[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/ioapic: sanitize IO-APIC pins before enabling the local APIC


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Mon, 10 Jul 2023 16:43:17 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P+Om8Az9LxQaT164FstBhBo5DJ8kmbPInUPpxTaDWlk=; b=lLRp98bt7Kno3z6ckzxQs0sleFhyMW3OSIqnHbc5ah3w4ECR/+55CbQPjiaOcCi4PntEIq1wHrbI98Wd1A2YaoGrNod9svPkavfrTxqfLlzoIA7DjsC9+T3tHMZGfHCEAvC2I/5CqA6dAE/jzHRJV4nD7rzbU98Q5VDsMLFMW6RS4eXzR0CBHE7oaknwLSdjeiS+xxdaJs5KgIzg8nJoSt7XTNBLPyoiKX/WR18fTsoe8xpqY6XzWsI6VrXoYsUjsImdMCMdxrwvYHSEMHSSvc1wh8/lAZ/m2ePFilyySZ0tk968EVB/i+lY0HURkJq23GjuuxI9OF83EsWnRIDQKw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZI94pnTqwwAo6/PEcJMtNQJ3VJ3ap37k6Y4quwK8LY1F+/nhV8BTpYKxYEiBEixq22AMd1+pYrqtwrx522SlurVzJ+HqCboihNwWdPIT1c+33Uwo3tXozmuy4FZWiRJoTr24vSUaWi2QL0yM6/QXH9KGg9ni1HK8gtRq3p3/QD+79bn/ChOUx3yawqMWYrmC/nsVVjcJZeQNmYeowQ6lkONccu6d/jnNvqUF0kK2XgrMk8Ohq0fNO7NlAfB9JDeJ0HyTYwhBqALj7hSR66dNrBrf3Ntzvt6meeZwtKRQklQ2ys1KOQIQMh77xAX8kPhPMj48DSrrOu6bWFXBmj2fMQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 10 Jul 2023 14:44:11 +0000
  • Ironport-data: A9a23:ZRlsDqn9KZbMYdba42fRV5To5gygJ0RdPkR7XQ2eYbSJt1+Wr1Gzt xJOCmqOMqzfNGP9fYtyat+z/UsFvsPWnNc1TgBspHhjEiMWpZLJC+rCIxarNUt+DCFhoGFPt JxCN4aafKjYaleG+39B55C49SEUOZmgH+a6U6icfHgqH2eIcQ954Tp7gek1n4V0ttawBgKJq LvartbWfVSowFaYCEpNg064gE0p5K2aVA8w5ARkPqgU5QeGzhH5MbpETU2PByqgKmVrNrbSq 9brlNmR4m7f9hExPdKp+p6TnpoiG+O60aCm0xK6aoD66vRwjnVaPpUTbZLwXXx/mTSR9+2d/ f0W3XCGpaXFCYWX8AgVe0Ew/yiTpsSq8pefSZS0mZT7I0Er7xIAahihZa07FdRwxwp5PY1B3 dtbBhMNRDeRu/iVmq6mQcBnjP8Kdsa+aevzulk4pd3YJdAPZMmZBonvu5pf1jp2gd1SF/HDY cZfcSBocBnLfxxIPBEQFY46m+CrwHL4dlW0qnrM/fZxvzeVkV03iee3WDbWUoXiqcF9hEGXq 3iA523kKhobKMae2XyO9XfEaurnxHqlAdlJTe3knhJsqH/MxnBOJUI7b0qyuNOzm2vhUOJcM WVBr0LCqoB3riRHVOLVXRe1vXqFtR40QMdLHqsx7wTl4rXQyxaUAC4DVDEpQMwrsoo6SCIn0 neNnsj1Hnp/vbuNU3Wf+7yI6zSoNkAowXQqYCYFSU4J5oflqYRq1BbXFI88Suiyk8H/Hiz2z 3aSti8iir4PjMkNkaKm4VTAhDHqrZ/MJuIo2jjqsquexlsRTOaYi0aAsgazASpoRGpBcmS8g Q==
  • Ironport-hdrordr: A9a23:THWblagHuOv53mDXs/6jor7+TnBQXuAji2hC6mlwRA09TyX+ra yTdZUguiMc7Qx7ZJhOo7690cW7IE80l6QFgrX5TI3DYOCOggLBRuxfBODZsl/d8kPFh4lg/J YlX69iCMDhSXhW5PyKhjVQyuxQpeVvJprY4dvj8w==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Jul 10, 2023 at 12:56:27PM +0200, Jan Beulich wrote:
> On 07.07.2023 11:53, Roger Pau Monne wrote:
> > The current logic to init the local APIC and the IO-APIC does init the
> > former first before doing any kind of sanitation on the IO-APIC pin
> > configuration.  It's already noted on enable_IO_APIC() that Xen
> > shouldn't trust the IO-APIC being empty at bootup.
> > 
> > At XenServer we have a system where the IO-APIC 0 is handed to Xen
> > with pin 0 unmasked, set to Fixed delivery mode, edge triggered and
> > with a vector of 0 (all fields of the RTE are zeroed).  Once the local
> > APIC is enabled periodic injections from such pin cause a storm of
> > errors:
> > 
> > APIC error on CPU0: 00(40), Received illegal vector
> > APIC error on CPU0: 40(40), Received illegal vector
> > APIC error on CPU0: 40(40), Received illegal vector
> > APIC error on CPU0: 40(40), Received illegal vector
> > APIC error on CPU0: 40(40), Received illegal vector
> > APIC error on CPU0: 40(40), Received illegal vector
> > 
> > That prevents Xen from booting.
> 
> And I expect no RTE is in ExtInt mode, so one might conclude that
> firmware meant to set up RTE 0 that way. Mainly as a remark, albeit
> of course there's then the question whether to change the RTE
> rather than masking it. What do ACPI tables say?

