Xen project Mailing List

Re: [PATCH v2.2 8/7] x86/IOMMU: Use altcall, and __initconst_cf_clobber

To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

Date: Wed, 2 Mar 2022 09:10:40 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YxYYx4qSTYeI5IcFW5GReI7x1E1NMhFusMjW6vzmXSE=; b=XpIxGTpTJ5o0GSrVeThD4+7625JzfxmPcN/MmYiLLiB04nkZPa/yf/qOzJSRfh0H/suWttE/bQJBIUu8N8T3slD2Lk7kepui8FPZwCnQ+dNUtjQ3wEpAXhSd84S13EUTNM6syTUmdvZk1IeARyXjnXKc9AbKqublK7+B/jAbv4AWXJzcl0zvp3Y6u/CqeXoOn1qjG7jVo6YfvbjXO3bBbICQMGRt4kKuv/yOmbb76zXDKdRmryBL/ldKdKsT9SKVhV3hAdysxXrzZDpaDE9KyvJj06guXCWaFDtNZnKaQXiNHY0YDJ0yf3mpJ8yiS6CIhONz6BuA9OA8tpGlONatLA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KHpnm1KTGSWq6AYPuy9F9SMhI+NwGszJpXpVoyOjNZISkvQsdK4l6goM4JFp5hcj4Tkx8hj7CXiTBZuN78SjUCD6tbrAE1/sZPGNiygXkCC6BRYvWvi1GZxIk1JnyO8LFXvrxEQBGkv5YKV78qtzrfQEQAkZzesmm7QtkkHlEN+EqZHkfJhhUtt1Hwax7sCBP93grNBAR/ajWX1HFUX2TUy+zOi8/zePdWD/nfzJPQgk1VZToGdqxEZiHlPO17AsbRqNhhf/JkppvePAUiYMibFAarornrBfBorY1a0PcmCCyI3KhWV2IJg1dscAMZPp1cP//xUF22DKQk2PcEl5JQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 02 Mar 2022 08:10:49 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 01.03.2022 15:58, Andrew Cooper wrote: > On 25/02/2022 08:24, Jan Beulich wrote: >> On 22.02.2022 12:47, Andrew Cooper wrote: >>> --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c >>> +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c >>> @@ -628,7 +628,7 @@ static void cf_check amd_dump_page_tables(struct domain >>> *d) >>> hd->arch.amd.paging_mode, 0, 0); >>> } >>> >>> -static const struct iommu_ops __initconstrel _iommu_ops = { >>> +static const struct iommu_ops __initconst_cf_clobber _iommu_ops = { >> Following my initcall related remark on x86'es time.c I'm afraid I don't >> see how this and ... >> >>> @@ -2794,7 +2793,7 @@ static int __init cf_check >>> intel_iommu_quarantine_init(struct domain *d) >>> return rc; >>> } >>> >>> -static struct iommu_ops __initdata vtd_ops = { >>> +static const struct iommu_ops __initconst_cf_clobber vtd_ops = { >> ... this actually works. But I guess I must be overlooking something, as >> I'm sure that you did test the change. >> >> Both ops structures reference a function, through .adjust_irq_affinities, >> which isn't __init but which is used (besides here) for an initcall. With >> the ENDBR removed by the time initcalls are run, these should cause #CP. > > This doesn't explode because the indirect calls are resolved to direct > calls before the ENDBR's are clobbered to NOP4. I'm afraid I don't understand: The problematic call is in do_initcalls(): for ( call = __presmp_initcall_end; call < __initcall_end; call++ ) (*call)(); I don't see how this could be converted to a direct call. Afaics only pre-SMP initcalls are safe in this regard: do_presmp_initcalls() is called immediately ahead of alternative_branches(). Isn't this (previously?) working related to your "x86/spec-ctrl: Disable retpolines with CET-IBT"? With full retpoline, there wouldn't be an indirect branch, but RET. But with JMP or LFENCE thunks this ought to fault (already before depending on thunk selection, but unconditionally now that your change was committed), I would think. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.