_banks = bootinfo_get_acpi()->nr_banks; size = ROUNDUP(est_size + ect_size + fw_vendor_size, 8); /* plus 1 for new created tables */ @@ -107,9 +107,10 @@ static void __init fill_efi_memory_descriptor(EFI_MEMORY_DESCRIPTOR *desc, } void __init acpi_create_efi_mmap_table(struct domain *d, - const struct meminfo *mem, + const struct membanks *mem, struct membank tbl_add[]) { + const struct membanks *acpi = bootinfo_get_acpi(); EFI_MEMORY_DESCRIPTOR *desc; unsigned int i; u8 *base_ptr; @@ -122,10 +123,10 @@ void __init acpi_create_efi_mmap_table(struct domain *d, fill_efi_memory_descriptor(desc, EfiConventionalMemory, mem->bank[i].start, mem->bank[i].size); - for ( i = 0; i < bootinfo.acpi.nr_banks; i++, desc++ ) + for ( i = 0; i < acpi->nr_banks; i++, desc++ ) fill_efi_memory_descriptor(desc, EfiACPIReclaimMemory, - bootinfo.acpi.bank[i].start, - bootinfo.acpi.bank[i].size); + acpi->bank[i].start, + acpi->bank[i].size); fill_efi_memory_descriptor(desc, EfiACPIReclaimMemory, d->arch.efi_acpi_gpa, d->arch.efi_acpi_len); @@ -133,7 +134,7 @@ void __init acpi_create_efi_mmap_table(struct domain *d, tbl_add[TBL_MMAP].start = d->arch.efi_acpi_gpa + acpi_get_table_offset(tbl_add, TBL_MMAP); tbl_add[TBL_MMAP].size = sizeof(EFI_MEMORY_DESCRIPTOR) - * (mem->nr_banks + bootinfo.acpi.nr_banks + 1); + * (mem->nr_banks + acpi->nr_banks + 1); } /* Create /hypervisor/uefi node for efi properties. */ diff --git a/xen/arch/arm/include/asm/domain_build.h b/xen/arch/arm/include/asm/domain_build.h index da9e6025f3..a6f276cc42 100644 --- a/xen/arch/arm/include/asm/domain_build.h +++ b/xen/arch/arm/include/asm/domain_build.h @@ -15,7 +15,7 @@ int make_cpus_node(const struct domain *d, void *fdt); int make_hypervisor_node(struct domain *d, const struct kernel_info *kinfo, int addrcells, int sizecells); int make_memory_node(const struct domain *d, void *fdt, int addrcells, - int sizecells, struct meminfo *mem); + int sizecells, const struct membanks *mem); int make_psci_node(void *fdt); int make_timer_node(const struct kernel_info *kinfo); void evtchn_allocate(struct domain *d); diff --git a/xen/arch/arm/include/asm/kernel.h b/xen/arch/arm/include/asm/kernel.h index 0a23e86c2d..d46f29ee6c 100644 --- a/xen/arch/arm/include/asm/kernel.h +++ b/xen/arch/arm/include/asm/kernel.h @@ -78,6 +78,14 @@ struct kernel_info { }; }; +#define kernel_info_get_mem(kinfo) (&(kinfo)->mem.common) + +#define KERNEL_INFO_INIT \ +{ \ + .mem.common.max_banks = NR_MEM_BANKS, \ + .shm_mem.common.max_banks = NR_MEM_BANKS, \ +} + /* * Probe the kernel to detemine its type and select a loader. * diff --git a/xen/arch/arm/include/asm/setup.h b/xen/arch/arm/include/asm/setup.h index d15a88d2e0..696f55db86 100644 --- a/xen/arch/arm/include/asm/setup.h +++ b/xen/arch/arm/include/asm/setup.h @@ -56,8 +56,14 @@ struct membank { #endif }; -struct meminfo { +struct membanks { unsigned int nr_banks; + unsigned int max_banks; + struct membank bank[]; +}; + +struct meminfo { + struct membanks common; struct membank bank[NR_MEM_BANKS]; }; @@ -107,6 +113,19 @@ struct bootinfo { bool static_heap; }; +#ifdef CONFIG_ACPI +#define BOOTINFO_ACPI_INIT .acpi.common.max_banks = NR_MEM_BANKS, +#else +#define BOOTINFO_ACPI_INIT +#endif + +#define BOOTINFO_INIT \ +{ \ + .mem.common.max_banks = NR_MEM_BANKS, \ + .reserved_mem.common.max_banks = NR_MEM_BANKS, \ + BOOTINFO_ACPI_INIT \ +} + struct map_range_data { struct domain *d; @@ -122,6 +141,23 @@ extern struct bootinfo bootinfo; extern domid_t max_init_domid; +static inline struct membanks *bootinfo_get_mem(void) +{ + return &bootinfo.mem.common; +} + +static inline struct membanks *bootinfo_get_reserved_mem(void) +{ + return &bootinfo.reserved_mem.common; +} + +#ifdef CONFIG_ACPI +static inline struct membanks *bootinfo_get_acpi(void) +{ + return &bootinfo.acpi.common; +} +#endif + void copy_from_paddr(void *dst, paddr_t paddr, unsigned long len); size_t estimate_efi_size(unsigned int mem_nr_banks); @@ -130,7 +166,7 @@ void acpi_create_efi_system_table(struct domain *d, struct membank tbl_add[]); void acpi_create_efi_mmap_table(struct domain *d, - const struct meminfo *mem, + const struct membanks *mem, struct membank tbl_add[]); int acpi_make_efi_nodes(void *fdt, struct membank tbl_add[]); diff --git a/xen/arch/arm/kernel.c b/xen/arch/arm/kernel.c index bc3e5bd6f9..674388fa11 100644 --- a/xen/arch/arm/kernel.c +++ b/xen/arch/arm/kernel.c @@ -45,13 +45,14 @@ static void __init place_modules(struct kernel_info *info, { /* Align DTB and initrd size to 2Mb. Linux only requires 4 byte alignment */ const struct bootmodule *mod = info->initrd_bootmodule; + const struct membanks *mem = kernel_info_get_mem(info); const paddr_t initrd_len = ROUNDUP(mod ? mod->size : 0, MB(2)); const paddr_t dtb_len = ROUNDUP(fdt_totalsize(info->fdt), MB(2)); const paddr_t modsize = initrd_len + dtb_len; /* Convenient */ - const paddr_t rambase = info->mem.bank[0].start; - const paddr_t ramsize = info->mem.bank[0].size; + const paddr_t rambase = mem->bank[0].start; + const paddr_t ramsize = mem->bank[0].size; const paddr_t ramend = rambase + ramsize; const paddr_t kernsize = ROUNDUP(kernend, MB(2)) - kernbase; const paddr_t ram128mb = rambase + MB(128); @@ -96,11 +97,12 @@ static void __init place_modules(struct kernel_info *info, static paddr_t __init kernel_zimage_place(struct kernel_info *info) { + const struct membanks *mem = kernel_info_get_mem(info); paddr_t load_addr; #ifdef CONFIG_ARM_64 if ( (info->type == DOMAIN_64BIT) && (info->zimage.start == 0) ) - return info->mem.bank[0].start + info->zimage.text_offset; + return mem->bank[0].start + info->zimage.text_offset; #endif /* @@ -113,8 +115,8 @@ static paddr_t __init kernel_zimage_place(struct kernel_info *info) { paddr_t load_end; - load_end = info->mem.bank[0].start + info->mem.bank[0].size; - load_end = MIN(info->mem.bank[0].start + MB(128), load_end); + load_end = mem->bank[0].start + mem->bank[0].size; + load_end = MIN(mem->bank[0].start + MB(128), load_end); load_addr = load_end - info->zimage.len; /* Align to 2MB */ diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index b9a7f61f73..e00dbb1351 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -48,7 +48,7 @@ #include #include -struct bootinfo __initdata bootinfo; +struct bootinfo __initdata bootinfo = BOOTINFO_INIT; /* * Sanitized version of cpuinfo containing only features available on all @@ -207,6 +207,7 @@ static void __init dt_unreserved_regions(paddr_t s, paddr_t e, void (*cb)(paddr_t ps, paddr_t pe), unsigned int first) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); unsigned int i, nr; int rc; @@ -240,14 +241,14 @@ static void __init dt_unreserved_regions(paddr_t s, paddr_t e, * kinds. * * When retrieving the corresponding reserved-memory addresses - * below, we need to index the bootinfo.reserved_mem bank starting + * below, we need to index the reserved_mem->bank starting * from 0, and only counting the reserved-memory modules. Hence, * we need to use i - nr. */ - for ( ; i - nr < bootinfo.reserved_mem.nr_banks; i++ ) + for ( ; i - nr < reserved_mem->nr_banks; i++ ) { - paddr_t r_s = bootinfo.reserved_mem.bank[i - nr].start; - paddr_t r_e = r_s + bootinfo.reserved_mem.bank[i - nr].size; + paddr_t r_s = reserved_mem->bank[i - nr].start; + paddr_t r_e = r_s + reserved_mem->bank[i - nr].size; if ( s < r_e && r_s < e ) { @@ -264,18 +265,18 @@ static void __init dt_unreserved_regions(paddr_t s, paddr_t e, * TODO: '*_end' could be 0 if the bank/region is at the end of the physical * address space. This is for now not handled as it requires more rework. */ -static bool __init meminfo_overlap_check(struct meminfo *meminfo, +static bool __init meminfo_overlap_check(const struct membanks *mem, paddr_t region_start, paddr_t region_size) { paddr_t bank_start = INVALID_PADDR, bank_end = 0; paddr_t region_end = region_start + region_size; - unsigned int i, bank_num = meminfo->nr_banks; + unsigned int i, bank_num = mem->nr_banks; for ( i = 0; i < bank_num; i++ ) { - bank_start = meminfo->bank[i].start; - bank_end = bank_start + meminfo->bank[i].size; + bank_start = mem->bank[i].start; + bank_end = bank_start + mem->bank[i].size; if ( region_end <= bank_start || region_start >= bank_end ) continue; @@ -339,8 +340,11 @@ void __init fw_unreserved_regions(paddr_t s, paddr_t e, bool __init check_reserved_regions_overlap(paddr_t region_start, paddr_t region_size) { - /* Check if input region is overlapping with bootinfo.reserved_mem banks */ - if ( meminfo_overlap_check(&bootinfo.reserved_mem, + /* + * Check if input region is overlapping with bootinfo_get_reserved_mem() + * banks + */ + if ( meminfo_overlap_check(bootinfo_get_reserved_mem(), region_start, region_size) ) return true; @@ -351,7 +355,7 @@ bool __init check_reserved_regions_overlap(paddr_t region_start, #ifdef CONFIG_ACPI /* Check if input region is overlapping with ACPI EfiACPIReclaimMemory */ - if ( meminfo_overlap_check(&bootinfo.acpi, region_start, region_size) ) + if ( meminfo_overlap_check(bootinfo_get_acpi(), region_start, region_size) ) return true; #endif @@ -580,6 +584,7 @@ static paddr_t __init next_module(paddr_t s, paddr_t *end) void __init init_pdx(void) { + const struct membanks *mem = bootinfo_get_mem(); paddr_t bank_start, bank_size, bank_end; /* @@ -592,18 +597,18 @@ void __init init_pdx(void) uint64_t mask = pdx_init_mask(0x0); int bank; - for ( bank = 0 ; bank < bootinfo.mem.nr_banks; bank++ ) + for ( bank = 0 ; bank < mem->nr_banks; bank++ ) { - bank_start = bootinfo.mem.bank[bank].start; - bank_size = bootinfo.mem.bank[bank].size; + bank_start = mem->bank[bank].start; + bank_size = mem->bank[bank].size; mask |= bank_start | pdx_region_mask(bank_start, bank_size); } - for ( bank = 0 ; bank < bootinfo.mem.nr_banks; bank++ ) + for ( bank = 0 ; bank < mem->nr_banks; bank++ ) { - bank_start = bootinfo.mem.bank[bank].start; - bank_size = bootinfo.mem.bank[bank].size; + bank_start = mem->bank[bank].start; + bank_size = mem->bank[bank].size; if (~mask & pdx_region_mask(bank_start, bank_size)) mask = 0; @@ -611,10 +616,10 @@ void __init init_pdx(void) pfn_pdx_hole_setup(mask >> PAGE_SHIFT); - for ( bank = 0 ; bank < bootinfo.mem.nr_banks; bank++ ) + for ( bank = 0 ; bank < mem->nr_banks; bank++ ) { - bank_start = bootinfo.mem.bank[bank].start; - bank_size = bootinfo.mem.bank[bank].size; + bank_start = mem->bank[bank].start; + bank_size = mem->bank[bank].size; bank_end = bank_start + bank_size; set_pdx_range(paddr_to_pfn(bank_start), @@ -636,18 +641,19 @@ void __init init_pdx(void) void __init populate_boot_allocator(void) { unsigned int i; - const struct meminfo *banks = &bootinfo.mem; + const struct membanks *banks = bootinfo_get_mem(); + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); paddr_t s, e; if ( bootinfo.static_heap ) { - for ( i = 0 ; i < bootinfo.reserved_mem.nr_banks; i++ ) + for ( i = 0 ; i < reserved_mem->nr_banks; i++ ) { - if ( bootinfo.reserved_mem.bank[i].type != MEMBANK_STATIC_HEAP ) + if ( reserved_mem->bank[i].type != MEMBANK_STATIC_HEAP ) continue; - s = bootinfo.reserved_mem.bank[i].start; - e = s + bootinfo.reserved_mem.bank[i].size; + s = reserved_mem->bank[i].start; + e = s + reserved_mem->bank[i].size; #ifdef CONFIG_ARM_32 /* Avoid the xenheap, note that the xenheap cannot across a bank */ if ( s <= mfn_to_maddr(directmap_mfn_start) && diff --git a/xen/arch/arm/static-memory.c b/xen/arch/arm/static-memory.c index cffbab7241..34bd12696a 100644 --- a/xen/arch/arm/static-memory.c +++ b/xen/arch/arm/static-memory.c @@ -85,6 +85,7 @@ static int __init parse_static_mem_prop(const struct dt_device_node *node, void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node) { + struct membanks *mem = kernel_info_get_mem(kinfo); u32 addr_cells, size_cells, reg_cells; unsigned int nr_banks, gbank, bank = 0; const uint64_t rambase[] = GUEST_RAM_BANK_BASES; @@ -106,7 +107,7 @@ void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, */ gbank = 0; gsize = ramsize[gbank]; - kinfo->mem.bank[gbank].start = rambase[gbank]; + mem->bank[gbank].start = rambase[gbank]; nr_banks = length / (reg_cells * sizeof (u32)); for ( ; bank < nr_banks; bank++ ) @@ -122,7 +123,7 @@ void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, while ( 1 ) { /* Map as much as possible the static range to the guest bank */ - if ( !append_static_memory_to_bank(d, &kinfo->mem.bank[gbank], smfn, + if ( !append_static_memory_to_bank(d, &mem->bank[gbank], smfn, min(psize, gsize)) ) goto fail; @@ -153,14 +154,14 @@ void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, /* Update to the next guest bank. */ gbank++; gsize = ramsize[gbank]; - kinfo->mem.bank[gbank].start = rambase[gbank]; + mem->bank[gbank].start = rambase[gbank]; } } tot_size += psize; } - kinfo->mem.nr_banks = ++gbank; + mem->nr_banks = ++gbank; kinfo->unassigned_mem -= tot_size; /* @@ -190,6 +191,7 @@ void __init allocate_static_memory(struct domain *d, struct kernel_info *kinfo, void __init assign_static_memory_11(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node) { + struct membanks *mem = kernel_info_get_mem(kinfo); u32 addr_cells, size_cells, reg_cells; unsigned int nr_banks, bank = 0; const __be32 *cell; @@ -206,7 +208,7 @@ void __init assign_static_memory_11(struct domain *d, struct kernel_info *kinfo, reg_cells = addr_cells + size_cells; nr_banks = length / (reg_cells * sizeof(u32)); - if ( nr_banks > NR_MEM_BANKS ) + if ( nr_banks > mem->max_banks ) { printk(XENLOG_ERR "%pd: exceed max number of supported guest memory banks.\n", d); @@ -224,15 +226,15 @@ void __init assign_static_memory_11(struct domain *d, struct kernel_info *kinfo, d, bank, pbase, pbase + psize); /* One guest memory bank is matched with one physical memory bank. */ - kinfo->mem.bank[bank].start = pbase; - if ( !append_static_memory_to_bank(d, &kinfo->mem.bank[bank], + mem->bank[bank].start = pbase; + if ( !append_static_memory_to_bank(d, &mem->bank[bank], smfn, psize) ) goto fail; kinfo->unassigned_mem -= psize; } - kinfo->mem.nr_banks = nr_banks; + mem->nr_banks = nr_banks; /* * The property 'memory' should match the amount of memory given to @@ -257,14 +259,15 @@ void __init assign_static_memory_11(struct domain *d, struct kernel_info *kinfo, /* Static memory initialization */ void __init init_staticmem_pages(void) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); unsigned int bank; - for ( bank = 0 ; bank < bootinfo.reserved_mem.nr_banks; bank++ ) + for ( bank = 0 ; bank < reserved_mem->nr_banks; bank++ ) { - if ( bootinfo.reserved_mem.bank[bank].type == MEMBANK_STATIC_DOMAIN ) + if ( reserved_mem->bank[bank].type == MEMBANK_STATIC_DOMAIN ) { - mfn_t bank_start = _mfn(PFN_UP(bootinfo.reserved_mem.bank[bank].start)); - unsigned long bank_pages = PFN_DOWN(bootinfo.reserved_mem.bank[bank].size); + mfn_t bank_start = _mfn(PFN_UP(reserved_mem->bank[bank].start)); + unsigned long bank_pages = PFN_DOWN(reserved_mem->bank[bank].size); mfn_t bank_end = mfn_add(bank_start, bank_pages); if ( mfn_x(bank_end) <= mfn_x(bank_start) ) diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index 349b856676..11f3c0da81 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -10,22 +10,23 @@ static int __init acquire_nr_borrower_domain(struct domain *d, paddr_t pbase, paddr_t psize, unsigned long *nr_borrowers) { + const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); unsigned int bank; /* Iterate reserved memory to find requested shm bank. */ - for ( bank = 0 ; bank < bootinfo.reserved_mem.nr_banks; bank++ ) + for ( bank = 0 ; bank < reserved_mem->nr_banks; bank++ ) { - paddr_t bank_start = bootinfo.reserved_mem.bank[bank].start; - paddr_t bank_size = bootinfo.reserved_mem.bank[bank].size; + paddr_t bank_start = reserved_mem->bank[bank].start; + paddr_t bank_size = reserved_mem->bank[bank].size; if ( (pbase == bank_start) && (psize == bank_size) ) break; } - if ( bank == bootinfo.reserved_mem.nr_banks ) + if ( bank == reserved_mem->nr_banks ) return -ENOENT; - *nr_borrowers = bootinfo.reserved_mem.bank[bank].nr_shm_borrowers; + *nr_borrowers = reserved_mem->bank[bank].nr_shm_borrowers; return 0; } @@ -157,17 +158,17 @@ static int __init assign_shared_memory(struct domain *d, return ret; } -static int __init append_shm_bank_to_domain(struct kernel_info *kinfo, +static int __init append_shm_bank_to_domain(struct membanks *shm_mem, paddr_t start, paddr_t size, const char *shm_id) { - if ( kinfo->shm_mem.nr_banks >= NR_MEM_BANKS ) + if ( shm_mem->nr_banks >= shm_mem->max_banks ) return -ENOMEM; - kinfo->shm_mem.bank[kinfo->shm_mem.nr_banks].start = start; - kinfo->shm_mem.bank[kinfo->shm_mem.nr_banks].size = size; - safe_strcpy(kinfo->shm_mem.bank[kinfo->shm_mem.nr_banks].shm_id, shm_id); - kinfo->shm_mem.nr_banks++; + shm_mem->bank[shm_mem->nr_banks].start = start; + shm_mem->bank[shm_mem->nr_banks].size = size; + safe_strcpy(shm_mem->bank[shm_mem->nr_banks].shm_id, shm_id); + shm_mem->nr_banks++; return 0; } @@ -269,7 +270,8 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, * Record static shared memory region info for later setting * up shm-node in guest device tree. */ - ret = append_shm_bank_to_domain(kinfo, gbase, psize, shm_id); + ret = append_shm_bank_to_domain(&kinfo->shm_mem.common, gbase, psize, + shm_id); if ( ret ) return ret; } @@ -280,7 +282,7 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, static int __init make_shm_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells) { - const struct meminfo *mem = &kinfo->shm_mem; + const struct membanks *mem = &kinfo->shm_mem.common; void *fdt = kinfo->fdt; unsigned int i = 0; int res = 0; @@ -351,7 +353,7 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, const struct fdt_property *prop, *prop_id, *prop_role; const __be32 *cell; paddr_t paddr, gaddr, size, end; - struct meminfo *mem = &bootinfo.reserved_mem; + struct membanks *mem = bootinfo_get_reserved_mem(); unsigned int i; int len; bool owner = false; @@ -461,7 +463,7 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, if ( i == mem->nr_banks ) { - if ( i < NR_MEM_BANKS ) + if (i < mem->max_banks) { if ( check_reserved_regions_overlap(paddr, size) ) return -EINVAL; @@ -492,7 +494,7 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, int __init make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells) { - const struct meminfo *mem = &kinfo->shm_mem; + const struct membanks *mem = &kinfo->shm_mem.common; void *fdt = kinfo->fdt; int res = 0; /* Placeholder for reserved-memory\0 */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:56:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:56:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712260.1112807 (Exim 4.92) (envelope-from ) id 1s05Ch-0004RK-Io; Thu, 25 Apr 2024 19:56:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712260.1112807; Thu, 25 Apr 2024 19:56:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Ch-0004RD-GF; Thu, 25 Apr 2024 19:56:23 +0000 Received: by outflank-mailman (input) for mailman id 712260; Thu, 25 Apr 2024 19:56:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Cg-0004R3-Uq for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Cg-0003ep-U5 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05Cg-0002fm-TF for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Y94XgkWMJ11bRXx7BH+dOrIGPsS2FrJ9vpuDj2i7B3c=; b=YVjyqVjbBsJbeYaEOoxqr52TAh xeqUZDTo69wUAORioiHhDTiyqfYUehTbjKsTOfaYN/1OAtry+Wi8JQc7gIx70o7L1W8iGMyolHjTU lrYjlFwksYLejL+8rjDAgUhBP4tdw9CwOtBIoMgklVzbCjiotR57wDb3VBBWIOqx5Wj0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Conditional compilation of kernel_info.shm_mem member Message-Id: Date: Thu, 25 Apr 2024 19:56:22 +0000 commit e13499b3c479f217f9d1fe9a1afac78e16dba116 Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:45 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Conditional compilation of kernel_info.shm_mem member The user of shm_mem member of the 'struct kernel_info' is only the code managing the static shared memory feature, which can be compiled out using CONFIG_STATIC_SHM, so in case the feature is not requested, that member won't be used and will waste memory space. To address this issue, protect the member with the Kconfig parameter and modify the signature of the only function using it to remove any reference to the member from outside the static-shmem module. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/include/asm/kernel.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/include/asm/kernel.h b/xen/arch/arm/include/asm/kernel.h index d46f29ee6c..eb3cb7809c 100644 --- a/xen/arch/arm/include/asm/kernel.h +++ b/xen/arch/arm/include/asm/kernel.h @@ -39,7 +39,9 @@ struct kernel_info { void *fdt; /* flat device tree */ paddr_t unassigned_mem; /* RAM not (yet) assigned to a bank */ struct meminfo mem; +#ifdef CONFIG_STATIC_SHM struct meminfo shm_mem; +#endif /* kernel entry point */ paddr_t entry; @@ -80,10 +82,16 @@ struct kernel_info { #define kernel_info_get_mem(kinfo) (&(kinfo)->mem.common) +#ifdef CONFIG_STATIC_SHM +#define KERNEL_INFO_SHM_MEM_INIT .shm_mem.common.max_banks = NR_MEM_BANKS, +#else +#define KERNEL_INFO_SHM_MEM_INIT +#endif + #define KERNEL_INFO_INIT \ { \ .mem.common.max_banks = NR_MEM_BANKS, \ - .shm_mem.common.max_banks = NR_MEM_BANKS, \ + KERNEL_INFO_SHM_MEM_INIT \ } /* -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:56:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:56:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712261.1112811 (Exim 4.92) (envelope-from ) id 1s05Cr-0004UW-Ku; Thu, 25 Apr 2024 19:56:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712261.1112811; Thu, 25 Apr 2024 19:56:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Cr-0004UN-Hu; Thu, 25 Apr 2024 19:56:33 +0000 Received: by outflank-mailman (input) for mailman id 712261; Thu, 25 Apr 2024 19:56:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Cr-0004U9-1x for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Cr-0003ex-1D for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05Cr-0002gF-0J for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=FZC0EEH3OD3KLvDDbgLq6KVE3NFEDjgoEbF0buD2fl4=; b=x2y4NhuwuoMU8FdBQTIgiRg1aX wY6KPBzMSW8g45SsaB0nGkHxdN5zTSEtGHJvaMaLC1SULvJwtM9oxce2274RN1uFPDc3KZANNp1My D1hq8LLM5FyZTuFaRJ05OjPCT8AEGCJf69UrW+fo2niv3vzQCL5HyZpTane30rs7w5sc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Avoid code duplication in find_unallocated_memory Message-Id: Date: Thu, 25 Apr 2024 19:56:33 +0000 commit b3e66aa1c23db7e70fd67ba110a7c802e2297393 Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:46 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Avoid code duplication in find_unallocated_memory The function find_unallocated_memory is using the same code to loop through 2 structure of the same type, in order to avoid code duplication, rework the code to have only one loop that goes through all the structures, this will be used to avoid duplication when the static shared memory banks will be introduced as a separate structure from reserved memory. Take the occasion to add the error code to the error message in case 'rangeset_remove_range' fails. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/domain_build.c | 53 ++++++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 02e4dcafe7..7c70382544 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -868,12 +868,14 @@ static int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, static int __init find_unallocated_memory(const struct kernel_info *kinfo, struct membanks *ext_regions) { - const struct membanks *kinfo_mem = kernel_info_get_mem(kinfo); const struct membanks *mem = bootinfo_get_mem(); - const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); + const struct membanks *mem_banks[] = { + kernel_info_get_mem(kinfo), + bootinfo_get_reserved_mem(), + }; struct rangeset *unalloc_mem; paddr_t start, end; - unsigned int i; + unsigned int i, j; int res; dt_dprintk("Find unallocated memory for extended regions\n"); @@ -897,35 +899,26 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, } } - /* Remove RAM assigned to Dom0 */ - for ( i = 0; i < kinfo_mem->nr_banks; i++ ) - { - start = kinfo_mem->bank[i].start; - end = kinfo_mem->bank[i].start + kinfo_mem->bank[i].size; - res = rangeset_remove_range(unalloc_mem, PFN_DOWN(start), - PFN_DOWN(end - 1)); - if ( res ) - { - printk(XENLOG_ERR "Failed to remove: %#"PRIpaddr"->%#"PRIpaddr"\n", - start, end); - goto out; - } - } - - /* Remove reserved-memory regions */ - for ( i = 0; i < reserved_mem->nr_banks; i++ ) - { - start = reserved_mem->bank[i].start; - end = reserved_mem->bank[i].start + reserved_mem->bank[i].size; - res = rangeset_remove_range(unalloc_mem, PFN_DOWN(start), - PFN_DOWN(end - 1)); - if ( res ) + /* + * Exclude the following regions: + * 1) Remove RAM assigned to Dom0 + * 2) Remove reserved memory + */ + for ( i = 0; i < ARRAY_SIZE(mem_banks); i++ ) + for ( j = 0; j < mem_banks[i]->nr_banks; j++ ) { - printk(XENLOG_ERR "Failed to remove: %#"PRIpaddr"->%#"PRIpaddr"\n", - start, end); - goto out; + start = mem_banks[i]->bank[j].start; + end = mem_banks[i]->bank[j].start + mem_banks[i]->bank[j].size; + res = rangeset_remove_range(unalloc_mem, PFN_DOWN(start), + PFN_DOWN(end - 1)); + if ( res ) + { + printk(XENLOG_ERR + "Failed to add: %#"PRIpaddr"->%#"PRIpaddr", error %d\n", + start, end, res); + goto out; + } } - } /* Remove grant table region */ if ( kinfo->gnttab_size ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:56:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:56:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712262.1112816 (Exim 4.92) (envelope-from ) id 1s05D1-0004XM-Mf; Thu, 25 Apr 2024 19:56:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712262.1112816; Thu, 25 Apr 2024 19:56:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05D1-0004XC-JP; Thu, 25 Apr 2024 19:56:43 +0000 Received: by outflank-mailman (input) for mailman id 712262; Thu, 25 Apr 2024 19:56:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05D1-0004X2-4i for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05D1-0003f6-41 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05D1-0002gh-3J for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Wj9NXrYJC106FN+gLIkFqqnG2B1l+jrfxkPH5Q5X2cw=; b=aeXNE2ebmahuaeG8wR7NMDl3ks ebrCRh4MGyDh03G2V4JyplxEKgreOMYjmDeVthtFmGb4h/FmyMy9gjXSIIzry+RPUMiBoq+Ixr0Qo ygSBTWdq39MRmToasmhBmP1S6EX3XZeMaSgDfqhZ0B28eQb74DlQB7I4YreTtWq/X08s=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Avoid code duplication in check_reserved_regions_overlap Message-Id: Date: Thu, 25 Apr 2024 19:56:43 +0000 commit 9f657d883201f8149c118cb00c1b2d7692395f5a Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:47 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Avoid code duplication in check_reserved_regions_overlap The function check_reserved_regions_overlap is calling 'meminfo_overlap_check' on the same type of structure, this code can be written in a way to avoid code duplication, so rework the function to do that. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/setup.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index e00dbb1351..003b0446af 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -340,25 +340,27 @@ void __init fw_unreserved_regions(paddr_t s, paddr_t e, bool __init check_reserved_regions_overlap(paddr_t region_start, paddr_t region_size) { + const struct membanks *mem_banks[] = { + bootinfo_get_reserved_mem(), +#ifdef CONFIG_ACPI + bootinfo_get_acpi(), +#endif + }; + unsigned int i; + /* - * Check if input region is overlapping with bootinfo_get_reserved_mem() - * banks + * Check if input region is overlapping with reserved memory banks or + * ACPI EfiACPIReclaimMemory (when ACPI feature is enabled) */ - if ( meminfo_overlap_check(bootinfo_get_reserved_mem(), - region_start, region_size) ) - return true; + for ( i = 0; i < ARRAY_SIZE(mem_banks); i++ ) + if ( meminfo_overlap_check(mem_banks[i], region_start, region_size) ) + return true; /* Check if input region is overlapping with bootmodules */ if ( bootmodules_overlap_check(&bootinfo.modules, region_start, region_size) ) return true; -#ifdef CONFIG_ACPI - /* Check if input region is overlapping with ACPI EfiACPIReclaimMemory */ - if ( meminfo_overlap_check(bootinfo_get_acpi(), region_start, region_size) ) - return true; -#endif - return false; } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:56:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:56:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712264.1112818 (Exim 4.92) (envelope-from ) id 1s05DC-0004a9-NZ; Thu, 25 Apr 2024 19:56:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712264.1112818; Thu, 25 Apr 2024 19:56:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05DC-0004a2-Kw; Thu, 25 Apr 2024 19:56:54 +0000 Received: by outflank-mailman (input) for mailman id 712264; Thu, 25 Apr 2024 19:56:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05DB-0004Zn-7d for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05DB-0003fD-6w for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05DB-0002h8-65 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:56:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=cKxIyJuduqHSH00OCrb6Gp2gqVdWmjl87GhD/7lT9oY=; b=dV+EJ705mTiy6Syi3jswJtJdL7 US/TPw26cS/ZxrM6nfS4MF/lZwO/Bk98Veog7l5tXPyFBdCO+ABXGe2zI+sc6TF3qYpgdc1uybjwD 6T4d6bFIT9AeHDA8lSApUkPyOtgMc1zJ2YjitvdfRZVWurgcVaI1eRcga1fbZ56W0IdI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Introduce helper for static memory pages Message-Id: Date: Thu, 25 Apr 2024 19:56:53 +0000 commit e5816ad4e807f48374b44b4aae4156a6964eb342 Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:48 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Introduce helper for static memory pages Introduce a new helper function in the static-memory module that can be called to manage static memory banks, this is done to reuse the code when other modules would like to manage static memory banks that are not part of the reserved_mem structure, this is done because the static shared memory banks will be removed from reserved_mem. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/include/asm/static-memory.h | 13 +++++++++++++ xen/arch/arm/static-memory.c | 12 +----------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/xen/arch/arm/include/asm/static-memory.h b/xen/arch/arm/include/asm/static-memory.h index 3e3efd70c3..804166e541 100644 --- a/xen/arch/arm/include/asm/static-memory.h +++ b/xen/arch/arm/include/asm/static-memory.h @@ -3,10 +3,23 @@ #ifndef __ASM_STATIC_MEMORY_H_ #define __ASM_STATIC_MEMORY_H_ +#include #include #ifdef CONFIG_STATIC_MEMORY +static inline void init_staticmem_bank(const struct membank *bank) +{ + mfn_t bank_start = _mfn(PFN_UP(bank->start)); + unsigned long bank_pages = PFN_DOWN(bank->size); + mfn_t bank_end = mfn_add(bank_start, bank_pages); + + if ( mfn_x(bank_end) <= mfn_x(bank_start) ) + return; + + unprepare_staticmem_pages(mfn_to_page(bank_start), bank_pages, false); +} + void allocate_static_memory(struct domain *d, struct kernel_info *kinfo, const struct dt_device_node *node); void assign_static_memory_11(struct domain *d, struct kernel_info *kinfo, diff --git a/xen/arch/arm/static-memory.c b/xen/arch/arm/static-memory.c index 34bd12696a..d4585c5a06 100644 --- a/xen/arch/arm/static-memory.c +++ b/xen/arch/arm/static-memory.c @@ -265,17 +265,7 @@ void __init init_staticmem_pages(void) for ( bank = 0 ; bank < reserved_mem->nr_banks; bank++ ) { if ( reserved_mem->bank[bank].type == MEMBANK_STATIC_DOMAIN ) - { - mfn_t bank_start = _mfn(PFN_UP(reserved_mem->bank[bank].start)); - unsigned long bank_pages = PFN_DOWN(reserved_mem->bank[bank].size); - mfn_t bank_end = mfn_add(bank_start, bank_pages); - - if ( mfn_x(bank_end) <= mfn_x(bank_start) ) - return; - - unprepare_staticmem_pages(mfn_to_page(bank_start), - bank_pages, false); - } + init_staticmem_bank(&reserved_mem->bank[bank]); } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:57:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:57:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712265.1112822 (Exim 4.92) (envelope-from ) id 1s05DM-0004cu-Pg; Thu, 25 Apr 2024 19:57:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712265.1112822; Thu, 25 Apr 2024 19:57:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05DM-0004ch-Mm; Thu, 25 Apr 2024 19:57:04 +0000 Received: by outflank-mailman (input) for mailman id 712265; Thu, 25 Apr 2024 19:57:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05DL-0004cV-B7 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05DL-0003fa-AH for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05DL-0002hr-9L for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=g8gSSh8sm6Xdr0QiMRj+x2Sg3SvDGIqSokmu5LxcdZ0=; b=02CkpfAbf+i/AFhc8NOL3wQFsB 7Wbv7k/yldgtCWiC3CTB9ClTU2OP7YpY7x/ZaJY4H7+dZgZlCYe7TMpe1rP2JNBNea0nR5H2ysY63 P50yG24AxRQa+OLc9zxqWARnv2iMGjzSAy4kxcPsHoo9muNand1vHrD0E+zzKXvW63Qc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: Reduce struct membank size on static shared memory Message-Id: Date: Thu, 25 Apr 2024 19:57:03 +0000 commit 2b557af19278c2108d8d7e610c870310d6df8a99 Author: Luca Fancellu AuthorDate: Thu Apr 18 08:36:49 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: Reduce struct membank size on static shared memory Currently the memory footprint of the static shared memory feature is impacting all the struct meminfo instances with memory space that is not going to be used. To solve this issue, rework the static shared memory extra information linked to the memory bank to another structure, struct shmem_membank_extra, and exploit the struct membank padding to host a pointer to that structure in a union with the enum membank_type, with this trick the 'struct membank' has the same size with or without the static shared memory, given that the 'type' and 'shmem_extra' are never used at the same time, hence the 'struct membank' won't grow in size. Afterwards, create a new structure 'struct shared_meminfo' which has the same interface of 'struct meminfo', but requires less banks, defined by the number in NR_SHMEM_BANKS, which is 32 at the moment and should be enough for the current use cases, the value might be increased in te future if needed. Finally, this structure hosts also the extra information for the static shared memory banks. The fields 'bank' and 'extra' of this structure are meant to be linked by the index (e.g. extra[idx] will have the information for the bank[idx], for i=0..NR_SHMEM_BANKS), the convinient pointer 'shmem_extra' of 'struct membank' is then linked to the related 'extra' bank to ease the fruition when a function has access only to the 'struct membanks common' of 'struct shared_meminfo'. The last part of this work is to move the allocation of the static shared memory banks from the 'reserved_mem' to a new 'shmem' member of the 'struct bootinfo'. Change also the 'shm_mem' member type to be 'struct shared_meminfo' in order to match the above changes and allow a memory space reduction also in 'struct kernel_info'. Now that the structure Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/arm32/mmu/mm.c | 24 ++++++++++ xen/arch/arm/arm64/mmu/mm.c | 2 + xen/arch/arm/bootfdt.c | 1 + xen/arch/arm/domain_build.c | 5 +++ xen/arch/arm/include/asm/kernel.h | 4 +- xen/arch/arm/include/asm/setup.h | 41 +++++++++++++++-- xen/arch/arm/include/asm/static-shmem.h | 8 ++++ xen/arch/arm/setup.c | 25 ++++++++++- xen/arch/arm/static-shmem.c | 79 +++++++++++++++++++++++++-------- 9 files changed, 165 insertions(+), 24 deletions(-) diff --git a/xen/arch/arm/arm32/mmu/mm.c b/xen/arch/arm/arm32/mmu/mm.c index 84c89da909..23150122f7 100644 --- a/xen/arch/arm/arm32/mmu/mm.c +++ b/xen/arch/arm/arm32/mmu/mm.c @@ -8,6 +8,7 @@ #include #include #include +#include static unsigned long opt_xenheap_megabytes __initdata; integer_param("xenheap_megabytes", opt_xenheap_megabytes); @@ -43,6 +44,9 @@ static paddr_t __init consider_modules(paddr_t s, paddr_t e, int first_mod) { const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); +#ifdef CONFIG_STATIC_SHM + const struct membanks *shmem = bootinfo_get_shmem(); +#endif const struct bootmodules *mi = &bootinfo.modules; int i; int nr; @@ -119,6 +123,25 @@ static paddr_t __init consider_modules(paddr_t s, paddr_t e, return consider_modules(s, r_s, size, align, i + 1); } } + +#ifdef CONFIG_STATIC_SHM + nr += reserved_mem->nr_banks; + for ( ; i - nr < shmem->nr_banks; i++ ) + { + paddr_t r_s = shmem->bank[i - nr].start; + paddr_t r_e = r_s + shmem->bank[i - nr].size; + + if ( s < r_e && r_s < e ) + { + r_e = consider_modules(r_e, e, size, align, i + 1); + if ( r_e ) + return r_e; + + return consider_modules(s, r_s, size, align, i + 1); + } + } +#endif + return e; } @@ -295,6 +318,7 @@ void __init setup_mm(void) mfn_to_maddr(directmap_mfn_end)); init_staticmem_pages(); + init_sharedmem_pages(); } /* diff --git a/xen/arch/arm/arm64/mmu/mm.c b/xen/arch/arm/arm64/mmu/mm.c index f8aaf4ac18..293acb67e0 100644 --- a/xen/arch/arm/arm64/mmu/mm.c +++ b/xen/arch/arm/arm64/mmu/mm.c @@ -6,6 +6,7 @@ #include #include +#include /* Override macros from asm/page.h to make them work with mfn_t */ #undef virt_to_mfn @@ -236,6 +237,7 @@ void __init setup_mm(void) max_page = PFN_DOWN(ram_end); init_staticmem_pages(); + init_sharedmem_pages(); } /* diff --git a/xen/arch/arm/bootfdt.c b/xen/arch/arm/bootfdt.c index 4c80962f79..4d708442a1 100644 --- a/xen/arch/arm/bootfdt.c +++ b/xen/arch/arm/bootfdt.c @@ -511,6 +511,7 @@ static void __init early_print_info(void) mem_resv->bank[j].start, mem_resv->bank[j].start + mem_resv->bank[j].size - 1); } + early_print_info_shmem(); printk("\n"); for ( i = 0 ; i < cmds->nr_mods; i++ ) printk("CMDLINE[%"PRIpaddr"]:%s %s\n", cmds->cmdline[i].start, diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 7c70382544..2fc7feeae3 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -863,6 +863,7 @@ static int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, * regions we exclude every region assigned to Dom0 from the Host RAM: * - domain RAM * - reserved-memory + * - static shared memory * - grant table space */ static int __init find_unallocated_memory(const struct kernel_info *kinfo, @@ -872,6 +873,9 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, const struct membanks *mem_banks[] = { kernel_info_get_mem(kinfo), bootinfo_get_reserved_mem(), +#ifdef CONFIG_STATIC_SHM + bootinfo_get_shmem(), +#endif }; struct rangeset *unalloc_mem; paddr_t start, end; @@ -903,6 +907,7 @@ static int __init find_unallocated_memory(const struct kernel_info *kinfo, * Exclude the following regions: * 1) Remove RAM assigned to Dom0 * 2) Remove reserved memory + * 3) Remove static shared memory (when the feature is enabled) */ for ( i = 0; i < ARRAY_SIZE(mem_banks); i++ ) for ( j = 0; j < mem_banks[i]->nr_banks; j++ ) diff --git a/xen/arch/arm/include/asm/kernel.h b/xen/arch/arm/include/asm/kernel.h index eb3cb7809c..16a2bfc01e 100644 --- a/xen/arch/arm/include/asm/kernel.h +++ b/xen/arch/arm/include/asm/kernel.h @@ -40,7 +40,7 @@ struct kernel_info { paddr_t unassigned_mem; /* RAM not (yet) assigned to a bank */ struct meminfo mem; #ifdef CONFIG_STATIC_SHM - struct meminfo shm_mem; + struct shared_meminfo shm_mem; #endif /* kernel entry point */ @@ -83,7 +83,7 @@ struct kernel_info { #define kernel_info_get_mem(kinfo) (&(kinfo)->mem.common) #ifdef CONFIG_STATIC_SHM -#define KERNEL_INFO_SHM_MEM_INIT .shm_mem.common.max_banks = NR_MEM_BANKS, +#define KERNEL_INFO_SHM_MEM_INIT .shm_mem.common.max_banks = NR_SHMEM_BANKS, #else #define KERNEL_INFO_SHM_MEM_INIT #endif diff --git a/xen/arch/arm/include/asm/setup.h b/xen/arch/arm/include/asm/setup.h index 696f55db86..28fb659fe9 100644 --- a/xen/arch/arm/include/asm/setup.h +++ b/xen/arch/arm/include/asm/setup.h @@ -9,6 +9,7 @@ #define MAX_FDT_SIZE SZ_2M #define NR_MEM_BANKS 256 +#define NR_SHMEM_BANKS 32 #define MAX_MODULES 32 /* Current maximum useful modules */ @@ -46,14 +47,20 @@ enum membank_type { /* Indicates the maximum number of characters(\0 included) for shm_id */ #define MAX_SHM_ID_LENGTH 16 +struct shmem_membank_extra { + char shm_id[MAX_SHM_ID_LENGTH]; + unsigned int nr_shm_borrowers; +}; + struct membank { paddr_t start; paddr_t size; - enum membank_type type; + union { + enum membank_type type; #ifdef CONFIG_STATIC_SHM - char shm_id[MAX_SHM_ID_LENGTH]; - unsigned int nr_shm_borrowers; + struct shmem_membank_extra *shmem_extra; #endif + }; }; struct membanks { @@ -67,6 +74,12 @@ struct meminfo { struct membank bank[NR_MEM_BANKS]; }; +struct shared_meminfo { + struct membanks common; + struct membank bank[NR_SHMEM_BANKS]; + struct shmem_membank_extra extra[NR_SHMEM_BANKS]; +}; + /* * The domU flag is set for kernels and ramdisks of "xen,domain" nodes. * The purpose of the domU flag is to avoid getting confused in @@ -109,6 +122,9 @@ struct bootinfo { struct bootcmdlines cmdlines; #ifdef CONFIG_ACPI struct meminfo acpi; +#endif +#ifdef CONFIG_STATIC_SHM + struct shared_meminfo shmem; #endif bool static_heap; }; @@ -119,11 +135,18 @@ struct bootinfo { #define BOOTINFO_ACPI_INIT #endif +#ifdef CONFIG_STATIC_SHM +#define BOOTINFO_SHMEM_INIT .shmem.common.max_banks = NR_SHMEM_BANKS, +#else +#define BOOTINFO_SHMEM_INIT +#endif + #define BOOTINFO_INIT \ { \ .mem.common.max_banks = NR_MEM_BANKS, \ .reserved_mem.common.max_banks = NR_MEM_BANKS, \ BOOTINFO_ACPI_INIT \ + BOOTINFO_SHMEM_INIT \ } struct map_range_data @@ -158,6 +181,18 @@ static inline struct membanks *bootinfo_get_acpi(void) } #endif +#ifdef CONFIG_STATIC_SHM +static inline struct membanks *bootinfo_get_shmem(void) +{ + return &bootinfo.shmem.common; +} + +static inline struct shmem_membank_extra *bootinfo_get_shmem_extra(void) +{ + return bootinfo.shmem.extra; +} +#endif + void copy_from_paddr(void *dst, paddr_t paddr, unsigned long len); size_t estimate_efi_size(unsigned int mem_nr_banks); diff --git a/xen/arch/arm/include/asm/static-shmem.h b/xen/arch/arm/include/asm/static-shmem.h index 680594b684..90aafc81e7 100644 --- a/xen/arch/arm/include/asm/static-shmem.h +++ b/xen/arch/arm/include/asm/static-shmem.h @@ -24,6 +24,10 @@ static inline int process_shm_chosen(struct domain *d, int process_shm_node(const void *fdt, int node, uint32_t address_cells, uint32_t size_cells); +void early_print_info_shmem(void); + +void init_sharedmem_pages(void); + #else /* !CONFIG_STATIC_SHM */ static inline int make_resv_memory_node(const struct kernel_info *kinfo, @@ -51,6 +55,10 @@ static inline int process_shm_node(const void *fdt, int node, return -EINVAL; } +static inline void early_print_info_shmem(void) {}; + +static inline void init_sharedmem_pages(void) {}; + #endif /* CONFIG_STATIC_SHM */ #endif /* __ASM_STATIC_SHMEM_H_ */ diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 003b0446af..d242674381 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -208,6 +208,9 @@ static void __init dt_unreserved_regions(paddr_t s, paddr_t e, unsigned int first) { const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); +#ifdef CONFIG_STATIC_SHM + const struct membanks *shmem = bootinfo_get_shmem(); +#endif unsigned int i, nr; int rc; @@ -258,6 +261,22 @@ static void __init dt_unreserved_regions(paddr_t s, paddr_t e, } } +#ifdef CONFIG_STATIC_SHM + nr += reserved_mem->nr_banks; + for ( ; i - nr < shmem->nr_banks; i++ ) + { + paddr_t r_s = shmem->bank[i - nr].start; + paddr_t r_e = r_s + shmem->bank[i - nr].size; + + if ( s < r_e && r_s < e ) + { + dt_unreserved_regions(r_e, e, cb, i + 1); + dt_unreserved_regions(s, r_s, cb, i + 1); + return; + } + } +#endif + cb(s, e); } @@ -344,13 +363,17 @@ bool __init check_reserved_regions_overlap(paddr_t region_start, bootinfo_get_reserved_mem(), #ifdef CONFIG_ACPI bootinfo_get_acpi(), +#endif +#ifdef CONFIG_STATIC_SHM + bootinfo_get_shmem(), #endif }; unsigned int i; /* * Check if input region is overlapping with reserved memory banks or - * ACPI EfiACPIReclaimMemory (when ACPI feature is enabled) + * ACPI EfiACPIReclaimMemory (when ACPI feature is enabled) or static + * shared memory banks (when static shared memory feature is enabled) */ for ( i = 0; i < ARRAY_SIZE(mem_banks); i++ ) if ( meminfo_overlap_check(mem_banks[i], region_start, region_size) ) diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index 11f3c0da81..fcf8227bf4 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -4,29 +4,40 @@ #include #include +#include #include +static void __init __maybe_unused build_assertions(void) +{ + /* + * Check that no padding is between struct membanks "bank" flexible array + * member and struct shared_meminfo "bank" member + */ + BUILD_BUG_ON((offsetof(struct membanks, bank) != + offsetof(struct shared_meminfo, bank))); +} + static int __init acquire_nr_borrower_domain(struct domain *d, paddr_t pbase, paddr_t psize, unsigned long *nr_borrowers) { - const struct membanks *reserved_mem = bootinfo_get_reserved_mem(); + const struct membanks *shmem = bootinfo_get_shmem(); unsigned int bank; /* Iterate reserved memory to find requested shm bank. */ - for ( bank = 0 ; bank < reserved_mem->nr_banks; bank++ ) + for ( bank = 0 ; bank < shmem->nr_banks; bank++ ) { - paddr_t bank_start = reserved_mem->bank[bank].start; - paddr_t bank_size = reserved_mem->bank[bank].size; + paddr_t bank_start = shmem->bank[bank].start; + paddr_t bank_size = shmem->bank[bank].size; if ( (pbase == bank_start) && (psize == bank_size) ) break; } - if ( bank == reserved_mem->nr_banks ) + if ( bank == shmem->nr_banks ) return -ENOENT; - *nr_borrowers = reserved_mem->bank[bank].nr_shm_borrowers; + *nr_borrowers = shmem->bank[bank].shmem_extra->nr_shm_borrowers; return 0; } @@ -158,16 +169,22 @@ static int __init assign_shared_memory(struct domain *d, return ret; } -static int __init append_shm_bank_to_domain(struct membanks *shm_mem, - paddr_t start, paddr_t size, - const char *shm_id) +static int __init +append_shm_bank_to_domain(struct shared_meminfo *kinfo_shm_mem, paddr_t start, + paddr_t size, const char *shm_id) { + struct membanks *shm_mem = &kinfo_shm_mem->common; + struct shmem_membank_extra *shm_mem_extra; + if ( shm_mem->nr_banks >= shm_mem->max_banks ) return -ENOMEM; + shm_mem_extra = &kinfo_shm_mem->extra[shm_mem->nr_banks]; + shm_mem->bank[shm_mem->nr_banks].start = start; shm_mem->bank[shm_mem->nr_banks].size = size; - safe_strcpy(shm_mem->bank[shm_mem->nr_banks].shm_id, shm_id); + safe_strcpy(shm_mem_extra->shm_id, shm_id); + shm_mem->bank[shm_mem->nr_banks].shmem_extra = shm_mem_extra; shm_mem->nr_banks++; return 0; @@ -270,7 +287,7 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, * Record static shared memory region info for later setting * up shm-node in guest device tree. */ - ret = append_shm_bank_to_domain(&kinfo->shm_mem.common, gbase, psize, + ret = append_shm_bank_to_domain(&kinfo->shm_mem, gbase, psize, shm_id); if ( ret ) return ret; @@ -325,7 +342,8 @@ static int __init make_shm_memory_node(const struct kernel_info *kinfo, dt_dprintk("Shared memory bank %u: %#"PRIx64"->%#"PRIx64"\n", i, start, start + size); - res = fdt_property_string(fdt, "xen,id", mem->bank[i].shm_id); + res = fdt_property_string(fdt, "xen,id", + mem->bank[i].shmem_extra->shm_id); if ( res ) return res; @@ -353,7 +371,8 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, const struct fdt_property *prop, *prop_id, *prop_role; const __be32 *cell; paddr_t paddr, gaddr, size, end; - struct membanks *mem = bootinfo_get_reserved_mem(); + struct membanks *mem = bootinfo_get_shmem(); + struct shmem_membank_extra *shmem_extra = bootinfo_get_shmem_extra(); unsigned int i; int len; bool owner = false; @@ -442,7 +461,8 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, */ if ( paddr == mem->bank[i].start && size == mem->bank[i].size ) { - if ( strncmp(shm_id, mem->bank[i].shm_id, MAX_SHM_ID_LENGTH) == 0 ) + if ( strncmp(shm_id, shmem_extra[i].shm_id, + MAX_SHM_ID_LENGTH) == 0 ) break; else { @@ -451,7 +471,8 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, return -EINVAL; } } - else if ( strncmp(shm_id, mem->bank[i].shm_id, MAX_SHM_ID_LENGTH) != 0 ) + else if ( strncmp(shm_id, shmem_extra[i].shm_id, + MAX_SHM_ID_LENGTH) != 0 ) continue; else { @@ -469,10 +490,10 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, return -EINVAL; /* Static shared memory shall be reserved from any other use. */ - safe_strcpy(mem->bank[mem->nr_banks].shm_id, shm_id); + safe_strcpy(shmem_extra[mem->nr_banks].shm_id, shm_id); mem->bank[mem->nr_banks].start = paddr; mem->bank[mem->nr_banks].size = size; - mem->bank[mem->nr_banks].type = MEMBANK_STATIC_DOMAIN; + mem->bank[mem->nr_banks].shmem_extra = &shmem_extra[mem->nr_banks]; mem->nr_banks++; } else @@ -486,7 +507,7 @@ int __init process_shm_node(const void *fdt, int node, uint32_t address_cells, * to calculate the reference count. */ if ( !owner ) - mem->bank[i].nr_shm_borrowers++; + shmem_extra[i].nr_shm_borrowers++; return 0; } @@ -531,6 +552,28 @@ int __init make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, return res; } +void __init early_print_info_shmem(void) +{ + const struct membanks *shmem = bootinfo_get_shmem(); + unsigned int bank; + + for ( bank = 0; bank < shmem->nr_banks; bank++ ) + { + printk(" SHMEM[%u]: %"PRIpaddr" - %"PRIpaddr"\n", bank, + shmem->bank[bank].start, + shmem->bank[bank].start + shmem->bank[bank].size - 1); + } +} + +void __init init_sharedmem_pages(void) +{ + const struct membanks *shmem = bootinfo_get_shmem(); + unsigned int bank; + + for ( bank = 0 ; bank < shmem->nr_banks; bank++ ) + init_staticmem_bank(&shmem->bank[bank]); +} + /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:57:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:57:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712266.1112827 (Exim 4.92) (envelope-from ) id 1s05DW-0004gQ-T3; Thu, 25 Apr 2024 19:57:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712266.1112827; Thu, 25 Apr 2024 19:57:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05DW-0004gI-Pv; Thu, 25 Apr 2024 19:57:14 +0000 Received: by outflank-mailman (input) for mailman id 712266; Thu, 25 Apr 2024 19:57:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05DV-0004g9-E2 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05DV-0003g1-D9 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05DV-0002iK-CT for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dM34mY6+6KGn1jk031FrajQxsvPfHT4onSSiIlK/eec=; b=ykYJxi4Qqw6gpi5/hf1yTASa1B 2T3CT8jtYyP//sQ6qz2GZu9dZ5W00EtU7zD2RWFftciLstxDx5Cf4N1f8/L4uLvTW4W0cWVMLUCmw tf4hb1nqnWq42xrI8+W5okbP/YpqigGebtsvf+5P5nHdyhfokUXqtcoK6Stp9aO+pZWQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: remove shm holes from extended regions Message-Id: Date: Thu, 25 Apr 2024 19:57:13 +0000 commit a0fee882c1404500470fe4e0ade1495dea6c1f04 Author: Penny Zheng AuthorDate: Thu Apr 18 08:36:50 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: remove shm holes from extended regions Static shared memory acts as reserved memory in guest, so it shall be excluded from extended regions. Extended regions are taken care of under three different scenarios: normal DomU, direct-map domain with iommu on, and direct-map domain with iommu off. For normal DomU, we create a new function "remove_shm_holes_for_domU", to firstly transfer original outputs into the format of "struct rangeset", then use "remove_shm_from_rangeset" to remove static shm from them. For direct-map domain with iommu on, after we get guest shm info from "kinfo", we use "remove_shm_from_rangeset" to remove static shm. For direct-map domain with iommu off, as static shm has already been taken care of through find_unallocated_memory, we do nothing. Signed-off-by: Penny Zheng Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/domain_build.c | 16 ++++-- xen/arch/arm/include/asm/domain_build.h | 2 + xen/arch/arm/include/asm/static-shmem.h | 18 +++++++ xen/arch/arm/static-shmem.c | 94 +++++++++++++++++++++++++++++++++ 4 files changed, 127 insertions(+), 3 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 2fc7feeae3..0cc39b0bd7 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -816,8 +816,8 @@ int __init make_memory_node(const struct domain *d, return res; } -static int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, - void *data) +int __init add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, + void *data) { struct membanks *ext_regions = data; paddr_t start, size; @@ -990,6 +990,8 @@ static int __init handle_pci_range(const struct dt_device_node *dev, * - MMIO * - Host RAM * - PCI aperture + * - Static shared memory regions, which are described by special property + * "xen,shared-mem" */ static int __init find_memory_holes(const struct kernel_info *kinfo, struct membanks *ext_regions) @@ -1017,6 +1019,11 @@ static int __init find_memory_holes(const struct kernel_info *kinfo, goto out; } + /* Remove static shared memory regions */ + res = remove_shm_from_rangeset(kinfo, mem_holes); + if ( res ) + goto out; + /* * Remove regions described by "reg" and "ranges" properties where * the memory is addressable (MMIO, RAM, PCI BAR, etc). @@ -1109,7 +1116,10 @@ static int __init find_domU_holes(const struct kernel_info *kinfo, res = 0; } - return res; + if ( res ) + return res; + + return remove_shm_holes_for_domU(kinfo, ext_regions); } int __init make_hypervisor_node(struct domain *d, diff --git a/xen/arch/arm/include/asm/domain_build.h b/xen/arch/arm/include/asm/domain_build.h index a6f276cc42..026d975da2 100644 --- a/xen/arch/arm/include/asm/domain_build.h +++ b/xen/arch/arm/include/asm/domain_build.h @@ -51,6 +51,8 @@ static inline int prepare_acpi(struct domain *d, struct kernel_info *kinfo) int prepare_acpi(struct domain *d, struct kernel_info *kinfo); #endif +int add_ext_regions(unsigned long s_gfn, unsigned long e_gfn, void *data); + #endif /* diff --git a/xen/arch/arm/include/asm/static-shmem.h b/xen/arch/arm/include/asm/static-shmem.h index 90aafc81e7..2e8b138eb9 100644 --- a/xen/arch/arm/include/asm/static-shmem.h +++ b/xen/arch/arm/include/asm/static-shmem.h @@ -28,6 +28,12 @@ void early_print_info_shmem(void); void init_sharedmem_pages(void); +int remove_shm_from_rangeset(const struct kernel_info *kinfo, + struct rangeset *rangeset); + +int remove_shm_holes_for_domU(const struct kernel_info *kinfo, + struct membanks *ext_regions); + #else /* !CONFIG_STATIC_SHM */ static inline int make_resv_memory_node(const struct kernel_info *kinfo, @@ -59,6 +65,18 @@ static inline void early_print_info_shmem(void) {}; static inline void init_sharedmem_pages(void) {}; +static inline int remove_shm_from_rangeset(const struct kernel_info *kinfo, + struct rangeset *rangeset) +{ + return 0; +} + +static inline int remove_shm_holes_for_domU(const struct kernel_info *kinfo, + struct membanks *ext_regions) +{ + return 0; +} + #endif /* CONFIG_STATIC_SHM */ #endif /* __ASM_STATIC_SHMEM_H_ */ diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index fcf8227bf4..12e2df9399 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0-only */ #include +#include #include #include @@ -574,6 +575,99 @@ void __init init_sharedmem_pages(void) init_staticmem_bank(&shmem->bank[bank]); } +int __init remove_shm_from_rangeset(const struct kernel_info *kinfo, + struct rangeset *rangeset) +{ + const struct membanks *shm_mem = &kinfo->shm_mem.common; + unsigned int i; + + /* Remove static shared memory regions */ + for ( i = 0; i < shm_mem->nr_banks; i++ ) + { + paddr_t start, end; + int res; + + start = shm_mem->bank[i].start; + end = shm_mem->bank[i].start + shm_mem->bank[i].size; + res = rangeset_remove_range(rangeset, PFN_DOWN(start), + PFN_DOWN(end - 1)); + if ( res ) + { + printk(XENLOG_ERR + "Failed to remove: %#"PRIpaddr"->%#"PRIpaddr", error: %d\n", + start, end, res); + return -EINVAL; + } + } + + return 0; +} + +int __init remove_shm_holes_for_domU(const struct kernel_info *kinfo, + struct membanks *ext_regions) +{ + const struct membanks *shm_mem = &kinfo->shm_mem.common; + struct rangeset *guest_holes; + unsigned int i; + paddr_t start; + paddr_t end; + int res; + + /* No static shared memory region. */ + if ( shm_mem->nr_banks == 0 ) + return 0; + + dt_dprintk("Remove static shared memory holes from extended regions of DomU\n"); + + guest_holes = rangeset_new(NULL, NULL, 0); + if ( !guest_holes ) + return -ENOMEM; + + /* Copy extended regions sets into the rangeset */ + for ( i = 0; i < ext_regions->nr_banks; i++ ) + { + start = ext_regions->bank[i].start; + end = start + ext_regions->bank[i].size; + + res = rangeset_add_range(guest_holes, PFN_DOWN(start), + PFN_DOWN(end - 1)); + if ( res ) + { + printk(XENLOG_ERR + "Failed to add: %#"PRIpaddr"->%#"PRIpaddr", error: %d\n", + start, end, res); + goto out; + } + } + + /* Remove static shared memory regions */ + res = remove_shm_from_rangeset(kinfo, guest_holes); + if ( res ) + goto out; + + /* + * Take the interval of memory starting from the first extended region bank + * start address and ending to the end of the last extended region bank. + */ + i = ext_regions->nr_banks - 1; + start = ext_regions->bank[0].start; + end = ext_regions->bank[i].start + ext_regions->bank[i].size - 1; + + /* Reset original extended regions to hold new value */ + ext_regions->nr_banks = 0; + res = rangeset_report_ranges(guest_holes, PFN_DOWN(start), PFN_DOWN(end), + add_ext_regions, ext_regions); + if ( res ) + ext_regions->nr_banks = 0; + else if ( !ext_regions->nr_banks ) + res = -ENOENT; + + out: + rangeset_destroy(guest_holes); + + return res; +} + /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:57:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:57:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712267.1112832 (Exim 4.92) (envelope-from ) id 1s05Dg-0004jJ-Uf; Thu, 25 Apr 2024 19:57:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712267.1112832; Thu, 25 Apr 2024 19:57:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Dg-0004jB-RW; Thu, 25 Apr 2024 19:57:24 +0000 Received: by outflank-mailman (input) for mailman id 712267; Thu, 25 Apr 2024 19:57:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Df-0004it-H1 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Df-0003gB-GE for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05Df-0002il-FW for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=N6Mt4G75mpL9EBhp/AkXII8fqAncJ/Z+t6smRFRjgLk=; b=UDqZOLLAoRlU29dvmreU45Hetg 68T51R9rsAvCsqKwCvvOq8DBwKUJn9K0EJg7jsdEJY/yPIePSs0q4Pazqh1Owjs8kX5HkmOJOiH77 WWV+owDBOdhPkJ8/Yb/S7zJcwUa/7pa2ptyiH2Fc/NMgfipJkGAqUV8a05IY+iqQp25k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: fix duplicate /reserved-memory node in Dom0 Message-Id: Date: Thu, 25 Apr 2024 19:57:23 +0000 commit 51a2b3f109189ec2f3ea9a14921e6976e6098577 Author: Penny Zheng AuthorDate: Thu Apr 18 08:36:51 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: fix duplicate /reserved-memory node in Dom0 In case there is a /reserved-memory node already present in the host dtb, current Xen codes would create yet another /reserved-memory node when the static shared memory feature is enabled and static shared memory regions are present. This would result in an incorrect device tree generation and hwdom would not be able to detect the static shared memory region. Avoid this issue by checking the presence of the /reserved-memory node and appending the nodes instead of generating a duplicate /reserved-memory. Make make_shm_memory_node externally visible and rename it to make_shm_resv_memory_node to make clear it produces childs for /reserved-memory. Signed-off-by: Penny Zheng Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/domain_build.c | 23 ++++++++++++++++++++--- xen/arch/arm/include/asm/static-shmem.h | 9 +++++++++ xen/arch/arm/static-shmem.c | 8 ++++---- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 0cc39b0bd7..68532ddc08 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -1640,6 +1640,7 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, DT_MATCH_PATH("/hypervisor"), { /* sentinel */ }, }; + static __initdata bool res_mem_node_found = false; struct dt_device_node *child; int res, i, nirq, irq_id; const char *name; @@ -1734,6 +1735,19 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, if ( res ) return res; + if ( dt_node_path_is_equal(node, "/reserved-memory") ) + { + res_mem_node_found = true; + /* + * Avoid duplicate /reserved-memory nodes in Device Tree, so add the + * static shared memory nodes there. + */ + res = make_shm_resv_memory_node(kinfo, dt_n_addr_cells(node), + dt_n_size_cells(node)); + if ( res ) + return res; + } + for ( child = node->child; child != NULL; child = child->sibling ) { res = handle_node(d, kinfo, child, p2mt); @@ -1786,9 +1800,12 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, return res; } - res = make_resv_memory_node(kinfo, addrcells, sizecells); - if ( res ) - return res; + if ( !res_mem_node_found ) + { + res = make_resv_memory_node(kinfo, addrcells, sizecells); + if ( res ) + return res; + } } res = fdt_end_node(kinfo->fdt); diff --git a/xen/arch/arm/include/asm/static-shmem.h b/xen/arch/arm/include/asm/static-shmem.h index 2e8b138eb9..7495a91e7a 100644 --- a/xen/arch/arm/include/asm/static-shmem.h +++ b/xen/arch/arm/include/asm/static-shmem.h @@ -34,6 +34,9 @@ int remove_shm_from_rangeset(const struct kernel_info *kinfo, int remove_shm_holes_for_domU(const struct kernel_info *kinfo, struct membanks *ext_regions); +int make_shm_resv_memory_node(const struct kernel_info *kinfo, int addrcells, + int sizecells); + #else /* !CONFIG_STATIC_SHM */ static inline int make_resv_memory_node(const struct kernel_info *kinfo, @@ -77,6 +80,12 @@ static inline int remove_shm_holes_for_domU(const struct kernel_info *kinfo, return 0; } +static inline int make_shm_resv_memory_node(const struct kernel_info *kinfo, + int addrcells, int sizecells) +{ + return 0; +} + #endif /* CONFIG_STATIC_SHM */ #endif /* __ASM_STATIC_SHMEM_H_ */ diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index 12e2df9399..c85f60dd1b 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -297,8 +297,8 @@ int __init process_shm(struct domain *d, struct kernel_info *kinfo, return 0; } -static int __init make_shm_memory_node(const struct kernel_info *kinfo, - int addrcells, int sizecells) +int __init make_shm_resv_memory_node(const struct kernel_info *kinfo, + int addrcells, int sizecells) { const struct membanks *mem = &kinfo->shm_mem.common; void *fdt = kinfo->fdt; @@ -306,7 +306,7 @@ static int __init make_shm_memory_node(const struct kernel_info *kinfo, int res = 0; if ( mem->nr_banks == 0 ) - return -ENOENT; + return 0; /* * For each shared memory region, a range is exposed under @@ -544,7 +544,7 @@ int __init make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, if ( res ) return res; - res = make_shm_memory_node(kinfo, addrcells, sizecells); + res = make_shm_resv_memory_node(kinfo, addrcells, sizecells); if ( res ) return res; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:57:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:57:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712268.1112835 (Exim 4.92) (envelope-from ) id 1s05Dq-0004m4-Ve; Thu, 25 Apr 2024 19:57:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712268.1112835; Thu, 25 Apr 2024 19:57:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Dq-0004lx-Sy; Thu, 25 Apr 2024 19:57:34 +0000 Received: by outflank-mailman (input) for mailman id 712268; Thu, 25 Apr 2024 19:57:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Dp-0004lh-KE for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Dp-0003gJ-JT for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05Dp-0002jH-Ig for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xJr/FXp8er/Vf4S8l+bMGNPhnaBL+n64TYB+LB1UG1k=; b=WHCYHobQMx9vWkaEq/4p29Tc5R pYyPda8vXh3KDks0FprMA4GHkaALaPb5RPDb4xE++10Jk155Ad5yhLDgbOlvhyI3GPdPDi0l2/zID USUVo50C+CciWhhw0whVOnd04xCYARoVTf3tTzQ9pOtUIT0SU08oxmYTtVbDJDeNCe3g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/arm: List static shared memory regions as /memory nodes Message-Id: Date: Thu, 25 Apr 2024 19:57:33 +0000 commit 7846f7699fea25502061a05ea847e942ea624f12 Author: Luca Fancellu AuthorDate: Mon Apr 22 12:02:07 2024 +0100 Commit: Julien Grall CommitDate: Wed Apr 24 19:13:35 2024 +0100 xen/arm: List static shared memory regions as /memory nodes Currently Xen is not exporting the static shared memory regions to the device tree as /memory node, this commit is fixing this issue. Given that now make_memory_node needs a parameter 'struct kernel_info' in order to call the new function shm_mem_node_fill_reg_range, take the occasion to remove the unused struct domain parameter. Signed-off-by: Luca Fancellu Reviewed-by: Michal Orzel --- xen/arch/arm/dom0less-build.c | 2 +- xen/arch/arm/domain_build.c | 34 ++++++++++++++++++++++----------- xen/arch/arm/include/asm/domain_build.h | 2 +- xen/arch/arm/include/asm/static-shmem.h | 15 +++++++++++++++ xen/arch/arm/static-shmem.c | 23 ++++++++++++++++++++++ 5 files changed, 63 insertions(+), 13 deletions(-) diff --git a/xen/arch/arm/dom0less-build.c b/xen/arch/arm/dom0less-build.c index 51cf03221d..74f053c242 100644 --- a/xen/arch/arm/dom0less-build.c +++ b/xen/arch/arm/dom0less-build.c @@ -642,7 +642,7 @@ static int __init prepare_dtb_domU(struct domain *d, struct kernel_info *kinfo) if ( ret ) goto err; - ret = make_memory_node(d, kinfo->fdt, addrcells, sizecells, + ret = make_memory_node(kinfo, addrcells, sizecells, kernel_info_get_mem(kinfo)); if ( ret ) goto err; diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 68532ddc08..0784e4c5e3 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -756,15 +756,14 @@ int __init domain_fdt_begin_node(void *fdt, const char *name, uint64_t unit) return fdt_begin_node(fdt, buf); } -int __init make_memory_node(const struct domain *d, - void *fdt, - int addrcells, int sizecells, - const struct membanks *mem) +int __init make_memory_node(const struct kernel_info *kinfo, int addrcells, + int sizecells, const struct membanks *mem) { + void *fdt = kinfo->fdt; unsigned int i; int res, reg_size = addrcells + sizecells; int nr_cells = 0; - __be32 reg[NR_MEM_BANKS * 4 /* Worst case addrcells + sizecells */]; + __be32 reg[DT_MEM_NODE_REG_RANGE_SIZE]; __be32 *cells; if ( mem->nr_banks == 0 ) @@ -797,14 +796,28 @@ int __init make_memory_node(const struct domain *d, if ( mem->bank[i].type == MEMBANK_STATIC_DOMAIN ) continue; - dt_dprintk(" Bank %d: %#"PRIx64"->%#"PRIx64"\n", - i, start, start + size); - nr_cells += reg_size; BUG_ON(nr_cells >= ARRAY_SIZE(reg)); dt_child_set_range(&cells, addrcells, sizecells, start, size); } + /* + * static shared memory banks need to be listed as /memory node, so when + * this function is handling the normal memory, add the banks. + */ + if ( mem == kernel_info_get_mem(kinfo) ) + shm_mem_node_fill_reg_range(kinfo, reg, &nr_cells, addrcells, + sizecells); + + for ( cells = reg, i = 0; cells < reg + nr_cells; i++, cells += reg_size ) + { + uint64_t start = dt_read_number(cells, addrcells); + uint64_t size = dt_read_number(cells + addrcells, sizecells); + + dt_dprintk(" Bank %u: %#"PRIx64"->%#"PRIx64"\n", + i, start, start + size); + } + dt_dprintk("(reg size %d, nr cells %d)\n", reg_size, nr_cells); res = fdt_property(fdt, "reg", reg, nr_cells * sizeof(*reg)); @@ -1783,7 +1796,7 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, if ( res ) return res; - res = make_memory_node(d, kinfo->fdt, addrcells, sizecells, + res = make_memory_node(kinfo, addrcells, sizecells, kernel_info_get_mem(kinfo)); if ( res ) return res; @@ -1794,8 +1807,7 @@ static int __init handle_node(struct domain *d, struct kernel_info *kinfo, */ if ( reserved_mem->nr_banks > 0 ) { - res = make_memory_node(d, kinfo->fdt, addrcells, sizecells, - reserved_mem); + res = make_memory_node(kinfo, addrcells, sizecells, reserved_mem); if ( res ) return res; } diff --git a/xen/arch/arm/include/asm/domain_build.h b/xen/arch/arm/include/asm/domain_build.h index 026d975da2..45936212ca 100644 --- a/xen/arch/arm/include/asm/domain_build.h +++ b/xen/arch/arm/include/asm/domain_build.h @@ -14,7 +14,7 @@ int make_chosen_node(const struct kernel_info *kinfo); int make_cpus_node(const struct domain *d, void *fdt); int make_hypervisor_node(struct domain *d, const struct kernel_info *kinfo, int addrcells, int sizecells); -int make_memory_node(const struct domain *d, void *fdt, int addrcells, +int make_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells, const struct membanks *mem); int make_psci_node(void *fdt); int make_timer_node(const struct kernel_info *kinfo); diff --git a/xen/arch/arm/include/asm/static-shmem.h b/xen/arch/arm/include/asm/static-shmem.h index 7495a91e7a..3b6569e570 100644 --- a/xen/arch/arm/include/asm/static-shmem.h +++ b/xen/arch/arm/include/asm/static-shmem.h @@ -3,10 +3,15 @@ #ifndef __ASM_STATIC_SHMEM_H_ #define __ASM_STATIC_SHMEM_H_ +#include #include +#include #ifdef CONFIG_STATIC_SHM +/* Worst case /memory node reg element: (addrcells + sizecells) */ +#define DT_MEM_NODE_REG_RANGE_SIZE ((NR_MEM_BANKS + NR_SHMEM_BANKS) * 4) + int make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells); @@ -37,8 +42,14 @@ int remove_shm_holes_for_domU(const struct kernel_info *kinfo, int make_shm_resv_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells); +void shm_mem_node_fill_reg_range(const struct kernel_info *kinfo, __be32 *reg, + int *nr_cells, int addrcells, int sizecells); + #else /* !CONFIG_STATIC_SHM */ +/* Worst case /memory node reg element: (addrcells + sizecells) */ +#define DT_MEM_NODE_REG_RANGE_SIZE (NR_MEM_BANKS * 4) + static inline int make_resv_memory_node(const struct kernel_info *kinfo, int addrcells, int sizecells) { @@ -86,6 +97,10 @@ static inline int make_shm_resv_memory_node(const struct kernel_info *kinfo, return 0; } +static inline void shm_mem_node_fill_reg_range(const struct kernel_info *kinfo, + __be32 *reg, int *nr_cells, + int addrcells, int sizecells) {}; + #endif /* CONFIG_STATIC_SHM */ #endif /* __ASM_STATIC_SHMEM_H_ */ diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c index c85f60dd1b..09f474ec60 100644 --- a/xen/arch/arm/static-shmem.c +++ b/xen/arch/arm/static-shmem.c @@ -1,5 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ +#include #include #include #include @@ -668,6 +669,28 @@ int __init remove_shm_holes_for_domU(const struct kernel_info *kinfo, return res; } +void __init shm_mem_node_fill_reg_range(const struct kernel_info *kinfo, + __be32 *reg, int *nr_cells, + int addrcells, int sizecells) +{ + const struct membanks *mem = &kinfo->shm_mem.common; + unsigned int i; + __be32 *cells; + + BUG_ON(!nr_cells || !reg); + + cells = ®[*nr_cells]; + for ( i = 0; i < mem->nr_banks; i++ ) + { + paddr_t start = mem->bank[i].start; + paddr_t size = mem->bank[i].size; + + *nr_cells += addrcells + sizecells; + BUG_ON(*nr_cells >= DT_MEM_NODE_REG_RANGE_SIZE); + dt_child_set_range(&cells, addrcells, sizecells, start, size); + } +} + /* * Local variables: * mode: C -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:57:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:57:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712270.1112839 (Exim 4.92) (envelope-from ) id 1s05E1-0004pC-1F; Thu, 25 Apr 2024 19:57:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712270.1112839; Thu, 25 Apr 2024 19:57:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05E0-0004p4-Ub; Thu, 25 Apr 2024 19:57:44 +0000 Received: by outflank-mailman (input) for mailman id 712270; Thu, 25 Apr 2024 19:57:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Dz-0004ol-N5 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05Dz-0003gW-ML for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05Dz-0002jr-Lc for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=imAaHrDqSxiqJGNOsbn0lTRhUiOjl5ZR9wOFP/+419Y=; b=VWYyn4UDoCLtrcfc5Fa9E0n6NV mEJ8V4yRNLoAnUNnoSE+xdJ4AMvch+fg7Ag6OD4aBKt5Hnx7AFgKYN3eWnb5QLbD1H68b8ifmf/a8 wFdD3RoEUnM7t3D0jIxOO6Nwb/et1RKzwodutLHsZDmpqkQ5IPuo/weOrMpG7fZ5BqWU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] automation: Drop some of the non-debug variants of the same Arm jobs Message-Id: Date: Thu, 25 Apr 2024 19:57:43 +0000 commit c05b97fc7adc999e21529b8ead34ae16dcadb9e2 Author: Michal Orzel AuthorDate: Tue Apr 23 18:11:19 2024 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 24 16:49:41 2024 -0700 automation: Drop some of the non-debug variants of the same Arm jobs To save some bandwith that can be later on used to increase the test coverage by adding new tests, drop the following non-debug test/build jobs existing in both debug and non-debug variants: - static memory (arm64, arm32) - static shared memory (arm64) - static heap (arm64) - boot cpupools (arm64) - gzip (arm32) More generic tests existing in both variants were left unmodified. Signed-off-by: Michal Orzel Acked-by: Stefano Stabellini --- automation/gitlab-ci/build.yaml | 38 -------------------------------- automation/gitlab-ci/test.yaml | 48 ----------------------------------------- 2 files changed, 86 deletions(-) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index aac29ee13a..f3c934471f 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -392,16 +392,6 @@ debian-bookworm-gcc-arm32-debug-randconfig: HYPERVISOR_ONLY: y RANDCONFIG: y -debian-bookworm-gcc-arm32-staticmem: - extends: .gcc-arm32-cross-build - variables: - CONTAINER: debian:bookworm-arm64v8-arm32-gcc - HYPERVISOR_ONLY: y - EXTRA_XEN_CONFIG: | - CONFIG_EXPERT=y - CONFIG_UNSUPPORTED=y - CONFIG_STATIC_MEMORY=y - debian-bookworm-gcc-arm32-debug-staticmem: extends: .gcc-arm32-cross-build-debug variables: @@ -458,15 +448,6 @@ alpine-3.18-gcc-debug-arm64-randconfig: CONTAINER: alpine:3.18-arm64v8 RANDCONFIG: y -alpine-3.18-gcc-arm64-staticmem: - extends: .gcc-arm64-build - variables: - CONTAINER: alpine:3.18-arm64v8 - EXTRA_XEN_CONFIG: | - CONFIG_EXPERT=y - CONFIG_UNSUPPORTED=y - CONFIG_STATIC_MEMORY=y - alpine-3.18-gcc-debug-arm64-staticmem: extends: .gcc-arm64-build-debug variables: @@ -476,15 +457,6 @@ alpine-3.18-gcc-debug-arm64-staticmem: CONFIG_UNSUPPORTED=y CONFIG_STATIC_MEMORY=y -alpine-3.18-gcc-arm64-static-shared-mem: - extends: .gcc-arm64-build - variables: - CONTAINER: alpine:3.18-arm64v8 - EXTRA_XEN_CONFIG: | - CONFIG_UNSUPPORTED=y - CONFIG_STATIC_MEMORY=y - CONFIG_STATIC_SHM=y - alpine-3.18-gcc-debug-arm64-static-shared-mem: extends: .gcc-arm64-build-debug variables: @@ -494,16 +466,6 @@ alpine-3.18-gcc-debug-arm64-static-shared-mem: CONFIG_STATIC_MEMORY=y CONFIG_STATIC_SHM=y -alpine-3.18-gcc-arm64-boot-cpupools: - extends: .gcc-arm64-build - variables: - CONTAINER: alpine:3.18-arm64v8 - EXTRA_XEN_CONFIG: | - CONFIG_EXPERT=y - CONFIG_UNSUPPORTED=y - CONFIG_SCHED_NULL=y - CONFIG_BOOT_TIME_CPUPOOLS=y - alpine-3.18-gcc-debug-arm64-boot-cpupools: extends: .gcc-arm64-build-debug variables: diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 8b7b2e4da9..55a7831ad2 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -255,14 +255,6 @@ qemu-smoke-dom0less-arm64-gcc-debug: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64 -qemu-smoke-dom0less-arm64-gcc-staticmem: - extends: .qemu-arm64 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-mem 2>&1 | tee ${LOGFILE} - needs: - - *arm64-test-needs - - alpine-3.18-gcc-arm64-staticmem - qemu-smoke-dom0less-arm64-gcc-debug-staticmem: extends: .qemu-arm64 script: @@ -271,14 +263,6 @@ qemu-smoke-dom0less-arm64-gcc-debug-staticmem: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64-staticmem -qemu-smoke-dom0less-arm64-gcc-staticheap: - extends: .qemu-arm64 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-heap 2>&1 | tee ${LOGFILE} - needs: - - *arm64-test-needs - - alpine-3.18-gcc-arm64 - qemu-smoke-dom0less-arm64-gcc-debug-staticheap: extends: .qemu-arm64 script: @@ -287,14 +271,6 @@ qemu-smoke-dom0less-arm64-gcc-debug-staticheap: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64 -qemu-smoke-dom0less-arm64-gcc-static-shared-mem: - extends: .qemu-arm64 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-shared-mem 2>&1 | tee ${LOGFILE} - needs: - - *arm64-test-needs - - alpine-3.18-gcc-arm64-static-shared-mem - qemu-smoke-dom0less-arm64-gcc-debug-static-shared-mem: extends: .qemu-arm64 script: @@ -303,14 +279,6 @@ qemu-smoke-dom0less-arm64-gcc-debug-static-shared-mem: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64-static-shared-mem -qemu-smoke-dom0less-arm64-gcc-boot-cpupools: - extends: .qemu-arm64 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm64.sh boot-cpupools 2>&1 | tee ${LOGFILE} - needs: - - *arm64-test-needs - - alpine-3.18-gcc-arm64-boot-cpupools - qemu-smoke-dom0less-arm64-gcc-debug-boot-cpupools: extends: .qemu-arm64 script: @@ -359,14 +327,6 @@ qemu-smoke-dom0less-arm32-gcc-debug: - *arm32-test-needs - debian-bookworm-gcc-arm32-debug -qemu-smoke-dom0less-arm32-gcc-staticmem: - extends: .qemu-arm32 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm32.sh static-mem 2>&1 | tee ${LOGFILE} - needs: - - *arm32-test-needs - - debian-bookworm-gcc-arm32-staticmem - qemu-smoke-dom0less-arm32-gcc-debug-staticmem: extends: .qemu-arm32 script: @@ -375,14 +335,6 @@ qemu-smoke-dom0less-arm32-gcc-debug-staticmem: - *arm32-test-needs - debian-bookworm-gcc-arm32-debug-staticmem -qemu-smoke-dom0less-arm32-gcc-gzip: - extends: .qemu-arm32 - script: - - ./automation/scripts/qemu-smoke-dom0less-arm32.sh gzip 2>&1 | tee ${LOGFILE} - needs: - - *arm32-test-needs - - debian-bookworm-gcc-arm32 - qemu-smoke-dom0less-arm32-gcc-debug-gzip: extends: .qemu-arm32 script: -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:57:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:57:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712271.1112842 (Exim 4.92) (envelope-from ) id 1s05EB-0004s6-4l; Thu, 25 Apr 2024 19:57:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712271.1112842; Thu, 25 Apr 2024 19:57:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05EB-0004rz-21; Thu, 25 Apr 2024 19:57:55 +0000 Received: by outflank-mailman (input) for mailman id 712271; Thu, 25 Apr 2024 19:57:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05E9-0004rp-Q3 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05E9-0003gh-PJ for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05E9-0002kL-OV for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:57:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=H4wH/8H1ybFZWZ3nSIWg71S4Z6MD4+sZakGBEI7KCfg=; b=kTnNuUwsv+0Wk4GqX1kuxLleiG xrjvagT+9RCTFyswo7Me7ejDl7T6icoAWVLffyBvy6aMc2N5MfIr6hlUpt8S+cqcX+l1ogL1JqLKh CTSUFwf6Wg5m4kFFoNoYQ/8hTet+nCTToM0h36+7CX0XboHpOQ/HEgXvvW0H6JTQvnbM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] automation: Add arm{64,32} earlyprintk jobs Message-Id: Date: Thu, 25 Apr 2024 19:57:53 +0000 commit db49973411462ba99de76956aad404ccc20bf383 Author: Michal Orzel AuthorDate: Tue Apr 23 18:11:20 2024 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 24 16:49:49 2024 -0700 automation: Add arm{64,32} earlyprintk jobs Introduce qemu based Arm earlyprintk test and build jobs to cover this feature in debug variant. The tests simply check for the presence of the last message printed by the bootstrap code before entering the C world. Signed-off-by: Michal Orzel Reviewed-by: Stefano Stabellini --- automation/gitlab-ci/build.yaml | 17 +++++++++++++++++ automation/gitlab-ci/test.yaml | 16 ++++++++++++++++ automation/scripts/qemu-smoke-dom0less-arm32.sh | 7 +++++++ automation/scripts/qemu-smoke-dom0less-arm64.sh | 5 +++++ 4 files changed, 45 insertions(+) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index f3c934471f..49d6265ad5 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -402,6 +402,15 @@ debian-bookworm-gcc-arm32-debug-staticmem: CONFIG_UNSUPPORTED=y CONFIG_STATIC_MEMORY=y +debian-bookworm-gcc-arm32-debug-earlyprintk: + extends: .gcc-arm32-cross-build-debug + variables: + CONTAINER: debian:bookworm-arm64v8-arm32-gcc + HYPERVISOR_ONLY: y + EXTRA_XEN_CONFIG: | + CONFIG_EARLY_UART_CHOICE_PL011=y + CONFIG_EARLY_UART_BASE_ADDRESS=0x9000000 + # Arm builds debian-bookworm-gcc-arm64: @@ -473,6 +482,14 @@ alpine-3.18-gcc-debug-arm64-boot-cpupools: EXTRA_XEN_CONFIG: | CONFIG_BOOT_TIME_CPUPOOLS=y +alpine-3.18-gcc-debug-arm64-earlyprintk: + extends: .gcc-arm64-build-debug + variables: + CONTAINER: alpine:3.18-arm64v8 + EXTRA_XEN_CONFIG: | + CONFIG_EARLY_UART_CHOICE_PL011=y + CONFIG_EARLY_UART_BASE_ADDRESS=0x9000000 + # RISC-V 64 cross-build .riscv-fixed-randconfig: variables: &riscv-fixed-randconfig diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 55a7831ad2..1e5d86763f 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -287,6 +287,14 @@ qemu-smoke-dom0less-arm64-gcc-debug-boot-cpupools: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64-boot-cpupools +qemu-smoke-dom0less-arm64-gcc-debug-earlyprintk: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh earlyprintk 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-debug-arm64-earlyprintk + qemu-xtf-dom0less-arm64-gcc-hyp-xen-version: extends: .qemu-arm64 script: @@ -359,6 +367,14 @@ qemu-smoke-dom0less-arm32-gcc-debug-without-dom0: - *arm32-test-needs - debian-bookworm-gcc-arm32-debug +qemu-smoke-dom0less-arm32-gcc-debug-earlyprintk: + extends: .qemu-arm32 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm32.sh earlyprintk 2>&1 | tee ${LOGFILE} + needs: + - *arm32-test-needs + - debian-bookworm-gcc-arm32-debug-earlyprintk + qemu-alpine-x86_64-gcc: extends: .qemu-x86-64 script: diff --git a/automation/scripts/qemu-smoke-dom0less-arm32.sh b/automation/scripts/qemu-smoke-dom0less-arm32.sh index e31b6b9014..1e2b939aad 100755 --- a/automation/scripts/qemu-smoke-dom0less-arm32.sh +++ b/automation/scripts/qemu-smoke-dom0less-arm32.sh @@ -53,6 +53,13 @@ echo \"${passed}\" " fi +if [[ "${test_variant}" == "earlyprintk" ]]; then + # Clear dom0 prompt + dom0_prompt="" + # Last early printk message before entering C world + passed="\- Ready \-" +fi + # dom0/domU rootfs # We are using the same rootfs for dom0 and domU. The only difference is # that for the former, we set explictly rdinit to /bin/sh, whereas for the diff --git a/automation/scripts/qemu-smoke-dom0less-arm64.sh b/automation/scripts/qemu-smoke-dom0less-arm64.sh index e748b8ef16..fc943a1a62 100755 --- a/automation/scripts/qemu-smoke-dom0less-arm64.sh +++ b/automation/scripts/qemu-smoke-dom0less-arm64.sh @@ -61,6 +61,11 @@ fi " fi +if [[ "${test_variant}" == "earlyprintk" ]]; then + # Last early printk message before entering C world + passed="\- Ready \-" +fi + # XXX QEMU looks for "efi-virtio.rom" even if it is unneeded curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom ./binaries/qemu-system-aarch64 \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 19:58:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 19:58:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712272.1112846 (Exim 4.92) (envelope-from ) id 1s05EL-0004up-68; Thu, 25 Apr 2024 19:58:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712272.1112846; Thu, 25 Apr 2024 19:58:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05EL-0004ug-3W; Thu, 25 Apr 2024 19:58:05 +0000 Received: by outflank-mailman (input) for mailman id 712272; Thu, 25 Apr 2024 19:58:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05EJ-0004uZ-Ss for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:58:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05EJ-0003h2-S1 for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:58:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05EJ-0002lR-RJ for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 19:58:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VfcZKDQJ1rKYqRReump2LVOfm4kyUNjXVdJFyVBpPMI=; b=eFTvVIvdIyou7atP82KBp2phXC uM8eUmmav7uCdTGxlYu96Qur61V84SobeDnHoM9UlXyl2NsivjXlFzfwc525a/xQUMznEz4wilwof GiTLfAnhULJwi9fZShFDKU/isKP+xq98vbjt63oX6NPs9LsoUQgFw+gXCTQ2bs+Qa5Qs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] automation: Add arm64 test for running Xen with GICv3 Message-Id: Date: Thu, 25 Apr 2024 19:58:03 +0000 commit 31d6b5b4a7c84818294dacca7a07e92f52393c9d Author: Michal Orzel AuthorDate: Tue Apr 23 18:11:21 2024 +0200 Commit: Stefano Stabellini CommitDate: Wed Apr 24 16:51:53 2024 -0700 automation: Add arm64 test for running Xen with GICv3 At the moment, all the Arm64 Qemu tests use GICv2 which is the default GIC version used by Qemu. Improve the coverage by adding a new test in which Qemu will be configured to have GICv3. Rename host device tree name to "virt.dtb" to be GIC version agnostic. Use "gic-version" Qemu option to select the version to use. Unless the test variant is set to "gicv3", version 2 will be used. Signed-off-by: Michal Orzel Reviewed-by: Stefano Stabellini --- automation/gitlab-ci/test.yaml | 8 ++++++++ automation/scripts/qemu-smoke-dom0less-arm64.sh | 19 ++++++++++++++----- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml index 1e5d86763f..ad249fa0a5 100644 --- a/automation/gitlab-ci/test.yaml +++ b/automation/gitlab-ci/test.yaml @@ -255,6 +255,14 @@ qemu-smoke-dom0less-arm64-gcc-debug: - *arm64-test-needs - alpine-3.18-gcc-debug-arm64 +qemu-smoke-dom0less-arm64-gcc-debug-gicv3: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh gicv3 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-debug-arm64 + qemu-smoke-dom0less-arm64-gcc-debug-staticmem: extends: .qemu-arm64 script: diff --git a/automation/scripts/qemu-smoke-dom0less-arm64.sh b/automation/scripts/qemu-smoke-dom0less-arm64.sh index fc943a1a62..292c38a561 100755 --- a/automation/scripts/qemu-smoke-dom0less-arm64.sh +++ b/automation/scripts/qemu-smoke-dom0less-arm64.sh @@ -4,6 +4,9 @@ set -ex test_variant=$1 +# Default GIC version +gic_version="2" + if [ -z "${test_variant}" ]; then passed="ping test passed" domU_check=" @@ -66,16 +69,22 @@ if [[ "${test_variant}" == "earlyprintk" ]]; then passed="\- Ready \-" fi +if [[ "${test_variant}" == "gicv3" ]]; then + gic_version=3 + passed="${test_variant} test passed" + domU_check="echo \"${passed}\"" +fi + # XXX QEMU looks for "efi-virtio.rom" even if it is unneeded curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom ./binaries/qemu-system-aarch64 \ -machine virtualization=true \ - -cpu cortex-a57 -machine type=virt \ + -cpu cortex-a57 -machine type=virt,gic-version=$gic_version \ -m 2048 -smp 2 -display none \ - -machine dumpdtb=binaries/virt-gicv2.dtb + -machine dumpdtb=binaries/virt.dtb # XXX disable pl061 to avoid Linux crash -fdtput binaries/virt-gicv2.dtb -p -t s /pl061@9030000 status disabled +fdtput binaries/virt.dtb -p -t s /pl061@9030000 status disabled # Busybox mkdir -p initrd @@ -138,7 +147,7 @@ cd .. echo 'MEMORY_START="0x40000000" MEMORY_END="0x50000000" -DEVICE_TREE="virt-gicv2.dtb" +DEVICE_TREE="virt.dtb" XEN="xen" DOM0_KERNEL="Image" DOM0_RAMDISK="dom0-rootfs.cpio.gz" @@ -200,7 +209,7 @@ echo " virtio scan; dhcp; tftpb 0x40000000 boot.scr; source 0x40000000"| \ timeout -k 1 240 \ ./binaries/qemu-system-aarch64 \ -machine virtualization=true \ - -cpu cortex-a57 -machine type=virt \ + -cpu cortex-a57 -machine type=virt,gic-version=$gic_version \ -m 2048 -monitor none -serial stdio \ -smp 2 \ -no-reboot \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 20:22:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 20:22:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712278.1112861 (Exim 4.92) (envelope-from ) id 1s05bZ-0001TG-2T; Thu, 25 Apr 2024 20:22:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712278.1112861; Thu, 25 Apr 2024 20:22:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05bY-0001T9-W9; Thu, 25 Apr 2024 20:22:04 +0000 Received: by outflank-mailman (input) for mailman id 712278; Thu, 25 Apr 2024 20:22:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05bX-0001T3-MF for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 20:22:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05bX-0004AS-HL for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 20:22:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05bX-0004TV-Fb for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 20:22:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9I5laQkQgggpQ0l5r1xRcOnq49zsDMN1J8ru+Y0io/k=; b=D4Yg1hJa1ryH9UL3vsX0yDn8FD GwN2HEFoT1SoCvz0ayWveS/+RVMbQW14CunSSGUi2mPKy7atnaWBw5MbZBeLubpowiJkedVyRgbuC rCOK7QPIXRzv67VtytvJknZDVFMvXFU/zyZ+hNOPVicr13ISS46JfgrVoDZ9H2FRpy7o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] automation/eclair: reorganize pipelines Message-Id: Date: Thu, 25 Apr 2024 20:22:03 +0000 commit 4edbbcd0c0ce7981b9f78a0ddf91cdccd6a81172 Author: Simone Ballarin AuthorDate: Tue Apr 23 17:14:33 2024 +0200 Commit: Stefano Stabellini CommitDate: Thu Apr 25 13:01:30 2024 -0700 automation/eclair: reorganize pipelines Introduce accepted_guidelines.sh: a script to autogenerate the configuration file accepted.ecl from docs/misra/rules.rst which enables all accepted guidelines. Introduce monitored.ecl: a manual selection of accepted guidelines which are clean or almost clean, it is intended to be used for the analyses triggered by commits. Reorganize tagging.ecl: -Remove "accepted" tags: keeping track of accepted guidelines tagging them as "accepted" in the configuration file tagging.ecl is no longer needed since docs/rules.rst is keeping track of them. -Tag more guidelines as clean. Reorganize eclair pipelines: - Set1, Set2, Set3 are now obsolete: remove the corresponding pipelines and ecl files. - Amend scheduled eclair pipeline to use accepted.ecl. - Amend triggered eclair pipeline to use monitored.ecl. Rename and improve action_check_clean_regressions.sh to print a diagnostic in case a commit introduces a violation of a clean guideline. An example of diagnostic is the following: Failure: 13 regressions found for clean guidelines service MC3R1.R8.2: (required) Function types shall be in prototype form with named parameters: violation: 13 Signed-off-by: Simone Ballarin Signed-off-by: Federico Serafini Signed-off-by: Alessandro Zucchelli Reviewed-by: Stefano Stabellini --- automation/eclair_analysis/ECLAIR/Set1.ecl | 59 ---------------- automation/eclair_analysis/ECLAIR/Set2.ecl | 25 ------- automation/eclair_analysis/ECLAIR/Set3.ecl | 67 ------------------ .../eclair_analysis/ECLAIR/accepted_guidelines.sh | 13 ++++ automation/eclair_analysis/ECLAIR/action.helpers | 3 +- automation/eclair_analysis/ECLAIR/action.settings | 1 + .../ECLAIR/action_check_clean_regressions.sh | 38 ++++++++++ .../eclair_analysis/ECLAIR/action_clean_added.sh | 36 ---------- automation/eclair_analysis/ECLAIR/analyze.sh | 2 +- automation/eclair_analysis/ECLAIR/generate_ecl.sh | 4 ++ automation/eclair_analysis/ECLAIR/monitored.ecl | 80 ++++++++++++++++++++++ automation/eclair_analysis/ECLAIR/tagging.ecl | 15 +--- automation/gitlab-ci/analyze.yaml | 48 ++----------- automation/scripts/eclair | 8 +-- 14 files changed, 149 insertions(+), 250 deletions(-) diff --git a/automation/eclair_analysis/ECLAIR/Set1.ecl b/automation/eclair_analysis/ECLAIR/Set1.ecl deleted file mode 100644 index 86b8e7e772..0000000000 --- a/automation/eclair_analysis/ECLAIR/Set1.ecl +++ /dev/null @@ -1,59 +0,0 @@ --doc_begin="Set 1 of Xen MISRA C guidelines" --enable=MC3R1.R9.1 --enable=MC3R1.R12.5 --enable=MC3R1.R17.3 --enable=MC3R1.R17.4 --enable=MC3R1.R17.6 --enable=MC3R1.R19.1 --enable=MC3R1.R21.13 --enable=MC3R1.R21.17 --enable=MC3R1.R21.18 --enable=MC3R1.R21.19 --enable=MC3R1.R21.20 --enable=MC3R1.R21.21 --enable=MC3R1.R22.2 --enable=MC3R1.R22.4 --enable=MC3R1.R22.5 --enable=MC3R1.R22.6 --enable=MC3R1.D1.1 --enable=MC3R1.D2.1 --enable=MC3R1.D4.1 --enable=MC3R1.D4.3 --enable=MC3R1.D4.7 --enable=MC3R1.D4.10 --enable=MC3R1.D4.11 --enable=MC3R1.D4.14 --enable=MC3R1.R1.1 --enable=MC3R1.R1.3 --enable=MC3R1.R1.4 --enable=MC3R1.R2.1 --enable=MC3R1.R2.2 --enable=MC3R1.R3.1 --enable=MC3R1.R3.2 --enable=MC3R1.R4.1 --enable=MC3R1.R5.1 --enable=MC3R1.R5.2 --enable=MC3R1.R5.3 --enable=MC3R1.R5.4 --enable=MC3R1.R5.6 --enable=MC3R1.R6.1 --enable=MC3R1.R6.2 --enable=MC3R1.R7.1 --enable=MC3R1.R7.2 --enable=MC3R1.R7.3 --enable=MC3R1.R7.4 --enable=MC3R1.R8.1 --enable=MC3R1.R8.2 --enable=MC3R1.R8.3 --enable=MC3R1.R8.4 --enable=MC3R1.R8.5 --enable=MC3R1.R8.6 --enable=MC3R1.R8.8 --enable=MC3R1.R8.10 --enable=MC3R1.R8.12 --enable=MC3R1.R8.14 --enable=MC3R1.R9.2 --enable=MC3R1.R9.3 --enable=MC3R1.R9.4 --enable=MC3R1.R9.5 --doc_end diff --git a/automation/eclair_analysis/ECLAIR/Set2.ecl b/automation/eclair_analysis/ECLAIR/Set2.ecl deleted file mode 100644 index 7608335cf4..0000000000 --- a/automation/eclair_analysis/ECLAIR/Set2.ecl +++ /dev/null @@ -1,25 +0,0 @@ --doc_begin="Set 2 of Xen MISRA C guidelines" --enable=MC3R1.R10.1 --enable=MC3R1.R10.2 --enable=MC3R1.R10.3 --enable=MC3R1.R10.4 --enable=MC3R1.R10.6 --enable=MC3R1.R10.7 --enable=MC3R1.R10.8 --enable=MC3R1.R11.1 --enable=MC3R1.R11.2 --enable=MC3R1.R11.3 --enable=MC3R1.R11.6 --enable=MC3R1.R11.7 --enable=MC3R1.R11.8 --enable=MC3R1.R11.9 --enable=MC3R1.R12.2 --enable=MC3R1.R13.1 --enable=MC3R1.R13.2 --enable=MC3R1.R13.5 --enable=MC3R1.R13.6 --enable=MC3R1.R14.1 --enable=MC3R1.R14.2 --enable=MC3R1.R14.3 --enable=MC3R1.R14.4 --doc_end diff --git a/automation/eclair_analysis/ECLAIR/Set3.ecl b/automation/eclair_analysis/ECLAIR/Set3.ecl deleted file mode 100644 index d2c2c4b21f..0000000000 --- a/automation/eclair_analysis/ECLAIR/Set3.ecl +++ /dev/null @@ -1,67 +0,0 @@ --doc_begin="Set 3 of Xen MISRA C guidelines" --enable=MC3R1.D4.12 --enable=MC3R1.R5.5 --enable=MC3R1.R5.7 --enable=MC3R1.R5.8 --enable=MC3R1.R15.2 --enable=MC3R1.R15.3 --enable=MC3R1.R15.6 --enable=MC3R1.R15.7 --enable=MC3R1.R16.1 --enable=MC3R1.R16.2 --enable=MC3R1.R16.3 --enable=MC3R1.R16.4 --enable=MC3R1.R16.5 --enable=MC3R1.R16.6 --enable=MC3R1.R16.7 --enable=MC3R1.R17.1 --enable=MC3R1.R17.2 --enable=MC3R1.R17.5 --enable=MC3R1.R17.7 --enable=MC3R1.R18.1 --enable=MC3R1.R18.2 --enable=MC3R1.R18.3 --enable=MC3R1.R18.6 --enable=MC3R1.R18.7 --enable=MC3R1.R18.8 --enable=MC3R1.R20.2 --enable=MC3R1.R20.3 --enable=MC3R1.R20.4 --enable=MC3R1.R20.6 --enable=MC3R1.R20.7 --enable=MC3R1.R20.8 --enable=MC3R1.R20.9 --enable=MC3R1.R20.11 --enable=MC3R1.R20.12 --enable=MC3R1.R20.13 --enable=MC3R1.R20.14 --enable=MC3R1.R21.1 --enable=MC3R1.R21.2 --enable=MC3R1.R21.3 --enable=MC3R1.R21.4 --enable=MC3R1.R21.5 --enable=MC3R1.R21.6 --enable=MC3R1.R21.7 --enable=MC3R1.R21.8 --enable=MC3R1.R21.9 --enable=MC3R1.R21.10 --enable=MC3R1.R21.12 --enable=MC3R1.R21.14 --enable=MC3R1.R21.15 --enable=MC3R1.R21.16 --enable=MC3R1.R22.1 --enable=MC3R1.R22.3 --enable=MC3R1.R22.7 --enable=MC3R1.R22.8 --enable=MC3R1.R22.9 --enable=MC3R1.R22.10 --enable=MC3R1.R2.6 --enable=MC3R1.R4.2 --doc_end - --doc_begin="Guidelines added with Xen MISRA C Task (a): Xen Coding Guidelines v1.1, June 1, 2023" --enable=MC3R1.R21.11 --enable=MC3R1.D4.4 --enable=MC3R1.R8.9 --enable=MC3R1.R12.4 --doc_end diff --git a/automation/eclair_analysis/ECLAIR/accepted_guidelines.sh b/automation/eclair_analysis/ECLAIR/accepted_guidelines.sh new file mode 100755 index 0000000000..b308bd4cda --- /dev/null +++ b/automation/eclair_analysis/ECLAIR/accepted_guidelines.sh @@ -0,0 +1,13 @@ +#!/bin/bash +# Stop immediately if any executed command has exit status different from 0. +set -eu + +script_dir="$( + cd "$(dirname "$0")" + echo "${PWD}" +)" + +accepted_rst=$1 + +grep -Eo "\`(Dir|Rule) [0-9]+\.[0-9]+" ${accepted_rst} \ + | sed -e 's/`Rule /MC3R1.R/' -e 's/`Dir /MC3R1.D/' -e 's/.*/-enable=&/' > ${script_dir}/accepted.ecl diff --git a/automation/eclair_analysis/ECLAIR/action.helpers b/automation/eclair_analysis/ECLAIR/action.helpers index df9bf2bd11..9d4ae1f979 100644 --- a/automation/eclair_analysis/ECLAIR/action.helpers +++ b/automation/eclair_analysis/ECLAIR/action.helpers @@ -127,7 +127,7 @@ EOF fi case ${ci} in github) - cat "${summaryTxt}" >"${GITHUB_STEP_SUMMARY}" + cat "${summaryTxt}" "${cleanRegressionsLog}" >"${GITHUB_STEP_SUMMARY}" ;; gitlab) open_section ECLAIR_summary "ECLAIR analysis summary" "" @@ -140,6 +140,7 @@ ${analysisSummaryMsgLog} ${currentReportsMsgLog} ${referenceReportsMsgLog} EOF + cat ${cleanRegressionsLog} close_section ECLAIR_summary ;; jenkins) diff --git a/automation/eclair_analysis/ECLAIR/action.settings b/automation/eclair_analysis/ECLAIR/action.settings index 3cba1a3afb..1577368b61 100644 --- a/automation/eclair_analysis/ECLAIR/action.settings +++ b/automation/eclair_analysis/ECLAIR/action.settings @@ -175,6 +175,7 @@ eclairReportUrlPrefix=https://saas.eclairit.com:3787 jobDir="${artifactsDir}/${subDir}/${jobId}" updateLog="${analysisOutputDir}/update.log" +cleanRegressionsLog="${analysisOutputDir}/clean_regressions.log" commentLog="${analysisOutputDir}/comment.json" indexHtmlUrl="${eclairReportUrlPrefix}/fs${jobDir}/index.html" summaryTxt="${analysisOutputDir}/summary.txt" diff --git a/automation/eclair_analysis/ECLAIR/action_check_clean_regressions.sh b/automation/eclair_analysis/ECLAIR/action_check_clean_regressions.sh new file mode 100755 index 0000000000..31b90e5241 --- /dev/null +++ b/automation/eclair_analysis/ECLAIR/action_check_clean_regressions.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +set -eu + +usage() { + echo "Usage: $0 ANALYSIS_OUTPUT_DIR" >&2 + exit 2 +} + +[ $# -eq 1 ] || usage + +analysisOutputDir=$1 + +# Load settings and helpers +. "$(dirname "$0")/action.helpers" +. "$(dirname "$0")/action.settings" + +cleanRegressionsTxt=${analysisOutputDir}/clean_regressions.txt + +cleanRegressionCount=$("${ECLAIR_BIN_DIR}eclair_report" \ + "-db='${analysisOutputDir}/PROJECT.ecd'" \ + "-sel_unfixed=unfixed" \ + "-sel_tag_glob=violation_only,kind,violation" \ + "-sel_tag_glob=clean_added,clean,added" \ + "-report_counts_txt=service,'${cleanRegressionsTxt}'" \ + "-print='',reports_count()") + +if [ "${cleanRegressionCount}" -gt 0 ]; then + { + echo "Failure: ${cleanRegressionCount} regressions found for clean guidelines" + sed -n '/^Number of.*$/,/^$/{ /^Number of.*$/! { /^$/! p } }' ${cleanRegressionsTxt} + } > ${cleanRegressionsLog} + rm ${cleanRegressionsTxt} + exit 1 +else + echo "Success: No regressions for clean guidelines" > ${cleanRegressionsLog} + rm ${cleanRegressionsTxt} +fi diff --git a/automation/eclair_analysis/ECLAIR/action_clean_added.sh b/automation/eclair_analysis/ECLAIR/action_clean_added.sh deleted file mode 100755 index 59bc35fd13..0000000000 --- a/automation/eclair_analysis/ECLAIR/action_clean_added.