Xen project Mailing List

Re: [PATCH 4/5] x86/traps: Drop exception_table[] and use if/else dispatching

To: Andrew Cooper <amc96@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 22 Nov 2021 17:28:01 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ev9ovb0ACNCcK0QgjdHFJek9FbaGu2/8z0Fwy90R+M0=; b=g9NNwuffoM232AAhE70yksmFLl4Gi9AqSCz1WyJu42+kMXauku8aUA8dCPQvZN2V3uV3jrkwYxrz5zWl+OXfrh/jSS4WXBVWJoAcCcODyAjd+c3lWxlLGuAfqWCxJC/9cgn1nxTlSeKuMrnPuYx/kL4a+KyNMwizfoeDIme34+9UOREr8s6rvptY10CmEH+jEncoT8FcOw6wKSiElHnG6hqKz/bqhwqcLusUlvgYYslDdqmwANdRMl3+e861WIH+ZA7ENbaOY7tuYdtXrPtMbGejgQxDWA3HmZO3BUack1a6H2b5AsFR5qKtAzBi0I77qLpN7ePiQhvQZSJ3YDQQ7A==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aDSlPzwgM35D2Nlv1rYd4m01kLYRPtcqsR+yrqtyNn3xApwKXOq9Jh3kHutAWyxCmnjz7f57Xyg77f/3UMlIkH69fN8se5NfLML0g76C22Drx/5zXVICTO4tQB6dUBXdjx7MDPVX5QfKAvBj1FzmIhvLklP/xBhwVQlIooSeT9rC6PeOX+oV3MHC/6y0ABnOScKb2PmWnL8GRqFtMNi9yuEaSct2k/eahwxLB4+QPKJjK3XBQX6Zs7hl04QUJUMRvy87ok+sn/cAvUdLu6kWVpDUbuIJdPJd/oS/7X4FffR19+jJXc+LlwH2pRlbGttw7qeNcIEsYWBUVqhEU6PVPw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 22 Nov 2021 16:28:14 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 22.11.2021 17:16, Andrew Cooper wrote: > On 22/11/2021 09:04, Jan Beulich wrote: >> On 19.11.2021 19:21, Andrew Cooper wrote: >>> --- a/xen/arch/x86/x86_64/entry.S >>> +++ b/xen/arch/x86/x86_64/entry.S >>> @@ -773,14 +773,48 @@ handle_exception_saved: >>> sti >>> 1: movq %rsp,%rdi >>> movzbl UREGS_entry_vector(%rsp),%eax >>> - leaq exception_table(%rip),%rdx >>> #ifdef CONFIG_PERF_COUNTERS >>> lea per_cpu__perfcounters(%rip), %rcx >>> add STACK_CPUINFO_FIELD(per_cpu_offset)(%r14), %rcx >>> incl ASM_PERFC_exceptions * 4(%rcx, %rax, 4) >>> #endif >>> - mov (%rdx, %rax, 8), %rdx >>> - INDIRECT_CALL %rdx >>> + >>> + /* >>> + * Dispatch to appropriate C handlers. >>> + * >>> + * The logic is implemented as an if/else chain. DISPATCH() calls >>> + * need be in frequency order for best performance. >>> + */ >>> +#define DISPATCH(vec, handler) \ >>> + cmp $vec, %al; \ >>> + jne .L_ ## vec ## _done; \ >>> + call handler; \ >>> + jmp .L_exn_dispatch_done; \ >>> +.L_ ## vec ## _done: >>> + >>> + DISPATCH(X86_EXC_PF, do_page_fault) >>> + DISPATCH(X86_EXC_GP, do_general_protection) >>> + DISPATCH(X86_EXC_UD, do_invalid_op) >>> + DISPATCH(X86_EXC_NM, do_device_not_available) >>> + DISPATCH(X86_EXC_BP, do_int3) >>> + >>> + /* Logically "if ( (1 << vec) & MASK ) { do_trap(); }" */ >>> + mov $(1 << X86_EXC_DE) | (1 << X86_EXC_OF) | (1 << X86_EXC_BR) |\ >>> + (1 << X86_EXC_NP) | (1 << X86_EXC_SS) | (1 << X86_EXC_MF) |\ >>> + (1 << X86_EXC_AC) | (1 << X86_EXC_XM), %edx >>> + bt %eax, %edx >>> + jnc .L_do_trap_done >>> + call do_trap >>> + jmp .L_exn_dispatch_done >>> +.L_do_trap_done: >>> + >>> + DISPATCH(X86_EXC_CP, do_entry_CP) >>> +#undef DISPATCH >> The basis for the choice of ordering imo wants spelling out here. For >> example, >> despite the data provided in the description I'm not really convinced #BP >> wants handling ahead of everything going to do_trap(). > > Why? > > Debugging might be rare, but #BP gets used in non-error cases. > Everything heading towards do_trap() really got 0 hits, which is > entirely expected because they're all fatal signals by default. #MF and #XM certainly aren't. For some of the others I agree with "by default", but without extending this to "in general". >>> @@ -1012,9 +1046,28 @@ handle_ist_exception: >>> incl ASM_PERFC_exceptions * 4(%rcx, %rax, 4) >>> #endif >>> >>> - leaq exception_table(%rip),%rdx >>> - mov (%rdx, %rax, 8), %rdx >>> - INDIRECT_CALL %rdx >>> + /* >>> + * Dispatch to appropriate C handlers. >>> + * >>> + * The logic is implemented as an if/else chain. DISPATCH() calls >>> + * need be in frequency order for best performance. >>> + */ >>> +#define DISPATCH(vec, handler) \ >>> + cmp $vec, %al; \ >>> + jne .L_ ## vec ## _done; \ >>> + call handler; \ >>> + jmp .L_ist_dispatch_done; \ >>> +.L_ ## vec ## _done: >>> + >>> + DISPATCH(X86_EXC_NMI, do_nmi) >>> + DISPATCH(X86_EXC_DB, do_debug) >>> + DISPATCH(X86_EXC_MC, do_machine_check) >>> +#undef DISPATCH >>> + >>> + call do_unhandled_trap >>> + BUG /* do_unhandled_trap() shouldn't return. */ >> While I agree with putting BUG here, I don't see the need for the CALL. >> Unlike in handle_exception there's no vector left unhandled by the >> DISPATCH() invocations. The CALL being there give the (wrong) impression >> there would / might be. > > I firmly disagree. > > do_unhandled_trap() is a fatal error path both here and for the non IST > case, and is absolutely the appropriate thing to call in the dangling > else from this chain. > > It is only unreachable if 15 things line up correctly in a very fragile > piece of code, where both you and I have made errors in the past. The 15 things are: There may not be a new exception type vectored here without updating the dispatch code. Failing to do so is quite fine to be caught by the BUG alone. And adding new IST handlers requires care in a number of other places anyway, so anyone doing so will surely grep for all occurrences of the types presently handled here. That'll make them spot the dispatch which needs updating alongside the several other places. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.