There's one relevant override:

[668h 1640   1]                Subtable Type : 02 [Interrupt Source Override]
[669h 1641   1]                       Length : 0A
[66Ah 1642   1]                          Bus : 00
[66Bh 1643   1]                       Source : 00
[66Ch 1644   4]                    Interrupt : 00000002
[670h 1648   2]        Flags (decoded below) : 0000
                                    Polarity : 0
                                Trigger Mode : 0

So IRQ 0 -> GSI 2, so it's likely pin 0 is the one the i8259 is
connected to.

> > Fix this by moving the masking of IO-APIC pins ahead of the enabling
> > of the local APIC.  Note that before doing such masking Xen attempts
> > to detect the pin where the legacy i8259 is connected, and that logic
> > relies on the pin being unmasked, hence the logic is also moved ahead
> > of enabling the local APIC.
> 
> A comma after "masking" might help readers here.
> 
> > --- a/xen/arch/x86/apic.c
> > +++ b/xen/arch/x86/apic.c
> > @@ -1476,6 +1476,10 @@ int __init APIC_init_uniprocessor (void)
> >          return -1;
> >      }
> >  
> > +    if ( smp_found_config && !skip_ioapic_setup && nr_ioapics )
> > +        /* Sanitize the IO-APIC pins before enabling the local APIC. */
> > +        sanitize_IO_APIC();
> 
> I'm a little puzzled by the smp_found_config part of the check here,
> but not in smp_prepare_cpus(). What's the reason for (a) the check
> and (b) the difference?

This just mimics what gates the call to setup_IO_APIC() in that same
function.  It makes no sense to call sanitize_IO_APIC() if
setup_IO_APIC() is not called, and I wasn't planning on changing the
logic that gates the call setup_IO_APIC() in this patch.

I did note the difference with smp_prepare_cpus(), and I think we
should look at unifying those paths, but didn't want to do it as part
of this fix.

> Isn't checking nr_ioapics sufficient in this
> regard? (b) probably could be addressed by moving the code to the
> beginning of verify_local_APIC(), immediately ahead of which you
> insert both call sites. (At which point the function may want naming
> verify_IO_APIC() for consistency, but that's surely minor.)

I wanted the call to sanitize_IO_APIC() to be done at the same level
where the call to setup_IO_APIC() is done, because it makes the logic
clearer.

> As to also checking skip_ioapic_setup - wouldn't the unmasked pin be
> similarly troublesome in that case?

skip_ioapic_setup is set when the IO-APIC address in the MADT is
invalid, so in that case attempting to access IO-APIC registers in
that case won't lead to anything good.

> Aiui it would not hurt only if
> the LAPIC also isn't (going to be) set up. Then again the flag,
> among other things, signals a zero base address found in the ACPI or
> MP tables, so I guess this is a (largely) separate issue anyway.

Oh, yes, indeed.  See my reply above.

Thanks, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.