From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532075; cv=none; d=zohomail.com; s=zohoarc; b=ln3irgD2a5AsEKDEGeWk2sdv69mf+UD6xJBEW7lxqSJcgtjFUouWZvNnlXs5wk+bstxX+jBtEradjMxo6VOXea0wzDJ+aI0dTzggW73qiTHPBab9EnwDbmzRm7zWWm8GvJrVk55T2UKvLBZDVHX6B985cwo+532THt0a6yAAtWk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532075; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=q9IkV6zUdeS/YYDXe7UsUaMJS7ozm8pDAiAA2KT2ctg=; b=JY3J34RE5a0ABKAYGz1hqwKS1WKTH+oyRDYhnuDA3h+ndjBnx7xSB1QgY3OuoWPVg+18lUYjlBtVDgmAVVB+J6RkZTETxhxO4kUUjfX9gwfk6nft53kKkbXljmlcNbPCILltuDJeVNUEcob3k8X2efv5p0ZSM9W+IeoeCIkVg+s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532075676751.172738972504; Fri, 3 Oct 2025 15:54:35 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136888.1473311 (Exim 4.92) (envelope-from ) id 1v4oeo-000502-UN; Fri, 03 Oct 2025 22:53:46 +0000 Received: by outflank-mailman (output) from mailman id 1136888.1473311; Fri, 03 Oct 2025 22:53:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oeo-0004zv-QK; Fri, 03 Oct 2025 22:53:46 +0000 Received: by outflank-mailman (input) for mailman id 1136888; Fri, 03 Oct 2025 22:53:45 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oen-0004mK-AH for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:45 +0000 Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [2a00:1450:4864:20::333]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id cf518f02-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:53:42 +0200 (CEST) Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-46e48d6b95fso24614915e9.3 for ; Fri, 03 Oct 2025 15:53:42 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:40 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: cf518f02-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532022; x=1760136822; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=q9IkV6zUdeS/YYDXe7UsUaMJS7ozm8pDAiAA2KT2ctg=; b=lXhsvZNNmfbX5i+neCAdrpDnwNueFH4JnoaxLvDowwyP32XKQqc47tDS7zyGx602gO /SIGSnYLMzt5U6YRzde06tSb5liiJG0GL3+mn9ZjLUpHqlMmtMznJ3mB4jw3voyi9efY TEEM+x2XRDpKpxVHzJNZlmvc2s3HDQaZeawng= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532022; x=1760136822; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q9IkV6zUdeS/YYDXe7UsUaMJS7ozm8pDAiAA2KT2ctg=; b=Gpk6GPtlg/vo38udngHpdlydYXzd9IInQ/ra5NspdxyRaHO9S8uU9tbTJli66FwtkC 1dmOflIpDJIuERKU721M0z8byEgyILkIETwJshtEK2UeO2JBhQE3blf5QV69uE96lh0Y rCwvWrUpNqCkeIswV7w1h7O7B91fsxRMZe6fF9vGNi61HvbSG4MtGwm8SniUeu+8XS2p 29ocbNffGtelkVohQfN0E+qBCNJv01rzHOx1RceTFEqVwp78QPtm5HjCRj9y9TZ4gj4z TXR5BPUUUEss7ibwi71/LaeA/Mteb6OfNRrKuDgNTtn6s8SGxQrnZfoptoZRi6GC8Nww G5lw== X-Gm-Message-State: AOJu0Yzhiq0fHwXye2ms7d0SDBSYz42A8Dv/3+v2q/mGFUJySgKTKeO7 VZxs5k1O02FkBVM3+JlG1DNaq9RkP6ioUYUWxrlC5H1QeMpIUr4V7VrY6Vk0gYIrDpfNodcNI12 veI7XC30A8g== X-Gm-Gg: ASbGncu6fBRCg0kuoY4bfX1B0xSnfJivyJLC1XkHNo5sMwNHIu9DT6faPmDJxglhd4c boaNY5KhZoJ/4H0V9+F+sDrpe1Q0g6TynxxGQl+halFjD/3eiPeDtu8ah1xaIyoCJ8z6DFgqZrX kATwVbK6fT57GgRZqFgci3UKL6Q3jLAQ9VG9qVAuppvNzmERauxXaa/ezAjQehVIoLdZo07+VeY jqk/lyI8uoXbZIdmZOilAeo42jpcafMHrVXChwCBN62TIvrOw72OTdZW7xlDWsJ5U8l7XuUbgyJ P0rr6VZuR+tf7t8+g4Zp/qzkyGAZVEPAxeTysOfg7X6QufTls9LyDGMEXxBc6A25b2YW0DcRc9z oZ2wVbIvMzJUDOEM5dvxlezntP0GfoWaoDxPnWovpAl6Ar11YYpnMRwqdAzGMRgydOC55opZfHq aBCNdflVz8eI+0MKEdtX/6S/TUMwXin9I= X-Google-Smtp-Source: AGHT+IGNUioyJbDV54Z6QJq8DQKssSmiQ9BAfvBGy4hSiNGWPB+ZfGAMGE0u0YEaBLQj5MRqxzOecw== X-Received: by 2002:a05:6000:240b:b0:424:2280:5079 with SMTP id ffacd0b85a97d-4256714ba8emr3321110f8f.25.1759532021824; Fri, 03 Oct 2025 15:53:41 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 01/22] x86/msr: Change rdmsr() to have normal API Date: Fri, 3 Oct 2025 23:53:13 +0100 Message-Id: <20251003225334.2123667-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532076897116600 We want a consistent MSR API, and these want to be named rdmsr() and wrmsr(= ), but not with their current APIs. The current rdmsr() flavours writing to their parameters by name makes code that reads like invalid C, and is unergonomic to use in lots of cases. Change the API, and update the callers all in one go. Where appropriate, update the write side to wrmsrns() as per the recommendation. No functional change. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v3: * Fix m10Ah typos. * Don't truncate MSR_MCU_OPT_CTRL / MSR_PB_OPT_CTRL. * Swap u32 for uint32_t in _vmx_cpu_up(). * Switch to always_inline to reduce churn in later patch. --- xen/arch/x86/acpi/cpufreq/powernow.c | 12 ++++++----- xen/arch/x86/cpu/amd.c | 6 +++--- xen/arch/x86/cpu/common.c | 20 +++++++++++-------- xen/arch/x86/cpu/intel.c | 30 ++++++++++++++-------------- xen/arch/x86/genapic/x2apic.c | 5 +---- xen/arch/x86/hvm/vmx/vmcs.c | 30 +++++++++++++++++++++------- xen/arch/x86/include/asm/msr.h | 30 ++++++++++++++++++++++++---- xen/arch/x86/include/asm/prot-key.h | 6 +----- xen/arch/x86/tsx.c | 27 ++++++++++--------------- 9 files changed, 99 insertions(+), 67 deletions(-) diff --git a/xen/arch/x86/acpi/cpufreq/powernow.c b/xen/arch/x86/acpi/cpufr= eq/powernow.c index 12fca45b4551..71ac0b45261a 100644 --- a/xen/arch/x86/acpi/cpufreq/powernow.c +++ b/xen/arch/x86/acpi/cpufreq/powernow.c @@ -140,23 +140,25 @@ static int cf_check powernow_cpufreq_target( =20 static void amd_fixup_frequency(struct xen_processor_px *px) { - u32 hi, lo, fid, did; + uint64_t val; + uint32_t fid, did; int index =3D px->control & 0x00000007; const struct cpuinfo_x86 *c =3D ¤t_cpu_data; =20 if ((c->x86 !=3D 0x10 || c->x86_model >=3D 10) && c->x86 !=3D 0x11) return; =20 - rdmsr(MSR_PSTATE_DEF_BASE + index, lo, hi); + val =3D rdmsr(MSR_PSTATE_DEF_BASE + index); + /* * MSR C001_0064+: * Bit 63: PstateEn. Read-write. If set, the P-state is valid. */ - if (!(hi & (1U << 31))) + if (!