Xen project Mailing List

Re: [PATCH v2.2 8/7] x86/IOMMU: Use altcall, and __initconst_cf_clobber

From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>

Date: Wed, 2 Mar 2022 10:12:45 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KShpUDFeDNO7NDkerg4z+iS5J1YnB7SYSH43894WEo4=; b=ksVc2mEyuF2uRKC/i9aRiQXxlA1VN/w3uaRAIsir+RYDmLF12g76zmNbWon3uESUy7iQp4HuoYAVbdJirOkQmGygyIkKtshL1vuS8rJx8Q7nu6chLg2RZX9oSj0xWxOcq/+XS0/TyfyzmuZMuxxsFMhWro7o4qcDeazO1hJ9RP2Gv1sd7ZFVGQM8XoObJTOSN6Orht6MB0KZPR2hRP7+AvB+Fsrw5JOaUO8NzPQ4CQrsSuh6oXFUhf6ig57qNRUhQwxiTMi/D0rbWy1iZMbAzc8kqPBAayajudOAI6CBFJeuDfbZ89yHNZllGpp8CgWktRearyMpGBeAw2S5+9myzA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=feUIOFZZOYllMcP8kQO0pJchqjnMXh1QD6b1l4fLjAJYJ6Uh2TSbySRkG4Oawoitgmh8E42ZRqT3hDnBtOUCTqaw271nfH3RAMYIIK5Wi3U/XRDRGpO8Ul1PVj2jxTh1Jtk2DkTMtx7RS4mrpuzS0K7AguXf97gnID6YrA0EKZvYZs9XQdJU+Hns1y13siDiCmcNUAuln3Pu1vd5hoUm0bDeIu8hlj3h8IsdnKxg7+f/s0CINd7Y2cL0nooLgzZ/bfBR8n/YYTaEcMWRtixBSL8x2JFwW2e+akMdPCuOUhA8TXIaORzWFDnsguOPybFzO6XWn7Gx5rBcjWjN6GER9w==

Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 02 Mar 2022 10:13:02 +0000

Ironport-data: A9a23:cBgmYqNJ6RddtijvrR24l8FynXyQoLVcMsEvi/4bfWQNrUom0TRTn GUfXW2DOfmJZmf1fd92bYnj8R8PvMDWn4BhSAto+SlhQUwRpJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdleF+lH1dOKJQUBUjclkfJKlYAL/En03FFcMpBsJ00o5wbZi2tQw27BVPivW0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pGTU2FFFPqQ5E8IwKPb 72rIIdVXI/u10xF5tuNyt4Xe6CRK1LYFVDmZnF+A8BOjvXez8CbP2lS2Pc0MC9qZzu1c99Z6 o535cC+RzkVZIbjh8A7dxVfL3sgMvgTkFPHCSDXXc27ykTHdz3nwul0DVFwNoodkgp1KTgQr 7pCcmlLN03dwbLtqF64YrAEasALBc/nJo4A/FpnyinUF60OSpHfWaTao9Rf2V/cg+gQQamCP 5VANVKDajycej93Cg89M64vwuCxr13fazpxjwis8P9fD2/7k1UqjemF3MDuUsyHQ4BZk1iVo krC/n/lGVcKOdqH0z2H/3mwwOjVkkvTR4Y6BLC+sPlwjzW7xGYeFRkXXluTuuSihwi1XNc3F qAP0nNw9+5orhXtF4SjGU3jyJKZgvICc/gLKb1m5g+z9vD/zBm9IEwISQIbNtNz4afaWgcW/ lOOmtroAxlmv7uUVW+R+9+okN+iBcQGBTRcPHFZFGPp9/Gm+dhu1UyXEr6PBYbo1oWdJN3m/ 9ydQMHSbZ03hNVD6ai09Euvb9mE9smQFV5dCuk6swuYAuJFiGyNOtTABbvzt68owGOlor+p5 iJsdy+2tr1mMH11vHbRKNjh5Znwjxp/DBXSgER0A74q/Cm39niocOh4uW8ieh43ap5VJ2a4O ic/XD+9ArcJZhNGioctPuqM5zkCl/C8RbwJqNiOBjaxXnSBXFDep3w/DaJh92vsjFItgckC1 WSzKq6R4YIhIf0/llKeHr5FuZdyn3xW7T6DFPjTkkX8uZLDNSH9dFvwGAbXBgzPxPjf+1u9H hc2H5bi9iizp8WlOniHqdNIdAtSRZX5bLivw/Fqmie4ClMOMEkqCuPLwKNnfIpgnq9PkfzP8 G37UUhdoGcTT1WeQelWQhiPsI/SYKs=