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -set -eu - -usage() { - echo "Usage: $0 ANALYSIS_OUTPUT_DIR" >&2 - exit 2 -} - -[ $# -eq 1 ] || usage - -analysisOutputDir=$1 - -cleanAddedTxt="${analysisOutputDir}/clean_added.log" - -# Load settings and helpers -. "$(dirname "$0")/action.helpers" -. "$(dirname "$0")/action.settings" - -unexpectedReports=$("${ECLAIR_BIN_DIR}eclair_report" \ - "-db='${analysisOutputDir}/PROJECT.ecd'" \ - "-sel_unfixed=unfixed" \ - "-sel_tag_glob=clean_added,clean,added" \ - "-print='',reports_count()") - -if [ "${unexpectedReports}" -gt 0 ]; then - cat <"${cleanAddedTxt}" -Failure: ${unexpectedReports} unexpected reports found. -Unexpected reports are tagged 'clean:added'. -EOF - exit 1 -else - cat <"${cleanAddedTxt}" -Success: No unexpected reports. -EOF -fi diff --git a/automation/eclair_analysis/ECLAIR/analyze.sh b/automation/eclair_analysis/ECLAIR/analyze.sh index a127e7aaed..0ea5520c93 100755 --- a/automation/eclair_analysis/ECLAIR/analyze.sh +++ b/automation/eclair_analysis/ECLAIR/analyze.sh @@ -52,7 +52,7 @@ VARIANT="${XEN_TARGET_ARCH}" # Used in analysis.ecl case "$2" in -Set0|Set1|Set2|Set3) +accepted|monitored) export SET="$2" ;; *) diff --git a/automation/eclair_analysis/ECLAIR/generate_ecl.sh b/automation/eclair_analysis/ECLAIR/generate_ecl.sh index de20728eb1..66766b23ab 100755 --- a/automation/eclair_analysis/ECLAIR/generate_ecl.sh +++ b/automation/eclair_analysis/ECLAIR/generate_ecl.sh @@ -10,6 +10,10 @@ script_dir="$( )" exclude_list="${ECLAIR_PROJECT_ROOT}/docs/misra/exclude-list.json" +accepted_rst="${ECLAIR_PROJECT_ROOT}/docs/misra/rules.rst" # Generate the exclude list file "${script_dir}/adopted.sh" "${exclude_list}" + +# Generate accepted guidelines +"${script_dir}/accepted_guidelines.sh" "${accepted_rst}" diff --git a/automation/eclair_analysis/ECLAIR/monitored.ecl b/automation/eclair_analysis/ECLAIR/monitored.ecl new file mode 100644 index 0000000000..69308ea51c --- /dev/null +++ b/automation/eclair_analysis/ECLAIR/monitored.ecl @@ -0,0 +1,80 @@ +-doc_begin="A set of guidelines that are clean or that only have few violations left." +-enable=MC3R1.D1.1 +-enable=MC3R1.D2.1 +-enable=MC3R1.D4.1 +-enable=MC3R1.D4.10 +-enable=MC3R1.D4.11 +-enable=MC3R1.D4.12 +-enable=MC3R1.D4.14 +-enable=MC3R1.D4.3 +-enable=MC3R1.D4.7 +-enable=MC3R1.R10.1 +-enable=MC3R1.R10.2 +-enable=MC3R1.R1.1 +-enable=MC3R1.R11.1 +-enable=MC3R1.R11.7 +-enable=MC3R1.R11.8 +-enable=MC3R1.R11.9 +-enable=MC3R1.R12.5 +-enable=MC3R1.R1.3 +-enable=MC3R1.R13.6 +-enable=MC3R1.R1.4 +-enable=MC3R1.R14.1 +-enable=MC3R1.R14.4 +-enable=MC3R1.R16.2 +-enable=MC3R1.R16.6 +-enable=MC3R1.R16.7 +-enable=MC3R1.R17.1 +-enable=MC3R1.R17.3 +-enable=MC3R1.R17.4 +-enable=MC3R1.R17.5 +-enable=MC3R1.R17.6 +-enable=MC3R1.R19.1 +-enable=MC3R1.R20.12 +-enable=MC3R1.R20.13 +-enable=MC3R1.R20.14 +-enable=MC3R1.R20.4 +-enable=MC3R1.R20.9 +-enable=MC3R1.R2.1 +-enable=MC3R1.R21.13 +-enable=MC3R1.R21.17 +-enable=MC3R1.R21.18 +-enable=MC3R1.R21.19 +-enable=MC3R1.R21.20 +-enable=MC3R1.R21.21 +-enable=MC3R1.R2.2 +-enable=MC3R1.R22.2 +-enable=MC3R1.R22.4 +-enable=MC3R1.R22.5 +-enable=MC3R1.R22.6 +-enable=MC3R1.R2.6 +-enable=MC3R1.R3.1 +-enable=MC3R1.R3.2 +-enable=MC3R1.R4.1 +-enable=MC3R1.R4.2 +-enable=MC3R1.R5.1 +-enable=MC3R1.R5.2 +-enable=MC3R1.R5.3 +-enable=MC3R1.R5.4 +-enable=MC3R1.R5.6 +-enable=MC3R1.R6.1 +-enable=MC3R1.R6.2 +-enable=MC3R1.R7.1 +-enable=MC3R1.R7.2 +-enable=MC3R1.R7.3 +-enable=MC3R1.R7.4 +-enable=MC3R1.R8.1 +-enable=MC3R1.R8.10 +-enable=MC3R1.R8.12 +-enable=MC3R1.R8.14 +-enable=MC3R1.R8.2 +-enable=MC3R1.R8.3 +-enable=MC3R1.R8.4 +-enable=MC3R1.R8.5 +-enable=MC3R1.R8.6 +-enable=MC3R1.R8.8 +-enable=MC3R1.R9.2 +-enable=MC3R1.R9.3 +-enable=MC3R1.R9.4 +-enable=MC3R1.R9.5 +-doc_end diff --git a/automation/eclair_analysis/ECLAIR/tagging.ecl b/automation/eclair_analysis/ECLAIR/tagging.ecl index a1dea32b21..d609b470eb 100644 --- a/automation/eclair_analysis/ECLAIR/tagging.ecl +++ b/automation/eclair_analysis/ECLAIR/tagging.ecl @@ -13,24 +13,13 @@ -doc="Hide reports marked as disapplied." -remap_rtag={disapplied,hide} -####################### -# Accepted guidelines # -####################### - --doc="Accepted guidelines as reported in XEN/docs/misra/rules.rst" --service_selector={accepted_guidelines, - "MC3R1.D1.1||MC3R1.D2.1||MC3R1.D4.1||MC3R1.D4.3||MC3R1.D4.7||MC3R1.D4.10||MC3R1.D4.11||MC3R1.D4.14||MC3R1.R1.1||MC3R1.R1.3||MC3R1.R1.4||MC3R1.R2.1||MC3R1.R2.2||MC3R1.R2.6||MC3R1.R3.1||MC3R1.R3.2||MC3R1.R4.1||MC3R1.R4.2||MC3R1.R5.1||MC3R1.R5.2||MC3R1.R5.3||MC3R1.R5.4||MC3R1.R5.6||MC3R1.R6.1||MC3R1.R6.2||MC3R1.R7.1||MC3R1.R7.2||MC3R1.R7.3||MC3R1.R7.4||MC3R1.R8.1||MC3R1.R8.2||MC3R1.R8.3||MC3R1.R8.4||MC3R1.R8.5||MC3R1.R8.6||MC3R1.R8.8||MC3R1.R8.10||MC3R1.R8.12||MC3R1.R8.14||MC3R1.R9.1||MC3R1.R9.2||MC3R1.R9.3||MC3R1.R9.4||MC3R1.R9.5||MC3R1.R10.1||MC3R1.R10.2||MC3R1.R10.3||MC3R1.R10.4||MC3R1.R11.7||MC3R1.R11.8||MC3R1.R11.9||MC3R1.R12.5||MC3R1.R13.1||MC3R1.R13.5||MC3R1.R13.6||MC3R1.R14.1||MC3R1.R14.2||MC3R1.R14.3||MC3R1.R16.7||MC3R1.R17.3||MC3R1.R17.4||MC3R1.R17.6||MC3R1.R18.3||MC3R1.R19.1||MC3R1.R20.7||MC3R1.R20.13||MC3R1.R20.14||MC3R1.R21.13||MC3R1.R21.17||MC3R1.R21.18||MC3R1.R21.19||MC3R1.R21.20||MC3R1.R21.21||MC3R1.R22.2||MC3R1.R22.4||MC3R1.R22.5||MC3R1.R22.6" -} --doc="All reports of accepted guidelines are tagged as accepted." --reports+={status:accepted,"service(accepted_guidelines)"} - #################### # Clean guidelines # #################### -doc_begin="Clean guidelines: new violations for these guidelines are not accepted." --service_selector={clean_guidelines_common,"MC3R1.D1.1||MC3R1.D2.1||MC3R1.D4.11||MC3R1.D4.14||MC3R1.R1.1||MC3R1.R1.3||MC3R1.R1.4||MC3R1.R2.2||MC3R1.R3.1||MC3R1.R3.2||MC3R1.R4.1||MC3R1.R4.2||MC3R1.R5.1||MC3R1.R5.2||MC3R1.R5.4||MC3R1.R5.6||MC3R1.R6.1||MC3R1.R6.2||MC3R1.R7.1||MC3R1.R8.1||MC3R1.R8.2||MC3R1.R8.5||MC3R1.R8.6||MC3R1.R8.8||MC3R1.R8.10||MC3R1.R8.12||MC3R1.R8.14||MC3R1.R9.2||MC3R1.R9.4||MC3R1.R9.5||MC3R1.R12.5||MC3R1.R17.3||MC3R1.R17.4||MC3R1.R17.6||MC3R1.R20.13||MC3R1.R20.14||MC3R1.R21.13||MC3R1.R21.19||MC3R1.R21.21||MC3R1.R22.2||MC3R1.R22.4||MC3R1.R22.5||MC3R1.R22.6" +-service_selector={clean_guidelines_common,"MC3R1.D1.1||MC3R1.D2.1||MC3R1.D4.1||MC3R1.D4.11||MC3R1.D4.14||MC3R1.R1.1||MC3R1.R11.7||MC3R1.R11.9||MC3R1.R12.5||MC3R1.R1.3||MC3R1.R1.4||MC3R1.R14.1||MC3R1.R16.7||MC3R1.R17.1||MC3R1.R17.3||MC3R1.R17.4||MC3R1.R17.5||MC3R1.R17.6||MC3R1.R20.13||MC3R1.R20.14||MC3R1.R20.4||MC3R1.R20.9||MC3R1.R21.13||MC3R1.R21.19||MC3R1.R21.21||MC3R1.R2.2||MC3R1.R22.2||MC3R1.R22.4||MC3R1.R22.5||MC3R1.R22.6||MC3R1.R2.6||MC3R1.R3.1||MC3R1.R3.2||MC3R1.R4.1||MC3R1.R4.2||MC3R1.R5.1||MC3R1.R5.2||MC3R1.R5.4||MC3R1.R5.6||MC3R1.R6.1||MC3R1.R6.2||MC3R1.R7.1||MC3R1.R7.4||MC3R1.R8.1||MC3R1.R8.10||MC3R1.R8.12||MC3R1.R8.14||MC3R1.R8.2||MC3R1.R8.5||MC3R1.R8.6||MC3R1.R8.8||MC3R1.R9.2||MC3R1.R9.3||MC3R1.R9.4||MC3R1.R9.5" } -setq=target,getenv("XEN_TARGET_ARCH") @@ -40,7 +29,7 @@ if(string_equal(target,"x86_64"), ) if(string_equal(target,"arm64"), - service_selector({"additional_clean_guidelines","MC3R1.R5.3||MC3R1.R7.2||MC3R1.R7.3||MC3R1.R8.6||MC3R1.R9.3"}) + service_selector({"additional_clean_guidelines","MC3R1.R16.6||MC3R1.R20.12||MC3R1.R2.1||MC3R1.R5.3||MC3R1.R7.2||MC3R1.R7.3||MC3R1.R8.6||MC3R1.R9.3"}) ) -reports+={clean:added,"service(clean_guidelines_common||additional_clean_guidelines)"} diff --git a/automation/gitlab-ci/analyze.yaml b/automation/gitlab-ci/analyze.yaml index 6631db53fa..46c9d8e2e5 100644 --- a/automation/gitlab-ci/analyze.yaml +++ b/automation/gitlab-ci/analyze.yaml @@ -39,14 +39,14 @@ eclair-x86_64: variables: LOGFILE: "eclair-x86_64.log" VARIANT: "X86_64" - RULESET: "Set1" + RULESET: "monitored" eclair-ARM64: extends: .eclair-analysis:triggered variables: LOGFILE: "eclair-ARM64.log" VARIANT: "ARM64" - RULESET: "Set1" + RULESET: "monitored" .eclair-analysis:on-schedule: extends: .eclair-analysis @@ -55,56 +55,20 @@ eclair-ARM64: when: never - !reference [.eclair-analysis, rules] -eclair-x86_64-Set1:on-schedule: +eclair-x86_64:on-schedule: extends: .eclair-analysis:on-schedule variables: VARIANT: "X86_64" - RULESET: "Set1" + RULESET: "accepted" ANALYSIS_KIND: "${RULESET}-scheduled" LOGFILE: "eclair-${VARIANT}-${RULESET}.log" allow_failure: true -eclair-x86_64-Set2:on-schedule: - extends: .eclair-analysis:on-schedule - variables: - VARIANT: "X86_64" - RULESET: "Set2" - ANALYSIS_KIND: "${RULESET}-scheduled" - LOGFILE: "eclair-${VARIANT}-${RULESET}.log" - allow_failure: true - -eclair-x86_64-Set3:on-schedule: - extends: .eclair-analysis:on-schedule - variables: - VARIANT: "X86_64" - RULESET: "Set3" - ANALYSIS_KIND: "${RULESET}-scheduled" - LOGFILE: "eclair-${VARIANT}-${RULESET}.log" - allow_failure: true - -eclair-ARM64-Set1:on-schedule: - extends: .eclair-analysis:on-schedule - variables: - VARIANT: "ARM64" - RULESET: "Set1" - ANALYSIS_KIND: "${RULESET}-scheduled" - LOGFILE: "eclair-${VARIANT}-${RULESET}.log" - allow_failure: true - -eclair-ARM64-Set2:on-schedule: - extends: .eclair-analysis:on-schedule - variables: - VARIANT: "ARM64" - RULESET: "Set2" - ANALYSIS_KIND: "${RULESET}-scheduled" - LOGFILE: "eclair-${VARIANT}-${RULESET}.log" - allow_failure: true - -eclair-ARM64-Set3:on-schedule: +eclair-ARM64:on-schedule: extends: .eclair-analysis:on-schedule variables: VARIANT: "ARM64" - RULESET: "Set3" + RULESET: "accepted" ANALYSIS_KIND: "${RULESET}-scheduled" LOGFILE: "eclair-${VARIANT}-${RULESET}.log" allow_failure: true diff --git a/automation/scripts/eclair b/automation/scripts/eclair index 14e47a6f97..ebcaf09b54 100755 --- a/automation/scripts/eclair +++ b/automation/scripts/eclair @@ -18,12 +18,8 @@ ex=0 "${ex}" [ "${ex}" = 0 ] || exit "${ex}" -# Fail in case of new reports -"${ECLAIR_DIR}/action_clean_added.sh" "${ECLAIR_OUTPUT_DIR}" || ex=$? -"${ECLAIR_DIR}/action_log.sh" DIFF_CHECK_LOG \ - "ECLAIR diff check" \ - "${ECLAIR_OUTPUT_DIR}/clean_added.log" \ - "${ex}" +# Fail in case of new reports for clean guidelines +"${ECLAIR_DIR}/action_check_clean_regressions.sh" "${ECLAIR_OUTPUT_DIR}" || ex=$? "${ECLAIR_DIR}/action_push.sh" "${WTOKEN}" "${ECLAIR_OUTPUT_DIR}" [ "${ex}" = 0 ] || exit "${ex}" -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 20:22:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 20:22:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712279.1112864 (Exim 4.92) (envelope-from ) id 1s05bj-0001Vu-5R; Thu, 25 Apr 2024 20:22:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712279.1112864; Thu, 25 Apr 2024 20:22:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05bj-0001Vm-2v; Thu, 25 Apr 2024 20:22:15 +0000 Received: by outflank-mailman (input) for mailman id 712279; Thu, 25 Apr 2024 20:22:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05bh-0001Vc-LU for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 20:22:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05bh-0004Ar-KF for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 20:22:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05bh-0004Tx-JQ for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 20:22:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=RXudClpoQoF3vX9A1cyySyV9I9j+bClEEROW5dSwEz4=; b=rs0km6xVD3IpKpa2kgNwQjduV/ 5ja1jBkoVxy0BGVDhRgY9kmqPpX5iDqO+oFXNK7xj5LkxbdNKKOlQQIefZ++yl4tObvR7IjH19Lr1 xHg88zZS0rLU0H32XuAlQgEXQWSOEcg8/fxYFAFeJ+R4h3ug+7r6Wn6RAUZuIwh1tkP0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] CI: Drop glibc-i386 from the build containers Message-Id: Date: Thu, 25 Apr 2024 20:22:13 +0000 commit a0e29b316363d9900f5892cd3e7417f69758d446 Author: Andrew Cooper AuthorDate: Thu Apr 25 18:47:37 2024 +0100 Commit: Stefano Stabellini CommitDate: Thu Apr 25 13:14:40 2024 -0700 CI: Drop glibc-i386 from the build containers Xen 4.14 no longer runs in Gitlab CI. Drop the dependency to shrink the build containers a little. Signed-off-by: Andrew Cooper Acked-by: Stefano Stabellini --- automation/build/archlinux/current.dockerfile | 2 -- automation/build/centos/7.dockerfile | 2 -- automation/build/debian/bookworm.dockerfile | 2 -- automation/build/debian/jessie.dockerfile | 2 -- automation/build/debian/stretch.dockerfile | 2 -- automation/build/fedora/29.dockerfile | 2 -- automation/build/suse/opensuse-leap.dockerfile | 2 -- automation/build/suse/opensuse-tumbleweed.dockerfile | 2 -- automation/build/ubuntu/bionic.dockerfile | 2 -- automation/build/ubuntu/focal.dockerfile | 2 -- automation/build/ubuntu/trusty.dockerfile | 2 -- automation/build/ubuntu/xenial.dockerfile | 2 -- 12 files changed, 24 deletions(-) diff --git a/automation/build/archlinux/current.dockerfile b/automation/build/archlinux/current.dockerfile index d974a1434f..3e37ab5c40 100644 --- a/automation/build/archlinux/current.dockerfile +++ b/automation/build/archlinux/current.dockerfile @@ -19,8 +19,6 @@ RUN pacman -S --refresh --sysupgrade --noconfirm --noprogressbar --needed \ iasl \ inetutils \ iproute \ - # lib32-glibc for Xen < 4.15 - lib32-glibc \ libaio \ libcacard \ libgl \ diff --git a/automation/build/centos/7.dockerfile b/automation/build/centos/7.dockerfile index ab450f0b3a..1cdc16fc05 100644 --- a/automation/build/centos/7.dockerfile +++ b/automation/build/centos/7.dockerfile @@ -32,8 +32,6 @@ RUN yum -y update \ yajl-devel \ pixman-devel \ glibc-devel \ - # glibc-devel.i686 for Xen < 4.15 - glibc-devel.i686 \ make \ binutils \ git \ diff --git a/automation/build/debian/bookworm.dockerfile b/automation/build/debian/bookworm.dockerfile index 459f8e30bd..d893218fc4 100644 --- a/automation/build/debian/bookworm.dockerfile +++ b/automation/build/debian/bookworm.dockerfile @@ -31,8 +31,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/debian/jessie.dockerfile b/automation/build/debian/jessie.dockerfile index 32fc952fbc..308675cac1 100644 --- a/automation/build/debian/jessie.dockerfile +++ b/automation/build/debian/jessie.dockerfile @@ -37,8 +37,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/debian/stretch.dockerfile b/automation/build/debian/stretch.dockerfile index e2706a8f35..59794ed467 100644 --- a/automation/build/debian/stretch.dockerfile +++ b/automation/build/debian/stretch.dockerfile @@ -38,8 +38,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/fedora/29.dockerfile b/automation/build/fedora/29.dockerfile index 42a87ce6c8..f473ae13e7 100644 --- a/automation/build/fedora/29.dockerfile +++ b/automation/build/fedora/29.dockerfile @@ -21,8 +21,6 @@ RUN dnf -y install \ yajl-devel \ pixman-devel \ glibc-devel \ - # glibc-devel.i686 for Xen < 4.15 - glibc-devel.i686 \ make \ binutils \ git \ diff --git a/automation/build/suse/opensuse-leap.dockerfile b/automation/build/suse/opensuse-leap.dockerfile index e1ec38a414..48d0d50d00 100644 --- a/automation/build/suse/opensuse-leap.dockerfile +++ b/automation/build/suse/opensuse-leap.dockerfile @@ -28,8 +28,6 @@ RUN zypper install -y --no-recommends \ ghostscript \ glib2-devel \ glibc-devel \ - # glibc-devel-32bit for Xen < 4.15 - glibc-devel-32bit \ gzip \ hostname \ libaio-devel \ diff --git a/automation/build/suse/opensuse-tumbleweed.dockerfile b/automation/build/suse/opensuse-tumbleweed.dockerfile index f00e03eda7..53542ba1f4 100644 --- a/automation/build/suse/opensuse-tumbleweed.dockerfile +++ b/automation/build/suse/opensuse-tumbleweed.dockerfile @@ -26,8 +26,6 @@ RUN zypper install -y --no-recommends \ ghostscript \ glib2-devel \ glibc-devel \ - # glibc-devel-32bit for Xen < 4.15 - glibc-devel-32bit \ gzip \ hostname \ libaio-devel \ diff --git a/automation/build/ubuntu/bionic.dockerfile b/automation/build/ubuntu/bionic.dockerfile index 77d7f93386..910d3c4b53 100644 --- a/automation/build/ubuntu/bionic.dockerfile +++ b/automation/build/ubuntu/bionic.dockerfile @@ -31,8 +31,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/ubuntu/focal.dockerfile b/automation/build/ubuntu/focal.dockerfile index 30a9b8e84f..7c6a4d0756 100644 --- a/automation/build/ubuntu/focal.dockerfile +++ b/automation/build/ubuntu/focal.dockerfile @@ -31,8 +31,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/ubuntu/trusty.dockerfile b/automation/build/ubuntu/trusty.dockerfile index 0d33578c4e..8bd8c085a7 100644 --- a/automation/build/ubuntu/trusty.dockerfile +++ b/automation/build/ubuntu/trusty.dockerfile @@ -31,8 +31,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/ubuntu/xenial.dockerfile b/automation/build/ubuntu/xenial.dockerfile index e8035434f8..f6296d3292 100644 --- a/automation/build/ubuntu/xenial.dockerfile +++ b/automation/build/ubuntu/xenial.dockerfile @@ -31,8 +31,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Thu Apr 25 20:22:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Thu, 25 Apr 2024 20:22:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712280.1112868 (Exim 4.92) (envelope-from ) id 1s05bt-0001YW-6v; Thu, 25 Apr 2024 20:22:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712280.1112868; Thu, 25 Apr 2024 20:22:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05bt-0001YO-4N; Thu, 25 Apr 2024 20:22:25 +0000 Received: by outflank-mailman (input) for mailman id 712280; Thu, 25 Apr 2024 20:22:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05br-0001Y8-Pb for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 20:22:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s05br-0004B2-Nr for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 20:22:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s05br-0004UT-MP for xen-changelog@lists.xenproject.org; Thu, 25 Apr 2024 20:22:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=7/GJyRAv4G4eM2O+FvN0OSyfhBuewACxo29wA6zJoeQ=; b=2h6DrXh44kri7ViNBpnHCgS7M2 +Xk5MrhqSHDmF5YfZTxwNYQsK08nm0lvAt7rxrjybbMSHGz+/i1L/6dpgu1XfX0gs2/SGs2gMS/w0 dP6g0t8p+NMknNCdcCqjDJRj212++HJAN8JhrKHQYJSNwd0yM/+vgKZLelMWpNiTCkqY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] arm/vpci: make prefetchable mem 64 bit Message-Id: Date: Thu, 25 Apr 2024 20:22:23 +0000 commit 232ee07c23b23fbbafbbf27e475dbbc5b27e4bbb Author: Stewart Hildebrand AuthorDate: Wed Apr 24 12:27:22 2024 -0400 Commit: Stefano Stabellini CommitDate: Thu Apr 25 13:16:11 2024 -0700 arm/vpci: make prefetchable mem 64 bit The vPCI prefetchable memory range is >= 4GB, so the memory space flags should be set to 64-bit. See IEEE Std 1275-1994 [1] chapter 2.2.1.1 for a definition of the field. [1] https://www.devicetree.org/open-firmware/bindings/pci/pci2_1.pdf Signed-off-by: Stewart Hildebrand Acked-by: Michal Orzel Reviewed-by: Rahul Singh --- xen/include/public/arch-arm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-arm.h b/xen/include/public/arch-arm.h index e167e14f8d..289af81bd6 100644 --- a/xen/include/public/arch-arm.h +++ b/xen/include/public/arch-arm.h @@ -487,7 +487,7 @@ typedef uint64_t xen_callback_t; #define GUEST_RAM0_SIZE xen_mk_ullong(0xc0000000) /* 4GB @ 4GB Prefetch Memory for VPCI */ -#define GUEST_VPCI_ADDR_TYPE_PREFETCH_MEM xen_mk_ullong(0x42000000) +#define GUEST_VPCI_ADDR_TYPE_PREFETCH_MEM xen_mk_ullong(0x43000000) #define GUEST_VPCI_PREFETCH_MEM_ADDR xen_mk_ullong(0x100000000) #define GUEST_VPCI_PREFETCH_MEM_SIZE xen_mk_ullong(0x100000000) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 26 10:44:12 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 26 Apr 2024 10:44:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712630.1113428 (Exim 4.92) (envelope-from ) id 1s0J3m-0003WB-7P; Fri, 26 Apr 2024 10:44:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712630.1113428; Fri, 26 Apr 2024 10:44:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J3m-0003W4-4R; Fri, 26 Apr 2024 10:44:06 +0000 Received: by outflank-mailman (input) for mailman id 712630; Fri, 26 Apr 2024 10:44:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J3l-0003Vw-6R for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J3k-0004WO-7Z for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0J3k-00037O-1O for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2DrSZYD7spHVLCQqAorX8pM+AIPmBSd8RK3lsjHJfjg=; b=T3MkVjMiNdpZPaSBRi4lzJHPVX PykeV1gt/iD4q0pqqLPYaq+YRz/j4de5eugANsYECXoaSwpa4/s9UPSG/h7TyhRf69PBOjItntG80 bKBr4+C9DfVW/ex/DXEgWDzZhYSCXcuZf8Jp7J0vS/yjvmLngr6v4P6yNp5pmPrLznzg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] gzip: clean up comments and fix code alignment Message-Id: Date: Fri, 26 Apr 2024 10:44:04 +0000 commit fd4ff921f7ac3eac229faa775fafc398d977ad40 Author: Daniel P. Smith AuthorDate: Fri Apr 26 12:42:14 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 26 12:42:14 2024 +0200 gzip: clean up comments and fix code alignment This commit cleans up the comments and fixes the code alignment using Xen coding style. This is done to make the code more legible before refactoring. Signed-off-by: Daniel P. Smith Acked-by: Andrew Cooper --- xen/common/gzip/gunzip.c | 14 +- xen/common/gzip/inflate.c | 787 +++++++++++++++++++++++----------------------- 2 files changed, 406 insertions(+), 395 deletions(-) diff --git a/xen/common/gzip/gunzip.c b/xen/common/gzip/gunzip.c index 53cee9ee17..d07c451cd8 100644 --- a/xen/common/gzip/gunzip.c +++ b/xen/common/gzip/gunzip.c @@ -54,11 +54,10 @@ static __init void error(const char *x) static __init int fill_inbuf(void) { - error("ran out of input data"); - return 0; + error("ran out of input data"); + return 0; } - #include "inflate.c" static __init void flush_window(void) @@ -122,3 +121,12 @@ __init int perform_gunzip(char *output, char *image, unsigned long image_len) return rc; } + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/common/gzip/inflate.c b/xen/common/gzip/inflate.c index a03903f731..220d2ff4d9 100644 --- a/xen/common/gzip/inflate.c +++ b/xen/common/gzip/inflate.c @@ -1,11 +1,13 @@ #define DEBG(x) #define DEBG1(x) -/* inflate.c -- Not copyrighted 1992 by Mark Adler - version c10p1, 10 January 1993 */ +/* + * inflate.c -- Not copyrighted 1992 by Mark Adler + * version c10p1, 10 January 1993 + */ -/* +/* * Adapted for booting Linux by Hannu Savolainen 1993 - * based on gzip-1.0.3 + * based on gzip-1.0.3 * * Nicolas Pitre , 1999/04/14 : * Little mods for all variable to reside either into rodata or bss segments @@ -15,92 +17,91 @@ */ /* - Inflate deflated (PKZIP's method 8 compressed) data. The compression - method searches for as much of the current string of bytes (up to a - length of 258) in the previous 32 K bytes. If it doesn't find any - matches (of at least length 3), it codes the next byte. Otherwise, it - codes the length of the matched string and its distance backwards from - the current position. There is a single Huffman code that codes both - single bytes (called "literals") and match lengths. A second Huffman - code codes the distance information, which follows a length code. Each - length or distance code actually represents a base value and a number - of "extra" (sometimes zero) bits to get to add to the base value. At - the end of each deflated block is a special end-of-block (EOB) literal/ - length code. The decoding process is basically: get a literal/length - code; if EOB then done; if a literal, emit the decoded byte; if a - length then get the distance and emit the referred-to bytes from the - sliding window of previously emitted data. - - There are (currently) three kinds of inflate blocks: stored, fixed, and - dynamic. The compressor deals with some chunk of data at a time, and - decides which method to use on a chunk-by-chunk basis. A chunk might - typically be 32 K or 64 K. If the chunk is incompressible, then the - "stored" method is used. In this case, the bytes are simply stored as - is, eight bits per byte, with none of the above coding. The bytes are - preceded by a count, since there is no longer an EOB code. - - If the data is compressible, then either the fixed or dynamic methods - are used. In the dynamic method, the compressed data is preceded by - an encoding of the literal/length and distance Huffman codes that are - to be used to decode this block. The representation is itself Huffman - coded, and so is preceded by a description of that code. These code - descriptions take up a little space, and so for small blocks, there is - a predefined set of codes, called the fixed codes. The fixed method is - used if the block codes up smaller that way (usually for quite small - chunks), otherwise the dynamic method is used. In the latter case, the - codes are customized to the probabilities in the current block, and so - can code it much better than the pre-determined fixed codes. - - The Huffman codes themselves are decoded using a multi-level table - lookup, in order to maximize the speed of decoding plus the speed of - building the decoding tables. See the comments below that precede the - lbits and dbits tuning parameters. + * Inflate deflated (PKZIP's method 8 compressed) data. The compression + * method searches for as much of the current string of bytes (up to a + * length of 258) in the previous 32 K bytes. If it doesn't find any + * matches (of at least length 3), it codes the next byte. Otherwise, it + * codes the length of the matched string and its distance backwards from + * the current position. There is a single Huffman code that codes both + * single bytes (called "literals") and match lengths. A second Huffman + * code codes the distance information, which follows a length code. Each + * length or distance code actually represents a base value and a number + * of "extra" (sometimes zero) bits to get to add to the base value. At + * the end of each deflated block is a special end-of-block (EOB) literal/ + * length code. The decoding process is basically: get a literal/length + * code; if EOB then done; if a literal, emit the decoded byte; if a + * length then get the distance and emit the referred-to bytes from the + * sliding window of previously emitted data. + * + * There are (currently) three kinds of inflate blocks: stored, fixed, and + * dynamic. The compressor deals with some chunk of data at a time, and + * decides which method to use on a chunk-by-chunk basis. A chunk might + * typically be 32 K or 64 K. If the chunk is incompressible, then the + * "stored" method is used. In this case, the bytes are simply stored as + * is, eight bits per byte, with none of the above coding. The bytes are + * preceded by a count, since there is no longer an EOB code. + * + * If the data is compressible, then either the fixed or dynamic methods + * are used. In the dynamic method, the compressed data is preceded by + * an encoding of the literal/length and distance Huffman codes that are + * to be used to decode this block. The representation is itself Huffman + * coded, and so is preceded by a description of that code. These code + * descriptions take up a little space, and so for small blocks, there is + * a predefined set of codes, called the fixed codes. The fixed method is + * used if the block codes up smaller that way (usually for quite small + * chunks), otherwise the dynamic method is used. In the latter case, the + * codes are customized to the probabilities in the current block, and so + * can code it much better than the pre-determined fixed codes. + * + * The Huffman codes themselves are decoded using a multi-level table + * lookup, in order to maximize the speed of decoding plus the speed of + * building the decoding tables. See the comments below that precede the + * lbits and dbits tuning parameters. */ - /* - Notes beyond the 1.93a appnote.txt: - - 1. Distance pointers never point before the beginning of the output - stream. - 2. Distance pointers can point back across blocks, up to 32k away. - 3. There is an implied maximum of 7 bits for the bit length table and - 15 bits for the actual data. - 4. If only one code exists, then it is encoded using one bit. (Zero - would be more efficient, but perhaps a little confusing.) If two - codes exist, they are coded using one bit each (0 and 1). - 5. There is no way of sending zero distance codes--a dummy must be - sent if there are none. (History: a pre 2.0 version of PKZIP would - store blocks with no distance codes, but this was discovered to be - too harsh a criterion.) Valid only for 1.93a. 2.04c does allow - zero distance codes, which is sent as one code of zero bits in - length. - 6. There are up to 286 literal/length codes. Code 256 represents the - end-of-block. Note however that the static length tree defines - 288 codes just to fill out the Huffman codes. Codes 286 and 287 - cannot be used though, since there is no length base or extra bits - defined for them. Similarly, there are up to 30 distance codes. - However, static trees define 32 codes (all 5 bits) to fill out the - Huffman codes, but the last two had better not show up in the data. - 7. Unzip can check dynamic Huffman blocks for complete code sets. - The exception is that a single code would not be complete (see #4). - 8. The five bits following the block type is really the number of - literal codes sent minus 257. - 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits - (1+6+6). Therefore, to output three times the length, you output - three codes (1+1+1), whereas to output four times the same length, - you only need two codes (1+3). Hmm. - 10. In the tree reconstruction algorithm, Code = Code + Increment - only if BitLength(i) is not zero. (Pretty obvious.) - 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) - 12. Note: length code 284 can represent 227-258, but length code 285 - really is 258. The last length deserves its own, short code - since it gets used a lot in very redundant files. The length - 258 is special since 258 - 3 (the min match length) is 255. - 13. The literal/length and distance code bit lengths are read as a - single stream of lengths. It is possible (and advantageous) for - a repeat code (16, 17, or 18) to go across the boundary between - the two sets of lengths. + * Notes beyond the 1.93a appnote.txt: + * + * 1. Distance pointers never point before the beginning of the output + * stream. + * 2. Distance pointers can point back across blocks, up to 32k away. + * 3. There is an implied maximum of 7 bits for the bit length table and + * 15 bits for the actual data. + * 4. If only one code exists, then it is encoded using one bit. (Zero + * would be more efficient, but perhaps a little confusing.) If two + * codes exist, they are coded using one bit each (0 and 1). + * 5. There is no way of sending zero distance codes--a dummy must be + * sent if there are none. (History: a pre 2.0 version of PKZIP would + * store blocks with no distance codes, but this was discovered to be + * too harsh a criterion.) Valid only for 1.93a. 2.04c does allow + * zero distance codes, which is sent as one code of zero bits in + * length. + * 6. There are up to 286 literal/length codes. Code 256 represents the + * end-of-block. Note however that the static length tree defines + * 288 codes just to fill out the Huffman codes. Codes 286 and 287 + * cannot be used though, since there is no length base or extra bits + * defined for them. Similarly, there are up to 30 distance codes. + * However, static trees define 32 codes (all 5 bits) to fill out the + * Huffman codes, but the last two had better not show up in the data. + * 7. Unzip can check dynamic Huffman blocks for complete code sets. + * The exception is that a single code would not be complete (see #4). + * 8. The five bits following the block type is really the number of + * literal codes sent minus 257. + * 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits + * (1+6+6). Therefore, to output three times the length, you output + * three codes (1+1+1), whereas to output four times the same length, + * you only need two codes (1+3). Hmm. + * 10. In the tree reconstruction algorithm, Code = Code + Increment + * only if BitLength(i) is not zero. (Pretty obvious.) + * 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) + * 12. Note: length code 284 can represent 227-258, but length code 285 + * really is 258. The last length deserves its own, short code + * since it gets used a lot in very redundant files. The length + * 258 is special since 258 - 3 (the min match length) is 255. + * 13. The literal/length and distance code bit lengths are read as a + * single stream of lengths. It is possible (and advantageous) for + * a repeat code (16, 17, or 18) to go across the boundary between + * the two sets of lengths. */ #ifdef RCSID @@ -120,13 +121,15 @@ static char rcsid[] = "#Id: inflate.c,v 0.14 1993/06/10 13:27:04 jloup Exp #"; #define slide window -/* Huffman code lookup table entry--this entry is four bytes for machines - that have 16-bit pointers (e.g. PC's in the small or medium model). - Valid extra bits are 0..13. e == 15 is EOB (end of block), e == 16 - means that v is a literal, 16 < e < 32 means that v is a pointer to - the next table, which codes e - 16 bits, and lastly e == 99 indicates - an unused code. If a code with e == 99 is looked up, this implies an - error in the data. */ +/* + * Huffman code lookup table entry--this entry is four bytes for machines + * that have 16-bit pointers (e.g. PC's in the small or medium model). + * Valid extra bits are 0..13. e == 15 is EOB (end of block), e == 16 + * means that v is a literal, 16 < e < 32 means that v is a pointer to + * the next table, which codes e - 16 bits, and lastly e == 99 indicates + * an unused code. If a code with e == 99 is looked up, this implies an + * error in the data. + */ struct huft { uch e; /* number of extra bits or operation */ uch b; /* number of bits in this code or subcode */ @@ -136,7 +139,6 @@ struct huft { } v; }; - /* Function prototypes */ static int huft_build(unsigned *, unsigned, unsigned, const ush *, const ush *, struct huft **, int *); @@ -148,15 +150,17 @@ static int inflate_dynamic(void); static int inflate_block(int *); static int inflate(void); - -/* The inflate algorithm uses a sliding 32 K byte window on the uncompressed - stream to find repeated byte strings. This is implemented here as a - circular buffer. The index is updated simply by incrementing and then - ANDing with 0x7fff (32K-1). */ -/* It is left to other modules to supply the 32 K area. It is assumed - to be usable as if it were declared "uch slide[32768];" or as just - "uch *slide;" and then malloc'ed in the latter case. The definition - must be in unzip.h, included above. */ +/* + * The inflate algorithm uses a sliding 32 K byte window on the uncompressed + * stream to find repeated byte strings. This is implemented here as a + * circular buffer. The index is updated simply by incrementing and then + * ANDing with 0x7fff (32K-1). + * + * It is left to other modules to supply the 32 K area. It is assumed + * to be usable as if it were declared "uch slide[32768];" or as just + * "uch *slide;" and then malloc'ed in the latter case. The definition + * must be in unzip.h, included above. + */ /* unsigned wp; current position in slide */ #define wp outcnt #define flush_output(w) (wp=(w),flush_window()) @@ -180,36 +184,35 @@ static const ush cpdext[] = { /* Extra bits for distance codes */ 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; - - -/* Macros for inflate() bit peeking and grabbing. - The usage is: - - NEEDBITS(j) - x = b & mask_bits[j]; - DUMPBITS(j) - - where NEEDBITS makes sure that b has at least j bits in it, and - DUMPBITS removes the bits from b. The macros use the variable k - for the number of bits in b. Normally, b and k are register - variables for speed, and are initialized at the beginning of a - routine that uses these macros from a global bit buffer and count. - - If we assume that EOB will be the longest code, then we will never - ask for bits with NEEDBITS that are beyond the end of the stream. - So, NEEDBITS should not read any more bytes than are needed to - meet the request. Then no bytes need to be "returned" to the buffer - at the end of the last block. - - However, this assumption is not true for fixed blocks--the EOB code - is 7 bits, but the other literal/length codes can be 8 or 9 bits. - (The EOB code is shorter than other codes because fixed blocks are - generally short. So, while a block always has an EOB, many other - literal/length codes have a significantly lower probability of - showing up at all.) However, by making the first table have a - lookup of seven bits, the EOB code will be found in that first - lookup, and so will not require that too many bits be pulled from - the stream. +/* + * Macros for inflate() bit peeking and grabbing. + * The usage is: + * + * NEEDBITS(j) + * x = b & mask_bits[j]; + * DUMPBITS(j) + * + * where NEEDBITS makes sure that b has at least j bits in it, and + * DUMPBITS removes the bits from b. The macros use the variable k + * for the number of bits in b. Normally, b and k are register + * variables for speed, and are initialized at the beginning of a + * routine that uses these macros from a global bit buffer and count. + * + * If we assume that EOB will be the longest code, then we will never + * ask for bits with NEEDBITS that are beyond the end of the stream. + * So, NEEDBITS should not read any more bytes than are needed to + * meet the request. Then no bytes need to be "returned" to the buffer + * at the end of the last block. + * + * However, this assumption is not true for fixed blocks--the EOB code + * is 7 bits, but the other literal/length codes can be 8 or 9 bits. + * (The EOB code is shorter than other codes because fixed blocks are + * generally short. So, while a block always has an EOB, many other + * literal/length codes have a significantly lower probability of + * showing up at all.) However, by making the first table have a + * lookup of seven bits, the EOB code will be found in that first + * lookup, and so will not require that too many bits be pulled from + * the stream. */ static ulg __initdata bb; /* bit buffer */ @@ -226,60 +229,62 @@ static const ush mask_bits[] = { #define DUMPBITS(n) {b>>=(n);k-=(n);} /* - Huffman code decoding is performed using a multi-level table lookup. - The fastest way to decode is to simply build a lookup table whose - size is determined by the longest code. However, the time it takes - to build this table can also be a factor if the data being decoded - is not very long. The most common codes are necessarily the - shortest codes, so those codes dominate the decoding time, and hence - the speed. The idea is you can have a shorter table that decodes the - shorter, more probable codes, and then point to subsidiary tables for - the longer codes. The time it costs to decode the longer codes is - then traded against the time it takes to make longer tables. - - This results of this trade are in the variables lbits and dbits - below. lbits is the number of bits the first level table for literal/ - length codes can decode in one step, and dbits is the same thing for - the distance codes. Subsequent tables are also less than or equal to - those sizes. These values may be adjusted either when all of the - codes are shorter than that, in which case the longest code length in - bits is used, or when the shortest code is *longer* than the requested - table size, in which case the length of the shortest code in bits is - used. - - There are two different values for the two tables, since they code a - different number of possibilities each. The literal/length table - codes 286 possible values, or in a flat code, a little over eight - bits. The distance table codes 30 possible values, or a little less - than five bits, flat. The optimum values for speed end up being - about one bit more than those, so lbits is 8+1 and dbits is 5+1. - The optimum values may differ though from machine to machine, and - possibly even between compilers. Your mileage may vary. + * Huffman code decoding is performed using a multi-level table lookup. + * The fastest way to decode is to simply build a lookup table whose + * size is determined by the longest code. However, the time it takes + * to build this table can also be a factor if the data being decoded + * is not very long. The most common codes are necessarily the + * shortest codes, so those codes dominate the decoding time, and hence + * the speed. The idea is you can have a shorter table that decodes the + * shorter, more probable codes, and then point to subsidiary tables for + * the longer codes. The time it costs to decode the longer codes is + * then traded against the time it takes to make longer tables. + * + * This results of this trade are in the variables lbits and dbits + * below. lbits is the number of bits the first level table for literal/ + * length codes can decode in one step, and dbits is the same thing for + * the distance codes. Subsequent tables are also less than or equal to + * those sizes. These values may be adjusted either when all of the + * codes are shorter than that, in which case the longest code length in + * bits is used, or when the shortest code is *longer* than the requested + * table size, in which case the length of the shortest code in bits is + * used. + * + * There are two different values for the two tables, since they code a + * different number of possibilities each. The literal/length table + * codes 286 possible values, or in a flat code, a little over eight + * bits. The distance table codes 30 possible values, or a little less + * than five bits, flat. The optimum values for speed end up being + * about one bit more than those, so lbits is 8+1 and dbits is 5+1. + * The optimum values may differ though from machine to machine, and + * possibly even between compilers. Your mileage may vary. */ - static const int lbits = 9; /* bits in base literal/length lookup table */ static const int dbits = 6; /* bits in base distance lookup table */ - /* If BMAX needs to be larger than 16, then h and x[] should be ulg. */ #define BMAX 16 /* maximum bit length of any code (16 for explode) */ #define N_MAX 288 /* maximum number of codes in any set */ +/* + * Given a list of code lengths and a maximum table size, make a set of + * tables to decode that set of codes. Return zero on success, one if + * the given code set is incomplete (the tables are still built in this + * case), two if the input is invalid (all zero length codes or an + * oversubscribed set of lengths), and three if not enough memory. + * + * @param b Code lengths in bits (all assumed <= BMAX) + * @param n Number of codes (assumed <= N_MAX) + * @param s Number of simple-valued codes (0..s-1) + * @param d List of base values for non-simple codes + * @param e List of extra bits for non-simple codes + * @param t Result: starting table + * @param m Maximum lookup bits, returns actual + */ static int __init huft_build( - unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ - unsigned n, /* number of codes (assumed <= N_MAX) */ - unsigned s, /* number of simple-valued codes (0..s-1) */ - const ush *d, /* list of base values for non-simple codes */ - const ush *e, /* list of extra bits for non-simple codes */ - struct huft **t, /* result: starting table */ - int *m /* maximum lookup bits, returns actual */ - ) -/* Given a list of code lengths and a maximum table size, make a set of - tables to decode that set of codes. Return zero on success, one if - the given code set is incomplete (the tables are still built in this - case), two if the input is invalid (all zero length codes or an - oversubscribed set of lengths), and three if not enough memory. */ + unsigned *b, unsigned n, unsigned s, const ush *d, const ush *e, + struct huft **t, int *m) { unsigned a; /* counter for codes of length k */ unsigned f; /* i repeats in table every f entries */ @@ -321,7 +326,7 @@ static int __init huft_build( memzero(stk->c, sizeof(stk->c)); p = b; i = n; do { - Tracecv(*p, (stderr, (n-i >= ' ' && n-i <= '~' ? "%c %d\n" : "0x%x %d\n"), + Tracecv(*p, (stderr, (n-i >= ' ' && n-i <= '~' ? "%c %d\n" : "0x%x %d\n"), n-i, *p)); c[*p]++; /* assume all entries <= BMAX */ p++; /* Can't combine with above line (Solaris bug) */ @@ -508,18 +513,17 @@ static int __init huft_build( return ret; } - - -static int __init huft_free( - struct huft *t /* table to free */ - ) -/* Free the malloc'ed tables built by huft_build(), which makes a linked - list of the tables it made, with the links in a dummy first entry of - each table. */ +/* + * Free the malloc'ed tables built by huft_build(), which makes a linked + * list of the tables it made, with the links in a dummy first entry of + * each table. + * + * @param t Table to free + */ +static int __init huft_free(struct huft *t) { register struct huft *p, *q; - /* Go through linked list, freeing from the malloced (t[-1]) address. */ p = t; while (p != (struct huft *)NULL) @@ -527,19 +531,21 @@ static int __init huft_free( q = (--p)->v.t; free((char*)p); p = q; - } + } return 0; } - +/* + * inflate (decompress) the codes in a deflated (compressed) block. + * Return an error code or zero if it all goes ok. + * + * @param huft tl Literal/length decoder tables + * @param huft td Distance decoder tables + * @param bl Number of bits decoded by tl[] + * @param bd Number of bits decoded by td[] + */ static int __init inflate_codes( - struct huft *tl, /* literal/length decoder tables */ - struct huft *td, /* distance decoder tables */ - int bl, /* number of bits decoded by tl[] */ - int bd /* number of bits decoded by td[] */ - ) -/* inflate (decompress) the codes in a deflated (compressed) block. - Return an error code or zero if it all goes ok. */ + struct huft *tl, struct huft *td, int bl, int bd) { register unsigned e; /* table entry flag/number of extra bits */ unsigned n, d; /* length and index for copy */ @@ -560,77 +566,76 @@ static int __init inflate_codes( md = mask_bits[bd]; for (;;) /* do until end of block */ { - NEEDBITS((unsigned)bl) - if ((e = (t = tl + ((unsigned)b & ml))->e) > 16) + NEEDBITS((unsigned)bl); + if ((e = (t = tl + ((unsigned)b & ml))->e) > 16) + do { + if (e == 99) + return 1; + DUMPBITS(t->b); + e -= 16; + NEEDBITS(e); + } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); + DUMPBITS(t->b); + if (e == 16) /* then it's a literal */ + { + slide[w++] = (uch)t->v.n; + Tracevv((stderr, "%c", slide[w-1])); + if (w == WSIZE) + { + flush_output(w); + w = 0; + } + } + else /* it's an EOB or a length */ + { + /* exit if end of block */ + if (e == 15) + break; + + /* get length of block to copy */ + NEEDBITS(e); + n = t->v.n + ((unsigned)b & mask_bits[e]); + DUMPBITS(e); + + /* decode distance of block to copy */ + NEEDBITS((unsigned)bd); + if ((e = (t = td + ((unsigned)b & md))->e) > 16) do { if (e == 99) return 1; - DUMPBITS(t->b) - e -= 16; - NEEDBITS(e) - } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); - DUMPBITS(t->b) - if (e == 16) /* then it's a literal */ - { - slide[w++] = (uch)t->v.n; - Tracevv((stderr, "%c", slide[w-1])); + DUMPBITS(t->b); + e -= 16; + NEEDBITS(e); + } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); + DUMPBITS(t->b); + NEEDBITS(e); + d = w - t->v.n - ((unsigned)b & mask_bits[e]); + DUMPBITS(e); + Tracevv((stderr,"\\[%d,%d]", w-d, n)); + + /* do the copy */ + do { + n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e); + if (w - d >= e) /* (this test assumes unsigned comparison) */ + { + memcpy(slide + w, slide + d, e); + w += e; + d += e; + } + else /* do it slow to avoid memcpy() overlap */ + do { + slide[w++] = slide[d++]; + Tracevv((stderr, "%c", slide[w-1])); + } while (--e); if (w == WSIZE) { flush_output(w); w = 0; } - } - else /* it's an EOB or a length */ - { - /* exit if end of block */ - if (e == 15) - break; - - /* get length of block to copy */ - NEEDBITS(e) - n = t->v.n + ((unsigned)b & mask_bits[e]); - DUMPBITS(e); - - /* decode distance of block to copy */ - NEEDBITS((unsigned)bd) - if ((e = (t = td + ((unsigned)b & md))->e) > 16) - do { - if (e == 99) - return 1; - DUMPBITS(t->b) - e -= 16; - NEEDBITS(e) - } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); - DUMPBITS(t->b) - NEEDBITS(e) - d = w - t->v.n - ((unsigned)b & mask_bits[e]); - DUMPBITS(e) - Tracevv((stderr,"\\[%d,%d]", w-d, n)); - - /* do the copy */ - do { - n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e); - if (w - d >= e) /* (this test assumes unsigned comparison) */ - { - memcpy(slide + w, slide + d, e); - w += e; - d += e; - } - else /* do it slow to avoid memcpy() overlap */ - do { - slide[w++] = slide[d++]; - Tracevv((stderr, "%c", slide[w-1])); - } while (--e); - if (w == WSIZE) - { - flush_output(w); - w = 0; - } - } while (n); - } + } while (n); + } } - /* restore the globals from the locals */ wp = w; /* restore global window pointer */ bb = b; /* restore global bit buffer */ @@ -643,10 +648,8 @@ static int __init inflate_codes( return 4; /* Input underrun */ } - - -static int __init inflate_stored(void) /* "decompress" an inflated type 0 (stored) block. */ +static int __init inflate_stored(void) { unsigned n; /* number of bytes in block */ unsigned w; /* current window position */ @@ -667,28 +670,26 @@ static int __init inflate_stored(void) /* get the length and its complement */ - NEEDBITS(16) - n = ((unsigned)b & 0xffff); - DUMPBITS(16) - NEEDBITS(16) - if (n != (unsigned)((~b) & 0xffff)) - return 1; /* error in compressed data */ - DUMPBITS(16) - - - /* read and output the compressed data */ - while (n--) + NEEDBITS(16); + n = ((unsigned)b & 0xffff); + DUMPBITS(16); + NEEDBITS(16); + if (n != (unsigned)((~b) & 0xffff)) + return 1; /* error in