(val & (1UL << 63))) return; =20 - fid =3D lo & 0x3f; - did =3D (lo >> 6) & 7; + fid =3D val & 0x3f; + did =3D (val >> 6) & 7; if (c->x86 =3D=3D 0x10) px->core_frequency =3D (100 * (fid + 16)) >> did; else diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 9767f6353973..43481daa8e26 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -1369,9 +1369,9 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) } =20 if (cpu_has(c, X86_FEATURE_EFRO)) { - rdmsr(MSR_K8_HWCR, l, h); - l |=3D (1 << 27); /* Enable read-only APERF/MPERF bit */ - wrmsr(MSR_K8_HWCR, l, h); + /* Enable read-only APERF/MPERF bit */ + wrmsrns(MSR_K8_HWCR, + rdmsr(MSR_K8_HWCR) | (1 << 27)); } =20 /* Prevent TSC drift in non single-processor, single-core platforms. */ diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c index 8c8bf1a806c6..37820a3a08ab 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c @@ -329,6 +329,7 @@ static inline u32 phys_pkg_id(u32 cpuid_apic, int index= _msb) void __init early_cpu_init(bool verbose) { struct cpuinfo_x86 *c =3D &boot_cpu_data; + uint64_t val; u32 eax, ebx, ecx, edx; =20 c->x86_cache_alignment =3D 32; @@ -412,10 +413,11 @@ void __init early_cpu_init(bool verbose) &c->x86_capability[FEATURESET_7c0], &c->x86_capability[FEATURESET_7d0]); =20 - if (test_bit(X86_FEATURE_ARCH_CAPS, c->x86_capability)) - rdmsr(MSR_ARCH_CAPABILITIES, - c->x86_capability[FEATURESET_m10Al], - c->x86_capability[FEATURESET_m10Ah]); + if (test_bit(X86_FEATURE_ARCH_CAPS, c->x86_capability)) { + val =3D rdmsr(MSR_ARCH_CAPABILITIES); + c->x86_capability[FEATURESET_m10Al] =3D val; + c->x86_capability[FEATURESET_m10Ah] =3D val >> 32; + } =20 if (max_subleaf >=3D 1) cpuid_count(7, 1, &eax, &ebx, &ecx, @@ -467,6 +469,7 @@ void reset_cpuinfo(struct cpuinfo_x86 *c, bool keep_bas= ic) =20 static void generic_identify(struct cpuinfo_x86 *c) { + uint64_t val; u32 eax, ebx, ecx, edx, tmp; =20 /* Get vendor name */ @@ -566,10 +569,11 @@ static void generic_identify(struct cpuinfo_x86 *c) &c->x86_capability[FEATURESET_Da1], &tmp, &tmp, &tmp); =20 - if (test_bit(X86_FEATURE_ARCH_CAPS, c->x86_capability)) - rdmsr(MSR_ARCH_CAPABILITIES, - c->x86_capability[FEATURESET_m10Al], - c->x86_capability[FEATURESET_m10Ah]); + if (test_bit(X86_FEATURE_ARCH_CAPS, c->x86_capability)) { + val =3D rdmsr(MSR_ARCH_CAPABILITIES); + c->x86_capability[FEATURESET_m10Al] =3D val; + c->x86_capability[FEATURESET_m10Ah] =3D val >> 32; + } } =20 /* diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index ecca11f04db8..6f71365b7ea0 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -23,17 +23,17 @@ static uint32_t __ro_after_init mcu_opt_ctrl_val; =20 void update_mcu_opt_ctrl(void) { - uint32_t mask =3D mcu_opt_ctrl_mask, lo, hi; + uint64_t mask =3D mcu_opt_ctrl_mask, val; =20 if ( !mask ) return; =20 - rdmsr(MSR_MCU_OPT_CTRL, lo, hi); + val =3D rdmsr(MSR_MCU_OPT_CTRL); =20 - lo &=3D ~mask; - lo |=3D mcu_opt_ctrl_val; + val &=3D ~mask; + val |=3D mcu_opt_ctrl_val; =20 - wrmsr(MSR_MCU_OPT_CTRL, lo, hi); + wrmsrns(MSR_MCU_OPT_CTRL, val); } =20 void __init set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val) @@ -51,17 +51,17 @@ static uint32_t __ro_after_init pb_opt_ctrl_val; =20 void update_pb_opt_ctrl(void) { - uint32_t mask =3D pb_opt_ctrl_mask, lo, hi; + uint64_t mask =3D pb_opt_ctrl_mask, val; =20 if ( !mask ) return; =20 - rdmsr(MSR_PB_OPT_CTRL, lo, hi); + val =3D rdmsr(MSR_PB_OPT_CTRL); =20 - lo &=3D ~mask; - lo |=3D pb_opt_ctrl_val; + val &=3D ~mask; + val |=3D pb_opt_ctrl_val; =20 - wrmsr(MSR_PB_OPT_CTRL, lo, hi); + wrmsrns(MSR_PB_OPT_CTRL, val); } =20 void __init set_in_pb_opt_ctrl(uint32_t mask, uint32_t val) @@ -456,15 +456,15 @@ static void __init probe_mwait_errata(void) */ static void Intel_errata_workarounds(struct cpuinfo_x86 *c) { - unsigned long lo, hi; + uint64_t val; =20 if ((c->x86 =3D=3D 15) && (c->x86_model =3D=3D 1) && (c->x86_mask =3D=3D = 1)) { - rdmsr (MSR_IA32_MISC_ENABLE, lo, hi); - if ((lo & (1<<9)) =3D=3D 0) { + val =3D rdmsr(MSR_IA32_MISC_ENABLE); + if ((val & (1 << 9)) =3D=3D 0) { printk (KERN_INFO "CPU: C0 stepping P4 Xeon detected.\n"); printk (KERN_INFO "CPU: Disabling hardware prefetching (Errata 037)\n"); - lo |=3D (1<<9); /* Disable hw prefetching */ - wrmsr (MSR_IA32_MISC_ENABLE, lo, hi); + val |=3D (1 << 9); /* Disable hw prefetching */ + wrmsrns(MSR_IA32_MISC_ENABLE, val); } } =20 diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c index 1d55eb6b8a41..58157c217ee8 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c @@ -268,14 +268,11 @@ const struct genapic *__init apic_x2apic_probe(void) =20 void __init check_x2apic_preenabled(void) { - u32 lo, hi; - if ( !cpu_has_x2apic ) return; =20 /* Check whether x2apic mode was already enabled by the BIOS. */ - rdmsr(MSR_APIC_BASE, lo, hi); - if ( lo & APIC_BASE_EXTD ) + if ( rdmsr(MSR_APIC_BASE) & APIC_BASE_EXTD ) { printk("x2APIC mode is already enabled by BIOS.\n"); x2apic_enabled =3D 1; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index ab8b1c87ec0f..b639818b6ea6 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -207,9 +207,13 @@ static void __init vmx_display_features(void) static u32 adjust_vmx_controls( const char *name, u32 ctl_min, u32 ctl_opt, u32 msr, bool *mismatch) { + uint64_t val; u32 vmx_msr_low, vmx_msr_high, ctl =3D ctl_min | ctl_opt; =20 - rdmsr(msr, vmx_msr_low, vmx_msr_high); + val =3D rdmsr(msr); + + vmx_msr_low =3D val; + vmx_msr_high =3D val >> 32; =20 ctl &=3D vmx_msr_high; /* bit =3D=3D 0 in high word =3D=3D> must be ze= ro */ ctl |=3D vmx_msr_low; /* bit =3D=3D 1 in low word =3D=3D> must be on= e */ @@ -258,10 +262,13 @@ static int vmx_init_vmcs_config(bool bsp) { u32 vmx_basic_msr_low, vmx_basic_msr_high, min, opt; struct vmx_caps caps =3D {}; - u64 _vmx_misc_cap =3D 0; + uint64_t _vmx_misc_cap =3D 0, val; bool mismatch =3D false; =20 - rdmsr(MSR_IA32_VMX_BASIC, vmx_basic_msr_low, vmx_basic_msr_high); + val =3D rdmsr(MSR_IA32_VMX_BASIC); + + vmx_basic_msr_low =3D val; + vmx_basic_msr_high =3D val >> 32; =20 min =3D (PIN_BASED_EXT_INTR_MASK | PIN_BASED_NMI_EXITING); @@ -366,7 +373,10 @@ static int vmx_init_vmcs_config(bool bsp) if ( caps.secondary_exec_control & (SECONDARY_EXEC_ENABLE_EPT | SECONDARY_EXEC_ENABLE_VPID) ) { - rdmsr(MSR_IA32_VMX_EPT_VPID_CAP, caps.ept, caps.vpid); + val =3D rdmsr(MSR_IA32_VMX_EPT_VPID_CAP); + + caps.ept =3D val; + caps.vpid =3D val >> 32; =20 if ( !opt_ept_ad ) caps.ept &=3D ~VMX_EPT_AD_BIT; @@ -408,9 +418,15 @@ static int vmx_init_vmcs_config(bool bsp) * We check VMX_BASIC_MSR[55] to correctly handle default controls. */ uint32_t must_be_one, must_be_zero, msr =3D MSR_IA32_VMX_PROCBASED= _CTLS; + if ( vmx_basic_msr_high & (VMX_BASIC_DEFAULT1_ZERO >> 32) ) msr =3D MSR_IA32_VMX_TRUE_PROCBASED_CTLS; - rdmsr(msr, must_be_one, must_be_zero); + + val =3D rdmsr(msr); + + must_be_one =3D val; + must_be_zero =3D val >> 32; + if ( must_be_one & (CPU_BASED_INVLPG_EXITING | CPU_BASED_CR3_LOAD_EXITING | CPU_BASED_CR3_STORE_EXITING) ) @@ -699,7 +715,7 @@ void cf_check vmx_cpu_dead(unsigned int cpu) =20 static int _vmx_cpu_up(bool bsp) { - u32 eax, edx; + uint32_t eax; int rc, bios_locked, cpu =3D smp_processor_id(); u64 cr0, vmx_cr0_fixed0, vmx_cr0_fixed1; =20 @@ -719,7 +735,7 @@ static int _vmx_cpu_up(bool bsp) return -EINVAL; } =20 - rdmsr(MSR_IA32_FEATURE_CONTROL, eax, edx); + eax =3D rdmsr(MSR_IA32_FEATURE_CONTROL); =20 bios_locked =3D !!