Ironport-hdrordr: A9a23:BufCV6AT2g61TAblHegMsceALOsnbusQ8zAXPh9KJyC9I/b2qy nxppgmPEfP+UossHFJo6HlBEEZKUmsu6KdkrNhQotKOzOW+VdATbsSorcKpgeAJ8SQzJ8k6U 4NSdkdNDS0NykGsS+Y2nj5Lz9D+qj9zEnAv463pB0BLXAIV0gj1XYCNu/yKDwteOAsP+tfKH Po3Ls/m9PWQwVwUi3UPAhhY8Hz4/nw0L72ax8PABAqrCOUiymz1bL8Gx+Emj8DTjJm294ZgC v4uj28wp/mn+Cwyxfa2WOWxY9RgsHdxtxKA9HJotQJKw/rlh2jaO1aKv+/VXEO0aSSAWQR4Z 7xSiQbToJOArTqDziISC7Wqk3dOfAVmiffIBGj8CDeSIfCNUwH4oJ69PNkm13imhcdVZhHod F2NyjyjesmMTrQ2Cv6/NTGTBdsiw69pmcji/caizhFXZIZc6I5l/1UwKp5KuZJIMvB0vFtLA CuNrCq2N9GNVeBK3zJtGhmx9KhGnw1AxedW0AH/siYySJfknx1x1YRgJV3pAZNyLstD51fo+ jUOKVhk79DCscQcKJmHe8EBc+6EHbETx7AOH+bZV7nCKYEMXTQrIOf2sR52Mi6PJgTiJcikp XIV11V8WY0ZkL1EMWLmIZG9xjcKV/NFAgFCvsukaSRloeMMYYDaxfzOmzGu/HQ18kiPg==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHYJ+IV6PtRJY8p5U2wBnUH9jKzdqyj8n0AgAa3aoCAASBXAIAAIhyA

Thread-topic: [PATCH v2.2 8/7] x86/IOMMU: Use altcall, and __initconst_cf_clobber

On 02/03/2022 08:10, Jan Beulich wrote: > On 01.03.2022 15:58, Andrew Cooper wrote: >> On 25/02/2022 08:24, Jan Beulich wrote: >>> On 22.02.2022 12:47, Andrew Cooper wrote: >>>> --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c >>>> +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c >>>> @@ -628,7 +628,7 @@ static void cf_check amd_dump_page_tables(struct >>>> domain *d) >>>> hd->arch.amd.paging_mode, 0, 0); >>>> } >>>> >>>> -static const struct iommu_ops __initconstrel _iommu_ops = { >>>> +static const struct iommu_ops __initconst_cf_clobber _iommu_ops = { >>> Following my initcall related remark on x86'es time.c I'm afraid I don't >>> see how this and ... >>> >>>> @@ -2794,7 +2793,7 @@ static int __init cf_check >>>> intel_iommu_quarantine_init(struct domain *d) >>>> return rc; >>>> } >>>> >>>> -static struct iommu_ops __initdata vtd_ops = { >>>> +static const struct iommu_ops __initconst_cf_clobber vtd_ops = { >>> ... this actually works. But I guess I must be overlooking something, as >>> I'm sure that you did test the change. >>> >>> Both ops structures reference a function, through .adjust_irq_affinities, >>> which isn't __init but which is used (besides here) for an initcall. With >>> the ENDBR removed by the time initcalls are run, these should cause #CP. >> This doesn't explode because the indirect calls are resolved to direct >> calls before the ENDBR's are clobbered to NOP4. > I'm afraid I don't understand: The problematic call is in do_initcalls(): > > for ( call = __presmp_initcall_end; call < __initcall_end; call++ ) > (*call)(); > > I don't see how this could be converted to a direct call. Oh. iov_adjust_irq_affinities()'s double use is hiding here. The safety rule for cf_clobber is that there must not be any non-alt-called callers. We need to fix it: diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c index 657c7f619a51..b1af5085efda 100644 --- a/xen/drivers/passthrough/amd/iommu_init.c +++ b/xen/drivers/passthrough/amd/iommu_init.c @@ -831,7 +831,12 @@ int cf_check iov_adjust_irq_affinities(void) return 0; } -__initcall(iov_adjust_irq_affinities); + +int cf_check __init initcall_iov_adjust_irq_affinities(void) +{ + return iommu_call(&iommu_ops, adjust_irq_affinities); +} +__initcall(initcall_iov_adjust_irq_affinities); /* * Family15h Model 10h-1fh erratum 746 (IOMMU Logging May Stall Translations) > Afaics only pre-SMP initcalls are safe in this regard: do_presmp_initcalls() > is called immediately ahead of alternative_branches(). > > Isn't this (previously?) working related to your "x86/spec-ctrl: Disable > retpolines with CET-IBT"? No. It's because AMD CPUs don't have CET-IBT at this juncture, and will never encounter a faulting situation. This is exactly what the UD1 adjustment in Linux are intended to spot, because that would cause all AMD hardware to explode, not just the IBT-enabled ones. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.