compressed data */ + DUMPBITS(16); + + /* read and output the compressed data */ + while (n--) + { + NEEDBITS(8); + slide[w++] = (uch)b; + if (w == WSIZE) { - NEEDBITS(8) - slide[w++] = (uch)b; - if (w == WSIZE) - { - flush_output(w); - w = 0; - } - DUMPBITS(8) - } - + flush_output(w); + w = 0; + } + DUMPBITS(8); + } /* restore the globals from the locals */ wp = w; /* restore global window pointer */ @@ -706,10 +707,13 @@ static int __init inflate_stored(void) /* * We use `noinline' here to prevent gcc-3.5 from using too much stack space */ + +/* + * decompress an inflated type 1 (fixed Huffman codes) block. We should + * either replace this with a custom decoder, or at least precompute the + * Huffman tables. + */ static int noinline __init inflate_fixed(void) -/* decompress an inflated type 1 (fixed Huffman codes) block. We should - either replace this with a custom decoder, or at least precompute the - Huffman tables. */ { int i; /* temporary variable */ struct huft *tl; /* literal/length code table */ @@ -752,7 +756,6 @@ static int noinline __init inflate_fixed(void) return i; } - /* decompress until an end-of-block code */ if (inflate_codes(tl, td, bl, bd)) { free(l); @@ -766,12 +769,12 @@ static int noinline __init inflate_fixed(void) return 0; } - /* * We use `noinline' here to prevent gcc-3.5 from using too much stack space */ -static int noinline __init inflate_dynamic(void) + /* decompress an inflated type 2 (dynamic Huffman codes) block. */ +static int noinline __init inflate_dynamic(void) { int i; /* temporary variables */ unsigned j; @@ -801,32 +804,31 @@ static int noinline __init inflate_dynamic(void) b = bb; k = bk; - /* read in table lengths */ - NEEDBITS(5) - nl = 257 + ((unsigned)b & 0x1f); /* number of literal/length codes */ - DUMPBITS(5) - NEEDBITS(5) - nd = 1 + ((unsigned)b & 0x1f); /* number of distance codes */ - DUMPBITS(5) - NEEDBITS(4) - nb = 4 + ((unsigned)b & 0xf); /* number of bit length codes */ - DUMPBITS(4) - if (nl > 286 || nd > 30) - { - ret = 1; /* bad lengths */ - goto out; - } + NEEDBITS(5); + nl = 257 + ((unsigned)b & 0x1f); /* number of literal/length codes */ + DUMPBITS(5); + NEEDBITS(5); + nd = 1 + ((unsigned)b & 0x1f); /* number of distance codes */ + DUMPBITS(5); + NEEDBITS(4); + nb = 4 + ((unsigned)b & 0xf); /* number of bit length codes */ + DUMPBITS(4); + if (nl > 286 || nd > 30) + { + ret = 1; /* bad lengths */ + goto out; + } DEBG("dyn1 "); /* read in bit-length-code lengths */ for (j = 0; j < nb; j++) { - NEEDBITS(3) - ll[border[j]] = (unsigned)b & 7; - DUMPBITS(3) - } + NEEDBITS(3); + ll[border[j]] = (unsigned)b & 7; + DUMPBITS(3); + } for (; j < 19; j++) ll[border[j]] = 0; @@ -850,46 +852,46 @@ static int noinline __init inflate_dynamic(void) i = l = 0; while ((unsigned)i < n) { - NEEDBITS((unsigned)bl) - j = (td = tl + ((unsigned)b & m))->b; - DUMPBITS(j) - j = td->v.n; + NEEDBITS((unsigned)bl); + j = (td = tl + ((unsigned)b & m))->b; + DUMPBITS(j); + j = td->v.n; if (j < 16) /* length of code in bits (0..15) */ ll[i++] = l = j; /* save last length in l */ else if (j == 16) /* repeat last length 3 to 6 times */ { - NEEDBITS(2) - j = 3 + ((unsigned)b & 3); - DUMPBITS(2) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } + NEEDBITS(2); + j = 3 + ((unsigned)b & 3); + DUMPBITS(2); + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } while (j--) ll[i++] = l; } else if (j == 17) /* 3 to 10 zero length codes */ { - NEEDBITS(3) - j = 3 + ((unsigned)b & 7); - DUMPBITS(3) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } + NEEDBITS(3); + j = 3 + ((unsigned)b & 7); + DUMPBITS(3); + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } while (j--) ll[i++] = 0; l = 0; } else /* j == 18: 11 to 138 zero length codes */ { - NEEDBITS(7) - j = 11 + ((unsigned)b & 0x7f); - DUMPBITS(7) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } + NEEDBITS(7); + j = 11 + ((unsigned)b & 0x7f); + DUMPBITS(7); + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } while (j--) ll[i++] = 0; l = 0; @@ -928,67 +930,64 @@ static int noinline __init inflate_dynamic(void) DEBG("dyn5d "); if (i == 1) { error("incomplete distance tree"); - huft_free(td); + huft_free(td); + } + huft_free(tl); + ret = i; /* incomplete code set */ + goto out; } - huft_free(tl); - ret = i; /* incomplete code set */ - goto out; -} -DEBG("dyn6 "); + DEBG("dyn6 "); - /* decompress until an end-of-block code */ -if (inflate_codes(tl, td, bl, bd)) { - ret = 1; - goto out; -} + /* decompress until an end-of-block code */ + if (inflate_codes(tl, td, bl, bd)) { + ret = 1; + goto out; + } -DEBG("dyn7 "); + DEBG("dyn7 "); - /* free the decoding tables, return */ -huft_free(tl); -huft_free(td); + /* free the decoding tables, return */ + huft_free(tl); + huft_free(td); -DEBG(">"); -ret = 0; -out: -free(ll); -return ret; + DEBG(">"); + ret = 0; + out: + free(ll); + return ret; -underrun: -ret = 4; /* Input underrun */ -goto out; + underrun: + ret = 4; /* Input underrun */ + goto out; } - - -static int __init inflate_block( -int *e /* last block flag */ -) -/* decompress an inflated block */ +/* + * decompress an inflated block + * + * @param e Last block flag + */ +static int __init inflate_block(int *e) { -unsigned t; /* block type */ -register ulg b; /* bit buffer */ -register unsigned k; /* number of bits in bit buffer */ - -DEBG(""); /* bad block type */ return 2; - underrun: + underrun: return 4; /* Input underrun */ } - - -static int __init inflate(void) /* decompress an inflated entry */ +static int __init inflate(void) { int e; /* last block flag */ int r; /* result code */ @@ -1024,7 +1021,6 @@ static int __init inflate(void) bk = 0; bb = 0; - /* decompress until the last block */ do { r = inflate_block(&e); @@ -1043,7 +1039,6 @@ static int __init inflate(void) /* flush out slide */ flush_output(wp); - /* return success */ return 0; } @@ -1059,12 +1054,11 @@ static ulg __initdata crc; /* initialized in makecrc() so it'll reside in bss * #define CRC_VALUE (crc ^ 0xffffffffUL) /* - * Code to compute the CRC-32 table. Borrowed from + * Code to compute the CRC-32 table. Borrowed from * gzip-1.0.3/makecrc.c. */ -static void __init -makecrc(void) +static void __init makecrc(void) { /* Not copyrighted 1990 Mark Adler */ @@ -1167,7 +1161,7 @@ static int __init gunzip(void) if ((flags & ORIG_NAME) != 0) { /* Discard the old name */ while (NEXTBYTE() != 0) /* null */ ; - } + } /* Discard file comment if any */ if ((flags & COMMENT) != 0) { @@ -1196,7 +1190,7 @@ static int __init gunzip(void) } return -1; } - + /* Get the crc and original length */ /* crc32 (see algorithm.doc) * uncompressed input size modulo 2^32 @@ -1205,12 +1199,12 @@ static int __init gunzip(void) orig_crc |= (ulg) NEXTBYTE() << 8; orig_crc |= (ulg) NEXTBYTE() << 16; orig_crc |= (ulg) NEXTBYTE() << 24; - + orig_len = (ulg) NEXTBYTE(); orig_len |= (ulg) NEXTBYTE() << 8; orig_len |= (ulg) NEXTBYTE() << 16; orig_len |= (ulg) NEXTBYTE() << 24; - + /* Validate decompression */ if (orig_crc != CRC_VALUE) { error("crc error"); @@ -1226,3 +1220,12 @@ static int __init gunzip(void) error("out of input data"); return -1; } + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 26 10:44:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 26 Apr 2024 10:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712631.1113432 (Exim 4.92) (envelope-from ) id 1s0J3v-0003YN-AR; Fri, 26 Apr 2024 10:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712631.1113432; Fri, 26 Apr 2024 10:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J3v-0003YF-7j; Fri, 26 Apr 2024 10:44:15 +0000 Received: by outflank-mailman (input) for mailman id 712631; Fri, 26 Apr 2024 10:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J3u-0003Y6-F9 for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J3u-0004WS-Dt for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0J3u-00038Q-9f for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=brBVDTywklvmZV3sgdGUIRR4Pg3vh6qPAXq/m2rMar8=; b=DLZABr31OdfWU2AAff2itij15O dYeGm+nCZtW82dkB+IiM0eAaTO4pxlDVYo2HKxgzZhkqj12Hgt0tZRl8tHbTbBlCq2TasmgbCSzvk 6NrH9859HfHB/XY+oEwlD9vzr4h+X/c/lkKkIteW7TkQXbuZwQT8mfl7n0zBxvErffH4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/entry: shrink insn size for some of our EFLAGS manipulation Message-Id: Date: Fri, 26 Apr 2024 10:44:14 +0000 commit a505890d81efe78659bb3d9d17c141003ff46dc4 Author: Jan Beulich AuthorDate: Fri Apr 26 12:43:01 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 26 12:43:01 2024 +0200 x86/entry: shrink insn size for some of our EFLAGS manipulation Much like was recently done for setting entry vector, and along the lines of what we already had in handle_exception_saved, avoid 32-bit immediates where 8-bit ones do. Reduces .text.entry size by 16 bytes in my non-CET reference build, while in my CET reference build section size doesn't change (there and in .text only padding space increases). Inspired by other long->byte conversion work. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/x86_64/entry.S | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index a4615e1ccb..df015589ce 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -226,7 +226,7 @@ LABEL_LOCAL(.Lrestore_rcx_iret_exit_to_guest) /* No special register assumptions. */ iret_exit_to_guest: andl $~(X86_EFLAGS_IOPL | X86_EFLAGS_VM), EFRAME_eflags(%rsp) - orl $X86_EFLAGS_IF, EFRAME_eflags(%rsp) + orb $X86_EFLAGS_IF >> 8, EFRAME_eflags + 1(%rsp) SPEC_CTRL_COND_VERW /* Req: %rsp=eframe Clob: efl */ @@ -355,7 +355,7 @@ LABEL(sysenter_eflags_saved, 0) /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ - orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) + orb $X86_EFLAGS_IF >> 8, UREGS_eflags + 1(%rsp) mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay @@ -370,11 +370,11 @@ LABEL(sysenter_eflags_saved, 0) cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl - testl $X86_EFLAGS_NT,UREGS_eflags(%rsp) + testb $X86_EFLAGS_NT >> 8, UREGS_eflags + 1(%rsp) leaq VCPU_trap_bounce(%rbx),%rdx UNLIKELY_START(nz, sysenter_nt_set) pushfq - andl $~X86_EFLAGS_NT,(%rsp) + andb $~(X86_EFLAGS_NT >> 8), 1(%rsp) popfq UNLIKELY_END(sysenter_nt_set) testq %rax,%rax -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 26 10:44:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 26 Apr 2024 10:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712632.1113436 (Exim 4.92) (envelope-from ) id 1s0J46-0003bD-Bu; Fri, 26 Apr 2024 10:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712632.1113436; Fri, 26 Apr 2024 10:44:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J46-0003b5-9F; Fri, 26 Apr 2024 10:44:26 +0000 Received: by outflank-mailman (input) for mailman id 712632; Fri, 26 Apr 2024 10:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J44-0003ap-QO for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J44-0004Ww-MZ for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0J44-000393-Fw for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=co6tzFzQZzjPg/QXOTmRCZo3UMNnW8hcZcSh0eAmZVg=; b=MS7IJo0cgG0QNRxO+oyBxrVGjU 0dqlzFuDG6ii1YmvY53FsFmoVf6dio0NguRt0K+X1Ks8zQVvJ/n2BtnDkGKkAN4RUYxuEcwkt+4oi AFB0hxIbokiZ22rqMoIW1h2TzmMidUy6vFWweAZ/FeNop/JFKqct8d6j09Skb5d6wGEM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/spinlock: use correct pointer Message-Id: Date: Fri, 26 Apr 2024 10:44:24 +0000 commit 13893a58e28d0fee355ec299216568e4ab1c2c23 Author: Stewart Hildebrand AuthorDate: Fri Apr 26 12:43:24 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 26 12:43:24 2024 +0200 xen/spinlock: use correct pointer The ->profile member is at different offsets in struct rspinlock and struct spinlock. When initializing the profiling bits of an rspinlock, an unrelated member in struct rspinlock was being overwritten, leading to mild havoc. Use the correct pointer. Fixes: b053075d1a7b ("xen/spinlock: make struct lock_profile rspinlock_t aware") Signed-off-by: Stewart Hildebrand Reviewed-by: Jan Beulich --- xen/common/spinlock.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 558ea7ac35..28c6e9d3ac 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -789,7 +789,11 @@ static int __init cf_check lock_prof_init(void) { (*q)->next = lock_profile_glb_q.elem_q; lock_profile_glb_q.elem_q = *q; - (*q)->ptr.lock->profile = *q; + + if ( (*q)->is_rlock ) + (*q)->ptr.rlock->profile = *q; + else + (*q)->ptr.lock->profile = *q; } _lock_profile_register_struct(LOCKPROF_TYPE_GLOBAL, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Fri Apr 26 10:44:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Fri, 26 Apr 2024 10:44:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.712633.1113441 (Exim 4.92) (envelope-from ) id 1s0J4G-0003eH-Dt; Fri, 26 Apr 2024 10:44:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 712633.1113441; Fri, 26 Apr 2024 10:44:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J4G-0003e9-Ah; Fri, 26 Apr 2024 10:44:36 +0000 Received: by outflank-mailman (input) for mailman id 712633; Fri, 26 Apr 2024 10:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J4E-0003dg-QD for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0J4E-0004X5-PN for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0J4E-00039X-Oa for xen-changelog@lists.xenproject.org; Fri, 26 Apr 2024 10:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=TS6NW8HKQHB8gQa5YMlv2iielKXyNIVXak/cddhbwjU=; b=GVbqtosGCedgNlp8pB62hkN6zg 9eJzCl5UTo4mi6ka93EwQkkKOYSwxqjk8hX+IQW8L8wYpK3sy0+ylyzZah+L17nUJq2I8LDsHd8j6 eEavxwnVqxINopEZ+ZDKY9FRPzjTeBxXKC63zqIffSFHe7lWZ9uii4/LUMNKQP6R7LmA=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen-livepatch: fix --force option comparison Message-Id: Date: Fri, 26 Apr 2024 10:44:34 +0000 commit be5b08dd6ea6ef0f01caf537bdae125fa66a2230 Author: Roger Pau Monné AuthorDate: Fri Apr 26 12:43:44 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 26 12:43:44 2024 +0200 xen-livepatch: fix --force option comparison The check for --force option shouldn't be against 0. Reported-by: Jan Beulich Fixes: 62a72092a517 ('livepatch: introduce --force option') Signed-off-by: Roger Pau Monné Acked-by: Anthony PERARD Reviewed-by: Ross Lagerwall --- tools/misc/xen-livepatch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/misc/xen-livepatch.c b/tools/misc/xen-livepatch.c index c16fb6862d..f406ea1373 100644 --- a/tools/misc/xen-livepatch.c +++ b/tools/misc/xen-livepatch.c @@ -576,7 +576,7 @@ int main(int argc, char *argv[]) return 0; } - if ( strcmp("--force", argv[1]) ) + if ( !strcmp("--force", argv[1]) ) { if ( argc <= 2 ) { -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:44:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:44:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713212.1114247 (Exim 4.92) (envelope-from ) id 1s0bn1-00086S-KZ; Sat, 27 Apr 2024 06:44:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713212.1114247; Sat, 27 Apr 2024 06:44:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bn1-00086L-Hr; Sat, 27 Apr 2024 06:44:03 +0000 Received: by outflank-mailman (input) for mailman id 713212; Sat, 27 Apr 2024 06:44:01 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bmz-00086F-Qr for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bmz-0002be-Oc for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bmz-0007qf-N8 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=5BruNgsnSNcA0ui+Z+Aay396ZyhC0zz6/ZGqBFqiUnI=; b=URxIvmaSK8KSE9rl5q+7XX7wa8 Gzpp/edidlyirD3hKYta+WsdecBACq90FN79PuTCS0VHd8U6xqx1KfhGxcQThS0dlVt2FNfvvgQ1U HlXfBGZ05lt9vCTc3JysVaOzCTGZuPGGwp7A9Vuze3PqR56zowT0PB63Tu9JlM7dXHCE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] hotplug: Update block-tap Message-Id: Date: Sat, 27 Apr 2024 06:44:01 +0000 commit 76a484193dbb6a11b101c1d01a5088f468f93080 Author: Jason Andryuk AuthorDate: Thu Apr 25 09:46:56 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:46:56 2024 +0200 hotplug: Update block-tap Implement a sharing check like the regular block script. Checking tapback inside block-tap is too late since it needs to be running to transition the backend to InitWait before block-tap is run. tap-ctl check will be removed when the requirement for the blktap kernel driver is removed. Remove it now as it is of limited use. find_device() needs to be non-fatal allow a sharing check. Only write physical-device-path because that is all that tapback needs. Also write_dev doesn't handled files and would incorrectly store physical-device as 0:0 which would confuse the minor inside tapback Signed-off-by: Jason Andryuk Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/hotplug/Linux/block-tap | 169 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 157 insertions(+), 12 deletions(-) diff --git a/tools/hotplug/Linux/block-tap b/tools/hotplug/Linux/block-tap index 89247921b9..126e472786 100755 --- a/tools/hotplug/Linux/block-tap +++ b/tools/hotplug/Linux/block-tap @@ -18,11 +18,11 @@ # # Usage: # -# Target should be specified using the following syntax: +# Disks should be specified using the following syntax: # -# script=block-tap,vdev=xvda,target=: +# vdev=xvda,backendtype=tap,format=vhd,target=/srv/target.vhd # -# Type is either "aio" (for raw files), or "vhd" +# format is either "aio" (for raw files), or "vhd" dir=$(dirname "$0") . "$dir/block-common.sh" @@ -37,10 +37,6 @@ check_tools() if ! command -v tap-ctl > /dev/null 2>&1; then fatal "Unable to find tap-ctl tool" fi - modprobe blktap - if ! tap-ctl check >& /dev/null ; then - fatal "Blocktap kernel module not available" - fi } # Sets the following global variables based on the params field passed in as @@ -81,7 +77,109 @@ find_device() done if [ -z "$pid" ] || [ -z "$minor" ]; then - fatal "cannot find required parameters" + return 1 + fi + + return 0 +} + +count_using() +{ + local file="$1" + local dom + local dev + local f + + local i=0 + local base_path="$XENBUS_BASE_PATH/$XENBUS_TYPE" + for dom in $(xenstore-list "$base_path") + do + for dev in $(xenstore-list "$base_path/$dom") + do + f=$(xenstore_read_default "$base_path/$dom/$dev/params" "") + f=$(echo "$f" | cut -d ":" -f 2) + + if [ -n "$f" ] && [ "$file" = $f ] ; then + i=$(( i + 1 )) + fi + done + done + + echo "$i" +} + +# tap_shared is used to determine if a shared tap can be closed +# Since a stubdom and a guest both use the same tap, it can only +# be freed when there is a single one left. +tap_shared() { + [ $( count_using "$file" ) -gt 1 ] +} + +check_tap_sharing() +{ + local file="$1" + local mode="$2" + local dom + local dev + + local base_path="$XENBUS_BASE_PATH/$XENBUS_TYPE" + for dom in $(xenstore-list "$base_path") ; do + for dev in $(xenstore-list "$base_path/$dom") ; do + local f=$(xenstore_read_default "$base_path/$dom/$dev/params" "") + f=$(echo "$f" | cut -d ":" -f 2) + + if [ -n "$f" ] && [ "$file" = "$f" ] ; then + if [ "$mode" = 'w' ] ; then + if ! same_vm $dom ; then + echo "guest $f" + return + fi + else + local m=$(xenstore_read_default "$base_path/$dom/$dev/mode" + "") + m=$(canonicalise_mode "$m") + + if [ "$m" = 'w' ] ; then + if ! same_vm $dom ; then + echo "guest $f" + return + fi + fi + fi + fi + done + done + + echo 'ok' +} + +tap_create() +{ + if ! minor=$( tap-ctl allocate ) ; then + fatal "Could not allocate minor" + fi + + # Handle with or without kernel blktap + minor=${minor#/run/blktap-control/tapdisk/tapdisk-} + minor=${minor#/dev/xen/blktap-2/tapdev} + + # tap-ctl is spawning tapdisk which would hold the _lockfd open. + # Ensure it is closed before running tap-ctl spawn, which needs to be + # done in a subshell to continue holding the lock in the parent. + if ! pid=$( ( eval "exec $_lockfd>&-" ; tap-ctl spawn ) ) ; then + tap-ctl free -m "$minor" + fatal "Could not spawn tapdisk for $minor" + fi + + if ! tap-ctl attach -p "$pid" -m "$minor" ; then + tap-ctl free -m "$minor" + fatal "Could not attach $pid and $minor" + fi + + if ! tap-ctl open -p "$pid" -m "$minor" -a "$target" ; then + tap-ctl detach -p "$pid" -m "$minor" + tap-ctl free -m "$minor" + fatal "Could not open \"$target\"" fi } @@ -89,15 +187,54 @@ find_device() # the device add() { - dev=$(tap-ctl create -a $target) - write_dev $dev + local result + + claim_lock "block" + + if find_device; then + result=$( check_tap_sharing "$file" "$mode" ) + if [ "$result" != "ok" ] ; then + do_ebusy "tap $type file $file in use " "$mode" "${result%% *}" + fi + else + tap_create + fi + + # Create nbd unix path. find_device/tap_create set pid & minor + dev=$( printf "/run/blktap-control/nbd%ld.%d" "$pid" "$minor" ) + + xenstore_write "$XENBUS_PATH/pid" "$pid" + xenstore_write "$XENBUS_PATH/minor" "$minor" + # dev, as a unix socket, would end up with major:minor 0:0 in + # physical-device if write_dev were used. tapback would be thrown off by + # that incorrect minor, so just skip writing physical-device. + xenstore_write "$XENBUS_PATH/physical-device-path" "$dev" + + success + + release_lock "block" } # Disconnects the device remove() { - find_device - do_or_die tap-ctl destroy -p ${pid} -m ${minor} > /dev/null + local minor + local pid + + claim_lock "block" + + if tap_shared ; then + return + fi + + minor=$( xenstore_read "$XENBUS_PATH/minor" ) + pid=$( xenstore_read "$XENBUS_PATH/pid" ) + + [ -n "$minor" ] || fatal "minor missing" + [ -n "$pid" ] || fatal "pid missing" + do_or_die tap-ctl destroy -p "$pid" -m "$minor" > /dev/null + + release_lock "block" } command=$1 @@ -110,6 +247,14 @@ parse_target "$target" check_tools || exit 1 +mode=$( xenstore_read $XENBUS_PATH/mode ) +mode=$( canonicalise_mode $mode ) + +# needed for same_vm +FRONTEND_ID=$(xenstore_read "$XENBUS_PATH/frontend-id") +FRONTEND_UUID=$(xenstore_read_default \ + "/local/domain/$FRONTEND_ID/vm" 'unknown') + case $command in add) add -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:44:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713213.1114251 (Exim 4.92) (envelope-from ) id 1s0bnB-000884-Ma; Sat, 27 Apr 2024 06:44:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713213.1114251; Sat, 27 Apr 2024 06:44:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bnB-00087x-Jb; Sat, 27 Apr 2024 06:44:13 +0000 Received: by outflank-mailman (input) for mailman id 713213; Sat, 27 Apr 2024 06:44:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bn9-00087n-Vf for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:11 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bn9-0002bs-Um for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:11 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bn9-0007rG-Qx for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:11 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=VafQ5l/eeLgbE2VxgSmtZO/OYzK9nISed7ADs4tOwX4=; b=Z4uOB8xLK4ugV8CkpHlgEi61bd C0UNVXDgVpzT98a5qTbF2rH1U9jM3RlOJgAwThHrqSFxyqc74CKjK90wlsSUNHN0dVH2MD57Ezpf8 yzOp8P6/5ypyE3HQw/Rzht1lSqA74tvGgFtLVCSYhyHAurxKehjznMKn6M5k3klP5FcM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libxl: Support blktap with HVM device model Message-Id: Date: Sat, 27 Apr 2024 06:44:11 +0000 commit d7c4d59b51929451a047e0fb62b229c67d6dd7be Author: Jason Andryuk AuthorDate: Thu Apr 25 09:47:52 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:47:52 2024 +0200 libxl: Support blktap with HVM device model blktap exposes disks over UNIX socket Network Block Device (NBD). Modify libxl__device_disk_find_local_path() to provide back the QEMU-formatted NBD path. This allows tapdisk to be used for booting an HVM. Use the nbd+unix:/// format specified by the protocol at https://github.com/NetworkBlockDevice/nbd/blob/master/doc/uri.md Signed-off-by: Jason Andryuk Signed-off-by: Jason Andryuk Reviewed-by: Anthony PERARD --- tools/libs/light/libxl_disk.c | 18 ++++++++++++++---- tools/libs/light/libxl_dm.c | 1 - 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/tools/libs/light/libxl_disk.c b/tools/libs/light/libxl_disk.c index fa7856f28c..1f1e5c6567 100644 --- a/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c @@ -1361,7 +1361,8 @@ char *libxl__device_disk_find_local_path(libxl__gc *gc, * If the format isn't raw and / or we're using a script, then see * if the script has written a path to the "cooked" node */ - if (disk->script && guest_domid != INVALID_DOMID) { + if ((disk->script && guest_domid != INVALID_DOMID) || + disk->backend == LIBXL_DISK_BACKEND_TAP) { libxl__device device; char *be_path, *pdpath; int rc; @@ -1381,10 +1382,19 @@ char *libxl__device_disk_find_local_path(libxl__gc *gc, LOGD(DEBUG, guest_domid, "Attempting to read node %s", pdpath); path = libxl__xs_read(gc, XBT_NULL, pdpath); - if (path) + if (path) { LOGD(DEBUG, guest_domid, "Accessing cooked block device %s", path); - else - LOGD(DEBUG, guest_domid, "No physical-device-path, can't access locally."); + + /* tapdisk exposes disks locally over UNIX socket NBD. */ + if (disk->backend == LIBXL_DISK_BACKEND_TAP) { + path = libxl__sprintf(gc, "nbd+unix:///?socket=%s", path); + LOGD(DEBUG, guest_domid, + "Directly accessing local TAP target %s", path); + } + } else { + LOGD(DEBUG, guest_domid, + "No physical-device-path, can't access locally."); + } goto out; } diff --git a/tools/libs/light/libxl_dm.c b/tools/libs/light/libxl_dm.c index 567ae1ec7e..ff8ddeec9a 100644 --- a/tools/libs/light/libxl_dm.c +++ b/tools/libs/light/libxl_dm.c @@ -1915,7 +1915,6 @@ static int libxl__build_device_model_args_new(libxl__gc *gc, continue; } - assert(disks[i].backend != LIBXL_DISK_BACKEND_TAP); target_path = libxl__device_disk_find_local_path(gc, guest_domid, &disks[i], true); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:44:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:44:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713214.1114254 (Exim 4.92) (envelope-from ) id 1s0bnL-0008AS-Ni; Sat, 27 Apr 2024 06:44:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713214.1114254; Sat, 27 Apr 2024 06:44:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bnL-0008AL-L3; Sat, 27 Apr 2024 06:44:23 +0000 Received: by outflank-mailman (input) for mailman id 713214; Sat, 27 Apr 2024 06:44:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bnK-0008AB-2o for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bnK-0002cB-28 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bnK-0007ri-0j for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xmSSNrbRAZlcq2oofjdQrB04rrVOmpo3alP+D7LGS30=; b=wEH1BhxoaBSOmwp0zbewJ9PxYy 40V74Bc3tot+41pNmM0ZFuiSC7+gn0VLVrr0sKXTcQSxCxzgDyi7Y1y9yZlfEBk8x7aqRR4ys91Sz eXvORDqflYVkFnoMFq7gDAFQTodQUW27r1OIcQcBoblewLDBi1X8P3bvnFZucxesUuwI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] libelf: address violations of MISRA C Rule 20.7 Message-Id: Date: Sat, 27 Apr 2024 06:44:22 +0000 commit 8189230d80ec109e4d228e5fd72404a38cfea96f Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:48:11 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:48:11 2024 +0200 libelf: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/common/libelf/libelf-private.h | 2 +- xen/include/xen/libelf.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/libelf/libelf-private.h b/xen/common/libelf/libelf-private.h index 98cac65bc5..197d7a7623 100644 --- a/xen/common/libelf/libelf-private.h +++ b/xen/common/libelf/libelf-private.h @@ -26,7 +26,7 @@ /* we would like to use elf->log_callback but we can't because * there is no vprintk in Xen */ #define elf_msg(elf, fmt, args ... ) \ - if (elf->verbose) printk(fmt, ## args ) + if ((elf)->verbose) printk(fmt, ## args ) #define elf_err(elf, fmt, args ... ) \ printk(fmt, ## args ) diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h index 9ac530acc2..a0675a4dc3 100644 --- a/xen/include/xen/libelf.h +++ b/xen/include/xen/libelf.h @@ -288,7 +288,7 @@ bool elf_access_ok(struct elf_binary * elf, #define elf_store_val(elf, type, ptr, val) \ ({ \ typeof(type) elf_store__val = (val); \ - elf_ptrval elf_store__targ = ptr; \ + elf_ptrval elf_store__targ = (ptr); \ if (elf_access_ok((elf), elf_store__targ, \ sizeof(elf_store__val))) { \ elf_memcpy_unchecked((void*)elf_store__targ, &elf_store__val, \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:44:33 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:44:33 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713215.1114261 (Exim 4.92) (envelope-from ) id 1s0bnV-0008Cn-Qe; Sat, 27 Apr 2024 06:44:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713215.1114261; Sat, 27 Apr 2024 06:44:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bnV-0008Cf-Mx; Sat, 27 Apr 2024 06:44:33 +0000 Received: by outflank-mailman (input) for mailman id 713215; Sat, 27 Apr 2024 06:44:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bnU-0008CV-7s for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bnU-0002cL-6u for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bnU-0007sP-4H for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=31TV2i0O5S6QUuArpAwduK/VlNnMIedezEkuvnTxIWg=; b=l/f1yYLItOdeMi15KnQwgaGzUd 4gQDiFNdHx+OCD1CUmDJ9SSKFDGdty32nyed4xoRgGHQEggtlvncy5LdG21cLrtYlp516ZnAsOQ7V 0+JmBMfwOZNyBbv/8Q4ggSe6flHXjIswfgsvd5FlHdb2DqrKCtzx1FNwm3+O3DECHBhs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/page-defs: address violation of MISRA C Rule 20.7 Message-Id: Date: Sat, 27 Apr 2024 06:44:32 +0000 commit 0d02b75d7cd3a24989d7982f6a0b0c8da580074e Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:49:04 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:49:04 2024 +0200 xen/page-defs: address violation of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/include/xen/page-defs.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/include/xen/page-defs.h b/xen/include/xen/page-defs.h index 540f8b0b64..682da6b7b4 100644 --- a/xen/include/xen/page-defs.h +++ b/xen/include/xen/page-defs.h @@ -4,7 +4,8 @@ /* Helpers for different page granularities. */ #define PAGE_SIZE_GRAN(gran) ((paddr_t)1 << PAGE_SHIFT_##gran) #define PAGE_MASK_GRAN(gran) (-PAGE_SIZE_GRAN(gran)) -#define PAGE_ALIGN_GRAN(gran, addr) ((addr + ~PAGE_MASK_##gran) & PAGE_MASK_##gran) +#define PAGE_ALIGN_GRAN(gran, addr) (((addr) + ~PAGE_MASK_##gran) & \ + PAGE_MASK_##gran) #define PAGE_SHIFT_4K 12 #define PAGE_SIZE_4K PAGE_SIZE_GRAN(4K) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:44:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:44:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713216.1114263 (Exim 4.92) (envelope-from ) id 1s0bnf-0008FY-RP; Sat, 27 Apr 2024 06:44:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713216.1114263; Sat, 27 Apr 2024 06:44:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bnf-0008FQ-OR; Sat, 27 Apr 2024 06:44:43 +0000 Received: by outflank-mailman (input) for mailman id 713216; Sat, 27 Apr 2024 06:44:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bne-0008F6-BR for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bne-0002cp-9o for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bne-0007tB-93 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=AbCy2q1CgKsBR95dVzAMd6U0tVQDoFzXFnYa0TbVBfU=; b=tTP7h15xoYAoEymRlVkqZ2OFJP KtEE2bvSKlY6i4fn17dhlRaM/LQX1dM33b89BLUF8OMeAuujHJyw7s7uhNpCxnExM0XmdTgePoaEB Djwa2iqMETB0SXmRLDK68nwi5xnZq2IAB9QkOkz52c8pz1pDNoQJUSsdgaFm77uQ8C0g=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/spinlock: address violations of MISRA C Rule 20.7 Message-Id: Date: Sat, 27 Apr 2024 06:44:42 +0000 commit 489d13da935de56bc593889bc756b71106aff190 Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:49:34 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:49:34 2024 +0200 xen/spinlock: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/common/spinlock.c | 2 +- xen/include/xen/spinlock.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 5aa9ba6188..558ea7ac35 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -269,7 +269,7 @@ void spin_debug_disable(void) profile->lock_cnt++; \ } #define LOCK_PROFILE_VAR(var, val) s_time_t var = (val) -#define LOCK_PROFILE_BLOCK(var) var = var ? : NOW() +#define LOCK_PROFILE_BLOCK(var) (var) = (var) ? : NOW() #define LOCK_PROFILE_BLKACC(tst, val) \ if ( tst ) \ { \ diff --git a/xen/include/xen/spinlock.h b/xen/include/xen/spinlock.h index 18793c5e29..8825affb25 100644 --- a/xen/include/xen/spinlock.h +++ b/xen/include/xen/spinlock.h @@ -141,7 +141,7 @@ struct lock_profile_qhead { } \ prof->name = #l; \ prof->ptr.lockptr = &(s)->l; \ - prof->is_rlock = isr; \ + prof->is_rlock = (isr); \ prof->next = (s)->profile_head.elem_q; \ (s)->profile_head.elem_q = prof; \ } while( 0 ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:44:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:44:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713217.1114266 (Exim 4.92) (envelope-from ) id 1s0bnp-0008IE-SV; Sat, 27 Apr 2024 06:44:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713217.1114266; Sat, 27 Apr 2024 06:44:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bnp-0008I6-Pu; Sat, 27 Apr 2024 06:44:53 +0000 Received: by outflank-mailman (input) for mailman id 713217; Sat, 27 Apr 2024 06:44:52 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bno-0008Hw-DU for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:52 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bno-0002d2-Ch for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:52 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bno-0007to-Bu for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:44:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=dRG2cSHEuS8F8XdkE3kGBOaANXny5wuewp1i/5g2cA0=; b=kO0gXQGLz0HFlBvqO+7pRJw4sd jV37qSPJ4vovUSTm/qnKtAYBPM36cAR2hrnyH90PamI4ouZ7Yzw922KGZ4bjTyHwNeT79P8ik7gOG aVgUD9dR+5bok013kjIXivZinQ0puH0a4WZHXfvcZLcojphaD/7uZFr3gUdF/aiFuCCs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/pci: address violation of MISRA C Rule 20.7 Message-Id: Date: Sat, 27 Apr 2024 06:44:52 +0000 commit 0440fcad2aa665479c8ffebdd17f31fcf4c55b5d Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:50:03 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:50:03 2024 +0200 x86/pci: address violation of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/include/asm/pci.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/include/asm/pci.h b/xen/arch/x86/include/asm/pci.h index 6bfe87e278..fd5480d67d 100644 --- a/xen/arch/x86/include/asm/pci.h +++ b/xen/arch/x86/include/asm/pci.h @@ -8,10 +8,10 @@ #define CF8_ADDR_HI(cf8) ( ((cf8) & 0x0f000000U) >> 16) #define CF8_ENABLED(cf8) (!!((cf8) & 0x80000000U)) -#define IS_SNB_GFX(id) (id == 0x01068086 || id == 0x01168086 \ - || id == 0x01268086 || id == 0x01028086 \ - || id == 0x01128086 || id == 0x01228086 \ - || id == 0x010A8086 ) +#define IS_SNB_GFX(id) ((id) == 0x01068086 || (id) == 0x01168086 \ + || (id) == 0x01268086 || (id) == 0x01028086 \ + || (id) == 0x01128086 || (id) == 0x01228086 \ + || (id) == 0x010A8086 ) struct arch_pci_dev { vmask_t used_vectors; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:45:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:45:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713218.1114271 (Exim 4.92) (envelope-from ) id 1s0bo0-0008Kv-0t; Sat, 27 Apr 2024 06:45:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713218.1114271; Sat, 27 Apr 2024 06:45:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bnz-0008Kn-UH; Sat, 27 Apr 2024 06:45:03 +0000 Received: by outflank-mailman (input) for mailman id 713218; Sat, 27 Apr 2024 06:45:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bny-0008Kc-Hc for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bny-0002dd-Gh for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bny-0007ud-Ev for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=+jOEHd1/h6szLjoZ1ZAbx/U4M8ixaAoGIdd/jcaDNWw=; b=a2TAFdmaQSXtpB9qst2olP0J9+ yG22MirOw7MVk/CKzYVr43MMvGVvqFqhVhkp2B1f87nX3AoXvjNZkCARnMgazL/ugXCXjgKAoFpOa veF9kufkb+BklqUtoD0gMFYvJWMpFzyx9vgT48fDFLulzsLlZSIuBseLfxl7WQLigZls=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/acpi: address violations of MISRA Rule 20.7 Message-Id: Date: Sat, 27 Apr 2024 06:45:02 +0000 commit 4f900035a4a8373805dd94e4247b4645d26f8c6d Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:50:33 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:50:33 2024 +0200 x86/acpi: address violations of MISRA Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/acpi/power.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index c6fa810a6b..610937f42e 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -422,12 +422,12 @@ static void tboot_sleep(u8 sleep_state) { uint32_t shutdown_type; -#define TB_COPY_GAS(tbg, g) \ - tbg.space_id = g.space_id; \ - tbg.bit_width = g.bit_width; \ - tbg.bit_offset = g.bit_offset; \ - tbg.access_width = g.access_width; \ - tbg.address = g.address; +#define TB_COPY_GAS(tbg, g) \ + (tbg).space_id = (g).space_id; \ + (tbg).bit_width = (g).bit_width; \ + (tbg).bit_offset = (g).bit_offset; \ + (tbg).access_width = (g).access_width; \ + (tbg).address = (g).address; /* sizes are not same (due to packing) so copy each one */ TB_COPY_GAS(g_tboot_shared->acpi_sinfo.pm1a_cnt_blk, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:45:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:45:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713219.1114275 (Exim 4.92) (envelope-from ) id 1s0boA-0008OY-2K; Sat, 27 Apr 2024 06:45:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713219.1114275; Sat, 27 Apr 2024 06:45:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bo9-0008OQ-Vv; Sat, 27 Apr 2024 06:45:13 +0000 Received: by outflank-mailman (input) for mailman id 713219; Sat, 27 Apr 2024 06:45:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bo8-0008O6-Ki for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bo8-0002dv-Jw for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bo8-0007vC-Iz for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ix5XGSTxJKvZElPN6S5P8a3lYNb6FCle5Q8s85U+vzg=; b=PxtAA8vMZ0fXiMHUXbYjN202PT P3MARdQjsVMBVlqhNlL97vbuVY8+q8WFEzyj3qBTUJAlfCasTcdZFfcFOgVu2HqDNJDkLAOxi9Sqk R/dR1zInwj2q3RuhVz9+aB0WvUBkTtQoiggP0MlcPezjmgGPoxmum8DtMBxfafg/389A=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/vhpet: address violations of MISRA C Rule 20.7 Message-Id: Date: Sat, 27 Apr 2024 06:45:12 +0000 commit c717d52a5d7aacfba768a7a2956ea9b634f295b7 Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:50:55 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:50:55 2024 +0200 x86/vhpet: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/hvm/hpet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/hvm/hpet.c b/xen/arch/x86/hvm/hpet.c index 1db9c0b60e..5f456221cb 100644 --- a/xen/arch/x86/hvm/hpet.c +++ b/xen/arch/x86/hvm/hpet.c @@ -43,11 +43,11 @@ ((s_time_t)((((tick) > (h)->hpet_to_ns_limit) ? \ ~0ULL : (tick) * (h)->hpet_to_ns_scale) >> 10)) -#define timer_config(h, n) (h->hpet.timers[n].config) +#define timer_config(h, n) ((h)->hpet.timers[n].config) #define timer_enabled(h, n) (timer_config(h, n) & HPET_TN_ENABLE) #define timer_is_periodic(h, n) (timer_config(h, n) & HPET_TN_PERIODIC) #define timer_is_32bit(h, n) (timer_config(h, n) & HPET_TN_32BIT) -#define hpet_enabled(h) (h->hpet.config & HPET_CFG_ENABLE) +#define hpet_enabled(h) ((h)->hpet.config & HPET_CFG_ENABLE) #define timer_level(h, n) (timer_config(h, n) & HPET_TN_LEVEL) #define timer_int_route(h, n) MASK_EXTR(timer_config(h, n), HPET_TN_ROUTE) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:45:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:45:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713220.1114278 (Exim 4.92) (envelope-from ) id 1s0boK-0008SK-3v; Sat, 27 Apr 2024 06:45:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713220.1114278; Sat, 27 Apr 2024 06:45:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0boK-0008SC-1E; Sat, 27 Apr 2024 06:45:24 +0000 Received: by outflank-mailman (input) for mailman id 713220; Sat, 27 Apr 2024 06:45:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0boI-0008Rx-Nl for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0boI-0002e4-N0 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0boI-0007vh-M8 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BCL4769bGGMtevAJigtF/aNbIdo3rTGGHFzx7c3lbpk=; b=k4bExoMLrHwD2qAi+mqiWSmLTf Vrj9olutIR/ZJOZMZzG4eYOUVINS0k1nFKLRrGgXJMtxT8CEhYpKbL6MvFDi2qvR+3iRec4g3ypbS uT3W23PU0eFAlsH696IcdIIc0URdK4CHt0uuYpgOaIOHo2Pin1C7QV1aA9svzKfDjCJk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/debugreg: address violation of MISRA C Rule 20.7 Message-Id: Date: Sat, 27 Apr 2024 06:45:22 +0000 commit 445f66fe00a0a899610bd9217c796721d0054a94 Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:51:13 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:51:13 2024 +0200 x86/debugreg: address violation of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/include/asm/debugreg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/include/asm/debugreg.h b/xen/arch/x86/include/asm/debugreg.h index 2bdaf5d9aa..96c406ad53 100644 --- a/xen/arch/x86/include/asm/debugreg.h +++ b/xen/arch/x86/include/asm/debugreg.h @@ -67,7 +67,7 @@ #define DR_GENERAL_DETECT (0x00002000UL) /* General detect enable */ #define write_debugreg(reg, val) do { \ - unsigned long __val = val; \ + unsigned long __val = (val); \ asm volatile ( "mov %0,%%db" #reg : : "r" (__val) ); \ } while (0) #define read_debugreg(reg) ({ \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:45:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:45:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713221.1114283 (Exim 4.92) (envelope-from ) id 1s0boU-0008VP-5j; Sat, 27 Apr 2024 06:45:34 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713221.1114283; Sat, 27 Apr 2024 06:45:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0boU-0008VH-2j; Sat, 27 Apr 2024 06:45:34 +0000 Received: by outflank-mailman (input) for mailman id 713221; Sat, 27 Apr 2024 06:45:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0boS-0008Ur-R7 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0boS-0002eG-QC for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0boS-0007xh-PI for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=n3EmU3aTCDlb451PyvjsIg4wl0yOuz8ekLMublEMWwM=; b=QkZoSZ5GuHkLE4aJk+2QBE4RIX 4i/kHdZnHjfgFFC+hGOu+RPM3eaTZg+myzqxlMMiglJQPuUlCSKwuQrl01sQv1Qh0M2vZa602xMKF ZfoymtoDM7C3QvME9RHSU1wEYYFOCJTwsNYHUVmGSgH4Ye01p+theO+J/J5fdUhvIZwU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/mm: address violations of MISRA C Rule 20.7 Message-Id: Date: Sat, 27 Apr 2024 06:45:32 +0000 commit 4a75f2ffc034544e383652e1485e13709e389f85 Author: Nicola Vetrini AuthorDate: Thu Apr 25 09:51:31 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:51:31 2024 +0200 x86/mm: address violations of MISRA C Rule 20.7 MISRA C Rule 20.7 states: "Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses". Therefore, some macro definitions should gain additional parentheses to ensure that all current and future users will be safe with respect to expansions that can possibly alter the semantics of the passed-in macro parameter. No functional change. Signed-off-by: Nicola Vetrini Acked-by: Jan Beulich --- xen/arch/x86/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 9141912ae5..87529db7d1 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -162,7 +162,7 @@ static uint32_t base_disallow_mask; #define L4_DISALLOW_MASK (base_disallow_mask) #define l1_disallow_mask(d) \ - ((d != dom_io) && \ + (((d) != dom_io) && \ (rangeset_is_empty((d)->iomem_caps) && \ rangeset_is_empty((d)->arch.ioport_caps) && \ !has_arch_pdevs(d) && \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:45:44 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:45:44 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713222.1114287 (Exim 4.92) (envelope-from ) id 1s0boe-00006c-6w; Sat, 27 Apr 2024 06:45:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713222.1114287; Sat, 27 Apr 2024 06:45:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0boe-00006U-4J; Sat, 27 Apr 2024 06:45:44 +0000 Received: by outflank-mailman (input) for mailman id 713222; Sat, 27 Apr 2024 06:45:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0boc-00006K-Tq for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0boc-0002fR-T5 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0boc-0007yC-SE for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Kyymvm+ElhnjWIQUQQH33Cyf6lt+Ti//p4zdV0NnBqw=; b=OXoj1j+K6j+mnQN59XkEfOPhuq dPSYURDG6nbS3QwZdeW6rVJrb6y8rmsbPKtgWwhtigyr2KrOdzPJGcH9J/uD/aNjNXzf8/tlZ07u+ mTjOQSP+FummUN9G6rMQLA9CbSxclBQfU5DQeYohrDNOzi25+OV6c3HP6oyMinNvpWwE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen-livepatch: fix parameter name parsing Message-Id: Date: Sat, 27 Apr 2024 06:45:42 +0000 commit fb2716a19190201ffb8d1b20cd9002f166000478 Author: Roger Pau Monné AuthorDate: Thu Apr 25 09:51:57 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:51:57 2024 +0200 xen-livepatch: fix parameter name parsing It's incorrect to restrict strncmp to the length of the command line input parameter, as then a user passing a rune like: % xen-livepatch up foo.livepatch Would match against the "upload" command, because the string comparison has been truncated to the length of the input argument. Use strcmp instead which doesn't truncate. Otherwise in order to keep using strncmp we would need to also check strings are of the same length before doing the comparison. Fixes: 05bb8afedede ('xen-xsplice: Tool to manipulate xsplice payloads') Signed-off-by: Roger Pau Monné Acked-by: Anthony PERARD --- tools/misc/xen-livepatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/misc/xen-livepatch.c b/tools/misc/xen-livepatch.c index 5bf9d9a32b..2c4f69e596 100644 --- a/tools/misc/xen-livepatch.c +++ b/tools/misc/xen-livepatch.c @@ -572,13 +572,13 @@ int main(int argc, char *argv[]) return 0; } for ( i = 0; i < ARRAY_SIZE(main_options); i++ ) - if (!strncmp(main_options[i].name, argv[1], strlen(argv[1]))) + if (!strcmp(main_options[i].name, argv[1])) break; if ( i == ARRAY_SIZE(main_options) ) { for ( j = 0; j < ARRAY_SIZE(action_options); j++ ) - if (!strncmp(action_options[j].name, argv[1], strlen(argv[1]))) + if (!strcmp(action_options[j].name, argv[1])) break; if ( j == ARRAY_SIZE(action_options) ) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:45:54 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:45:54 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713223.1114291 (Exim 4.92) (envelope-from ) id 1s0boo-00009V-8Z; Sat, 27 Apr 2024 06:45:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713223.1114291; Sat, 27 Apr 2024 06:45:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0boo-00009N-5m; Sat, 27 Apr 2024 06:45:54 +0000 Received: by outflank-mailman (input) for mailman id 713223; Sat, 27 Apr 2024 06:45:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bon-00009D-0n for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bon-0002gR-07 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bom-0007zZ-Va for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:45:52 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IYjOaWDchoqS5FSdT4/HY5XSzVINxDUzu5bNTDNbHz8=; b=pjJCToYIRub+DiaeOAFtY3yG6e Jv/o7GN4Fa4ay0Qpji90BtsaFBbrBFoRd862QrWF6lSq3/zJvoenLSRSUvYGhrGdpvIy+JbODxTKk kWKBm7DkDiqiqaYemEtsrXZ0+EwW+2DiIsBc6OwhhTUdeU8PzXjoDOHitz6t2crR4E+Q=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] livepatch: introduce --force option Message-Id: Date: Sat, 27 Apr 2024 06:45:52 +0000 commit 62a72092a51792ab74d64ad7454c11e0c22629a2 Author: Roger Pau Monné AuthorDate: Thu Apr 25 09:52:16 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:52:16 2024 +0200 livepatch: introduce --force option Introduce a xen-livepatch tool --force option, that's propagated into the hyerpvisor for livepatch operations. The intention is for the option to be used to bypass some checks that would otherwise prevent the patch from being loaded. Re purpose the pad field in xen_sysctl_livepatch_op to be a flags field that applies to all livepatch operations. The flag is currently only set by the hypercall wrappers for the XEN_SYSCTL_LIVEPATCH_UPLOAD operation, as that's so far the only one where it will be used initially. Other uses can be added as required. Note that helpers would set the .pad field to 0, that's been removed since the structure is already zero initialized at definition. No functional usages of the new flag introduced in this patch. Signed-off-by: Roger Pau Monné Acked-by: Jan Beulich Acked-by: Anthony PERARD --- tools/include/xenctrl.h | 3 ++- tools/libs/ctrl/xc_misc.c | 7 +++---- tools/misc/xen-livepatch.c | 21 +++++++++++++++++++-- xen/common/livepatch.c | 3 ++- xen/include/public/sysctl.h | 4 +++- 5 files changed, 29 insertions(+), 9 deletions(-) diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h index 2ef8b4e054..4996855944 100644 --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -2555,7 +2555,8 @@ int xc_psr_get_hw_info(xc_interface *xch, uint32_t socket, #endif int xc_livepatch_upload(xc_interface *xch, - char *name, unsigned char *payload, uint32_t size); + char *name, unsigned char *payload, uint32_t size, + bool force); int xc_livepatch_get(xc_interface *xch, char *name, diff --git a/tools/libs/ctrl/xc_misc.c b/tools/libs/ctrl/xc_misc.c index 5ecdfa2c79..50282fd60d 100644 --- a/tools/libs/ctrl/xc_misc.c +++ b/tools/libs/ctrl/xc_misc.c @@ -576,7 +576,8 @@ int xc_getcpuinfo(xc_interface *xch, int max_cpus, int xc_livepatch_upload(xc_interface *xch, char *name, unsigned char *payload, - uint32_t size) + uint32_t size, + bool force) { int rc; struct xen_sysctl sysctl = {}; @@ -612,7 +613,7 @@ int xc_livepatch_upload(xc_interface *xch, sysctl.cmd = XEN_SYSCTL_livepatch_op; sysctl.u.livepatch.cmd = XEN_SYSCTL_LIVEPATCH_UPLOAD; - sysctl.u.livepatch.pad = 0; + sysctl.u.livepatch.flags = force ? LIVEPATCH_FLAG_FORCE : 0; sysctl.u.livepatch.u.upload.size = size; set_xen_guest_handle(sysctl.u.livepatch.u.upload.payload, local); @@ -656,7 +657,6 @@ int xc_livepatch_get(xc_interface *xch, sysctl.cmd = XEN_SYSCTL_livepatch_op; sysctl.u.livepatch.cmd = XEN_SYSCTL_LIVEPATCH_GET; - sysctl.u.livepatch.pad = 0; sysctl.u.livepatch.u.get.status.state = 0; sysctl.u.livepatch.u.get.status.rc = 0; @@ -985,7 +985,6 @@ static int _xc_livepatch_action(xc_interface *xch, sysctl.cmd = XEN_SYSCTL_livepatch_op; sysctl.u.livepatch.cmd = XEN_SYSCTL_LIVEPATCH_ACTION; - sysctl.u.livepatch.pad = 0; sysctl.u.livepatch.u.action.cmd = action; sysctl.u.livepatch.u.action.timeout = timeout; sysctl.u.livepatch.u.action.flags = flags; diff --git a/tools/misc/xen-livepatch.c b/tools/misc/xen-livepatch.c index 2c4f69e596..c16fb6862d 100644 --- a/tools/misc/xen-livepatch.c +++ b/tools/misc/xen-livepatch.c @@ -19,11 +19,15 @@ static xc_interface *xch; +/* Global option to disable checks. */ +static bool force; + void show_help(void) { fprintf(stderr, "xen-livepatch: live patching tool\n" - "Usage: xen-livepatch [args] [command-flags]\n" + "Usage: xen-livepatch [--force] [args] [command-flags]\n" + " Use --force option to bypass some checks.