(eax & IA32_FEATURE_CONTROL_LOCK); if ( bios_locked ) diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 901770555b8c..188a50f9cea4 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -9,10 +9,32 @@ #include #include =20 -#define rdmsr(msr,val1,val2) \ - __asm__ __volatile__("rdmsr" \ - : "=3Da" (val1), "=3Dd" (val2) \ - : "c" (msr)) +/* + * MSR APIs. Most logic is expected to use: + * + * uint64_t foo =3D rdmsr(MSR_BAR); + * wrmsrns(MSR_BAR, foo); + * + * In addition, *_safe() wrappers exist to cope gracefully with a #GP. + * + * + * All legacy forms are to be phased out: + * + * rdmsrl(MSR_FOO, val); + * wrmsr(MSR_FOO, lo, hi); + * wrmsrl(MSR_FOO, val); + */ + +static always_inline uint64_t rdmsr(unsigned int msr) +{ + unsigned long lo, hi; + + asm volatile ( "rdmsr" + : "=3Da" (lo), "=3Dd" (hi) + : "c" (msr) ); + + return (hi << 32) | lo; +} =20 #define rdmsrl(msr,val) do { unsigned long a__,b__; \ __asm__ __volatile__("rdmsr" \ diff --git a/xen/arch/x86/include/asm/prot-key.h b/xen/arch/x86/include/asm= /prot-key.h index 3e9c2eaef415..8fb15b5c32e9 100644 --- a/xen/arch/x86/include/asm/prot-key.h +++ b/xen/arch/x86/include/asm/prot-key.h @@ -52,11 +52,7 @@ DECLARE_PER_CPU(uint32_t, pkrs); =20 static inline uint32_t rdpkrs(void) { - uint32_t pkrs, tmp; - - rdmsr(MSR_PKRS, pkrs, tmp); - - return pkrs; + return rdmsr(MSR_PKRS); } =20 static inline uint32_t rdpkrs_and_cache(void) diff --git a/xen/arch/x86/tsx.c b/xen/arch/x86/tsx.c index 2a0c7c08a2ba..fe9f0ab4f792 100644 --- a/xen/arch/x86/tsx.c +++ b/xen/arch/x86/tsx.c @@ -42,6 +42,8 @@ void tsx_init(void) { static bool __read_mostly once; =20 + uint64_t val; + /* * This function is first called between microcode being loaded, and * CPUID being scanned generally. early_cpu_init() has already prepared @@ -62,8 +64,6 @@ void tsx_init(void) * On a TAA-vulnerable or later part with at least the May 2020 * microcode mitigating SRBDS. */ - uint64_t val; - rdmsrl(MSR_MCU_OPT_CTRL, val); =20 /* @@ -118,8 +118,6 @@ void tsx_init(void) =20 if ( cpu_has_tsx_force_abort ) { - uint64_t val; - /* * On an early TSX-enabled Skylake part subject to the memory * ordering erratum, with at least the March 2019 microcode. @@ -250,18 +248,17 @@ void tsx_init(void) * controlled, we have or will set MSR_MCU_OPT_CTRL.RTM_ALLOW to * let TSX_CTRL.RTM_DISABLE be usable. */ - uint32_t hi, lo; =20 - rdmsr(MSR_TSX_CTRL, lo, hi); + val =3D rdmsr(MSR_TSX_CTRL); =20 /* Check bottom bit only. Higher bits are various sentinels. */ rtm_disabled =3D !(opt_tsx & 1); =20 - lo &=3D ~(TSX_CTRL_RTM_DISABLE | TSX_CTRL_CPUID_CLEAR); + val &=3D ~(TSX_CTRL_RTM_DISABLE | TSX_CTRL_CPUID_CLEAR); if ( rtm_disabled ) - lo |=3D TSX_CTRL_RTM_DISABLE | TSX_CTRL_CPUID_CLEAR; + val |=3D TSX_CTRL_RTM_DISABLE | TSX_CTRL_CPUID_CLEAR; =20 - wrmsr(MSR_TSX_CTRL, lo, hi); + wrmsrns(MSR_TSX_CTRL, val); } else if ( cpu_has_tsx_force_abort ) { @@ -269,14 +266,12 @@ void tsx_init(void) * On an early TSX-enable Skylake part subject to the memory order= ing * erratum, with at least the March 2019 microcode. */ - uint32_t hi, lo; - - rdmsr(MSR_TSX_FORCE_ABORT, lo, hi); + val =3D rdmsr(MSR_TSX_FORCE_ABORT); =20 /* Check bottom bit only. Higher bits are various sentinels. */ rtm_disabled =3D !(opt_tsx & 1); =20 - lo &=3D ~(TSX_FORCE_ABORT_RTM | TSX_CPUID_CLEAR | TSX_ENABLE_RTM); + val &=3D ~(TSX_FORCE_ABORT_RTM | TSX_CPUID_CLEAR | TSX_ENABLE_RTM); =20 if ( cpu_has_rtm_always_abort ) { @@ -291,7 +286,7 @@ void tsx_init(void) * - TSX_FORCE_ABORT.ENABLE_RTM may be used to opt in to * re-enabling RTM, at the users own risk. */ - lo |=3D rtm_disabled ? TSX_CPUID_CLEAR : TSX_ENABLE_RTM; + val |=3D rtm_disabled ? TSX_CPUID_CLEAR : TSX_ENABLE_RTM; } else { @@ -304,10 +299,10 @@ void tsx_init(void) * setting TSX_FORCE_ABORT.FORCE_ABORT_RTM. */ if ( rtm_disabled ) - lo |=3D TSX_FORCE_ABORT_RTM; + val |=3D TSX_FORCE_ABORT_RTM; } =20 - wrmsr(MSR_TSX_FORCE_ABORT, lo, hi); + wrmsrns(MSR_TSX_FORCE_ABORT, val); } else if ( opt_tsx >=3D 0 ) printk_once(XENLOG_WARNING --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532051; cv=none; d=zohomail.com; s=zohoarc; b=lN13Omtn0tCqTeBrYaSdOxlhymCNzvPmgEFHsK3fK0BXyQ56nNVziupZIEut6hWNbrGp7Fj/u40R1zVaF0qMOuN0z8o3qqjRRqJi5xT3vYayPGTKJFf3E7CH28dmX6r4lWi2DYOgpFj69dxQmPkUdKq79etypX50GjBFGj4iiys= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532051; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=qBOGdSYhutEDI2EaxleEBeinmCty68xU9InOyjr4reI=; b=eMF+JZdjRTbcELRlsXoLf3p0zgDw+8iNhqlMgzLER9+ayoqQ1w0qc9lYuVVLz1mX4GFRltW0mvDKhj96M1Eeomi41JKPafbSAtFDg5NjNe17XZ0nNTigGyA0pZuKMcr6fj3HNVRM11BD1mNUXfcwyoxzf5U8eclzO8iEr/YYzuU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532051414766.404685040462; Fri, 3 Oct 2025 15:54:11 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136887.1473301 (Exim 4.92) (envelope-from ) id 1v4oen-0004mY-NZ; Fri, 03 Oct 2025 22:53:45 +0000 Received: by outflank-mailman (output) from mailman id 1136887.1473301; Fri, 03 Oct 2025 22:53:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oen-0004mR-Ka; Fri, 03 Oct 2025 22:53:45 +0000 Received: by outflank-mailman (input) for mailman id 1136887; Fri, 03 Oct 2025 22:53:45 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oem-0004mF-UM for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:44 +0000 Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [2a00:1450:4864:20::434]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id cfd99f00-a0ab-11f0-9d14-b5c5bf9af7f9; Sat, 04 Oct 2025 00:53:43 +0200 (CEST) Received: by mail-wr1-x434.google.com with SMTP id ffacd0b85a97d-4256866958bso732903f8f.1 for ; Fri, 03 Oct 2025 15:53:43 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:42 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: cfd99f00-a0ab-11f0-9d14-b5c5bf9af7f9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532023; x=1760136823; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qBOGdSYhutEDI2EaxleEBeinmCty68xU9InOyjr4reI=; b=MACedWK1QS2zs64nu/cn+Hb1GoWSQnLUjeNmsWT6hF2WTpnzq0nGnghYb2CiRm5wN/ yo3cWX2QPVn3Q918+OOguoepWImgHk/5UPewH7e5m1QXUx31nkQKsmvL/+08Acl1kk95 ZxkmgztmG75BLFQjEkzo81HF4ljxneRkhuElQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532023; x=1760136823; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qBOGdSYhutEDI2EaxleEBeinmCty68xU9InOyjr4reI=; b=RK56dKaeMyXtXqMxus4XwpHbRaiYwMJuaX78PZ2Z2NfR1fhWgHHiRirQpHvcNBOkWt mwTUoilveoFRa0fBP6dEPIvHWkwpIEvjUYae5g9VvD+/eq+rBR8O6PmFDOG/cTSqbQjq Q/QjRVrMeqCqgi2xegUf7QQkWpgWAOV9WL8kvSaEVUib3XWsLVPU8B5Mv9qMta68S+Xj 4ESM2bXEv0yVZbkpctQYlekQkAIn36MdjRikTbsdjth6PfgpyACEXrG5F3xlpAAexq46 vxX3/n+kIKeSdFoML/GjHgXNxVhKMgqT+hKCdmMH3/np/RZzGE/bKQeijqiKfKiJEmaI e8rw== X-Gm-Message-State: AOJu0YyRYFaiUrxJOOpUtzLnwUwT+stFwn6jtSQgoR5ZI1k0GBb3paR4 uZoeYQkkU7JsU1h2GSBOpvvQjtwQT0egcm6KDVwDZ3U8gdV7E3t5b9mAW+dJtkxCGo3g0J+XqvK RXJakwYSoPg== X-Gm-Gg: ASbGncu1Tdw61TjOTCBkCEmzAmBeIJbpm6wIGDJexZgdiBMYUxqycT+6evKY/94eaiU NiH0iFgcnjtgX/A3utZG8lSPOk7UgYvZac7/y7cqcQGWTm6qWb15s4bdiEKbkM6EHIdkQOXIkDZ L587NqspzF6QBdB5929RRmjdFjTYlCTkModsYGeaoHLKWz3jJFoqSInGUt22HQW8IXYbBT0M/iw 6Bu5TI5a/ckifAeVBpS9HCqZcettTsk5pGrvbwJTiEnN4pAHohGfzT1b67H+AFgEvA7dBWhLlfW bV2GuntbJL8RvG26Jbl37Qr0WUIkOZOR2InI99hDOxNTHgrZYxXyqYz67PYiRmyOB7zQTLNf0Pf kC8hsJbPBdssBjVOKVmEne7qv2zIruyN44g6ZVkJuWpX5DJTiVDwkF+mZdJIY/nLjbOzUMgov9t vwyxhlfVqW9hIXL7n3pu6k X-Google-Smtp-Source: AGHT+IHIr+hs4rOlzl06AfMSE61LYSI0IMlFJJPgZ4b7S6Ao2ZqCuDK9tAzmz4Bti0cadYe4y78WdA== X-Received: by 2002:a05:6000:4211:b0:402:d5e6:2283 with SMTP id ffacd0b85a97d-4256714c852mr3093348f8f.20.1759532022794; Fri, 03 Oct 2025 15:53:42 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 02/22] x86/msr: Change wrmsr() to take a single parameter Date: Fri, 3 Oct 2025 23:53:14 +0100 Message-Id: <20251003225334.2123667-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532052741116600 Mirroring the cleanup to rdmsr(), do the same to wrmsr(). It now has the s= ame API as wrmsrl(), but we'll want to drop that wrapper in due course. It's telling that almost all remaining users pass in 0. Most are converted directly to WRMSRNS, but a few are not. MSR_VIRT_SPEC_CTRL is unconditionally intercepted is orders of magnitude mo= re expensive than just serialising. In disable_lapic_nmi_watchdog(), the P4 c= ase won't run on hardware which has anything more than plain WRMSR. For CTR_WRITE() in op_model_athlon.c there is a logical change in behaviour, but it's fixing a bug. Peformance counters typically get written to -(coun= t) as they generate an interrupt on overflow. The performance counters even in the K8 were 48 bits wide, and this wrmsr() not being a wrmsrl() appears to have been an oversight in commit b5103d692aa7 ("x86 oprofile: use rdmsrl/wrmsrl") which converted all other users, and appears to be the last time there was an attempt to unify the MSR APIs. No practical change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v3: * Swap to wrmsrns() in setup_k7_watchdog() * Reinstate correct bracketing in op_model_athlon.c's CTR_WRITE(), drop useless do{}while(). --- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/hvm/vmx/vmcs.c | 2 +- xen/arch/x86/include/asm/msr.h | 20 ++++++++++---------- xen/arch/x86/nmi.c | 18 +++++++++--------- xen/arch/x86/oprofile/op_model_athlon.c | 2 +- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 43481daa8e26..9b02e1ba675c 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -934,7 +934,7 @@ void amd_set_legacy_ssbd(bool enable) return; =20 if (cpu_has_virt_ssbd) - wrmsr(MSR_VIRT_SPEC_CTRL, enable ? SPEC_CTRL_SSBD : 0, 0); + wrmsr(MSR_VIRT_SPEC_CTRL, enable ? SPEC_CTRL_SSBD : 0); else if (amd_legacy_ssbd) core_set_legacy_ssbd(enable); else diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index b639818b6ea6..cd5ac8a5f0e3 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -754,7 +754,7 @@ static int _vmx_cpu_up(bool bsp) eax |=3D IA32_FEATURE_CONTROL_ENABLE_VMXON_OUTSIDE_SMX; if ( test_bit(X86_FEATURE_SMX, &boot_cpu_data.x86_capability) ) eax |=3D IA32_FEATURE_CONTROL_ENABLE_VMXON_INSIDE_SMX; - wrmsr(MSR_IA32_FEATURE_CONTROL, eax, 0); + wrmsrns(MSR_IA32_FEATURE_CONTROL, eax); } =20 if ( (rc =3D vmx_init_vmcs_config(bsp)) !=3D 0 ) diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h index 188a50f9cea4..941a7612f4ba 100644 --- a/xen/arch/x86/include/asm/msr.h +++ b/xen/arch/x86/include/asm/msr.h @@ -15,13 +15,17 @@ * uint64_t foo =3D rdmsr(MSR_BAR); * wrmsrns(MSR_BAR, foo); * + * and, if architectural serialisaition is necessary, or there are other + * reasons that WRMSRNS is inapplicable, then: + * + * wrmsr(MSR_BAR, foo); + * * In addition, *_safe() wrappers exist to cope gracefully with a #GP. * * * All legacy forms are to be phased out: * * rdmsrl(MSR_FOO, val); - * wrmsr(MSR_FOO, lo, hi); * wrmsrl(MSR_FOO, val); */ =20 @@ -43,17 +47,13 @@ static always_inline uint64_t rdmsr(unsigned int msr) val =3D a__ | ((u64)b__<<32); \ } while(0) =20 -#define wrmsr(msr,val1,val2) \ - __asm__ __volatile__("wrmsr" \ - : /* no outputs */ \ - : "c" (msr), "a" (val1), "d" (val2)) - -static inline void wrmsrl(unsigned int msr, uint64_t val) +static inline void wrmsr(unsigned int msr, uint64_t val) { - uint32_t lo =3D val, hi =3D val >> 32; + uint32_t lo =3D val, hi =3D val >> 32; =20 - wrmsr(msr, lo, hi); + asm volatile ( "wrmsr" :: "a" (lo), "d" (hi), "c" (msr) ); } +#define wrmsrl(msr, val) wrmsr(msr, val) =20 /* Non-serialising WRMSR, when available. Falls back to a serialising WRM= SR. */ static inline void wrmsrns(uint32_t msr, uint64_t val) @@ -150,7 +150,7 @@ static inline void wrmsr_tsc_aux(uint32_t val) =20 if ( *this_tsc_aux !