From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393500; cv=none; d=zohomail.com; s=zohoarc; b=OgveKPtfT+wDxU1v0QnnRqN933ndV5sgOQfDR2O3Y0fbuyu1ZyQ21JR7CdsgHdSfV2yY5222wq8mfNy6bMk0jjrHo2EyvWcyPKBCRyh3KhvkMIVLTrOH8Sw5QlJWjWvtnlnowUhS1wTTiqKqJu2WY0mocEYfjwJG88g0A+8kfSw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393500; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=J2EVmmjqFS7PYu/ShHATpZ9lvd3vIceWFHS6NTUacMY=; b=j/jNFY50/PY0H7tj2aVo76Ir/kadnsZiDp9XrlrAP+9D4zzN7d8x02+bEgaoCyNKgwlqcHyYAKsdAisBUStCEsGv26ZN5DsO0kIQwSFpEt8NQZtIPMfP1DUD9tqKdXEc1QagUCvWgPD9+GxkxYlEPBxz15/QHcSmGg66E4lWovU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393500778234.40047272783272; Thu, 28 Aug 2025 08:05:00 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099105.1453024 (Exim 4.92) (envelope-from ) id 1ureBB-0003SU-DG; Thu, 28 Aug 2025 15:04:45 +0000 Received: by outflank-mailman (output) from mailman id 1099105.1453024; Thu, 28 Aug 2025 15:04:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureBB-0003SN-99; Thu, 28 Aug 2025 15:04:45 +0000 Received: by outflank-mailman (input) for mailman id 1099105; Thu, 28 Aug 2025 15:04:44 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureBA-0003MD-1b for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:04:44 +0000 Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [2a00:1450:4864:20::333]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 540174e8-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:04:43 +0200 (CEST) Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-45b4d89217aso6671005e9.2 for ; Thu, 28 Aug 2025 08:04:43 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.04.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:04:20 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 540174e8-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393482; x=1756998282; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=J2EVmmjqFS7PYu/ShHATpZ9lvd3vIceWFHS6NTUacMY=; b=s/TpVH4pbFVI3DZ9l1uap3T4yBgtYzZ8XvIMJvvm+Wbszs8Z9iTiY0QGO7Z1QfDUop 5M0UBPsAcNWvTsE7gIw8Zpcsjzqg3vhtrBsHHcVWhMCpa2j2Mbv/96LNL29IbK0CuK+e Y6WKHUBqm8oPLIdvSlmOK1M/WAxH28jF/Dme0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393482; x=1756998282; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J2EVmmjqFS7PYu/ShHATpZ9lvd3vIceWFHS6NTUacMY=; b=jVdzgwcfdGQsmm/0OL4zQqESqC5y7s27CL9JeXk83Gmthp4WXcX0WIBcrrQ27PLsAV NvYAuSBfPteacgZI5ph/djILOgDL24d1TO8alHERFH8+aieGuPlGvwAqnF8mV+OJ1+ib 5iGveAxILLP+obp+EosX5snAMrMTw5XhZPdS9s3oiAf9ZhuZ23MN4CeKjmXOwBekxsSq iHvBYNKq84Vj0ogsC1QFcG3m3iCSqiEpruSvVBSOJ/eMZW7G8Fvd0tVCq1/8wVaoRgMr jEuYcruqRiAaVLERNdS91DaY0Kn86iO6qcLQhhJ98ORLM1jcVIbx95RYUEDCNT5tnXP9 nsEQ== X-Gm-Message-State: AOJu0Yx4qyq+SBB8p1yz5WSySTtGh7Psv+SqisR3XARNVOH0CFCVUi1y OCWW6ayVquR3ZVNoTGiKHLSz3t2tMfl4rcFDDp0TTg+xwq1gCSI9T8SG+Aav48gW4Z3UDpTtI/i 5C2d3 X-Gm-Gg: ASbGncslNTLvefhlHpY4GU6t1ViG7A51kmdXrlm7orFktnhkGYgMZU4GZhyPcktTS/p E2+sti3K/S7NW3bYMdpVbkoxaRvNpP4UxAmRZMNxYSsO46N95z7pzJDZboCzfddXwLAdluzu+t5 ZNr3iyXcKMc/NDHv9T6MkQnsagAvuUNWw42LMSncQ6ZZyC4JOVt6d7o/3Dk5PYWEi8kGaWI5nuu qPuUS0OpRvGLoWKmZMXLdO9L5VdfxhCAEPU8VaYwkvkk/qRkwLpA1jX7gTDACxHx0L89D4Z0QF4 geI+2y5qVlOm23S56u6cKtCQkr+4vBikjbaHFXQokUcsoRxM2M0TAA9vxzcPO+tObnPjELM4FG6 i4XN/QrLFZn0BWj7sLf0NL7bhfArvVaQFFzGflT0OHY3ufV3ZgpJE/KTF+qHPW+7jLsPST04C5h o5 X-Google-Smtp-Source: AGHT+IEPs/ZTjczuKDfvvXkzmN25aXndPliXOGIOW9IGVxC+zz1AXw1vRurpUBoJLJcmgAcuN476jw== X-Received: by 2002:a05:600c:5254:b0:45b:7bba:c7b5 with SMTP id 5b1f17b1804b1-45b7bbacbe5mr16434855e9.28.1756393482338; Thu, 28 Aug 2025 08:04:42 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 01/23] x86: FRED enumerations Date: Thu, 28 Aug 2025 16:03:47 +0100 Message-Id: <20250828150409.901315-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393501805116600 Of note, CR4.FRED is bit 32 and cannot enabled outside of 64bit mode. Most supported toolchains don't understand the FRED instructions yet. ERETU and ERETS are easy to wrap (they encoded as REPZ/REPNE CLAC), while LKGS is more complicated and deferred for now. I have intentionally named the FRED MSRs differently to the spec. In the spec, the stack pointer names alias the TSS fields of the same name, despite very different semantics. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * Drop CONFIG_HAS_AS_FRED --- xen/arch/x86/include/asm/asm-defns.h | 8 ++++++++ xen/arch/x86/include/asm/cpufeature.h | 3 +++ xen/arch/x86/include/asm/cpufeatures.h | 2 +- xen/arch/x86/include/asm/msr-index.h | 11 +++++++++++ xen/arch/x86/include/asm/x86-defns.h | 1 + xen/include/public/arch-x86/cpufeatureset.h | 3 +++ 6 files changed, 27 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/include/asm/asm-defns.h b/xen/arch/x86/include/as= m/asm-defns.h index 61a5faf90446..239dc3af096c 100644 --- a/xen/arch/x86/include/asm/asm-defns.h +++ b/xen/arch/x86/include/asm/asm-defns.h @@ -4,6 +4,14 @@ .byte 0x0f, 0x01, 0xfc .endm =20 +/* binutils >=3D 2.41 or LLVM >=3D 19 */ +.macro eretu + .byte 0xf3, 0x0f, 0x01, 0xca +.endm +.macro erets + .byte 0xf2, 0x0f, 0x01, 0xca +.endm + /* * Call a noreturn function. This could be JMP, but CALL results in a more * helpful backtrace. BUG is to catch functions which do decide to return= ... diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/a= sm/cpufeature.h index 441a7ecc494b..b6cf0c8dfc7c 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -246,6 +246,9 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_has_avx_vnni boot_cpu_has(X86_FEATURE_AVX_VNNI) #define cpu_has_avx512_bf16 boot_cpu_has(X86_FEATURE_AVX512_BF16) #define cpu_has_cmpccxadd boot_cpu_has(X86_FEATURE_CMPCCXADD) +#define cpu_has_fred boot_cpu_has(X86_FEATURE_FRED) +#define cpu_has_lkgs boot_cpu_has(X86_FEATURE_LKGS) +#define cpu_has_nmi_src boot_cpu_has(X86_FEATURE_NMI_SRC) #define cpu_has_avx_ifma boot_cpu_has(X86_FEATURE_AVX_IFMA) =20 /* CPUID level 0x80000021.eax */ diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/= asm/cpufeatures.h index 71308d9dafc8..0a98676c1604 100644 --- a/xen/arch/x86/include/asm/cpufeatures.h +++ b/xen/arch/x86/include/asm/cpufeatures.h @@ -18,7 +18,7 @@ XEN_CPUFEATURE(ARCH_PERFMON, X86_SYNTH( 3)) /* Intel= Architectural PerfMon XEN_CPUFEATURE(TSC_RELIABLE, X86_SYNTH( 4)) /* TSC is known to be rel= iable */ XEN_CPUFEATURE(XTOPOLOGY, X86_SYNTH( 5)) /* cpu topology enum exte= nsions */ XEN_CPUFEATURE(CPUID_FAULTING, X86_SYNTH( 6)) /* cpuid faulting */ -/* Bit 7 unused */ +XEN_CPUFEATURE(XEN_FRED, X86_SYNTH( 7)) /* Xen uses FRED */ XEN_CPUFEATURE(APERFMPERF, X86_SYNTH( 8)) /* APERFMPERF */ XEN_CPUFEATURE(MFENCE_RDTSC, X86_SYNTH( 9)) /* MFENCE synchronizes RD= TSC */ XEN_CPUFEATURE(XEN_SMEP, X86_SYNTH(10)) /* SMEP gets used by Xen = itself */ diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/as= m/msr-index.h index 428d993ee89b..bb48d16f0c6d 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -115,6 +115,17 @@ #define MCU_OPT_CTRL_GDS_MIT_DIS (_AC(1, ULL) << 4) #define MCU_OPT_CTRL_GDS_MIT_LOCK (_AC(1, ULL) << 5) =20 +#define MSR_FRED_RSP_SL0 0x000001cc +#define MSR_FRED_RSP_SL1 0x000001cd +#define MSR_FRED_RSP_SL2 0x000001ce +#define MSR_FRED_RSP_SL3 0x000001cf +#define MSR_FRED_STK_LVLS 0x000001d0 +#define MSR_FRED_SSP_SL0 MSR_PL0_SSP +#define MSR_FRED_SSP_SL1 0x000001d1 +#define MSR_FRED_SSP_SL2 0x000001d2 +#define MSR_FRED_SSP_SL3 0x000001d3 +#define MSR_FRED_CONFIG 0x000001d4 + #define MSR_RTIT_OUTPUT_BASE 0x00000560 #define MSR_RTIT_OUTPUT_MASK 0x00000561 #define MSR_RTIT_CTL 0x00000570 diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/as= m/x86-defns.h index 23579c471f4a..0a0ba83de786 100644 --- a/xen/arch/x86/include/asm/x86-defns.h +++ b/xen/arch/x86/include/asm/x86-defns.h @@ -75,6 +75,7 @@ #define X86_CR4_PKE 0x00400000 /* enable PKE */ #define X86_CR4_CET 0x00800000 /* Control-flow Enforcement Technolo= gy */ #define X86_CR4_PKS 0x01000000 /* Protection Key Supervisor */ +#define X86_CR4_FRED (_AC(1, ULL) << 32) /* Fast Return and Event De= livery */ =20 #define X86_CR8_VALID_MASK 0xf =20 diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ= ic/arch-x86/cpufeatureset.h index 990b1d13f301..af69cf3822eb 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -310,7 +310,10 @@ XEN_CPUFEATURE(ARCH_PERF_MON, 10*32+8) /* Architectu= ral Perfmon */ XEN_CPUFEATURE(FZRM, 10*32+10) /*A Fast Zero-length REP MOVSB */ XEN_CPUFEATURE(FSRS, 10*32+11) /*A Fast Short REP STOSB */ XEN_CPUFEATURE(FSRCS, 10*32+12) /*A Fast Short REP CMPSB/SCASB */ +XEN_CPUFEATURE(FRED, 10*32+17) /* Fast Return and Event Delivery= */ +XEN_CPUFEATURE(LKGS, 10*32+18) /* Load Kernel GS instruction */ XEN_CPUFEATURE(WRMSRNS, 10*32+19) /*S WRMSR Non-Serialising */ +XEN_CPUFEATURE(NMI_SRC, 10*32+20) /* NMI-Source Reporting */ XEN_CPUFEATURE(AMX_FP16, 10*32+21) /* AMX FP16 instruction */ XEN_CPUFEATURE(AVX_IFMA, 10*32+23) /*A AVX-IFMA Instructions */ XEN_CPUFEATURE(LAM, 10*32+26) /* Linear Address Masking */ --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393525; cv=none; d=zohomail.com; s=zohoarc; b=ejk4yRuu1e3si9C4gvAmGduADEFh1O/gcMpzDdgvk4S2Fds78WhD/pzNy1N9QGRdirr2kVlbGNqI9p6ZutZm5dKFVjqbrlt4/pJJCyPjgcjqOwgdDLUqbTpWTHaSKiIXdN1T6NSGYSoMc7KXIcM6NuQ0WXFRRRDeZxmWoMv2JDg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393525; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=+rSETqeO7pVr8yy1cJ/ZWYHDSUYISCFYWWC8z2uEGqY=; b=bY6JHnKZsmktXrh12HRCd9rVbbCgKgpNGnxQIPF2Z1dkFN56hfbjqARcCvowsFpkGunrDpf62kgw7/D/GJC0swkBDyWdX4czzTofuuPKM+/VgPWZ6BZIjQ9RBxbgcYhYySaM1tuenBm0IDWXa90y3IctA7YapXux2UdEh6oLDMc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393524989594.5200017279144; Thu, 28 Aug 2025 08:05:24 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099113.1453034 (Exim 4.92) (envelope-from ) id 1ureBT-0003vn-KZ; Thu, 28 Aug 2025 15:05:03 +0000 Received: by outflank-mailman (output) from mailman id 1099113.1453034; Thu, 28 Aug 2025 15:05:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureBT-0003vg-Hs; Thu, 28 Aug 2025 15:05:03 +0000 Received: by outflank-mailman (input) for mailman id 1099113; Thu, 28 Aug 2025 15:05:02 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureBS-0003MD-PK for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:05:02 +0000 Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [2a00:1450:4864:20::435]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 5f61a8a2-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:05:02 +0200 (CEST) Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-3ceb9c3d98cso214393f8f.0 for ; Thu, 28 Aug 2025 08:05:02 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.04.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:04:42 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5f61a8a2-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393501; x=1756998301; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+rSETqeO7pVr8yy1cJ/ZWYHDSUYISCFYWWC8z2uEGqY=; b=s1y4p8s8gpwaraOGPhh6cfXANRwXp0lCvnM8lN2IeU6naGWhP/M9xN7yMpwkZ5L/ee 4cyGs5KDLDs3nUltJuQnu4KMwW/6xrJ3OKLNdsPt4OILFsN5qWq/28y23GO2pftfCDtQ oznHy0owz9r+jLqG/nwDjdx7RZgFEwDQpSNHc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393501; x=1756998301; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+rSETqeO7pVr8yy1cJ/ZWYHDSUYISCFYWWC8z2uEGqY=; b=COekTV6Ruvt2jsAmu/eIfF7dK/lmIxDF3ojS2uPV+jALQgKwoFZOpkrU70OuSGvO/7 4Y1I2OdYj4+e8VBLtThTRvuNLOE7WbqGLTHH4xJFKWfE9GVXRqgfegUmgHDfo0F0TrqS IgTla8yMwGlrj05a/+mOSkIsGvB8T4ER3IYfxsEewVS+w+Z5KA02nD1aBJaoRTHtIwHX 2I3Fd6g5yCN30anPEVF83JW9X7v1wh5Pb4eYgZNT0T3pO56I5bYBcr7UDNJ+YVMD9Eef dXAYN147TjswOSKxratg+3CKVskOUcfiNve7cVQ5sb7mDNvegANnii07SxXRWPh7JcIl 8Xzg== X-Gm-Message-State: AOJu0YzzAUnsOh0nral3tQgvxfiFkDj00ya+2cxpB5ln98cEoAxrtn9R BaTfP+pW2xGt3y8PaCmVIFxSOs2pTVux18r/O2i3h2sDkeOmqjqnLZJnP1xDsRvmtktCXYhxxRh 2actg X-Gm-Gg: ASbGncuY5gM1KVLSA7y3nc0ciKOnVGlekz+D3krEBKK8wOZYw5k5FLdPk31S9iWLA1m rCX7yR2L7e6X0cZ1D6QGgzc3GsTK45Wco9mdeQF4tZ7j7/ObdsfZueW3pSJLms0pRO1jDP2BKzL abAS25JAGR4jXHg3I1xDs7H8mDcEh08sdWdjwaNMD1IlOIOHDtqdQmCXSWulHmm+16NZia6Rfhq 25viA8BUnRaYuGN5UObf/r6Rs0gh5AIs+kDn80pt7fJgasDfpgj/Gbg26zg6n+1GQqyce+5jGso EG5ir/PCTneCG/fnWVPkihz10LOPhdpYz/1kS/xTl1eJLjZWZNcIReuiQtz1xls03WqOQkGqejy hoNwBcQK1cmH13EVMr7Gxhd8w/s+mABDD58Fvy6YzRXTWQseeXhXmdTe1rSpgXg/QQUCaicGTzF uK X-Google-Smtp-Source: AGHT+IH/I0EVRtsS4rmnlkXBd0cW4yUXcVS7/meIAdWpnRmRiOw5O46mXL/RvZVuCXPD8xHKQbG5bg== X-Received: by 2002:a5d:5847:0:b0:3cb:3490:6b82 with SMTP id ffacd0b85a97d-3cb34906dc2mr8471495f8f.55.1756393501354; Thu, 28 Aug 2025 08:05:01 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 02/23] x86/traps: Extend struct cpu_user_regs/cpu_info with FRED fields Date: Thu, 28 Aug 2025 16:03:48 +0100 Message-Id: <20250828150409.901315-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393526019116602 The FRED on-stack format is larger than the IDT format, but is by and large compatible. FRED reuses space above cs and ss for extra metadata, some of which is purely informational, and some of which causes additional effects = in ERET{U,S}. Follow Linux's choice of naming for fred_{c,s}s structures, to make it very clear at the point of use that it's dependent on FRED. There is also the event data field and reserved fields, but we cannot inclu= de these in struct cpu_user_regs without reintroducing OoB structure accesses = in the non-FRED case. See commit 6065a05adf15 ("x86/traps: 'Fix' safety of read_registers() in #DF path"). for more details. Instead, use a new struct fred_info and position it suitably in struct cpu_info. This boundary will be loaded into MSR_FRED_RSP_SL0, and must be 64-byte aligned. This does add 16 bytes back into struct cpu_info, undoing the saving we made by dropping the vm86 data segment selectors. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * .lm -> .l * Tweak comments --- xen/arch/x86/include/asm/cpu-user-regs.h | 71 ++++++++++++++++++++++-- xen/arch/x86/include/asm/current.h | 2 + xen/arch/x86/traps-setup.c | 5 ++ 3 files changed, 74 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/include/asm/cpu-user-regs.h b/xen/arch/x86/includ= e/asm/cpu-user-regs.h index 5b283a2f6d02..92aeca0aaa88 100644 --- a/xen/arch/x86/include/asm/cpu-user-regs.h +++ b/xen/arch/x86/include/asm/cpu-user-regs.h @@ -30,6 +30,10 @@ struct cpu_user_regs /* * During IDT delivery for exceptions with an error code, hardware pus= hes * to this point. Entry_vector is filled in by software. + * + * During FRED delivery, hardware always pushes to this point. Softwa= re + * copies fred_ss.vector into entry_vector so most interrupt/exception + * handling can be FRED-agnostic. */ =20 uint32_t error_code; @@ -42,18 +46,77 @@ struct cpu_user_regs */ =20 union { uint64_t rip; uint32_t eip; uint16_t ip; }; - uint16_t cs, _pad0[1]; - uint8_t saved_upcall_mask; /* PV (v)rflags.IF =3D=3D !saved_upcall_ma= sk */ - uint8_t _pad1[3]; + union { + struct { + uint16_t cs; + unsigned long :16; + uint8_t saved_upcall_mask; /* PV (v)rflags.IF =3D=3D !sa= ved_upcall_mask */ + }; + unsigned long csx; + struct { + /* + * Bits 0 to 31 control ERET{U,S} behaviour, and are state of = the + * interrupted context. + */ + uint16_t cs; + unsigned int sl:2; /* Stack Level */ + bool wfe:1; /* Wait-for-ENDBRANCH state */ + } fred_cs; + }; union { uint64_t rflags; uint32_t eflags; uint16_t flags; }; union { uint64_t rsp; uint32_t esp; uint16_t sp; uint8_t spl;= }; - uint16_t ss, _pad2[3]; + union { + uint16_t ss; + unsigned long ssx; + struct { + /* + * Bits 0 to 31 control ERET{U,S} behaviour, and are state abo= ut + * the event which occured. + */ + uint16_t ss; + bool sti:1; /* Was blocked-by-STI, and not cancel= led */ + bool swint:1; /* Was a SYSCALL/SYSENTER/INT $N. On= ERETx, pend_DB iff TF */ + bool nmi:1; /* Was an NMI. */ + unsigned long :13; + + /* + * Bits 32 to 63 are ignored by ERET{U,S} and are informative + * only. + */ + uint8_t vector; + unsigned long :8; + unsigned int type:4; /* X86_ET_* */ + unsigned long :4; + bool enclave:1; /* Event taken in SGX mode */ + bool l:1; /* Event taken in 64bit mode (old %cs= .l) */ + bool nested:1; /* Exception during event delivery (c= lear for #DF) */ + unsigned long :1; + unsigned int insnlen:4; /* .type >=3D SW_INT */ + } fred_ss; + }; =20 /* * For IDT delivery, tss->rsp0 points to this boundary as embedded wit= hin * struct cpu_info. It must be 16-byte aligned. */ }; +struct fred_info +{ + /* + * Event Data. For: + * #DB: PENDING_DBG (%dr6 with positive polarity) + * NMI: NMI-Source Bitmap (on capable hardware) + * #PF: %cr2 + * #NM: MSR_XFD_ERR (only XFD-induced #NMs) + */ + uint64_t edata; + uint64_t _rsvd; + + /* + * For FRED delivery, MSR_FRED_RSP_SL0 points to this boundary as embe= dded + * within struct cpu_info. It must be 64-byte aligned. + */ +}; =20 static inline uint64_t msr_fold(const struct cpu_user_regs *regs) { diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/= current.h index fd30422707d9..c1eb27b1c4c2 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -38,6 +38,8 @@ struct vcpu; =20 struct cpu_info { struct cpu_user_regs guest_cpu_user_regs; + struct fred_info _fred; /* Only used when FRED is active. */ + unsigned int processor_id; unsigned int verw_sel; struct vcpu *current_vcpu; diff --git a/xen/arch/x86/traps-setup.c b/xen/arch/x86/traps-setup.c index 25581acf1158..c89280270fbb 100644 --- a/xen/arch/x86/traps-setup.c +++ b/xen/arch/x86/traps-setup.c @@ -354,7 +354,12 @@ static void __init __maybe_unused build_assertions(voi= d) * * tss->rsp0, pointing at the end of cpu_info.guest_cpu_user_regs, mus= t be * 16-byte aligned. + * + * MSR_FRED_RSP_SL0, pointing to the end of cpu_info._fred must be 64-= byte + * aligned. */ BUILD_BUG_ON((sizeof(struct cpu_info) - endof_field(struct cpu_info, guest_cpu_user_regs)) & 15); + BUILD_BUG_ON((sizeof(struct cpu_info) - + endof_field(struct cpu_info, _fred)) & 63); } --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393907; cv=none; d=zohomail.com; s=zohoarc; b=K0gQNy/kZBL2Q6b+rY5iDoOFYF1Rlh8/pKhWjEjT2QX5isGDDOJFXIwByEWqwzBnr0yTydkc88I3tXsihHh93tPZFNLGmNOwr4RLHVs/4nIKHI/3+ppoYNlGqdmz7EtX+SKOZgKuye0NaJju5+kfMBgMiKE3d0/OODYtIDDo518= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393907; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=z66lRYN/mLU8duIBhkfKFbwOLnIKPi9ItG27/8oZ5BQ=; b=d7bpF9TtWbPfXtjrFhAVYZyqJb/Ar4I7IzOPV0ExykTjtNsgTKpJNVuhD3FuuiritU5TgfqP5voPWrgm2z1ENtqMmT1FBI3PDxs41MyxNKV4At6kFczSr1wQ1erpvXWDXn72y1+ASNhXTUYbd2BSPcyLVYVFHnjhuW1sxC0XtCM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393907478167.79891582284893; Thu, 28 Aug 2025 08:11:47 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099194.1453159 (Exim 4.92) (envelope-from ) id 1ureHd-00024U-PM; Thu, 28 Aug 2025 15:11:25 +0000 Received: by outflank-mailman (output) from mailman id 1099194.1453159; Thu, 28 Aug 2025 15:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHd-00023u-HY; Thu, 28 Aug 2025 15:11:25 +0000 Received: by outflank-mailman (input) for mailman id 1099194; Thu, 28 Aug 2025 15:11:25 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCA-00035A-HP for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:05:46 +0000 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [2a00:1450:4864:20::32b]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 783d1277-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:05:44 +0200 (CEST) Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-45b618e067eso15231085e9.1 for ; Thu, 28 Aug 2025 08:05:44 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.05.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:05:03 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 783d1277-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393543; x=1756998343; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=z66lRYN/mLU8duIBhkfKFbwOLnIKPi9ItG27/8oZ5BQ=; b=SyQsKjPGw2at6leSnUtAc+cnBr6YsLN5MDqLXMBpPRI/NWnUo8H+uwGTxQqurXKxoQ VsMpp0gA2wEWId5Zd0Ok4PlkIEI9w35L0ISLkLDop34csUaoTkPXFmZ9SfDmx03jX9vQ su+IoaVgMLga6luC2FJOMonHQYFWLNiPcDy4g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393543; x=1756998343; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=z66lRYN/mLU8duIBhkfKFbwOLnIKPi9ItG27/8oZ5BQ=; b=plpAwRYgN4obrANnIRrVW9qLWDQ5Ikulnh7OnOmy4MUmhSY+AHwQpt36+JU43Wu1i3 v7la7toeR5rlqYK2u471LIThMyvC7Jt2zqm5ouTq/kNdH96A59HmaNCUM2ENeIAxy/nA PfLnUPiAr7lT8/+QZL5nBri9p70RmVtl/d5RdRXugZKh/+0Jh5lxotfEP87pkSbX5yGG 56zwtV22P88CmWMCkm7y8UX5qAJftHDFnbFS8lyVDeBgEUu15wIxkGxCieA/VglUMpIy JjKZwmKOUx7XevKBuB/yhO+sMxT8pcVm/EJPpbGfqKTs6vB/585iryI8b9hIAPeYlbdQ FWHA== X-Gm-Message-State: AOJu0Yy8jGFz41ht9eqtw0wDtxn88eluk9fLXxZHnhSOj6RYbbXdI28U q80w/urxX6qMVbmHUPT/ezulP2TbMMuMAq8KZ60ii8e3gSsbU7un6dREyWao0ku2QDcgZ2pNwgd KRcEs X-Gm-Gg: ASbGncs+LeUAxNjdQ/TlPHNCMe18GyY6l3wrSpYrQ3r0qnKF0sameKd5j8VSPngJiUx Xpv/KOr2zwhKSXEOmlE0LfAgx5Q27p/y0eOcTJfIQaBykqdAGjJ/EV+k+u214F/hU69IDH/wnJ3 CHI+ff9q1H0gT6ZZcPt1IxMVASJipjULKOlPHZuvTl7Teooa6Tmnb9ISK3huD2vT0Y6ylevVQtH J5pVWOjMBXZqGnxTc7Qhx9Q3z2M9YOAlxGctXSHnLq5e6IrFsySbGX6EBDT8Ln8b+WIM7R1rgtk 6pZDafr02uXI2bHSVNW0FRHrhXDQ1wVnovYzxdK1Lg5rmg4ed6/vg1ku54WR7RwbMVjgFniyYgQ Vx2iF8d/Ruya2T3y0WcYWrlU0mWQHQtLPPVL5Gfef9iBVxUuRMYiZd6ITj/3MgC3GbG8fkOhaMD +imAq6wyYivBaEvSivsPTurg== X-Google-Smtp-Source: AGHT+IHfMVVaWeyLXjy86sncGtaY/J1QtG6GWfYEL+UhEdGettgAeC+4Hrq5ntkug4w9b7Cp3bC1JQ== X-Received: by 2002:a05:600c:8b21:b0:456:189e:223a with SMTP id 5b1f17b1804b1-45b6f48575amr57939235e9.10.1756393543201; Thu, 28 Aug 2025 08:05:43 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 03/23] x86/traps: Introduce opt_fred Date: Thu, 28 Aug 2025 16:03:49 +0100 Message-Id: <20250828150409.901315-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393908335124100 ... disabled by default. There is a lot of work before FRED can be enabled= by default. One part of FRED, the LKGS (Load Kernel GS) instruction, is enumerated separately but is mandatory as FRED disallows the SWAPGS instruction. Normally, we'd have to check both CPUID bits, but Xen does not use GS like most other software, and can manage without the LKGS instruction. FRED formally removes the use of Ring1 and Ring2, meaning we cannot run 32b= it PV guests. Therefore, don't enable FRED by default in shim mode. OTOH, if FRED is active, then PV32 needs disabling like with CET. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * Fix check for warning. * Drop check for LKGS. --- docs/misc/xen-command-line.pandoc | 10 +++++++++ xen/arch/x86/include/asm/traps.h | 4 ++++ xen/arch/x86/traps-setup.c | 36 +++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line= .pandoc index a75b6c930195..25cebdc1110f 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -1284,6 +1284,16 @@ requirement can be relaxed. This option is particul= arly useful for nested virtualization, to allow the L1 hypervisor to use EPT even if the L0 hyper= visor does not provide `VM_ENTRY_LOAD_GUEST_PAT`. =20 +### fred (x86) +> `=3D ` + +> Default: `false` + +Flexible Return and Event Delivery is an overhaul of interrupt, exception = and +system call handling, fixing many corner cases in the x86 architecture, and +expected in hardware from 2025. Support in Xen is a work in progress and +disabled by default. + ### gnttab > `=3D List of [ max-ver:, transitive=3D, transfer=3D= ]` =20 diff --git a/xen/arch/x86/include/asm/traps.h b/xen/arch/x86/include/asm/tr= aps.h index 6ae451d3fc70..73097e957d05 100644 --- a/xen/arch/x86/include/asm/traps.h +++ b/xen/arch/x86/include/asm/traps.h @@ -7,6 +7,10 @@ #ifndef ASM_TRAP_H #define ASM_TRAP_H =20 +#include + +extern int8_t opt_fred; + void bsp_early_traps_init(void); void traps_init(void); void bsp_traps_reinit(void); diff --git a/xen/arch/x86/traps-setup.c b/xen/arch/x86/traps-setup.c index c89280270fbb..6e2af58ba0a5 100644 --- a/xen/arch/x86/traps-setup.c +++ b/xen/arch/x86/traps-setup.c @@ -9,6 +9,8 @@ #include #include #include +#include +#include #include #include #include @@ -20,6 +22,9 @@ unsigned int __ro_after_init ler_msr; static bool __initdata opt_ler; boolean_param("ler", opt_ler); =20 +int8_t __ro_after_init opt_fred =3D 0; +boolean_param("fred", opt_fred); + void nocall entry_PF(void); void nocall lstar_enter(void); void nocall cstar_enter(void); @@ -299,6 +304,37 @@ void __init traps_init(void) /* Replace early pagefault with real pagefault handler. */ _update_gate_addr_lower(&bsp_idt[X86_EXC_PF], entry_PF); =20 + /* + * Xen doesn't use GS like most software does, and doesn't need the LK= GS + * instruction in order to manage PV guests. No need to check for it. + */ + if ( !cpu_has_fred ) + { + if ( opt_fred =3D=3D 1 ) + printk(XENLOG_WARNING "FRED not available, ignoring\n"); + opt_fred =3D 0; + } + + if ( opt_fred =3D=3D -1 ) + opt_fred =3D !pv_shim; + + if ( opt_fred ) + { +#ifdef CONFIG_PV32 + if ( opt_pv32 ) + { + opt_pv32 =3D 0; + printk(XENLOG_INFO "Disabling PV32 due to FRED\n"); + } +#endif + setup_force_cpu_cap(X86_FEATURE_XEN_FRED); + printk("Using FRED event delivery\n"); + } + else + { + printk("Using IDT event delivery\n"); + } + load_system_tables(); =20 init_ler(); --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393936; cv=none; d=zohomail.com; s=zohoarc; b=jDLW6dbVTyBvHUegzD1dcRKdhn1tc5oX3NPSzjQ4lurIkmGuwK90bDVnkKYdBayMhREo4I2LAW8VMm95xD9pz6lOQs9/jLsAx9mw5IJVoq7keTTOBWinAAFcVJ2diMu1/fLbxDrx0qhiCGB11IvCa4DiGvdI97aV4P5ouAW/nS0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393936; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=wp5Ao2JF9SiNp1dV4sf74WMjn/dBY90/S0pUt68oOqo=; b=YJ9OvEOIpkDJTidfVliYdJRU2pg6qrzmcpGw+J2/0nrgkgsT5pOJOpRdHP7GBh3p6Z0VA8EsYiwskX+Fd/i/gOZap8NYtvnlNGVCNXKqZhgIbXY0bJR45YcXlqeUDD8AoWFEQLdQMRsrMd41QY1RK1HhjKcQW04DX0oHujVSCKc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393936108439.0463327755789; Thu, 28 Aug 2025 08:12:16 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099226.1453236 (Exim 4.92) (envelope-from ) id 1ureI9-0006IM-0F; Thu, 28 Aug 2025 15:11:57 +0000 Received: by outflank-mailman (output) from mailman id 1099226.1453236; Thu, 28 Aug 2025 15:11:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureI8-0006HD-Lg; Thu, 28 Aug 2025 15:11:56 +0000 Received: by outflank-mailman (input) for mailman id 1099226; Thu, 28 Aug 2025 15:11:55 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCB-00035A-HT for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:05:47 +0000 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [2a00:1450:4864:20::329]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 7912cd7a-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:05:45 +0200 (CEST) Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-45a1b00f23eso7067165e9.0 for ; Thu, 28 Aug 2025 08:05:45 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.05.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:05:43 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 7912cd7a-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393545; x=1756998345; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wp5Ao2JF9SiNp1dV4sf74WMjn/dBY90/S0pUt68oOqo=; b=wWhjJYUL6iUUbcAtllYVy7hIFH9WbgTmU+oul+ZUvHcRVtwz+GPbCJjEPn3PBjDwvt MzPw/2Ty/6sZiYl+Qf4yPb5rI8l6LJTmBvdWcBTFW5AOM8pvdCLzTE563bRatWVjVzMc YOGatqzncXML4hg7zOrMPX2B8J9o/4AnkLXHg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393545; x=1756998345; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wp5Ao2JF9SiNp1dV4sf74WMjn/dBY90/S0pUt68oOqo=; b=Hsz84qSPzp6hqBbV6IjhI2c7L2+BskF6jKYPEjewGns3cdiz7MwWR4zS7ykeb3YBfw xAVmM23iubR9F6Q6/KyAwEx4mwFlNoxfGwZ0lGyru5gAChJjFtkhszpc3V7dC4q8AdmF yq5OokFSCNzfF1b896I4LRTQqCo7r1i1F3xYPy8wwe7+5zpfbdGbkNWj/865CTEobHuu 52EQPpv5EybapM/adV/f5hB0LxRhAOZQq0q+H31AzUaUoTlAuPIsFdfg4ilLnp93rDVH sWdY0mXe5KqhH66JYHSoIsPAtWC0bc4EnoQgHvJXvuKM/PAnzMkgO+O6iU3poHeEnCix KA1g== X-Gm-Message-State: AOJu0Yy+guPjvqxR/Bm6DhTcsAmXCt1312dOV4/I0KwPx+cuy424ga+p runRFEENXHdoCCeah2PkV8A+sEEjhI/3C++7W8he+eFipSzqumZDLzZYAwih1MpbCUBOh7dBMyg GV9hZ X-Gm-Gg: ASbGncvHaB9Zkb9zrUj+s6GcqcNyCtG5wePIpYtQLb4r4d9zVc+tOLGqrIcp7L9it/C ZaaGLapwhD1S/zhvG2uo05cZACcYr+mSlRXDe6y3hUxUGaC6fphAGbnEHm46DbnwmDsl6rNaWjI In9ekxso+Jp2j0nxXTpWFbY4a5o2VlzKr9wzLk9DywKaW/jAjnCJpngwgPT0BUE5A0mBEG+ZPVq /9VfoX34odCMUBVW4Klh2v9wt+/7GunT8KvKtL6vHjJt6aN7CSk4ihfR/abWkW7KDcre1CXktCg lCshM8jGk41ge3jXBaPb6nv7WN+3RQ9ZYek5GpgUViWp9D2j5QEP6sNUY78ANr2ckrzMQ8pSkO8 CxvMP9Ifk/mT/XkNHfAKjRWaQDNnTJndD/OY2fZXi9JLrKCnJrMJkRVWYVJEFbzZKL4AA7a2XC1 pTmm0dgzBDoGQ= X-Google-Smtp-Source: AGHT+IF7hXOcAj2k1kdTWbZDnHe2i2swNCPBNOS2g6Z9lsG3n/J6g13KEv6Z7zdBR196Rvr/1VVwlw== X-Received: by 2002:a05:600c:190a:b0:453:5c30:a1fd with SMTP id 5b1f17b1804b1-45b517954bfmr233867805e9.8.1756393544555; Thu, 28 Aug 2025 08:05:44 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 04/23] x86/boot: Adjust CR4 handling around percpu_early_traps_init() Date: Thu, 28 Aug 2025 16:03:50 +0100 Message-Id: <20250828150409.901315-5-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393938694124100 percpu_early_traps_init() will shortly be setting CR4.FRED. This requires = that cpu_info->cr4 is already set up, and that the enablement of CET doesn't truncate X86_CR4_FRED back out because of 32bit logic. For __high_start(), defer re-loading XEN_MINIMAL_CR4 until after %rsp is set up and we can store the result in the cr4 field too. For s3_resume(), explicitly re-load XEN_MINIMAL_CR4. Later when loading all features, use the mmu_cr4_features variable which is how the rest of Xen performs this operation. No functional change, yet. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * Extend comments --- xen/arch/x86/acpi/wakeup_prot.S | 18 ++++++++++++++---- xen/arch/x86/boot/x86_64.S | 15 ++++++++++----- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/acpi/wakeup_prot.S b/xen/arch/x86/acpi/wakeup_pro= t.S index cc40fddc38d4..0f02ea7b4b9a 100644 --- a/xen/arch/x86/acpi/wakeup_prot.S +++ b/xen/arch/x86/acpi/wakeup_prot.S @@ -63,6 +63,14 @@ LABEL(s3_resume) pushq %rax lretq 1: + + GET_STACK_END(15) + + /* Enable minimal CR4 features, sync cached state. */ + mov $XEN_MINIMAL_CR4, %eax + mov %rax, STACK_CPUINFO_FIELD(cr4)(%r15) + mov %rax, %cr4 + /* Set up early exceptions and CET before entering C properly. */ call percpu_early_traps_init =20 @@ -77,7 +85,9 @@ LABEL(s3_resume) wrmsr =20 /* Enable CR4.CET. */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov $X86_CR4_CET, %ecx + or STACK_CPUINFO_FIELD(cr4)(%r15), %rcx + mov %rcx, STACK_CPUINFO_FIELD(cr4)(%r15) mov %rcx, %cr4 =20 /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SS= P */ @@ -120,9 +130,9 @@ LABEL(s3_resume) .L_cet_done: #endif /* CONFIG_XEN_SHSTK || CONFIG_XEN_IBT */ =20 - /* Restore CR4 from the cpuinfo block. */ - GET_STACK_END(bx) - mov STACK_CPUINFO_FIELD(cr4)(%rbx), %rax + /* Load all CR4 settings. */ + mov mmu_cr4_features(%rip), %rax + mov %rax, STACK_CPUINFO_FIELD(cr4)(%r15) mov %rax, %cr4 =20 call mtrr_bp_restore diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index d0e7449a149f..3a5ad2764448 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -11,16 +11,19 @@ ENTRY(__high_start) mov %ecx,%gs mov %ecx,%ss =20 - /* Enable minimal CR4 features. */ - mov $XEN_MINIMAL_CR4,%rcx - mov %rcx,%cr4 - mov stack_start(%rip),%rsp =20 /* Reset EFLAGS (subsumes CLI and CLD). */ pushq $0 popf =20 + GET_STACK_END(15) + + /* Enable minimal CR4 features, sync cached state. */ + mov $XEN_MINIMAL_CR4, %eax + mov %rax, STACK_CPUINFO_FIELD(cr4)(%r15) + mov %rax, %cr4 + /* Reload code selector. */ pushq $__HYPERVISOR_CS leaq 1f(%rip),%rax @@ -45,7 +48,9 @@ ENTRY(__high_start) wrmsr =20 /* Enable CR4.CET. */ - mov $XEN_MINIMAL_CR4 | X86_CR4_CET, %ecx + mov $X86_CR4_CET, %ecx + or STACK_CPUINFO_FIELD(cr4)(%r15), %rcx + mov %rcx, STACK_CPUINFO_FIELD(cr4)(%r15) mov %rcx, %cr4 =20 /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SS= P */ --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393883; cv=none; d=zohomail.com; s=zohoarc; b=m33/sw0k9jshV6RDZ4/Lh6MrW1heEFnY3kUCirHT+JQc+5IVpbrGV62nxuaFqgOtMRTnceXVfzofnYBeKwSJ0fCCIsXiCSvt+E0ylSuxAjvFVH+nuU0xAwwoQILmT2urZRQi247HlTRT48UuPrRKWI5/b1sAMgc/U0gc6IfIbjw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393883; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=uyoRKmd85lnptHe4KkVk9SzU0cCZF0BFObgSAUexGuc=; b=VitUOxBGOvNMrIyoO64CpwnVLhMsdU1Epx4kEHF6VClBqN6DUzgyqEH5kZlxxnhFX2VZKLbr6+HWEbcCwKFO45/a7neM0V51Lugmzoh/vwU0R2lbtb9HUXo2qppmqsFY0cW3VMqJGMCx7H739lIj6KzPQrjizbzGAjmWOXH/Xj8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393883573921.3526769283018; Thu, 28 Aug 2025 08:11:23 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099157.1453086 (Exim 4.92) (envelope-from ) id 1ureHH-00075s-QS; Thu, 28 Aug 2025 15:11:03 +0000 Received: by outflank-mailman (output) from mailman id 1099157.1453086; Thu, 28 Aug 2025 15:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHH-00074x-FN; Thu, 28 Aug 2025 15:11:03 +0000 Received: by outflank-mailman (input) for mailman id 1099157; Thu, 28 Aug 2025 15:11:02 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCB-0003MD-7Z for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:05:47 +0000 Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [2a00:1450:4864:20::434]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 79d61b1e-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:05:46 +0200 (CEST) Received: by mail-wr1-x434.google.com with SMTP id ffacd0b85a97d-3c6743a10e3so571431f8f.0 for ; Thu, 28 Aug 2025 08:05:46 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.05.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:05:45 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 79d61b1e-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393546; x=1756998346; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uyoRKmd85lnptHe4KkVk9SzU0cCZF0BFObgSAUexGuc=; b=nRFWgBW9wZRysTPUVFb6XPMSUMrpM2uFH6RUjp4o8RaN0yopA7JOqE7xMvFM66rq0U 3NnxjB47YOBpB/MpXSLAYQA5FHYWMPIxpiwCBtu1FNyDe+s2GJjNZB0XuQ2ZyU36H1X8 Y4KZe5u3Z8WNf/6P+8GkOWZb6mf1zwLpNpFIA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393546; x=1756998346; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uyoRKmd85lnptHe4KkVk9SzU0cCZF0BFObgSAUexGuc=; b=J+umaYijWECLcUC9cOSef5CWDns/Sh9gPF6gItv3eFvS0rLyqeB0+sDCQLC/2lp34C 2gRm97fqR944o4nTs+3a2iHS0v6EIQvMHr9QyAQh+PzwYmDWH1DqnAd/bafzGbduFr3L R9D8tMw9K52+AXrzlVcADyLE3kMSmiOtaX+xvpeOVu82DF8Wp5y+aKqaVDl1rB2cCT6m i5Z4S5sq6NmxClk7bLm/26eegrCCZElIPL2l9UemXgo6Nyj8ZVQXHrE6aT8r1rZ11rMh PF7q51+k3CCZXocep/QKGhdFMpZ7chJsdVokNxplPU0588CwnuvQdMrOV6Bw5ZesvPCw lkyg== X-Gm-Message-State: AOJu0YwWChoyq1J11kjWucS0yjJTBThZs3Lj19xKRfUYKccPZkwvEmfY QXPtBGh+QYHeBZ5aTytrH5z/klUr1VLyV9cyKkPkgQ8WxA/Wv5lBGqT5PRP2Bg0pqh1LazeMR74 VRcW7 X-Gm-Gg: ASbGncspW8CksPvDy02xbzVlWVOhLWiH7jGlClVH39e8BR7yFZ5vq/rSJzxY9B8JxwK DDY3iO0wJj7eQbBj8dBRCLpnpDDAi9BzrGrLHPioVoSuST0/WetVxwXAK2pC+ekH9ujpTMzW+DX n1CT/ljueKzV9OOoTREak+bNJtD3qxJlFFQBkv5Y/UV6THaxTbxZNMfUt1oMWNDYvlhLaLMgWG5 A41YUb3e3IGVH5iaN1evFMZ3m4z89S4sbTe/5Zu2E5x4YlbqVE4c30Mek8kiBJ81yhO6NRxSgGF J65/xb9wtFSMQDxQJZW6lDH4SYwidmK6wS2BZ6ew9gvKVXz+NQJ6adJxxwAXtN3l+Ip4rFNMjbb ADEDsOYRm4BJliXDoYpAX76TX6jPS7zXcesOx2F7cPYmdXmUeue6i77JkeaaBZKPjxHs+ANmoPs zPQH2GHWwHSOAl95qv1b8sdg== X-Google-Smtp-Source: AGHT+IFnwmBxsqBYVYVLE7cVnGwKmyAM64jmOocrbPJsDrYMVP8sWXOmeLFkWvIym0QdfvkcIZEViQ== X-Received: by 2002:a05:6000:2892:b0:3ce:a06e:f248 with SMTP id ffacd0b85a97d-3cea06ef646mr1200453f8f.17.1756393545770; Thu, 28 Aug 2025 08:05:45 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 05/23] x86/S3: Switch to using RSTORSSP to recover SSP on resume Date: Thu, 28 Aug 2025 16:03:51 +0100 Message-Id: <20250828150409.901315-6-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393885675124100 Under FRED, SETSSBSY is disallowed, and we want to be setting up FRED prior= to setting up shadow stacks. Luckily, RSTORSSP will also work in this case. This involves a new type of shadow stack token, the Restore Token, which is distinguished from the Supervisor Token by pointing to the adjacent slot on the shadow stack rather than pointing at itself. In the short term, this logic still needs to load MSR_PL0_SSP. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 --- xen/arch/x86/acpi/wakeup_prot.S | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/acpi/wakeup_prot.S b/xen/arch/x86/acpi/wakeup_pro= t.S index 0f02ea7b4b9a..fceb4ca353f7 100644 --- a/xen/arch/x86/acpi/wakeup_prot.S +++ b/xen/arch/x86/acpi/wakeup_prot.S @@ -90,7 +90,7 @@ LABEL(s3_resume) mov %rcx, STACK_CPUINFO_FIELD(cr4)(%r15) mov %rcx, %cr4 =20 - /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SS= P */ + /* WARNING! CALL/RET now fatal (iff SHSTK) until RSTORSSP loads SS= P */ =20 #if defined(CONFIG_XEN_SHSTK) test $CET_SHSTK_EN, %al @@ -98,32 +98,31 @@ LABEL(s3_resume) =20 /* * Restoring SSP is a little complicated, because we are intercept= ing - * an in-use shadow stack. Write a temporary token under the stac= k, - * so SETSSBSY will successfully load a value useful for us, then - * reset MSR_PL0_SSP to its usual value and pop the temporary toke= n. + * an in-use shadow stack. Write a Restore Token under the stack,= and + * use RSTORSSP to load it. RSTORSSP converts the token to a + * Previous-SSP Token, which we discard. */ mov saved_ssp(%rip), %rdi =20 - /* Construct the temporary supervisor token under SSP. */ - sub $8, %rdi - - /* Load it into MSR_PL0_SSP. */ + /* Calculate MSR_PL0_SSP from SSP. */ mov $MSR_PL0_SSP, %ecx mov %rdi, %rdx shr $32, %rdx mov %edi, %eax - wrmsr - - /* Write the temporary token onto the shadow stack, and activate i= t. */ - wrssq %rdi, (%rdi) - setssbsy - - /* Reset MSR_PL0_SSP back to its normal value. */ and $~(STACK_SIZE - 1), %eax or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax wrmsr =20 - /* Pop the temporary token off the stack. */ + /* + * A Restore Token's value is &token + 8 + 64BIT (bit 0). + * We want to put this on the shstk at SSP - 8. + */ + lea 1(%rdi), %rax + sub $8, %rdi + wrssq %rax, (%rdi) + rstorssp (%rdi) + + /* Discard the Previous-SSP Token from the shstk. */ mov $2, %eax incsspd %eax #endif /* CONFIG_XEN_SHSTK */ --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393924; cv=none; d=zohomail.com; s=zohoarc; b=b3cxQ3bzY2QAHFdGlN/PDwRSMUY2OTWHnnyFG2tTCkcCzI0KGLgLnGIc/Fr9XBJZuZTRAmFzDEVhzdPBztjTEirG6ySqHOlQITcAAVXcE9w/CiO3bo3K2QxN+Vg5Mvj+LjXIp6OsY8xHgcll7j6FD3EgVWNrBZD4SCA/v0NDgd0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393924; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=1vizQ3VHS0of9WutZZfkzSTT2z1DRqiDuoluptA3qSA=; b=m8dsjEyoDwn6XyrdLg2XLnXNiAK+1YZo4b4aQvkCRSrqtE0MgINDLzcXSARk+YkhcjtcpPycqQJJ6iu2ULBa++vMTouRuaCTH7EWarXqhX/oqjoJy8ci56nNTUyAU2LWxNa5QGVUlhpmv3w8Ih7gdUkO9MhS9dJn4F8YZrIrcSA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393924735966.1547851408965; Thu, 28 Aug 2025 08:12:04 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099204.1453200 (Exim 4.92) (envelope-from ) id 1ureHp-00040o-DD; Thu, 28 Aug 2025 15:11:37 +0000 Received: by outflank-mailman (output) from mailman id 1099204.1453200; Thu, 28 Aug 2025 15:11:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHp-000406-4C; Thu, 28 Aug 2025 15:11:37 +0000 Received: by outflank-mailman (input) for mailman id 1099204; Thu, 28 Aug 2025 15:11:36 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCJ-00035A-4T for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:05:55 +0000 Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [2a00:1450:4864:20::429]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 7ddc10b7-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:05:53 +0200 (CEST) Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-3ceb9c3d98cso215222f8f.0 for ; Thu, 28 Aug 2025 08:05:53 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.05.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:05:46 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 7ddc10b7-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393553; x=1756998353; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1vizQ3VHS0of9WutZZfkzSTT2z1DRqiDuoluptA3qSA=; b=nkIBD8WGDj7dnhIH2NU5aTkt5cnbxTARO4bB1Dc32UPMDohSm5oG/e4mqvzzshOSOY 93qIIt5JU8JUSHe6CLm2v2Q4yZDHyJFNnm8muy0t91ETNfImgdp+xy75Wa4BXo5FJ7FS y6Ai1iVHQb4yDKETHoiUaT5o8s+4IL20mq0mk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393553; x=1756998353; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1vizQ3VHS0of9WutZZfkzSTT2z1DRqiDuoluptA3qSA=; b=Ct41BrvE8Ix+Ana7WdNvah+4rHvr4tdcpy6WITHIrJ5K6dgXc2ihHHBEhivCzRus+5 5IExWjo76E3nEwrdOjohfWW8gPvCx7x7luFoM7GHUn7Z70DqARBkplWnE7gN62j6jF2B kXyz4SYvod6NZFMDPmilFS7JwSvsCt+7deYMWo8Lnpe8Ex+dEEtemj3QD7C8AjHR87A8 aYzy67WoBtmzqviVzjzSWOo3mysI8BA4wcJGQi1pt5f38LEElulCvnTtKRhKKXWrjW3j FcAcCffOk6v7qLzwzsHP7kuqfsHDMUx2ARkw0QP02BwJx66XbeqNMubMFQWQijXsStPz IaJA== X-Gm-Message-State: AOJu0YxBvgx86LLYsBwl6uzrFnkj9SWSftase+1C8INSyybew/C80ga2 uJqNpPFMYfvaxQCqHYG61hJdLGm0SnxEIo2rsdHU2x2dG8yRqS9U5w7Cq/dw3nYNidjL4QrQ8rC 87fbr X-Gm-Gg: ASbGncv6F7NVEAiZh2a7rhQ3QBDFpASarTkz3h5ukLUayfnRZfD7xCEwVXVO2m9xyMd Oo0/V7kVxTBEaP/lt6+0MlMmk0z2cBoBw4/5BinpvL/zES0mVoHMNdEIrP1SecOi9ofIeXOOflG S+5/iZfHEYocS9MUkhcbCTt+fdAcCiBQFXa4rq5Dv3iHZBrLDPq663WXfuBM/FKqchJ9+wS6eF/ 5yHXNHPG+6qpMsy02aLti+UOzVvzo6JNaJB0bsI7cKYSi168hQQgMix5qPEAXoXh3WJ232zKyLP JUjiAR8CE+BgAHONM3gj7d4g2dBgky6gMZOvzQqoh4Pv+xy51bRW2dt4nK6DENtpYvwrGAKTIvN GgP5/z9w4n3TjdCYaNunzyHlA2oVPDkjryisy/zpEd5qHevlw0hCQEYBIU3t0B79Zb5EVnuynff ukqrqRu6lTcdk= X-Google-Smtp-Source: AGHT+IH4TSYOu4ulE2SxpWCdHmHAm0UgFrckax4DFki9Vf47jObf43Xdd6Kpzocq1jeZJDmlPW+QhA== X-Received: by 2002:a05:6000:2709:b0:3cd:5815:68d4 with SMTP id ffacd0b85a97d-3cd58156b71mr2638060f8f.57.1756393552645; Thu, 28 Aug 2025 08:05:52 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 06/23] x86/traps: Set MSR_PL0_SSP in load_system_tables() Date: Thu, 28 Aug 2025 16:03:52 +0100 Message-Id: <20250828150409.901315-7-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393926115116600 FRED and IDT differ by a Supervisor Token on the base of the shstk. This means that the value they load into MSR_PL0_SSP differs by 8. s3_resume() in particular has logic which is otherwise invariant of FRED mo= de, and must not clobber a FRED MSR_PL0_SSP with an IDT one. This also simplifies the AP path too. Updating reinit_bsp_stack() is defer= red until later. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * Extend comment about clearing the busy bit. * Move reinit_bsp_stack() hunk into this patch. --- xen/arch/x86/acpi/wakeup_prot.S | 9 --------- xen/arch/x86/boot/x86_64.S | 12 +++--------- xen/arch/x86/setup.c | 2 -- xen/arch/x86/traps-setup.c | 2 ++ 4 files changed, 5 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/acpi/wakeup_prot.S b/xen/arch/x86/acpi/wakeup_pro= t.S index fceb4ca353f7..ba0bd77806b8 100644 --- a/xen/arch/x86/acpi/wakeup_prot.S +++ b/xen/arch/x86/acpi/wakeup_prot.S @@ -104,15 +104,6 @@ LABEL(s3_resume) */ mov saved_ssp(%rip), %rdi =20 - /* Calculate MSR_PL0_SSP from SSP. */ - mov $MSR_PL0_SSP, %ecx - mov %rdi, %rdx - shr $32, %rdx - mov %edi, %eax - and $~(STACK_SIZE - 1), %eax - or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %eax - wrmsr - /* * A Restore Token's value is &token + 8 + 64BIT (bit 0). * We want to put this on the shstk at SSP - 8. diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 3a5ad2764448..11a7e9d3bd23 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -65,17 +65,11 @@ ENTRY(__high_start) or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %rdx =20 /* - * Write a new supervisor token. Doesn't matter on boot, but for = S3 - * resume this clears the busy bit. + * Write a new Supervisor Token. It doesn't matter the first time= a + * CPU boots, but for S3 resume or hotplug this clears the busy bi= t so + * SETSSBSY can set it again. */ wrssq %rdx, (%rdx) - - /* Point MSR_PL0_SSP at the token. */ - mov $MSR_PL0_SSP, %ecx - mov %edx, %eax - shr $32, %rdx - wrmsr - setssbsy =20 #endif /* CONFIG_XEN_SHSTK */ diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 6c81841426a4..a810bdf6d352 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -907,8 +907,6 @@ static void __init noreturn reinit_bsp_stack(void) =20 if ( cpu_has_xen_shstk ) { - wrmsrl(MSR_PL0_SSP, - (unsigned long)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE= - 8); wrmsrl(MSR_S_CET, xen_msr_s_cet_value()); asm volatile ("setssbsy" ::: "memory"); } diff --git a/xen/arch/x86/traps-setup.c b/xen/arch/x86/traps-setup.c index 6e2af58ba0a5..d77be8f83921 100644 --- a/xen/arch/x86/traps-setup.c +++ b/xen/arch/x86/traps-setup.c @@ -92,6 +92,7 @@ static void load_system_tables(void) { volatile uint64_t *ist_ssp =3D tss_page->ist_ssp; unsigned long + ssp =3D stack_top + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, mce_ssp =3D stack_top + (IST_MCE * IST_SHSTK_SIZE) - 8, nmi_ssp =3D stack_top + (IST_NMI * IST_SHSTK_SIZE) - 8, db_ssp =3D stack_top + (IST_DB * IST_SHSTK_SIZE) - 8, @@ -118,6 +119,7 @@ static void load_system_tables(void) } =20 wrmsrns(MSR_ISST, (unsigned long)ist_ssp); + wrmsrns(MSR_PL0_SSP, (unsigned long)ssp); } =20 _set_tssldt_desc(gdt + TSS_ENTRY, (unsigned long)tss, --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393883; cv=none; d=zohomail.com; s=zohoarc; b=PPqa/yPwtZTP8m0n+PXykYanVmMyGq+xxP+P4BKjkLC/CKT74YQo31D7PAcZe5lbIbBGlmieDZmgL2TNB/9Io37uv2qmPxqGnTW4pNEmMhEal133JUqC/NN/K6bzTYe3TwgqZyLMIuIIBDTXzJ+M0QMcVB3aKLn6FvV72IAWPv4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393883; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=dKpIj9bqUmtKs7mXRO2v3eu13OoXBJj1yRgQ0Bu+CNs=; b=a5PKSwNlqGFEkVglFUVjctyx0amyMT2eD6p2aVfxHb/QhJzCisO+RSMWMS8TWZJ0AQeSTwDf6nW1fkncTtRl01AAnvGqGi3PWvoI50Dhf3Se1XB/mdkEBiLqxEoFSgS4VzPBLOf/CdxB/9TrFyb/saFq2eDTXKM0fJnvdPiHhWc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393883420143.75636817181316; Thu, 28 Aug 2025 08:11:23 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099162.1453114 (Exim 4.92) (envelope-from ) id 1ureHL-00086M-O3; Thu, 28 Aug 2025 15:11:07 +0000 Received: by outflank-mailman (output) from mailman id 1099162.1453114; Thu, 28 Aug 2025 15:11:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHL-00086F-KD; Thu, 28 Aug 2025 15:11:07 +0000 Received: by outflank-mailman (input) for mailman id 1099162; Thu, 28 Aug 2025 15:11:06 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCL-0003MD-IN for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:05:57 +0000 Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [2a00:1450:4864:20::334]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 7ffa07de-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:05:57 +0200 (CEST) Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-45b7c01a708so2680865e9.3 for ; Thu, 28 Aug 2025 08:05:57 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.05.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:05:54 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 7ffa07de-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393556; x=1756998356; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dKpIj9bqUmtKs7mXRO2v3eu13OoXBJj1yRgQ0Bu+CNs=; b=trub9oXRG40USDNfmQe/S66OHDB/eL2/AdSHiO0BJ81ZsJa1M9stVE+rxy6n5QFPpA wB/ctM8Lw0y8pn/ZRQEafPp4J3RueBqTkguDGwDNE+wV3Gac6QfxpAx4yUdlY3RJrveY DwwztRonCaF1VWxUWFGZq9RFV/j/H0Pdp/xns= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393556; x=1756998356; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dKpIj9bqUmtKs7mXRO2v3eu13OoXBJj1yRgQ0Bu+CNs=; b=Cb/PoqLnBWQsx7uMz29SBGkmlTJ3O8jP4reb1/rVgjciE5t8STYufRA/9uB5EK/5zV gJA7jA8WOegTfc8873qk8PVVjROBQ9Yq0aXpg+BpBZdXeHuPjutWM4e7AWScMNu04yTj DCJrw1NbgFuttXmpZMaWT8aid7KSNPkD8rqJt0B2Kn+CAP46+wwVmhsh1Uv0LFGqN1G2 WbLoxw08BNosiNnnLw58pZJQG2ZVGQ1g8ToUy0fyqUI0NXmNHJrSm36aeePHQQfLx2NA edRnViuk3/ZXKgsFv4JLFMiqz3VQERjMaTXtWlRBl2kFTPXfIhmXx86aKrNvITgR0cZT 2cbQ== X-Gm-Message-State: AOJu0YypJEMHWje6dwu5oPG0QysFKbU7XJ4EPCP5fd3Z/LUgj4yWHSAt vwJTJ20TbuiPA/FdcNRPJM2zUBwgd/ElWrqnTvdJ3zvlPv+d2vrdxXQpXRY6mX7SuKulGLrTAw5 Lzf1g X-Gm-Gg: ASbGncuWJ/dZ6VCm0keJrN4/q2WNYjEECCNcuJ1dhbsjXxf33FVtqS3ZObzf10fFdQD l0nXHbpPNBo53SaBGWEKLxJpDC7gg+XLNKBCzQYb5O/K9k6jzAS3chlb/xo6hHJ865tu/Ukrvta ku62xX/q/8wsuj8V2ctK0lTOVaWUzXzAY/zqG7BncuEKmV7osTe+qAKSQEEsclQEVHZj7Ev4Tey f9/3mhItojWn2RE1gJ+EKVN6kw8GjvIDQvOYr/AS6ug9dHcbAh5EIpbaDYA0DUWWZ3HB29s/U2q JN9W/5WcJ3MQ7wessJFolxb6GQ5af+CcuZaLHy4FYlxRIzSnRdpB7EHPuwFw1THdDAvPNzJwOPd ctoc0TZ4tnrNa4rJtFLeSAVYCODUrPjx4vRVzoPZ+1ihkRHfkUNYIZdO6L7Agw6t+Djw9+TUU7F 9FRIseR4gxTCY= X-Google-Smtp-Source: AGHT+IGjwOZvhe7pZAV6rD1bE2ftxSOuC7NqPE5eevsN4MS/YuWHjsfoJ8djoBPtoThYs1Bxl8p3aQ== X-Received: by 2002:a05:600c:1f0d:b0:458:bbed:a812 with SMTP id 5b1f17b1804b1-45b517b961cmr216033595e9.17.1756393556209; Thu, 28 Aug 2025 08:05:56 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 07/23] x86/boot: Use RSTORSSP to establish SSP Date: Thu, 28 Aug 2025 16:03:53 +0100 Message-Id: <20250828150409.901315-8-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393885684124100 Under FRED, SETSSBSY is disallowed, and we want to be setting up FRED prior= to setting up shadow stacks. As we still need Supervisor Tokens in IDT mode, = we need mode-specific logic to establish SSP. In FRED mode, write a Restore Token, RSTORSSP it, and discard the resulting Previous-SSP token. No change outside of FRED mode. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * Some logic moved into prior patch. --- xen/arch/x86/boot/x86_64.S | 23 +++++++++++++++++++++-- xen/arch/x86/setup.c | 25 ++++++++++++++++++++++++- 2 files changed, 45 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 11a7e9d3bd23..9705d03f849c 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -53,17 +53,21 @@ ENTRY(__high_start) mov %rcx, STACK_CPUINFO_FIELD(cr4)(%r15) mov %rcx, %cr4 =20 - /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SS= P */ + /* WARNING! CALL/RET now fatal (iff SHSTK) until SETSSBSY/RSTORSSP= loads SSP */ =20 #if defined(CONFIG_XEN_SHSTK) test $CET_SHSTK_EN, %al jz .L_ap_cet_done =20 - /* Derive the supervisor token address from %rsp. */ + /* Derive the token address from %rsp. */ mov %rsp, %rdx and $~(STACK_SIZE - 1), %rdx or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %rdx =20 + /* Establishing SSP differs between IDT or FRED mode. */ + bt $32 /* ilog2(X86_CR4_FRED) */, %rcx + jc .L_fred_shstk + /* * Write a new Supervisor Token. It doesn't matter the first time= a * CPU boots, but for S3 resume or hotplug this clears the busy bi= t so @@ -71,6 +75,21 @@ ENTRY(__high_start) */ wrssq %rdx, (%rdx) setssbsy + jmp .L_ap_cet_done + +.L_fred_shstk: + + /* + * Write a Restore Token, value: &token + 8 + 64BIT (bit 0) at the + * base of the shstk (which isn't in use yet). + */ + lea 9(%rdx), %rdi + wrssq %rdi, (%rdx) + rstorssp (%rdx) + + /* Discard the Previous-SSP Token from the shstk. */ + mov $2, %edx + incsspd %edx =20 #endif /* CONFIG_XEN_SHSTK */ .L_ap_cet_done: diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index a810bdf6d352..73799fcc684c 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -49,6 +49,7 @@ #include #include #include +#include #include #include #include @@ -908,7 +909,29 @@ static void __init noreturn reinit_bsp_stack(void) if ( cpu_has_xen_shstk ) { wrmsrl(MSR_S_CET, xen_msr_s_cet_value()); - asm volatile ("setssbsy" ::: "memory"); + + /* + * IDT and FRED differ by a Supervisor Token on the shadow stack, = and + * therefore by the value in MSR_PL0_SSP. + * + * In IDT mode, we use SETSSBSY to mark the Supervisor Token as bu= sy. + * In FRED mode, there is no token, so we need to create a tempora= ry + * Restore Token to establish SSP. + */ + if ( opt_fred ) + { + unsigned long *token =3D + (void *)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8; + + wrss((unsigned long)token + 9, token); + asm volatile ( "rstorssp %0" : "+m" (*token) ); + /* + * We need to discard the resulting Previous-SSP Token, but + * reset_stack_and_jump() will do that for us. + */ + } + else + asm volatile ( "setssbsy" ::: "memory" ); } =20 reset_stack_and_jump(init_done); --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393891; cv=none; d=zohomail.com; s=zohoarc; b=nRrHd7M/LLeOIQV7TMSntut3cTUF+dOyf711kQcaKIOCZWTUQCBF0K5/qWLsPih6yfsYleU22a6/zSh466oOINiHvzKT3Yf9KJTMjCxT22btUO5gwaMtasNYQi6c+rt3LNiX9Hr/l2wR0sDqGLecq+9VdK4LEoKDKb9u9RwqPlQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393891; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=RHqFRCTtzO6UfroeczTN/RrC/BWZwTDXn4irJ5OSRMs=; b=PthaE+ksZbl3xffz4S9DsVzqy5JXWfC39EKzg5W9TTl2QjH+aalSXZ/RHiXLgkX5dMm49w6g9h4A608C1VhJ1n323icmcPzBJqEUIh4wwNz3i4qbmtgLlbWm/LIsunVCujSJ7Rfb36jLowRIxVTgBIGjheFNfjwoxf3o1SKZo5c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393891077931.738427330311; Thu, 28 Aug 2025 08:11:31 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099163.1453119 (Exim 4.92) (envelope-from ) id 1ureHM-0008A2-5Q; Thu, 28 Aug 2025 15:11:08 +0000 Received: by outflank-mailman (output) from mailman id 1099163.1453119; Thu, 28 Aug 2025 15:11:08 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHL-00088o-Ts; Thu, 28 Aug 2025 15:11:07 +0000 Received: by outflank-mailman (input) for mailman id 1099163; Thu, 28 Aug 2025 15:11:06 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCP-00035A-CQ for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:01 +0000 Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [2a00:1450:4864:20::330]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 81a0a4e7-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:05:59 +0200 (CEST) Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-45b4d8921f2so9342025e9.2 for ; Thu, 28 Aug 2025 08:05:59 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.05.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:05:57 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 81a0a4e7-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393559; x=1756998359; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RHqFRCTtzO6UfroeczTN/RrC/BWZwTDXn4irJ5OSRMs=; b=Q7Mj1+rM6Ftd8gjMrg7iSIgSOnS9YbprmliTZNc+Vh+7Fu8S3AJ9aX4WWY/fuJF1zQ WO9HMtF9GQ6FoQ4PUIanwY9nYhcRlWo3JYcPdzZ0eQoTsow9Eo4Au94+L/kknEb7VUyg 7mw5dxotvH2AWneVK4IDXrrJEAOQJri7cFKjI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393559; x=1756998359; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RHqFRCTtzO6UfroeczTN/RrC/BWZwTDXn4irJ5OSRMs=; b=DN2lYHBmKiBnAfmQXAS9RBR+HtUebvSKp+KRWHxY3f+IylqjScmICK/UHBpisLi8dH 2F1n2UH5F02YgEoYMm6YtFUzxnQMF2oqw4cWlFEKSL1nUExkUM/o2q1LyHkeWaRMViN6 UAq1WNUzN+SBm4NXjZc8L/JiwYfp9Di3DnFQBa3h9a4w2qT/+9CL+EObem/OATRMtRtS conO6vef1g86OaMD0uSfsMAoR0dZcHZA0TjXo9YbOqzXKTapPHzhdkipDB/RoSAKuvO0 eck2DLGGSWEn88uoih5/K/SfiZTA3iH36SMwNKRrXNYcmNr3dIowVufoFv6/qhGUI9sp lC/Q== X-Gm-Message-State: AOJu0YxSftK1BJIPTAe3l8XPwdKEPT6DYaCQh/bjbB+xc3I2817rBucF 8IJXjwcBkddpLTouNhUOOb/zC2FzyiV2BBVcn7bv90QHx/1is2DvNhu57cPm50EY30/PF4KpTuX rWh/n X-Gm-Gg: ASbGncsGELQNw+UCrRBLvSdQf8JVDBfCHbaczcfuiNnOUuLRvf3/UzTjLSl9DJlsVbH MZJ93YO/3x/YCADfm1qnXiNF013pY5k6bp2jZH8nl/cXOYj1uxK99fCWQ2zJULu4ZXGGAU3ev/5 5jghRu1j2H7QjTEmrjv/ufXJyO8t1522Ti3xwpnoktq+SXBiBLcBfvY1dH1UJewqKHxjKW7VPbd 8gxPI4U7DjgcOzc8t4O8WhYK9bqQTOccou+Q3fOZRiguU7qWYreByaQZgXaXNSnySl7QiNjE2so Ti40bjde52HmfD30rILuIVG93NDwol2ia0YqVBcCuy69N8yyq6sCytZUaP/iITLooW4EB7MNxpg +cZK82CQEKwiKYcHHDczsQOdk12mSeKVvGHXSB0K5c+0ERlRd3Xipc25jGrUlsjwIHsfbPqS4HW Ccp1KLMOjHojNSIqnEgnhwJQ== X-Google-Smtp-Source: AGHT+IHWDZ+fqC72FcKzNTwvcG4VHFpkMyXlSzAgwlhtw10HW152wao9+hYXyrlb1/LS4P6qJn8hYA== X-Received: by 2002:a05:600c:4caa:b0:45b:7185:9f0 with SMTP id 5b1f17b1804b1-45b71850b69mr43457575e9.31.1756393558917; Thu, 28 Aug 2025 08:05:58 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 08/23] x86/traps: Alter switch_stack_and_jump() for FRED mode Date: Thu, 28 Aug 2025 16:03:54 +0100 Message-Id: <20250828150409.901315-9-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393895064124100 FRED and IDT differ by a Supervisor Token on the base of the shstk. This means that switch_stack_and_jump() needs to discard one extra word when FRED is active. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * Use X86_FEATURE_XEN_FRED --- xen/arch/x86/include/asm/current.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/= current.h index c1eb27b1c4c2..35cc61fa88e7 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -154,7 +154,9 @@ unsigned long get_stack_dump_bottom (unsigned long sp); "rdsspd %[ssp];" \ "cmp $1, %[ssp];" \ "je .L_shstk_done.%=3D;" /* CET not active? Skip. */ \ - "mov $%c[skstk_base], %[val];" \ + ALTERNATIVE("mov $%c[skstk_base], %[val];", \ + "mov $%c[skstk_base] + 8, %[val];", \ + X86_FEATURE_XEN_FRED) \ "and $%c[stack_mask], %[ssp];" \ "sub %[ssp], %[val];" \ "shr $3, %[val];" \ --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393899; cv=none; d=zohomail.com; s=zohoarc; b=nTVrWeTvtPkHtEnwMHwF0jEnd2oPzh+DePbcpyo+ZPjwQih5kmuTSW13lPvU1hicQ7OGXKG2g2sPjjPxSRAMu8cDCynnepjayoEm2b3YiJY0taiYGwn9YCZGt2bbHG1C34JbnvHM3ZR3KEPpDmRt3gEDbonQXP2Z6yhF7jmpPes= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393899; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=2et+2oZD9rWfaE5nLOfIkpTesEtTkjTqJrxIqC+gq64=; b=XA6KuZtahIVn1IXRAk+Bu6Vob7bnq+RumY8bszikS8Z1oeJH9leBLPmrHB+kTQF+R9HW5FPhts+oNfUM2B8gZmc4c08ruwTZAsCXy/o52QWmy+Z/cdue7JfHAd4+k0PlFXyEgJyyLoh4dshscUdc4WqyEshEQOrhiYgxNIVdl0k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393899327968.897155764718; Thu, 28 Aug 2025 08:11:39 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099188.1453143 (Exim 4.92) (envelope-from ) id 1ureHa-0001Vu-4P; Thu, 28 Aug 2025 15:11:22 +0000 Received: by outflank-mailman (output) from mailman id 1099188.1453143; Thu, 28 Aug 2025 15:11:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHa-0001Vi-0N; Thu, 28 Aug 2025 15:11:22 +0000 Received: by outflank-mailman (input) for mailman id 1099188; Thu, 28 Aug 2025 15:11:20 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCS-00035A-9Z for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:04 +0000 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [2a00:1450:4864:20::331]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 833b9e54-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:06:02 +0200 (CEST) Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-45a1b0c8867so8922895e9.3 for ; Thu, 28 Aug 2025 08:06:02 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.05.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:00 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 833b9e54-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393561; x=1756998361; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2et+2oZD9rWfaE5nLOfIkpTesEtTkjTqJrxIqC+gq64=; b=V6j4bQ/3NwFRUcz+IvRAcG1zn+jeOjEyx6oIuGpPzLJHjOhtDp4LDt1vVT9U9ktrSh cQgyfgIB1Rv5SKVUYswTHejf7jXHDp9JXQgX9UnMQFKXCiFRuA5HTCIuHNvQ3i/B2is/ 2V0+dGDzcdvjwkUsoCyH+4hHrNTtpcLJ5KI0I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393561; x=1756998361; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2et+2oZD9rWfaE5nLOfIkpTesEtTkjTqJrxIqC+gq64=; b=hgKJPi9HClcKzpYvvmCc8B+bxFuzCSHcoS68qPQV9CpXyuV3UuoxD90kJ34SASR+cZ PrVqnrZElfHO2snD5V7ZJhLEQ+uknMRx/zNa3SikxSyegeWZueLfuQL4/b+njFgePyqh +M6YfYOfTlnDn4f/YsnLO19Tqo/t0mtTZVQKv25thGdqB+UPFUpdusos1moe/hNsRMaH zRLS7Yg4WQ7xBcMnm83+gexkfXe8pfvf/GOmbsEdIznN/3U64ngZAxYeqV/3Pg2iMehe AYzna/Gqqgz0tVtwxZfDzyY3XZ5H0n27Pnt4Sj8h5G2L/iQ7KwCq+SkyY8CyICDKUXUA e83w== X-Gm-Message-State: AOJu0YxhKGCuzZFDUdpWgqKQ6Tyyx7uBvKQiPQe+SMbBiEzWUj614vn0 kljiDLrwRFzbUazJvOaJRQ+LxCS1sSPNf+7GSJEfK9kLXAHWqrlOnh0685b/Gtv7iWq5QSTiQEe yX2Tr X-Gm-Gg: ASbGncv/gGE2mrURZRlH3FkimkNxi9S8rbTOHW/l6FtKHpc/41RFZ50u7Ewa0/Xi2V5 yTmQ0MKjS3HaleEV3l5l3g17ZNCDSNz9t624bwUmIk59Fi0e4m2PrYf4Ov6c8JSCFFJSQ/7G/ol /q/Z/GrCsKIHBRSEftbADTi0DUSCooV1dKOvvN9PJlbq1EBECXVVZ95RpW3VJJ8qqM4rgM2r/ig iioS+m1RGrfvxaldekZ2Uc3WSC9/RCOf962SD+ldqphf/nB499i3IJCWCTVEF716MvjPwN9rj9v ty6SPg3/ZTELzArOruVRk3A9F5FXD/k1sNv09MYf2IYPlgrQM8p7U/GLAX6urquG8zz+/5UKORd g8G8G9sm8inQUSy4PbHfAeGMMwdDegdJI9bdDVhUkvgXcqf9Sa2mP9OE5tKkVESrXLEU18zZhyT m5tcPFFfpNtOw= X-Google-Smtp-Source: AGHT+IHH+zJV5UfrsUeom95ghPAsaEWKEmHh1kjer9oxDwGRi33LJwB66/dHYyJMRP3i1Dq40aeeQw== X-Received: by 2002:a05:600c:4715:b0:459:db54:5f34 with SMTP id 5b1f17b1804b1-45b517d902bmr246207235e9.31.1756393561452; Thu, 28 Aug 2025 08:06:01 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 09/23] x86/traps: Skip Supervisor Shadow Stack tokens in FRED mode Date: Thu, 28 Aug 2025 16:03:55 +0100 Message-Id: <20250828150409.901315-10-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393900602116600 FRED doesn't use Supervisor Shadow Stack tokens. Skip setting them up. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/mm.c | 12 +++++++++--- xen/arch/x86/setup.c | 8 ++++---- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index b929d15d0050..043e6aa9d73a 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -129,6 +129,7 @@ #include #include #include +#include #include =20 #include @@ -6441,8 +6442,13 @@ static void write_sss_token(unsigned long *ptr) =20 void memguard_guard_stack(void *p) { - /* IST Shadow stacks. 4x 1k in stack page 0. */ - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + /* + * IST Shadow stacks. 4x 1k in stack page 0. + * + * With IDT delivery, we need Supervisor Shadow Stack tokens at the ba= se + * of each stack. With FRED delivery, these no longer exist. + */ + if ( IS_ENABLED(CONFIG_XEN_SHSTK) && !opt_fred ) { write_sss_token(p + (IST_MCE * IST_SHSTK_SIZE) - 8); write_sss_token(p + (IST_NMI * IST_SHSTK_SIZE) - 8); @@ -6453,7 +6459,7 @@ void memguard_guard_stack(void *p) =20 /* Primary Shadow Stack. 1x 4k in stack page 5. */ p +=3D PRIMARY_SHSTK_SLOT * PAGE_SIZE; - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + if ( IS_ENABLED(CONFIG_XEN_SHSTK) && !opt_fred ) write_sss_token(p + PAGE_SIZE - 8); =20 map_pages_to_xen((unsigned long)p, virt_to_mfn(p), 1, PAGE_HYPERVISOR_= SHSTK); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 73799fcc684c..c767d0451574 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1920,10 +1920,6 @@ void asmlinkage __init noreturn __start_xen(void) =20 system_state =3D SYS_STATE_boot; =20 - bsp_stack =3D cpu_alloc_stack(0); - if ( !bsp_stack ) - panic("No memory for BSP stack\n"); - console_init_ring(); vesa_init(); =20 @@ -2077,6 +2073,10 @@ void asmlinkage __init noreturn __start_xen(void) =20 traps_init(); /* Needs stubs allocated. */ =20 + bsp_stack =3D cpu_alloc_stack(0); /* Needs to know IDT vs FRED */ + if ( !bsp_stack ) + panic("No memory for BSP stack\n"); + cpu_init(); =20 rcu_init(); --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393929; cv=none; d=zohomail.com; s=zohoarc; b=k/TqA2lUjoSpqo/rVzCS3fy/9c1AibU1hkn/d75PmSJL9IX1DJY/xV7mjTvxhMD11bhn9aWZPZkqRTYvkXyQVctKifFSW5eO82F4/AXezn/O0vskarz8Y1+T0hTrH40YXH2A1HUgdrTLJIJE4BMSNhtQIL1TelyiZVYxhSj7hms= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393929; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=4DynKY6t4eG496mBBC39U8RWm4bWhTy2jBJs5lw0EOc=; b=O+RVsXsUIZrSvWowhxhevEa343bStOIggX00Oi6SYPhLXOATHaymvchJ9T9Ukp2rFS16cn0PwrM8bWf3zejzD1fPi+S4bGaXLNhgsV3z4Z3VtKOJfNb15BEzP+OI8aVrdDnPuAHn2hMxeWdKRY9trptOqeEz9PbVBDxgm9m5ZLA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393929332405.79161218526883; Thu, 28 Aug 2025 08:12:09 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099225.1453229 (Exim 4.92) (envelope-from ) id 1ureI8-0006Ao-G8; Thu, 28 Aug 2025 15:11:56 +0000 Received: by outflank-mailman (output) from mailman id 1099225.1453229; Thu, 28 Aug 2025 15:11:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureI8-0006AH-AR; Thu, 28 Aug 2025 15:11:56 +0000 Received: by outflank-mailman (input) for mailman id 1099225; Thu, 28 Aug 2025 15:11:55 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCT-00035A-9A for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:05 +0000 Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [2a00:1450:4864:20::334]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 83e94ca9-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:06:03 +0200 (CEST) Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-45b618e067eso15234705e9.1 for ; Thu, 28 Aug 2025 08:06:03 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:01 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 83e94ca9-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393563; x=1756998363; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4DynKY6t4eG496mBBC39U8RWm4bWhTy2jBJs5lw0EOc=; b=u9boWzKpFPPHpEufPl+6c1Q5ujpHLMH+krTvAkfi6VOItQv6O9z2KEn/oFpTlwD5QT nAQF7cyA2gDQytJpHrleeuu5DUA/hTWdbUjmPmUQ1Suj54dkEmBoQl/RC4Ks+qvjRKWT TSwVPx2WJCMOSKFeViFzRS3+QMiST0RMHo4sE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393563; x=1756998363; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4DynKY6t4eG496mBBC39U8RWm4bWhTy2jBJs5lw0EOc=; b=t57AoKquGkXxx7NoErbr8Ad+QH1bh6kXhhGKcAep8stclNn0YHcpYJYMldDtx8nzXu VNiLN3S+P//VkOuidh10A3t7Rb80DpzottNxcC7VoqInmW3/xOG8v1QDpZxtcOC+v9xH 7d/frcpzmWrpa7dN+Xs5gtE6EBR2tvPgUzXRSCFPtTcPBQLRyEX1exQmZ6Zb8iHOI++V JB3bKekbU35W7QSTzBR5yWCU1iMn0msnYpvcBZJ+O4XKtq0k9VjQfV5135pBkHZesHii doIkITLlSubjYPQ6+hBwR2kiz2/mNzpb7svEpD8MF+3m2umzoFaMkIrbxs2ucuX/Ov8F 9ErQ== X-Gm-Message-State: AOJu0YwkhKvMe8jO2NzVxhL2RY8IuxyvUH81akVzsxJKbgCsJh3KHPVR tbIoTavqwB4s0mg3m5B90/JruCJ13tTze6By4k4XAljQNIy6IXmV8KxlmCbAMTyoaseVMA0j+J5 mk9E9 X-Gm-Gg: ASbGncuy7NscJ8/Zoh8tZ1DLb/dPyDfM5kmGcHchrghVNZyvetuySR2yA00RvRVpwux V+aFyc2gaiFnL+CmkD9C5AyaE/7zm7czw5nN9VPoGxL0YW8bk6f4ts+1eR/2Zjrp/GMPkBHjkgF qc64TDeM6amr3XWfo+uFj22ZdYQDSlUmoQoXiHOdTPLsbj4RVVO/VqrE62JwTB7V8zTqrPpGb8R CDGjhKLZsxAEfJUJBoa3fNv8YAsPsoJIKJeJ64e8DptKEELSq+QGavWeZ6tl7SqC9MGZ0+Maefa zx/3bNBIem0Un7N1WUKZkTIXyZGBtjkNyEP/eN7Uio7vzQltqVM2lTxgeEVMVjNNU4Gm9h1RF2O 4QJmzqnxbj95E93KNgDcB0LnMYjqPyaTIzJPm0wqBsfd3Z8eqZ9jvA7o7ihlMAMOkJGXje6BUGk z6KK/ghrmhYng= X-Google-Smtp-Source: AGHT+IGIg69RaxPXalNtvgdkDfZzuEgN/maUA0NU09ZfV4DXuJGacLH+Dnaxa6jb0/6qldNxuvJkVA== X-Received: by 2002:a05:600c:a402:b0:45b:7510:4042 with SMTP id 5b1f17b1804b1-45b75104244mr37200115e9.17.1756393562644; Thu, 28 Aug 2025 08:06:02 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 10/23] x86/traps: Make an IDT-specific #DB helper Date: Thu, 28 Aug 2025 16:03:56 +0100 Message-Id: <20250828150409.901315-11-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393930061116600 FRED provides PENDING_DBG in the the stack frame, avoiding the need to read %dr6 manually. Rename do_debug() to handle_DB(), and update it to take a dbg field using positive polarity. Introduce a new handle_DB_IDT() which reads %dr6. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/traps.c | 28 +++++++++++++++++----------- xen/arch/x86/x86_64/entry.S | 2 +- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 7ae46ae20f98..0372f1c386a8 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -1992,14 +1992,11 @@ void asmlinkage do_device_not_available(struct cpu_= user_regs *regs) =20 void nocall sysenter_eflags_saved(void); =20 -void asmlinkage do_debug(struct cpu_user_regs *regs) +/* Handle #DB. @dbg is PENDING_DBG, a.k.a. %dr6 with positive polarity. */ +static void handle_DB(struct cpu_user_regs *regs, unsigned long dbg) { - unsigned long dr6; struct vcpu *v =3D current; =20 - /* Stash dr6 as early as possible. */ - dr6 =3D read_debugreg(6); - /* * At the time of writing (March 2018), on the subject of %dr6: * @@ -2066,13 +2063,13 @@ void asmlinkage do_debug(struct cpu_user_regs *regs) * If however we do, safety measures need to be enacted. Use a big * hammer and clear all debug settings. */ - if ( dr6 & (DR_TRAP3 | DR_TRAP2 | DR_TRAP1 | DR_TRAP0) ) + if ( dbg & (DR_TRAP3 | DR_TRAP2 | DR_TRAP1 | DR_TRAP0) ) { unsigned int bp, dr7 =3D read_debugreg(7); =20 for ( bp =3D 0; bp < 4; ++bp ) { - if ( (dr6 & (1u << bp)) && /* Breakpoint triggered? */ + if ( (dbg & (1u << bp)) && /* Breakpoint triggered? */ (dr7 & (3u << (bp * DR_ENABLE_SIZE))) && /* Enabled? = */ ((dr7 & (3u << ((bp * DR_CONTROL_SIZE) + /* Insn? */ DR_CONTROL_SHIFT))) =3D=3D DR_RW_EXEC= UTE) ) @@ -2093,9 +2090,9 @@ void asmlinkage do_debug(struct cpu_user_regs *regs) * so ensure the message is ratelimited. */ gprintk(XENLOG_WARNING, - "Hit #DB in Xen context: %04x:%p [%ps], stk %04x:%p, dr6 %= lx\n", + "Hit #DB in Xen context: %04x:%p [%ps], stk %04x:%p, dbg %= lx\n", regs->cs, _p(regs->rip), _p(regs->rip), - regs->ss, _p(regs->rsp), dr6); + regs->ss, _p(regs->rsp), dbg); =20 return; } @@ -2107,7 +2104,7 @@ void asmlinkage do_debug(struct cpu_user_regs *regs) * by debugging actions completed behind it's back. */ v->arch.dr6 =3D x86_merge_dr6(v->domain->arch.cpu_policy, - v->arch.dr6, dr6 ^ X86_DR6_DEFAULT); + v->arch.dr6, dbg); =20 if ( guest_kernel_mode(v, regs) && v->domain->debugger_attached ) { @@ -2115,7 +2112,16 @@ void asmlinkage do_debug(struct cpu_user_regs *regs) return; } =20 - pv_inject_DB(dr6 ^ X86_DR6_DEFAULT); + pv_inject_DB(dbg); +} + +/* + * When using IDT delivery, it is our responsibility to read %dr6. Conver= t it + * to positive polarity. + */ +void asmlinkage handle_DB_IDT(struct cpu_user_regs *regs) +{ + handle_DB(regs, read_debugreg(6) ^ X86_DR6_DEFAULT); } =20 void asmlinkage do_entry_CP(struct cpu_user_regs *regs) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 39c7b9d17f9e..789687488c5f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -1171,7 +1171,7 @@ FUNC(handle_ist_exception) .L_ ## vec ## _done: =20 DISPATCH(X86_EXC_NMI, do_nmi) - DISPATCH(X86_EXC_DB, do_debug) + DISPATCH(X86_EXC_DB, handle_DB_IDT) DISPATCH(X86_EXC_MC, do_machine_check) #undef DISPATCH =20 --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393863; cv=none; d=zohomail.com; s=zohoarc; b=LznInGWFXbU7BtCrANX528v3rGbrBXngKZN+4V2fqBiYekUCzcr27ah4+sTj/h5Qa3tIdqd5BgvDP4uMwgwiKh+Twfla+nMgyQny9jQbsjobKcD/h2NCq75f1K+XpUZOQMr4xlSOz47OCW6EUdJ38NUOow58AJTvlS7wM60klMY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393863; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=3oinKrjQdYUcRvt6fT6/XeocW4MeJM2zndzH0mNM5NI=; b=UbqifPBy3NMK3Ux4SmrD9lQJd/UCpIs15Ow/8uizqP76sRRiDMyxnI/H8WMS5hXSiP3yQrKKmJK0f7ybdq6PjR7zAO8QAs4Dub1GUELSbLUEL01aAToROEzXumt6wSWErVYtf3qhKA6fM68mITErmQlb1hRQzX7xtHgLn0+0rKc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393863604208.3834321682674; Thu, 28 Aug 2025 08:11:03 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099146.1453053 (Exim 4.92) (envelope-from ) id 1ureH2-00067p-Hz; Thu, 28 Aug 2025 15:10:48 +0000 Received: by outflank-mailman (output) from mailman id 1099146.1453053; Thu, 28 Aug 2025 15:10:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureH2-00067i-FL; Thu, 28 Aug 2025 15:10:48 +0000 Received: by outflank-mailman (input) for mailman id 1099146; Thu, 28 Aug 2025 15:10:47 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCU-00035A-Ad for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:06 +0000 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [2a00:1450:4864:20::329]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8499c332-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:06:04 +0200 (CEST) Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-45b79ec2fbeso6064855e9.3 for ; Thu, 28 Aug 2025 08:06:04 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:03 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8499c332-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393564; x=1756998364; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3oinKrjQdYUcRvt6fT6/XeocW4MeJM2zndzH0mNM5NI=; b=SijzbCZrMnvrVgsYqe9mXQ1UfCvjKvbGt5ZPg2MQAMY15LnViXWVbfbO3WKjHbCr0O 7YHLV+2iVbPINjwr0ARPYa7B/O7/XXtevJjpnAj3oO8O/bnwZL1tc+toeeovd2tVCqsS 6K/FdDp4aYmuBWiUkkcGGIkpWaOv6ksrhPJM4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393564; x=1756998364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3oinKrjQdYUcRvt6fT6/XeocW4MeJM2zndzH0mNM5NI=; b=UNbhEccSbl/bBdffzOtmaLA8pvlNk4uG6EXDHTc4PTRHdXGVIs6pAz9KI3+9CVDS7D jQrZzwcvuTplwj+I2g+Pv6knL5RMLQT14x1fq+OA8AwOKL0BqBjl8lsAirT3F0cEwV3r QrNHshyI8WHvzdaiqF1yFYgYXSQHT5AeAvV3e6toYWNKdXZqFPdrv5PoDTZpbR5ceqIJ dxA8voMFQwQcnBVUs6X1ANj1spO+9n49xqH6xQf3hT1N8jL6dGwWixHBjOGYgAMKGA1+ 69dNHnM394scRBMPi0fKTibAKaf/OmujVMEESqz1WwYBacq/Kb1rACEhYVGI8xpbFb2L GE0g== X-Gm-Message-State: AOJu0Yxd41n5BGrnvy/cqV4+zPSetnv1ez79EOxt3EDD8VQm+LoxDUwS VJ7mQ9SjVun/gILxk1ihyxrxpCG+0UHu/mDErHVGBL/7TvtQXd+MvgGjZeHXpi9p6egQchCPOvp SI9KH X-Gm-Gg: ASbGnctrEti9qvDgMEgpsrz+ZJT+OOQdtXBtLnYuCqFjxC7b4GT9JNSvYYY2AY5S4dL dFPyG4ht1JN3ekxHf9pelEc+W0+Y3ZpIvLDhUqpwrv0uRVke+vXoYcs2wkOlES0rCNBarefLuyM 4NG5QOsHUpGWRTQUGBQoxMs8Lznyvpv4MVygHUwIRXL5uKW00VJ9FTugXKF+IaDu10Zvl6kYLTI 13d2zcubB4ysufzZDLVHSwx5+oXxgWIRmGdkMaxRmRM2inPUw/nS4XoBbRQYe5/je17OTp6cuom +fyn6kX2kU/RxeGbQrCGB6GNck/W2HEuSRQAWweQtuEXL7nYfoPigS8Yt7hDBsSp4+DHbP9NCd3 A+oJoB+5lvI3KDdDdwJpkoU8eK+C+1oFyn4LMd0GOWAFR6Dopnw686oxp3A7jU4+AszbKbZUSye iv X-Google-Smtp-Source: AGHT+IHDTEoKNAOXhRhKSKxrjU5qG48yI9E+MjaVBQpEEcJGPR4F8Ob0cGzg1BSxM3ny2Nv/ouqDyA== X-Received: by 2002:a05:600c:c48f:b0:459:dfa8:b854 with SMTP id 5b1f17b1804b1-45b5fbee605mr132566925e9.5.1756393563755; Thu, 28 Aug 2025 08:06:03 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 11/23] x86/traps: Make an IDT-specific #PF helper Date: Thu, 28 Aug 2025 16:03:57 +0100 Message-Id: <20250828150409.901315-12-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393864167116600 FRED provides %cr2 in the the stack frame, avoiding the need to read %cr2 manually. Rename do_page_fault() to handle_PF(), and update it to take cr2, still nam= ed addr for consistency. Introduce a new handle_PF_IDT() which reads %cr2 and conditionally re-enabl= es interrupts. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/traps.c | 26 ++++++++++++++------------ xen/arch/x86/x86_64/entry.S | 2 +- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 0372f1c386a8..c11d72d47027 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -1670,21 +1670,10 @@ static int fixup_page_fault(unsigned long addr, str= uct cpu_user_regs *regs) return 0; } =20 -void asmlinkage do_page_fault(struct cpu_user_regs *regs) +static void handle_PF(struct cpu_user_regs *regs, unsigned long addr /* cr= 2 */) { - unsigned long addr; unsigned int error_code; =20 - addr =3D read_cr2(); - - /* - * Don't re-enable interrupts if we were running an IRQ-off region when - * we hit the page fault, or we'll break that code. - */ - ASSERT(!local_irq_is_enabled()); - if ( regs->flags & X86_EFLAGS_IF ) - local_irq_enable(); - /* fixup_page_fault() might change regs->error_code, so cache it here.= */ error_code =3D regs->error_code; =20 @@ -1745,6 +1734,19 @@ void asmlinkage do_page_fault(struct cpu_user_regs *= regs) pv_inject_page_fault(regs->error_code, addr); } =20 +/* + * When using IDT delivery, it is our responsibility to read %cr2. + */ +void asmlinkage handle_PF_IDT(struct cpu_user_regs *regs) +{ + unsigned long addr =3D read_cr2(); + + if ( regs->flags & X86_EFLAGS_IF ) + local_irq_enable(); + + handle_PF(regs, addr); +} + /* * Early #PF handler to print CR2, error code, and stack. * diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 789687488c5f..c02245ac064c 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -871,7 +871,7 @@ handle_exception_saved: * reading %cr2. Otherwise a page fault in the nested interrupt ha= ndler * would corrupt %cr2. */ - DISPATCH(X86_EXC_PF, do_page_fault) + DISPATCH(X86_EXC_PF, handle_PF_IDT) =20 /* Only re-enable IRQs if they were active before taking the fault= */ testb $X86_EFLAGS_IF >> 8, UREGS_eflags + 1(%rsp) --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393913; cv=none; d=zohomail.com; s=zohoarc; b=SQ9L9zirFXTSVSYY6LAtQjda1Q6eFX/1o1x3DRh2AhtOxorg5DrLv7FD5mweSMqJD1cuvScyvesBYiAAEm1D/Et6S6txrAts3zW6noHXLd951XmNrW9zFFwRm/MMttcmYJOf3LEdXZ1bLBYcJRGH2QMnq0D+45z8rJe3uOMwvcg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393913; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=tlSs33LyasAlNvUysj+jB74IjU0ubI6AuvZz0rNj+kg=; b=Ra1lUDcPWXtkJXBurr0UQ7CwCSESlZlsyVkiH/zEz2bgjFxPS9FwWtywtNyL+UtJjbAztlK8UanNrYjBA605a4ZCVCrU2lCes3l9MP7yMNSOL/Iqd+wSICNWnkNCLOeJe0ipxNeQQ77A8ybAjQFbvqyGUmQ8mCpWPD9bSKYG+/M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393913512715.2020108693512; Thu, 28 Aug 2025 08:11:53 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099207.1453214 (Exim 4.92) (envelope-from ) id 1ureHs-0004mH-UL; Thu, 28 Aug 2025 15:11:40 +0000 Received: by outflank-mailman (output) from mailman id 1099207.1453214; Thu, 28 Aug 2025 15:11:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHs-0004lt-QF; Thu, 28 Aug 2025 15:11:40 +0000 Received: by outflank-mailman (input) for mailman id 1099207; Thu, 28 Aug 2025 15:11:40 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCc-00035A-5l for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:14 +0000 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [2a00:1450:4864:20::331]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 894594af-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:06:12 +0200 (CEST) Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-45a1b05fe23so6562535e9.1 for ; Thu, 28 Aug 2025 08:06:12 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:10 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 894594af-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393571; x=1756998371; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tlSs33LyasAlNvUysj+jB74IjU0ubI6AuvZz0rNj+kg=; b=cm4HMhPFdlqTCjzXMqvEOl8+j7BieUIA96bpN5uxoD7N4Ky8scLcHiJac0KxDqUhOT YZZ2aYlbfcAHIQso5jzkYAZ+pN9fPwVLFNG+HxMfiBUVXo8gzWcns1UcYqIvx5kGja18 twgkbUjC4fcFBgchMasqV67C3Dv/FX2+1zqZE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393571; x=1756998371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tlSs33LyasAlNvUysj+jB74IjU0ubI6AuvZz0rNj+kg=; b=I+Pwdf07tU3zHCv1UAjiDFiI20BHmeyduaU46znW5q4bA6JCgz8Cv4xkuWKDjZQcDu ZFhW6o6v8Omr+FGS2+tkvDTL3uWtY4rMCwztOMc3jd5WMiPrVl9Obn/reTwpMcZx0fdS trExLS9FN1Yyyt4clJ6A0BwqDxSyfAzrHemjWcOgpthuY4ihG976zpIvsfCNi7Yblo3E hlf17bqhmsKX6rYJjRDAswfLiXFtVfoHG6IKQjwSOYJWc1b/+aUoWmKhwQPYSkXevTRZ N41pDkz1Gebfb9xL4oRQTIJtZN6pJSmbBXhD60rDXGWEWQcfr5nSYzXxEpujkb5h3scd bZzg== X-Gm-Message-State: AOJu0YwZD/9wSVPnuPFY0lrfMvcZP2eL0qlYCHSL+AzPUwwQDhLi9B05 qGoycxo1liOMibGQgN/tK0ngxikzubdBnpKOahsao9s5vEWq6XKWRJRJEVyaWk0f+ZFoqniCXAc kB/7a X-Gm-Gg: ASbGncvWmTEs5U+vKGn9v6FSu3EDCGiIwqENPUbUss+o5dYrkfvLp7W9M2CaHhZQkGQ 0/nw2TDLzZ6TjZhc5F7EYswysyHhkGj7VMdD+lSOSDEDZRou3hzinl8iZuiEwjwh1sQNudKTGhY dnG+m2Mh5P06PEB3LaTsHdvX7jkurQwMEEARDavUW6yxL6a4HEymsrtrgS/Rp2Uh6cqJxmXaeLn voyRnrPbEZOOXp/alcdN/wQ6Is9jZMkch4A3jF8czIudTOgBzRXpHmnW0JjWGVpf8rDLHy0pQvp GSuYLlHEDFXAHSVQQw+0SBxXnoUfzUdcIjTw7DeE5XK4PZWnH2qqME0OKcoaQ2uxKAJBpXNQXmK aw5S5VAuYICh/OAVXOtvK+hjPaijbuNEOqZl9IFFpALMl50bVUD2fVoNYfjgwkr9IklC4CZZdhl 3c3Vfw1UERSz0= X-Google-Smtp-Source: AGHT+IFAX/vmHjMJ8gCNh990nkuEzkfpCXYnyMoxCc0laDfZpJMLkpKrX3A0hZU27T5NEi99fqCP+A== X-Received: by 2002:a05:600c:1f83:b0:43c:f8fc:f697 with SMTP id 5b1f17b1804b1-45b517adfacmr197222375e9.9.1756393571177; Thu, 28 Aug 2025 08:06:11 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 12/23] x86/fsgsbase: Make gskern accesses safe under FRED Date: Thu, 28 Aug 2025 16:03:58 +0100 Message-Id: <20250828150409.901315-13-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393915830116600 Under FRED, the SWAPGS instructions is disallowed. Therefore we must use t= he MSR path instead. read_registers() is in the show_registers() path, so this allows Xen to ren= der it's current state without suffering #UD (and recursing until the stack gua= rd page is hit). All hardware with FRED is expected to have some kind of non-serialising acc= ess to these registers. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * Broken out of subsequent patch. Rebased over MSR cleanup. In principle, the following can also be used for read_registers() diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 5799770a2f71..0b0fdf2c5ac4 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -125,16 +125,21 @@ static void read_registers(struct extra_state *st= ate) state->cr3 =3D read_cr3(); state->cr4 =3D read_cr4(); - if ( !(state->cr4 & X86_CR4_FRED) && (state->cr4 & X86_CR4_FSGSBAS= E) ) + if ( state->cr4 & X86_CR4_FSGSBASE ) { state->fsb =3D __rdfsbase(); state->gsb =3D __rdgsbase(); + + if ( state->cr4 & X86_CR4_FRED ) + goto gskern_fred; + state->gss =3D __rdgskern(); } else { state->fsb =3D rdmsr(MSR_FS_BASE); state->gsb =3D rdmsr(MSR_GS_BASE); + gskern_fred: state->gss =3D rdmsr(MSR_SHADOW_GS_BASE); } but I'm not sure that it's a good enough improvement to warrant the complexity. --- xen/arch/x86/include/asm/fsgsbase.h | 8 ++++++-- xen/arch/x86/traps.c | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/include/asm/fsgsbase.h b/xen/arch/x86/include/asm= /fsgsbase.h index 24862a6bfea7..5faa3a324332 100644 --- a/xen/arch/x86/include/asm/fsgsbase.h +++ b/xen/arch/x86/include/asm/fsgsbase.h @@ -79,7 +79,9 @@ static inline unsigned long read_gs_base(void) =20 static inline unsigned long read_gs_shadow(void) { - if ( read_cr4() & X86_CR4_FSGSBASE ) + unsigned long cr4 =3D read_cr4(); + + if ( !(cr4 & X86_CR4_FRED) && (cr4 & X86_CR4_FSGSBASE) ) return __rdgs_shadow(); else return rdmsr(MSR_SHADOW_GS_BASE); @@ -103,7 +105,9 @@ static inline void write_gs_base(unsigned long base) =20 static inline void write_gs_shadow(unsigned long base) { - if ( read_cr4() & X86_CR4_FSGSBASE ) + unsigned long cr4 =3D read_cr4(); + + if ( !(cr4 & X86_CR4_FRED) && (cr4 & X86_CR4_FSGSBASE) ) __wrgs_shadow(base); else wrmsrns(MSR_SHADOW_GS_BASE, base); diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index c11d72d47027..66308e7c9edf 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -118,7 +118,7 @@ static void read_registers(struct extra_state *state) state->cr3 =3D read_cr3(); state->cr4 =3D read_cr4(); =20 - if ( state->cr4 & X86_CR4_FSGSBASE ) + if ( !(state->cr4 & X86_CR4_FRED) && (state->cr4 & X86_CR4_FSGSBASE) ) { state->fsb =3D __rdfsbase(); state->gsb =3D __rdgsbase(); --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393885; cv=none; d=zohomail.com; s=zohoarc; b=nbF4lr2Mby/sgTk4FLkT9cbN6Xh8125HgwfhI8hKb/p8ImFei+LqS9F7e+oFeai8g6i4w8tOTZ3C+DPiP/HJCoMBM6evFpiBND6sjOClotQ4ER1+oKiro70AvZbznawTbFefd4HYX+bdJQeV77/4Se9N4jEn4PJEwA6miQX+MoY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393885; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=nPXs+w8WmryJgY5GvLzGRtsQ1zYMjyMOMmErZdbk9MM=; b=YDgJrY5xHMECKitJ6RNAHhiBnC0wfPlu7Bg+KCTFaG1MAMsdWvAyno7EgkcAyH366ns1j8MfSYX01YzpNq5YpkxWO7drK50Hn7Qmb8FHxqLBhZ2GKYHjLOJPkdNfZGVhNCq1hAEseCCoFEYSHhIF2nUsxqMDKCBv3mvS6/YocQ8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393885244396.1655319500202; Thu, 28 Aug 2025 08:11:25 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099166.1453134 (Exim 4.92) (envelope-from ) id 1ureHP-0000Sz-R0; Thu, 28 Aug 2025 15:11:11 +0000 Received: by outflank-mailman (output) from mailman id 1099166.1453134; Thu, 28 Aug 2025 15:11:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHP-0000SG-M8; Thu, 28 Aug 2025 15:11:11 +0000 Received: by outflank-mailman (input) for mailman id 1099166; Thu, 28 Aug 2025 15:11:10 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCb-0003MD-Sq for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:14 +0000 Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [2a00:1450:4864:20::42f]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 89c35107-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:06:13 +0200 (CEST) Received: by mail-wr1-x42f.google.com with SMTP id ffacd0b85a97d-3c46686d1e6so661800f8f.3 for ; Thu, 28 Aug 2025 08:06:13 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:11 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 89c35107-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393572; x=1756998372; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nPXs+w8WmryJgY5GvLzGRtsQ1zYMjyMOMmErZdbk9MM=; b=k1bYDhbb/of0VskcoSxHTtl+n2oR6zAc2+B7t83OIyCjpqtLxtkVpeINnCeEJ1Z5bD Jqe9haOFPPRBVK2LkOvkH+UuqiBDBKvSOkskNx1TkxPMi503qvjAYJ+Sci+GBsUXUdDD Yl+Dqkul3RIjAm8qlJgodXi/m0lhcQyyGYJgk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393572; x=1756998372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nPXs+w8WmryJgY5GvLzGRtsQ1zYMjyMOMmErZdbk9MM=; b=JZqU4SpjNW7VkoSYC/wEE1gu8L9Hl9AfcgZ2nyxroWC36fDzyLgTf3jN7UP7F3IM3t x7wBIlgdpAvlDNKdxh5k0N54CQ5+uJhC5+xCdmI+W4rnZMxGd+A7YxYYgX5QJQ8Tl/pY VPHE+vJM55zH+4Gli8cDajFQInQH/7zjk5s4GVxM6TS2Ew5XrApWFy1QDlq2yNjKHqAB dRMDTQGvw3bVpIFlqZmdvdGNF/sm3o4rULioMJAHR7KdomzVYXeqHUwp/hm5JP8SprO+ PCg3H8OhLVoaGDKRruxdHuohLjvEhunQ3csUi31Iue5flSvEiRW3OiN48zGKr+ryCdbN UIAg== X-Gm-Message-State: AOJu0YyyaSz+GavH232doiWkdFzQPQDFJ5sBuxV4+n/QKammPAL3bg9C 9jbJl2xFeoNC/KCoEDuGv3Z/XUyV3zxGxuP5T/o+RbcdjTia/crr5WoW0RMaxZwt7Yj39/AgUHc SRSa6 X-Gm-Gg: ASbGnctLPdBQ6+vKtiIiWayjQbuo0Tuh5A2U9xRLhlU7J3B2DqkCmZxZFySjfrN/abN Bnlm8fLJ0C+38BGfNGzR3xIgqJqwoQA8MyERhPmDqn3wgrHi57Z5kB1UKkgYQ8RNGHi2kRRwxxI trde9qc7stQLzBKM1CvBBz3ZxxMWE3ZSq9L+gO8d69xBPSV78kMqnEg0HSLPkYLsUK/7qgADfbC LB4fYqh/0gnQR6e952EZG1O+RfAIYwbvrETPfzDuw5JOdTGFr91F2GceL7qvX69Hk+rY/K8ekZU WtYDOSC48GGKlXIfLHWiqlXIHv+78nzqgm6Qsvf75zsw02shNFTA5k+8FK7zBDiFrIGKABwQ8pq RV0ZC83LexhYgkUqgyboxFFpUJfFV6D62E3QfWE9jwVqxhZrzWzH1OlJssat2YCP72REjmvQEeK oCSu/ex3EpaOQ= X-Google-Smtp-Source: AGHT+IEJzy7vjhFl2NnJSLmlSTeasU53OfZ9J+lWcUnj0PPsFBQ65565gGLfR9PHviZPsH+33N033A== X-Received: by 2002:a05:6000:991:b0:3c6:df53:6968 with SMTP id ffacd0b85a97d-3c6df536b93mr17459262f8f.13.1756393572278; Thu, 28 Aug 2025 08:06:12 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 13/23] x86/traps: Introduce FRED entrypoints Date: Thu, 28 Aug 2025 16:03:59 +0100 Message-Id: <20250828150409.901315-14-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393886699116600 Under FRED, there's one entrypoint from Ring 3, and one from Ring 0. FRED gives us a good stack (even for SYSCALL/SYSENTER), and a unified event frame on the stack, meaing that all software needs to do is spill the GPRs with a line of PUSHes. Introduce PUSH_AND_CLEAR_GPRS and POP_GPRS for this purpose. Introduce entry_FRED_R0() which to a first appoximation is complete for all event handling within Xen. entry_FRED_R0() needs deriving from entry_FRED_R3(), so introduce a basic handler. There is more work required to make the return-to-guest path work under FRED, so leave a BUG clearly in place. Also introduce entry_from_{xen,pv}() to be the C level handlers. By simply copying regs->fred_ss.vector into regs->entry_vector, we can reuse all the existing fault handlers. Extend fatal_trap() to render the event type, including by name, when FRED = is active. This is slightly complicated, because X86_ET_OTHER must not use vector_name() or SYSCALL and SYSENTER get rendered as #BP and #DB. Also, {read,write}_gs_shadow() needs modifying to avoid the SWAPGS instruction, which is disallowed in FRED mode. This is sufficient to handle all interrupts and exceptions encountered duri= ng development, including plenty of Double Faults. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * Don't render a vector name for X86_ET_SW_INT * Fix typos in names[] * Link entry-fred.o first SIMICS hasn't been updated to the FRED v9, and still wants ENDBR instructio= ns at the entrypoints. --- xen/arch/x86/include/asm/asm_defns.h | 65 +++++++++++ xen/arch/x86/traps.c | 159 ++++++++++++++++++++++++++- xen/arch/x86/x86_64/Makefile | 1 + xen/arch/x86/x86_64/entry-fred.S | 33 ++++++ 4 files changed, 255 insertions(+), 3 deletions(-) create mode 100644 xen/arch/x86/x86_64/entry-fred.S diff --git a/xen/arch/x86/include/asm/asm_defns.h b/xen/arch/x86/include/as= m/asm_defns.h index 72a0082d319d..a81a4043d0f1 100644 --- a/xen/arch/x86/include/asm/asm_defns.h +++ b/xen/arch/x86/include/asm/asm_defns.h @@ -315,6 +315,71 @@ static always_inline void stac(void) subq $-(UREGS_error_code-UREGS_r15+\adj), %rsp .endm =20 +/* + * Push and clear GPRs + */ +.macro PUSH_AND_CLEAR_GPRS + push %rdi + xor %edi, %edi + push %rsi + xor %esi, %esi + push %rdx + xor %edx, %edx + push %rcx + xor %ecx, %ecx + push %rax + xor %eax, %eax + push %r8 + xor %r8d, %r8d + push %r9 + xor %r9d, %r9d + push %r10 + xor %r10d, %r10d + push %r11 + xor %r11d, %r11d + push %rbx + xor %ebx, %ebx + push %rbp +#ifdef CONFIG_FRAME_POINTER +/* Indicate special exception stack frame by inverting the frame pointer. = */ + mov %rsp, %rbp + notq %rbp +#else + xor %ebp, %ebp +#endif + push %r12 + xor %r12d, %r12d + push %r13 + xor %r13d, %r13d + push %r14 + xor %r14d, %r14d + push %r15 + xor %r15d, %r15d +.endm + +/* + * POP GPRs from a UREGS_* frame on the stack. Does not modify flags. + * + * @rax: Alternative destination for the %rax value on the stack. + */ +.macro POP_GPRS rax=3D%rax + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %r11 + pop %r10 + pop %r9 + pop %r8 + pop \rax + pop %rcx + pop %rdx + pop %rsi + pop %rdi +.endm + #ifdef CONFIG_PV32 #define CR4_PV32_RESTORE \ ALTERNATIVE_2 "", \ diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 66308e7c9edf..67763bec0dc5 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -89,6 +89,13 @@ const unsigned int nmi_cpu; #define stack_words_per_line 4 #define ESP_BEFORE_EXCEPTION(regs) ((unsigned long *)(regs)->rsp) =20 +/* Only valid to use when FRED is active. */ +static inline struct fred_info *cpu_regs_fred_info(struct cpu_user_regs *r= egs) +{ + ASSERT(read_cr4() & X86_CR4_FRED); + return (void *)(regs + 1); +} + struct extra_state { unsigned long cr0, cr2, cr3, cr4; @@ -1023,6 +1030,32 @@ void show_execution_state_nmi(const cpumask_t *mask,= bool show_all) printk("Non-responding CPUs: {%*pbl}\n", CPUMASK_PR(&show_state_ma= sk)); } =20 +static const char *x86_et_name(unsigned int type) +{ + static const char *const names[] =3D { + [X86_ET_EXT_INTR] =3D "EXT_INTR", + [X86_ET_NMI] =3D "NMI", + [X86_ET_HW_EXC] =3D "HW_EXC", + [X86_ET_SW_INT] =3D "SW_INT", + [X86_ET_PRIV_SW_EXC] =3D "PRIV_SW_EXC", + [X86_ET_SW_EXC] =3D "SW_EXC", + [X86_ET_OTHER] =3D "OTHER", + }; + + return (type < ARRAY_SIZE(names) && names[type]) ? names[type] : "???"; +} + +static const char *x86_et_other_name(unsigned int what) +{ + static const char *const names[] =3D { + [0] =3D "MTF", + [1] =3D "SYSCALL", + [2] =3D "SYSENTER", + }; + + return (what < ARRAY_SIZE(names) && names[what]) ? names[what] : "???"; +} + const char *vector_name(unsigned int vec) { static const char names[][4] =3D { @@ -1101,9 +1134,41 @@ void fatal_trap(const struct cpu_user_regs *regs, bo= ol show_remote) } } =20 - panic("FATAL TRAP: vec %u, %s[%04x]%s\n", - trapnr, vector_name(trapnr), regs->error_code, - (regs->eflags & X86_EFLAGS_IF) ? "" : " IN INTERRUPT CONTEXT"); + if ( read_cr4() & X86_CR4_FRED ) + { + bool render_ec =3D false; + const char *vec_name =3D NULL; + + switch ( regs->fred_ss.type ) + { + case X86_ET_HW_EXC: + case X86_ET_PRIV_SW_EXC: + case X86_ET_SW_EXC: + render_ec =3D true; + vec_name =3D vector_name(regs->fred_ss.vector); + break; + + case X86_ET_OTHER: + vec_name =3D x86_et_other_name(regs->fred_ss.vector); + break; + } + + if ( render_ec ) + panic("Fatal TRAP: type %u, %s, vec %u, %s[%04x]%s\n", + regs->fred_ss.type, x86_et_name(regs->fred_ss.type), + regs->fred_ss.vector, vec_name ?: "", + regs->error_code, + (regs->eflags & X86_EFLAGS_IF) ? "" : " IN INTERRUPT CON= TEXT"); + else + panic("Fatal TRAP: type %u, %s, vec %u, %s%s\n", + regs->fred_ss.type, x86_et_name(regs->fred_ss.type), + regs->fred_ss.vector, vec_name ?: "", + (regs->eflags & X86_EFLAGS_IF) ? "" : " IN INTERRUPT CON= TEXT"); + } + else + panic("FATAL TRAP: vec %u, %s[%04x]%s\n", + trapnr, vector_name(trapnr), regs->error_code, + (regs->eflags & X86_EFLAGS_IF) ? "" : " IN INTERRUPT CONTEXT= "); } =20 void asmlinkage noreturn do_unhandled_trap(struct cpu_user_regs *regs) @@ -2198,6 +2263,94 @@ void asmlinkage check_ist_exit(const struct cpu_user= _regs *regs, bool ist_exit) } #endif =20 +void asmlinkage entry_from_pv(struct cpu_user_regs *regs) +{ + /* Copy fred_ss.vector into entry_vector as IDT delivery would have do= ne. */ + regs->entry_vector =3D regs->fred_ss.vector; + + fatal_trap(regs, false); +} + +void asmlinkage entry_from_xen(struct cpu_user_regs *regs) +{ + struct fred_info *fi =3D cpu_regs_fred_info(regs); + uint8_t type =3D regs->fred_ss.type; + + /* Copy fred_ss.vector into entry_vector as IDT delivery would have do= ne. */ + regs->entry_vector =3D regs->fred_ss.vector; + + /* + * First, handle the asynchronous or fatal events. These are either + * unrelated to the interrupted context, or may not have valid context + * recorded, and all have special rules on how/whether to re-enable IR= Qs. + */ + switch ( type ) + { + case X86_ET_EXT_INTR: + return do_IRQ(regs); + + case X86_ET_NMI: + return do_nmi(regs); + + case X86_ET_HW_EXC: + switch ( regs->fred_ss.vector ) + { + case X86_EXC_DF: return do_double_fault(regs); + case X86_EXC_MC: return do_machine_check(regs); + } + break; + } + + /* + * With the asynchronous events handled, what remains are the synchron= ous + * ones. If we interrupted an IRQs-on region, we should re-enable IRQs + * now; for #PF and #DB, %cr2 and %dr6 are on the stack in edata. + */ + if ( regs->eflags & X86_EFLAGS_IF ) + local_irq_enable(); + + switch ( type ) + { + case X86_ET_HW_EXC: + case X86_ET_PRIV_SW_EXC: + case X86_ET_SW_EXC: + switch ( regs->fred_ss.vector ) + { + case X86_EXC_PF: handle_PF(regs, fi->edata); break; + case X86_EXC_GP: do_general_protection(regs); break; + case X86_EXC_UD: do_invalid_op(regs); break; + case X86_EXC_NM: do_device_not_available(regs); break; + case X86_EXC_BP: do_int3(regs); break; + case X86_EXC_DB: handle_DB(regs, fi->edata); break; + + case X86_EXC_DE: + case X86_EXC_OF: + case X86_EXC_BR: + case X86_EXC_NP: + case X86_EXC_SS: + case X86_EXC_MF: + case X86_EXC_AC: + case X86_EXC_XM: + do_trap(regs); + break; + + case X86_EXC_CP: do_entry_CP(regs); break; + + default: + goto fatal; + } + break; + + default: + goto fatal; + } + + return; + + fatal: + fatal_trap(regs, false); +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/x86_64/Makefile b/xen/arch/x86/x86_64/Makefile index f20763088740..c0a0b6603221 100644 --- a/xen/arch/x86/x86_64/Makefile +++ b/xen/arch/x86/x86_64/Makefile @@ -1,5 +1,6 @@ obj-$(CONFIG_PV32) +=3D compat/ =20 +obj-bin-y +=3D entry-fred.o obj-bin-y +=3D entry.o obj-$(CONFIG_KEXEC) +=3D machine_kexec.o obj-y +=3D pci.o diff --git a/xen/arch/x86/x86_64/entry-fred.S b/xen/arch/x86/x86_64/entry-f= red.S new file mode 100644 index 000000000000..3c3320df22cb --- /dev/null +++ b/xen/arch/x86/x86_64/entry-fred.S @@ -0,0 +1,33 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ + + .file "x86_64/entry-fred.S" + +#include +#include + + .section .text.entry, "ax", @progbits + + /* The Ring3 entry point is required to be 4k aligned. */ + +FUNC(entry_FRED_R3, 4096) + PUSH_AND_CLEAR_GPRS + + mov %rsp, %rdi + call entry_from_pv + + POP_GPRS + eretu +END(entry_FRED_R3) + + /* The Ring0 entrypoint is at Ring3 + 0x100. */ + .org entry_FRED_R3 + 0x100, 0xcc + +FUNC_LOCAL(entry_FRED_R0, 0) + PUSH_AND_CLEAR_GPRS + + mov %rsp, %rdi + call entry_from_xen + + POP_GPRS + erets +END(entry_FRED_R0) --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393882; cv=none; d=zohomail.com; s=zohoarc; b=B2JnKQx4bd2uUR0CY73YjFNfuOTxsfSVrWKaWTzUkZHOGWL1fVbRKWXRr+XwJwLb4S0qmyUxdJTXFz1jJ5f3neHqSX/ewXIEJH+kRc6nf7I2/pbZ/r/uGL7FrIVDbSdWZwg+OZ9AaZXu495BzecujhjrEMyQ7LGFExrr2ohwMgE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393882; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=MY3lQ3Gg5F0xoJy8yGYu7zB1wis52ZSXOTHimYFvGOs=; b=oEvxs8WNkPm+KBmE2RIgtLUlrmVE96qo30iGohWYowNjsg9KK4GmoaDosvQHET3uIC6Re2XC/+o1Br99He5u8CFggF4YLD6iIYpNSNWBItCnyAQpgFBelD1LGx3BhpymS0VCXEj/mC2e4SpDimMBKXz8G+fvYBRSZC6PkHRLqe8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393882104558.4240525266955; Thu, 28 Aug 2025 08:11:22 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099158.1453091 (Exim 4.92) (envelope-from ) id 1ureHI-0007Dq-6h; Thu, 28 Aug 2025 15:11:04 +0000 Received: by outflank-mailman (output) from mailman id 1099158.1453091; Thu, 28 Aug 2025 15:11:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHH-0007CY-U9; Thu, 28 Aug 2025 15:11:03 +0000 Received: by outflank-mailman (input) for mailman id 1099158; Thu, 28 Aug 2025 15:11:02 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCc-0003MD-T9 for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:14 +0000 Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [2a00:1450:4864:20::32a]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 8a3de1a5-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:06:14 +0200 (CEST) Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-45b618e067eso15236585e9.1 for ; Thu, 28 Aug 2025 08:06:14 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:12 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8a3de1a5-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393573; x=1756998373; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MY3lQ3Gg5F0xoJy8yGYu7zB1wis52ZSXOTHimYFvGOs=; b=Q9uOCq3fIQPBMWjLXoy5eDvPyqZpzxqVQqauARJAyzbP+b5wNNedbaaCWSSZJNjygS ySylziICJpVLxJG4BSBeAtuuxpzY0FJb/TIVctWfB91p15BvtaMnhJFyo8gtoBI4JmZ8 ls94S/r83XnUzYznHpyi74SHdkQSKkvao54zo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393573; x=1756998373; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MY3lQ3Gg5F0xoJy8yGYu7zB1wis52ZSXOTHimYFvGOs=; b=UmwJtB1eIkgHrn+07ZlmZp64iyLKKwsz/kV5hOYptDT6MVqlKYVC0SIffxaLSVWTuD XngujIzqcaTDa8NGLLZ4TnDX0OCWECKS3KJdyywceI/eQEObD550n+tAVvAJ5yvpwkpH +tk/fAbLWYJtvs6JL5L6v+hdas19FcowQO3XE/b8bIDl2tGbRecl+nsznhcDl6tBHXap OASVVeekA69S/OQyaULvzU0t38iLs4GU4HIie2lpMgYvVj0YJNqgaFi12RHR2GTMTC+y QdBbqeo34SWOeOXKRBvWTnjLAqm9vT2LgT+TvkJmDG4ZhifO5m4svF6RQpdzuvhCdi3A PFkg== X-Gm-Message-State: AOJu0YxZSRMVGQGmorklsuxfG5o4Ibfm56F7JKOrON3DaZ9lY+T8cDWn ECU+VSpTtaagHfe75zoETbmSOr78vEG933ssvi5I57OYI3DFLMaYm+d9IdN1o6PhTc6x0PfbSWH KAZBX X-Gm-Gg: ASbGncsFaZxd+Qx2jvgoukj5DMhWBLXE+WUlA0bEzMYKhoXp5tJnCipEItrjxCiy2+5 RyVQAAUJDDDIvUv5jMaYQrF4243yHf+rlBVFwXobKEMKo8ZPQUoy+aqk5o6hjh6HX87cgD5zSSr O2B9boCHsJFSh9dGxa7WB0kgeMfhiaIXVy8ft1FZ6h5AeOy2iv2ja6dn3TRgESpVkxbldQ2iVX+ Q0trzIL9ZuKOke45OZZEiiss3Xp2NIyaz29YStopGqMqm5o7aPP7NB5K6Gv+xyhFisI8kbsxPow EqHxJx8myBeD0DqEduBgd/dkPQN1qQlCnnnkFV2o6czY0nvheBLrc3lLonspMS30aT1K7My8PkK eP+aJW13+y4nq22tdtX3RVlmRR7FkHfv1ao2cqeT+0AAqpTj66VpwmSg8RRUREoJpR3EU1Uvj7U is X-Google-Smtp-Source: AGHT+IFQVvC2/C4PiSOWq/sn2hG6BV8Q8EC4V59JjEG6KGMP3c4wfKe9Oiz9FcakG4VgHBJE4PBv4A== X-Received: by 2002:a05:600c:5246:b0:458:6f13:aa4a with SMTP id 5b1f17b1804b1-45b68b79262mr94975525e9.6.1756393573084; Thu, 28 Aug 2025 08:06:13 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 14/23] x86/traps: Enable FRED when requested Date: Thu, 28 Aug 2025 16:04:00 +0100 Message-Id: <20250828150409.901315-15-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393884577116600 With the shadow stack and exception handling adjustements in place, we can = now activate FRED when appropriate. Note that opt_fred is still disabled by default. Introduce init_fred() to set up all the MSRs relevant for FRED. FRED uses MSR_STAR (entries from Ring3 only), and MSR_FRED_SSP_SL0 aliases MSR_PL0_SSP when CET-SS is active. Otherwise, they're all new MSRs. With init_fred() existing, load_system_tables() and legacy_syscall_init() should only be used when setting up IDT delivery. Insert ASSERT()s to this effect, and adjust the various *_init() functions to make this property tru= e. Per the documentation, ap_early_traps_init() is responsible for switching o= ff the boot GDT, which needs doing even in FRED mode. Finally, set CR4.FRED in {bsp,ap}_early_traps_init(). Xen can now boot in FRED mode up until starting a PV guest, where it faults because IRET is not permitted to change privilege. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * Explain the lack of BUG_ON() * Posion SL1 In principle we can stop allocating the IDT and TSS for CPUs now, although I want to get shutdown and kexec working before making this optimisation, in case there's something I've overlooked. --- xen/arch/x86/include/asm/current.h | 3 ++ xen/arch/x86/include/asm/traps.h | 2 + xen/arch/x86/traps-setup.c | 86 +++++++++++++++++++++++++++--- 3 files changed, 85 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/= current.h index 35cc61fa88e7..53b0d3cf143d 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -23,6 +23,9 @@ * 2 - NMI IST stack * 1 - #MC IST stack * 0 - IST Shadow Stacks (4x 1k, read-only) + * + * In FRED mode, #DB and NMI do not need special stacks, so their IST stac= ks + * are unused. */ =20 /* diff --git a/xen/arch/x86/include/asm/traps.h b/xen/arch/x86/include/asm/tr= aps.h index 73097e957d05..5d7504bc44d1 100644 --- a/xen/arch/x86/include/asm/traps.h +++ b/xen/arch/x86/include/asm/traps.h @@ -16,6 +16,8 @@ void traps_init(void); void bsp_traps_reinit(void); void percpu_traps_init(void); =20 +void nocall entry_FRED_R3(void); + extern unsigned int ler_msr; =20 const char *vector_name(unsigned int vec); diff --git a/xen/arch/x86/traps-setup.c b/xen/arch/x86/traps-setup.c index d77be8f83921..535b53969678 100644 --- a/xen/arch/x86/traps-setup.c +++ b/xen/arch/x86/traps-setup.c @@ -59,6 +59,8 @@ static void load_system_tables(void) .limit =3D sizeof(bsp_idt) - 1, }; =20 + ASSERT(opt_fred =3D=3D 0); + /* * Set up the TSS. Warning - may be live, and the NMI/#MC must remain * valid on every instruction boundary. (Note: these are all @@ -191,6 +193,8 @@ static void legacy_syscall_init(void) unsigned char *stub_page; unsigned int offset; =20 + ASSERT(opt_fred =3D=3D 0); + /* No PV guests? No need to set up SYSCALL/SYSENTER infrastructure. */ if ( !IS_ENABLED(CONFIG_PV) ) return; @@ -268,6 +272,52 @@ static void __init init_ler(void) setup_force_cpu_cap(X86_FEATURE_XEN_LBR); } =20 +/* + * Set up all MSRs relevant for FRED event delivery. + * + * Xen does not use any of the optional config in MSR_FRED_CONFIG, so all = that + * is needed is the entrypoint. + * + * Because FRED always provides a good stack, NMI and #DB do not need any + * special treatment. Only #DF needs another stack level, and #MC for the + * offchance that Xen's main stack suffers an uncorrectable error. + * + * This makes Stack Level 1 unused, but we use #DB's stacks, and with the + * regular and shadow stacks reversed as posion to guarantee that any use + * escalates to #DF. + * + * FRED reuses MSR_STAR to provide the segment selector values to load on + * entry from Ring3. Entry from Ring0 leave %cs and %ss unmodified. + */ +static void init_fred(void) +{ + unsigned long stack_top =3D get_stack_bottom() & ~(STACK_SIZE - 1); + + ASSERT(opt_fred =3D=3D 1); + + wrmsrns(MSR_STAR, XEN_MSR_STAR); + wrmsrns(MSR_FRED_CONFIG, (unsigned long)entry_FRED_R3); + + /* + * MSR_FRED_RSP_* all come with an 64-byte alignment check, avoiding t= he + * need for an explicit BUG_ON(). + */ + wrmsrns(MSR_FRED_RSP_SL0, (unsigned long)(&get_cpu_info()->_fred + 1)); + wrmsrns(MSR_FRED_RSP_SL1, stack_top + (IST_DB * IST_SHSTK_SIZE)); /* P= oison */ + wrmsrns(MSR_FRED_RSP_SL2, stack_top + (1 + IST_MCE) * PAGE_SIZE); + wrmsrns(MSR_FRED_RSP_SL3, stack_top + (1 + IST_DF) * PAGE_SIZE); + wrmsrns(MSR_FRED_STK_LVLS, ((2UL << (X86_EXC_MC * 2)) | + (3UL << (X86_EXC_DF * 2)))); + + if ( cpu_has_xen_shstk ) + { + wrmsrns(MSR_FRED_SSP_SL0, stack_top + (PRIMARY_SHSTK_SLOT + 1) * P= AGE_SIZE); + wrmsrns(MSR_FRED_RSP_SL1, stack_top + (1 + IST_DF) * PAGE_SIZE); = /* Poison */ + wrmsrns(MSR_FRED_SSP_SL2, stack_top + (IST_MCE * IST_SHSTK_SIZE)); + wrmsrns(MSR_FRED_SSP_SL3, stack_top + (IST_DF * IST_SHSTK_SIZE)); + } +} + /* * Configure basic exception handling. This is prior to parsing the comma= nd * line or configuring a console, and needs to be as simple as possible. @@ -329,16 +379,20 @@ void __init traps_init(void) printk(XENLOG_INFO "Disabling PV32 due to FRED\n"); } #endif + + init_fred(); + set_in_cr4(X86_CR4_FRED); + setup_force_cpu_cap(X86_FEATURE_XEN_FRED); printk("Using FRED event delivery\n"); } else { + load_system_tables(); + printk("Using IDT event delivery\n"); } =20 - load_system_tables(); - init_ler(); =20 /* Cache {,compat_}gdt_l1e now that physically relocation is done. */ @@ -356,8 +410,13 @@ void __init traps_init(void) */ void __init bsp_traps_reinit(void) { - load_system_tables(); - percpu_traps_init(); + if ( opt_fred ) + init_fred(); + else + { + load_system_tables(); + percpu_traps_init(); + } } =20 /* @@ -366,7 +425,8 @@ void __init bsp_traps_reinit(void) */ void percpu_traps_init(void) { - legacy_syscall_init(); + if ( !opt_fred ) + legacy_syscall_init(); =20 if ( cpu_has_xen_lbr ) wrmsrl(MSR_IA32_DEBUGCTLMSR, IA32_DEBUGCTLMSR_LBR); @@ -381,7 +441,21 @@ void percpu_traps_init(void) */ void asmlinkage percpu_early_traps_init(void) { - load_system_tables(); + if ( opt_fred ) + { + const seg_desc_t *gdt =3D this_cpu(gdt) - FIRST_RESERVED_GDT_ENTRY; + const struct desc_ptr gdtr =3D { + .base =3D (unsigned long)gdt, + .limit =3D LAST_RESERVED_GDT_BYTE, + }; + + lgdt(&gdtr); + + init_fred(); + write_cr4(read_cr4() | X86_CR4_FRED); + } + else + load_system_tables(); } =20 static void __init __maybe_unused build_assertions(void) --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393907; cv=none; d=zohomail.com; s=zohoarc; b=iSl697z9m9/o+Jsu87L+m+nhAhoezPgW0XEKekFY5lpros8VcVQsqgqJNXwHBjSh/a9wl/KP36B0uCCzAFPXzG0NcUvtT2gHW69O9ryLCyIccphSFRxP9RDQBVsYEZ/gboRiYDB2kKxO5z53gDwhBnd/eT/ocSM7uU3ThNcfhrk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393907; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=qKqcLDxlG1mGiL4nQNT2c4TkVXSyMWLCBmIFBffr14U=; b=kcr13tQ3SqEW6mRHJp3VaWTS9kQ5rXqkiXBSvuS6qHV3UKr/RgqRvvC0ywDrCKn6kGie/IQudW2IJMVqshL1BJMFv5ziKklxr/UcrIMeJYX7zQ47tjW1Yk0G3ersskhHLO4sNkFwo63pLuiek1knx4FalDA14rrWmNqSp2tcZIo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393907610678.297134807956; Thu, 28 Aug 2025 08:11:47 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099196.1453179 (Exim 4.92) (envelope-from ) id 1ureHf-0002ew-Nq; Thu, 28 Aug 2025 15:11:27 +0000 Received: by outflank-mailman (output) from mailman id 1099196.1453179; Thu, 28 Aug 2025 15:11:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHf-0002d6-Cj; Thu, 28 Aug 2025 15:11:27 +0000 Received: by outflank-mailman (input) for mailman id 1099196; Thu, 28 Aug 2025 15:11:25 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCe-00035A-Fs for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:16 +0000 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [2a00:1450:4864:20::42d]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8a9d1b23-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:06:14 +0200 (CEST) Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-3cd59c5a953so693956f8f.0 for ; Thu, 28 Aug 2025 08:06:14 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:13 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8a9d1b23-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393574; x=1756998374; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qKqcLDxlG1mGiL4nQNT2c4TkVXSyMWLCBmIFBffr14U=; b=IBOAy2llDm3I0eNGNdVzHeuGdaPwKmkze4+GvV28Pu4RDXS7M0OFGJWRWVs8FEbvgQ 9OiZ1bugIWS+VVpWoTBpDvHl+AC/WdREbOe6SDgS/Ju5aSejEFyjn/yzfbxm5wusCanc GbC0Z6vOUThU3Xf3KoonYwrdrf03i2W8T2SbQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393574; x=1756998374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qKqcLDxlG1mGiL4nQNT2c4TkVXSyMWLCBmIFBffr14U=; b=K8+v/E17SfWEe4pTDSdZkBTfabKCydh5cjBo1oP3LKbkgfP6C75UpYof9ium0fDdQS Y93+mbozI8bZBe/g58XSoEaNZ72vSCggBOddXvYZ6+YGVTTYJI1yzyn+OhrKTaN5d55u R/3LSukJKy6IeCB/5rS41BWKjP35i+Mew6TS3mQlA3ziPcOiO9lDu2GGYnXDk7sDwSh/ 9i/pXqOhVVkouGi2nZJcBwqlpzd27dar16FQt/YLkPYLGqhblUpXPMrx0O3ycQWZUFhi 6zISkj4An8ZlT1oVZ9yvwGPhlzq/ZeixRU/DGAE1Nr00TGwtL0RoDyX+L2G9v2FGnjsx w61Q== X-Gm-Message-State: AOJu0YyfPFqn0TAir/3lxGYuz/K3bcIOvhCqpsN5qpiT6zItaK21Zb/J sqJNrlwnWrZQsM+3rG+xkUFwWsntVOYXn+eJI91LJRDYkk83uBJB75Tw/jeO0Nx8l4RzO0CNvJm GUFvx X-Gm-Gg: ASbGncvxMTrZhECIPUhoA7087BTom4phIb4a5BBitUgZ9x4m4aLPpetA3LAxZhL0cv9 sgDRri1G9dsY45E8Qcvhr8l+bUvJX/pY+wv3VPZMxrfSEvnRL7YqhXufDJ8rQQZvNbP17iJN9gG d9noN7kxqcRV2apiMS+97Cu4n7OYYcOB1jQ/MMsjUwrV7Xi7NvBvkraRs2gzS01xpqkIRP7f/s2 xRfXwAvwytjJ0vWog/QZiEuYfWK8Tg4Hm49Jhy7x0lOx29muYFZ0eFskjtgFE1uQ/2p7Rk61UeB BTcZYp62dvT6YPjZ+pTubRj+43L6Pyro7iEPVxCyFEpVds73d3y+YBRt1VIDJqG5Gpli7tPH8QB 7H8b25mNojLv7+FLn1mxxYXek83LQkUoQbFk99gRRxsZAy2UaZEV0YRyywqx94v5TxnA1c8mj7x KVN3Lu7mylQ38= X-Google-Smtp-Source: AGHT+IF8N9XSxD0PQESmtZKfFtRr1vtWoJ4TLrpN191W3gdZj8NisuWwnrpE2c7KJGLHlE+VMVGfYQ== X-Received: by 2002:a5d:5d08:0:b0:3c5:20d3:6041 with SMTP id ffacd0b85a97d-3c5dc54071emr19642035f8f.41.1756393573895; Thu, 28 Aug 2025 08:06:13 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 15/23] x86/pv: Deduplicate is_canonical_address() in do_set_segment_base() Date: Thu, 28 Aug 2025 16:04:01 +0100 Message-Id: <20250828150409.901315-16-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393908342124100 This is really a rearrangement to make adding FRED support easier. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New There is a marginal code size improvement: add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-46 (-46) Function old new delta do_set_segment_base 496 450 -46 but it does get undone by the FRED support. --- xen/arch/x86/pv/misc-hypercalls.c | 32 ++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hyper= calls.c index 7a37f16bf038..4c2abeb4add8 100644 --- a/xen/arch/x86/pv/misc-hypercalls.c +++ b/xen/arch/x86/pv/misc-hypercalls.c @@ -176,27 +176,29 @@ long do_set_segment_base(unsigned int which, unsigned= long base) switch ( which ) { case SEGBASE_FS: - if ( is_canonical_address(base) ) - write_fs_base(base); - else + case SEGBASE_GS_USER: + case SEGBASE_GS_KERNEL: + if ( !is_canonical_address(base) ) + { ret =3D -EINVAL; - break; + break; + } =20 - case SEGBASE_GS_USER: - if ( is_canonical_address(base) ) + switch ( which ) { - write_gs_shadow(base); + case SEGBASE_FS: + write_fs_base(base); + break; + + case SEGBASE_GS_USER: v->arch.pv.gs_base_user =3D base; - } - else - ret =3D -EINVAL; - break; + write_gs_shadow(base); + break; =20 - case SEGBASE_GS_KERNEL: - if ( is_canonical_address(base) ) + case SEGBASE_GS_KERNEL: write_gs_base(base); - else - ret =3D -EINVAL; + break; + } break; =20 case SEGBASE_GS_USER_SEL: --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393905; cv=none; d=zohomail.com; s=zohoarc; b=FHh/rPk/4Gh4+y7Xi9A3Jht+atYkfdyX3ZzrjfH+aOdhyo8+iN2kaHFXMNNDp8qGjyjuVJRqb998rWJ9OiisVyDfQM8lWUURBRAwKAMFhz/9BZtCFbJMkeJz1x8C7tLatft478/j3X3+168zYSup967nvaQNkJuyMTx7GZW7fTQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393905; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=PgmHnEeI6SxfsGeG6rRdPzhs3Pr505V+8fvY4mIUQ20=; b=TUoKTzyZwi970E846P18H1tzl0S85tcsrUDLwv8Wzu00nnSZ2q+RlKNTWTGuNOKrRvelZ/Ez2pAuOqbYpqz6G6pp1nB26U8WB2xAc63oyjOlFcxu5WqOfob4YTBs14gNezyEtWnR9CARprBrcKfcORXGFx5cvlTQdJRTbYDF+5E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393905395827.462354680377; Thu, 28 Aug 2025 08:11:45 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099193.1453153 (Exim 4.92) (envelope-from ) id 1ureHd-00021g-BN; Thu, 28 Aug 2025 15:11:25 +0000 Received: by outflank-mailman (output) from mailman id 1099193.1453153; Thu, 28 Aug 2025 15:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHd-00021F-7l; Thu, 28 Aug 2025 15:11:25 +0000 Received: by outflank-mailman (input) for mailman id 1099193; Thu, 28 Aug 2025 15:11:24 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCe-0003MD-EB for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:16 +0000 Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [2a00:1450:4864:20::435]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 8b5178ae-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:06:16 +0200 (CEST) Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-3b9edf4cf6cso795791f8f.3 for ; Thu, 28 Aug 2025 08:06:16 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:14 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8b5178ae-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393575; x=1756998375; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PgmHnEeI6SxfsGeG6rRdPzhs3Pr505V+8fvY4mIUQ20=; b=UeFH2KrrwcE369wqLpu8KeZinEjyJ9eeV2Op4IeYmpcOLV60sFN3vYf8efxAWDMcbL pvzQX+x2/DgQt1h2++DNrHSMVVFh+MdVnCsDNFqxnklVO1zkRxGEkxqYSL8TQENjM3KZ X4ZWlAcOjU0xuKVK7DzaM541EPT9Fkyuz9Y8w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393575; x=1756998375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PgmHnEeI6SxfsGeG6rRdPzhs3Pr505V+8fvY4mIUQ20=; b=MblAlRFz7uR9eXruGW0Zf1ZGjZijJb82ZCXgCSexSab3LD6YkHwAwXl1PEKc0DykZV +RjCt8WSLllhJaFf3AVRcAWi276yetAnKsCMHcg5VJ3EihCqwXwn7kiG+apIDLKMb0sw +I+GrN4WthG+tIFB8Bh1yeuPsYKmtZ/jLvXRyG1jfdYpNJE22dR/TNnencLKUh38E1ZG gNlVVNKDwwp452ySMJY8F1yOPDRkf342wpx1aZ5SwpD4CvxEzJtqgqcu5rL2toMgjurH EfMmhdy7hwTQ/Qbp9bxNZchB8eOE2N8f3Xq00Wln9nSSd9Wfe9rGJwnQVbB6HbVGbVAD 4yxQ== X-Gm-Message-State: AOJu0YxEYFfarcDhQyRc4EU0mlbnNd0arQZjva250d1opl9c4ScPA2NS /e9nu4bge4XbXuNp4f2X++L6GWu+9mDcGBGzFEkM6o36SRfrFP7JuoRIPxAvno/tZVihAo/+OAn GXWpu X-Gm-Gg: ASbGnctlN2IJklEDjcZ8BInqdOWJa9mQsZqvcwx9tkcxqi9k27PoId9oxzxjKwc1Lef 6DvDzKwQIs8qpxXe5TVOj7ZxbI0ATqmZVksRknevlhu/AHlDiYc+MjC5qp4l8JtTwErjjLnOD4U cmPwn+kjC7foPcOE6pOCdwXuBk1kMXs4X/yDGDvGvMA7m9FRy/sYT9wlxYfQdK6fiMA4fLvt2QB y++GCkbCT0HewXLRb+YoxsLiFrJ6ofuIamHQoplAY2DWmY0xlm21dN2NJKPbYPCj2AdueOXAPnN wt7PEg2GYk8DyzoGE341yL0ghdxBIFsiC/ztPg+STWSZgFHP4gtbUnWEz10yYnbChgwMeNNWTbY c5d36j+xdih7j/POeUFNIgYPN5RUrA+afN/qeaxMGiCyJo8drOWnG+zbr5ys9/n+sG8POborDaG Fl X-Google-Smtp-Source: AGHT+IE6wkCmxSjZlDLFodx9e+bViG30EvRU7WG/WSSoEBbdFGwMfQm59jtAuWXGzfWmgd420HIOxg== X-Received: by 2002:a05:6000:250e:b0:3b9:55a:9d0c with SMTP id ffacd0b85a97d-3c5da54e97dmr17845560f8f.3.1756393575031; Thu, 28 Aug 2025 08:06:15 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 16/23] x86/entry: Alter how IRET faults are recognised Date: Thu, 28 Aug 2025 16:04:02 +0100 Message-Id: <20250828150409.901315-17-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393908127116600 Right now we have two IRET instructions that can fault for guest reasons, a= nd the pre exception table gives handle_exception as the fixup for both. Instead, we can have compat_restore_all_guest() use restore_all_guest()'s I= RET which gives us just a single position to handle specially. In exception_with_ints_disabled(), remove search_pre_exception_table() and = use a simpler check. Explain how the recovery works, because this isn't the fi= rst time I've had to figure it out. The reference to iret_to_guest highlights that any checking here is specific to CONFIG_PV, so exclude it in !PV builds. Later in exception_with_ints_disabled(), it suffices to load %ecx rather th= an %rcx, and remove a stray semi-colon from the rep movsq. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/x86_64/compat/entry.S | 3 +-- xen/arch/x86/x86_64/entry.S | 31 ++++++++++++++++++++++-------- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compa= t/entry.S index d7b381ea546d..39925d80a677 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -167,8 +167,7 @@ FUNC(compat_restore_all_guest) scf=3DSTK_REL(CPUINFO_scf, CPUINFO_rip), \ sel=3DSTK_REL(CPUINFO_verw_sel, CPUINFO_rip) =20 -.Lft0: iretq - _ASM_PRE_EXTABLE(.Lft0, handle_exception) + jmp iret_to_guest END(compat_restore_all_guest) =20 /* Callers can cope with both %rax and %rcx being clobbered. */ diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index c02245ac064c..01b431793b7b 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -241,8 +241,9 @@ iret_exit_to_guest: SPEC_CTRL_COND_VERW /* Req: %rsp=3Deframe C= lob: efl */ =20 addq $8,%rsp -.Lft0: iretq - _ASM_PRE_EXTABLE(.Lft0, handle_exception) + +LABEL(iret_to_guest, 0) + iretq END(restore_all_guest) =20 /* @@ -920,10 +921,23 @@ handle_exception_saved: exception_with_ints_disabled: testb $3,UREGS_cs(%rsp) # interrupts disabled outside Xen? jnz FATAL_exception_with_ints_disabled - movq %rsp,%rdi - call search_pre_exception_table - testq %rax,%rax # no fixup code for faulting EIP? - jz .Ldispatch_exceptions + +#ifndef CONFIG_PV + /* No PV? No IRETs-to-guest to worry about. */ + jmp .Ldispatch_exceptions +#else + /* Check to see if the exception was on the IRET to guest context.= */ + lea iret_to_guest(%rip), %rax + cmp %rax, UREGS_rip(%rsp) + jne .Ldispatch_exceptions + + /* + * Recovery is at handle_exception. It may be necessary to make s= pace + * on the interrupted stack for ec/ev, after which the current ec/= ev + * is copied to make it appear as if this exception occurred in gu= est + * context. + */ + lea handle_exception(%rip), %rax movq %rax,UREGS_rip(%rsp) # fixup regular stack =20 #ifdef CONFIG_XEN_SHSTK @@ -940,13 +954,14 @@ exception_with_ints_disabled: movq %rsp,%rsi subq $8,%rsp movq %rsp,%rdi - movq $UREGS_kernel_sizeof/8,%rcx - rep; movsq # make room for ec/ev + mov $UREGS_kernel_sizeof/8, %ecx + rep movsq # make room for ec/ev 1: movq UREGS_error_code(%rsp),%rax # ec/ev movq %rax,UREGS_kernel_sizeof(%rsp) mov %r15, STACK_CPUINFO_FIELD(xen_cr3)(%r14) mov %r13b, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) jmp restore_all_xen # return to fixup code +#endif /* !CONFIG_PV */ =20 /* No special register assumptions. */ FATAL_exception_with_ints_disabled: --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393912; cv=none; d=zohomail.com; s=zohoarc; b=JeYfdUXFPFGHlyYD9aSWfS2tyNsT6HsDRMg7helstrwUX1zFGQ4qxMkTLQ+BtCyHueypGPWPpmMb/k31RnlnBFdgGh+ZsCBgPLMZ3etX8ipHY9eJsvIhR8pRTytWSZmbc+WxTC/h+gzNeBaOIVjXI2UwZjG739T2SlfyRTnKnw8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393912; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=FrDLZojjpeEcCCCwufcD7E82gZIQTbD6hJlojBPfd1Y=; b=RwN2QnNJJa2pHvDwF9kZDaB5XKcbgEK6b4XNvmaqMgs2mMciAmK4nDnMLtDZc3xmQhVBDUJ8dc7ZmzVvkqcLpde5UnvgP6EbFmwxr0cvfFPK966cqz+ebX1EgomIQnlAQenge/hOQom8GnFP8RXDaaZM35O/ipxGzhdH0uuEs4s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393912868190.32389090718527; Thu, 28 Aug 2025 08:11:52 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099203.1453194 (Exim 4.92) (envelope-from ) id 1ureHo-0003wW-RS; Thu, 28 Aug 2025 15:11:36 +0000 Received: by outflank-mailman (output) from mailman id 1099203.1453194; Thu, 28 Aug 2025 15:11:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHo-0003wK-O1; Thu, 28 Aug 2025 15:11:36 +0000 Received: by outflank-mailman (input) for mailman id 1099203; Thu, 28 Aug 2025 15:11:35 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCk-00035A-2Z for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:22 +0000 Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [2a00:1450:4864:20::330]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8deb692b-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:06:20 +0200 (CEST) Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-45b7c56a987so2491995e9.1 for ; Thu, 28 Aug 2025 08:06:20 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:15 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8deb692b-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393576; x=1756998376; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FrDLZojjpeEcCCCwufcD7E82gZIQTbD6hJlojBPfd1Y=; b=fx4jO1u5Pe6DfGf8/niOGST7PfBD1ZP6gknEMjQKVeyiHVWD7um7A2GwFdlk0s6rlU R1uUCcwAlWAu2k/OomExuPy7TRcZsH2bQ4GGR4fFoHPlZf4D0UKAWxYukJ0H02dS3U+i DznaUcYX4rUVuk+SpO7ZNuJD5+sStmw+aYY58= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393576; x=1756998376; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FrDLZojjpeEcCCCwufcD7E82gZIQTbD6hJlojBPfd1Y=; b=sFNJlJT8c0gluWLsskFdvnPsEBcfRkwAge7ql1XhMjZoCwn8rBeBf4nU7ursiSLb7W iQ9Kj4LPPl0b1IALoNRFHlNcIGM/jGM9gHB8iQA3st/2uNxXw1P9bvnJ6zsljKc3wtac Ul+LcqDvDh8eVULW6e77ClTPZN/lr1WIHfBVBke3r6am9HHQdfyAX+xggRK/B96R1WWz CMgP9kTmRcYG6SCOFo5WCvVtMgQrAxnAkbIHv/DYhpOtAc8V0ObghYVjISr7BEjUS7KK an0gU2ZpXF1isKIs7ZLoMPFjCy1bJ/LJhDZha60GIKeQNjavADGgJK8HPEcsxKGG4fee IFEQ== X-Gm-Message-State: AOJu0YxFSAjzVuM4keZK2+K0fTz6eXNSAzPtKKtMd5dbt2D6qlW8BSVf lRRD/dIDxuHY17BYZronQ7yk0/hz+5233AeHYlWKjGbkQ9RCWMKQG9zSqqFQbYcikKt6EUYgDnb weN72 X-Gm-Gg: ASbGncvJkH+M+XWsLQzFCNR1W7VcKnUo1YFGbmBw96SKBCKMPIIQnllBV404Kok6/ce 83f+srsUGvCI0kiA7kDbJTbO4TJUkyTvNzH1xnoBQLEik4Y/whFR7bSnM8SgAP7/P+Rl9Y4720P i2ZfC5agqCPMZEOyMx3EF+TqX5nHCKI7nKBHfpxetK89Hs6kEizbLznj/vf0FINyEf2A1nJr1+B Qd12dmA9pCpCDl+32d8vca7iFD/gWoW0ch/RMDsINFj1+P2H1E9L+iEvJle+1bm/LgOXfJH6XkW ZBKsOY8vv/cReqpaLvcOWepqK0ToTi8vHG5a2+4WtB03s14IKb3RZt+zAaKNt/1Lxgm35xN/55d ImrSF/aZjm3F8eepgI/yvn/ULOf0HZUIyvXzmwq7ujEMQGkbN0AGZVuKmYAkcxuXH27S46LOnhh WoumBaen5Kzmo= X-Google-Smtp-Source: AGHT+IFXn2lu5/qDMrHuLeebtuu84azm8XvndGfqNIgKY0Ef4fMOu6/+AjthmwWQxQOQbXtUwhhZTQ== X-Received: by 2002:a05:600c:3b15:b0:458:c059:7db1 with SMTP id 5b1f17b1804b1-45b517d4580mr230098655e9.30.1756393576217; Thu, 28 Aug 2025 08:06:16 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 17/23] x86/entry: Drop the pre exception table infrastructure Date: Thu, 28 Aug 2025 16:04:03 +0100 Message-Id: <20250828150409.901315-18-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393913865116600 It is no longer used. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/extable.c | 14 -------------- xen/arch/x86/include/asm/asm_defns.h | 11 ++++------- xen/arch/x86/include/asm/uaccess.h | 2 -- xen/arch/x86/xen.lds.S | 5 ----- 4 files changed, 4 insertions(+), 28 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index cf637d0921e4..a9b6c6b904f5 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -61,7 +61,6 @@ void init_or_livepatch sort_exception_table(struct except= ion_table_entry *start, void __init sort_exception_tables(void) { sort_exception_table(__start___ex_table, __stop___ex_table); - sort_exception_table(__start___pre_ex_table, __stop___pre_ex_table); } =20 static unsigned long @@ -219,16 +218,3 @@ int __init cf_check stub_selftest(void) } __initcall(stub_selftest); #endif /* CONFIG_SELF_TESTS */ - -unsigned long asmlinkage search_pre_exception_table(struct cpu_user_regs *= regs) -{ - unsigned long addr =3D regs->rip; - unsigned long fixup =3D search_one_extable( - __start___pre_ex_table, __stop___pre_ex_table, addr); - if ( fixup ) - { - dprintk(XENLOG_INFO, "Pre-exception: %p -> %p\n", _p(addr), _p(fix= up)); - perfc_incr(exception_fixed); - } - return fixup; -} diff --git a/xen/arch/x86/include/asm/asm_defns.h b/xen/arch/x86/include/as= m/asm_defns.h index a81a4043d0f1..d7eafedf0e4c 100644 --- a/xen/arch/x86/include/asm/asm_defns.h +++ b/xen/arch/x86/include/asm/asm_defns.h @@ -65,22 +65,19 @@ register unsigned long current_stack_pointer asm("rsp"); =20 /* Exception table entry */ #ifdef __ASSEMBLY__ -# define _ASM__EXTABLE(sfx, from, to) \ - .section .ex_table##sfx, "a" ; \ +# define _ASM_EXTABLE(from, to) \ + .section .ex_table, "a" ; \ .balign 4 ; \ .long _ASM_EX(from), _ASM_EX(to) ; \ .previous #else -# define _ASM__EXTABLE(sfx, from, to) \ - " .section .ex_table" #sfx ",\"a\"\n" \ +# define _ASM_EXTABLE(from, to) \ + " .section .ex_table,\"a\"\n" \ " .balign 4\n" \ " .long " _ASM_EX(from) ", " _ASM_EX(to) "\n" \ " .previous\n" #endif =20 -#define _ASM_EXTABLE(from, to) _ASM__EXTABLE(, from, to) -#define _ASM_PRE_EXTABLE(from, to) _ASM__EXTABLE(.pre, from, to) - #ifdef __ASSEMBLY__ =20 .macro BUILD_BUG_ON condstr, cond:vararg diff --git a/xen/arch/x86/include/asm/uaccess.h b/xen/arch/x86/include/asm/= uaccess.h index 719d053936b9..4c41a0fe0426 100644 --- a/xen/arch/x86/include/asm/uaccess.h +++ b/xen/arch/x86/include/asm/uaccess.h @@ -410,8 +410,6 @@ struct exception_table_entry }; extern struct exception_table_entry __start___ex_table[]; extern struct exception_table_entry __stop___ex_table[]; -extern struct exception_table_entry __start___pre_ex_table[]; -extern struct exception_table_entry __stop___pre_ex_table[]; =20 union stub_exception_token { struct { diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 966e514f2034..66075bc0ae6d 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -119,11 +119,6 @@ SECTIONS *(.ex_table) __stop___ex_table =3D .; =20 - /* Pre-exception table */ - __start___pre_ex_table =3D .; - *(.ex_table.pre) - __stop___pre_ex_table =3D .; - . =3D ALIGN(PAGE_SIZE); __ro_after_init_end =3D .; =20 --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393936; cv=none; d=zohomail.com; s=zohoarc; b=H229+CZFtdbobxb3G/55m6rgd+X9VW8fjioOHXHa+wvU27ghFI+d12+E3p1drzf9ZyefzD+UNWZOj5sD4Z8Jmgo2++bgc9QmxJHKmCfYPcLmFe674f8ANCRzqZQ0zyE0Q9DGHKP9TFz4mCviSh0dDHWb8v4whUEtTmwoyeyOThc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393936; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=GmwgODjPN6nPKRNPSq/p+SO1nUaITBGwAJt/YgiqGwc=; b=lyRWBCNgiJcGH3UZ5F6HXl3DLbhqzEhbMPc6zUQiok3VErZM3yqEegpBTLqkUA5tw8ojHf0N/DML6hsQ9mj77NbIUdtSMWVzOgM87V8HBQluiQJNAXuAbkNGFLoxLNyAPO/oo7ftBleLp8BDx/pVBi8OEjhKI//0D6C2jMHAhg8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393936116615.8745728747325; Thu, 28 Aug 2025 08:12:16 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099224.1453224 (Exim 4.92) (envelope-from ) id 1ureI8-00067r-5j; Thu, 28 Aug 2025 15:11:56 +0000 Received: by outflank-mailman (output) from mailman id 1099224.1453224; Thu, 28 Aug 2025 15:11:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureI8-000674-2Y; Thu, 28 Aug 2025 15:11:56 +0000 Received: by outflank-mailman (input) for mailman id 1099224; Thu, 28 Aug 2025 15:11:55 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCk-0003MD-5B for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:22 +0000 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [2a00:1450:4864:20::32e]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 8eb3cfff-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:06:21 +0200 (CEST) Received: by mail-wm1-x32e.google.com with SMTP id 5b1f17b1804b1-45b7d497abaso3186235e9.0 for ; Thu, 28 Aug 2025 08:06:21 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:16 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8eb3cfff-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393581; x=1756998381; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GmwgODjPN6nPKRNPSq/p+SO1nUaITBGwAJt/YgiqGwc=; b=jwy1oQwNYRcL62irk0oR2Em6Gx2HkHqaK27NB6pxQB2Wm68MKZdXofT6zzjcVEPboS SRZU89Fhtx1IHMIpEheMplS18BgRFuWz4ZSYiLnXaQK44qGOPWF3SvSNg8qBWXcumnIw cm2AZuStNKm/x6SrDJK/4QUrrOC6lra9GgHxQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393581; x=1756998381; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GmwgODjPN6nPKRNPSq/p+SO1nUaITBGwAJt/YgiqGwc=; b=CqvQL7L/qG6ugpGBRy7CtanRwRLLYpmRSA+lrg2qUH7BmwV+r7VDlrWRMXwn45tZSE KpT6JrEcqDXYGw9SwM3WSmOittxCeEeQi9jJ9OlIrx3Qi4VD9hiWMKY0+woEHCcsulRX SQ7qb+pIR7HbOL5AFR8rrv3Wn/KrKoUGfMAqW4mHO15WYB+GqHfcq9s3h8LF3CoYCfky 9Uat/5oXBSaFANz3uxBuOvxj23pasx689djOGfBqGIEku+HbM7kZ5EBm3t73SEqydAmf CC2JcKytS8jzZpQ0vFiYWVc7+Vym6DVqvUc/waVF2R0TfgB4Ed3WBFdDMN9XuQRYNoXb 02oQ== X-Gm-Message-State: AOJu0YwIu7MpxttmshVmejfxO8UM7Ex3CarW/sQVK0HH9UNPoDO+m2Rs 0FPWiYPiMU9do/wsMZtHeeCbGJs21Mo6WT9br8GSoMHXVOY7RkKkyfr/H6HXfekXmXFZosP+1U9 e2mbb X-Gm-Gg: ASbGncuQXoUhgTkljWyIjUWJy+YycaU94OR3IvUlDTOBNpe1FQCPTHtiyVz7+KNuL7Y IM+Qaj3XMcrDcxPGlrIrJN80FRrkF00dPUfNvqjb4wXHseqNgfWT/OCnVIxlQuLslIIqGMMdsUp 0BqVmNtCEt8NIQhO7CdYHclRoeibY1bAOG4S6iOU87F5APWR5vq+gvBoJOSNVYutRKw1Wg/UxLQ tlcw4xFW0l+qi+0hjGK+jV0uLygj6WqTMnYEl06CQ/aS2tTZMbqWTSNFVUV9Q4kmFLAuYfEG6iW qHk0Bx+DEQlYbGaMADh9dnfXgL5JC96WmtWmqHWmqzAtCD0Jh5DB74xZRVIzXXFLF9vjwQn7yUT 6Wd4JB8FuGLruLHRP9AxZCx7NHitWTWbWF74teFsnD7HNxkKdX6nac6pjB1dUJDYIBGWf1kE9fM XM+GA3XSgZ+8ZdSE82XCixQw== X-Google-Smtp-Source: AGHT+IGYh6/Uc8RXOHSJi5GjnOH/Z0GuayX2Ml2I360nZld1z/zCtY4UfPV1EvgM6x+1eGb0VNNZvg== X-Received: by 2002:a05:600c:3544:b0:45b:7c4c:cfbf with SMTP id 5b1f17b1804b1-45b7c4cd1e7mr19748025e9.23.1756393580707; Thu, 28 Aug 2025 08:06:20 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 18/23] x86/entry: Rework the comment about SYSCALL and DF Date: Thu, 28 Aug 2025 16:04:04 +0100 Message-Id: <20250828150409.901315-19-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393938001116600 It's soon going to be needed in a second location. Right now it's misleading saying that nothing else would be cleared. It's missing the more important point that SYSCALLs are treated like all other interrupts and exceptions, and undergo normal flags handling there. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/x86_64/entry.S | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 01b431793b7b..ca446c6ff0ce 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -39,10 +39,9 @@ FUNC_LOCAL(switch_to_kernel) leal (,%rcx,TBF_INTERRUPT),%ecx =20 /* - * The PV ABI hardcodes the (guest-inaccessible and virtual) - * SYSCALL_MASK MSR such that DF (and nothing else) would be clear= ed. - * Note that the equivalent of IF (VGCF_syscall_disables_events) is - * dealt with separately above. + * The PV ABI, given no virtual SYSCALL_MASK, hardcodes that DF is + * cleared. Other flags are handled in the same way as interrupts= and + * exceptions in create_bounce_frame(). */ mov $~X86_EFLAGS_DF, %esi =20 --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393867; cv=none; d=zohomail.com; s=zohoarc; b=bu57hcVUOy/ZmR+KxEhB3PqtXQ/JNhvv859BEJ7Breji01Y1MPwWSXMZaKS5dtUBvsFbxHrHviJ8oRyS6gPrK0Imxk8ogrtCqbYYvl/As0iZHuigkYPSO9RRMcMavte8tyYAqXrV93ivUpkq7Z+E2hQ67xA3VXAPd/18ZKp8VqM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393867; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=1g7fXJwyTmagQ+fUZI3KocvezPB5n0D5eI066AmNuaE=; b=IfaxjjjojfvjPIdrNjAiaIKcxf4zb8YxZPzC+TxS8D+SWPAbBxKyuzhwZwX49YbwlfxySLmvdT9wELo/tXXAoMUEmmisf6MX6t7zeqiMBUmdxC7qThsHd/37ogsLq1VvJqvNtkBDrq0syNqvNYomeuWYu1Um7zPjDVRF8X2InKg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393867203794.8228145302963; Thu, 28 Aug 2025 08:11:07 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099147.1453059 (Exim 4.92) (envelope-from ) id 1ureH2-00069k-RW; Thu, 28 Aug 2025 15:10:48 +0000 Received: by outflank-mailman (output) from mailman id 1099147.1453059; Thu, 28 Aug 2025 15:10:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureH2-00069F-MX; Thu, 28 Aug 2025 15:10:48 +0000 Received: by outflank-mailman (input) for mailman id 1099147; Thu, 28 Aug 2025 15:10:47 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCm-00035A-Nm for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:24 +0000 Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [2a00:1450:4864:20::32f]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 8f7a945b-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:06:23 +0200 (CEST) Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-45a1b0cbbbaso9178255e9.3 for ; Thu, 28 Aug 2025 08:06:23 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:21 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8f7a945b-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393582; x=1756998382; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1g7fXJwyTmagQ+fUZI3KocvezPB5n0D5eI066AmNuaE=; b=e40UnWakUmICyJ3pgdWjAez32Xs2J8sJVM2c7HjLii+GhaWcZn6eK24J20LuH2QRvy EWmYnAlGG5jZAilVjtrWSPVB5lf8A5HgrJh71h/fO4b9+7OAdCvWnX9kTrKN/wWQ8l3s LoqxjghvSqwgQRay1a7REwyTWspU9a3N/F8nA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393582; x=1756998382; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1g7fXJwyTmagQ+fUZI3KocvezPB5n0D5eI066AmNuaE=; b=XPxRVazyl+pEnLtPsIEM2X2W8/b8bnP3xlAxdSkI8Xor7dXHCHH9g8OH9RIJ7etTBs Fgc5AtewBvF0PEfjTswN8yVxLCyyLvi/6w9SzAbr9l/anadmF5rjFkvLOTO1DqoxGUB4 ZHpwCLhsVQVqUaxFlQj3EN0IeWO+XZZR6Z9OtpkTQwpZd9KueClzQz7IbvfWGhvhocF/ aFJJlK8zaWpUBjzM6CF4AOMOrRrMVvyCbFbIkkeMSJDIkneFPYQKaVFJkX4mcW5n8SRd 2qt4tBm0x4jmAaU8tuyqSikjGhbHpyPZ2P4Gye3IUb6nRHDeYwZOHHpVC82lp/VwN5g4 aTDA== X-Gm-Message-State: AOJu0YwggQWQZa/Tknqc4onzYLrtPqPXF8kkgkmcgrWZEDUkNiJTpP9L ucRsaFFTXWQ//cZVl4/oQvvkr7HpTrY0J/P47XL6IvlaZmbeSeQjhLw+Z9naEUDTqP09z7zVYEP NJiNb X-Gm-Gg: ASbGncvgPQc0Ls3bCZlgSr/0KJg+9KPR4ToZnGQbSrnjU2yYRIgLJSlszT62GfqpCmm JtgHS8tyIHYRP/tHtt9i8wvHDw1KzttzCB+pGC8DoMXJ0kql8L0U9htMVnUD9pWl3jZRL7J3pKv 9Wc8VJy2ipjZhbSpo3ESYoppHSCescz2OzcR3M8sNJotDbghOcMXUHSrHGm16FTiredYi4qAHsV UEgi8crdA1flvgkoCzDPRyAnz6ZibLOZ9+4J0mv940CTkgxYzyTs4cE/vTLAlLWA1ujBPCzHcvE lDNEgQTnxed6AzAjFZeToMyvfK79I3z2Ffk5XoDgnpnGriPRoFvTt9vMot4SiMFUYsSGzkILEkD POB3V7uN8qt7PTQu6Emqt2TZT4LqwOGxGnCNLTY/UE/MsdMzR2zAyxHJaKfEl/bR4w/UqT3Vffd lOAEhZvuGVeE4hU4bJe6igSA== X-Google-Smtp-Source: AGHT+IGFUp4xpm3RLbeJfkywplsFAa8MLRkbelyLTQZbgnqQvj2Y2geapjX8W3GoRwIA0s3EEF5aCg== X-Received: by 2002:a05:600c:190e:b0:459:e3f8:9308 with SMTP id 5b1f17b1804b1-45b517ad4bbmr217773045e9.11.1756393581895; Thu, 28 Aug 2025 08:06:21 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 19/23] x86/pv: Adjust GS handling for FRED mode Date: Thu, 28 Aug 2025 16:04:05 +0100 Message-Id: <20250828150409.901315-20-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393869565124100 When FRED is active, hardware automatically swaps GS when changing privileg= e, and the SWAPGS instruction is disallowed. For native OSes using GS as the thread local pointer this is a massive improvement on the pre-FRED architecture, but under Xen it makes handling PV guests more complicated. Specifically, it means that GS_BASE and GS_SHADOW are the opposite way around in FRED mode, as opposed to IDT mode. This leads to the following changes: * In load_segments(), we have to load both GSes. Account for this in the SWAP() condition and avoid the path with SWAGS. * In save_segments(), we need to read GS_KERN rather than GS_BASE. * In toggle_guest_mode(), we need to emulate SWAPGS. * In do_set_segment_base(), merge the SEGBASE_GS_{USER,KERNEL} cases and take FRED into account when choosing which base to update. SEGBASE_GS_USER_SEL was already an LKGS invocation (decades before FRED) so under FRED needs to be a simple MOV %gs. Simply skip the SWAPGSes. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New I think this functions, but it's not ideal. The conditions are asymmetric = and awkward. In principle, MSR_IMM can be as performant as FSGSBASE. They can literally= be the the same microcode if the microline indexing allows. Otherwise, the FSGSBASE instructions will be more performant than MSR accesses (no need to decode %ecx), even with non-serialising writes (which = all FRED hardware should have). However, use of FSGSBASE often comes with SWAP= GS and that can't be used under FRED. --- xen/arch/x86/domain.c | 22 +++++++++++++++++----- xen/arch/x86/pv/domain.c | 22 ++++++++++++++++++++-- xen/arch/x86/pv/misc-hypercalls.c | 16 ++++++++++------ 3 files changed, 47 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 8089ff929bf7..64922869a625 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1819,9 +1819,10 @@ static void load_segments(struct vcpu *n) =20 /* * Figure out which way around gsb/gss want to be. gsb needs to be - * the active context, and gss needs to be the inactive context. + * the active context, and gss needs to be the inactive context, + * unless we're in FRED mode where they're reversed. */ - if ( !(n->arch.flags & TF_kernel_mode) ) + if ( !(n->arch.flags & TF_kernel_mode) ^ opt_fred ) SWAP(gsb, gss); =20 if ( using_svm() && (n->arch.pv.fs | n->arch.pv.gs) <=3D 3 ) @@ -1842,7 +1843,9 @@ static void load_segments(struct vcpu *n) =20 if ( !fs_gs_done && !compat ) { - if ( read_cr4() & X86_CR4_FSGSBASE ) + unsigned long cr4 =3D read_cr4(); + + if ( !(cr4 & X86_CR4_FRED) && (cr4 & X86_CR4_FSGSBASE) ) { __wrgsbase(gss); __wrfsbase(n->arch.pv.fs_base); @@ -1959,6 +1962,9 @@ static void load_segments(struct vcpu *n) * Guests however cannot use SWAPGS, so there is no mechanism to modify the * inactive GS base behind Xen's back. Therefore, Xen's copy of the inact= ive * GS base is still accurate, and doesn't need reading back from hardware. + * + * Under FRED, hardware automatically swaps GS for us, so GS_KERN is the + * active GS from the guest's point of view. */ static void save_segments(struct vcpu *v) { @@ -1974,12 +1980,18 @@ static void save_segments(struct vcpu *v) if ( read_cr4() & X86_CR4_FSGSBASE ) { fs_base =3D __rdfsbase(); - gs_base =3D __rdgsbase(); + if ( opt_fred ) + gs_base =3D rdmsr(MSR_SHADOW_GS_BASE); + else + gs_base =3D __rdgsbase(); } else { fs_base =3D rdmsr(MSR_FS_BASE); - gs_base =3D rdmsr(MSR_GS_BASE); + if ( opt_fred ) + gs_base =3D rdmsr(MSR_SHADOW_GS_BASE); + else + gs_base =3D rdmsr(MSR_GS_BASE); } =20 v->arch.pv.fs_base =3D fs_base; diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c index 9c4785c187dd..5a7b69da5000 100644 --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -14,9 +14,10 @@ #include #include #include -#include #include #include +#include +#include =20 #ifdef CONFIG_PV32 int8_t __read_mostly opt_pv32 =3D -1; @@ -480,11 +481,28 @@ void toggle_guest_mode(struct vcpu *v) * subsequent context switch won't bother re-reading it. */ gs_base =3D read_gs_base(); + + /* + * In FRED mode, not only are the two GSes the other way around (i.e. = we + * want to read GS_KERN here), the SWAPGS instruction is disallowed so= we + * have to emulate it. + */ + if ( opt_fred ) + { + unsigned long gs_kern =3D rdmsr(MSR_SHADOW_GS_BASE); + + wrmsrns(MSR_SHADOW_GS_BASE, gs_base); + write_gs_base(gs_kern); + + gs_base =3D gs_kern; + } + else + asm volatile ( "swapgs" ); + if ( v->arch.flags & TF_kernel_mode ) v->arch.pv.gs_base_kernel =3D gs_base; else v->arch.pv.gs_base_user =3D gs_base; - asm volatile ( "swapgs" ); =20 _toggle_guest_pt(v); =20 diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hyper= calls.c index 4c2abeb4add8..2c9cf50638db 100644 --- a/xen/arch/x86/pv/misc-hypercalls.c +++ b/xen/arch/x86/pv/misc-hypercalls.c @@ -11,6 +11,7 @@ =20 #include #include +#include =20 long do_set_debugreg(int reg, unsigned long value) { @@ -192,11 +193,12 @@ long do_set_segment_base(unsigned int which, unsigned= long base) =20 case SEGBASE_GS_USER: v->arch.pv.gs_base_user =3D base; - write_gs_shadow(base); - break; - + fallthrough; case SEGBASE_GS_KERNEL: - write_gs_base(base); + if ( (which =3D=3D SEGBASE_GS_KERNEL) ^ opt_fred ) + write_gs_base(base); + else + write_gs_shadow(base); break; } break; @@ -209,7 +211,8 @@ long do_set_segment_base(unsigned int which, unsigned l= ong base) * We wish to update the user %gs from the GDT/LDT. Currently, the * guest kernel's GS_BASE is in context. */ - asm volatile ( "swapgs" ); + if ( !opt_fred ) + asm volatile ( "swapgs" ); =20 if ( sel > 3 ) /* Fix up RPL for non-NUL selectors. */ @@ -247,7 +250,8 @@ long do_set_segment_base(unsigned int which, unsigned l= ong base) /* Update the cache of the inactive base, as read from the GDT/LDT= . */ v->arch.pv.gs_base_user =3D read_gs_base(); =20 - asm volatile ( safe_swapgs ); + if ( !opt_fred ) + asm volatile ( safe_swapgs ); break; } =20 --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393878; cv=none; d=zohomail.com; s=zohoarc; b=bhW6eYgZtH3SqZsfQtVyfKUM+uOLgmDIlrx0S1mSZ4J/oZbD4/C/uOa5uc4v3OU+aGJMBnMCzp5zb++unpjr8cG2pVq6r/OrIBCicX3QHsweN8SkDn5wbzPEy18P5oDsY8Q7Vmx2vfBrdUBVObJd/BmcjJxU8fGgCsW8yw8cOG4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393878; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=LcUNjSmRE8zrBdNfJ83+ye8WTIwfGJ+o51CvT8zs2YM=; b=BI/8KGqzXCBfzobmekY5Bkro/XJ4zMKsglhCGasOdAO/XERfkWBT7n8AjBtww1gKLqQLiudBW0kMDF83wBoIjVF1vZ7M8ExBudcFYzalfEXhfPkpkL998RxUr0kgo/aKB9sLsUwfTDNY060NzFZoKl9uQf/2ZjarNg20RmSy6Ag= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393878824143.64287401071306; Thu, 28 Aug 2025 08:11:18 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099156.1453081 (Exim 4.92) (envelope-from ) id 1ureHH-00070f-GT; Thu, 28 Aug 2025 15:11:03 +0000 Received: by outflank-mailman (output) from mailman id 1099156.1453081; Thu, 28 Aug 2025 15:11:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHH-0006zr-5i; Thu, 28 Aug 2025 15:11:03 +0000 Received: by outflank-mailman (input) for mailman id 1099156; Thu, 28 Aug 2025 15:11:02 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCm-0003MD-Qb for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:24 +0000 Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [2a00:1450:4864:20::332]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 904c730d-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:06:24 +0200 (CEST) Received: by mail-wm1-x332.google.com with SMTP id 5b1f17b1804b1-45a1b065d59so7219705e9.1 for ; Thu, 28 Aug 2025 08:06:24 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:22 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 904c730d-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393583; x=1756998383; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LcUNjSmRE8zrBdNfJ83+ye8WTIwfGJ+o51CvT8zs2YM=; b=A0TiPBD7EUGGlJ2Mgeg5s3yiAOeVJEF+0T6AT44NO++MWOYOQIYWLX7mqvF7qg9SMB G0x9AmbKlkP4jU5Vnac45fmxP7k3MuVuI27k1rPvh+LgAx/2kXdvR6N6blHueXnITDeU kU/+Lx88es9TBBX61x0j9919kNM64FyUF9rUM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393583; x=1756998383; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LcUNjSmRE8zrBdNfJ83+ye8WTIwfGJ+o51CvT8zs2YM=; b=ffBU7BMDyQ1pIW40h7t9mOWMBJueyNWL9fKZBrAhPvlxY+ZYbU2byUAgrHmC1y8Fgy WZ23yzV8aIST0UQ0+Ix4HX+5IK/vnnGUAOFIYtt7NFJwl+8Bv0kYpxQUCOR9RarKsXGf +K2reFp4M4V8xlHjo0kd1WdPI9dvsmL6Ss1kxRe+BerGY96E6r9sNHf3FSbX7M3AhxI6 nNOmp/8Ph+h/r+7Tr7cnNyhWjKLqMuX13qdcDxySiqFiqDBreq0/faCG6wI843VJVmSP 5hmuagDsCm2Dhn6O8RuhC+cbZU/aG7aHM2XBsPH4kwN30DrMBq1LCxEwC+/A6uCJe2ae JXRA== X-Gm-Message-State: AOJu0YxSM++k+Il5EkItIVfFFZCVi2yR95LwBEWkghrUiMKpWjNw051d tTAMgBuislPMx0RwHDIp/VRQENBnlCOTejfkbPOCXj9K/e9SBbrscMDFPlUxW9qEjH32khDf1Df XbBiX X-Gm-Gg: ASbGnctmj+yCPRqllr0Aj3eTsRom2G0J+ey2EmbucXX60qHldcJcQxwgEssmAc+BQ3R AdOaqmQRNCCZafUMvpO0MlKM1In68leufN8qV2zYLJI3lS8gNI/LCv98x9NelJznWjXL+5NT6QX /0v2Q/T6Stq7tLhtPziNLYXFV9sq9LRr3qghGpiFiPS5ET7ULHzJsy5tSu73AtyJoCiB7suD/re 1NLjBrWyrcoH+Nn9LHGwsfUAwzAWGmvx5i/0bAKgfHuo4C8078cqnzX7lpCCZ3R0s3Uu8GgS6P8 SJVTBIKLRqBkSsKv+MVFvgf8+5D/Ac6m7wltYqDFHeJYIdJp8X/aeDHLULkciDsSAf0RWHqaxzd WGn6ZTccdPG2Qytp9WiEKAa7XBhBymkvp+WZGIZ4QSO7ZzuOvZFsoIqK67Nj/SVuT1/RVAL49dM HO X-Google-Smtp-Source: AGHT+IGQffCxU2zMYu+MQa1R3h5Bc5ZyjQroxmWWfsryOtQ1GbfkVA7yfgV6Ah9VyQdpRWl6Ga3HZA== X-Received: by 2002:a05:600c:1caa:b0:458:bbed:a806 with SMTP id 5b1f17b1804b1-45b6503919emr85513525e9.22.1756393583190; Thu, 28 Aug 2025 08:06:23 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 20/23] x86/pv: Exception handling in FRED mode Date: Thu, 28 Aug 2025 16:04:06 +0100 Message-Id: <20250828150409.901315-21-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393880383116600 Under FRED, entry_from_pv() handles everything. To start with, implement exception handling in the same manner as entry_from_xen(), although we can unconditionally enable interrupts after the async/fatal events. After entry_from_pv() returns, test_all_events() needs to run to perform exception and interrupt injection. Split entry_FRED_R3() into two and introduce eretu_exit_to_guest() as the latter half, coming unilaterally from restore_all_guest(). For all of this, there is a slightly complicated relationship with CONFIG_P= V. entry_FRED_R3() must exist irrespective of CONFIG_PV, because it's the entrypoint registered with hardware. For simplicity, entry_from_pv() is always called, but it collapses into fatal_trap() in the !PV case. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/traps.c | 76 +++++++++++++++++++++++++++++++- xen/arch/x86/x86_64/entry-fred.S | 13 +++++- xen/arch/x86/x86_64/entry.S | 4 +- 3 files changed, 90 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 67763bec0dc5..72df446a6a78 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -2265,9 +2265,83 @@ void asmlinkage check_ist_exit(const struct cpu_user= _regs *regs, bool ist_exit) =20 void asmlinkage entry_from_pv(struct cpu_user_regs *regs) { + struct fred_info *fi =3D cpu_regs_fred_info(regs); + uint8_t type =3D regs->fred_ss.type; + uint8_t vec =3D regs->fred_ss.vector; + /* Copy fred_ss.vector into entry_vector as IDT delivery would have do= ne. */ - regs->entry_vector =3D regs->fred_ss.vector; + regs->entry_vector =3D vec; + + if ( !IS_ENABLED(CONFIG_PV) ) + goto fatal; + + /* + * First, handle the asynchronous or fatal events. These are either + * unrelated to the interrupted context, or may not have valid context + * recorded, and all have special rules on how/whether to re-enable IR= Qs. + */ + switch ( type ) + { + case X86_ET_EXT_INTR: + return do_IRQ(regs); =20 + case X86_ET_NMI: + return do_nmi(regs); + + case X86_ET_HW_EXC: + switch ( vec ) + { + case X86_EXC_DF: return do_double_fault(regs); + case X86_EXC_MC: return do_machine_check(regs); + } + break; + } + + /* + * With the asynchronous events handled, what remains are the synchron= ous + * ones. Guest context always had interrupts enabled. + */ + local_irq_enable(); + + switch ( type ) + { + case X86_ET_HW_EXC: + case X86_ET_PRIV_SW_EXC: + case X86_ET_SW_EXC: + switch ( vec ) + { + case X86_EXC_PF: handle_PF(regs, fi->edata); break; + case X86_EXC_GP: do_general_protection(regs); break; + case X86_EXC_UD: do_invalid_op(regs); break; + case X86_EXC_NM: do_device_not_available(regs); break; + case X86_EXC_BP: do_int3(regs); break; + case X86_EXC_DB: handle_DB(regs, fi->edata); break; + + case X86_EXC_DE: + case X86_EXC_OF: + case X86_EXC_BR: + case X86_EXC_NP: + case X86_EXC_SS: + case X86_EXC_MF: + case X86_EXC_AC: + case X86_EXC_XM: + do_trap(regs); + break; + + case X86_EXC_CP: do_entry_CP(regs); break; + + default: + goto fatal; + } + break; + + default: + goto fatal; + } + + return; + + fatal: fatal_trap(regs, false); } =20 diff --git a/xen/arch/x86/x86_64/entry-fred.S b/xen/arch/x86/x86_64/entry-f= red.S index 3c3320df22cb..07684f38a078 100644 --- a/xen/arch/x86/x86_64/entry-fred.S +++ b/xen/arch/x86/x86_64/entry-fred.S @@ -15,9 +15,20 @@ FUNC(entry_FRED_R3, 4096) mov %rsp, %rdi call entry_from_pv =20 +#ifndef CONFIG_PV + BUG /* Not Reached */ +#else + GET_STACK_END(14) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx + + jmp test_all_events +#endif +END(entry_FRED_R3) + +FUNC(eretu_exit_to_guest) POP_GPRS eretu -END(entry_FRED_R3) +END(eretu_exit_to_guest) =20 /* The Ring0 entrypoint is at Ring3 + 0x100. */ .org entry_FRED_R3 + 0x100, 0xcc diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index ca446c6ff0ce..0692163faa44 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -63,7 +63,7 @@ UNLIKELY_END(syscall_no_callback) /* Conditionally clear DF */ and %esi, UREGS_eflags(%rsp) /* %rbx: struct vcpu */ -test_all_events: +LABEL(test_all_events, 0) ASSERT_NOT_IN_ATOMIC cli # tests must not race interrupts /*test_softirqs:*/ @@ -152,6 +152,8 @@ END(switch_to_kernel) FUNC_LOCAL(restore_all_guest) ASSERT_INTERRUPTS_DISABLED =20 + ALTERNATIVE "", "jmp eretu_exit_to_guest", X86_FEATURE_XEN_FRED + /* Stash guest SPEC_CTRL value while we can read struct vcpu. */ mov VCPU_arch_msrs(%rbx), %rdx mov VCPUMSR_spec_ctrl_raw(%rdx), %r15d --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393907; cv=none; d=zohomail.com; s=zohoarc; b=ZWXo10T5+KDgXLlK5ZpNlSM0uNvl9f/hwJokUdvlUbP63MdZgXXZKVhyr7rJg8IAMT/7FDKzoyXlqBiQKJImHgGsAoYJdxU4Yw7ZLcV/Wmc1IQXvDumDdz1wzHXjnbJpc6S4+Byt1nxEl1GXQbgzrzOmSOUEOk7IQlQqSHim3lY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393907; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=b9VifVPyRYNO8P2YadoE86GWM+l9cyVgWHH3NXrObOM=; b=Slrzd8FUrhy8J9I0xw4hCXATigSxBUoy9lZiOKGTFQtTRVrV/Jbf+XWnZlZHPduyhLUlvMm0NKYC3Bet1M3qgVvWZbQ0LVceE6QhxmnI4zGeqZgTaslkrDtUHWsvUEKmmmFaDhoNt8qO1YmJGCaUOrzc5MQ2B76San7ABmzK7+4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393907207416.60793134342543; Thu, 28 Aug 2025 08:11:47 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099195.1453175 (Exim 4.92) (envelope-from ) id 1ureHf-0002Z6-Ac; Thu, 28 Aug 2025 15:11:27 +0000 Received: by outflank-mailman (output) from mailman id 1099195.1453175; Thu, 28 Aug 2025 15:11:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHf-0002XG-2H; Thu, 28 Aug 2025 15:11:27 +0000 Received: by outflank-mailman (input) for mailman id 1099195; Thu, 28 Aug 2025 15:11:25 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCn-0003MD-Ee for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:25 +0000 Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [2a00:1450:4864:20::332]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 90b17f2f-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:06:25 +0200 (CEST) Received: by mail-wm1-x332.google.com with SMTP id 5b1f17b1804b1-45b7d497ab9so3838295e9.0 for ; Thu, 28 Aug 2025 08:06:25 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:23 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 90b17f2f-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393584; x=1756998384; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=b9VifVPyRYNO8P2YadoE86GWM+l9cyVgWHH3NXrObOM=; b=SHeYSmSKmPgVrzBzLTPjUGPRZqRznzDjsolGLM72xFs07LKTztj7gaRW/hEMlMWnB+ XATKnaKtJ45M8zXAOJoD5f9fPU11w9ibQyfTLqYlTV3qJ6UsVigsEqwTjIPSPv3JiOzZ mPCsLo493DJJ9fzODYmDU5HeeaRbOtvVwpGok= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393584; x=1756998384; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=b9VifVPyRYNO8P2YadoE86GWM+l9cyVgWHH3NXrObOM=; b=nMVgf8qu1T1pWEB7chfF2sM5F6vRqJ3zMWTacG1xOmp32ZV56Lq5RUk2TAdzRqHKh9 dYUSnKV+NpYl/fflrtCSdaRhKd870vNCl0xndnJ4jnvRzR2+qxgI0OPzgAmpp8XdDqqS wQKTCOAIxzCxdcSFyBomfpySqHWaSNJjxLN2/DT5dDErpOWD1ZMEuuATsIKk9epGDtdA XbmOf7xa1d48Uj2Lw3a8QN0GVdJzszWY3M7fDIhXwRUKnp8c+9RFUi/xYbEfK0294WC+ bfToxkWBkC+/Y3uBuDAFVE0Izk6NpR/50zpMsEs1u/7aCdVpRhcbZ9NqvYElQmfF2zNd lCyQ== X-Gm-Message-State: AOJu0YwnDGoQ3lFtvhBXjavWutnCQT7lVYiolPyaXTJvr3K81QU5rzjG iY9VlE7lITwHT1zQGANuC/Wb40AfpB5+A0jtgMcHaeGKaihXfxZfO3dyPJ10AjfH6STDXWrfgUY yCgPC X-Gm-Gg: ASbGnctQxv/HdmFvxmbNCm6LTug3f1RcYv6u18JoZl2yUkv00e3KtMxtGD/jCIsT7ju vGE599Qc2/b8qP+rjRCSwTLpc0ZBGJ+2fmYD7AOh2HAypyWboZ8F30v3COznlElNu49r2a3mfJ3 MpMdZTEojDSYeVtef3LJQCR/W61GZfA98l/3EVYiFZC2Qqs6UpcxyJ4V4l8pnNNx/XGutESStW+ sTlW6vs7mbGHWydYBFFaNaFdiN/W6MR8ZeCxFdQxrea4/S9j5raGDppjYr044OESNoj717aK+VA utI5ACZDNs6JFVHziEi6jgerICzqbZZhFIHz1UKU2W7NnxQT0sRJD+8NsHfXHlp2XutfZYjwjqQ jGvJLF0ziXxmoVpU0j0tdD4eYNSMDPM+CSMFBvKGq3/gmAzCr5ksJpRsLxry+NdkYOwD/uS0xy4 RMGFZMGrpuDzU= X-Google-Smtp-Source: AGHT+IGNDVxoec5ifGp7ItTPWwPLlGe9Bl9ZKPx+k7h/X2UHoruYrK5FmiyPA21+6coxA0yX15wV1w== X-Received: by 2002:a05:600c:1c92:b0:458:bfe1:4a81 with SMTP id 5b1f17b1804b1-45b6193c94dmr140920095e9.17.1756393584033; Thu, 28 Aug 2025 08:06:24 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 21/23] x86/pv: ERETU error handling Date: Thu, 28 Aug 2025 16:04:07 +0100 Message-Id: <20250828150409.901315-22-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393909776116600 ERETU can fault for guest reasons, and like IRET needs special handling to forward the error into the guest. As this is largely written in C, take the opportunity to better classify the sources of error, and in particilar, not forward errors that are actually Xen's fault into the guest, opting for a domain crash instead. Because ERETU does not enable NMIs if it faults, a corner case exists if an NMI was taken while in guest context, and the ERETU back out faults. Recov= ery must involve an ERETS with the interrupted context's NMI flag. See the comments for full details. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/traps.c | 115 +++++++++++++++++++++++++++++++ xen/arch/x86/x86_64/entry-fred.S | 13 ++++ 2 files changed, 128 insertions(+) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 72df446a6a78..e10b4e771824 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -2345,6 +2345,113 @@ void asmlinkage entry_from_pv(struct cpu_user_regs = *regs) fatal_trap(regs, false); } =20 +void nocall eretu_error_dom_crash(void); + +/* + * Classify an event at the ERETU instruction, and handle if possible. + * Returns @true if handled, @false if the event should continue down the + * normal handlers. + */ +static bool handle_eretu_event(struct cpu_user_regs *regs) +{ + unsigned long recover; + + /* + * WARNING: The GPRs in gregs overlaps with regs. Only gregs->error_c= ode + * and later are legitimate to access. + */ + struct cpu_user_regs *gregs =3D + _p(regs->rsp - offsetof(struct cpu_user_regs, error_code)); + + /* + * The asynchronous or fatal events (INTR, NMI, #MC, #DF) have been de= alt + * with, meaning we only have syncrhonous ones to consider. Anything + * which isn't a hardware exception wants handling normally. + */ + if ( regs->fred_ss.type !=3D X86_ET_HW_EXC ) + return false; + + /* + * Guests are permitted to write non-present GDT/LDT entries. Therefo= re + * #NP[sel] (%cs) and #SS[sel] (%ss) must be handled as guest errors. = The + * only other source of #SS is for a bad %ss-relative memory access in + * Xen, and if the stack is that bad, we'll have escalated to #DF. + * + * #PF can happen from ERETU accessing the GDT/LDT. Xen may translate + * these into #GP for the guest, so must be handled as guest errors. = In + * theory we can get #PF for a bad instruction fetch or bad stack acce= ss, + * but either of these will be fatal and not end up here. + */ + switch ( regs->fred_ss.vector ) + { + case X86_EXC_GP: + /* + * #GP[0] can occur because of a NULL %cs or %ss (which are a guest + * error), but some #GP[0]'s are errors in Xen (ERETU at SL !=3D 0= ), or + * errors of Xen handling guest state (bad metadata). These magic + * numbers came from the FRED Spec; they check that ERETU is tryin= g to + * return to Ring 3, and that reserved or inapplicable bits are 0. + */ + if ( regs->error_code =3D=3D 0 && (gregs->cs & ~3) && (gregs->ss &= ~3) && + (regs->fred_cs.sl !=3D 0 || + (gregs->csx & 0xffffffffffff0003UL) !=3D 3 || + (gregs->rflags & 0xffffffffffc2b02aUL) !=3D 2 || + (gregs->ssx & 0xfff80003UL) !