\n" " An unique name of payload. Up to %d characters.\n" "Commands:\n" " help display this help\n" @@ -240,7 +244,7 @@ static int upload_func(int argc, char *argv[]) return saved_errno; } printf("Uploading %s... ", filename); - rc = xc_livepatch_upload(xch, name, fbuf, len); + rc = xc_livepatch_upload(xch, name, fbuf, len, force); if ( rc ) { rc = errno; @@ -571,6 +575,19 @@ int main(int argc, char *argv[]) show_help(); return 0; } + + if ( strcmp("--force", argv[1]) ) + { + if ( argc <= 2 ) + { + show_help(); + return EXIT_FAILURE; + } + force = true; + argv++; + argc--; + } + for ( i = 0; i < ARRAY_SIZE(main_options); i++ ) if (!strcmp(main_options[i].name, argv[1])) break; diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c index 351a3e0b9a..502e264bc6 100644 --- a/xen/common/livepatch.c +++ b/xen/common/livepatch.c @@ -2125,7 +2125,8 @@ int livepatch_op(struct xen_sysctl_livepatch_op *livepatch) { int rc; - if ( livepatch->pad ) + if ( (livepatch->flags & ~LIVEPATCH_FLAGS_MASK) && + !(livepatch->flags & LIVEPATCH_FLAG_FORCE) ) return -EINVAL; switch ( livepatch->cmd ) diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index 9b19679cae..febaa4b16a 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -1139,7 +1139,9 @@ struct xen_sysctl_livepatch_action { struct xen_sysctl_livepatch_op { uint32_t cmd; /* IN: XEN_SYSCTL_LIVEPATCH_*. */ - uint32_t pad; /* IN: Always zero. */ + uint32_t flags; /* IN, flags. */ +#define LIVEPATCH_FLAG_FORCE (1u << 0) /* Skip some checks. */ +#define LIVEPATCH_FLAGS_MASK LIVEPATCH_FLAG_FORCE union { struct xen_sysctl_livepatch_upload upload; struct xen_sysctl_livepatch_list list; -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:46:04 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:46:04 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713224.1114294 (Exim 4.92) (envelope-from ) id 1s0boy-0000Ce-9y; Sat, 27 Apr 2024 06:46:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713224.1114294; Sat, 27 Apr 2024 06:46:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0boy-0000CX-7K; Sat, 27 Apr 2024 06:46:04 +0000 Received: by outflank-mailman (input) for mailman id 713224; Sat, 27 Apr 2024 06:46:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0box-0000CM-3t for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0box-0002gv-37 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0box-00081H-2L for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=KO0/yPqoZfBscrLUiAJlbfIKJ92c+Dh6SdVQXyGQDX4=; b=Mrrbp5AoB5tRzionbx46EXcO7n 7b5zsSVy6fJuiZDc98rpXHz/l9LClfJqoYv+hdLxUAaepTMHgrwt1uc6WEc4lza5tpPE9+MdxdEdJ hcxLWGqy4vj5eXH/kAYHAX7LdwuAh42uM+28YVWuBj3gJ4iLtKdCFvpvOmBSogy9lI60=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/pci: add suffix 'U' to PCI_CONF_ADDRESS macro Message-Id: Date: Sat, 27 Apr 2024 06:46:03 +0000 commit ea3272f8457b46a3932a84253078524131e2c3ab Author: Alessandro Zucchelli AuthorDate: Thu Apr 25 09:52:51 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:52:51 2024 +0200 x86/pci: add suffix 'U' to PCI_CONF_ADDRESS macro This addresses violations of MISRA C:2012 Rule 7.2 which states as following: A “u” or “U” suffix shall be applied to all integer constants that are represented in an unsigned type. No functional change. Signed-off-by: Alessandro Zucchelli Acked-by: Jan Beulich --- xen/arch/x86/x86_64/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_64/pci.c b/xen/arch/x86/x86_64/pci.c index aad1c3f7cf..8d33429103 100644 --- a/xen/arch/x86/x86_64/pci.c +++ b/xen/arch/x86/x86_64/pci.c @@ -9,7 +9,7 @@ #include #define PCI_CONF_ADDRESS(sbdf, reg) \ - (0x80000000 | ((sbdf).bdf << 8) | ((reg) & ~3)) + (0x80000000U | ((sbdf).bdf << 8) | ((reg) & ~3)) uint8_t pci_conf_read8(pci_sbdf_t sbdf, unsigned int reg) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:46:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:46:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713228.1114309 (Exim 4.92) (envelope-from ) id 1s0bp8-0000WP-Nh; Sat, 27 Apr 2024 06:46:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713228.1114309; Sat, 27 Apr 2024 06:46:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bp8-0000WC-KU; Sat, 27 Apr 2024 06:46:14 +0000 Received: by outflank-mailman (input) for mailman id 713228; Sat, 27 Apr 2024 06:46:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bp7-0000Vb-6m for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bp7-0002hF-68 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bp7-00082Y-5P for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zP+DQHVovkmJRSpQsw51PLH2Pu80SPW/9cMUclXPMl0=; b=NahRyDV27uj0vwm2Fvf5CPrfur 19kmwQQNuDlTsDxPPM4HMD6cq/LrVtkY0YYVFvEaBzJbuGyGAp+QOJpt+wu7s0e/2l5tw6tX2eKlL taHERHRWJ/JFzpcDyRQ0YlV0OVDx66zzrKhw89sOdYN4kzsG/KCDnpIdc8OAlrZSfPiY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/msr: add suffix 'U' to MSR_AMD_CSTATE_CFG macro Message-Id: Date: Sat, 27 Apr 2024 06:46:13 +0000 commit 8c01d0e3361d827b552a8f5323c18a4d4f07e06a Author: Alessandro Zucchelli AuthorDate: Thu Apr 25 09:53:24 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:53:24 2024 +0200 x86/msr: add suffix 'U' to MSR_AMD_CSTATE_CFG macro This addresses violations of MISRA C:2012 Rule 7.2 which states as following: A “u” or “U” suffix shall be applied to all integer constants that are represented in an unsigned type. No functional change. Fixes: 652683e1aeaa ("x86/hvm: address violations of MISRA C:2012 Rule 7.2") Signed-off-by: Alessandro Zucchelli Acked-by: Jan Beulich --- xen/arch/x86/include/asm/msr-index.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h index 92dd9fa496..9cdb5b2625 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -236,7 +236,7 @@ #define MSR_VIRT_SPEC_CTRL _AC(0xc001011f, U) /* Layout matches MSR_SPEC_CTRL */ -#define MSR_AMD_CSTATE_CFG 0xc0010296 +#define MSR_AMD_CSTATE_CFG 0xc0010296U /* * Legacy MSR constants in need of cleanup. No new MSRs below this comment. -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:46:24 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:46:24 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713229.1114312 (Exim 4.92) (envelope-from ) id 1s0bpI-0000cV-Oi; Sat, 27 Apr 2024 06:46:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713229.1114312; Sat, 27 Apr 2024 06:46:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpI-0000cN-Lu; Sat, 27 Apr 2024 06:46:24 +0000 Received: by outflank-mailman (input) for mailman id 713229; Sat, 27 Apr 2024 06:46:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpH-0000by-9q for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpH-0002hR-99 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bpH-0008CE-8E for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZQDn6/A/nCdb0UzUinq0VoYkRVTMFCwtL+mR46bCmYU=; b=s/OEVPEURBMBPqcPxrpCpAAgYF 0mBvLdPuVzGQjogg2C7ie089tR4jO7CvdjEDpN6yTTo9N2e4A9AmepU9n/0F21BiVvlaSGMIeB7Ql CQG9JI/3EeNo2eBbB/EbRjFb04PrSrV/kMkZmS5H2os8cCPWJC5a89Dtur+RDlVDQ5pE=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/paging: vCPU host mode is always set Message-Id: Date: Sat, 27 Apr 2024 06:46:23 +0000 commit 9a73b4e21007cb51057bde55d05a7804a5769113 Author: Jan Beulich AuthorDate: Thu Apr 25 09:53:55 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:53:55 2024 +0200 x86/paging: vCPU host mode is always set ... thanks to paging_vcpu_init() being part of vCPU creation. Further if paging is enabled on a domain, it's also guaranteed to be either HAP or shadow. Drop respective unnecessary (parts of) conditionals. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/mm/paging.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c index 2961ca734d..bca320fffa 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c @@ -937,19 +937,12 @@ void paging_dump_vcpu_info(struct vcpu *v) { printk(" paging assistance: "); if ( paging_mode_shadow(v->domain) ) - { - if ( paging_get_hostmode(v) ) - printk("shadowed %u-on-%u\n", - paging_get_hostmode(v)->guest_levels, - paging_get_hostmode(v)->shadow.shadow_levels); - else - printk("not shadowed\n"); - } - else if ( paging_mode_hap(v->domain) && paging_get_hostmode(v) ) + printk("shadowed %u-on-%u\n", + paging_get_hostmode(v)->guest_levels, + paging_get_hostmode(v)->shadow.shadow_levels); + else printk("hap, %u levels\n", paging_get_hostmode(v)->guest_levels); - else - printk("none\n"); } } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:46:34 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:46:34 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713230.1114317 (Exim 4.92) (envelope-from ) id 1s0bpR-0000jC-QB; Sat, 27 Apr 2024 06:46:33 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713230.1114317; Sat, 27 Apr 2024 06:46:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpR-0000j4-NO; Sat, 27 Apr 2024 06:46:33 +0000 Received: by outflank-mailman (input) for mailman id 713230; Sat, 27 Apr 2024 06:46:33 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpR-0000iy-D3 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpR-0002hd-CK for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bpR-0008Dh-Bb for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0CC2Jbma1Dp33pPaoGXPJNl/MtsjNPDNWg9iXaJ5a4o=; b=LIdKVMM1B9PtY49yhQeP6HuJS/ 0W6i7/GpijgClpPrY7f2xmVcz+Mbevp+JeYfukDxuTxqEBN5Yh4L+nt/Y0i1X6xy+B1gQ4nu+BmtU G0epQagWuxXCoHispYHlhvMoa5F42i73KxwvHb5nt3e8qCXeCtISufYVvo6CfK2EG2dQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/shadow: correct shadow_vcpu_init()'s comment Message-Id: Date: Sat, 27 Apr 2024 06:46:33 +0000 commit bd5213384bb8f6a8805a67220acbf1b668305a0b Author: Jan Beulich AuthorDate: Thu Apr 25 09:54:28 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:54:28 2024 +0200 x86/shadow: correct shadow_vcpu_init()'s comment As of the commit referenced below the update_paging_modes() hook is per- domain and hence also set (already) during domain construction. Fixes: d0816a9085b5 ("x86/paging: move update_paging_modes() hook") Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/mm/shadow/common.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 8aa7b698f8..f93f0a4987 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -99,11 +99,12 @@ int shadow_domain_init(struct domain *d) return 0; } -/* Setup the shadow-specfic parts of a vcpu struct. Note: The most important - * job is to initialize the update_paging_modes() function pointer, which is - * used to initialized the rest of resources. Therefore, it really does not - * matter to have v->arch.paging.mode pointing to any mode, as long as it can - * be compiled. +/* + * Setup the shadow-specific parts of a vcpu struct. Note: The + * update_paging_modes() function pointer, which is used to initialize other + * resources, was already set during domain creation. Therefore it really does + * not matter to have v->arch.paging.mode pointing to any (legitimate) mode, + * as long as it can be compiled. */ void shadow_vcpu_init(struct vcpu *v) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:46:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:46:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713231.1114321 (Exim 4.92) (envelope-from ) id 1s0bpb-0000mn-S9; Sat, 27 Apr 2024 06:46:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713231.1114321; Sat, 27 Apr 2024 06:46:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpb-0000mf-PG; Sat, 27 Apr 2024 06:46:43 +0000 Received: by outflank-mailman (input) for mailman id 713231; Sat, 27 Apr 2024 06:46:43 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpb-0000mV-G0 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:43 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpb-0002i0-FC for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:43 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bpb-0008Es-EU for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:43 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Uj5ng/t54aErayaxHHWu4d3ocj3GSJTtTlklyaRbu3Q=; b=J9xQ2OmysBMPetA9wrQDvSZD3C zRIAWqxQGx4/Ud762ot5Avjd20JnKOGtntU16eJaZ9RqHk1tTmboWCPiuj9Sk4JPgTkVyW1AN8EGJ vghFnQgtfcmS1AiXXhcnOFxfMod6g6/PiFgZPbfmAEHGEP8BaZhP9IFw1Oxc9+iQTuJQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/hap: Refactor boolean field assignments Message-Id: Date: Sat, 27 Apr 2024 06:46:43 +0000 commit 524eee7ce019da69df356a7bdd2174b94a6787b1 Author: Petr Beneš AuthorDate: Thu Apr 25 09:55:00 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 09:55:00 2024 +0200 x86/hap: Refactor boolean field assignments No functional change. Signed-off-by: Petr Beneš Acked-by: Jan Beulich --- xen/arch/x86/mm/hap/hap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c index 9f964c1d87..d2011fde24 100644 --- a/xen/arch/x86/mm/hap/hap.c +++ b/xen/arch/x86/mm/hap/hap.c @@ -522,7 +522,7 @@ int hap_enable(struct domain *d, u32 mode) goto out; } - d->arch.altp2m_active = 0; + d->arch.altp2m_active = false; } /* Now let other users see the new mode */ @@ -585,7 +585,7 @@ void hap_teardown(struct domain *d, bool *preempted) for_each_vcpu ( d, v ) altp2m_vcpu_disable_ve(v); - d->arch.altp2m_active = 0; + d->arch.altp2m_active = false; FREE_XENHEAP_PAGE(d->arch.altp2m_eptp); FREE_XENHEAP_PAGE(d->arch.altp2m_visible_eptp); -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:46:53 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:46:53 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713233.1114325 (Exim 4.92) (envelope-from ) id 1s0bpl-0000tJ-Tn; Sat, 27 Apr 2024 06:46:53 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713233.1114325; Sat, 27 Apr 2024 06:46:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpl-0000tB-Qg; Sat, 27 Apr 2024 06:46:53 +0000 Received: by outflank-mailman (input) for mailman id 713233; Sat, 27 Apr 2024 06:46:53 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpl-0000t3-Iy for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:53 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpl-0002i9-II for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:53 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bpl-0008Fy-HF for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:46:53 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Qpba+vXm2ZfOUh1u5Z+tPuIycmddK2cb8DTdiKNs4Cg=; b=vp53MhWUNkpOWT9dhqVLSZV6jP 3OyjBa42LzxFDMsVIi6e8DRNzvGt6rifodgl3BRNxUAo8Zw+7fHlSol9pspj7XDiaKMH+Rz891KW9 S/65jqedpkA9beVFkN9jUltymhHrI9rXPnL3Xzqf8lJjKfzglDEk2L6FPWMiHRkHM7Wk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] tools/ocaml: Fix warnings in config.ml Message-Id: Date: Sat, 27 Apr 2024 06:46:53 +0000 commit 6d5111b10e084d841284a56e962c61ad274f589e Author: Edwin Török AuthorDate: Wed Mar 27 16:30:21 2024 +0000 Commit: Andrew Cooper CommitDate: Thu Apr 25 13:25:26 2024 +0100 tools/ocaml: Fix warnings in config.ml Fixes warnings such as: File "config.ml", line 102, characters 12-27: 102 | | Failure "int_of_string" -> append (k, "expect int arg") ^^^^^^^^^^^^^^^ Warning 52: Code should not depend on the actual values of this constructor's arguments. They are only for information and may change in future versions. (See manual section 9.5) Do not rely on the string values of the `Failure` exception, but use the `_opt` functions instead. Signed-off-by: Edwin Török Acked-by: Christian Lindig Tested-by: Andrew Cooper --- tools/ocaml/xenstored/config.ml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/tools/ocaml/xenstored/config.ml b/tools/ocaml/xenstored/config.ml index 95ef745a54..e0df236f73 100644 --- a/tools/ocaml/xenstored/config.ml +++ b/tools/ocaml/xenstored/config.ml @@ -83,25 +83,27 @@ let validate cf expected other = let err = ref [] in let append x = err := x :: !err in List.iter (fun (k, v) -> + let parse ~err_msg parser v f = + match parser v with + | None -> append (k, err_msg) + | Some r -> f r + in try if not (List.mem_assoc k expected) then other k v else let ty = List.assoc k expected in match ty with | Unit f -> f () - | Bool f -> f (bool_of_string v) + | Bool f -> parse ~err_msg:"expect bool arg" bool_of_string_opt v f | String f -> f v - | Int f -> f (int_of_string v) - | Float f -> f (float_of_string v) - | Set_bool r -> r := (bool_of_string v) + | Int f -> parse ~err_msg:"expect int arg" int_of_string_opt v f + | Float f -> parse ~err_msg:"expect float arg" float_of_string_opt v f + | Set_bool r -> parse ~err_msg:"expect bool arg" bool_of_string_opt v (fun x -> r := x) | Set_string r -> r := v - | Set_int r -> r := int_of_string v - | Set_float r -> r := (float_of_string v) + | Set_int r -> parse ~err_msg:"expect int arg" int_of_string_opt v (fun x -> r:= x) + | Set_float r -> parse ~err_msg:"expect float arg" float_of_string_opt v (fun x -> r := x) with | Not_found -> append (k, "unknown key") - | Failure "int_of_string" -> append (k, "expect int arg") - | Failure "bool_of_string" -> append (k, "expect bool arg") - | Failure "float_of_string" -> append (k, "expect float arg") | exn -> append (k, Printexc.to_string exn) ) cf; if !err != [] then raise (Error !err) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:47:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:47:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713234.1114328 (Exim 4.92) (envelope-from ) id 1s0bpw-0000wl-VG; Sat, 27 Apr 2024 06:47:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713234.1114328; Sat, 27 Apr 2024 06:47:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpw-0000wd-Sh; Sat, 27 Apr 2024 06:47:04 +0000 Received: by outflank-mailman (input) for mailman id 713234; Sat, 27 Apr 2024 06:47:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpv-0000wR-M6 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bpv-0002iX-LK for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bpv-0008PK-Kd for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Tw4quq5qkaWH6jSY3zRJKLOFQMj1M++EsMoH5YyQd1I=; b=HElK/9xPzVXdAdaCsHT1TjtzA9 A3VWwrvL4DwSno+0D5mW8ax7YhFQJf/tzirxDKBPH3Wy2LZtB0mu+njZaZzKeH6IuHn/B9kq3BE0f /PAbh/ZAv5F9Q5l+ZX5iLys7Z4tYAWE0bI9RhLWHg9McIL889RPI57encmav+uydyRLg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec: fix reporting of BHB clearing usage from guest entry points Message-Id: Date: Sat, 27 Apr 2024 06:47:03 +0000 commit 049ab0b2c9f1f5edb54b505fef0bc575787dafe9 Author: Roger Pau Monné AuthorDate: Thu Apr 25 16:35:56 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 16:35:56 2024 +0200 x86/spec: fix reporting of BHB clearing usage from guest entry points Reporting whether the BHB clearing on entry is done for the different domains types based on cpu_has_bhb_seq is unhelpful, as that variable signals whether there's a BHB clearing sequence selected, but that alone doesn't imply that such sequence is used from the PV and/or HVM entry points. Instead use opt_bhb_entry_{pv,hvm} which do signal whether BHB clearing is performed on entry from PV/HVM. Fixes: 689ad48ce9cf ('x86/spec-ctrl: Wire up the Native-BHI software sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/spec_ctrl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index dd01e30844..1e831c1c10 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -634,7 +634,7 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - cpu_has_bhb_seq || amd_virt_spec_ctrl || + opt_bhb_entry_hvm || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -643,7 +643,7 @@ static void __init print_details(enum ind_thunk thunk) opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_hvm ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV @@ -651,14 +651,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - cpu_has_bhb_seq || + opt_bhb_entry_pv || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_pv ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:47:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:47:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713235.1114333 (Exim 4.92) (envelope-from ) id 1s0bq7-00010k-1C; Sat, 27 Apr 2024 06:47:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713235.1114333; Sat, 27 Apr 2024 06:47:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bq6-00010c-UA; Sat, 27 Apr 2024 06:47:14 +0000 Received: by outflank-mailman (input) for mailman id 713235; Sat, 27 Apr 2024 06:47:13 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bq5-00010W-PC for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:13 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bq5-0002ir-OS for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:13 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bq5-0008QH-Nc for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=JdDflSQjso5r/rfzZW3G+NAVWnQj8xPyMVvckFeNZ5c=; b=Iy1MtNyVzpFL2++BjiLyk62iKJ tOaYofqC3CPmMsinWnqhvTHA+nYXnVX3Xr3LUZrZnWLK7AYVHYAFhiPsSfrPWGkynqYILv65v1xmu RSzRmBsRokPIoMv4ZKilcJrRjZArSlte4bl1qXMF004O0IPJ6+HEVFl1U4o+yQJiEpAI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/spec: adjust logic that elides lfence Message-Id: Date: Sat, 27 Apr 2024 06:47:13 +0000 commit 656ae8f1091bcefec9c46ec3ea3ac2118742d4f6 Author: Roger Pau Monné AuthorDate: Thu Apr 25 16:37:01 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 16:37:01 2024 +0200 x86/spec: adjust logic that elides lfence It's currently too restrictive by just checking whether there's a BHB clearing sequence selected. It should instead check whether BHB clearing is used on entry from PV or HVM specifically. Switch to use opt_bhb_entry_{pv,hvm} instead, and then remove cpu_has_bhb_seq since it no longer has any users. Reported-by: Jan Beulich Fixes: 954c983abcee ('x86/spec-ctrl: Software BHB-clearing sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper --- xen/arch/x86/include/asm/cpufeature.h | 3 --- xen/arch/x86/spec_ctrl.c | 6 +++--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 743f11f989..9bc553681f 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -235,9 +235,6 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) -#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ - boot_cpu_has(X86_SPEC_BHB_LOOPS)) - enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 1e831c1c10..40f6ae0170 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2328,7 +2328,7 @@ void __init init_speculation_mitigations(void) * unconditional WRMSR. If we do have it, or we're not using any * prior conditional block, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); @@ -2344,7 +2344,7 @@ void __init init_speculation_mitigations(void) * active in the block that is skipped when interrupting guest * context, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) @@ -2356,7 +2356,7 @@ void __init init_speculation_mitigations(void) * A BHB sequence, if used, is the only conditional action, so if we * don't have it, we don't need the safety LFENCE. */ - if ( !cpu_has_bhb_seq ) + if ( !opt_bhb_entry_hvm ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:47:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:47:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713236.1114337 (Exim 4.92) (envelope-from ) id 1s0bqH-00014N-45; Sat, 27 Apr 2024 06:47:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713236.1114337; Sat, 27 Apr 2024 06:47:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqH-00014G-1N; Sat, 27 Apr 2024 06:47:25 +0000 Received: by outflank-mailman (input) for mailman id 713236; Sat, 27 Apr 2024 06:47:23 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqF-000148-Ru for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:23 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqF-0002j5-RD for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:23 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bqF-0008Qo-QV for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:23 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OJCb4eVZkDmIM1xO7sGVc1jp6xsjAfG8vMUcK0BpLXw=; b=MqJ1/PEk7RMlHLCW5J2Y17ETu8 /kkQN7R+9Xzhyn5yAZpQSCRr/GvWXhyldcKJDDV5BLIC054wRuwZ0ZI/N11zfWJWO0G+ooyslQggN AbCoFarR11I8BFAm+vEqJQ3TXRwkW5DvVoLcTrF7PRlFN6ydWVYasuOeUsBxr6fdDbHw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] MAINTAINERS: Update my email address Message-Id: Date: Sat, 27 Apr 2024 06:47:23 +0000 commit 7ea3a3e44feb81e47770d1f8d3c43e0bd93871cb Author: Anthony PERARD AuthorDate: Thu Apr 25 16:37:34 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 16:37:34 2024 +0200 MAINTAINERS: Update my email address Signed-off-by: Anthony PERARD Acked-by: Jan Beulich --- MAINTAINERS | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index d1850c134d..6ba7d2765f 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -208,7 +208,7 @@ Maintainers List (try to look for most precise areas first) 9PFSD M: Juergen Gross -M: Anthony PERARD +M: Anthony PERARD S: Supported F: tools/9pfsd/ @@ -381,7 +381,7 @@ F: xen/arch/x86/machine_kexec.c F: xen/arch/x86/x86_64/kexec_reloc.S LIBS -M: Anthony PERARD +M: Anthony PERARD R: Juergen Gross S: Supported F: tools/include/libxenvchan.h @@ -427,7 +427,7 @@ S: Supported F: tools/ocaml/ OVMF UPSTREAM -M: Anthony PERARD +M: Anthony PERARD S: Supported T: git https://xenbits.xenproject.org/git-http/ovmf.git @@ -460,7 +460,7 @@ T: git https://xenbits.xenproject.org/git-http/qemu-xen-traditional.git QEMU UPSTREAM M: Stefano Stabellini -M: Anthony Perard +M: Anthony Perard S: Supported T: git https://xenbits.xenproject.org/git-http/qemu-xen.git @@ -512,7 +512,7 @@ F: xen/arch/arm/include/asm/tee F: xen/arch/arm/tee/ TOOLSTACK -M: Anthony PERARD +M: Anthony PERARD S: Supported F: autogen.sh F: config/*.in -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:47:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:47:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713237.1114341 (Exim 4.92) (envelope-from ) id 1s0bqR-00017n-5o; Sat, 27 Apr 2024 06:47:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713237.1114341; Sat, 27 Apr 2024 06:47:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqR-00017e-2v; Sat, 27 Apr 2024 06:47:35 +0000 Received: by outflank-mailman (input) for mailman id 713237; Sat, 27 Apr 2024 06:47:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqP-00017Q-V1 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:33 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqP-0002jY-UI for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:33 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bqP-0008RZ-TW for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:33 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=3oskW7/eWs06v87ZsAVKFQKVbZxFO/6j4cL7VUpImZ0=; b=u7dfcilMc9m3u+kukOZk45WEs8 BnXzdwl3OGOOhfJGTvMNcA8m2dIgYCmGVujNwKuH8EPolWNFRk6SUEHtYvb7S28lMcVxlNdknyP1V Kge2fNdGSVuWaDMhJNF30MVy9ZiuhlwnmNK2/cYiU02nrjTaFgCfXS6XM6sesT9w/cCs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] VMX: no open-coding in vmx_get_cpl() Message-Id: Date: Sat, 27 Apr 2024 06:47:33 +0000 commit 23cd1207e7f6ee3e51fb42e11dba8d7cdb28e1e5 Author: Jan Beulich AuthorDate: Thu Apr 25 16:38:01 2024 +0200 Commit: Jan Beulich CommitDate: Thu Apr 25 16:38:01 2024 +0200 VMX: no open-coding in vmx_get_cpl() Neither X86_SEG_AR_DPL nor MASK_EXTR() should really be avoided here, using literal number instead. No difference in generated code (with gcc13 at least). Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/hvm/vmx/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 0935762378..5f67a48592 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -1192,7 +1192,7 @@ unsigned int vmx_get_cpl(void) __vmread(GUEST_SS_AR_BYTES, &attr); - return (attr >> 5) & 3; + return MASK_EXTR(attr, X86_SEG_AR_DPL); } static unsigned int cf_check _vmx_get_cpl(struct vcpu *v) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:47:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:47:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713238.1114344 (Exim 4.92) (envelope-from ) id 1s0bqb-0001At-7W; Sat, 27 Apr 2024 06:47:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713238.1114344; Sat, 27 Apr 2024 06:47:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqb-0001Aj-4i; Sat, 27 Apr 2024 06:47:45 +0000 Received: by outflank-mailman (input) for mailman id 713238; Sat, 27 Apr 2024 06:47:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqa-0001AT-1l for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqa-0002jo-12 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bqa-0008S7-0N for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ay0Jg30xkopW2OzSZad06/RugoprOoMw57k8raYjMsE=; b=TlidizjkvwOZZ6Gc2bBYF89k2x LP6JxT81NasaniYEPTxL+2S9II/y1fZFUw55aJUIuUwPw8DXPnOSOzp8apUQakY37iNUDgVYdwaAr 9Ozb20cnlEO5VJuGhC80Wc5n1PxDPk9Vtoe0gKU89GgpTUOJoaVpu1vfYz1t0YlrbSs0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] automation/eclair: reorganize pipelines Message-Id: Date: Sat, 27 Apr 2024 06:47:44 +0000 commit 4edbbcd0c0ce7981b9f78a0ddf91cdccd6a81172 Author: Simone Ballarin AuthorDate: Tue Apr 23 17:14:33 2024 +0200 Commit: Stefano Stabellini CommitDate: Thu Apr 25 13:01:30 2024 -0700 automation/eclair: reorganize pipelines Introduce accepted_guidelines.sh: a script to autogenerate the configuration file accepted.ecl from docs/misra/rules.rst which enables all accepted guidelines. Introduce monitored.ecl: a manual selection of accepted guidelines which are clean or almost clean, it is intended to be used for the analyses triggered by commits. Reorganize tagging.ecl: -Remove "accepted" tags: keeping track of accepted guidelines tagging them as "accepted" in the configuration file tagging.ecl is no longer needed since docs/rules.rst is keeping track of them. -Tag more guidelines as clean. Reorganize eclair pipelines: - Set1, Set2, Set3 are now obsolete: remove the corresponding pipelines and ecl files. - Amend scheduled eclair pipeline to use accepted.ecl. - Amend triggered eclair pipeline to use monitored.ecl. Rename and improve action_check_clean_regressions.sh to print a diagnostic in case a commit introduces a violation of a clean guideline. An example of diagnostic is the following: Failure: 13 regressions found for clean guidelines service MC3R1.R8.2: (required) Function types shall be in prototype form with named parameters: violation: 13 Signed-off-by: Simone Ballarin Signed-off-by: Federico Serafini Signed-off-by: Alessandro Zucchelli Reviewed-by: Stefano Stabellini --- automation/eclair_analysis/ECLAIR/Set1.ecl | 59 ---------------- automation/eclair_analysis/ECLAIR/Set2.ecl | 25 ------- automation/eclair_analysis/ECLAIR/Set3.ecl | 67 ------------------ .../eclair_analysis/ECLAIR/accepted_guidelines.sh | 13 ++++ automation/eclair_analysis/ECLAIR/action.helpers | 3 +- automation/eclair_analysis/ECLAIR/action.settings | 1 + .../ECLAIR/action_check_clean_regressions.sh | 38 ++++++++++ .../eclair_analysis/ECLAIR/action_clean_added.sh | 36 ---------- automation/eclair_analysis/ECLAIR/analyze.sh | 2 +- automation/eclair_analysis/ECLAIR/generate_ecl.sh | 4 ++ automation/eclair_analysis/ECLAIR/monitored.ecl | 80 ++++++++++++++++++++++ automation/eclair_analysis/ECLAIR/tagging.ecl | 15 +--- automation/gitlab-ci/analyze.yaml | 48 ++----------- automation/scripts/eclair | 8 +-- 14 files changed, 149 insertions(+), 250 deletions(-) diff --git a/automation/eclair_analysis/ECLAIR/Set1.ecl b/automation/eclair_analysis/ECLAIR/Set1.ecl deleted file mode 100644 index 86b8e7e772..0000000000 --- a/automation/eclair_analysis/ECLAIR/Set1.ecl +++ /dev/null @@ -1,59 +0,0 @@ --doc_begin="Set 1 of Xen MISRA C guidelines" --enable=MC3R1.R9.1 --enable=MC3R1.R12.5 --enable=MC3R1.R17.3 --enable=MC3R1.R17.4 --enable=MC3R1.R17.6 --enable=MC3R1.R19.1 --enable=MC3R1.R21.13 --enable=MC3R1.R21.17 --enable=MC3R1.R21.18 --enable=MC3R1.R21.19 --enable=MC3R1.R21.20 --enable=MC3R1.R21.21 --enable=MC3R1.R22.2 --enable=MC3R1.R22.4 --enable=MC3R1.R22.5 --enable=MC3R1.R22.6 --enable=MC3R1.D1.1 --enable=MC3R1.D2.1 --enable=MC3R1.D4.1 --enable=MC3R1.D4.3 --enable=MC3R1.D4.7 --enable=MC3R1.D4.10 --enable=MC3R1.D4.11 --enable=MC3R1.D4.14 --enable=MC3R1.R1.1 --enable=MC3R1.R1.3 --enable=MC3R1.R1.4 --enable=MC3R1.R2.1 --enable=MC3R1.R2.2 --enable=MC3R1.R3.1 --enable=MC3R1.R3.2 --enable=MC3R1.R4.1 --enable=MC3R1.R5.1 --enable=MC3R1.R5.2 --enable=MC3R1.R5.3 --enable=MC3R1.R5.4 --enable=MC3R1.R5.6 --enable=MC3R1.R6.1 --enable=MC3R1.R6.2 --enable=MC3R1.R7.1 --enable=MC3R1.R7.2 --enable=MC3R1.R7.3 --enable=MC3R1.R7.4 --enable=MC3R1.R8.1 --enable=MC3R1.R8.2 --enable=MC3R1.R8.3 --enable=MC3R1.R8.4 --enable=MC3R1.R8.5 --enable=MC3R1.R8.6 --enable=MC3R1.R8.8 --enable=MC3R1.R8.10 --enable=MC3R1.R8.12 --enable=MC3R1.R8.14 --enable=MC3R1.R9.2 --enable=MC3R1.R9.3 --enable=MC3R1.R9.4 --enable=MC3R1.R9.5 --doc_end diff --git a/automation/eclair_analysis/ECLAIR/Set2.ecl b/automation/eclair_analysis/ECLAIR/Set2.ecl deleted file mode 100644 index 7608335cf4..0000000000 --- a/automation/eclair_analysis/ECLAIR/Set2.ecl +++ /dev/null @@ -1,25 +0,0 @@ --doc_begin="Set 2 of Xen MISRA C guidelines" --enable=MC3R1.R10.1 --enable=MC3R1.R10.2 --enable=MC3R1.R10.3 --enable=MC3R1.R10.4 --enable=MC3R1.R10.6 --enable=MC3R1.R10.7 --enable=MC3R1.R10.8 --enable=MC3R1.R11.1 --enable=MC3R1.R11.2 --enable=MC3R1.R11.3 --enable=MC3R1.R11.6 --enable=MC3R1.R11.7 --enable=MC3R1.R11.8 --enable=MC3R1.R11.9 --enable=MC3R1.R12.2 --enable=MC3R1.R13.1 --enable=MC3R1.R13.2 --enable=MC3R1.R13.5 --enable=MC3R1.R13.6 --enable=MC3R1.R14.1 --enable=MC3R1.R14.2 --enable=MC3R1.R14.3 --enable=MC3R1.R14.4 --doc_end diff --git a/automation/eclair_analysis/ECLAIR/Set3.ecl b/automation/eclair_analysis/ECLAIR/Set3.ecl deleted file mode 100644 index d2c2c4b21f..0000000000 --- a/automation/eclair_analysis/ECLAIR/Set3.ecl +++ /dev/null @@ -1,67 +0,0 @@ --doc_begin="Set 3 of Xen MISRA C guidelines" --enable=MC3R1.D4.12 --enable=MC3R1.R5.5 --enable=MC3R1.R5.7 --enable=MC3R1.R5.8 --enable=MC3R1.R15.2 --enable=MC3R1.R15.3 --enable=MC3R1.R15.6 --enable=MC3R1.R15.7 --enable=MC3R1.R16.1 --enable=MC3R1.R16.2 --enable=MC3R1.R16.3 --enable=MC3R1.R16.4 --enable=MC3R1.R16.5 --enable=MC3R1.R16.6 --enable=MC3R1.R16.7 --enable=MC3R1.R17.1 --enable=MC3R1.R17.2 --enable=MC3R1.R17.5 --enable=MC3R1.R17.7 --enable=MC3R1.R18.1 --enable=MC3R1.R18.2 --enable=MC3R1.R18.3 --enable=MC3R1.R18.6 --enable=MC3R1.R18.7 --enable=MC3R1.R18.8 --enable=MC3R1.R20.2 --enable=MC3R1.R20.3 --enable=MC3R1.R20.4 --enable=MC3R1.R20.6 --enable=MC3R1.R20.7 --enable=MC3R1.R20.8 --enable=MC3R1.R20.9 --enable=MC3R1.R20.11 --enable=MC3R1.R20.12 --enable=MC3R1.R20.13 --enable=MC3R1.R20.14 --enable=MC3R1.R21.1 --enable=MC3R1.R21.2 --enable=MC3R1.R21.3 --enable=MC3R1.R21.4 --enable=MC3R1.R21.5 --enable=MC3R1.R21.6 --enable=MC3R1.R21.7 --enable=MC3R1.R21.8 --enable=MC3R1.R21.9 --enable=MC3R1.R21.10 --enable=MC3R1.R21.12 --enable=MC3R1.R21.14 --enable=MC3R1.R21.15 --enable=MC3R1.R21.16 --enable=MC3R1.R22.1 --enable=MC3R1.R22.3 --enable=MC3R1.R22.7 --enable=MC3R1.R22.8 --enable=MC3R1.R22.9 --enable=MC3R1.R22.10 --enable=MC3R1.R2.6 --enable=MC3R1.R4.2 --doc_end - --doc_begin="Guidelines added with Xen MISRA C Task (a): Xen Coding Guidelines v1.1, June 1, 2023" --enable=MC3R1.R21.11 --enable=MC3R1.D4.4 --enable=MC3R1.R8.9 --enable=MC3R1.R12.4 --doc_end diff --git a/automation/eclair_analysis/ECLAIR/accepted_guidelines.sh b/automation/eclair_analysis/ECLAIR/accepted_guidelines.sh new file mode 100755 index 0000000000..b308bd4cda --- /dev/null +++ b/automation/eclair_analysis/ECLAIR/accepted_guidelines.sh @@ -0,0 +1,13 @@ +#!/bin/bash +# Stop immediately if any executed command has exit status different from 0. +set -eu + +script_dir="$( + cd "$(dirname "$0")" + echo "${PWD}" +)" + +accepted_rst=$1 + +grep -Eo "\`(Dir|Rule) [0-9]+\.[0-9]+" ${accepted_rst} \ + | sed -e 's/`Rule /MC3R1.R/' -e 's/`Dir /MC3R1.D/' -e 's/.*/-enable=&/' > ${script_dir}/accepted.ecl diff --git a/automation/eclair_analysis/ECLAIR/action.helpers b/automation/eclair_analysis/ECLAIR/action.helpers index df9bf2bd11..9d4ae1f979 100644 --- a/automation/eclair_analysis/ECLAIR/action.helpers +++ b/automation/eclair_analysis/ECLAIR/action.helpers @@ -127,7 +127,7 @@ EOF fi case ${ci} in github) - cat "${summaryTxt}" >"${GITHUB_STEP_SUMMARY}" + cat "${summaryTxt}" "${cleanRegressionsLog}" >"${GITHUB_STEP_SUMMARY}" ;; gitlab) open_section ECLAIR_summary "ECLAIR analysis summary" "" @@ -140,6 +140,7 @@ ${analysisSummaryMsgLog} ${currentReportsMsgLog} ${referenceReportsMsgLog} EOF + cat ${cleanRegressionsLog} close_section ECLAIR_summary ;; jenkins) diff --git a/automation/eclair_analysis/ECLAIR/action.settings b/automation/eclair_analysis/ECLAIR/action.settings index 3cba1a3afb..1577368b61 100644 --- a/automation/eclair_analysis/ECLAIR/action.settings +++ b/automation/eclair_analysis/ECLAIR/action.settings @@ -175,6 +175,7 @@ eclairReportUrlPrefix=https://saas.eclairit.com:3787 jobDir="${artifactsDir}/${subDir}/${jobId}" updateLog="${analysisOutputDir}/update.log" +cleanRegressionsLog="${analysisOutputDir}/clean_regressions.log" commentLog="${analysisOutputDir}/comment.json" indexHtmlUrl="${eclairReportUrlPrefix}/fs${jobDir}/index.html" summaryTxt="${analysisOutputDir}/summary.txt" diff --git a/automation/eclair_analysis/ECLAIR/action_check_clean_regressions.sh b/automation/eclair_analysis/ECLAIR/action_check_clean_regressions.sh new file mode 100755 index 0000000000..31b90e5241 --- /dev/null +++ b/automation/eclair_analysis/ECLAIR/action_check_clean_regressions.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +set -eu + +usage() { + echo "Usage: $0 ANALYSIS_OUTPUT_DIR" >&2 + exit 2 +} + +[ $# -eq 1 ] || usage + +analysisOutputDir=$1 + +# Load settings and helpers +. "$(dirname "$0")/action.helpers" +. "$(dirname "$0")/action.settings" + +cleanRegressionsTxt=${analysisOutputDir}/clean_regressions.txt + +cleanRegressionCount=$("${ECLAIR_BIN_DIR}eclair_report" \ + "-db='${analysisOutputDir}/PROJECT.ecd'" \ + "-sel_unfixed=unfixed" \ + "-sel_tag_glob=violation_only,kind,violation" \ + "-sel_tag_glob=clean_added,clean,added" \ + "-report_counts_txt=service,'${cleanRegressionsTxt}'" \ + "-print='',reports_count()") + +if [ "${cleanRegressionCount}" -gt 0 ]; then + { + echo "Failure: ${cleanRegressionCount} regressions found for clean guidelines" + sed -n '/^Number of.*$/,/^$/{ /^Number of.*$/! { /^$/! p } }' ${cleanRegressionsTxt} + } > ${cleanRegressionsLog} + rm ${cleanRegressionsTxt} + exit 1 +else + echo "Success: No regressions for clean guidelines" > ${cleanRegressionsLog} + rm ${cleanRegressionsTxt} +fi diff --git a/automation/eclair_analysis/ECLAIR/action_clean_added.sh b/automation/eclair_analysis/ECLAIR/action_clean_added.sh deleted file mode 100755 index 59bc35fd13..0000000000 --- a/automation/eclair_analysis/ECLAIR/action_clean_added.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -set -eu - -usage() { - echo "Usage: $0 ANALYSIS_OUTPUT_DIR" >&2 - exit 2 -} - -[ $# -eq 1 ] || usage - -analysisOutputDir=$1 - -cleanAddedTxt="${analysisOutputDir}/clean_added.log" - -# Load settings and helpers -. "$(dirname "$0")/action.helpers" -. "$(dirname "$0")/action.settings" - -unexpectedReports=$("${ECLAIR_BIN_DIR}eclair_report" \ - "-db='${analysisOutputDir}/PROJECT.ecd'" \ - "-sel_unfixed=unfixed" \ - "-sel_tag_glob=clean_added,clean,added" \ - "-print='',reports_count()") - -if [ "${unexpectedReports}" -gt 0 ]; then - cat <"${cleanAddedTxt}" -Failure: ${unexpectedReports} unexpected reports found. -Unexpected reports are tagged 'clean:added'. -EOF - exit 1 -else - cat <"${cleanAddedTxt}" -Success: No unexpected reports. -EOF -fi diff --git a/automation/eclair_analysis/ECLAIR/analyze.sh b/automation/eclair_analysis/ECLAIR/analyze.sh index a127e7aaed..0ea5520c93 100755 --- a/automation/eclair_analysis/ECLAIR/analyze.sh +++ b/automation/eclair_analysis/ECLAIR/analyze.sh @@ -52,7 +52,7 @@ VARIANT="${XEN_TARGET_ARCH}" # Used in analysis.ecl case "$2" in -Set0|Set1|Set2|Set3) +accepted|monitored) export SET="$2" ;; *) diff --git a/automation/eclair_analysis/ECLAIR/generate_ecl.sh b/automation/eclair_analysis/ECLAIR/generate_ecl.sh index de20728eb1..66766b23ab 100755 --- a/automation/eclair_analysis/ECLAIR/generate_ecl.sh +++ b/automation/eclair_analysis/ECLAIR/generate_ecl.sh @@ -10,6 +10,10 @@ script_dir="$( )" exclude_list="${ECLAIR_PROJECT_ROOT}/docs/misra/exclude-list.json" +accepted_rst="${ECLAIR_PROJECT_ROOT}/docs/misra/rules.rst" # Generate the exclude list file "${script_dir}/adopted.sh" "${exclude_list}" + +# Generate accepted guidelines +"${script_dir}/accepted_guidelines.sh" "${accepted_rst}" diff --git a/automation/eclair_analysis/ECLAIR/monitored.ecl b/automation/eclair_analysis/ECLAIR/monitored.ecl new file mode 100644 index 0000000000..69308ea51c --- /dev/null +++ b/automation/eclair_analysis/ECLAIR/monitored.ecl @@ -0,0 +1,80 @@ +-doc_begin="A set of guidelines that are clean or that only have few violations left." +-enable=MC3R1.D1.1 +-enable=MC3R1.D2.1 +-enable=MC3R1.D4.1 +-enable=MC3R1.D4.10 +-enable=MC3R1.D4.11 +-enable=MC3R1.D4.12 +-enable=MC3R1.D4.14 +-enable=MC3R1.D4.3 +-enable=MC3R1.D4.7 +-enable=MC3R1.R10.1 +-enable=MC3R1.R10.2 +-enable=MC3R1.R1.1 +-enable=MC3R1.R11.1 +-enable=MC3R1.R11.7 +-enable=MC3R1.R11.8 +-enable=MC3R1.R11.9 +-enable=MC3R1.R12.5 +-enable=MC3R1.R1.3 +-enable=MC3R1.R13.6 +-enable=MC3R1.R1.4 +-enable=MC3R1.R14.1 +-enable=MC3R1.R14.4 +-enable=MC3R1.R16.2 +-enable=MC3R1.R16.6 +-enable=MC3R1.R16.7 +-enable=MC3R1.R17.1 +-enable=MC3R1.R17.3 +-enable=MC3R1.R17.4 +-enable=MC3R1.R17.5 +-enable=MC3R1.R17.6 +-enable=MC3R1.R19.1 +-enable=MC3R1.R20.12 +-enable=MC3R1.R20.13 +-enable=MC3R1.R20.14 +-enable=MC3R1.R20.4 +-enable=MC3R1.R20.9 +-enable=MC3R1.R2.1 +-enable=MC3R1.R21.13 +-enable=MC3R1.R21.17 +-enable=MC3R1.R21.18 +-enable=MC3R1.R21.19 +-enable=MC3R1.R21.20 +-enable=MC3R1.R21.21 +-enable=MC3R1.R2.2 +-enable=MC3R1.R22.2 +-enable=MC3R1.R22.4 +-enable=MC3R1.R22.5 +-enable=MC3R1.R22.6 +-enable=MC3R1.R2.6 +-enable=MC3R1.R3.1 +-enable=MC3R1.R3.2 +-enable=MC3R1.R4.1 +-enable=MC3R1.R4.2 +-enable=MC3R1.R5.1 +-enable=MC3R1.R5.2 +-enable=MC3R1.R5.3 +-enable=MC3R1.R5.4 +-enable=MC3R1.R5.6 +-enable=MC3R1.R6.1 +-enable=MC3R1.R6.2 +-enable=MC3R1.R7.1 +-enable=MC3R1.R7.2 +-enable=MC3R1.R7.3 +-enable=MC3R1.R7.4 +-enable=MC3R1.R8.1 +-enable=MC3R1.R8.10 +-enable=MC3R1.R8.12 +-enable=MC3R1.R8.14 +-enable=MC3R1.R8.2 +-enable=MC3R1.R8.3 +-enable=MC3R1.R8.4 +-enable=MC3R1.R8.5 +-enable=MC3R1.R8.6 +-enable=MC3R1.R8.8 +-enable=MC3R1.R9.2 +-enable=MC3R1.R9.3 +-enable=MC3R1.R9.4 +-enable=MC3R1.R9.5 +-doc_end diff --git a/automation/eclair_analysis/ECLAIR/tagging.ecl b/automation/eclair_analysis/ECLAIR/tagging.ecl index a1dea32b21..d609b470eb 100644 --- a/automation/eclair_analysis/ECLAIR/tagging.ecl +++ b/automation/eclair_analysis/ECLAIR/tagging.ecl @@ -13,24 +13,13 @@ -doc="Hide reports marked as disapplied." -remap_rtag={disapplied,hide} -####################### -# Accepted guidelines # -####################### - --doc="Accepted guidelines as reported in XEN/docs/misra/rules.rst" --service_selector={accepted_guidelines, - "MC3R1.D1.1||MC3R1.D2.1||MC3R1.D4.1||MC3R1.D4.3||MC3R1.D4.7||MC3R1.D4.10||MC3R1.D4.11||MC3R1.D4.14||MC3R1.R1.1||MC3R1.R1.3||MC3R1.R1.4||MC3R1.R2.1||MC3R1.R2.2||MC3R1.R2.6||MC3R1.R3.1||MC3R1.R3.2||MC3R1.R4.1||MC3R1.R4.2||MC3R1.R5.1||MC3R1.R5.2||MC3R1.R5.3||MC3R1.R5.4||MC3R1.R5.6||MC3R1.R6.1||MC3R1.R6.2||MC3R1.R7.1||MC3R1.R7.2||MC3R1.R7.3||MC3R1.R7.4||MC3R1.R8.1||MC3R1.R8.2||MC3R1.R8.3||MC3R1.R8.4||MC3R1.R8.5||MC3R1.R8.6||MC3R1.R8.8||MC3R1.R8.10||MC3R1.R8.12||MC3R1.R8.14||MC3R1.R9.1||MC3R1.R9.2||MC3R1.R9.3||MC3R1.R9.4||MC3R1.R9.5||MC3R1.R10.1||MC3R1.R10.2||MC3R1.R10.3||MC3R1.R10.4||MC3R1.R11.7||MC3R1.R11.8||MC3R1.R11.9||MC3R1.R12.5||MC3R1.R13.1||MC3R1.R13.5||MC3R1.R13.6||MC3R1.R14.1||MC3R1.R14.2||MC3R1.R14.3||MC3R1.R16.7||MC3R1.R17.3||MC3R1.R17.4||MC3R1.R17.6||MC3R1.R18.3||MC3R1.R19.1||MC3R1.R20.7||MC3R1.R20.13||MC3R1.R20.14||MC3R1.R21.13||MC3R1.R21.17||MC3R1.R21.18||MC3R1.R21.19||MC3R1.R21.20||MC3R1.R21.21||MC3R1.R22.2||MC3R1.R22.4||MC3R1.R22.5||MC3R1.R22.6" -} --doc="All reports of accepted guidelines are tagged as accepted." --reports+={status:accepted,"service(accepted_guidelines)"} - #################### # Clean guidelines # #################### -doc_begin="Clean guidelines: new violations for these guidelines are not accepted." --service_selector={clean_guidelines_common,"MC3R1.D1.1||MC3R1.D2.1||MC3R1.D4.11||MC3R1.D4.14||MC3R1.R1.1||MC3R1.R1.3||MC3R1.R1.4||MC3R1.R2.2||MC3R1.R3.1||MC3R1.R3.2||MC3R1.R4.1||MC3R1.R4.2||MC3R1.R5.1||MC3R1.R5.2||MC3R1.R5.4||MC3R1.R5.6||MC3R1.R6.1||MC3R1.R6.2||MC3R1.R7.1||MC3R1.R8.1||MC3R1.R8.2||MC3R1.R8.5||MC3R1.R8.6||MC3R1.R8.8||MC3R1.R8.10||MC3R1.R8.12||MC3R1.R8.14||MC3R1.R9.2||MC3R1.R9.4||MC3R1.R9.5||MC3R1.R12.5||MC3R1.R17.3||MC3R1.R17.4||MC3R1.R17.6||MC3R1.R20.13||MC3R1.R20.14||MC3R1.R21.13||MC3R1.R21.19||MC3R1.R21.21||MC3R1.R22.2||MC3R1.R22.4||MC3R1.R22.5||MC3R1.R22.6" +-service_selector={clean_guidelines_common,"MC3R1.D1.1||MC3R1.D2.1||MC3R1.D4.1||MC3R1.D4.11||MC3R1.D4.14||MC3R1.R1.1||MC3R1.R11.7||MC3R1.R11.9||MC3R1.R12.5||MC3R1.R1.3||MC3R1.R1.4||MC3R1.R14.1||MC3R1.R16.7||MC3R1.R17.1||MC3R1.R17.3||MC3R1.R17.4||MC3R1.R17.5||MC3R1.R17.6||MC3R1.R20.13||MC3R1.R20.14||MC3R1.R20.4||MC3R1.R20.9||MC3R1.R21.13||MC3R1.R21.19||MC3R1.R21.21||MC3R1.R2.2||MC3R1.R22.2||MC3R1.R22.4||MC3R1.R22.5||MC3R1.R22.6||MC3R1.R2.6||MC3R1.R3.1||MC3R1.R3.2||MC3R1.R4.1||MC3R1.R4.2||MC3R1.R5.1||MC3R1.R5.2||MC3R1.R5.4||MC3R1.R5.6||MC3R1.R6.1||MC3R1.R6.2||MC3R1.R7.1||MC3R1.R7.4||MC3R1.R8.1||MC3R1.R8.10||MC3R1.R8.12||MC3R1.R8.14||MC3R1.R8.2||MC3R1.R8.5||MC3R1.R8.6||MC3R1.R8.8||MC3R1.R9.2||MC3R1.R9.3||MC3R1.R9.4||MC3R1.R9.5" } -setq=target,getenv("XEN_TARGET_ARCH") @@ -40,7 +29,7 @@ if(string_equal(target,"x86_64"), ) if(string_equal(target,"arm64"), - service_selector({"additional_clean_guidelines","MC3R1.R5.3||MC3R1.R7.2||MC3R1.R7.3||MC3R1.R8.6||MC3R1.R9.3"}) + service_selector({"additional_clean_guidelines","MC3R1.R16.6||MC3R1.R20.12||MC3R1.R2.1||MC3R1.R5.3||MC3R1.R7.2||MC3R1.R7.3||MC3R1.R8.6||MC3R1.R9.3"}) ) -reports+={clean:added,"service(clean_guidelines_common||additional_clean_guidelines)"} diff --git a/automation/gitlab-ci/analyze.yaml b/automation/gitlab-ci/analyze.yaml index 6631db53fa..46c9d8e2e5 100644 --- a/automation/gitlab-ci/analyze.yaml +++ b/automation/gitlab-ci/analyze.yaml @@ -39,14 +39,14 @@ eclair-x86_64: variables: LOGFILE: "eclair-x86_64.log" VARIANT: "X86_64" - RULESET: "Set1" + RULESET: "monitored" eclair-ARM64: extends: .eclair-analysis:triggered variables: LOGFILE: "eclair-ARM64.log" VARIANT: "ARM64" - RULESET: "Set1" + RULESET: "monitored" .eclair-analysis:on-schedule: extends: .eclair-analysis @@ -55,56 +55,20 @@ eclair-ARM64: when: never - !reference [.eclair-analysis, rules] -eclair-x86_64-Set1:on-schedule: +eclair-x86_64:on-schedule: extends: .eclair-analysis:on-schedule variables: VARIANT: "X86_64" - RULESET: "Set1" + RULESET: "accepted" ANALYSIS_KIND: "${RULESET}-scheduled" LOGFILE: "eclair-${VARIANT}-${RULESET}.log" allow_failure: true -eclair-x86_64-Set2:on-schedule: - extends: .eclair-analysis:on-schedule - variables: - VARIANT: "X86_64" - RULESET: "Set2" - ANALYSIS_KIND: "${RULESET}-scheduled" - LOGFILE: "eclair-${VARIANT}-${RULESET}.log" - allow_failure: true - -eclair-x86_64-Set3:on-schedule: - extends: .eclair-analysis:on-schedule - variables: - VARIANT: "X86_64" - RULESET: "Set3" - ANALYSIS_KIND: "${RULESET}-scheduled" - LOGFILE: "eclair-${VARIANT}-${RULESET}.log" - allow_failure: true - -eclair-ARM64-Set1:on-schedule: - extends: .eclair-analysis:on-schedule - variables: - VARIANT: "ARM64" - RULESET: "Set1" - ANALYSIS_KIND: "${RULESET}-scheduled" - LOGFILE: "eclair-${VARIANT}-${RULESET}.log" - allow_failure: true - -eclair-ARM64-Set2:on-schedule: - extends: .eclair-analysis:on-schedule - variables: - VARIANT: "ARM64" - RULESET: "Set2" - ANALYSIS_KIND: "${RULESET}-scheduled" - LOGFILE: "eclair-${VARIANT}-${RULESET}.log" - allow_failure: true - -eclair-ARM64-Set3:on-schedule: +eclair-ARM64:on-schedule: extends: .eclair-analysis:on-schedule variables: VARIANT: "ARM64" - RULESET: "Set3" + RULESET: "accepted" ANALYSIS_KIND: "${RULESET}-scheduled" LOGFILE: "eclair-${VARIANT}-${RULESET}.log" allow_failure: true diff --git a/automation/scripts/eclair b/automation/scripts/eclair index 14e47a6f97..ebcaf09b54 100755 --- a/automation/scripts/eclair +++ b/automation/scripts/eclair @@ -18,12 +18,8 @@ ex=0 "${ex}" [ "${ex}" = 0 ] || exit "${ex}" -# Fail in case of new reports -"${ECLAIR_DIR}/action_clean_added.sh" "${ECLAIR_OUTPUT_DIR}" || ex=$? -"${ECLAIR_DIR}/action_log.sh" DIFF_CHECK_LOG \ - "ECLAIR diff check" \ - "${ECLAIR_OUTPUT_DIR}/clean_added.log" \ - "${ex}" +# Fail in case of new reports for clean guidelines +"${ECLAIR_DIR}/action_check_clean_regressions.sh" "${ECLAIR_OUTPUT_DIR}" || ex=$? "${ECLAIR_DIR}/action_push.sh" "${WTOKEN}" "${ECLAIR_OUTPUT_DIR}" [ "${ex}" = 0 ] || exit "${ex}" -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:47:55 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:47:55 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713239.1114348 (Exim 4.92) (envelope-from ) id 1s0bql-0001De-91; Sat, 27 Apr 2024 06:47:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713239.1114348; Sat, 27 Apr 2024 06:47:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bql-0001DX-6G; Sat, 27 Apr 2024 06:47:55 +0000 Received: by outflank-mailman (input) for mailman id 713239; Sat, 27 Apr 2024 06:47:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqk-0001DL-4r for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqk-0002jw-4B for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bqk-0008Sf-3S for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:47:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=lHp3KzakO7Dzc+QUZod/3XdVUQFRYLV5BCuZrVRj/NU=; b=ju6Pt5Ms56rRAom+TC219KXRYE SwydsPYl4H3q/HR62uRo7CkqauI5vvyySBjpfD5kMHHznkSnRxlJH2vPH8620eHHtp1VHULB4lkyz zufVVzDChzA/anoA6a5qJ/Q73klQBt8fF3UEJK3LE8ZsIbBdM+ogrQkz0sC9kVDtpHxU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] CI: Drop glibc-i386 from the build containers Message-Id: Date: Sat, 27 Apr 2024 06:47:54 +0000 commit a0e29b316363d9900f5892cd3e7417f69758d446 Author: Andrew Cooper AuthorDate: Thu Apr 25 18:47:37 2024 +0100 Commit: Stefano Stabellini CommitDate: Thu Apr 25 13:14:40 2024 -0700 CI: Drop glibc-i386 from the build containers Xen 4.14 no longer runs in Gitlab CI. Drop the dependency to shrink the build containers a little. Signed-off-by: Andrew Cooper Acked-by: Stefano Stabellini --- automation/build/archlinux/current.dockerfile | 2 -- automation/build/centos/7.dockerfile | 2 -- automation/build/debian/bookworm.dockerfile | 2 -- automation/build/debian/jessie.dockerfile | 2 -- automation/build/debian/stretch.dockerfile | 2 -- automation/build/fedora/29.dockerfile | 2 -- automation/build/suse/opensuse-leap.dockerfile | 2 -- automation/build/suse/opensuse-tumbleweed.dockerfile | 2 -- automation/build/ubuntu/bionic.dockerfile | 2 -- automation/build/ubuntu/focal.dockerfile | 2 -- automation/build/ubuntu/trusty.dockerfile | 2 -- automation/build/ubuntu/xenial.dockerfile | 2 -- 12 files changed, 24 deletions(-) diff --git a/automation/build/archlinux/current.dockerfile b/automation/build/archlinux/current.dockerfile index d974a1434f..3e37ab5c40 100644 --- a/automation/build/archlinux/current.dockerfile +++ b/automation/build/archlinux/current.dockerfile @@ -19,8 +19,6 @@ RUN pacman -S --refresh --sysupgrade --noconfirm --noprogressbar --needed \ iasl \ inetutils \ iproute \ - # lib32-glibc for Xen < 4.15 - lib32-glibc \ libaio \ libcacard \ libgl \ diff --git a/automation/build/centos/7.dockerfile b/automation/build/centos/7.dockerfile index ab450f0b3a..1cdc16fc05 100644 --- a/automation/build/centos/7.dockerfile +++ b/automation/build/centos/7.dockerfile @@ -32,8 +32,6 @@ RUN yum -y update \ yajl-devel \ pixman-devel \ glibc-devel \ - # glibc-devel.i686 for Xen < 4.15 - glibc-devel.i686 \ make \ binutils \ git \ diff --git a/automation/build/debian/bookworm.dockerfile b/automation/build/debian/bookworm.dockerfile index 459f8e30bd..d893218fc4 100644 --- a/automation/build/debian/bookworm.dockerfile +++ b/automation/build/debian/bookworm.dockerfile @@ -31,8 +31,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/debian/jessie.dockerfile b/automation/build/debian/jessie.dockerfile index 32fc952fbc..308675cac1 100644 --- a/automation/build/debian/jessie.dockerfile +++ b/automation/build/debian/jessie.dockerfile @@ -37,8 +37,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/debian/stretch.dockerfile b/automation/build/debian/stretch.dockerfile index e2706a8f35..59794ed467 100644 --- a/automation/build/debian/stretch.dockerfile +++ b/automation/build/debian/stretch.dockerfile @@ -38,8 +38,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/fedora/29.dockerfile b/automation/build/fedora/29.dockerfile index 42a87ce6c8..f473ae13e7 100644 --- a/automation/build/fedora/29.dockerfile +++ b/automation/build/fedora/29.dockerfile @@ -21,8 +21,6 @@ RUN dnf -y install \ yajl-devel \ pixman-devel \ glibc-devel \ - # glibc-devel.i686 for Xen < 4.15 - glibc-devel.i686 \ make \ binutils \ git \ diff --git a/automation/build/suse/opensuse-leap.dockerfile b/automation/build/suse/opensuse-leap.dockerfile index e1ec38a414..48d0d50d00 100644 --- a/automation/build/suse/opensuse-leap.dockerfile +++ b/automation/build/suse/opensuse-leap.dockerfile @@ -28,8 +28,6 @@ RUN zypper install -y --no-recommends \ ghostscript \ glib2-devel \ glibc-devel \ - # glibc-devel-32bit for Xen < 4.15 - glibc-devel-32bit \ gzip \ hostname \ libaio-devel \ diff --git a/automation/build/suse/opensuse-tumbleweed.dockerfile b/automation/build/suse/opensuse-tumbleweed.dockerfile index f00e03eda7..53542ba1f4 100644 --- a/automation/build/suse/opensuse-tumbleweed.dockerfile +++ b/automation/build/suse/opensuse-tumbleweed.dockerfile @@ -26,8 +26,6 @@ RUN zypper install -y --no-recommends \ ghostscript \ glib2-devel \ glibc-devel \ - # glibc-devel-32bit for Xen < 4.15 - glibc-devel-32bit \ gzip \ hostname \ libaio-devel \ diff --git a/automation/build/ubuntu/bionic.dockerfile b/automation/build/ubuntu/bionic.dockerfile index 77d7f93386..910d3c4b53 100644 --- a/automation/build/ubuntu/bionic.dockerfile +++ b/automation/build/ubuntu/bionic.dockerfile @@ -31,8 +31,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/ubuntu/focal.dockerfile b/automation/build/ubuntu/focal.dockerfile index 30a9b8e84f..7c6a4d0756 100644 --- a/automation/build/ubuntu/focal.dockerfile +++ b/automation/build/ubuntu/focal.dockerfile @@ -31,8 +31,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/ubuntu/trusty.dockerfile b/automation/build/ubuntu/trusty.dockerfile index 0d33578c4e..8bd8c085a7 100644 --- a/automation/build/ubuntu/trusty.dockerfile +++ b/automation/build/ubuntu/trusty.dockerfile @@ -31,8 +31,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ diff --git a/automation/build/ubuntu/xenial.dockerfile b/automation/build/ubuntu/xenial.dockerfile index e8035434f8..f6296d3292 100644 --- a/automation/build/ubuntu/xenial.dockerfile +++ b/automation/build/ubuntu/xenial.dockerfile @@ -31,8 +31,6 @@ RUN apt-get update && \ bin86 \ bcc \ liblzma-dev \ - # libc6-dev-i386 for Xen < 4.15 - libc6-dev-i386 \ libnl-3-dev \ ocaml-nox \ libfindlib-ocaml-dev \ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:48:05 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:48:05 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713240.1114352 (Exim 4.92) (envelope-from ) id 1s0bqv-0001HV-CJ; Sat, 27 Apr 2024 06:48:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713240.1114352; Sat, 27 Apr 2024 06:48:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqv-0001HO-9N; Sat, 27 Apr 2024 06:48:05 +0000 Received: by outflank-mailman (input) for mailman id 713240; Sat, 27 Apr 2024 06:48:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqu-0001HD-7t for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0bqu-0002kJ-7B for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0bqu-0008Ua-6O for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=qXWwELDb4fGDc8WL4MD+lfscZXuN7hL5uylRydFFFsI=; b=rxRNIHGUL1Rgav2vxf+w9Y7Qc2 f+98wKUq79guVYVdE3ClUjR3j+qQk0gvMGTcUmt6nc9JwvkfeKx+cwjQ5veuxQW3jSO1+hacQ+jhF 5kMqBPbiMRQ1fyQ7g7ZGapMuxTcXTFO/UaMw0vD2dRsf6djQ2p/x8Ut1+rltoy1zrNPc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] arm/vpci: make prefetchable mem 64 bit Message-Id: Date: Sat, 27 Apr 2024 06:48:04 +0000 commit 232ee07c23b23fbbafbbf27e475dbbc5b27e4bbb Author: Stewart Hildebrand AuthorDate: Wed Apr 24 12:27:22 2024 -0400 Commit: Stefano Stabellini CommitDate: Thu Apr 25 13:16:11 2024 -0700 arm/vpci: make prefetchable mem 64 bit The vPCI prefetchable memory range is >= 4GB, so the memory space flags should be set to 64-bit. See IEEE Std 1275-1994 [1] chapter 2.2.1.1 for a definition of the field. [1] https://www.devicetree.org/open-firmware/bindings/pci/pci2_1.pdf Signed-off-by: Stewart Hildebrand Acked-by: Michal Orzel Reviewed-by: Rahul Singh --- xen/include/public/arch-arm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/include/public/arch-arm.h b/xen/include/public/arch-arm.h index e167e14f8d..289af81bd6 100644 --- a/xen/include/public/arch-arm.h +++ b/xen/include/public/arch-arm.h @@ -487,7 +487,7 @@ typedef uint64_t xen_callback_t; #define GUEST_RAM0_SIZE xen_mk_ullong(0xc0000000) /* 4GB @ 4GB Prefetch Memory for VPCI */ -#define GUEST_VPCI_ADDR_TYPE_PREFETCH_MEM xen_mk_ullong(0x42000000) +#define GUEST_VPCI_ADDR_TYPE_PREFETCH_MEM xen_mk_ullong(0x43000000) #define GUEST_VPCI_PREFETCH_MEM_ADDR xen_mk_ullong(0x100000000) #define GUEST_VPCI_PREFETCH_MEM_SIZE xen_mk_ullong(0x100000000) -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:48:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:48:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713241.1114357 (Exim 4.92) (envelope-from ) id 1s0br5-0001KL-Dz; Sat, 27 Apr 2024 06:48:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713241.1114357; Sat, 27 Apr 2024 06:48:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0br5-0001KE-B7; Sat, 27 Apr 2024 06:48:15 +0000 Received: by outflank-mailman (input) for mailman id 713241; Sat, 27 Apr 2024 06:48:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0br4-0001K6-B2 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0br4-0002kU-AD for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0br4-0008V7-9S for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=8oVfEaYPwzIhl50m2cx5w8wd2sXz19Dogn5RRtdJv8E=; b=xe7pXdYJgvfH72ZG0MZIqTDevQ t9NSAVrQf52fgkjHFgG7fwUFYDt+rJ+gX6v1+26pFeucmEWSvFWkasdmGJvPxvGlUaHmBhxxOzeRI quGLQVIpdmj/DFqrBWBkICau3dqZxpxiv9kcjKc9V42tbVzAQl3hPIoRueYdgmt7NTAg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] gzip: clean up comments and fix code alignment Message-Id: Date: Sat, 27 Apr 2024 06:48:14 +0000 commit fd4ff921f7ac3eac229faa775fafc398d977ad40 Author: Daniel P. Smith AuthorDate: Fri Apr 26 12:42:14 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 26 12:42:14 2024 +0200 gzip: clean up comments and fix code alignment This commit cleans up the comments and fixes the code alignment using Xen coding style. This is done to make the code more legible before refactoring. Signed-off-by: Daniel P. Smith Acked-by: Andrew Cooper --- xen/common/gzip/gunzip.c | 14 +- xen/common/gzip/inflate.c | 787 +++++++++++++++++++++++----------------------- 2 files changed, 406 insertions(+), 395 deletions(-) diff --git a/xen/common/gzip/gunzip.c b/xen/common/gzip/gunzip.c index 53cee9ee17..d07c451cd8 100644 --- a/xen/common/gzip/gunzip.c +++ b/xen/common/gzip/gunzip.c @@ -54,11 +54,10 @@ static __init void error(const char *x) static __init int fill_inbuf(void) { - error("ran out of input data"); - return 0; + error("ran out of input data"); + return 0; } - #include "inflate.c" static __init void flush_window(void) @@ -122,3 +121,12 @@ __init int perform_gunzip(char *output, char *image, unsigned long image_len) return rc; } + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/common/gzip/inflate.c b/xen/common/gzip/inflate.c index a03903f731..220d2ff4d9 100644 --- a/xen/common/gzip/inflate.c +++ b/xen/common/gzip/inflate.c @@ -1,11 +1,13 @@ #define DEBG(x) #define DEBG1(x) -/* inflate.c -- Not copyrighted 1992 by Mark Adler - version c10p1, 10 January 1993 */ +/* + * inflate.c -- Not copyrighted 1992 by Mark Adler + * version c10p1, 10 January 1993 + */ -/* +/* * Adapted for booting Linux by Hannu Savolainen 1993 - * based on gzip-1.0.3 + * based on gzip-1.0.3 * * Nicolas Pitre , 1999/04/14 : * Little mods for all variable to reside either into rodata or bss segments @@ -15,92 +17,91 @@ */ /* - Inflate deflated (PKZIP's method 8 compressed) data. The compression - method searches for as much of the current string of bytes (up to a - length of 258) in the previous 32 K bytes. If it doesn't find any - matches (of at least length 3), it codes the next byte. Otherwise, it - codes the length of the matched string and its distance backwards from - the current position. There is a single Huffman code that codes both - single bytes (called "literals") and match lengths. A second Huffman - code codes the distance information, which follows a length code. Each - length or distance code actually represents a base value and a number - of "extra" (sometimes zero) bits to get to add to the base value. At - the end of each deflated block is a special end-of-block (EOB) literal/ - length code. The decoding process is basically: get a literal/length - code; if EOB then done; if a literal, emit the decoded byte; if a - length then get the distance and emit the referred-to bytes from the - sliding window of previously emitted data. - - There are (currently) three kinds of inflate blocks: stored, fixed, and - dynamic. The compressor deals with some chunk of data at a time, and - decides which method to use on a chunk-by-chunk basis. A chunk might - typically be 32 K or 64 K. If the chunk is incompressible, then the - "stored" method is used. In this case, the bytes are simply stored as - is, eight bits per byte, with none of the above coding. The bytes are - preceded by a count, since there is no longer an EOB code. - - If the data is compressible, then either the fixed or dynamic methods - are used. In the dynamic method, the compressed data is preceded by - an encoding of the literal/length and distance Huffman codes that are - to be used to decode this block. The representation is itself Huffman - coded, and so is preceded by a description of that code. These code - descriptions take up a little space, and so for small blocks, there is - a predefined set of codes, called the fixed codes. The fixed method is - used if the block codes up smaller that way (usually for quite small - chunks), otherwise the dynamic method is used. In the latter case, the - codes are customized to the probabilities in the current block, and so - can code it much better than the pre-determined fixed codes. - - The Huffman codes themselves are decoded using a multi-level table - lookup, in order to maximize the speed of decoding plus the speed of - building the decoding tables. See the comments below that precede the - lbits and dbits tuning parameters. + * Inflate deflated (PKZIP's method 8 compressed) data. The compression + * method searches for as much of the current string of bytes (up to a + * length of 258) in the previous 32 K bytes. If it doesn't find any + * matches (of at least length 3), it codes the next byte. Otherwise, it + * codes the length of the matched string and its distance backwards from + * the current position. There is a single Huffman code that codes both + * single bytes (called "literals") and match lengths. A second Huffman + * code codes the distance information, which follows a length code. Each + * length or distance code actually represents a base value and a number + * of "extra" (sometimes zero) bits to get to add to the base value. At + * the end of each deflated block is a special end-of-block (EOB) literal/ + * length code. The decoding process is basically: get a literal/length + * code; if EOB then done; if a literal, emit the decoded byte; if a + * length then get the distance and emit the referred-to bytes from the + * sliding window of previously emitted data. + * + * There are (currently) three kinds of inflate blocks: stored, fixed, and + * dynamic. The compressor deals with some chunk of data at a time, and + * decides which method to use on a chunk-by-chunk basis. A chunk might + * typically be 32 K or 64 K. If the chunk is incompressible, then the + * "stored" method is used. In this case, the bytes are simply stored as + * is, eight bits per byte, with none of the above coding. The bytes are + * preceded by a count, since there is no longer an EOB code. + * + * If the data is compressible, then either the fixed or dynamic methods + * are used. In the dynamic method, the compressed data is preceded by + * an encoding of the literal/length and distance Huffman codes that are + * to be used to decode this block. The representation is itself Huffman + * coded, and so is preceded by a description of that code. These code + * descriptions take up a little space, and so for small blocks, there is + * a predefined set of codes, called the fixed codes. The fixed method is + * used if the block codes up smaller that way (usually for quite small + * chunks), otherwise the dynamic method is used. In the latter case, the + * codes are customized to the probabilities in the current block, and so + * can code it much better than the pre-determined fixed codes. + * + * The Huffman codes themselves are decoded using a multi-level table + * lookup, in order to maximize the speed of decoding plus the speed of + * building the decoding tables. See the comments below that precede the + * lbits and dbits tuning parameters. */ - /* - Notes beyond the 1.93a appnote.txt: - - 1. Distance pointers never point before the beginning of the output - stream. - 2. Distance pointers can point back across blocks, up to 32k away. - 3. There is an implied maximum of 7 bits for the bit length table and - 15 bits for the actual data. - 4. If only one code exists, then it is encoded using one bit. (Zero - would be more efficient, but perhaps a little confusing.) If two - codes exist, they are coded using one bit each (0 and 1). - 5. There is no way of sending zero distance codes--a dummy must be - sent if there are none. (History: a pre 2.0 version of PKZIP would - store blocks with no distance codes, but this was discovered to be - too harsh a criterion.) Valid only for 1.93a. 2.04c does allow - zero distance codes, which is sent as one code of zero bits in - length. - 6. There are up to 286 literal/length codes. Code 256 represents the - end-of-block. Note however that the static length tree defines - 288 codes just to fill out the Huffman codes. Codes 286 and 287 - cannot be used though, since there is no length base or extra bits - defined for them. Similarly, there are up to 30 distance codes. - However, static trees define 32 codes (all 5 bits) to fill out the - Huffman codes, but the last two had better not show up in the data. - 7. Unzip can check dynamic Huffman blocks for complete code sets. - The exception is that a single code would not be complete (see #4). - 8. The five bits following the block type is really the number of - literal codes sent minus 257. - 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits - (1+6+6). Therefore, to output three times the length, you output - three codes (1+1+1), whereas to output four times the same length, - you only need two codes (1+3). Hmm. - 10. In the tree reconstruction algorithm, Code = Code + Increment - only if BitLength(i) is not zero. (Pretty obvious.) - 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) - 12. Note: length code 284 can represent 227-258, but length code 285 - really is 258. The last length deserves its own, short code - since it gets used a lot in very redundant files. The length - 258 is special since 258 - 3 (the min match length) is 255. - 13. The literal/length and distance code bit lengths are read as a - single stream of lengths. It is possible (and advantageous) for - a repeat code (16, 17, or 18) to go across the boundary between - the two sets of lengths. + * Notes beyond the 1.93a appnote.txt: + * + * 1. Distance pointers never point before the beginning of the output + * stream. + * 2. Distance pointers can point back across blocks, up to 32k away. + * 3. There is an implied maximum of 7 bits for the bit length table and + * 15 bits for the actual data. + * 4. If only one code exists, then it is encoded using one bit. (Zero + * would be more efficient, but perhaps a little confusing.) If two + * codes exist, they are coded using one bit each (0 and 1). + * 5. There is no way of sending zero distance codes--a dummy must be + * sent if there are none. (History: a pre 2.0 version of PKZIP would + * store blocks with no distance codes, but this was discovered to be + * too harsh a criterion.) Valid only for 1.93a. 2.04c does allow + * zero distance codes, which is sent as one code of zero bits in + * length. + * 6. There are up to 286 literal/length codes. Code 256 represents the + * end-of-block. Note however that the static length tree defines + * 288 codes just to fill out the Huffman codes. Codes 286 and 287 + * cannot be used though, since there is no length base or extra bits + * defined for them. Similarly, there are up to 30 distance codes. + * However, static trees define 32 codes (all 5 bits) to fill out the + * Huffman codes, but the last two had better not show up in the data. + * 7. Unzip can check dynamic Huffman blocks for complete code sets. + * The exception is that a single code would not be complete (see #4). + * 8. The five bits following the block type is really the number of + * literal codes sent minus 257. + * 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits + * (1+6+6). Therefore, to output three times the length, you output + * three codes (1+1+1), whereas to output four times the same length, + * you only need two codes (1+3). Hmm. + * 10. In the tree reconstruction algorithm, Code = Code + Increment + * only if BitLength(i) is not zero. (Pretty obvious.) + * 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) + * 12. Note: length code 284 can represent 227-258, but length code 285 + * really is 258. The last length deserves its own, short code + * since it gets used a lot in very redundant files. The length + * 258 is special since 258 - 3 (the min match length) is 255. + * 13. The literal/length and distance code bit lengths are read as a + * single stream of lengths. It is possible (and advantageous) for + * a repeat code (16, 17, or 18) to go across the boundary between + * the two sets of lengths. */ #ifdef RCSID @@ -120,13 +121,15 @@ static char rcsid[] = "#Id: inflate.c,v 0.14 1993/06/10 13:27:04 jloup Exp #"; #define slide window -/* Huffman code lookup table entry--this entry is four bytes for machines - that have 16-bit pointers (e.g. PC's in the small or medium model). - Valid extra bits are 0..13. e == 15 is EOB (end of block), e == 16 - means that v is a literal, 16 < e < 32 means that v is a pointer to - the next table, which codes e - 16 bits, and lastly e == 99 indicates - an unused code. If a code with e == 99 is looked up, this implies an - error in the data. */ +/* + * Huffman code lookup table entry--this entry is four bytes for machines + * that have 16-bit pointers (e.g. PC's in the small or medium model). + * Valid extra bits are 0..13. e == 15 is EOB (end of block), e == 16 + * means that v is a literal, 16 < e < 32 means that v is a pointer to + * the next table, which codes e - 16 bits, and lastly e == 99 indicates + * an unused code. If a code with e == 99 is looked up, this implies an + * error in the data. + */ struct huft { uch e; /* number of extra bits or operation */ uch b; /* number of bits in this code or subcode */ @@ -136,7 +139,6 @@ struct huft { } v; }; - /* Function prototypes */ static int huft_build(unsigned *, unsigned, unsigned, const ush *, const ush *, struct huft **, int *); @@ -148,15 +150,17 @@ static int inflate_dynamic(void); static int inflate_block(int *); static int inflate(void); - -/* The inflate algorithm uses a sliding 32 K byte window on the uncompressed - stream to find repeated byte strings. This is implemented here as a - circular buffer. The index is updated simply by incrementing and then - ANDing with 0x7fff (32K-1). */ -/* It is left to other modules to supply the 32 K area. It is assumed - to be usable as if it were declared "uch slide[32768];" or as just - "uch *slide;" and then malloc'ed in the latter case. The definition - must be in unzip.h, included above. */ +/* + * The inflate algorithm uses a sliding 32 K byte window on the uncompressed + * stream to find repeated byte strings. This is implemented here as a + * circular buffer. The index is updated simply by incrementing and then + * ANDing with 0x7fff (32K-1). + * + * It is left to other modules to supply the 32 K area. It is assumed + * to be usable as if it were declared "uch slide[32768];" or as just + * "uch *slide;" and then malloc'ed in the latter case. The definition + * must be in unzip.h, included above. + */ /* unsigned wp; current position in slide */ #define wp outcnt #define flush_output(w) (wp=(w),flush_window()) @@ -180,36 +184,35 @@ static const ush cpdext[] = { /* Extra bits for distance codes */ 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; - - -/* Macros for inflate() bit peeking and grabbing. - The usage is: - - NEEDBITS(j) - x = b & mask_bits[j]; - DUMPBITS(j) - - where NEEDBITS makes sure that b has at least j bits in it, and - DUMPBITS removes the bits from b. The macros use the variable k - for the number of bits in b. Normally, b and k are register - variables for speed, and are initialized at the beginning of a - routine that uses these macros from a global bit buffer and count. - - If we assume that EOB will be the longest code, then we will never - ask for bits with NEEDBITS that are beyond the end of the stream. - So, NEEDBITS should not read any more bytes than are needed to - meet the request. Then no bytes need to be "returned" to the buffer - at the end of the last block. - - However, this assumption is not true for fixed blocks--the EOB code - is 7 bits, but the other literal/length codes can be 8 or 9 bits. - (The EOB code is shorter than other codes because fixed blocks are - generally short. So, while a block always has an EOB, many other - literal/length codes have a significantly lower probability of - showing up at all.) However, by making the first table have a - lookup of seven bits, the EOB code will be found in that first - lookup, and so will not require that too many bits be pulled from - the stream. +/* + * Macros for inflate() bit peeking and grabbing. + * The usage is: + * + * NEEDBITS(j) + * x = b & mask_bits[j]; + * DUMPBITS(j) + * + * where NEEDBITS makes sure that b has at least j bits in it, and + * DUMPBITS removes the bits from b. The macros use the variable k + * for the number of bits in b. Normally, b and k are register + * variables for speed, and are initialized at the beginning of a + * routine that uses these macros from a global bit buffer and count. + * + * If we assume that EOB will be the longest code, then we will never + * ask for bits with NEEDBITS that are beyond the end of the stream. + * So, NEEDBITS should not read any more bytes than are needed to + * meet the request. Then no bytes need to be "returned" to the buffer + * at the end of the last block. + * + * However, this assumption is not true for fixed blocks--the EOB code + * is 7 bits, but the other literal/length codes can be 8 or 9 bits. + * (The EOB code is shorter than other codes because fixed blocks are + * generally short. So, while a block always has an EOB, many other + * literal/length codes have a significantly lower probability of + * showing up at all.) However, by making the first table have a + * lookup of seven bits, the EOB code will be found in that first + * lookup, and so will not require that too many bits be pulled from + * the stream. */ static ulg __initdata bb; /* bit buffer */ @@ -226,60 +229,62 @@ static const ush mask_bits[] = { #define DUMPBITS(n) {b>>=(n);k-=(n);} /* - Huffman code decoding is performed using a multi-level table lookup. - The fastest way to decode is to simply build a lookup table whose - size is determined by the longest code. However, the time it takes - to build this table can also be a factor if the data being decoded - is not very long. The most common codes are necessarily the - shortest codes, so those codes dominate the decoding time, and hence - the speed. The idea is you can have a shorter table that decodes the - shorter, more probable codes, and then point to subsidiary tables for - the longer codes. The time it costs to decode the longer codes is - then traded against the time it takes to make longer tables. - - This results of this trade are in the variables lbits and dbits - below. lbits is the number of bits the first level table for literal/ - length codes can decode in one step, and dbits is the same thing for - the distance codes. Subsequent tables are also less than or equal to - those sizes. These values may be adjusted either when all of the - codes are shorter than that, in which case the longest code length in - bits is used, or when the shortest code is *longer* than the requested - table size, in which case the length of the shortest code in bits is - used. - - There are two different values for the two tables, since they code a - different number of possibilities each. The literal/length table - codes 286 possible values, or in a flat code, a little over eight - bits. The distance table codes 30 possible values, or a little less - than five bits, flat. The optimum values for speed end up being - about one bit more than those, so lbits is 8+1 and dbits is 5+1. - The optimum values may differ though from machine to machine, and - possibly even between compilers. Your mileage may vary. + * Huffman code decoding is performed using a multi-level table lookup. + * The fastest way to decode is to simply build a lookup table whose + * size is determined by the longest code. However, the time it takes + * to build this table can also be a factor if the data being decoded + * is not very long. The most common codes are necessarily the + * shortest codes, so those codes dominate the decoding time, and hence + * the speed. The idea is you can have a shorter table that decodes the + * shorter, more probable codes, and then point to subsidiary tables for + * the longer codes. The time it costs to decode the longer codes is + * then traded against the time it takes to make longer tables. + * + * This results of this trade are in the variables lbits and dbits + * below. lbits is the number of bits the first level table for literal/ + * length codes can decode in one step, and dbits is the same thing for + * the distance codes. Subsequent tables are also less than or equal to + * those sizes. These values may be adjusted either when all of the + * codes are shorter than that, in which case the longest code length in + * bits is used, or when the shortest code is *longer* than the requested + * table size, in which case the length of the shortest code in bits is + * used. + * + * There are two different values for the two tables, since they code a + * different number of possibilities each. The literal/length table + * codes 286 possible values, or in a flat code, a little over eight + * bits. The distance table codes 30 possible values, or a little less + * than five bits, flat. The optimum values for speed end up being + * about one bit more than those, so lbits is 8+1 and dbits is 5+1. + * The optimum values may differ though from machine to machine, and + * possibly even between compilers. Your mileage may vary. */ - static const int lbits = 9; /* bits in base literal/length lookup table */ static const int dbits = 6; /* bits in base distance lookup table */ - /* If BMAX needs to be larger than 16, then h and x[] should be ulg. */ #define BMAX 16 /* maximum bit length of any code (16 for explode) */ #define N_MAX 288 /* maximum number of codes in any set */ +/* + * Given a list of code lengths and a maximum table size, make a set of + * tables to decode that set of codes. Return zero on success, one if + * the given code set is incomplete (the tables are still built in this + * case), two if the input is invalid (all zero length codes or an + * oversubscribed set of lengths), and three if not enough memory. + * + * @param b Code lengths in bits (all assumed <= BMAX) + * @param n Number of codes (assumed <= N_MAX) + * @param s Number of simple-valued codes (0..s-1) + * @param d List of base values for non-simple codes + * @param e List of extra bits for non-simple codes + * @param t Result: starting table + * @param m Maximum lookup bits, returns actual + */ static int __init huft_build( - unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ - unsigned n, /* number of codes (assumed <= N_MAX) */ - unsigned s, /* number of simple-valued codes (0..s-1) */ - const ush *d, /* list of base values for non-simple codes */ - const ush *e, /* list of extra bits for non-simple codes */ - struct huft **t, /* result: starting table */ - int *m /* maximum lookup bits, returns actual */ - ) -/* Given a list of code lengths and a maximum table size, make a set of - tables to decode that set of codes. Return zero on success, one if - the given code set is incomplete (the tables are still built in this - case), two if the input is invalid (all zero length codes or an - oversubscribed set of lengths), and three if not enough memory. */ + unsigned *b, unsigned n, unsigned s, const ush *d, const ush *e, + struct huft **t, int *m) { unsigned a; /* counter for codes of length k */ unsigned f; /* i repeats in table every f entries */ @@ -321,7 +326,7 @@ static int __init huft_build( memzero(stk->c, sizeof(stk->c)); p = b; i = n; do { - Tracecv(*p, (stderr, (n-i >= ' ' && n-i <= '~' ? "%c %d\n" : "0x%x %d\n"), + Tracecv(*p, (stderr, (n-i >= ' ' && n-i <= '~' ? "%c %d\n" : "0x%x %d\n"), n-i, *p)); c[*p]++; /* assume all entries <= BMAX */ p++; /* Can't combine with above line (Solaris bug) */ @@ -508,18 +513,17 @@ static int __init huft_build( return ret; } - - -static int __init huft_free( - struct huft *t /* table to free */ - ) -/* Free the malloc'ed tables built by huft_build(), which makes a linked - list of the tables it made, with the links in a dummy first entry of - each table. */ +/* + * Free the malloc'ed tables built by huft_build(), which makes a linked + * list of the tables it made, with the links in a dummy first entry of + * each table. + * + * @param t Table to free + */ +static int __init huft_free(struct huft *t) { register struct huft *p, *q; - /* Go through linked list, freeing from the malloced (t[-1]) address. */ p = t; while (p != (struct huft *)NULL) @@ -527,19 +531,21 @@ static int __init huft_free( q = (--p)->v.t; free((char*)p); p = q; - } + } return 0; } - +/* + * inflate (decompress) the codes in a deflated (compressed) block. + * Return an error code or zero if it all goes ok. + * + * @param huft tl Literal/length decoder tables + * @param huft td Distance decoder tables + * @param bl Number of bits decoded by tl[] + * @param bd Number of bits decoded by td[] + */ static int __init inflate_codes( - struct huft *tl, /* literal/length decoder tables */ - struct huft *td, /* distance decoder tables */ - int bl, /* number of bits decoded by tl[] */ - int bd /* number of bits decoded by td[] */ - ) -/* inflate (decompress) the codes in a deflated (compressed) block. - Return an error code or zero if it all goes ok. */ + struct huft *tl, struct huft *td, int bl, int bd) { register unsigned e; /* table entry flag/number of extra bits */ unsigned n, d; /* length and index for copy */ @@ -560,77 +566,76 @@ static int __init inflate_codes( md = mask_bits[bd]; for (;;) /* do until end of block */ { - NEEDBITS((unsigned)bl) - if ((e = (t = tl + ((unsigned)b & ml))->e) > 16) + NEEDBITS((unsigned)bl); + if ((e = (t = tl + ((unsigned)b & ml))->e) > 16) + do { + if (e == 99) + return 1; + DUMPBITS(t->b); + e -= 16; + NEEDBITS(e); + } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); + DUMPBITS(t->b); + if (e == 16) /* then it's a literal */ + { + slide[w++] = (uch)t->v.n; + Tracevv((stderr, "%c", slide[w-1])); + if (w == WSIZE) + { + flush_output(w); + w = 0; + } + } + else /* it's an EOB or a length */ + { + /* exit if end of block */ + if (e == 15) + break; + + /* get length of block to copy */ + NEEDBITS(e); + n = t->v.n + ((unsigned)b & mask_bits[e]); + DUMPBITS(e); + + /* decode distance of block to copy */ + NEEDBITS((unsigned)bd); + if ((e = (t = td + ((unsigned)b & md))->e) > 16) do { if (e == 99) return 1; - DUMPBITS(t->b) - e -= 16; - NEEDBITS(e) - } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); - DUMPBITS(t->b) - if (e == 16) /* then it's a literal */ - { - slide[w++] = (uch)t->v.n; - Tracevv((stderr, "%c", slide[w-1])); + DUMPBITS(t->b); + e -= 16; + NEEDBITS(e); + } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); + DUMPBITS(t->b); + NEEDBITS(e); + d = w - t->v.n - ((unsigned)b & mask_bits[e]); + DUMPBITS(e); + Tracevv((stderr,"\\[%d,%d]", w-d, n)); + + /* do the copy */ + do { + n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e); + if (w - d >= e) /* (this test assumes unsigned comparison) */ + { + memcpy(slide + w, slide + d, e); + w += e; + d += e; + } + else /* do it slow to avoid memcpy() overlap */ + do { + slide[w++] = slide[d++]; + Tracevv((stderr, "%c", slide[w-1])); + } while (--e); if (w == WSIZE) { flush_output(w); w = 0; } - } - else /* it's an EOB or a length */ - { - /* exit if end of block */ - if (e == 15) - break; - - /* get length of block to copy */ - NEEDBITS(e) - n = t->v.n + ((unsigned)b & mask_bits[e]); - DUMPBITS(e); - - /* decode distance of block to copy */ - NEEDBITS((unsigned)bd) - if ((e = (t = td + ((unsigned)b & md))->e) > 16) - do { - if (e == 99) - return 1; - DUMPBITS(t->b) - e -= 16; - NEEDBITS(e) - } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); - DUMPBITS(t->b) - NEEDBITS(e) - d = w - t->v.n - ((unsigned)b & mask_bits[e]); - DUMPBITS(e) - Tracevv((stderr,"\\[%d,%d]", w-d, n)); - - /* do the copy */ - do { - n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e); - if (w - d >= e) /* (this test assumes unsigned comparison) */ - { - memcpy(slide + w, slide + d, e); - w += e; - d += e; - } - else /* do it slow to avoid memcpy() overlap */ - do { - slide[w++] = slide[d++]; - Tracevv((stderr, "%c", slide[w-1])); - } while (--e); - if (w == WSIZE) - { - flush_output(w); - w = 0; - } - } while (n); - } + } while (n); + } } - /* restore the globals from the locals */ wp = w; /* restore global window pointer */ bb = b; /* restore global bit buffer */ @@ -643,10 +648,8 @@ static int __init inflate_codes( return 4; /* Input underrun */ } - - -static int __init inflate_stored(void) /* "decompress" an inflated type 0 (stored) block. */ +static int __init inflate_stored(void) { unsigned n; /* number of bytes in block */ unsigned w; /* current window position */ @@ -667,28 +670,26 @@ static int __init inflate_stored(void) /* get the length and its complement */ - NEEDBITS(16) - n = ((unsigned)b & 0xffff); - DUMPBITS(16) - NEEDBITS(16) - if (n != (unsigned)((~b) & 0xffff)) - return 1; /* error in compressed data */ - DUMPBITS(16) - - - /* read and output the compressed data */ - while (n--) + NEEDBITS(16); + n = ((unsigned)b & 0xffff); + DUMPBITS(16); + NEEDBITS(16); + if (n != (unsigned)((~b) & 0xffff)) + return 1; /* error in compressed data */ + DUMPBITS(16); + + /* read and output the compressed data */ + while (n--) + { + NEEDBITS(8); + slide[w++] = (uch)b; + if (w == WSIZE) { - NEEDBITS(8) - slide[w++] = (uch)b; - if (w == WSIZE) - { - flush_output(w); - w = 0; - } - DUMPBITS(8) - } - + flush_output(w); + w = 0; + } + DUMPBITS(8); + } /* restore the globals from the locals */ wp = w; /* restore global window pointer */ @@ -706,10 +707,13 @@ static int __init inflate_stored(void) /* * We use `noinline' here to prevent gcc-3.5 from using too much stack space */ + +/* + * decompress an inflated type 1 (fixed Huffman codes) block. We should + * either replace this with a custom decoder, or at least precompute the + * Huffman tables. + */ static int noinline __init inflate_fixed(void) -/* decompress an inflated type 1 (fixed Huffman codes) block. We should - either replace this with a custom decoder, or at least precompute the - Huffman tables. */ { int i; /* temporary variable */ struct huft *tl; /* literal/length code table */ @@ -752,7 +756,6 @@ static int noinline __init inflate_fixed(void) return i; } - /* decompress until an end-of-block code */ if (inflate_codes(tl, td, bl, bd)) { free(l); @@ -766,12 +769,12 @@ static int noinline __init inflate_fixed(void) return 0; } - /* * We use `noinline' here to prevent gcc-3.5 from using too much stack space */ -static int noinline __init inflate_dynamic(void) + /* decompress an inflated type 2 (dynamic Huffman codes) block. */ +static int noinline __init inflate_dynamic(void) { int i; /* temporary variables */ unsigned j; @@ -801,32 +804,31 @@ static int noinline __init inflate_dynamic(void) b = bb; k = bk; - /* read in table lengths */ - NEEDBITS(5) - nl = 257 + ((unsigned)b & 0x1f); /* number of literal/length codes */ - DUMPBITS(5) - NEEDBITS(5) - nd = 1 + ((unsigned)b & 0x1f); /* number of distance codes */ - DUMPBITS(5) - NEEDBITS(4) - nb = 4 + ((unsigned)b & 0xf); /* number of bit length codes */ - DUMPBITS(4) - if (nl > 286 || nd > 30) - { - ret = 1; /* bad lengths */ - goto out; - } + NEEDBITS(5); + nl = 257 + ((unsigned)b & 0x1f); /* number of literal/length codes */ + DUMPBITS(5); + NEEDBITS(5); + nd = 1 + ((unsigned)b & 0x1f); /* number of distance codes */ + DUMPBITS(5); + NEEDBITS(4); + nb = 4 + ((unsigned)b & 0xf); /* number of bit length codes */ + DUMPBITS(4); + if (nl > 286 || nd > 30) + { + ret = 1; /* bad lengths */ + goto out; + } DEBG("dyn1 "); /* read in bit-length-code lengths */ for (j = 0; j < nb; j++) { - NEEDBITS(3) - ll[border[j]] = (unsigned)b & 7; - DUMPBITS(3) - } + NEEDBITS(3); + ll[border[j]] = (unsigned)b & 7; + DUMPBITS(3); + } for (; j < 19; j++) ll[border[j]] = 0; @@ -850,46 +852,46 @@ static int noinline __init inflate_dynamic(void) i = l = 0; while ((unsigned)i < n) { - NEEDBITS((unsigned)bl) - j = (td = tl + ((unsigned)b & m))->b; - DUMPBITS(j) - j = td->v.n; + NEEDBITS((unsigned)bl); + j = (td = tl + ((unsigned)b & m))->b; + DUMPBITS(j); + j = td->v.n; if (j < 16) /* length of code in bits (0..15) */ ll[i++] = l = j; /* save last length in l */ else if (j == 16) /* repeat last length 3 to 6 times */ { - NEEDBITS(2) - j = 3 + ((unsigned)b & 3); - DUMPBITS(2) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } + NEEDBITS(2); + j = 3 + ((unsigned)b & 3); + DUMPBITS(2); + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } while (j--) ll[i++] = l; } else if (j == 17) /* 3 to 10 zero length codes */ { - NEEDBITS(3) - j = 3 + ((unsigned)b & 7); - DUMPBITS(3) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } + NEEDBITS(3); + j = 3 + ((unsigned)b & 7); + DUMPBITS(3); + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } while (j--) ll[i++] = 0; l = 0; } else /* j == 18: 11 to 138 zero length codes */ { - NEEDBITS(7) - j = 11 + ((unsigned)b & 0x7f); - DUMPBITS(7) - if ((unsigned)i + j > n) { - ret = 1; - goto out; - } + NEEDBITS(7); + j = 11 + ((unsigned)b & 0x7f); + DUMPBITS(7); + if ((unsigned)i + j > n) { + ret = 1; + goto out; + } while (j--) ll[i++] = 0; l = 0; @@ -928,67 +930,64 @@ static int noinline __init inflate_dynamic(void) DEBG("dyn5d "); if (i == 1) { error("incomplete distance tree"); - huft_free(td); + huft_free(td); + } + huft_free(tl); + ret = i; /* incomplete code set */ + goto out; } - huft_free(tl); - ret = i; /* incomplete code set */ - goto out; -} -DEBG("dyn6 "); + DEBG("dyn6 "); - /* decompress until an end-of-block code */ -if (inflate_codes(tl, td, bl, bd)) { - ret = 1; - goto out; -} + /* decompress until an end-of-block code */ + if (inflate_codes(tl, td, bl, bd)) { + ret = 1; + goto out; + } -DEBG("dyn7 "); + DEBG("dyn7 "); - /* free the decoding tables, return */ -huft_free(tl); -huft_free(td); + /* free the decoding tables, return */ + huft_free(tl); + huft_free(td); -DEBG(">"); -ret = 0; -out: -free(ll); -return ret; + DEBG(">"); + ret = 0; + out: + free(ll); + return ret; -underrun: -ret = 4; /* Input underrun */ -goto out; + underrun: + ret = 4; /* Input underrun */ + goto out; } - - -static int __init inflate_block( -int *e /* last block flag */ -) -/* decompress an inflated block */ +/* + * decompress an inflated block + * + * @param e Last block flag + */ +static int __init inflate_block(int *e) { -unsigned t; /* block type */ -register ulg b; /* bit buffer */ -register unsigned k; /* number of bits in bit buffer */ - -DEBG(""); /* bad block type */ return 2; - underrun: + underrun: return 4; /* Input underrun */ } - - -static int __init inflate(void) /* decompress an inflated entry */ +static int __init inflate(void) { int e; /* last block flag */ int r; /* result code */ @@ -1024,7 +1021,6 @@ static int __init inflate(void) bk = 0; bb = 0; - /* decompress until the last block */ do { r = inflate_block(&e); @@ -1043,7 +1039,6 @@ static int __init inflate(void) /* flush out slide */ flush_output(wp); - /* return success */ return 0; } @@ -1059,12 +1054,11 @@ static ulg __initdata crc; /* initialized in makecrc() so it'll reside in bss * #define CRC_VALUE (crc ^ 0xffffffffUL) /* - * Code to compute the CRC-32 table. Borrowed from + * Code to compute the CRC-32 table. Borrowed from * gzip-1.0.3/makecrc.c. */ -static void __init -makecrc(void) +static void __init makecrc(void) { /* Not copyrighted 1990 Mark Adler */ @@ -1167,7 +1161,7 @@ static int __init gunzip(void) if ((flags & ORIG_NAME) != 0) { /* Discard the old name */ while (NEXTBYTE() != 0) /* null */ ; - } + } /* Discard file comment if any */ if ((flags & COMMENT) != 0) { @@ -1196,7 +1190,7 @@ static int __init gunzip(void) } return -1; } - + /* Get the crc and original length */ /* crc32 (see algorithm.doc) * uncompressed input size modulo 2^32 @@ -1205,12 +1199,12 @@ static int __init gunzip(void) orig_crc |= (ulg) NEXTBYTE() << 8; orig_crc |= (ulg) NEXTBYTE() << 16; orig_crc |= (ulg) NEXTBYTE() << 24; - + orig_len = (ulg) NEXTBYTE(); orig_len |= (ulg) NEXTBYTE() << 8; orig_len |= (ulg) NEXTBYTE() << 16; orig_len |= (ulg) NEXTBYTE() << 24; - + /* Validate decompression */ if (orig_crc != CRC_VALUE) { error("crc error"); @@ -1226,3 +1220,12 @@ static int __init gunzip(void) error("out of input data"); return -1; } + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:48:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:48:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713242.1114361 (Exim 4.92) (envelope-from ) id 1s0brF-0001Nz-IO; Sat, 27 Apr 2024 06:48:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713242.1114361; Sat, 27 Apr 2024 06:48:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0brF-0001Nr-Ff; Sat, 27 Apr 2024 06:48:25 +0000 Received: by outflank-mailman (input) for mailman id 713242; Sat, 27 Apr 2024 06:48:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0brE-0001Ne-E0 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0brE-0002kg-DH for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0brE-0008Va-CV for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=CVpYBw/JSWJ8jU6Xg5Ej6XRn475ghcV9CJ6qIP9dTpQ=; b=66r9LCMT9B0wTPqCVrcEcRL+Gp w7uCJxeu96T7VmCBr6QjcDBuEtTPi8WfbltxnKxgLdfL9SdNVtQYdAuAvjooPBuLepTktHVtL7C/S dZVZNY4kTkGTzOararwAKLLyztPEee5O2cqiid79SCfgs/l1WsLXtmR/MsJ1hV9oVVuU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] x86/entry: shrink insn size for some of our EFLAGS manipulation Message-Id: Date: Sat, 27 Apr 2024 06:48:24 +0000 commit a505890d81efe78659bb3d9d17c141003ff46dc4 Author: Jan Beulich AuthorDate: Fri Apr 26 12:43:01 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 26 12:43:01 2024 +0200 x86/entry: shrink insn size for some of our EFLAGS manipulation Much like was recently done for setting entry vector, and along the lines of what we already had in handle_exception_saved, avoid 32-bit immediates where 8-bit ones do. Reduces .text.entry size by 16 bytes in my non-CET reference build, while in my CET reference build section size doesn't change (there and in .text only padding space increases). Inspired by other long->byte conversion work. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- xen/arch/x86/x86_64/entry.S | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index a4615e1ccb..df015589ce 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -226,7 +226,7 @@ LABEL_LOCAL(.Lrestore_rcx_iret_exit_to_guest) /* No special register assumptions. */ iret_exit_to_guest: andl $~(X86_EFLAGS_IOPL | X86_EFLAGS_VM), EFRAME_eflags(%rsp) - orl $X86_EFLAGS_IF, EFRAME_eflags(%rsp) + orb $X86_EFLAGS_IF >> 8, EFRAME_eflags + 1(%rsp) SPEC_CTRL_COND_VERW /* Req: %rsp=eframe Clob: efl */ @@ -355,7 +355,7 @@ LABEL(sysenter_eflags_saved, 0) /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */ /* PUSHF above has saved EFLAGS.IF clear (the caller had it set). */ - orl $X86_EFLAGS_IF, UREGS_eflags(%rsp) + orb $X86_EFLAGS_IF >> 8, UREGS_eflags + 1(%rsp) mov STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rcx test %rcx, %rcx jz .Lsyse_cr3_okay @@ -370,11 +370,11 @@ LABEL(sysenter_eflags_saved, 0) cmpb $0,VCPU_sysenter_disables_events(%rbx) movq VCPU_sysenter_addr(%rbx),%rax setne %cl - testl $X86_EFLAGS_NT,UREGS_eflags(%rsp) + testb $X86_EFLAGS_NT >> 8, UREGS_eflags + 1(%rsp) leaq VCPU_trap_bounce(%rbx),%rdx UNLIKELY_START(nz, sysenter_nt_set) pushfq - andl $~X86_EFLAGS_NT,(%rsp) + andb $~(X86_EFLAGS_NT >> 8), 1(%rsp) popfq UNLIKELY_END(sysenter_nt_set) testq %rax,%rax -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:48:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:48:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713243.1114365 (Exim 4.92) (envelope-from ) id 1s0brP-0001R0-Jy; Sat, 27 Apr 2024 06:48:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713243.1114365; Sat, 27 Apr 2024 06:48:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0brP-0001Qs-HC; Sat, 27 Apr 2024 06:48:35 +0000 Received: by outflank-mailman (input) for mailman id 713243; Sat, 27 Apr 2024 06:48:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0brO-0001Qi-Gt for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0brO-0002lB-G8 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0brO-0008W3-FT for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OT/xFF8xBocEvBGNGwIxBvLaA4imnV+w+CJtjPUUa0M=; b=HgvapvtsYq13iZ4L+ygeZw1DOo zdc3eg3I5I+22W2Bas0FOyimOgNiIlDXrh+jRPNlJCtdKtvatxBYZ3wJOGoYDwVgaDXBHaIQl9fch GBXxiHVz3mFHuznr0rQslmEA1/IOGndKAoiJ/lpZVagtcVcT2dcWuevEMEtvP0OxU4xo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen/spinlock: use correct pointer Message-Id: Date: Sat, 27 Apr 2024 06:48:34 +0000 commit 13893a58e28d0fee355ec299216568e4ab1c2c23 Author: Stewart Hildebrand AuthorDate: Fri Apr 26 12:43:24 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 26 12:43:24 2024 +0200 xen/spinlock: use correct pointer The ->profile member is at different offsets in struct rspinlock and struct spinlock. When initializing the profiling bits of an rspinlock, an unrelated member in struct rspinlock was being overwritten, leading to mild havoc. Use the correct pointer. Fixes: b053075d1a7b ("xen/spinlock: make struct lock_profile rspinlock_t aware") Signed-off-by: Stewart Hildebrand Reviewed-by: Jan Beulich --- xen/common/spinlock.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c index 558ea7ac35..28c6e9d3ac 100644 --- a/xen/common/spinlock.c +++ b/xen/common/spinlock.c @@ -789,7 +789,11 @@ static int __init cf_check lock_prof_init(void) { (*q)->next = lock_profile_glb_q.elem_q; lock_profile_glb_q.elem_q = *q; - (*q)->ptr.lock->profile = *q; + + if ( (*q)->is_rlock ) + (*q)->ptr.rlock->profile = *q; + else + (*q)->ptr.lock->profile = *q; } _lock_profile_register_struct(LOCKPROF_TYPE_GLOBAL, -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Sat Apr 27 06:48:45 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Sat, 27 Apr 2024 06:48:45 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713244.1114368 (Exim 4.92) (envelope-from ) id 1s0brZ-0001Tn-Ld; Sat, 27 Apr 2024 06:48:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713244.1114368; Sat, 27 Apr 2024 06:48:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0brZ-0001Tf-J0; Sat, 27 Apr 2024 06:48:45 +0000 Received: by outflank-mailman (input) for mailman id 713244; Sat, 27 Apr 2024 06:48:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0brY-0001TX-K5 for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s0brY-0002lP-JL for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s0brY-00005G-IX for xen-changelog@lists.xenproject.org; Sat, 27 Apr 2024 06:48:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=2CBhUEYkPZs5uzlnQxbneGOGL6qAptlbMe0wkhbgm+o=; b=bOnO/xgZoKimqHFq6IfO8bYZtU r9rISHBHPy7T/H5sjd265AC2oUYV10JznbPQIT3Efgbl7n5vyKR9AERl+/POq/z7/DjSMeRzai6br yTsya4+UFAArW5zDEZToeTwIYS6CM5bgzug1DyNwIpGd9rlo6x2+6eAvs05fOVJ2fY4M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen master] xen-livepatch: fix --force option comparison Message-Id: Date: Sat, 27 Apr 2024 06:48:44 +0000 commit be5b08dd6ea6ef0f01caf537bdae125fa66a2230 Author: Roger Pau Monné AuthorDate: Fri Apr 26 12:43:44 2024 +0200 Commit: Jan Beulich CommitDate: Fri Apr 26 12:43:44 2024 +0200 xen-livepatch: fix --force option comparison The check for --force option shouldn't be against 0. Reported-by: Jan Beulich Fixes: 62a72092a517 ('livepatch: introduce --force option') Signed-off-by: Roger Pau Monné Acked-by: Anthony PERARD Reviewed-by: Ross Lagerwall --- tools/misc/xen-livepatch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/misc/xen-livepatch.c b/tools/misc/xen-livepatch.c index c16fb6862d..f406ea1373 100644 --- a/tools/misc/xen-livepatch.c +++ b/tools/misc/xen-livepatch.c @@ -576,7 +576,7 @@ int main(int argc, char *argv[]) return 0; } - if ( strcmp("--force", argv[1]) ) + if ( !strcmp("--force", argv[1]) ) { if ( argc <= 2 ) { -- generated by git-patchbot for /home/xen/git/xen.git#master From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 07:44:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 07:44:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713895.1114779 (Exim 4.92) (envelope-from ) id 1s1LgD-0001S8-Nh; Mon, 29 Apr 2024 07:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713895.1114779; Mon, 29 Apr 2024 07:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LgD-0001S0-Ku; Mon, 29 Apr 2024 07:44:05 +0000 Received: by outflank-mailman (input) for mailman id 713895; Mon, 29 Apr 2024 07:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LgC-0001Ru-Ct for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LgC-00043S-B5 for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:04 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1LgC-0000id-A1 for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:04 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=vhoK5MvleTasOHvYhWQRhOjQLrmfi1D6vQq1Dq9hluk=; b=NpqbPq6VwvzrXuG5a90OMeuXgz d3heLT+k2hwNS2kZlZZpYoXGPwdVOkjzIS9n2mmHUWPc83DuY1lybmw0vG49AAcx8pEUhovv3SZNB Mqnb/AmJbf0IsV2rZeNrggbvRzOCB4uN9OsR2cSQQZkmMtaHyxYa7G9kEu9eP9SubjDc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] altcall: fix __alt_call_maybe_initdata so it's safe for livepatch Message-Id: Date: Mon, 29 Apr 2024 07:44:04 +0000 commit 8bdcb0b98b53140102031ceca0611f22190227fd Author: Roger Pau Monné AuthorDate: Mon Apr 29 09:35:21 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:35:21 2024 +0200 altcall: fix __alt_call_maybe_initdata so it's safe for livepatch Setting alternative call variables as __init is not safe for use with livepatch, as livepatches can rightfully introduce new alternative calls to structures marked as __alt_call_maybe_initdata (possibly just indirectly due to replacing existing functions that use those). Attempting to resolve those alternative calls then results in page faults as the variable that holds the function pointer address has been freed. When livepatch is supported use the __ro_after_init attribute instead of __initdata for __alt_call_maybe_initdata. Fixes: f26bb285949b ('xen: Implement xen/alternative-call.h for use in common code') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper master commit: af4cd0a6a61cdb03bc1afca9478b05b0c9703599 master date: 2024-04-11 18:51:36 +0100 --- xen/include/xen/alternative-call.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/xen/include/xen/alternative-call.h b/xen/include/xen/alternative-call.h index 5c6b9a562b..10f7d7637e 100644 --- a/xen/include/xen/alternative-call.h +++ b/xen/include/xen/alternative-call.h @@ -50,7 +50,12 @@ #include -#define __alt_call_maybe_initdata __initdata +#ifdef CONFIG_LIVEPATCH +/* Must keep for livepatches to resolve alternative calls. */ +# define __alt_call_maybe_initdata __ro_after_init +#else +# define __alt_call_maybe_initdata __initdata +#endif #else -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 07:44:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 07:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713896.1114783 (Exim 4.92) (envelope-from ) id 1s1LgN-0001W0-P4; Mon, 29 Apr 2024 07:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713896.1114783; Mon, 29 Apr 2024 07:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LgN-0001Vs-MN; Mon, 29 Apr 2024 07:44:15 +0000 Received: by outflank-mailman (input) for mailman id 713896; Mon, 29 Apr 2024 07:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LgM-0001Vg-Hk for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LgM-00044A-G4 for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1LgM-0000j4-D8 for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XmuzVMv4tZu+lO6Z+92blPBA5bZF0kzG73b9O7FRfKs=; b=lBIgfn0chu8QkjUtYTLS0dCXge h7rasmO+9O0WlyCjzRtpC+CzVf5QEmLPqh/Hq9vvOJk8SCsKdgLA6ExbbEXOnGN9wwGKuYmXh7lBJ urImUkkGNdLMfC9w7e+UKSBVt5WbLdm0hki8captYu7BlsgTDG60qGz6NnBRqHEJE4QY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/rtc: Avoid UIP flag being set for longer than expected Message-Id: Date: Mon, 29 Apr 2024 07:44:14 +0000 commit af0e9ba44a58c87d6d135d8ffbf468b4ceac0a41 Author: Ross Lagerwall AuthorDate: Mon Apr 29 09:36:04 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:36:04 2024 +0200 x86/rtc: Avoid UIP flag being set for longer than expected In a test, OVMF reported an error initializing the RTC without indicating the precise nature of the error. The only plausible explanation I can find is as follows: As part of the initialization, OVMF reads register C and then reads register A repatedly until the UIP flag is not set. If this takes longer than 100 ms, OVMF fails and reports an error. This may happen with the following sequence of events: At guest time=0s, rtc_init() calls check_update_timer() which schedules update_timer for t=(1 - 244us). At t=1s, the update_timer function happens to have been called >= 244us late. In the timer callback, it sets the UIP flag and schedules update_timer2 for t=1s. Before update_timer2 runs, the guest reads register C which calls check_update_timer(). check_update_timer() stops the scheduled update_timer2 and since the guest time is now outside of the update cycle, it schedules update_timer for t=(2 - 244us). The UIP flag will therefore be set for a whole second from t=1 to t=2 while the guest repeatedly reads register A waiting for the UIP flag to clear. Fix it by clearing the UIP flag when scheduling update_timer. I was able to reproduce this issue with a synthetic test and this resolves the issue. Signed-off-by: Ross Lagerwall Reviewed-by: Jan Beulich master commit: 43a07069863b419433dee12c9b58c1f7ce70aa97 master date: 2024-04-23 14:09:18 +0200 --- xen/arch/x86/hvm/rtc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index 206b4296e9..4839374352 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -202,6 +202,7 @@ static void check_update_timer(RTCState *s) } else { + s->hw.cmos_data[RTC_REG_A] &= ~RTC_UIP; next_update_time = (USEC_PER_SEC - guest_usec - 244) * NS_PER_USEC; expire_time = NOW() + next_update_time; s->next_update_time = expire_time; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 07:44:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 07:44:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713897.1114788 (Exim 4.92) (envelope-from ) id 1s1LgY-0001cO-Qq; Mon, 29 Apr 2024 07:44:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713897.1114788; Mon, 29 Apr 2024 07:44:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LgY-0001cG-Nl; Mon, 29 Apr 2024 07:44:26 +0000 Received: by outflank-mailman (input) for mailman id 713897; Mon, 29 Apr 2024 07:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LgW-0001bu-Lj for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LgW-00044l-JA for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1LgW-0000jX-IF for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=31FgO842gwZtDKBfkBfB7mb+9Hl8KCB8+Q4ZJ1l1dNI=; b=ncNx3gXL1kYTGx1reXgLr/yEAD k9/iJo2HVlarnqW7tCM4iD2EOWuARS8QQ7vKb5VrXfuulg52MNAq9z8v7e0fOpxS1NjshAblY3u1g IOn8qWcy7w5vZGNdUBf4R6+YA6WC/1wuPqA6il4KUUDlHzlimgdqpTQ+0KbckRK6Ee/o=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/MTRR: correct inadvertently inverted WC check Message-Id: Date: Mon, 29 Apr 2024 07:44:24 +0000 commit eb7059767c82d833ebecdf8106e96482b04f3c40 Author: Jan Beulich AuthorDate: Mon Apr 29 09:36:37 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:36:37 2024 +0200 x86/MTRR: correct inadvertently inverted WC check The ! clearly got lost by mistake. Fixes: e9e0eb30d4d6 ("x86/MTRR: avoid several indirect calls") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné master commit: 77e25f0e30ddd11e043e6fce84bf108ce7de5b6f master date: 2024-04-23 14:13:48 +0200 --- xen/arch/x86/cpu/mtrr/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index 55a4da54a7..90b235f57e 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -316,7 +316,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, } /* If the type is WC, check that this processor supports it */ - if ((type == X86_MT_WC) && mtrr_have_wrcomb()) { + if ((type == X86_MT_WC) && !mtrr_have_wrcomb()) { printk(KERN_WARNING "mtrr: your processor doesn't support write-combining\n"); return -EOPNOTSUPP; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 07:44:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 07:44:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713898.1114791 (Exim 4.92) (envelope-from ) id 1s1Lgi-0001jB-SG; Mon, 29 Apr 2024 07:44:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713898.1114791; Mon, 29 Apr 2024 07:44:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1Lgi-0001j3-P6; Mon, 29 Apr 2024 07:44:36 +0000 Received: by outflank-mailman (input) for mailman id 713898; Mon, 29 Apr 2024 07:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1Lgg-0001iR-Oo for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1Lgg-00045E-NG for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1Lgg-0000jy-LU for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=jwJh147qn27tWyqAZKplSMv74uSafRFUJQNcPuYbseE=; b=4ISLpoo46IduBb8uMD52EvOE/Z 33MBFHRgaFCHWA4fpRBh4isuFS2vpRPu4qojqZAMDewksVzNj48RAXsPOhg/R6w+6jC/X9qaia4w0 jitbYqomw17C4P7JcV9c4iBWJLMEc4DThysfDPWSvx3b+UQuMpKVeI6fpPULQsgNUIDs=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec: fix reporting of BHB clearing usage from guest entry points Message-Id: Date: Mon, 29 Apr 2024 07:44:34 +0000 commit 0b0c7dca70d64c35c86e5d503f67366ebe2b9138 Author: Roger Pau Monné AuthorDate: Mon Apr 29 09:37:04 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:37:04 2024 +0200 x86/spec: fix reporting of BHB clearing usage from guest entry points Reporting whether the BHB clearing on entry is done for the different domains types based on cpu_has_bhb_seq is unhelpful, as that variable signals whether there's a BHB clearing sequence selected, but that alone doesn't imply that such sequence is used from the PV and/or HVM entry points. Instead use opt_bhb_entry_{pv,hvm} which do signal whether BHB clearing is performed on entry from PV/HVM. Fixes: 689ad48ce9cf ('x86/spec-ctrl: Wire up the Native-BHI software sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 049ab0b2c9f1f5edb54b505fef0bc575787dafe9 master date: 2024-04-25 16:35:56 +0200 --- xen/arch/x86/spec_ctrl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ba4349a024..8c67d6256a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -634,7 +634,7 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - cpu_has_bhb_seq || amd_virt_spec_ctrl || + opt_bhb_entry_hvm || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -643,7 +643,7 @@ static void __init print_details(enum ind_thunk thunk) opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_hvm ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV @@ -651,14 +651,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - cpu_has_bhb_seq || + opt_bhb_entry_pv || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_pv ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 07:44:47 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 07:44:47 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713900.1114795 (Exim 4.92) (envelope-from ) id 1s1Lgs-0001pz-TF; Mon, 29 Apr 2024 07:44:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713900.1114795; Mon, 29 Apr 2024 07:44:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1Lgs-0001pr-QW; Mon, 29 Apr 2024 07:44:46 +0000 Received: by outflank-mailman (input) for mailman id 713900; Mon, 29 Apr 2024 07:44:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1Lgq-0001pc-RJ for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1Lgq-00045g-QU for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1Lgq-0000kQ-PW for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=0K25wV2S4XDjshlhy0UWG59GZQ5HXspla4u7PsU9HIY=; b=KbQNwolmOJ2m73+IIOiEeHBbcw 503+QXEiKrQJSFsygB9jgD40uGpX78zeYj2EcwpBZtg8DO+0ULWKDOF+nx16NgRkTVP6yndisVpnR /kZhIHn0wRHmGnZfXvTsf7fDJKSS+4jeIU5NnhPKvqyccca8mt3XMoXYnSDgn1EQQcHg=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.18] x86/spec: adjust logic that elides lfence Message-Id: Date: Mon, 29 Apr 2024 07:44:44 +0000 commit f0ff1d9cb96041a84a24857a6464628240deed4f Author: Roger Pau Monné AuthorDate: Mon Apr 29 09:37:29 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:37:29 2024 +0200 x86/spec: adjust logic that elides lfence It's currently too restrictive by just checking whether there's a BHB clearing sequence selected. It should instead check whether BHB clearing is used on entry from PV or HVM specifically. Switch to use opt_bhb_entry_{pv,hvm} instead, and then remove cpu_has_bhb_seq since it no longer has any users. Reported-by: Jan Beulich Fixes: 954c983abcee ('x86/spec-ctrl: Software BHB-clearing sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 656ae8f1091bcefec9c46ec3ea3ac2118742d4f6 master date: 2024-04-25 16:37:01 +0200 --- xen/arch/x86/include/asm/cpufeature.h | 3 --- xen/arch/x86/spec_ctrl.c | 6 +++--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 7a312c485e..3c57f55de0 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -228,9 +228,6 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) -#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ - boot_cpu_has(X86_SPEC_BHB_LOOPS)) - enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 8c67d6256a..12c19b7eca 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2328,7 +2328,7 @@ void __init init_speculation_mitigations(void) * unconditional WRMSR. If we do have it, or we're not using any * prior conditional block, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); @@ -2344,7 +2344,7 @@ void __init init_speculation_mitigations(void) * active in the block that is skipped when interrupting guest * context, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) @@ -2356,7 +2356,7 @@ void __init init_speculation_mitigations(void) * A BHB sequence, if used, is the only conditional action, so if we * don't have it, we don't need the safety LFENCE. */ - if ( !cpu_has_bhb_seq ) + if ( !opt_bhb_entry_hvm ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.18 From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 07:44:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 07:44:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713901.1114799 (Exim 4.92) (envelope-from ) id 1s1Lh2-0001uA-Ul; Mon, 29 Apr 2024 07:44:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713901.1114799; Mon, 29 Apr 2024 07:44:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1Lh2-0001u0-Ru; Mon, 29 Apr 2024 07:44:56 +0000 Received: by outflank-mailman (input) for mailman id 713901; Mon, 29 Apr 2024 07:44:55 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1Lh1-0001to-7b for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:55 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1Lh1-000469-6m for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:55 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1Lh1-0000lf-5i for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:44:55 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=rGVxWr1573+11+hj/ief6KxJ8RO6i01Rc6iFTuxZF5Q=; b=yaAjGP5rxMkNdhRvZFTdvubrvb lVDjNx6kmtgU8R1rFuKaMp7rpNZXLtI6R/YkaQPQxa8LCoXkvJEnZUDt8vG/dDzt/U92uJqPBZdsV XE+gIde05kWdTyxfq1i59EWxbdaWtVp0c0+fPEhmOeDekR9a5+3JS5zZ5RR6IM5APdkU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/MTRR: correct inadvertently inverted WC check Message-Id: Date: Mon, 29 Apr 2024 07:44:55 +0000 commit cb28fa605289968ecd7654718a8d5c2886a6a639 Author: Jan Beulich AuthorDate: Mon Apr 29 09:38:47 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:38:47 2024 +0200 x86/MTRR: correct inadvertently inverted WC check The ! clearly got lost by mistake. Fixes: e9e0eb30d4d6 ("x86/MTRR: avoid several indirect calls") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné master commit: 77e25f0e30ddd11e043e6fce84bf108ce7de5b6f master date: 2024-04-23 14:13:48 +0200 --- xen/arch/x86/cpu/mtrr/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index dee59ea168..990f12286a 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -316,7 +316,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, } /* If the type is WC, check that this processor supports it */ - if ((type == MTRR_TYPE_WRCOMB) && mtrr_have_wrcomb()) { + if ((type == MTRR_TYPE_WRCOMB) && !mtrr_have_wrcomb()) { printk(KERN_WARNING "mtrr: your processor doesn't support write-combining\n"); return -EOPNOTSUPP; -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 07:45:06 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 07:45:06 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713902.1114803 (Exim 4.92) (envelope-from ) id 1s1LhC-00020c-06; Mon, 29 Apr 2024 07:45:06 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713902.1114803; Mon, 29 Apr 2024 07:45:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LhB-000204-TW; Mon, 29 Apr 2024 07:45:05 +0000 Received: by outflank-mailman (input) for mailman id 713902; Mon, 29 Apr 2024 07:45:05 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LhB-0001zB-AJ for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:45:05 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LhB-000471-9Z for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:45:05 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1LhB-0000mu-8r for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:45:05 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=uJJhvdlRX9z4a3Y55Jl+bQdiIZbZajuoeyEx6OOV5nc=; b=OWbZwDojEIYhmB/C9yVk+gjZh+ xc5Z/CMiZA1sZ5FO6gZevUfPYKzy+X5UkWJCKxA5rLrZvqPuaMS4Vp3YzUY1lqyM9Jf9fswRuLbeT zCC1CWPrnY/N2kXZ32O3Dxpq8uvzlGLHlUPcUgwI3TOZjaxcZIyaIMofdlile77Kvoy0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec: fix reporting of BHB clearing usage from guest entry points Message-Id: Date: Mon, 29 Apr 2024 07:45:05 +0000 commit a2d9cdbb2dc6a2252e9492580ec80dda3c60ef4f Author: Roger Pau Monné AuthorDate: Mon Apr 29 09:39:28 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:39:28 2024 +0200 x86/spec: fix reporting of BHB clearing usage from guest entry points Reporting whether the BHB clearing on entry is done for the different domains types based on cpu_has_bhb_seq is unhelpful, as that variable signals whether there's a BHB clearing sequence selected, but that alone doesn't imply that such sequence is used from the PV and/or HVM entry points. Instead use opt_bhb_entry_{pv,hvm} which do signal whether BHB clearing is performed on entry from PV/HVM. Fixes: 689ad48ce9cf ('x86/spec-ctrl: Wire up the Native-BHI software sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 049ab0b2c9f1f5edb54b505fef0bc575787dafe9 master date: 2024-04-25 16:35:56 +0200 --- xen/arch/x86/spec_ctrl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 7697f9ad3f..d83955718a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -646,7 +646,7 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - cpu_has_bhb_seq || amd_virt_spec_ctrl || + opt_bhb_entry_hvm || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -655,7 +655,7 @@ static void __init print_details(enum ind_thunk thunk) opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_hvm ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV @@ -663,14 +663,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - cpu_has_bhb_seq || + opt_bhb_entry_pv || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_pv ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 07:45:16 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 07:45:16 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713903.1114807 (Exim 4.92) (envelope-from ) id 1s1LhM-000277-3P; Mon, 29 Apr 2024 07:45:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713903.1114807; Mon, 29 Apr 2024 07:45:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LhM-00026z-0c; Mon, 29 Apr 2024 07:45:16 +0000 Received: by outflank-mailman (input) for mailman id 713903; Mon, 29 Apr 2024 07:45:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LhL-00026t-E8 for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:45:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1LhL-00047n-DO for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:45:15 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1LhL-0000nb-Bn for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 07:45:15 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=zEokMv9CTtCQ1VF9n0SibVu6GEz8YKROZ/pTWuikg60=; b=ve/+pcjYzqAY1rVk+KoyU03/7c RcrmvD+OTHqRL2WMjj2aFWH+WrpoGqlye5ybIB+VqWEcNKLzM/LoRTbPhkg5bE3fdvS/qn+ZZmQby VaMOGyKHFzald4uqvs2rskEFvs6tgm3UTsiewDrGpt/e8W9I2mNUSCEV+wXjWAQvfX3k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.17] x86/spec: adjust logic that elides lfence Message-Id: Date: Mon, 29 Apr 2024 07:45:15 +0000 commit effcf70f020ff12d34c80e2abde0ecb00ce92bda Author: Roger Pau Monné AuthorDate: Mon Apr 29 09:39:53 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:39:53 2024 +0200 x86/spec: adjust logic that elides lfence It's currently too restrictive by just checking whether there's a BHB clearing sequence selected. It should instead check whether BHB clearing is used on entry from PV or HVM specifically. Switch to use opt_bhb_entry_{pv,hvm} instead, and then remove cpu_has_bhb_seq since it no longer has any users. Reported-by: Jan Beulich Fixes: 954c983abcee ('x86/spec-ctrl: Software BHB-clearing sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 656ae8f1091bcefec9c46ec3ea3ac2118742d4f6 master date: 2024-04-25 16:37:01 +0200 --- xen/arch/x86/include/asm/cpufeature.h | 3 --- xen/arch/x86/spec_ctrl.c | 6 +++--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index b24d535080..a6b8af1296 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -181,9 +181,6 @@ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) -#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ - boot_cpu_has(X86_SPEC_BHB_LOOPS)) - enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index d83955718a..b1e47a849e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2340,7 +2340,7 @@ void __init init_speculation_mitigations(void) * unconditional WRMSR. If we do have it, or we're not using any * prior conditional block, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); @@ -2356,7 +2356,7 @@ void __init init_speculation_mitigations(void) * active in the block that is skipped when interrupting guest * context, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) @@ -2368,7 +2368,7 @@ void __init init_speculation_mitigations(void) * A BHB sequence, if used, is the only conditional action, so if we * don't have it, we don't need the safety LFENCE. */ - if ( !cpu_has_bhb_seq ) + if ( !opt_bhb_entry_hvm ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.17 From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 08:33:08 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 08:33:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713916.1114821 (Exim 4.92) (envelope-from ) id 1s1MRd-00019Y-2j; Mon, 29 Apr 2024 08:33:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713916.1114821; Mon, 29 Apr 2024 08:33:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MRc-00019Q-W4; Mon, 29 Apr 2024 08:33:04 +0000 Received: by outflank-mailman (input) for mailman id 713916; Mon, 29 Apr 2024 08:33:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MRc-00019K-1o for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:04 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MRb-00071R-VF for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1MRb-0003Yd-UE for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=4EJ6d55PQSWTS/krSksOHo3IehUG1smpdad+WWixrMM=; b=JNFei6k2kWcdQQAo670aRKm2O1 sw6P9wpwg/8MNm8tB3dPdp62uK7JF5x/RQ+SLBo3yKsmYV+JGLx/huQnABgT3g3N1+hgZWLPR6R5F m1hT/KmaLj++CvtsLULuqKbw9b7f+IcHs3b5QNt7Yt9igkRz+/NcfVSojUq7eutf2q7M=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec: fix reporting of BHB clearing usage from guest entry points Message-Id: Date: Mon, 29 Apr 2024 08:33:03 +0000 commit fe17bbe832598829ebb03306d8e95d71875f3245 Author: Roger Pau Monné AuthorDate: Mon Apr 29 10:19:03 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 10:19:03 2024 +0200 x86/spec: fix reporting of BHB clearing usage from guest entry points Reporting whether the BHB clearing on entry is done for the different domains types based on cpu_has_bhb_seq is unhelpful, as that variable signals whether there's a BHB clearing sequence selected, but that alone doesn't imply that such sequence is used from the PV and/or HVM entry points. Instead use opt_bhb_entry_{pv,hvm} which do signal whether BHB clearing is performed on entry from PV/HVM. Fixes: 689ad48ce9cf ('x86/spec-ctrl: Wire up the Native-BHI software sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 049ab0b2c9f1f5edb54b505fef0bc575787dafe9 master date: 2024-04-25 16:35:56 +0200 --- xen/arch/x86/spec_ctrl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 34e174754b..f8b26e3886 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -617,14 +617,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - cpu_has_bhb_seq || + opt_bhb_entry_hvm || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_hvm ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV @@ -632,14 +632,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - cpu_has_bhb_seq || + opt_bhb_entry_pv || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_pv ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 08:33:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 08:33:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713917.1114825 (Exim 4.92) (envelope-from ) id 1s1MRn-0001Bd-3m; Mon, 29 Apr 2024 08:33:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713917.1114825; Mon, 29 Apr 2024 08:33:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MRn-0001BW-1G; Mon, 29 Apr 2024 08:33:15 +0000 Received: by outflank-mailman (input) for mailman id 713917; Mon, 29 Apr 2024 08:33:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MRm-0001BO-2k for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MRm-00072A-1z for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1MRm-0003ZP-18 for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:14 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=OkOhIM6aL7kVLzxPhUu3kJBAAwDbFt5smCuAwv3ps/c=; b=zh/RqoFUQ/c+olXMPTRF7uKRxa OhL8M7PshwMfDQDXlDy4AzMr+jn0JFJTMmAksq6csmkhC8hpjM2ORhJCpKpfYQrBw4ADwQT527W0L deFn0RU8Qlfq4cc26rSXSRy2enmw4N/sT+N/MJOjlpigs4TCyM3vvWeYIL5a3SCegJwk=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.16] x86/spec: adjust logic that elides lfence Message-Id: Date: Mon, 29 Apr 2024 08:33:14 +0000 commit d0e8f8ffbb19b5df5f767328baeb54c069b08e6a Author: Roger Pau Monné AuthorDate: Mon Apr 29 10:20:07 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 10:20:07 2024 +0200 x86/spec: adjust logic that elides lfence It's currently too restrictive by just checking whether there's a BHB clearing sequence selected. It should instead check whether BHB clearing is used on entry from PV or HVM specifically. Switch to use opt_bhb_entry_{pv,hvm} instead, and then remove cpu_has_bhb_seq since it no longer has any users. Reported-by: Jan Beulich Fixes: 954c983abcee ('x86/spec-ctrl: Software BHB-clearing sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 656ae8f1091bcefec9c46ec3ea3ac2118742d4f6 master date: 2024-04-25 16:37:01 +0200 --- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/include/asm-x86/cpufeature.h | 3 --- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f8b26e3886..e41135f3be 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2300,7 +2300,7 @@ void __init init_speculation_mitigations(void) * unconditional WRMSR. If we do have it, or we're not using any * prior conditional block, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); @@ -2316,7 +2316,7 @@ void __init init_speculation_mitigations(void) * active in the block that is skipped when interrupting guest * context, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) @@ -2328,7 +2328,7 @@ void __init init_speculation_mitigations(void) * A BHB sequence, if used, is the only conditional action, so if we * don't have it, we don't need the safety LFENCE. */ - if ( !cpu_has_bhb_seq ) + if ( !opt_bhb_entry_hvm ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 3935c0ad4a..1869732bcb 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -177,9 +177,6 @@ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) -#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ - boot_cpu_has(X86_SPEC_BHB_LOOPS)) - enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16 From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 08:33:26 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 08:33:26 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713918.1114828 (Exim 4.92) (envelope-from ) id 1s1MRy-0001EH-5N; Mon, 29 Apr 2024 08:33:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713918.1114828; Mon, 29 Apr 2024 08:33:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MRy-0001E9-2g; Mon, 29 Apr 2024 08:33:26 +0000 Received: by outflank-mailman (input) for mailman id 713918; Mon, 29 Apr 2024 08:33:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MRw-0001Dx-Fb for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MRw-00072d-EH for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1MRw-0003aa-DC for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=9rGS2IBhiTO7lEnTKV9BDNOMlKpOea4xQGEMgVaWzJQ=; b=SmmMAA16yu3getK5wZlLxEk5+H KdXccTfOj9yedldYT/nP55d6dKUnofIHYutf/z8rlkwo9cui+Y4JJKd/RTKwp4ztvSpuliaJxGLjp gGvse1uLohWPSdZ+wPDcC51SqqRTu3tW5IjdyGfNTq7I2XAUI6mx23TvS5Ko9B9Oc4qQ=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec: fix reporting of BHB clearing usage from guest entry points Message-Id: Date: Mon, 29 Apr 2024 08:33:24 +0000 commit 7f73536e2644722ec87dc491511cc0f9f762d1eb Author: Roger Pau Monné AuthorDate: Mon Apr 29 10:20:58 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 10:20:58 2024 +0200 x86/spec: fix reporting of BHB clearing usage from guest entry points Reporting whether the BHB clearing on entry is done for the different domains types based on cpu_has_bhb_seq is unhelpful, as that variable signals whether there's a BHB clearing sequence selected, but that alone doesn't imply that such sequence is used from the PV and/or HVM entry points. Instead use opt_bhb_entry_{pv,hvm} which do signal whether BHB clearing is performed on entry from PV/HVM. Fixes: 689ad48ce9cf ('x86/spec-ctrl: Wire up the Native-BHI software sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 049ab0b2c9f1f5edb54b505fef0bc575787dafe9 master date: 2024-04-25 16:35:56 +0200 --- xen/arch/x86/spec_ctrl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 6ce2815746..d6f8b31394 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -617,14 +617,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - cpu_has_bhb_seq || + opt_bhb_entry_hvm || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_hvm ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV @@ -632,14 +632,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - cpu_has_bhb_seq || + opt_bhb_entry_pv || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_pv ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Mon Apr 29 08:33:36 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 29 Apr 2024 08:33:36 +0000 Received: from list by lists.xenproject.org with outflank-mailman.713919.1114832 (Exim 4.92) (envelope-from ) id 1s1MS8-0001IY-6j; Mon, 29 Apr 2024 08:33:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 713919.1114832; Mon, 29 Apr 2024 08:33:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MS8-0001IQ-45; Mon, 29 Apr 2024 08:33:36 +0000 Received: by outflank-mailman (input) for mailman id 713919; Mon, 29 Apr 2024 08:33:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MS6-0001IG-J9 for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1MS6-000737-IJ for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1MS6-0003bc-GT for xen-changelog@lists.xenproject.org; Mon, 29 Apr 2024 08:33:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Fp5Z4PW5TV10bBhmW038nap2k/tcKkeaRZjzB1RPVAg=; b=xiC1dpLksPWP/5J5Lx6mahqDfU ynYazhocv2IPxbFqNggpBJArs3PI1nVjB0b3lJhCGeamHmPzu5Myu9DJ5zhDVMN/WIDDZPbCf2Gu0 ePlew263E2g6iQegqMiCFSJ/N17mHLUo/qlzCU4I3/KBAhYHaFqaq0PXxoFXaafl8DWU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging-4.15] x86/spec: adjust logic that elides lfence Message-Id: Date: Mon, 29 Apr 2024 08:33:34 +0000 commit 056500003eb44314cb90f2e3e7b2d405e86b5657 Author: Roger Pau Monné AuthorDate: Mon Apr 29 10:23:03 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 10:23:03 2024 +0200 x86/spec: adjust logic that elides lfence It's currently too restrictive by just checking whether there's a BHB clearing sequence selected. It should instead check whether BHB clearing is used on entry from PV or HVM specifically. Switch to use opt_bhb_entry_{pv,hvm} instead, and then remove cpu_has_bhb_seq since it no longer has any users. Reported-by: Jan Beulich Fixes: 954c983abcee ('x86/spec-ctrl: Software BHB-clearing sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 656ae8f1091bcefec9c46ec3ea3ac2118742d4f6 master date: 2024-04-25 16:37:01 +0200 --- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/include/asm-x86/cpufeature.h | 3 --- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index d6f8b31394..bdafbbb0f2 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2227,7 +2227,7 @@ void __init init_speculation_mitigations(void) * unconditional WRMSR. If we do have it, or we're not using any * prior conditional block, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); @@ -2243,7 +2243,7 @@ void __init init_speculation_mitigations(void) * active in the block that is skipped when interrupting guest * context, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) @@ -2255,7 +2255,7 @@ void __init init_speculation_mitigations(void) * A BHB sequence, if used, is the only conditional action, so if we * don't have it, we don't need the safety LFENCE. */ - if ( !cpu_has_bhb_seq ) + if ( !opt_bhb_entry_hvm ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index fd43408d35..892af11384 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -178,9 +178,6 @@ /* Bugs. */ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) -#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ - boot_cpu_has(X86_SPEC_BHB_LOOPS)) - enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15 From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 00:22:07 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 00:22:07 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714424.1115633 (Exim 4.92) (envelope-from ) id 1s1bFy-0002Zn-P3; Tue, 30 Apr 2024 00:22:02 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714424.1115633; Tue, 30 Apr 2024 00:22:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bFy-0002Ze-LL; Tue, 30 Apr 2024 00:22:02 +0000 Received: by outflank-mailman (input) for mailman id 714424; Tue, 30 Apr 2024 00:22:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bFx-0002ZW-V3 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:01 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bFx-0002TD-UI for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:01 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1bFx-0004vf-S8 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:01 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=E5+I8QqX6wVnrCaqfIXAunU571amHRc8FdktbqdJaS4=; b=b7pAmI+zhT/xuDe2xf+KyhPLOY uSaT1AuYqyP2TPv0mce5SINkiUOCtvKHZTpEvi/ZH1HoVx2ifB3POmir/oGIYmZPU2/GFtW/wgyLM /ySlCuyIp/emZHdZGQxKoSY2UOtdw55hKgXmjYmXszKVzzOEXlnc2+QmvZJndHd3+ej8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] altcall: fix __alt_call_maybe_initdata so it's safe for livepatch Message-Id: Date: Tue, 30 Apr 2024 00:22:01 +0000 commit 8bdcb0b98b53140102031ceca0611f22190227fd Author: Roger Pau Monné AuthorDate: Mon Apr 29 09:35:21 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:35:21 2024 +0200 altcall: fix __alt_call_maybe_initdata so it's safe for livepatch Setting alternative call variables as __init is not safe for use with livepatch, as livepatches can rightfully introduce new alternative calls to structures marked as __alt_call_maybe_initdata (possibly just indirectly due to replacing existing functions that use those). Attempting to resolve those alternative calls then results in page faults as the variable that holds the function pointer address has been freed. When livepatch is supported use the __ro_after_init attribute instead of __initdata for __alt_call_maybe_initdata. Fixes: f26bb285949b ('xen: Implement xen/alternative-call.h for use in common code') Signed-off-by: Roger Pau Monné Reviewed-by: Andrew Cooper master commit: af4cd0a6a61cdb03bc1afca9478b05b0c9703599 master date: 2024-04-11 18:51:36 +0100 --- xen/include/xen/alternative-call.