=3D val ) { - wrmsr(MSR_TSC_AUX, val, 0); + wrmsrns(MSR_TSC_AUX, val); *this_tsc_aux =3D val; } } diff --git a/xen/arch/x86/nmi.c b/xen/arch/x86/nmi.c index 9793fa23168d..a0c9194ff032 100644 --- a/xen/arch/x86/nmi.c +++ b/xen/arch/x86/nmi.c @@ -218,16 +218,16 @@ void disable_lapic_nmi_watchdog(void) return; switch (boot_cpu_data.x86_vendor) { case X86_VENDOR_AMD: - wrmsr(MSR_K7_EVNTSEL0, 0, 0); + wrmsrns(MSR_K7_EVNTSEL0, 0); break; case X86_VENDOR_INTEL: switch (boot_cpu_data.x86) { case 6: - wrmsr(MSR_P6_EVNTSEL(0), 0, 0); + wrmsrns(MSR_P6_EVNTSEL(0), 0); break; case 15: - wrmsr(MSR_P4_IQ_CCCR0, 0, 0); - wrmsr(MSR_P4_CRU_ESCR0, 0, 0); + wrmsr(MSR_P4_IQ_CCCR0, 0); + wrmsr(MSR_P4_CRU_ESCR0, 0); break; } break; @@ -282,7 +282,7 @@ static void clear_msr_range(unsigned int base, unsigned= int n) unsigned int i; =20 for (i =3D 0; i < n; i++) - wrmsr(base+i, 0, 0); + wrmsrns(base + i, 0); } =20 static inline void write_watchdog_counter(const char *descr) @@ -308,11 +308,11 @@ static void setup_k7_watchdog(void) | K7_EVNTSEL_USR | K7_NMI_EVENT; =20 - wrmsr(MSR_K7_EVNTSEL0, evntsel, 0); + wrmsrns(MSR_K7_EVNTSEL0, evntsel); write_watchdog_counter("K7_PERFCTR0"); apic_write(APIC_LVTPC, APIC_DM_NMI); evntsel |=3D K7_EVNTSEL_ENABLE; - wrmsr(MSR_K7_EVNTSEL0, evntsel, 0); + wrmsrns(MSR_K7_EVNTSEL0, evntsel); } =20 static void setup_p6_watchdog(unsigned counter) @@ -338,11 +338,11 @@ static void setup_p6_watchdog(unsigned counter) | P6_EVNTSEL_USR | counter; =20 - wrmsr(MSR_P6_EVNTSEL(0), evntsel, 0); + wrmsrns(MSR_P6_EVNTSEL(0), evntsel); write_watchdog_counter("P6_PERFCTR0"); apic_write(APIC_LVTPC, APIC_DM_NMI); evntsel |=3D P6_EVNTSEL0_ENABLE; - wrmsr(MSR_P6_EVNTSEL(0), evntsel, 0); + wrmsrns(MSR_P6_EVNTSEL(0), evntsel); } =20 static void setup_p4_watchdog(void) diff --git a/xen/arch/x86/oprofile/op_model_athlon.c b/xen/arch/x86/oprofil= e/op_model_athlon.c index bf897a4b6328..4c016624a69b 100644 --- a/xen/arch/x86/oprofile/op_model_athlon.c +++ b/xen/arch/x86/oprofile/op_model_athlon.c @@ -34,7 +34,7 @@ #define MAX_COUNTERS FAM15H_NUM_COUNTERS =20 #define CTR_READ(msr_content,msrs,c) do {rdmsrl(msrs->counters[(c)].addr, = (msr_content));} while (0) -#define CTR_WRITE(l,msrs,c) do {wrmsr(msrs->counters[(c)].addr, -(unsigned= int)(l), -1);} while (0) +#define CTR_WRITE(l,msrs,c) wrmsr(msrs->counters[(c)].addr, -(l)) #define CTR_OVERFLOWED(n) (!((n) & (1ULL<<31))) =20 #define CTRL_READ(msr_content,msrs,c) do {rdmsrl(msrs->controls[(c)].addr,= (msr_content));} while (0) --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532061; cv=none; d=zohomail.com; s=zohoarc; b=jOaaNLNZdVHwDkKwTQiuqKCtPCt8rJgQ1SQVX2mQlAiWE3HrDTFV9JHbMIuBS8C52nUUNxpXjDhbztCV9wjorMKKQmxKsXO68+kakA+QOcDYKIqTBlQm6QmDZ+yY4A4tHPS9gbfV1f+xCq055L+fv/BQcJnDq4lkAXyfucNZDlg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532061; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=xJgRuOTIVNW6wDEOmf6Heo5+NbgUqsHIo8qCR4ngeB0=; b=IKuL8CYfDKxLXuAoSeJUrX0nlXSJbvKS01aT96warkP8vFXIDssAN0oP3Oesl/KJj96L5o57zbqYz0oykgg+k2hJKsGwh0g6y4gwvSs1iVTBa7waZFrWQERTXMtuNHKQ3aMV0Jh1jsDsjF9yR6YXiJO+cIc9qHaXx7Js5OXt3uU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532061841668.7278522365513; Fri, 3 Oct 2025 15:54:21 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136890.1473337 (Exim 4.92) (envelope-from ) id 1v4oeq-0005Uq-Vu; Fri, 03 Oct 2025 22:53:48 +0000 Received: by outflank-mailman (output) from mailman id 1136890.1473337; Fri, 03 Oct 2025 22:53:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oeq-0005Tw-Mv; Fri, 03 Oct 2025 22:53:48 +0000 Received: by outflank-mailman (input) for mailman id 1136890; Fri, 03 Oct 2025 22:53:47 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oep-0004mK-0D for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:47 +0000 Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [2a00:1450:4864:20::42a]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id d0a1cdb9-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:53:45 +0200 (CEST) Received: by mail-wr1-x42a.google.com with SMTP id ffacd0b85a97d-421851bca51so1799674f8f.1 for ; Fri, 03 Oct 2025 15:53:45 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:43 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d0a1cdb9-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532024; x=1760136824; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xJgRuOTIVNW6wDEOmf6Heo5+NbgUqsHIo8qCR4ngeB0=; b=wRhTZlM3Khw5QSGAtaOj564mhrybBqWxRoBuomu8ZfDoCf8XUEAF30So7QWCgUJVKR gQJoJ6SnDE0LFlW7lexfj/OXeLDh7ECqYEslh877VIQBP5+hyvSmRAFG/WJKJPmTkBj1 LltyfUdf2dXgzIqbAU+dRRIBJ5k9QtJHfk/hI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532024; x=1760136824; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xJgRuOTIVNW6wDEOmf6Heo5+NbgUqsHIo8qCR4ngeB0=; b=YM3vxxhwEAnzTyQxyfKypVhXu/ctkjpD4VaCf8M1JF8JMrWwDVn1jCFDGTWxvfHC7u Z+piR/A5P4xK7IJfgTfPQfxTOZlOXGuFPvdd7Tn/iwkBVqjFrKZcHqGkRzNGF0nrMwBa zY2ofXxJby/UARv36KU44AkHX/ySXU4B+ODGr0/r89ToMnqnQFjwdI4eIHhEMjSGti5x NgwDxl77z1HhlwXYgrQJx2sORfDuGuVXDOOoBIejkiSX4tKp9SqMf9Mj3KvvVIf5znu+ sxEOWNq0itbkodHOenyl8sONXWIUclhTuoU8cDMDLpdZLKSbZ/rgXxB2JlT0BsS4PPNY Xqmg== X-Gm-Message-State: AOJu0Ywdh03kxsDhZlcxJ+a7ye7AfWShbpbQeMS5BCdzKXQ4cHTkoF0W W3LBo+4RfG2n06kufDX5qMIvqYeCqj69zt32WPSC0yErMDosNHOx//QWE5iyIJvkp5t6xYc0hVO YfrYFlUh3Rw== X-Gm-Gg: ASbGncsvqlzylsBT2taeOtbnUdkg07mRvte0ygfEe6aRP1TRQO07FfIfNmHMDNI+RV9 UtsLlN7ONe4Rz2ehgsWz4DByKUZzeAIuM0Ia1zZkUXy0pYGasH5YXW3NIBulA9rehmbbEl9KxUb 0wFPoPOV/vP8rn0gX8dXiBq/5hj2erfSOZJaXBmAQFUxpH9bGIUg+HIKHkpB3O0ejNKjyNzJJ3p b3wrGreAR/2vWe3Zx0M81/noH6ClIeIq3AG/Y3A8p1XxP2DMhtEkaIW9UfFoZup/+W6EtW9j7Pb vR5CHBGCxv+NcNdZUekl1dhMuiCleQru9lazkEvLyukONYr6btrLMoAc6IeKrcujWz4O9IvLp23 v3B9bwscNncLuragn5cQpyAimGYj/gr3C+Tw0N3pr+q5VYxBdCSjv0FTo7JpGQb5kKYAA8b8C4g 92WMZ/pjn0N2GzX/oh25CkqgrtBXVv/ts= X-Google-Smtp-Source: AGHT+IFqTQEWOz7mRrwudCzSnWkTI1QqUVdMs3PrrnKfBiD2fX3apMHX8+ej9IICiqFHzvdmEAGjQQ== X-Received: by 2002:a05:6000:2386:b0:3ee:1357:e191 with SMTP id ffacd0b85a97d-425671a92f2mr2275302f8f.30.1759532024160; Fri, 03 Oct 2025 15:53:44 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 03/22] x86/fsgsbase: Split out __{rd,wr}gs_shadow() helpers Date: Fri, 3 Oct 2025 23:53:15 +0100 Message-Id: <20251003225334.2123667-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532062702116600 Right now they're inline in {read,write}_gs_shadow(), but we're going to ne= ed to use these elsewhere to support FRED. No functional change. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v3: * Rename to __{rd,wr}gs_shadow() --- xen/arch/x86/include/asm/fsgsbase.h | 36 ++++++++++++++++++----------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/include/asm/fsgsbase.h b/xen/arch/x86/include/asm= /fsgsbase.h index 03e6a85d31ce..557703842691 100644 --- a/xen/arch/x86/include/asm/fsgsbase.h +++ b/xen/arch/x86/include/asm/fsgsbase.h @@ -32,6 +32,17 @@ static inline unsigned long __rdgsbase(void) return base; } =20 +static inline unsigned long __rdgs_shadow(void) +{ + unsigned long base; + + asm_inline volatile ( "swapgs\n\t" + "rdgsbase %0\n\t" + "swapgs" : "=3Dr" (base) ); + + return base; +} + static inline void __wrfsbase(unsigned long base) { asm volatile ( "wrfsbase %0" :: "r" (base) ); @@ -42,6 +53,14 @@ static inline void __wrgsbase(unsigned long base) asm volatile ( "wrgsbase %0" :: "r" (base) ); } =20 +static inline void __wrgs_shadow(unsigned long base) +{ + asm_inline volatile ( "swapgs\n\t" + "wrgsbase %0\n\t" + "swapgs" + :: "r" (base) ); +} + static inline unsigned long read_fs_base(void) { unsigned long base; @@ -71,13 +90,9 @@ static inline unsigned long read_gs_shadow(void) unsigned long base; =20 if ( read_cr4() & X86_CR4_FSGSBASE ) - { - asm volatile ( "swapgs" ); - base =3D __rdgsbase(); - asm volatile ( "swapgs" ); - } - else - rdmsrl(MSR_SHADOW_GS_BASE, base); + return __rdgs_shadow(); + + rdmsrl(MSR_SHADOW_GS_BASE, base); =20 return base; } @@ -101,12 +116,7 @@ static inline void write_gs_base(unsigned long base) static inline void write_gs_shadow(unsigned long base) { if ( read_cr4() & X86_CR4_FSGSBASE ) - { - asm volatile ( "swapgs\n\t" - "wrgsbase %0\n\t" - "swapgs" - :: "r" (base) ); - } + __wrgs_shadow(base); else wrmsrl(MSR_SHADOW_GS_BASE, base); } --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532055; cv=none; d=zohomail.com; s=zohoarc; b=U5p/L5V4Wn31Jxk7sd5vb/Fw/an2xTd3y31c7I3nCgVlkJJ+IC7K0T40Be4XzMOtjLa5TxAOcQ5uJS5Z2MHr0tIQoIaCa+m+niAFJDltpgInc1o07sG5MjhlOuRDX9WEAiHDUNmAuzhBZ+wOw/Au1hxX2I5kXkjWLlsdCHeeKgQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532055; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=6Pv2xMxR41VxFY2jjI0FggJ6hAHY/W901d8o7CJkHPM=; b=JCvdUeOZ50i/Ngpwt5WdNr+NsPCfuG+pB8ewx5FXzMpnAU5Xv2r5uGTztp2vthcUTjBEsycjhqT/cT7Y4dYPQiBHZ+7YvEDOJ+vAQwQXsLay0960nrB0nLtORvCUHx2w4V+4gIfMWId/rFyM28NrRJ5scpWp/QUFG98z1lVO+mo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 17595320557581021.0848519842348; Fri, 3 Oct 2025 15:54:15 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136891.1473330 (Exim 4.92) (envelope-from ) id 1v4oeq-0005Ri-I2; Fri, 03 Oct 2025 22:53:48 +0000 Received: by outflank-mailman (output) from mailman id 1136891.1473330; Fri, 03 Oct 2025 22:53:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oeq-0005RU-Ey; Fri, 03 Oct 2025 22:53:48 +0000 Received: by outflank-mailman (input) for mailman id 1136891; Fri, 03 Oct 2025 22:53:47 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oep-0004mF-25 for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:47 +0000 Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [2a00:1450:4864:20::42e]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d16cfd3e-a0ab-11f0-9d14-b5c5bf9af7f9; Sat, 04 Oct 2025 00:53:46 +0200 (CEST) Received: by mail-wr1-x42e.google.com with SMTP id ffacd0b85a97d-3b9edf4cf6cso2056524f8f.3 for ; Fri, 03 Oct 2025 15:53:46 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:44 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d16cfd3e-a0ab-11f0-9d14-b5c5bf9af7f9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532025; x=1760136825; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6Pv2xMxR41VxFY2jjI0FggJ6hAHY/W901d8o7CJkHPM=; b=S+vL3o6P2mfIuJIHQDmjaFAk4Ehxr2cXYxAj8EDYbre4S/1gc/hKm7QwPD/s3bIqR1 ZUmgsHMyVsbxmHoYk+zWB5mu/g1HTvTk1oMSE/duvNR/El0Qcu6XXS15y/rncw67yo6q Xn+tm/vzimH/6/gNoJRc4CeEfBHjahGepp+Dw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532025; x=1760136825; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6Pv2xMxR41VxFY2jjI0FggJ6hAHY/W901d8o7CJkHPM=; b=ttI6gCbhD5VhgODvmsSJMABuVvVesYZgYmIdgrpfMDi/y+6z9o2SdwTGgWGSrX/9av xH9GiW99+dUgp7CoLTgGO6L/dEk6gNgxnsYY8fBK9lvcVxEuOfuG/xaS6CQNi1d6JZ23 JHt7A1JgCmREgeJyQitjbGQmX43iiCxkE6v+F38zadO10C4gqOMaRyQA2ZGDa2AX4squ 0aa4bIeTkVBDuWhu4ul+l1/DxvQc0x1zGAxYe0KrWgTMpeSAsnHZvyC4mia2gniBMAX9 R2XpMvUxQwalx4TJiCgRalRk+Z7q+mJWCm/L0t7Nb0SuJ3v3JY6c8Wovub6oBZQTebXY E5Tg== X-Gm-Message-State: AOJu0YyaSf1+oVfU7hgpIkoHiCGZWoVX/ffASr9zUJ1IgphCxP8sJM00 EAf5zNAJP3r3SjDFL/J0knWddN1OYSWZDpzBG1NRe9lc3spboRDsdzH+mFrfohY32kEksfi7ALi nVvmaLbhsHg== X-Gm-Gg: ASbGnct1f0xT7badzdMF942X9NztmnedFD7Ku7svvNkeUVdR6rJ2LJk+6YmdMTC/Skd EM3vBtjQ4W0vo8wEZAIckeI5JfVJdIbtjKFmDF2JYpcHiO8aweu9fckocEaiLZSMV/tvwoPmTc4 +hKSVT6pKpbuFMFs5JrFT8LKHWRxO2ePx1ZACD4YGTuxvdM4AxgLWx4mjOg9w8ZI3I8qXB8bCtn dE6cWrue655vUJ4VcowDHVp+0urBkTH4vrQ5Ik9zqwx9ruQY03sQRKulNRRdPWSYtzZO67916ZI o1xTVOxG/JX2owK6tt7etHX4sRCc55jptSOUmcciOvwlaVhRfibomOgJkELGGH0Judfek+cjsLN Q5Y5iWPWmFUpYk1whJcynnsBSG+J7SYjIFZBVDE4+XyJOSyVdNqTdEzP/ZuD5zQH+RP1K6awhk0 QoCupj2r0SzZo1ydgcqaQv X-Google-Smtp-Source: AGHT+IHmjQVumCk6Whj6vqjAP3hvEHUj0drvtnLE/SMJA6CQN6xZwyyyvA2qtGfDFS3KzjUtWUHflw== X-Received: by 2002:a5d:584d:0:b0:405:1925:4972 with SMTP id ffacd0b85a97d-4256713efb2mr2591682f8f.1.1759532025509; Fri, 03 Oct 2025 15:53:45 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 04/22] x86/fsgsbase: Update fs/gs helpers to use wrmsrns() Date: Fri, 3 Oct 2025 23:53:16 +0100 Message-Id: <20251003225334.2123667-5-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532056783116600 ... and rdmsr() while here. Most of these accesses are in fastpaths and do not need serialising behavio= ur, but the write side is serialising on all Intel hardware as well as older AMD hardware. No functional change. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 --- xen/arch/x86/domain.c | 10 +++++----- xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- xen/arch/x86/include/asm/fsgsbase.h | 30 +++++++++-------------------- 3 files changed, 16 insertions(+), 28 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 19fd86ce88d2..8089ff929bf7 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1851,9 +1851,9 @@ static void load_segments(struct vcpu *n) } else { - wrmsrl(MSR_FS_BASE, n->arch.pv.fs_base); - wrmsrl(MSR_GS_BASE, gsb); - wrmsrl(MSR_SHADOW_GS_BASE, gss); + wrmsrns(MSR_FS_BASE, n->arch.pv.fs_base); + wrmsrns(MSR_GS_BASE, gsb); + wrmsrns(MSR_SHADOW_GS_BASE, gss); } } =20 @@ -1978,8 +1978,8 @@ static void save_segments(struct vcpu *v) } else { - rdmsrl(MSR_FS_BASE, fs_base); - rdmsrl(MSR_GS_BASE, gs_base); + fs_base =3D rdmsr(MSR_FS_BASE); + gs_base =3D rdmsr(MSR_GS_BASE); } =20 v->arch.pv.fs_base =3D fs_base; diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index e2b5077654ef..01bc67460aae 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2737,8 +2737,8 @@ static uint64_t cf_check vmx_get_reg(struct vcpu *v, = unsigned int reg) case MSR_SHADOW_GS_BASE: if ( v !