From nobody Fri Oct 31 03:42:53 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1756393525; cv=none; d=zohomail.com; s=zohoarc; b=ejk4yRuu1e3si9C4gvAmGduADEFh1O/gcMpzDdgvk4S2Fds78WhD/pzNy1N9QGRdirr2kVlbGNqI9p6ZutZm5dKFVjqbrlt4/pJJCyPjgcjqOwgdDLUqbTpWTHaSKiIXdN1T6NSGYSoMc7KXIcM6NuQ0WXFRRRDeZxmWoMv2JDg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756393525; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=+rSETqeO7pVr8yy1cJ/ZWYHDSUYISCFYWWC8z2uEGqY=; b=bY6JHnKZsmktXrh12HRCd9rVbbCgKgpNGnxQIPF2Z1dkFN56hfbjqARcCvowsFpkGunrDpf62kgw7/D/GJC0swkBDyWdX4czzTofuuPKM+/VgPWZ6BZIjQ9RBxbgcYhYySaM1tuenBm0IDWXa90y3IctA7YapXux2UdEh6oLDMc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1756393524989594.5200017279144; Thu, 28 Aug 2025 08:05:24 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1099113.1453034 (Exim 4.92) (envelope-from ) id 1ureBT-0003vn-KZ; Thu, 28 Aug 2025 15:05:03 +0000 Received: by outflank-mailman (output) from mailman id 1099113.1453034; Thu, 28 Aug 2025 15:05:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureBT-0003vg-Hs; Thu, 28 Aug 2025 15:05:03 +0000 Received: by outflank-mailman (input) for mailman id 1099113; Thu, 28 Aug 2025 15:05:02 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ureBS-0003MD-PK for xen-devel@lists.xenproject.org; Thu, 28 Aug 2025 15:05:02 +0000 Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [2a00:1450:4864:20::435]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 5f61a8a2-8420-11f0-8adc-4578a1afcccb; Thu, 28 Aug 2025 17:05:02 +0200 (CEST) Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-3ceb9c3d98cso214393f8f.0 for ; Thu, 28 Aug 2025 08:05:02 -0700 (PDT) Received: from localhost.localdomain (host-195-149-20-212.as13285.net. [195.149.20.212]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b6f0c6fe5sm78394535e9.5.2025.08.28.08.04.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 08:04:42 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5f61a8a2-8420-11f0-8adc-4578a1afcccb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1756393501; x=1756998301; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+rSETqeO7pVr8yy1cJ/ZWYHDSUYISCFYWWC8z2uEGqY=; b=s1y4p8s8gpwaraOGPhh6cfXANRwXp0lCvnM8lN2IeU6naGWhP/M9xN7yMpwkZ5L/ee 4cyGs5KDLDs3nUltJuQnu4KMwW/6xrJ3OKLNdsPt4OILFsN5qWq/28y23GO2pftfCDtQ oznHy0owz9r+jLqG/nwDjdx7RZgFEwDQpSNHc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756393501; x=1756998301; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+rSETqeO7pVr8yy1cJ/ZWYHDSUYISCFYWWC8z2uEGqY=; b=COekTV6Ruvt2jsAmu/eIfF7dK/lmIxDF3ojS2uPV+jALQgKwoFZOpkrU70OuSGvO/7 4Y1I2OdYj4+e8VBLtThTRvuNLOE7WbqGLTHH4xJFKWfE9GVXRqgfegUmgHDfo0F0TrqS IgTla8yMwGlrj05a/+mOSkIsGvB8T4ER3IYfxsEewVS+w+Z5KA02nD1aBJaoRTHtIwHX 2I3Fd6g5yCN30anPEVF83JW9X7v1wh5Pb4eYgZNT0T3pO56I5bYBcr7UDNJ+YVMD9Eef dXAYN147TjswOSKxratg+3CKVskOUcfiNve7cVQ5sb7mDNvegANnii07SxXRWPh7JcIl 8Xzg== X-Gm-Message-State: AOJu0YzzAUnsOh0nral3tQgvxfiFkDj00ya+2cxpB5ln98cEoAxrtn9R BaTfP+pW2xGt3y8PaCmVIFxSOs2pTVux18r/O2i3h2sDkeOmqjqnLZJnP1xDsRvmtktCXYhxxRh 2actg X-Gm-Gg: ASbGncuY5gM1KVLSA7y3nc0ciKOnVGlekz+D3krEBKK8wOZYw5k5FLdPk31S9iWLA1m rCX7yR2L7e6X0cZ1D6QGgzc3GsTK45Wco9mdeQF4tZ7j7/ObdsfZueW3pSJLms0pRO1jDP2BKzL abAS25JAGR4jXHg3I1xDs7H8mDcEh08sdWdjwaNMD1IlOIOHDtqdQmCXSWulHmm+16NZia6Rfhq 25viA8BUnRaYuGN5UObf/r6Rs0gh5AIs+kDn80pt7fJgasDfpgj/Gbg26zg6n+1GQqyce+5jGso EG5ir/PCTneCG/fnWVPkihz10LOPhdpYz/1kS/xTl1eJLjZWZNcIReuiQtz1xls03WqOQkGqejy hoNwBcQK1cmH13EVMr7Gxhd8w/s+mABDD58Fvy6YzRXTWQseeXhXmdTe1rSpgXg/QQUCaicGTzF uK X-Google-Smtp-Source: AGHT+IH/I0EVRtsS4rmnlkXBd0cW4yUXcVS7/meIAdWpnRmRiOw5O46mXL/RvZVuCXPD8xHKQbG5bg== X-Received: by 2002:a5d:5847:0:b0:3cb:3490:6b82 with SMTP id ffacd0b85a97d-3cb34906dc2mr8471495f8f.55.1756393501354; Thu, 28 Aug 2025 08:05:01 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2 02/23] x86/traps: Extend struct cpu_user_regs/cpu_info with FRED fields Date: Thu, 28 Aug 2025 16:03:48 +0100 Message-Id: <20250828150409.901315-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250828150409.901315-1-andrew.cooper3@citrix.com> References: <20250828150409.901315-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1756393526019116602 The FRED on-stack format is larger than the IDT format, but is by and large compatible. FRED reuses space above cs and ss for extra metadata, some of which is purely informational, and some of which causes additional effects = in ERET{U,S}. Follow Linux's choice of naming for fred_{c,s}s structures, to make it very clear at the point of use that it's dependent on FRED. There is also the event data field and reserved fields, but we cannot inclu= de these in struct cpu_user_regs without reintroducing OoB structure accesses = in the non-FRED case. See commit 6065a05adf15 ("x86/traps: 'Fix' safety of read_registers() in #DF path"). for more details. Instead, use a new struct fred_info and position it suitably in struct cpu_info. This boundary will be loaded into MSR_FRED_RSP_SL0, and must be 64-byte aligned. This does add 16 bytes back into struct cpu_info, undoing the saving we made by dropping the vm86 data segment selectors. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * .lm -> .l * Tweak comments --- xen/arch/x86/include/asm/cpu-user-regs.h | 71 ++++++++++++++++++++++-- xen/arch/x86/include/asm/current.h | 2 + xen/arch/x86/traps-setup.c | 5 ++ 3 files changed, 74 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/include/asm/cpu-user-regs.h b/xen/arch/x86/includ= e/asm/cpu-user-regs.h index 5b283a2f6d02..92aeca0aaa88 100644 --- a/xen/arch/x86/include/asm/cpu-user-regs.h +++ b/xen/arch/x86/include/asm/cpu-user-regs.h @@ -30,6 +30,10 @@ struct cpu_user_regs /* * During IDT delivery for exceptions with an error code, hardware pus= hes * to this point. Entry_vector is filled in by software. + * + * During FRED delivery, hardware always pushes to this point. Softwa= re + * copies fred_ss.vector into entry_vector so most interrupt/exception + * handling can be FRED-agnostic. */ =20 uint32_t error_code; @@ -42,18 +46,77 @@ struct cpu_user_regs */ =20 union { uint64_t rip; uint32_t eip; uint16_t ip; }; - uint16_t cs, _pad0[1]; - uint8_t saved_upcall_mask; /* PV (v)rflags.IF =3D=3D !saved_upcall_ma= sk */ - uint8_t _pad1[3]; + union { + struct { + uint16_t cs; + unsigned long :16; + uint8_t saved_upcall_mask; /* PV (v)rflags.IF =3D=3D !sa= ved_upcall_mask */ + }; + unsigned long csx; + struct { + /* + * Bits 0 to 31 control ERET{U,S} behaviour, and are state of = the + * interrupted context. + */ + uint16_t cs; + unsigned int sl:2; /* Stack Level */ + bool wfe:1; /* Wait-for-ENDBRANCH state */ + } fred_cs; + }; union { uint64_t rflags; uint32_t eflags; uint16_t flags; }; union { uint64_t rsp; uint32_t esp; uint16_t sp; uint8_t spl;= }; - uint16_t ss, _pad2[3]; + union { + uint16_t ss; + unsigned long ssx; + struct { + /* + * Bits 0 to 31 control ERET{U,S} behaviour, and are state abo= ut + * the event which occured. + */ + uint16_t ss; + bool sti:1; /* Was blocked-by-STI, and not cancel= led */ + bool swint:1; /* Was a SYSCALL/SYSENTER/INT $N. On= ERETx, pend_DB iff TF */ + bool nmi:1; /* Was an NMI. */ + unsigned long :13; + + /* + * Bits 32 to 63 are ignored by ERET{U,S} and are informative + * only. + */ + uint8_t vector; + unsigned long :8; + unsigned int type:4; /* X86_ET_* */ + unsigned long :4; + bool enclave:1; /* Event taken in SGX mode */ + bool l:1; /* Event taken in 64bit mode (old %cs= .l) */ + bool nested:1; /* Exception during event delivery (c= lear for #DF) */ + unsigned long :1; + unsigned int insnlen:4; /* .type >=3D SW_INT */ + } fred_ss; + }; =20 /* * For IDT delivery, tss->rsp0 points to this boundary as embedded wit= hin * struct cpu_info. It must be 16-byte aligned. */ }; +struct fred_info +{ + /* + * Event Data. For: + * #DB: PENDING_DBG (%dr6 with positive polarity) + * NMI: NMI-Source Bitmap (on capable hardware) + * #PF: %cr2 + * #NM: MSR_XFD_ERR (only XFD-induced #NMs) + */ + uint64_t edata; + uint64_t _rsvd; + + /* + * For FRED delivery, MSR_FRED_RSP_SL0 points to this boundary as embe= dded + * within struct cpu_info. It must be 64-byte aligned. + */ +}; =20 static inline uint64_t msr_fold(const struct cpu_user_regs *regs) { diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/= current.h index fd30422707d9..c1eb27b1c4c2 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -38,6 +38,8 @@ struct vcpu; =20 struct cpu_info { struct cpu_user_regs guest_cpu_user_regs; + struct fred_info _fred; /* Only used when FRED is active. */ + unsigned int processor_id; unsigned int verw_sel; struct vcpu *current_vcpu; diff --git a/xen/arch/x86/traps-setup.c b/xen/arch/x86/traps-setup.c index 25581acf1158..c89280270fbb 100644 --- a/xen/arch/x86/traps-setup.c +++ b/xen/arch/x86/traps-setup.c @@ -354,7 +354,12 @@ static void __init __maybe_unused build_assertions(voi= d) * * tss->rsp0, pointing at the end of cpu_info.guest_cpu_user_regs, mus= t be * 16-byte aligned. + * + * MSR_FRED_RSP_SL0, pointing to the end of cpu_info._fred must be 64-= byte + * aligned. */ BUILD_BUG_ON((sizeof(struct cpu_info) - endof_field(struct cpu_info, guest_cpu_user_regs)) & 15); + BUILD_BUG_ON((sizeof(struct cpu_info) - + endof_field(struct cpu_info, _fred)) & 63); } --=20 2.39.5