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/xen/include/xen/alternative-call.h b/xen/include/xen/alternative-call.h index 5c6b9a562b..10f7d7637e 100644 --- a/xen/include/xen/alternative-call.h +++ b/xen/include/xen/alternative-call.h @@ -50,7 +50,12 @@ #include -#define __alt_call_maybe_initdata __initdata +#ifdef CONFIG_LIVEPATCH +/* Must keep for livepatches to resolve alternative calls. */ +# define __alt_call_maybe_initdata __ro_after_init +#else +# define __alt_call_maybe_initdata __initdata +#endif #else -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 00:22:12 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 00:22:12 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714425.1115636 (Exim 4.92) (envelope-from ) id 1s1bG8-0002bx-PP; Tue, 30 Apr 2024 00:22:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714425.1115636; Tue, 30 Apr 2024 00:22:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bG8-0002bp-Mr; Tue, 30 Apr 2024 00:22:12 +0000 Received: by outflank-mailman (input) for mailman id 714425; Tue, 30 Apr 2024 00:22:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bG8-0002bb-2g for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bG8-0002TN-1r for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1bG8-0004wK-04 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=fUu1RGmu6ak3dXo1u2lLvvO+DY7q7kZIIxZzj4DPoHw=; b=aOs34PIfpcemzGCIA0Z5LlKw07 A3fhmViJVbJfDbdlovzKpAn5BHm5Z3dHh5IKM2sdU90aVWsOptvfRXvAB22QyQx6+kvJDqglgNQP/ J+/H2Rjoe5z0TqXZqTvJxf0u57l3pHZRpMRqZDrznnm0m19rWKDRto4HBCcMjA63eCN4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/rtc: Avoid UIP flag being set for longer than expected Message-Id: Date: Tue, 30 Apr 2024 00:22:12 +0000 commit af0e9ba44a58c87d6d135d8ffbf468b4ceac0a41 Author: Ross Lagerwall AuthorDate: Mon Apr 29 09:36:04 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:36:04 2024 +0200 x86/rtc: Avoid UIP flag being set for longer than expected In a test, OVMF reported an error initializing the RTC without indicating the precise nature of the error. The only plausible explanation I can find is as follows: As part of the initialization, OVMF reads register C and then reads register A repatedly until the UIP flag is not set. If this takes longer than 100 ms, OVMF fails and reports an error. This may happen with the following sequence of events: At guest time=0s, rtc_init() calls check_update_timer() which schedules update_timer for t=(1 - 244us). At t=1s, the update_timer function happens to have been called >= 244us late. In the timer callback, it sets the UIP flag and schedules update_timer2 for t=1s. Before update_timer2 runs, the guest reads register C which calls check_update_timer(). check_update_timer() stops the scheduled update_timer2 and since the guest time is now outside of the update cycle, it schedules update_timer for t=(2 - 244us). The UIP flag will therefore be set for a whole second from t=1 to t=2 while the guest repeatedly reads register A waiting for the UIP flag to clear. Fix it by clearing the UIP flag when scheduling update_timer. I was able to reproduce this issue with a synthetic test and this resolves the issue. Signed-off-by: Ross Lagerwall Reviewed-by: Jan Beulich master commit: 43a07069863b419433dee12c9b58c1f7ce70aa97 master date: 2024-04-23 14:09:18 +0200 --- xen/arch/x86/hvm/rtc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/hvm/rtc.c b/xen/arch/x86/hvm/rtc.c index 206b4296e9..4839374352 100644 --- a/xen/arch/x86/hvm/rtc.c +++ b/xen/arch/x86/hvm/rtc.c @@ -202,6 +202,7 @@ static void check_update_timer(RTCState *s) } else { + s->hw.cmos_data[RTC_REG_A] &= ~RTC_UIP; next_update_time = (USEC_PER_SEC - guest_usec - 244) * NS_PER_USEC; expire_time = NOW() + next_update_time; s->next_update_time = expire_time; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 00:22:22 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 00:22:22 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714426.1115640 (Exim 4.92) (envelope-from ) id 1s1bGI-0002el-Qx; Tue, 30 Apr 2024 00:22:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714426.1115640; Tue, 30 Apr 2024 00:22:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bGI-0002ed-OL; Tue, 30 Apr 2024 00:22:22 +0000 Received: by outflank-mailman (input) for mailman id 714426; Tue, 30 Apr 2024 00:22:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bGI-0002eV-6Q for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bGI-0002Tr-5g for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1bGI-0004wt-3s for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Yox57X98dkCxuBn2WCMt3O6s14cO1BGB+KfuUbcdZbI=; b=jV8SBa0ozJtTvfrvXrgQZ15GRk RszIhniUbAdLQVLVZ3p9llyWDmD1XU3ytP8yF3JCjgoDpFpjvKPx/x5awgY8TcUwH3Zh5kV1a8Yrn UT/0uOlzvmKzK16+QC5ZbNePpaiOAZkD0ArmslSE5ezJhmBoe87Xl3c/of/rSW6112n4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/MTRR: correct inadvertently inverted WC check Message-Id: Date: Tue, 30 Apr 2024 00:22:22 +0000 commit eb7059767c82d833ebecdf8106e96482b04f3c40 Author: Jan Beulich AuthorDate: Mon Apr 29 09:36:37 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:36:37 2024 +0200 x86/MTRR: correct inadvertently inverted WC check The ! clearly got lost by mistake. Fixes: e9e0eb30d4d6 ("x86/MTRR: avoid several indirect calls") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné master commit: 77e25f0e30ddd11e043e6fce84bf108ce7de5b6f master date: 2024-04-23 14:13:48 +0200 --- xen/arch/x86/cpu/mtrr/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index 55a4da54a7..90b235f57e 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -316,7 +316,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, } /* If the type is WC, check that this processor supports it */ - if ((type == X86_MT_WC) && mtrr_have_wrcomb()) { + if ((type == X86_MT_WC) && !mtrr_have_wrcomb()) { printk(KERN_WARNING "mtrr: your processor doesn't support write-combining\n"); return -EOPNOTSUPP; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 00:22:32 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 00:22:32 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714427.1115644 (Exim 4.92) (envelope-from ) id 1s1bGS-0002hq-ST; Tue, 30 Apr 2024 00:22:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714427.1115644; Tue, 30 Apr 2024 00:22:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bGS-0002hk-Pn; Tue, 30 Apr 2024 00:22:32 +0000 Received: by outflank-mailman (input) for mailman id 714427; Tue, 30 Apr 2024 00:22:32 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bGS-0002he-9t for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:32 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bGS-0002U1-97 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:32 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1bGS-0004xZ-7p for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:32 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=h7g6B7c+Z9AsaOCMZe+N+cmNW9h9CmPyAC+sT8Zh/k8=; b=6NDW4bDarkfhFDETkO1wv9Fd8D KYPsmiiidLZr1hgZrjxq00drRkKYCvsyPPpYlZtM6QWTDND9GglgYr6Dv8o3Baua2V8qlypPBo9cC O8nuHVRkb3rVf2z6WPsbKpTfDCFIg0JUwZOuzrlVjGGlL064nJJlqNUlLRWnFD4pqoTo=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec: fix reporting of BHB clearing usage from guest entry points Message-Id: Date: Tue, 30 Apr 2024 00:22:32 +0000 commit 0b0c7dca70d64c35c86e5d503f67366ebe2b9138 Author: Roger Pau Monné AuthorDate: Mon Apr 29 09:37:04 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:37:04 2024 +0200 x86/spec: fix reporting of BHB clearing usage from guest entry points Reporting whether the BHB clearing on entry is done for the different domains types based on cpu_has_bhb_seq is unhelpful, as that variable signals whether there's a BHB clearing sequence selected, but that alone doesn't imply that such sequence is used from the PV and/or HVM entry points. Instead use opt_bhb_entry_{pv,hvm} which do signal whether BHB clearing is performed on entry from PV/HVM. Fixes: 689ad48ce9cf ('x86/spec-ctrl: Wire up the Native-BHI software sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 049ab0b2c9f1f5edb54b505fef0bc575787dafe9 master date: 2024-04-25 16:35:56 +0200 --- xen/arch/x86/spec_ctrl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index ba4349a024..8c67d6256a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -634,7 +634,7 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - cpu_has_bhb_seq || amd_virt_spec_ctrl || + opt_bhb_entry_hvm || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -643,7 +643,7 @@ static void __init print_details(enum ind_thunk thunk) opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_hvm ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV @@ -651,14 +651,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - cpu_has_bhb_seq || + opt_bhb_entry_pv || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_pv ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 00:22:43 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 00:22:43 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714428.1115649 (Exim 4.92) (envelope-from ) id 1s1bGc-0002ki-UI; Tue, 30 Apr 2024 00:22:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714428.1115649; Tue, 30 Apr 2024 00:22:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bGc-0002kY-RF; Tue, 30 Apr 2024 00:22:42 +0000 Received: by outflank-mailman (input) for mailman id 714428; Tue, 30 Apr 2024 00:22:42 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bGc-0002kQ-ER for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:42 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1bGc-0002UK-DF for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:42 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1bGc-0004yN-BF for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 00:22:42 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xp9GehGk4ERjLwd3W5iyRniwZbrCXIWkKWPVz8sqIxU=; b=1pqssT1Yu9db218uNFehoAmEpg zfNKgL/BaOAle81o+2oqNIg+RmqY8TRxDf4OwDAdRbmuOa2+ENXLzILFF5d62TFNz803vyP8eWuUJ jH1j/qRL8zaVGj9COiZyOxORV1G3NR3ZYViNgewth8BvIWTdBf340646qd+ZvHChfdB8=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.18] x86/spec: adjust logic that elides lfence Message-Id: Date: Tue, 30 Apr 2024 00:22:42 +0000 commit f0ff1d9cb96041a84a24857a6464628240deed4f Author: Roger Pau Monné AuthorDate: Mon Apr 29 09:37:29 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:37:29 2024 +0200 x86/spec: adjust logic that elides lfence It's currently too restrictive by just checking whether there's a BHB clearing sequence selected. It should instead check whether BHB clearing is used on entry from PV or HVM specifically. Switch to use opt_bhb_entry_{pv,hvm} instead, and then remove cpu_has_bhb_seq since it no longer has any users. Reported-by: Jan Beulich Fixes: 954c983abcee ('x86/spec-ctrl: Software BHB-clearing sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 656ae8f1091bcefec9c46ec3ea3ac2118742d4f6 master date: 2024-04-25 16:37:01 +0200 --- xen/arch/x86/include/asm/cpufeature.h | 3 --- xen/arch/x86/spec_ctrl.c | 6 +++--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index 7a312c485e..3c57f55de0 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -228,9 +228,6 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) -#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ - boot_cpu_has(X86_SPEC_BHB_LOOPS)) - enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 8c67d6256a..12c19b7eca 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2328,7 +2328,7 @@ void __init init_speculation_mitigations(void) * unconditional WRMSR. If we do have it, or we're not using any * prior conditional block, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); @@ -2344,7 +2344,7 @@ void __init init_speculation_mitigations(void) * active in the block that is skipped when interrupting guest * context, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) @@ -2356,7 +2356,7 @@ void __init init_speculation_mitigations(void) * A BHB sequence, if used, is the only conditional action, so if we * don't have it, we don't need the safety LFENCE. */ - if ( !cpu_has_bhb_seq ) + if ( !opt_bhb_entry_hvm ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18 From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 05:33:10 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 05:33:10 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714501.1115762 (Exim 4.92) (envelope-from ) id 1s1g6y-0004sf-E5; Tue, 30 Apr 2024 05:33:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714501.1115762; Tue, 30 Apr 2024 05:33:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1g6y-0004sX-BQ; Tue, 30 Apr 2024 05:33:04 +0000 Received: by outflank-mailman (input) for mailman id 714501; Tue, 30 Apr 2024 05:33:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1g6w-0004sP-8P for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 05:33:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1g6w-0007uD-52 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 05:33:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1g6w-0005NR-2f for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 05:33:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=Vpub2KyYhpmRu8lm6rr81FANCKkdPCwDuD5jf/9H+WA=; b=ilLyShUWHeLt/10JDvoNpcU/2s kAANbKnevAMqhJRtIXdJ8wlpZooTRStsjxaUPwW8n4FfL7hS8Gj8RCA4+M9cWrNYoTOWWqkjwkERI KeZc31N40rw31tBVqpg7vjY9t/7E4wACfugjcBKBa3DpFjDG0Y7kcSaeFBPEhv8uqN2c=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/MTRR: correct inadvertently inverted WC check Message-Id: Date: Tue, 30 Apr 2024 05:33:02 +0000 commit cb28fa605289968ecd7654718a8d5c2886a6a639 Author: Jan Beulich AuthorDate: Mon Apr 29 09:38:47 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:38:47 2024 +0200 x86/MTRR: correct inadvertently inverted WC check The ! clearly got lost by mistake. Fixes: e9e0eb30d4d6 ("x86/MTRR: avoid several indirect calls") Reported-by: Marek Marczykowski-Górecki Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné master commit: 77e25f0e30ddd11e043e6fce84bf108ce7de5b6f master date: 2024-04-23 14:13:48 +0200 --- xen/arch/x86/cpu/mtrr/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/mtrr/main.c b/xen/arch/x86/cpu/mtrr/main.c index dee59ea168..990f12286a 100644 --- a/xen/arch/x86/cpu/mtrr/main.c +++ b/xen/arch/x86/cpu/mtrr/main.c @@ -316,7 +316,7 @@ int mtrr_add_page(unsigned long base, unsigned long size, } /* If the type is WC, check that this processor supports it */ - if ((type == MTRR_TYPE_WRCOMB) && mtrr_have_wrcomb()) { + if ((type == MTRR_TYPE_WRCOMB) && !mtrr_have_wrcomb()) { printk(KERN_WARNING "mtrr: your processor doesn't support write-combining\n"); return -EOPNOTSUPP; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 05:33:14 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 05:33:14 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714502.1115766 (Exim 4.92) (envelope-from ) id 1s1g78-0004uP-FS; Tue, 30 Apr 2024 05:33:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714502.1115766; Tue, 30 Apr 2024 05:33:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1g78-0004uI-Co; Tue, 30 Apr 2024 05:33:14 +0000 Received: by outflank-mailman (input) for mailman id 714502; Tue, 30 Apr 2024 05:33:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1g76-0004u6-9w for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 05:33:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1g76-0007uH-92 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 05:33:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1g76-0005O3-7C for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 05:33:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=izNGZ0/It0dHxX+H4AJYaN+9902f1uJ9eJ2dvD4pNL0=; b=hNvT37CiI2iKsz05oYtMpJMVYO 0XDu4DsOw8pNntS/cSxmjh4hFhu9cG+DRfzPmjtRGYdlhsBxa9uGM63+U+l6to2raO8FbWO90sUPt Hz/2iqrIF5DJUtTVU1vnqpXiafAOjuhkIJrsKRTulYnkDkI3UODAftaACX+HdG4TTHtc=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec: fix reporting of BHB clearing usage from guest entry points Message-Id: Date: Tue, 30 Apr 2024 05:33:12 +0000 commit a2d9cdbb2dc6a2252e9492580ec80dda3c60ef4f Author: Roger Pau Monné AuthorDate: Mon Apr 29 09:39:28 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:39:28 2024 +0200 x86/spec: fix reporting of BHB clearing usage from guest entry points Reporting whether the BHB clearing on entry is done for the different domains types based on cpu_has_bhb_seq is unhelpful, as that variable signals whether there's a BHB clearing sequence selected, but that alone doesn't imply that such sequence is used from the PV and/or HVM entry points. Instead use opt_bhb_entry_{pv,hvm} which do signal whether BHB clearing is performed on entry from PV/HVM. Fixes: 689ad48ce9cf ('x86/spec-ctrl: Wire up the Native-BHI software sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 049ab0b2c9f1f5edb54b505fef0bc575787dafe9 master date: 2024-04-25 16:35:56 +0200 --- xen/arch/x86/spec_ctrl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 7697f9ad3f..d83955718a 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -646,7 +646,7 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - cpu_has_bhb_seq || amd_virt_spec_ctrl || + opt_bhb_entry_hvm || amd_virt_spec_ctrl || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || @@ -655,7 +655,7 @@ static void __init print_details(enum ind_thunk thunk) opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_hvm ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV @@ -663,14 +663,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - cpu_has_bhb_seq || + opt_bhb_entry_pv || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_pv ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 05:33:23 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 05:33:23 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714503.1115771 (Exim 4.92) (envelope-from ) id 1s1g7H-0004xj-Iq; Tue, 30 Apr 2024 05:33:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714503.1115771; Tue, 30 Apr 2024 05:33:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1g7H-0004xb-Fx; Tue, 30 Apr 2024 05:33:23 +0000 Received: by outflank-mailman (input) for mailman id 714503; Tue, 30 Apr 2024 05:33:22 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1g7G-0004xT-EQ for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 05:33:22 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1g7G-0007uU-C3 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 05:33:22 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1g7G-0005OY-B8 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 05:33:22 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=xoj17FI81316V9qN2yiII6yS3ALR/OPu2x/zYxky1HE=; b=GlGiSW0zjQs3nSbaTHt99BUS1K lnuie4vv/X5EcUViHvVmSi9DKlirabrzZd4d46Fo34el3KlroxW6NLFMjxR08XduFi1c3DbAABrxu fJGeQvt9DsnXYAdldg8vLOV9gsbvcW6Qr4n9LcQXFAEZ14ff+SN7Z14PVKt3QuaVR9zw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.17] x86/spec: adjust logic that elides lfence Message-Id: Date: Tue, 30 Apr 2024 05:33:22 +0000 commit effcf70f020ff12d34c80e2abde0ecb00ce92bda Author: Roger Pau Monné AuthorDate: Mon Apr 29 09:39:53 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 09:39:53 2024 +0200 x86/spec: adjust logic that elides lfence It's currently too restrictive by just checking whether there's a BHB clearing sequence selected. It should instead check whether BHB clearing is used on entry from PV or HVM specifically. Switch to use opt_bhb_entry_{pv,hvm} instead, and then remove cpu_has_bhb_seq since it no longer has any users. Reported-by: Jan Beulich Fixes: 954c983abcee ('x86/spec-ctrl: Software BHB-clearing sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 656ae8f1091bcefec9c46ec3ea3ac2118742d4f6 master date: 2024-04-25 16:37:01 +0200 --- xen/arch/x86/include/asm/cpufeature.h | 3 --- xen/arch/x86/spec_ctrl.c | 6 +++--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index b24d535080..a6b8af1296 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -181,9 +181,6 @@ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) -#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ - boot_cpu_has(X86_SPEC_BHB_LOOPS)) - enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index d83955718a..b1e47a849e 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2340,7 +2340,7 @@ void __init init_speculation_mitigations(void) * unconditional WRMSR. If we do have it, or we're not using any * prior conditional block, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); @@ -2356,7 +2356,7 @@ void __init init_speculation_mitigations(void) * active in the block that is skipped when interrupting guest * context, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) @@ -2368,7 +2368,7 @@ void __init init_speculation_mitigations(void) * A BHB sequence, if used, is the only conditional action, so if we * don't have it, we don't need the safety LFENCE. */ - if ( !cpu_has_bhb_seq ) + if ( !opt_bhb_entry_hvm ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.17 From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 06:44:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 06:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714564.1115830 (Exim 4.92) (envelope-from ) id 1s1hDh-0000By-P4; Tue, 30 Apr 2024 06:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714564.1115830; Tue, 30 Apr 2024 06:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hDh-0000Bq-MQ; Tue, 30 Apr 2024 06:44:05 +0000 Received: by outflank-mailman (input) for mailman id 714564; Tue, 30 Apr 2024 06:44:04 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hDf-0000Bc-Vr for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hDf-0000jp-Td for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1hDf-0000vl-SX for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=BsR6FVCarJ/aSHlha5laZSJfNFhNxSO5FO0Q5kR4Hp0=; b=W9JTWyhLTLJLTIXRXdKgYy5qvM QNUzFGc5POSDwwLvPAGFOiQo6pD1N0+4rHIjBtwcj/8VtejbZVAgdhrjewcN5u9tu4d1d2YMxVYu7 L1eiJc/tA7XTJt++fZztpY+jj4lGutbfEKoJKEalgPEw6x+aqTprHKF9jPcqykd422Pw=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/msi: passthrough all MSI-X vector ctrl writes to device model Message-Id: Date: Tue, 30 Apr 2024 06:44:03 +0000 commit 64b21662b1b1619b7b411365aa83ec7fca9edeb4 Author: Marek Marczykowski-Górecki AuthorDate: Tue Apr 30 08:31:01 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 30 08:31:01 2024 +0200 x86/msi: passthrough all MSI-X vector ctrl writes to device model QEMU needs to know whether clearing maskbit of a vector is really clearing, or was already cleared before. Currently Xen sends only clearing that bit to the device model, but not setting it, so QEMU cannot detect it. Because of that, QEMU is working this around by checking via /dev/mem, but that isn't the proper approach. Give all necessary information to QEMU by passing all ctrl writes, including masking a vector. Advertise the new behavior via XENVER_get_features, so QEMU can know it doesn't need to access /dev/mem anymore. While this commit doesn't move the whole maskbit handling to QEMU (as discussed on xen-devel as one of the possibilities), it is a necessary first step anyway. Including telling QEMU it will get all the required information to do so. The actual implementation would need to include: - a hypercall for QEMU to control just maskbit (without (re)binding the interrupt again - a method for QEMU to tell Xen it will actually do the work Those are not part of this series. Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Jan Beulich Acked-by: Roger Pau Monné --- xen/arch/x86/hvm/vmsi.c | 19 ++++++++++++++----- xen/common/kernel.c | 1 + xen/include/public/features.h | 8 ++++++++ 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c index adbac965f9..9999179837 100644 --- a/xen/arch/x86/hvm/vmsi.c +++ b/xen/arch/x86/hvm/vmsi.c @@ -283,8 +283,8 @@ static int msixtbl_write(struct vcpu *v, unsigned long address, unsigned long flags; struct irq_desc *desc; - if ( (len != 4 && len != 8) || (address & (len - 1)) ) - return r; + if ( !IS_ALIGNED(address, len) ) + return X86EMUL_OKAY; rcu_read_lock(&msixtbl_rcu_lock); @@ -345,8 +345,7 @@ static int msixtbl_write(struct vcpu *v, unsigned long address, unlock: spin_unlock_irqrestore(&desc->lock, flags); - if ( len == 4 ) - r = X86EMUL_OKAY; + r = X86EMUL_OKAY; out: rcu_read_unlock(&msixtbl_rcu_lock); @@ -357,7 +356,17 @@ static int cf_check _msixtbl_write( const struct hvm_io_handler *handler, uint64_t address, uint32_t len, uint64_t val) { - return msixtbl_write(current, address, len, val); + /* Ignore invalid length or unaligned writes. */ + if ( (len != 4 && len != 8) || !IS_ALIGNED(address, len) ) + return X86EMUL_OKAY; + + /* + * This function returns X86EMUL_UNHANDLEABLE even if write is properly + * handled, to propagate it to the device model (so it can keep its + * internal state in sync). + */ + msixtbl_write(current, address, len, val); + return X86EMUL_UNHANDLEABLE; } static bool cf_check msixtbl_range( diff --git a/xen/common/kernel.c b/xen/common/kernel.c index 08dbaa2a05..b44b2439ca 100644 --- a/xen/common/kernel.c +++ b/xen/common/kernel.c @@ -637,6 +637,7 @@ long do_xen_version(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg) fi.submap |= (1U << XENFEAT_hvm_safe_pvclock) | (1U << XENFEAT_hvm_callback_vector) | (has_pirq(d) ? (1U << XENFEAT_hvm_pirqs) : 0); + fi.submap |= (1U << XENFEAT_dm_msix_all_writes); #endif if ( !paging_mode_translate(d) || is_domain_direct_mapped(d) ) fi.submap |= (1U << XENFEAT_direct_mapped); diff --git a/xen/include/public/features.h b/xen/include/public/features.h index 4437f25d25..8801930947 100644 --- a/xen/include/public/features.h +++ b/xen/include/public/features.h @@ -120,6 +120,14 @@ #define XENFEAT_runstate_phys_area 18 #define XENFEAT_vcpu_time_phys_area 19 +/* + * If set, Xen will passthrough all MSI-X vector ctrl writes to device model, + * not only those unmasking an entry. This allows device model to properly keep + * track of the MSI-X table without having to read it from the device behind + * Xen's backs. This information is relevant only for device models. + */ +#define XENFEAT_dm_msix_all_writes 20 + #define XENFEAT_NR_SUBMAPS 1 #endif /* __XEN_PUBLIC_FEATURES_H__ */ -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 06:44:15 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 06:44:15 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714566.1115833 (Exim 4.92) (envelope-from ) id 1s1hDr-0000Ic-QX; Tue, 30 Apr 2024 06:44:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714566.1115833; Tue, 30 Apr 2024 06:44:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hDr-0000IV-O0; Tue, 30 Apr 2024 06:44:15 +0000 Received: by outflank-mailman (input) for mailman id 714566; Tue, 30 Apr 2024 06:44:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hDq-0000II-26 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hDq-0000jx-1F for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:14 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1hDp-0000wK-Vn for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:13 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=MuyHDo/hFOrFL9X0tk2QHDUOOaBlwz1BxfflSB26Bn8=; b=kTwkA4l/Q/m3Clt8ncPkTrRPIZ 2ChTACgRN0LpmAc6538M7cvq8HcRCNKqWEXRJSYziFjGxx9/IFMS5cSDzZ3MszshqwtNTda5C4hkJ xYaEU1o5eUpD/qaGz5sbczgzUbt0pi1K7zMG1bG0lLecx7p7ADYPdo9O2whVec1jIf7k=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/MCE: guard call to Intel-specific intel_get_extended_msrs() Message-Id: Date: Tue, 30 Apr 2024 06:44:13 +0000 commit abc68e78a38f75a191515861235c9cc15fd2481b Author: Sergiy Kibrik AuthorDate: Tue Apr 30 08:32:03 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 30 08:32:03 2024 +0200 x86/MCE: guard call to Intel-specific intel_get_extended_msrs() Add check for CONFIG_INTEL build option to conditional call of this routine, so that if Intel support is disabled the call would be eliminated. No functional change intended. Signed-off-by: Sergiy Kibrik Reviewed-by: Stefano Stabellini Acked-by: Jan Beulich --- xen/arch/x86/cpu/mcheck/mce.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 2844685983..d179e6b068 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -328,7 +328,8 @@ mcheck_mca_logout(enum mca_source who, struct mca_banks *bankmask, ASSERT(mig); mca_init_global(mc_flags, mig); /* A hook here to get global extended msrs */ - if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ) + if ( IS_ENABLED(CONFIG_INTEL) && + boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ) intel_get_extended_msrs(mig, mci); } } -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 06:44:25 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 06:44:25 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714567.1115838 (Exim 4.92) (envelope-from ) id 1s1hE1-0000LT-S6; Tue, 30 Apr 2024 06:44:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714567.1115838; Tue, 30 Apr 2024 06:44:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hE1-0000LL-PQ; Tue, 30 Apr 2024 06:44:25 +0000 Received: by outflank-mailman (input) for mailman id 714567; Tue, 30 Apr 2024 06:44:24 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hE0-0000L5-5E for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:24 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hE0-0000kT-4O for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:24 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1hE0-0000xD-3N for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:24 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=eqXgYTHebnLd1VaLl6xFI6BXdhjcPfr31lg1fl7o+uk=; b=Zwi3PCylOVMO8b2i/sYQDp1N38 3HK06b6URsnNZAQkjEC/ohET8kQQOeaM85JB8m9y+M2JPHmzxWmKXGf1GqG42NkelF3ClCHRSLejk uLZcpOblmiSQa7oM6LKRE+JVMQrxedjtK0HESMvLQ8zXlCEFEixBTbcmZ/6fdZDHsovU=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/xsm: Wire up get_dom0_console Message-Id: Date: Tue, 30 Apr 2024 06:44:24 +0000 commit 647f7e50ebeeb8152974cad6a12affe474c74513 Author: Jason Andryuk AuthorDate: Tue Apr 30 08:33:41 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 30 08:33:41 2024 +0200 xen/xsm: Wire up get_dom0_console An XSM hook for get_dom0_console is currently missing. Using XSM with a PVH dom0 shows: (XEN) FLASK: Denying unknown platform_op: 64. Wire up the hook, and allow it for dom0. Fixes: 4dd160583c ("x86/platform: introduce hypercall to get initial video console settings") Signed-off-by: Jason Andryuk Acked-by: Daniel P. Smith --- tools/flask/policy/modules/dom0.te | 2 +- xen/xsm/flask/hooks.c | 4 ++++ xen/xsm/flask/policy/access_vectors | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te index f1dcff48e2..16b8c9646d 100644 --- a/tools/flask/policy/modules/dom0.te +++ b/tools/flask/policy/modules/dom0.te @@ -16,7 +16,7 @@ allow dom0_t xen_t:xen { allow dom0_t xen_t:xen2 { resource_op psr_cmt_op psr_alloc pmu_ctrl get_symbol get_cpu_levelling_caps get_cpu_featureset livepatch_op - coverage_op + coverage_op get_dom0_console }; # Allow dom0 to use all XENVER_ subops that have checks. diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 78225f68c1..5e88c71b8e 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1558,6 +1558,10 @@ static int cf_check flask_platform_op(uint32_t op) return avc_has_perm(domain_sid(current->domain), SECINITSID_XEN, SECCLASS_XEN2, XEN2__GET_SYMBOL, NULL); + case XENPF_get_dom0_console: + return avc_has_perm(domain_sid(current->domain), SECINITSID_XEN, + SECCLASS_XEN2, XEN2__GET_DOM0_CONSOLE, NULL); + default: return avc_unknown_permission("platform_op", op); } diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 4e6710a63e..a35e3d4c51 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -99,6 +99,8 @@ class xen2 livepatch_op # XEN_SYSCTL_coverage_op coverage_op +# XENPF_get_dom0_console + get_dom0_console } # Classes domain and domain2 consist of operations that a domain performs on -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 06:44:35 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 06:44:35 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714568.1115842 (Exim 4.92) (envelope-from ) id 1s1hEB-0000Oq-Tj; Tue, 30 Apr 2024 06:44:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714568.1115842; Tue, 30 Apr 2024 06:44:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hEB-0000Oh-Qr; Tue, 30 Apr 2024 06:44:35 +0000 Received: by outflank-mailman (input) for mailman id 714568; Tue, 30 Apr 2024 06:44:34 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hEA-0000OP-8o for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:34 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hEA-0000kd-83 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:34 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1hEA-0000xi-6c for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:34 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=gy4OTRP2lA6mqa00EdoQppGeVaxiWWPXpXeW8bGrseI=; b=XI2xrlXbZWDoqHo2vNT8JT0ivj 1zG1lQPXZPkcntoj2DTVpOvLwYyluZcJE9m0JjkFY0mVWrP75TphKlWYKpbjY8JQlen61fZHusFI4 KfnNTIlhHFtkQoubjGWPHa6/OOITJ1jFHi5rZ7hETOVvs2bYJ32Hw+qLvhk4WPH1M/GM=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/x86: Fix Syntax warning in gen-cpuid.py Message-Id: Date: Tue, 30 Apr 2024 06:44:34 +0000 commit 08e79bba73d74a85d3ce6ff0f91c5205f1e05eda Author: Jason Andryuk AuthorDate: Tue Apr 30 08:34:37 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 30 08:34:37 2024 +0200 xen/x86: Fix Syntax warning in gen-cpuid.py Python 3.12.2 warns: xen/tools/gen-cpuid.py:50: SyntaxWarning: invalid escape sequence '\s' "\s+([\s\d]+\*[\s\d]+\+[\s\d]+)\)" xen/tools/gen-cpuid.py:51: SyntaxWarning: invalid escape sequence '\s' "\s+/\*([\w!]*) .*$") Specify the strings as raw strings so '\s' is read as literal '\' + 's'. This avoids escaping all the '\'s in the strings. Signed-off-by: Jason Andryuk Acked-by: Andrew Cooper --- xen/tools/gen-cpuid.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index bf3f9ec01e..dadeb33080 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -47,8 +47,8 @@ def parse_definitions(state): """ feat_regex = re.compile( r"^XEN_CPUFEATURE\(([A-Z0-9_]+)," - "\s+([\s\d]+\*[\s\d]+\+[\s\d]+)\)" - "\s+/\*([\w!]*) .*$") + r"\s+([\s\d]+\*[\s\d]+\+[\s\d]+)\)" + r"\s+/\*([\w!]*) .*$") word_regex = re.compile( r"^/\* .* word (\d*) \*/$") -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 06:44:46 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 06:44:46 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714569.1115846 (Exim 4.92) (envelope-from ) id 1s1hEL-0000Rd-V6; Tue, 30 Apr 2024 06:44:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714569.1115846; Tue, 30 Apr 2024 06:44:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hEL-0000RV-SE; Tue, 30 Apr 2024 06:44:45 +0000 Received: by outflank-mailman (input) for mailman id 714569; Tue, 30 Apr 2024 06:44:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hEK-0000RH-Bi for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hEK-0000kk-Aw for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:44 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1hEK-0000yR-AD for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:44 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=ZSFR8x9h7VXD5EyHugRVfDxONnro4zPRIy8bZZ9eJ/o=; b=JAnUalzW35wBXK8imuMk15WA10 urQ1jf9M8FlcdkBEX39x9NRi98q1YpwmI/OMcbApsFeLTA65QGuifRvv/mBQOg14u6GhtdBI7iPbq iE/o11/WG1nnTiJQY0ARM+9NZ4Ig9EjfeNduNqWRhUz6sK1Gos2qRZ7cUoo+Mfn+YdvY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] xen/riscv: improve check-extension() macro Message-Id: Date: Tue, 30 Apr 2024 06:44:44 +0000 commit bf0059282d7e5c1c625cb1a80410db5918c45fe1 Author: Oleksii Kurochko AuthorDate: Tue Apr 30 08:36:39 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 30 08:36:39 2024 +0200 xen/riscv: improve check-extension() macro Now, the check-extension() macro has 1 argument instead of 2. This change helps to reduce redundancy around usage of extensions name (in the case of the zbb extension, the name was used 3 times). To implement this, a new variable was introduced: -insn which represents the instruction support that is being checked. Additionally, zbb-insn is updated to use $(comma) instead of ",". Suggested-by: Jan Beulich Signed-off-by: Oleksii Kurochko Reviewed-by: Jan Beulich --- xen/arch/riscv/arch.mk | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/xen/arch/riscv/arch.mk b/xen/arch/riscv/arch.mk index 05c113f2c2..8c071aff65 100644 --- a/xen/arch/riscv/arch.mk +++ b/xen/arch/riscv/arch.mk @@ -13,12 +13,21 @@ riscv-generic-flags := $(riscv-abi-y) -march=$(riscv-march-y) # check-extension: Check whether extenstion is supported by a compiler and # an assembler. -# Usage: $(call check-extension,extension_name,"instr") -check-extension = $(call as-insn,$(CC) $(riscv-generic-flags)_$(1),$(2),_$(1)) - -zbb-insn := "andn t0, t0, t0" -zbb := $(call check-extension,zbb,$(zbb-insn)) -zihintpause := $(call check-extension,zihintpause,"pause") +# Usage: $(call check-extension,extension_name). +# it should be defined variable with following name: +# -insn := "insn" +# which represents an instruction of extension support of which is +# going to be checked. +define check-extension = +$(eval $(1) := \ + $(call as-insn,$(CC) $(riscv-generic-flags)_$(1),$(value $(1)-insn),_$(1))) +endef + +zbb-insn := "andn t0$(comma)t0$(comma)t0" +$(call check-extension,zbb) + +zihintpause-insn := "pause" +$(call check-extension,zihintpause) extensions := $(zbb) $(zihintpause) -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 06:44:56 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 06:44:56 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714570.1115849 (Exim 4.92) (envelope-from ) id 1s1hEW-0000U9-02; Tue, 30 Apr 2024 06:44:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714570.1115849; Tue, 30 Apr 2024 06:44:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hEV-0000U2-Th; Tue, 30 Apr 2024 06:44:55 +0000 Received: by outflank-mailman (input) for mailman id 714570; Tue, 30 Apr 2024 06:44:54 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hEU-0000Tp-F5 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:54 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1hEU-0000kr-EG for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:54 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1hEU-0000yy-DF for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 06:44:54 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=/XbK5r2p4PppGXgD6cd1/zAS/mCJ+adHzr1ijAOZ5Mk=; b=WgkLSqSwX8TKOArlx/uW9gJWW7 QzUcKZ1SnkjfHPBf0Jal/IbaVSCfc8uQ0MjfXnT+flWTLZQlKpGtRrFc4u8MAoez8x1wNHAQOee5H 5iOIMMkJZ4/rIWWeF1t4Q9Z1U6PQBRz3WCLJq1+BvOPskslaA7krFPJnxynMMtUTR0dI=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] revert "x86/mm: re-implement get_page_light() using an atomic increment" Message-Id: Date: Tue, 30 Apr 2024 06:44:54 +0000 commit b819bd65f4fb25be582f66ba2e4134f61d86f459 Author: Jan Beulich AuthorDate: Tue Apr 30 08:37:19 2024 +0200 Commit: Jan Beulich CommitDate: Tue Apr 30 08:37:19 2024 +0200 revert "x86/mm: re-implement get_page_light() using an atomic increment" This reverts commit c40bc0576dcc5acd4d7e22ef628eb4642f568533. That change aimed at eliminating an open-coded lock-like construct, which really isn't all that similar to, in particular, get_page(). The function always succeeds. Any remaining concern would want taking care of by placing block_lock_speculation() at the end of the function. Since the function is called only during page (de)validation, any possible performance concerns over such extra serialization could likely be addressed by pre-validating (e.g. via pinning) page tables. The fundamental issue with the change being reverted is that it detects bad state only after already having caused possible corruption. While the system is going to be halted in such an event, there is a time window during which the resulting incorrect state could be leveraged by a clever (in particular: fast enough) attacker. Signed-off-by: Jan Beulich Acked-by: Andrew Cooper Acked-by: Roger Pau Monné --- xen/arch/x86/mm.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 87529db7d1..d968bbbc73 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -2582,10 +2582,16 @@ bool get_page(struct page_info *page, const struct domain *domain) */ static void get_page_light(struct page_info *page) { - unsigned long old_pgc = arch_fetch_and_add(&page->count_info, 1); + unsigned long x, nx, y = page->count_info; - BUG_ON(!(old_pgc & PGC_count_mask)); /* Not allocated? */ - BUG_ON(!((old_pgc + 1) & PGC_count_mask)); /* Overflow? */ + do { + x = y; + nx = x + 1; + BUG_ON(!(x & PGC_count_mask)); /* Not allocated? */ + BUG_ON(!(nx & PGC_count_mask)); /* Overflow? */ + y = cmpxchg(&page->count_info, x, nx); + } + while ( unlikely(y != x) ); } static int validate_page(struct page_info *page, unsigned long type, -- generated by git-patchbot for /home/xen/git/xen.git#staging From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 12:55:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 12:55:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714852.1116203 (Exim 4.92) (envelope-from ) id 1s1n0h-0001oD-Fr; Tue, 30 Apr 2024 12:55:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714852.1116203; Tue, 30 Apr 2024 12:55:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1n0h-0001nE-A5; Tue, 30 Apr 2024 12:55:03 +0000 Received: by outflank-mailman (input) for mailman id 714852; Tue, 30 Apr 2024 12:55:02 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1n0g-0001l7-4T for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 12:55:02 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1n0g-0008Lp-2A for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 12:55:02 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1n0g-0007CW-0h for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 12:55:02 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=X6x7LRMgWbyOjF5epjK0g/r7MBDIQKkffnPGfP+ViBA=; b=VYE00f1ypLZjEFusxkvLQrKUCv n+cKcTzVr5iyZRMRwGCD5L28Y5eLJbS0DwO7wbNi/fSx7KcqhXbQDu62xgCnocXU+iOOA7J4O8Q3q AitL/ABn0ToH3tBx0cFkmXddy1pN+5cZAwz+TN8/4DDLxcPHToL7TilaHLjssPZNW9f4=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec: fix reporting of BHB clearing usage from guest entry points Message-Id: Date: Tue, 30 Apr 2024 12:55:02 +0000 commit fe17bbe832598829ebb03306d8e95d71875f3245 Author: Roger Pau Monné AuthorDate: Mon Apr 29 10:19:03 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 10:19:03 2024 +0200 x86/spec: fix reporting of BHB clearing usage from guest entry points Reporting whether the BHB clearing on entry is done for the different domains types based on cpu_has_bhb_seq is unhelpful, as that variable signals whether there's a BHB clearing sequence selected, but that alone doesn't imply that such sequence is used from the PV and/or HVM entry points. Instead use opt_bhb_entry_{pv,hvm} which do signal whether BHB clearing is performed on entry from PV/HVM. Fixes: 689ad48ce9cf ('x86/spec-ctrl: Wire up the Native-BHI software sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 049ab0b2c9f1f5edb54b505fef0bc575787dafe9 master date: 2024-04-25 16:35:56 +0200 --- xen/arch/x86/spec_ctrl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index 34e174754b..f8b26e3886 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -617,14 +617,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_HVM) || boot_cpu_has(X86_FEATURE_SC_RSB_HVM) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) || - cpu_has_bhb_seq || + opt_bhb_entry_hvm || opt_eager_fpu || opt_verw_hvm) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_HVM) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_HVM) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_hvm ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_HVM) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_hvm ? " BHB-entry" : ""); #endif #ifdef CONFIG_PV @@ -632,14 +632,14 @@ static void __init print_details(enum ind_thunk thunk) (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || boot_cpu_has(X86_FEATURE_SC_RSB_PV) || boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) || - cpu_has_bhb_seq || + opt_bhb_entry_pv || opt_eager_fpu || opt_verw_pv) ? "" : " None", boot_cpu_has(X86_FEATURE_SC_MSR_PV) ? " MSR_SPEC_CTRL" : "", boot_cpu_has(X86_FEATURE_SC_RSB_PV) ? " RSB" : "", opt_eager_fpu ? " EAGER_FPU" : "", opt_verw_pv ? " VERW" : "", boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) ? " IBPB-entry" : "", - cpu_has_bhb_seq ? " BHB-entry" : ""); + opt_bhb_entry_pv ? " BHB-entry" : ""); printk(" XPTI (64-bit PV only): Dom0 %s, DomU %s (with%s PCID)\n", opt_xpti_hwdom ? "enabled" : "disabled", -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 12:55:13 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 12:55:13 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714853.1116211 (Exim 4.92) (envelope-from ) id 1s1n0r-0002Cr-Er; Tue, 30 Apr 2024 12:55:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714853.1116211; Tue, 30 Apr 2024 12:55:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1n0r-0002Cj-Be; Tue, 30 Apr 2024 12:55:13 +0000 Received: by outflank-mailman (input) for mailman id 714853; Tue, 30 Apr 2024 12:55:12 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1n0q-0002Bf-6B for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 12:55:12 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1n0q-0008M4-5K for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 12:55:12 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1n0q-0007DK-4N for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 12:55:12 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=XTa3xBDmRuy2s8aUzJhau8iY2J4jsOtJNexrECYCv/g=; b=ImUn4jesYUxhPx7hRNxEB/Vw17 5ZtJ/RQfLeRSaM7zt+4F4eslfoZKMuq3EyeB/3GM9JXpMSy0Y8XNOawaYx8gpBmOSddQYLj8QtK6x gwUvGULT8rQmgUqTEV7JyrRfrWlvSkKci8mi32Kj+R7pzfrWv0XSkmu+/ymkay+X3bY0=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen stable-4.16] x86/spec: adjust logic that elides lfence Message-Id: Date: Tue, 30 Apr 2024 12:55:12 +0000 commit d0e8f8ffbb19b5df5f767328baeb54c069b08e6a Author: Roger Pau Monné AuthorDate: Mon Apr 29 10:20:07 2024 +0200 Commit: Jan Beulich CommitDate: Mon Apr 29 10:20:07 2024 +0200 x86/spec: adjust logic that elides lfence It's currently too restrictive by just checking whether there's a BHB clearing sequence selected. It should instead check whether BHB clearing is used on entry from PV or HVM specifically. Switch to use opt_bhb_entry_{pv,hvm} instead, and then remove cpu_has_bhb_seq since it no longer has any users. Reported-by: Jan Beulich Fixes: 954c983abcee ('x86/spec-ctrl: Software BHB-clearing sequences') Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: 656ae8f1091bcefec9c46ec3ea3ac2118742d4f6 master date: 2024-04-25 16:37:01 +0200 --- xen/arch/x86/spec_ctrl.c | 6 +++--- xen/include/asm-x86/cpufeature.h | 3 --- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c index f8b26e3886..e41135f3be 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c @@ -2300,7 +2300,7 @@ void __init init_speculation_mitigations(void) * unconditional WRMSR. If we do have it, or we're not using any * prior conditional block, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || !boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV)) ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_PV); @@ -2316,7 +2316,7 @@ void __init init_speculation_mitigations(void) * active in the block that is skipped when interrupting guest * context, then it's safe to drop the LFENCE. */ - if ( !cpu_has_bhb_seq && + if ( !opt_bhb_entry_pv && (boot_cpu_has(X86_FEATURE_SC_MSR_PV) || (!boot_cpu_has(X86_FEATURE_IBPB_ENTRY_PV) && !boot_cpu_has(X86_FEATURE_SC_RSB_PV))) ) @@ -2328,7 +2328,7 @@ void __init init_speculation_mitigations(void) * A BHB sequence, if used, is the only conditional action, so if we * don't have it, we don't need the safety LFENCE. */ - if ( !cpu_has_bhb_seq ) + if ( !opt_bhb_entry_hvm ) setup_force_cpu_cap(X86_SPEC_NO_LFENCE_ENTRY_VMX); } diff --git a/xen/include/asm-x86/cpufeature.h b/xen/include/asm-x86/cpufeature.h index 3935c0ad4a..1869732bcb 100644 --- a/xen/include/asm-x86/cpufeature.h +++ b/xen/include/asm-x86/cpufeature.h @@ -177,9 +177,6 @@ #define cpu_bug_fpu_ptrs boot_cpu_has(X86_BUG_FPU_PTRS) #define cpu_bug_null_seg boot_cpu_has(X86_BUG_NULL_SEG) -#define cpu_has_bhb_seq (boot_cpu_has(X86_SPEC_BHB_TSX) || \ - boot_cpu_has(X86_SPEC_BHB_LOOPS)) - enum _cache_type { CACHE_TYPE_NULL = 0, CACHE_TYPE_DATA = 1, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16 From xen-changelog-bounces@lists.xenproject.org Tue Apr 30 13:44:09 2024 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 30 Apr 2024 13:44:09 +0000 Received: from list by lists.xenproject.org with outflank-mailman.714906.1116285 (Exim 4.92) (envelope-from ) id 1s1nm9-0006fW-He; Tue, 30 Apr 2024 13:44:05 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 714906.1116285; Tue, 30 Apr 2024 13:44:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1nm9-0006fO-F5; Tue, 30 Apr 2024 13:44:05 +0000 Received: by outflank-mailman (input) for mailman id 714906; Tue, 30 Apr 2024 13:44:03 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1nm7-0006dX-Qc for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 13:44:03 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s1nm7-0000wo-O4 for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 13:44:03 +0000 Received: from xen by xenbits.xenproject.org with local (Exim 4.92) (envelope-from ) id 1s1nm7-0001pN-MF for xen-changelog@lists.xenproject.org; Tue, 30 Apr 2024 13:44:03 +0000 X-BeenThere: xen-changelog@lists.xenproject.org List-Id: "Change log for Mercurial \(receive only\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-changelog-bounces@lists.xenproject.org Precedence: list Sender: "Xen-changelog" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Date:Message-Id:Subject:Reply-To:To:From; bh=IWNG72BITiBe5ktuvtAUzmXuimFIVb97863LQ39s0Ic=; b=PyuXOsGWFzfwMg6buel9fGsbQl VN4Snk8TpC1ZH4iwqdFAwC5VYVsP1flCR2olSbZvwAKtdjwoX1HZOScRGhz92zNiDRG9umW20vA0/ +wcXLofpyjbvUNxNJpO8hiWA0MMpzk6VB+0tTIIKDoGQc7WvF4CG7T2rOjTIuISG/XQY=; From: patchbot@xen.org To: xen-changelog@lists.xenproject.org Reply-To: xen-devel@lists.xenproject.org Subject: [xen staging] x86/cpu-policy: Annotate the accumulated features Message-Id: Date: Tue, 30 Apr 2024 13:44:03 +0000 commit 9e30bd8f4a8cee83368276c5149c7e2304efe5a2 Author: Andrew Cooper AuthorDate: Fri Apr 26 16:53:08 2024 +0100 Commit: Andrew Cooper CommitDate: Tue Apr 30 14:28:54 2024 +0100 x86/cpu-policy: Annotate the accumulated features Some features need accumulating rather than intersecting to make migration safe. Introduce the new '|' attribute for this purpose. Right now, it's only used by the Xapi toolstack, but it will be used by xl/libxl when the full policy-object work is complete, and until then it's still a useful hint for hand-crafted cpuid= lines in vm.cfg files. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/include/public/arch-x86/cpufeatureset.h | 15 ++++++++++----- xen/tools/gen-cpuid.py | 7 +++++-- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 53f13dec31..6627453e39 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -72,6 +72,11 @@ enum { * 'H' = HVM HAP guests (not PV or HVM Shadow guests). * Upper case => Available by default * Lower case => Can be opted-in to, but not available by default. + * + * Migration: '|' + * This bit should be visible to a guest if any anywhere it might run has + * the bit set. i.e. it needs accumulating across the migration pool, + * rather than intersecting. */ /* Intel-defined CPU features, CPUID level 0x00000001.edx, word 0 */ @@ -248,7 +253,7 @@ XEN_CPUFEATURE(IBRS_ALWAYS, 8*32+16) /*S IBRS preferred always on */ XEN_CPUFEATURE(STIBP_ALWAYS, 8*32+17) /*S STIBP preferred always on */ XEN_CPUFEATURE(IBRS_FAST, 8*32+18) /*S IBRS preferred over software options */ XEN_CPUFEATURE(IBRS_SAME_MODE, 8*32+19) /*S IBRS provides same-mode protection */ -XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S EFER.LMSLE no longer supported. */ +XEN_CPUFEATURE(NO_LMSL, 8*32+20) /*S| EFER.LMSLE no longer supported. */ XEN_CPUFEATURE(AMD_PPIN, 8*32+23) /* Protected Processor Inventory Number */ XEN_CPUFEATURE(AMD_SSBD, 8*32+24) /*S MSR_SPEC_CTRL.SSBD available */ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /*! MSR_VIRT_SPEC_CTRL.SSBD */ @@ -263,7 +268,7 @@ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single XEN_CPUFEATURE(FSRM, 9*32+ 4) /*A Fast Short REP MOVS */ XEN_CPUFEATURE(AVX512_VP2INTERSECT, 9*32+8) /*a VP2INTERSECT{D,Q} insns */ XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ -XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A VERW clears microarchitectural buffers */ +XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*!A| VERW clears microarchitectural buffers */ XEN_CPUFEATURE(RTM_ALWAYS_ABORT, 9*32+11) /*! RTM disabled (but XBEGIN wont fault) */ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ XEN_CPUFEATURE(SERIALIZE, 9*32+14) /*A SERIALIZE insn */ @@ -292,7 +297,7 @@ XEN_CPUFEATURE(AVX_IFMA, 10*32+23) /*A AVX-IFMA Instructions */ /* AMD-defined CPU features, CPUID level 0x80000021.eax, word 11 */ XEN_CPUFEATURE(NO_NEST_BP, 11*32+ 0) /*A No Nested Data Breakpoints */ -XEN_CPUFEATURE(FS_GS_NS, 11*32+ 1) /*S FS/GS base MSRs non-serialising */ +XEN_CPUFEATURE(FS_GS_NS, 11*32+ 1) /*S| FS/GS base MSRs non-serialising */ XEN_CPUFEATURE(LFENCE_DISPATCH, 11*32+ 2) /*A LFENCE always serializing */ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and limit too) */ XEN_CPUFEATURE(AUTO_IBRS, 11*32+ 8) /*S Automatic IBRS */ @@ -343,7 +348,7 @@ XEN_CPUFEATURE(DOITM, 16*32+12) /* Data Operand Invariant Timing XEN_CPUFEATURE(SBDR_SSDP_NO, 16*32+13) /*A No Shared Buffer Data Read or Sideband Stale Data Propagation */ XEN_CPUFEATURE(FBSDP_NO, 16*32+14) /*A No Fill Buffer Stale Data Propagation */ XEN_CPUFEATURE(PSDP_NO, 16*32+15) /*A No Primary Stale Data Propagation */ -XEN_CPUFEATURE(FB_CLEAR, 16*32+17) /*!A Fill Buffers cleared by VERW */ +XEN_CPUFEATURE(FB_CLEAR, 16*32+17) /*!A| Fill Buffers cleared by VERW */ XEN_CPUFEATURE(FB_CLEAR_CTRL, 16*32+18) /* MSR_OPT_CPU_CTRL.FB_CLEAR_DIS */ XEN_CPUFEATURE(RRSBA, 16*32+19) /*! Restricted RSB Alternative */ XEN_CPUFEATURE(BHI_NO, 16*32+20) /*A No Branch History Injection */ @@ -353,7 +358,7 @@ XEN_CPUFEATURE(PBRSB_NO, 16*32+24) /*A No Post-Barrier RSB prediction XEN_CPUFEATURE(GDS_CTRL, 16*32+25) /* MCU_OPT_CTRL.GDS_MIT_{DIS,LOCK} */ XEN_CPUFEATURE(GDS_NO, 16*32+26) /*A No Gather Data Sampling */ XEN_CPUFEATURE(RFDS_NO, 16*32+27) /*A No Register File Data Sampling */ -XEN_CPUFEATURE(RFDS_CLEAR, 16*32+28) /*!A Register File(s) cleared by VERW */ +XEN_CPUFEATURE(RFDS_CLEAR, 16*32+28) /*!A| Register File(s) cleared by VERW */ /* Intel-defined CPU features, MSR_ARCH_CAPS 0x10a.edx, word 17 */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index dadeb33080..380b9d973a 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -21,7 +21,7 @@ class State(object): self.names = {} # Value => Name mapping self.values = {} # Name => Value mapping self.raw = { - '!': set(), + '!': set(), '|': set(), 'A': set(), 'S': set(), 'H': set(), 'a': set(), 's': set(), 'h': set(), } @@ -48,7 +48,7 @@ def parse_definitions(state): feat_regex = re.compile( r"^XEN_CPUFEATURE\(([A-Z0-9_]+)," r"\s+([\s\d]+\*[\s\d]+\+[\s\d]+)\)" - r"\s+/\*([\w!]*) .*$") + r"\s+/\*([\w!|]*) .*$") word_regex = re.compile( r"^/\* .* word (\d*) \*/$") @@ -415,6 +415,8 @@ def write_results(state): #define INIT_SPECIAL_FEATURES { \\\n%s\n} +#define INIT_SIMPLE_OR { \\\n%s\n} + #define INIT_PV_DEF_FEATURES { \\\n%s\n} #define INIT_PV_MAX_FEATURES { \\\n%s\n} @@ -436,6 +438,7 @@ def write_results(state): next(featureset_to_uint32s(state.common_1d, 1)), format_uint32s(state, state.names.keys(), 4), format_uint32s(state, state.raw['!'], 4), + format_uint32s(state, state.raw['|'], 4), format_uint32s(state, state.pv_def, 4), format_uint32s(state, state.pv_max, 4), format_uint32s(state, state.hvm_shadow_def, 4), -- generated by git-patchbot for /home/xen/git/xen.git#staging