=3D 3) ) + { + recover =3D (unsigned long)eretu_error_dom_crash; + + if ( regs->fred_cs.sl ) + gprintk(XENLOG_ERR, "ERETU at SL %u\n", regs->fred_cs.sl); + else + gprintk(XENLOG_ERR, "Bad return state: csx %#lx, rflags %#= lx, ssx %#x\n", + gregs->csx, gregs->rflags, (unsigned int)gregs->ss= x); + break; + } + fallthrough; + case X86_EXC_NP: + case X86_EXC_SS: + case X86_EXC_PF: + recover =3D (unsigned long)entry_FRED_R3; + break; + + /* + * Handle everything else normally. #BP and #DB would be debugging + * activities in Xen. In theory we can get #UD if CR4.FRED gets + * cleared, but in practice if that were the case we wouldn't be h= ere + * handling the result. + */ + default: + return false; + } + + this_cpu(last_extable_addr) =3D regs->rip; + + /* + * Everything else is recoverable, one way or another. + * + * If an NMI was taken in guest context and the ERETU faulted, NMIs wi= ll + * still be blocked. Therefore we copy the interrupted frame's NMI st= atus + * into our own, and must ERETS as part of recovery. + */ + regs->fred_ss.nmi =3D gregs->fred_ss.nmi; + + /* + * Next, copy the exception information from the current frame back on= to + * the interrupted frame, preserving the interrupted frame's %cs and %= ss. + */ + *cpu_regs_fred_info(regs) =3D *cpu_regs_fred_info(gregs); + gregs->ssx =3D (regs->ssx & ~0xffff) | gregs->ss; + gregs->csx =3D (regs->csx & ~0xffff) | gregs->cs; + gregs->error_code =3D regs->error_code; + gregs->entry_vector =3D regs->entry_vector; + + fixup_exception_return(regs, recover, 0); + + return true; +} + +void nocall eretu(void); + void asmlinkage entry_from_xen(struct cpu_user_regs *regs) { struct fred_info *fi =3D cpu_regs_fred_info(regs); @@ -2383,6 +2490,14 @@ void asmlinkage entry_from_xen(struct cpu_user_regs = *regs) if ( regs->eflags & X86_EFLAGS_IF ) local_irq_enable(); =20 + /* + * An event taken at the ERETU instruction may be because of guest sta= te + * and in that case will need special handling. + */ + if ( unlikely(regs->rip =3D=3D (unsigned long)eretu) && + handle_eretu_event(regs) ) + return; + switch ( type ) { case X86_ET_HW_EXC: diff --git a/xen/arch/x86/x86_64/entry-fred.S b/xen/arch/x86/x86_64/entry-f= red.S index 07684f38a078..8b5cafb866e2 100644 --- a/xen/arch/x86/x86_64/entry-fred.S +++ b/xen/arch/x86/x86_64/entry-fred.S @@ -27,9 +27,22 @@ END(entry_FRED_R3) =20 FUNC(eretu_exit_to_guest) POP_GPRS + + /* + * Exceptions here are handled by redirecting either to + * entry_FRED_R3() (for an error to be passed to the guest), or to + * eretu_error_dom_crash() (for a Xen error handling guest state). + */ +LABEL(eretu, 0) eretu END(eretu_exit_to_guest) =20 +FUNC(eretu_error_dom_crash) + PUSH_AND_CLEAR_GPRS + sti + call asm_domain_crash_synchronous /* Does not return */ +END(eretu_error_dom_crash) + /* The Ring0 entrypoint is at Ring3 + 0x100. */ .org entry_FRED_R3 + 0x100, 0xcc =20 --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393869; cv=none; d=zohomail.com; s=zohoarc; b=e14r8zNC5VveXJulVeuyrWUXBosZQ2dpOeAlbgmnzDISS5Qu5blQwJANvsd/5GjxlNgS4WnV4imlCZ9+Qmya1gkFpeKkAk4qyYNjFnAsGZnYgKtwBE+VRF+q1CZochSP4JOYrZ08kOm9nbQqfPEmsZCgAVHH3BIXyY+NYBpfUfY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393869; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=c80DOGuq8CPTWDIJ0qD4mtXdtGhG3XkzJOyU46644UY=; b=C6l3xDiYaYsOtkojSwdIWBw3LSgSABZ/Mln/R6YZvlABB+kcNkktv4HPuVa+YQqjOL64oTNGusk/c+49KK22myY0X0IkMklCbR6KYrOww3e5RqDSl742P7teUT/sDARnr70ART9/QmQWedhvgrDgEOTKwQ9goOU+PUlod2x9X8E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393869445152.55445729035898; Thu, 28 Aug 2025 08:11:09 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099145.1453043 (Exim 4.92) (envelope-from ) id 1ureH1-0005sV-6r; Thu, 28 Aug 2025 15:10:47 +0000 Received: by outflank-mailman (output) from mailman id 1099145.1453043; Thu, 28 Aug 2025 15:10:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureH1-0005sO-46; Thu, 28 Aug 2025 15:10:47 +0000 Received: by outflank-mailman (input) for mailman id 1099145; Thu, 28 Aug 2025 15:10:45 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCq-00035A-M8 for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:28 +0000 Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [2a00:1450:4864:20::335]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 91cee1a5-8420-11f0-8dd7-1b34d833f44b; Thu, 28 Aug 2025 17:06:27 +0200 (CEST) Received: by mail-wm1-x335.google.com with SMTP id 5b1f17b1804b1-45b7d485173so3264665e9.0 for ; Thu, 28 Aug 2025 08:06:27 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:24 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 91cee1a5-8420-11f0-8dd7-1b34d833f44b DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393586; x=1756998386; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=c80DOGuq8CPTWDIJ0qD4mtXdtGhG3XkzJOyU46644UY=; b=BPEd304GUE1uVIQ23kc8xBUVMVc3v8OFxN7DQLBNojYtqw6PcNyZp32D/yHTgMzY2/ 5n5uBpW0SbH3fG4h78ylW7qNYoVCbhCQwAE8inV70MPMqobGdq6RwfSKboAEuQHybbY4 DHxeZPdNVqYrXdEG/Wtf+I1bN6vGNzAjgBcmk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393586; x=1756998386; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=c80DOGuq8CPTWDIJ0qD4mtXdtGhG3XkzJOyU46644UY=; b=mmc8L1aCvZC1t9R/jQH+3C9i8krByO8kIbO6DuBtEWsS77j4SilcgBDqF3KK3GMHFR FPHw6MsYPknqB/QRaQ5EK8b0ch0Pb/n33qJsy+onWtV+OqzvxHJ/is0DcOnsIObLejZR bS62HY2Sgy8eGyr9wdZZZ737qXA3taZju4W4WnzzP53/FfwSuYbmXoGSUJYp3pTsp/qW wus3dhKtT+P0YQ6fgvMO26oVyvA4c5+OOx97gzv1EO/t9GzsKPNI0ZDzNXnJWB0Ik/nF eNtmdgHUsJseY3pc0lQidkgAKDryJbKeaQD8qKMbC3TvJ/KJWU5RWSqoRYkxe1IX3Ilm NzyQ== X-Gm-Message-State: AOJu0Ywo/yfs/X2OvyWLK1+DhI7pVthA00dWSvoMYbC45NiDyHzSjtb9 y6LndrhLp4aMCNPQEIBDpE8zdrCww2ATtrqRalcWiyeZjgB9O+4sXsFlXyWUupaop/Eqr5XbYLo E0rfy X-Gm-Gg: ASbGncsCC9DTEjHVnSTpUMfUIaFhXKo7psd73efpN6zohQp5TutqaW2yeXFBNlw+hDc gQoN0fDb8ZXpg/nIqSQvJOFLvAZdPUuOOEHOWQO6Nhbf5DNl/AGwTkgyBskRhHG8oaYWzUgJoDc q8vuyU3uATxjfPKD3Hlz8no9/CjdrVzdONSAHdHRFg8uY+lk3XvTJeK+MRSUoJjvIyKeUdXv0sw IsoIAkx2P7S8a5NY7+72+b1qD+z1qtnA2qucOAlpoE2KnrNYQXChoS4KlJoKGjkkDUfZcV8L0E8 6dfMBPaOxXfyGht7wa7EITCxlz2PbVVdfsxRgkJD9r8WDAXspOpmbins8GWUFOpOkAOvyV49Hak ULxOs63d6La/0OtA+yWwMDmwVFt4frOMM3cw1OQcIOaSHDAtLo3RP34/JEMi0vVlomBSifI+9da 4gWITu/MHXLVw= X-Google-Smtp-Source: AGHT+IHUFasaK56jScMDuhEnUt52GbGlkRE4OxBQO+dhONEeL5IJ4iJgXFm4HUfslJuRdZOFX47vhg== X-Received: by 2002:a05:600c:1d1f:b0:45b:7ce0:fb8a with SMTP id 5b1f17b1804b1-45b7ce0fc25mr15400215e9.35.1756393585694; Thu, 28 Aug 2025 08:06:25 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 22/23] x86/pv: System call handling in FRED mode Date: Thu, 28 Aug 2025 16:04:08 +0100 Message-Id: <20250828150409.901315-23-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393871321116600 Under FRED, entry_from_pv() handles everything, even system calls. This me= ans more of our logic is written in C now, rather than assembly. In order to facilitate this, introduce pv_inject_callback(), which reuses struct trap_bounce infrastructure to inject the syscall/sysenter callbacks. This in turns requires some !PV compatibility for pv_inject_callback() and pv_hypercall() which can both be ASSERT_UNREACHABLE(). For each of INT $N, SYSCALL and SYSENTER, FRED gives us interrupted context which was previously lost. As the guest can't see FRED, Xen has to lose st= ate in the same way to maintain the prior behaviour. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/include/asm/domain.h | 5 ++ xen/arch/x86/include/asm/hypercall.h | 5 ++ xen/arch/x86/pv/traps.c | 33 +++++++++ xen/arch/x86/traps.c | 107 +++++++++++++++++++++++++++ 4 files changed, 150 insertions(+) diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/d= omain.h index 5df8c7825333..b374decccc9c 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -712,11 +712,16 @@ int arch_set_info_hvm_guest(struct vcpu *v, const str= uct vcpu_hvm_context *ctx); =20 #ifdef CONFIG_PV void pv_inject_event(const struct x86_event *event); +void pv_inject_callback(unsigned int type); #else static inline void pv_inject_event(const struct x86_event *event) { ASSERT_UNREACHABLE(); } +static inline void pv_inject_callback(unsigned int type) +{ + ASSERT_UNREACHABLE(); +} #endif =20 static inline void pv_inject_hw_exception(unsigned int vector, int errcode) diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/as= m/hypercall.h index f6e9e2313b3c..1010332a47e9 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -20,6 +20,11 @@ =20 #ifdef CONFIG_PV void pv_hypercall(struct cpu_user_regs *regs); +#else +static inline void pv_hypercall(struct cpu_user_regs *regs) +{ + ASSERT_UNREACHABLE(); +} #endif =20 void pv_ring1_init_hypercall_page(void *ptr); diff --git a/xen/arch/x86/pv/traps.c b/xen/arch/x86/pv/traps.c index c3c0976c440f..e7314d8703d9 100644 --- a/xen/arch/x86/pv/traps.c +++ b/xen/arch/x86/pv/traps.c @@ -19,6 +19,8 @@ #include #include =20 +#include + void pv_inject_event(const struct x86_event *event) { struct vcpu *curr =3D current; @@ -95,6 +97,37 @@ void pv_inject_event(const struct x86_event *event) } } =20 +void pv_inject_callback(unsigned int type) +{ + struct vcpu *curr =3D current; + struct trap_bounce *tb =3D &curr->arch.pv.trap_bounce; + unsigned long rip =3D 0; + bool irq =3D false; + + ASSERT(is_pv_64bit_vcpu(curr)); + + switch ( type ) + { + case CALLBACKTYPE_syscall: + rip =3D curr->arch.pv.syscall_callback_eip; + irq =3D curr->arch.pv.vgc_flags & VGCF_syscall_disables_events; + break; + + case CALLBACKTYPE_syscall32: + rip =3D curr->arch.pv.syscall32_callback_eip; + irq =3D curr->arch.pv.syscall32_disables_events; + break; + + case CALLBACKTYPE_sysenter: + rip =3D curr->arch.pv.sysenter_callback_eip; + irq =3D curr->arch.pv.sysenter_disables_events; + break; + } + + tb->flags =3D TBF_EXCEPTION | (irq ? TBF_INTERRUPT : 0); + tb->eip =3D rip; +} + /* * Called from asm to set up the MCE trapbounce info. * Returns false no callback is set up, else true. diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index e10b4e771824..9211067cd688 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -52,6 +53,8 @@ #include #include =20 +#include + /* * opt_nmi: one of 'ignore', 'dom0', or 'fatal'. * fatal: Xen prints diagnostic message and then hangs. @@ -2266,6 +2269,7 @@ void asmlinkage check_ist_exit(const struct cpu_user_= regs *regs, bool ist_exit) void asmlinkage entry_from_pv(struct cpu_user_regs *regs) { struct fred_info *fi =3D cpu_regs_fred_info(regs); + struct vcpu *curr =3D current; uint8_t type =3D regs->fred_ss.type; uint8_t vec =3D regs->fred_ss.vector; =20 @@ -2305,6 +2309,27 @@ void asmlinkage entry_from_pv(struct cpu_user_regs *= regs) =20 switch ( type ) { + case X86_ET_SW_INT: + /* + * INT $3/4 are indistinguishable from INT3/INTO under IDT, and are + * permitted by Xen without the guest kernel having a choice. Let + * them fall through into X86_ET_HW_EXC, as #BP in particular needs + * handling by do_int3() in case an external debugger is attached. + */ + if ( vec !=3D X86_EXC_BP && vec !=3D X86_EXC_OF ) + { + const struct trap_info *ti =3D &curr->arch.pv.trap_ctxt[vec]; + + if ( permit_softint(TI_GET_DPL(ti), curr, regs) ) + pv_inject_sw_interrupt(vec); + else + { + regs->rip -=3D 2; + pv_inject_hw_exception(X86_EXC_GP, (vec << 3) | X86_XEC_ID= T); + } + break; + } + fallthrough; case X86_ET_HW_EXC: case X86_ET_PRIV_SW_EXC: case X86_ET_SW_EXC: @@ -2335,6 +2360,88 @@ void asmlinkage entry_from_pv(struct cpu_user_regs *= regs) } break; =20 + case X86_ET_OTHER: + switch ( regs->fred_ss.vector ) + { + case 1: /* SYSCALL */ + { + /* + * FRED delivery preserves the interrupted %cs/%ss, but previo= usly + * SYSCALL lost the interrupted selectors, and SYSRET forced t= he + * use of the ones in MSR_STAR. + * + * The guest isn't aware of FRED, so recreate the legacy + * behaviour, including the guess of instruction length for + * faults. + * + * The non-FRED SYSCALL path sets TRAP_syscall in entry_vector= to + * signal that SYSRET can be used, but this isn't relevant in = FRED + * mode. + * + * When setting the selectors, clear all upper metadata again = for + * backwards compatibility. In particular fred_ss.swint becom= es + * pend_DB on ERETx, and nothing else in the pv_hypercall() wo= uld + * clean up. + */ + bool l =3D regs->fred_ss.l; + + regs->ssx =3D l ? FLAT_KERNEL_SS : FLAT_USER_SS32; + regs->csx =3D l ? FLAT_KERNEL_CS64 : FLAT_USER_CS32; + + if ( guest_kernel_mode(curr, regs) ) + pv_hypercall(regs); + else if ( (l ? curr->arch.pv.syscall_callback_eip + : curr->arch.pv.syscall32_callback_eip) =3D=3D 0 ) + { + regs->rip -=3D 2; + pv_inject_hw_exception(X86_EXC_UD, X86_EVENT_NO_EC); + } + else + { + /* + * The PV ABI, given no virtual SYSCALL_MASK, hardcodes th= at + * DF is cleared. Other flags are handled in the same way= as + * interrupts and exceptions in create_bounce_frame(). + */ + regs->eflags &=3D ~X86_EFLAGS_DF; + pv_inject_callback(l ? CALLBACKTYPE_syscall + : CALLBACKTYPE_syscall32); + } + break; + } + + case 2: /* SYSENTER */ + /* + * FRED delivery preserves the interrupted state, but previous= ly + * SYSENTER discarded almost everything. + * + * The guest isn't aware of FRED, so recreate the legacy + * behaviour, including the guess of instruction length for + * faults. + * + * When setting the selectors, clear all upper metadata. In + * particular fred_ss.swint becomes pend_DB on ERETx. + */ + regs->ssx =3D FLAT_USER_SS; + regs->rsp =3D 0; + regs->eflags &=3D ~(X86_EFLAGS_VM | X86_EFLAGS_IF); + regs->csx =3D 3; + regs->rip =3D 0; + + if ( !curr->arch.pv.sysenter_callback_eip ) + { + regs->rip -=3D 2; + pv_inject_hw_exception(X86_EXC_GP, 0); + } + else + pv_inject_callback(CALLBACKTYPE_sysenter); + break; + + default: + goto fatal; + } + break; + default: goto fatal; } --=20 2.39.5 From nobody Thu Oct 30 22:54:58 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393875; cv=none; d=zohomail.com; s=zohoarc; b=QZiPOnR1cgTCBwvmXTjN8oHvBzx/Crk1lVnMZ+HeqLIY4ZJDN9hEQv1NyWR9/xFw2UROmBNuh7+f8hIz84MPCJSF+idnX4fYKbho6wtGiOoTaICNsAQi4LSq80Tx8I3Qad+s0i22Jk/8HtMO7+8gwUY/mp58EPLT5svkfz67piQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393875; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=R5UHi3JKZZBSQAjqQRZMwCcvh6WCJ8lexuxviuRt49A=; b=ixAO0EOLO7EEkymaldu+/XYvJRKdoOs5g1ggdwW/+h5htAiEAHpnOyvI9FyvtpqH4PYHrSPs4IDfQ8uLbQwFHyUEqnQG3Ih7acM2QWXL206S5Cu5gPvq/o+/bTNY3SEzVtF9uOGiuCJOR+d44/w4APfoMDOV89RoTlP2t0fGtM4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393875898363.0230368560975; Thu, 28 Aug 2025 08:11:15 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099155.1453074 (Exim 4.92) (envelope-from ) id 1ureHH-0006x9-0v; Thu, 28 Aug 2025 15:11:03 +0000 Received: by outflank-mailman (output) from mailman id 1099155.1453074; Thu, 28 Aug 2025 15:11:02 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureHG-0006x0-Tz; Thu, 28 Aug 2025 15:11:02 +0000 Received: by outflank-mailman (input) for mailman id 1099155; Thu, 28 Aug 2025 15:11:02 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureCq-0003MD-0q for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:06:28 +0000 Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [2a00:1450:4864:20::332]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 9239f747-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:06:27 +0200 (CEST) Received: by mail-wm1-x332.google.com with SMTP id 5b1f17b1804b1-45b618b7d33so8990915e9.1 for ; Thu, 28 Aug 2025 08:06:27 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.06.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:06:26 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9239f747-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393587; x=1756998387; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=R5UHi3JKZZBSQAjqQRZMwCcvh6WCJ8lexuxviuRt49A=; b=vZkCzojuoL6rd7ozEovLvwhzM9jV5jezsIHKzopIEEE7PJTA+Iqu43V08Gj+JkRUIk Z2YDpccObe94mP3ccBCcWoFQoAedpyQr0YD3RZ53TyWIAxE+73Azj7oOdVE+dJRZiYpU fGQl+m1991DbXjw1WTnFNrBjkmppVKU/mkekk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393587; x=1756998387; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R5UHi3JKZZBSQAjqQRZMwCcvh6WCJ8lexuxviuRt49A=; b=F+zQ5HaF3toE4Ik3eVTFNO676S+t9R9HY+AAaAMMCYYDZh6FkIP+tjLx4yGm6/oGRS 6XAkiIXm8sBZOooo56X0wqg0/Hio8dTAq1SJhJGbhcIqnnlbfK/vmFci73teApPsikgY RmKuZeRzDZiA7xx0HWQB/cDMwcJKWRlNtfbx/JjAizGBv11YEnoaqzqKaZH9WKhWyW/y dO+KrkTFcJCNcmJiuZ0jBlny/gbx91OIC7iOmQeRW5xEszIK8qTjcsdIb2sAH67UbaBB +eC+pxeOoMYmai7lQXMWub2GwxYDcmDzMZ9dnyLoy3LprAlP2hRgeEZSIODiJEnJfkEh Eyhg== X-Gm-Message-State: AOJu0Yxyl5akXLvmuCBFmDjWibPpJ6i43moU205SYPfyWZMVl9A8k5Es zRCXGs1Hifi4bGPMOZqybXnSt7oPLmHrF0JmE4VZsvbaM6KB+ZJtDWLCn0n7Vg6JZCPVnVRsZyp IReWD X-Gm-Gg: ASbGncsadCPPmfm/VGH3Ry9o7rJCov6DgGOVbeiAcSUrkYP6l+sCHowceSbKtX+adx7 7JtwqUd+vJdh2BoyJP+9HA96c17ECePZjCgVxiAtSKKnLShYdTbBovL1UzQW4qMhzP071ZTu8ho QMXXOaHFKrB93WTEIXlbqVnuNa85ULyw8JvEmPyUwx/fKyjxgg21YpNgeYnqAjDsmlCnMgiWbbP LVIZeHexGQFT/VL6UweYcCHdIDhVq/qJ38LV77X4NbCgtcwHpof+DPITYFEpDB87hytbj3h/+k9 OWdPIluN0GpcfPhAZlglk2Vn91+4UrdPK3Nvtl6wisEaMZx91MJXm8mGDEHn41n94QYaOlRlutm VlnOJs8RIwBIyq/3iRcj0yd4LYOyKpFaAHeWkIP3RJbzw+rDuv5BTDkcfwfYQdoz+BLzENQPlJx H9All+tGjl7WrI1zaaO/hOrg== X-Google-Smtp-Source: AGHT+IFGoJ2SLBkL/auKF9GRrFDbj7sPaf7iO5HhIpsN8Hs1nYMPp9x3mhpXNFRUZ+kyFnEcjie0cA== X-Received: by 2002:a05:600c:314a:b0:45b:7aae:7a92 with SMTP id 5b1f17b1804b1-45b7aae7dcemr20439225e9.21.1756393586589; Thu, 28 Aug 2025 08:06:26 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 23/23] x86/pv: Adjust eflags handling for FRED mode Date: Thu, 28 Aug 2025 16:04:09 +0100 Message-Id: <20250828150409.901315-24-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393877865124100 ERETU, unlike IRET, requires the sticky-1 bit (bit 2) be set, and reserved bits to be clear. Notably this means that dom0_construct() must set X86_EFLAGS_MBS it in order for a PV dom0 to start. Adjust arch_set_info_guest*() and hypercall_iret() which consume flags to clamp the reserved bits. This is a minor ABI change, but by the same argument as commit 9f892f84c279 ("x86/domctl: Stop using XLAT_cpu_user_regs()"), this change w= ill happen naturally when the vCPU schedules. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New The handling of VM is complicated. It turns out that it's simply ignored by IRET in Long Mode (i.e. clearing it commit 0e47f92b0725 ("x86: force EFLAGS.IF on when exiting to PV guests") wasn't actually necessary) but ERETU does care. But, it's unclear how to handle this in in arch_set_info(). We must preser= ve it for HVM guests (whih can use vm86 mode). PV32 has special handling but only in hypercall_iret(), not in arch_set_info(). --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/hvm/domain.c | 4 ++-- xen/arch/x86/include/asm/x86-defns.h | 7 +++++++ xen/arch/x86/pv/dom0_build.c | 2 +- xen/arch/x86/pv/iret.c | 8 +++++--- 5 files changed, 17 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 64922869a625..c1880324f7a9 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1273,7 +1273,7 @@ int arch_set_info_guest( v->arch.user_regs.rax =3D c.nat->user_regs.rax; v->arch.user_regs.rip =3D c.nat->user_regs.rip; v->arch.user_regs.cs =3D c.nat->user_regs.cs; - v->arch.user_regs.rflags =3D c.nat->user_regs.rflags; + v->arch.user_regs.rflags =3D (c.nat->user_regs.rflags &= X86_EFLAGS_ALL) | X86_EFLAGS_MBS; v->arch.user_regs.rsp =3D c.nat->user_regs.rsp; v->arch.user_regs.ss =3D c.nat->user_regs.ss; v->arch.pv.es =3D c.nat->user_regs.es; @@ -1297,7 +1297,7 @@ int arch_set_info_guest( v->arch.user_regs.eax =3D c.cmp->user_regs.eax; v->arch.user_regs.eip =3D c.cmp->user_regs.eip; v->arch.user_regs.cs =3D c.cmp->user_regs.cs; - v->arch.user_regs.eflags =3D c.cmp->user_regs.eflags; + v->arch.user_regs.eflags =3D (c.cmp->user_regs.eflags &= X86_EFLAGS_ALL) | X86_EFLAGS_MBS; v->arch.user_regs.esp =3D c.cmp->user_regs.esp; v->arch.user_regs.ss =3D c.cmp->user_regs.ss; v->arch.pv.es =3D c.cmp->user_regs.es; diff --git a/xen/arch/x86/hvm/domain.c b/xen/arch/x86/hvm/domain.c index 048f29ae4911..1e874d598952 100644 --- a/xen/arch/x86/hvm/domain.c +++ b/xen/arch/x86/hvm/domain.c @@ -194,7 +194,7 @@ int arch_set_info_hvm_guest(struct vcpu *v, const struc= t vcpu_hvm_context *ctx) uregs->rsi =3D regs->esi; uregs->rdi =3D regs->edi; uregs->rip =3D regs->eip; - uregs->rflags =3D regs->eflags; + uregs->rflags =3D (regs->eflags & X86_EFLAGS_ALL) | X86_EFLAGS_MBS; =20 v->arch.hvm.guest_cr[0] =3D regs->cr0; v->arch.hvm.guest_cr[3] =3D regs->cr3; @@ -245,7 +245,7 @@ int arch_set_info_hvm_guest(struct vcpu *v, const struc= t vcpu_hvm_context *ctx) uregs->rsi =3D regs->rsi; uregs->rdi =3D regs->rdi; uregs->rip =3D regs->rip; - uregs->rflags =3D regs->rflags; + uregs->rflags =3D (regs->rflags & X86_EFLAGS_ALL) | X86_EFLAGS_MBS; =20 v->arch.hvm.guest_cr[0] =3D regs->cr0; v->arch.hvm.guest_cr[3] =3D regs->cr3; diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/as= m/x86-defns.h index 0a0ba83de786..edeb0b4ff95a 100644 --- a/xen/arch/x86/include/asm/x86-defns.h +++ b/xen/arch/x86/include/asm/x86-defns.h @@ -27,6 +27,13 @@ (X86_EFLAGS_CF | X86_EFLAGS_PF | X86_EFLAGS_AF | \ X86_EFLAGS_ZF | X86_EFLAGS_SF | X86_EFLAGS_OF) =20 +#define X86_EFLAGS_ALL \ + (X86_EFLAGS_ARITH_MASK | X86_EFLAGS_TF | X86_EFLAGS_IF | \ + X86_EFLAGS_DF | X86_EFLAGS_OF | X86_EFLAGS_IOPL | \ + X86_EFLAGS_NT | X86_EFLAGS_RF | X86_EFLAGS_VM | \ + X86_EFLAGS_AC | X86_EFLAGS_VIF | X86_EFLAGS_VIP | \ + X86_EFLAGS_ID) + /* * Intel CPU flags in CR0 */ diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 21158ce1812e..f9bbbea2ff70 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -1021,7 +1021,7 @@ static int __init dom0_construct(const struct boot_do= main *bd) regs->rip =3D parms.virt_entry; regs->rsp =3D vstack_end; regs->rsi =3D vstartinfo_start; - regs->eflags =3D X86_EFLAGS_IF; + regs->eflags =3D X86_EFLAGS_IF | X86_EFLAGS_MBS; =20 /* * We don't call arch_set_info_guest(), so some initialisation needs d= oing diff --git a/xen/arch/x86/pv/iret.c b/xen/arch/x86/pv/iret.c index d3a1fb2c685b..39ce316b8d91 100644 --- a/xen/arch/x86/pv/iret.c +++ b/xen/arch/x86/pv/iret.c @@ -80,8 +80,9 @@ long do_iret(void) =20 regs->rip =3D iret_saved.rip; regs->cs =3D iret_saved.cs | 3; /* force guest privilege */ - regs->rflags =3D ((iret_saved.rflags & ~(X86_EFLAGS_IOPL|X86_EFLAGS_VM= )) - | X86_EFLAGS_IF); + regs->rflags =3D ((iret_saved.rflags & X86_EFLAGS_ALL & + ~(X86_EFLAGS_IOPL | X86_EFLAGS_VM)) | + X86_EFLAGS_IF | X86_EFLAGS_MBS); regs->rsp =3D iret_saved.rsp; regs->ss =3D iret_saved.ss | 3; /* force guest privilege */ =20 @@ -143,7 +144,8 @@ int compat_iret(void) if ( VM_ASSIST(v->domain, architectural_iopl) ) v->arch.pv.iopl =3D eflags & X86_EFLAGS_IOPL; =20 - regs->eflags =3D (eflags & ~X86_EFLAGS_IOPL) | X86_EFLAGS_IF; + regs->eflags =3D ((eflags & X86_EFLAGS_ALL & ~X86_EFLAGS_IOPL) | + X86_EFLAGS_IF | X86_EFLAGS_MBS); =20 if ( unlikely(eflags & X86_EFLAGS_VM) ) { --=20 2.39.5