Xen project Mailing List

Re: [PATCH 1/4] x86/kexec: Stop hooking NMIs with trap_nop()

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 24 Mar 2026 12:50:26 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=titZYvq9gVWep25ap3pPF9wgZy59OhvNTTW1t1nOmiA=; b=rk4bw486wCZGhWYNQzRYj619YlFGfGG+knDXgEuIEpIJOaRsN29obDVRp3zeNx4KRCN15Uau3WhUjQuYK5BJig7mx7RR78mAJQihGy6/7F5oc+e5tdkaRf3KUsJvUcyTBrLS0fkz/B46VrGE1vfskoMycrSmPq3UVEPKlJyXZSTuDDlJ/AWvzOydytY1RHZ0JiAl0sJlxpsMpgfXWvdrjW7eqUWjw6hgwx8Yy7hyIRXMsHs5qujRH++WQziSqcgqmKZCyLKWB3DGU7XcLL2bAcbGf2fBYEJZr1nBTlvsF+EsZfw4sXU/CJTH94ZG0ojAP7J7wr5nZA3sOQaml8056A==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Vp6VTSAL0xbGOQvfSeA/3iupGzWES+QLMF1xGkiuNTPVcrMH2cPxWsOvN70w2qwMueTepOwCDU/5gENtsOV1PyH5QBL0yeu/DP72deeI4UnFmh8RLTmBpg7urtLHyu4eq2yyVZ/3ZB5nahJ2ZseOmXYHVbjiTI49hteDmPwECljcaCrn4U6Dkkgll/h9GLLlP5fdkVRzY1lpxa0w4RbTlPU4+dQPHmPR3vKsqrad3Xg07V8QREwS0/dz1Ir79YxczJKnG3tkyIUsJn0TQps+g3ixMUqocMOttXX6VC0ZvopGhGyBGSjAn6nCop12FN2mWU3s22IPOuNmast72KPbmQ==

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 24 Mar 2026 12:50:49 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 24/03/2026 11:52 am, Jan Beulich wrote: > On 19.03.2026 13:25, Andrew Cooper wrote: >> When FRED is active, it is not possible to hook NMIs like this. >> >> NMI hooking in the crash path has undergone several revisions since its >> introduction. Notably since commit e7f147bf4ac7 ("x86/crash: Drop manual >> hooking of exception_table[]") we use the regular nmi_callback() >> infrastructure. >> >> Instead of asserting that we don't enter do_nmi_crash() on the crashing CPU, >> tolerate it and return early. It's a marginally longer codepath but behaves >> the same and is compatible with FRED. >> >> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> > >> The other use of hooking the NMI handler like this is in play_dead() and >> introduced by commit 73cb1383bf8d ("x86/idle: re-arrange dead-idle >> handling"). It's unsafe, and the commit even mentions so for #MC. > Why is wiring to trap_nop() unsafe? I meant unsafe in FRED for the same reason; trap_nop() doesn't make the NMI path safe. > For FRED, shouldn't do_nmi() then gain a similar early exit for offlined > CPUs, replacing the IDT editing? That's not really good enough in FRED. For starters it doesn't cover entry_from_{pv,xen}(). e.g. I've discovered (the hard way) the problems of putting printk() ahead of NMI dispatch when testing NMIs. And there's still an open question about #MC in both modes. > >> On x86, we simply cannot free the per-cpu block for any CPU that hasn't been >> put back into the wait-for-SIPI state. > Please remind me, is there a reason we can't put CPUs we have offlined (not > parked) into that state? INIT clears CR4.MCE. Any multi-target #MC (even non-fully-broadcast ones) which includes this CPU escalates to SHUTDOWN. Also if you INIT any CPU the system doesn't like, you get SHUTDOWN too. Doing this to CPU0 is guaranteed to SHUTDOWN. One fun issue I found doing the AMD Entrysign work was that firmware no longer hands over to the OS with the APs in the Wait-for-SIPI state; they're typically handed over in Mwait. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.