[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/ioapic: sanitize IO-APIC pins before enabling the local APIC


  • To: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 10 Jul 2023 12:56:27 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mQvb+1kLVWdEgkiCAJ3I7xIPXIljQ4Ub1kVaTTH+OFA=; b=ZP4YLxdWQ3qwBn8/C04OpSVSeNRaS1PIPNehOyq7ByVcGaslGkqgmUzjKRIkVWMlfaIUh1rQC2DrELSF/2PcoVXpxAeEkuBYB/LOLLEZokbMGAwCBI9hT2ncCpnh5qxCk+RKMVBPEv33XhAtTMSfGOZdBa+Ibv7MSvS4oZQwtbdmZAwIJv/93L58rayZ+bRIsh1GMxdE3VkpyIaXmshNcrm2zaTFOGX69Di9zJ90rVqY9JU9ZTFyqATwB5Q60iRKWbKMLiPhrI6LoOcW+rva3DYAmMJp6Jy1Y8oecCmnhMrmJRRukYfPtvX0oSWnCeN9t06r3yXMVKgUvoRtD7RhDg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QTdWwhYKxUi7Kt2PSn9XSuulNe8g+yRwlnJIRK/CsKdNs0b+wLzS514TH2u7zYfZbNYthdND1j6Gkc3lyezka2af+2f7YlFm/Hx5Tv99IhV5HMs8Y558yHmbB8gO45SoeRKFGzoHaXpgd28EVLYHyewiCH9lR9yjgISJiZzRed5eokF4Qc8Nqzqx2n3ntsFYyBv/1u6O8SMosG5pFQGLYzyTxGv7TFbqA+WiRbxZcaKEMEJFC4g1J/zNlnc9YLCt6XC4yVg/ztegrPT1wuuqDcD1RKAdm0Wt4hoLUUkddfCLH7mZHFEBBGtCySND3Wd+ndbTJNCSXu3cLsvdYtjJhg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 10 Jul 2023 10:56:48 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 07.07.2023 11:53, Roger Pau Monne wrote:
> The current logic to init the local APIC and the IO-APIC does init the
> former first before doing any kind of sanitation on the IO-APIC pin
> configuration.  It's already noted on enable_IO_APIC() that Xen
> shouldn't trust the IO-APIC being empty at bootup.
> 
> At XenServer we have a system where the IO-APIC 0 is handed to Xen
> with pin 0 unmasked, set to Fixed delivery mode, edge triggered and
> with a vector of 0 (all fields of the RTE are zeroed).  Once the local
> APIC is enabled periodic injections from such pin cause a storm of
> errors:
> 
> APIC error on CPU0: 00(40), Received illegal vector
> APIC error on CPU0: 40(40), Received illegal vector
> APIC error on CPU0: 40(40), Received illegal vector
> APIC error on CPU0: 40(40), Received illegal vector
> APIC error on CPU0: 40(40), Received illegal vector
> APIC error on CPU0: 40(40), Received illegal vector
> 
> That prevents Xen from booting.

And I expect no RTE is in ExtInt mode, so one might conclude that
firmware meant to set up RTE 0 that way. Mainly as a remark, albeit
of course there's then the question whether to change the RTE
rather than masking it. What do ACPI tables say?

> Fix this by moving the masking of IO-APIC pins ahead of the enabling
> of the local APIC.  Note that before doing such masking Xen attempts
> to detect the pin where the legacy i8259 is connected, and that logic
> relies on the pin being unmasked, hence the logic is also moved ahead
> of enabling the local APIC.

A comma after "masking" might help readers here.

> --- a/xen/arch/x86/apic.c
> +++ b/xen/arch/x86/apic.c
> @@ -1476,6 +1476,10 @@ int __init APIC_init_uniprocessor (void)
>          return -1;
>      }
>  
> +    if ( smp_found_config && !skip_ioapic_setup && nr_ioapics )
> +        /* Sanitize the IO-APIC pins before enabling the local APIC. */
> +        sanitize_IO_APIC();

I'm a little puzzled by the smp_found_config part of the check here,
but not in smp_prepare_cpus(). What's the reason for (a) the check
and (b) the difference? Isn't checking nr_ioapics sufficient in this
regard? (b) probably could be addressed by moving the code to the
beginning of verify_local_APIC(), immediately ahead of which you
insert both call sites. (At which point the function may want naming
verify_IO_APIC() for consistency, but that's surely minor.)

As to also checking skip_ioapic_setup - wouldn't the unmasked pin be
similarly troublesome in that case? Aiui it would not hurt only if
the LAPIC also isn't (going to be) set up. Then again the flag,
among other things, signals a zero base address found in the ACPI or
MP tables, so I guess this is a (largely) separate issue anyway.

Jan



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.