=3D curr ) return v->arch.hvm.vmx.shadow_gs; - rdmsrl(MSR_SHADOW_GS_BASE, val); - return val; + else + return rdmsr(MSR_SHADOW_GS_BASE); } =20 /* Logic which maybe requires remote VMCS acquisition. */ diff --git a/xen/arch/x86/include/asm/fsgsbase.h b/xen/arch/x86/include/asm= /fsgsbase.h index 557703842691..24862a6bfea7 100644 --- a/xen/arch/x86/include/asm/fsgsbase.h +++ b/xen/arch/x86/include/asm/fsgsbase.h @@ -63,38 +63,26 @@ static inline void __wrgs_shadow(unsigned long base) =20 static inline unsigned long read_fs_base(void) { - unsigned long base; - if ( read_cr4() & X86_CR4_FSGSBASE ) return __rdfsbase(); - - rdmsrl(MSR_FS_BASE, base); - - return base; + else + return rdmsr(MSR_FS_BASE); } =20 static inline unsigned long read_gs_base(void) { - unsigned long base; - if ( read_cr4() & X86_CR4_FSGSBASE ) return __rdgsbase(); - - rdmsrl(MSR_GS_BASE, base); - - return base; + else + return rdmsr(MSR_GS_BASE); } =20 static inline unsigned long read_gs_shadow(void) { - unsigned long base; - if ( read_cr4() & X86_CR4_FSGSBASE ) return __rdgs_shadow(); - - rdmsrl(MSR_SHADOW_GS_BASE, base); - - return base; + else + return rdmsr(MSR_SHADOW_GS_BASE); } =20 static inline void write_fs_base(unsigned long base) @@ -102,7 +90,7 @@ static inline void write_fs_base(unsigned long base) if ( read_cr4() & X86_CR4_FSGSBASE ) __wrfsbase(base); else - wrmsrl(MSR_FS_BASE, base); + wrmsrns(MSR_FS_BASE, base); } =20 static inline void write_gs_base(unsigned long base) @@ -110,7 +98,7 @@ static inline void write_gs_base(unsigned long base) if ( read_cr4() & X86_CR4_FSGSBASE ) __wrgsbase(base); else - wrmsrl(MSR_GS_BASE, base); + wrmsrns(MSR_GS_BASE, base); } =20 static inline void write_gs_shadow(unsigned long base) @@ -118,7 +106,7 @@ static inline void write_gs_shadow(unsigned long base) if ( read_cr4() & X86_CR4_FSGSBASE ) __wrgs_shadow(base); else - wrmsrl(MSR_SHADOW_GS_BASE, base); + wrmsrns(MSR_SHADOW_GS_BASE, base); } =20 #endif /* X86_FSGSBASE_H */ --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532055; cv=none; d=zohomail.com; s=zohoarc; b=dMkcechdrOOpLME4Gboq7wz5SKtS3G/mJLvDf5rrD5+oFpNxNXbLl2mT18forO2PM6K4QfmB7QJMpTBcJzOn5yzO3ID0Ka8MrJeELsyyA8E3B/GCOITt/nPP4IV7//sakcWYAbzZ+k76MA6H/LyTOMTmrBN7q1ZqNjufpMec/dw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532055; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=uU50b2CIr8z+rKB8yhDMf5NI7QoTTkkJ3hl1yF+jo5w=; b=hh8Q+0Uqv+I7tA4BmZ7Nhb9lOoJR4R4dwDGh9NJnzqlyGcctjW6hs9OwnDPdY8MTvUKWCqMJ7QMu1HMfa/QOAfg87SU8n+VDDNecAW0YaSrAHROfZde/oVDfXgU5FP6tE0fRPQ8wzq15W25/Z9TDfF1hbMMsxdVJgLz/+a0whUE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532055215558.5188430590212; Fri, 3 Oct 2025 15:54:15 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136892.1473351 (Exim 4.92) (envelope-from ) id 1v4oes-0005ti-5L; Fri, 03 Oct 2025 22:53:50 +0000 Received: by outflank-mailman (output) from mailman id 1136892.1473351; Fri, 03 Oct 2025 22:53:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oes-0005sE-0Y; Fri, 03 Oct 2025 22:53:50 +0000 Received: by outflank-mailman (input) for mailman id 1136892; Fri, 03 Oct 2025 22:53:48 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oeq-0004mK-P3 for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:48 +0000 Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [2a00:1450:4864:20::443]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id d1e9e9b5-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:53:47 +0200 (CEST) Received: by mail-wr1-x443.google.com with SMTP id ffacd0b85a97d-3f0308469a4so1487958f8f.0 for ; Fri, 03 Oct 2025 15:53:47 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:45 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d1e9e9b5-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532026; x=1760136826; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uU50b2CIr8z+rKB8yhDMf5NI7QoTTkkJ3hl1yF+jo5w=; b=AtVI7h+KoCgniDsNAy29u6TWQqOYGYzD20lBHSAz3fAw5Nk5X0+fY5SKUhL3tThysm gAmu9sVNy8zAGcDjC/VT/+yuRP97hehZM/qlgF3tyMmI6WNtOQQziEw6KEt/e1jWmh7A ZqulECobhXbvdr6C/YWfyPSyssOhbuoQJOWq0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532026; x=1760136826; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uU50b2CIr8z+rKB8yhDMf5NI7QoTTkkJ3hl1yF+jo5w=; b=gaeMC1zFy2gZ4QoZFYHpEMUzZnvF2EB/NRQ2RvgF2ItGBoTFRZESRXDLvPBwY0RM2v HRAWGkbZd+7JFIz7/37tVESvpU3Sq8mwbB5lzNbiFgRcm9ICju5Kok5PUl/VlaNcXctN uYO7LcHoSPXvWm/6jm9PKoLdyJyGqw1viVHnGakNShzrjWDw82PnBBgVAkByHvyrG9VB NVn2Ab9MK9YMouJlfL8kOw+jr120p4psK0+rj8SlHBLRd9JgXiQYToQUxFKMM6MWNJCA TwuyLJbfvErG/FMexwxVWdeiAQqiB9ZIJ16XvaFt6CWq5Qtkgja0QK9f+z5MyheC60lW 0ByQ== X-Gm-Message-State: AOJu0YxriTDGUM0qjMdUDpTSdmZpATZZT/7BnIMxL2Tj1Wzdv/JbZ6U0 EuKwIn3XUvpXjHy9NsyPzFQShZRRBx03E5tpKLpTs8/TauhasY1LEpEQziKwKiogHZUCVr+hhEo F7ylvkjz0To6R X-Gm-Gg: ASbGncvPVbo/mU/UojrSTIVUWbOqiHWmEBqkEbg7UT0owgHkaGg84AKUEc3NP3/6xJh 1oumuSOPC3LRKsCdKzLx/HIa03gZkQxctRZA1XMEPqGGm4cu8WV73858XDaBBqZpGBrsH9cDuwt oQykSbcJ4fZMIl/a1kKJH2jSaM98LRhXMGjFHRWgNx0WZiY7sXU+e3TIVR6UeB+UQXVpOvzRtnE R78QzvArMIGj3TWPE/AzQY0H4PITOgUGAzNNAdFCXgH8b81WSkRVp+lUeLvpJWmFLp+vW8sTRdx q7JpMuohYMdzNDKJVouXsfJKVkaqR6DWyeU9gKxfXnF4fZJV0xXH+DLKb0Ii6HL2UsvSsT0rCmP SDpaF3eJKwYtdNKNMR5WScZ7WLFVbKd5P/4GsRjeObUpQg8krFQsY277qE3MksXMxEjBRahHbqz EnUicxw9/w/Bu8DxOYeMoHw1+KIrjkINY= X-Google-Smtp-Source: AGHT+IFNgesRO9KQE+1EDzFOyGemzxgi/B/Bn2ir1u8VhCJcvbxVt8SX2TtWZgCw44x7gKMh2wvVLQ== X-Received: by 2002:a05:6000:40da:b0:3e0:c28a:abbb with SMTP id ffacd0b85a97d-42567158fccmr3269428f8f.13.1759532026367; Fri, 03 Oct 2025 15:53:46 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 05/22] x86/fsgsbase: Improve code generation in read_registers() Date: Fri, 3 Oct 2025 23:53:17 +0100 Message-Id: <20251003225334.2123667-6-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532056722116600 It turns out that using the higher level helpers adjacent like this leads to terrible code generation. Due to -fno-strict-alising, the store into state= -> invalidates the read_cr4() address calculation (which is really cpu_info->c= r4 under the hood), meaning that it can't be hoisted. As a result we get "locate the top of stack block, get cr4, and see if FSGSBASE is set" repeated 3 times, and an unreasoanble number of basic bloc= ks. Hoist the calculation manually, which results in two basic blocks. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 Side-by-side disassembly: https://termbin.com/9xfq --- xen/arch/x86/traps.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 0c5393cb2166..545c42a10862 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -118,9 +118,18 @@ static void read_registers(struct extra_state *state) state->cr3 =3D read_cr3(); state->cr4 =3D read_cr4(); =20 - state->fsb =3D read_fs_base(); - state->gsb =3D read_gs_base(); - state->gss =3D read_gs_shadow(); + if ( state->cr4 & X86_CR4_FSGSBASE ) + { + state->fsb =3D __rdfsbase(); + state->gsb =3D __rdgsbase(); + state->gss =3D __rdgs_shadow(); + } + else + { + state->fsb =3D rdmsr(MSR_FS_BASE); + state->gsb =3D rdmsr(MSR_GS_BASE); + state->gss =3D rdmsr(MSR_SHADOW_GS_BASE); + } =20 asm ( "mov %%ds, %0" : "=3Dm" (state->ds) ); asm ( "mov %%es, %0" : "=3Dm" (state->es) ); --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532058; cv=none; d=zohomail.com; s=zohoarc; b=UNrz249YU3SdhfKuZ1uakeo5P2iHnIH+JAegasKAgTN9SYH1gbcnX6dortMVbqculdelT/nHDd1JVd3PeQN8NF0iCn5WJSXK+sQ6Lk8Kld3GBi4BmuoHbauCJK+dOGvoQUxMlrpUqZXPN8V/vksOGIgoCJukbdvspLrC3OJ+ijo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532058; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=CQIXxtqR5XkQfZx+k/l76E9CNQJSUSvnIl72OdWgL5Q=; b=fgDmvxp6JdWtsPUyU4UBaDQLFpX8DZLLgnNvEFqKkhSexL7GnYAFb2VeGG/Lnk5DI18gV1Zy87CbUvyKcpUCa2cxG7tp6rJPZY17K0xI1a0iHnBjB4E6hRTB8jcCCwrEg4xryfDJHih45OKenhMSc9+vMkIydx3cyLbfRQrr3EM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532058337247.46932015573316; Fri, 3 Oct 2025 15:54:18 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136893.1473357 (Exim 4.92) (envelope-from ) id 1v4oes-0005xf-FW; Fri, 03 Oct 2025 22:53:50 +0000 Received: by outflank-mailman (output) from mailman id 1136893.1473357; Fri, 03 Oct 2025 22:53:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oes-0005ww-8g; Fri, 03 Oct 2025 22:53:50 +0000 Received: by outflank-mailman (input) for mailman id 1136893; Fri, 03 Oct 2025 22:53:49 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oeq-0004mF-Ui for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:48 +0000 Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [2a00:1450:4864:20::42f]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d2c2b48f-a0ab-11f0-9d14-b5c5bf9af7f9; Sat, 04 Oct 2025 00:53:48 +0200 (CEST) Received: by mail-wr1-x42f.google.com with SMTP id ffacd0b85a97d-42420c7de22so1631147f8f.1 for ; Fri, 03 Oct 2025 15:53:48 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:47 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d2c2b48f-a0ab-11f0-9d14-b5c5bf9af7f9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532028; x=1760136828; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CQIXxtqR5XkQfZx+k/l76E9CNQJSUSvnIl72OdWgL5Q=; b=q2cHapUWMbFWui3JKptQSJlK7KxRikVwuqCHuLYBJjp/57Sxm8U2oxC1WTjYMsCRoM AY4ExFVLsDfbATcf6Q68o6KMI6MiPlnBttGJvDUW14zehA4Prc1XVpoNDdQi+7HDk1w0 ZLmKxzL6b1u3m+Gt6f+x1XX9AOEWqYS2EnVLo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532028; x=1760136828; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CQIXxtqR5XkQfZx+k/l76E9CNQJSUSvnIl72OdWgL5Q=; b=ZOeZIdFKYlUTG1VeVnOQ8qbI6DLcUnTbHjZwnA35uzTdOYeu09E3PrOrJ6H1JOtWdg BU8KLkQ7pwCtW1z8NJzSMZIVp3PCuuAKTsflHtu0rlqIKuuQSKL1KVWq4sWHuXKnVRzb 5TAjvDCMZocxFIkwisVCqXMCy6rbzo7dnNPKEokQibgcynXdMzeG11+pPL4wtto0CFx8 OiJJiTGNfy5Kj1E87J9xA3/RjYlNWyFov6w64SBUgYX7OlJc1zmDMp98/MNWMRR7EaW3 IHzScUNdY1cyUnATPdtvGC2ns0qGxt33ip+MbHP9kxq6FLlk6cgXiiLV67L7uDy0mdjj zung== X-Gm-Message-State: AOJu0YxedHjISKtZjwEayK9sEC52yK9Jpc1FxjEJrraZfy1WPc/uzYKh QbSQYDIuA3RuBML3lAqDNgti+9zwh6+fzx17nJtCBXX3MeCBX6LWFCo6HYMgGkA/pJibRJ8SA16 3aHY4ImXZlg== X-Gm-Gg: ASbGnctI2lak1wp2Re0OFSZwaEi7MoZf5dzWwD2G3zS84D3IWohrY8EgYmbymiKVk4c 3CzTKz+QlB9lKhhX9QmTOajT7bWlO27Y4ekkAHPX1aBdQJmrCugqNf9o59EZL1Etxr6VMhVdznE sLZxmFo8ajnqNVLLLMtUaQoUUUMOiDDrszjo1TreDWA1dyMPXPiZvuI87CUQgFEOC5gVuuYfgUp md5odtYay+yNjrkv9i2kZ3ivgyQv5Nr+Rsdf/z8rvp6vXGM09AS4knLhQhHwzv/U6ykvWSW53Jv 4AxXCvKaSCUc3v/Ez2vqkJ9zMgEA1Cc8enriwjqO4JCtH7NA4edpts1J2FwnaosSYSctoipIsZp 3iNDAAT3jplxuueTb5VOQc0yBZgD1bG1U6pq5Q1CBGPG/NUpxxOR6hl8smGTPrmlLvmURvvHZNZ oiyOKlRHLnYR9/va9+MnhH X-Google-Smtp-Source: AGHT+IEAxLmgwgQ4C3244RCBELilekwp3BnZPeUStuZhMVhFE4xU0Rx/JhXlC9p6+Hns9oQEMIDE/A== X-Received: by 2002:a05:6000:2890:b0:405:8ef9:ee6e with SMTP id ffacd0b85a97d-4256713743fmr3442385f8f.25.1759532027752; Fri, 03 Oct 2025 15:53:47 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 06/22] x86/boot: Use RSTORSSP to establish SSP Date: Fri, 3 Oct 2025 23:53:18 +0100 Message-Id: <20251003225334.2123667-7-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532058684116600 Under FRED, SETSSBSY is disallowed, and we want to be setting up FRED prior= to setting up shadow stacks. As we still need Supervisor Tokens in IDT mode, = we need mode-specific logic to establish SSP. In FRED mode, write a Restore Token, RSTORSSP it, and discard the resulting Previous-SSP token. No change outside of FRED mode. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v3: * Adjust the comment in reinit_bsp_stack(). v2: * Some logic moved into prior patch. --- xen/arch/x86/boot/x86_64.S | 23 +++++++++++++++++++++-- xen/arch/x86/setup.c | 25 ++++++++++++++++++++++++- 2 files changed, 45 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 11a7e9d3bd23..9705d03f849c 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -53,17 +53,21 @@ ENTRY(__high_start) mov %rcx, STACK_CPUINFO_FIELD(cr4)(%r15) mov %rcx, %cr4 =20 - /* WARNING! call/ret now fatal (iff SHSTK) until SETSSBSY loads SS= P */ + /* WARNING! CALL/RET now fatal (iff SHSTK) until SETSSBSY/RSTORSSP= loads SSP */ =20 #if defined(CONFIG_XEN_SHSTK) test $CET_SHSTK_EN, %al jz .L_ap_cet_done =20 - /* Derive the supervisor token address from %rsp. */ + /* Derive the token address from %rsp. */ mov %rsp, %rdx and $~(STACK_SIZE - 1), %rdx or $(PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8, %rdx =20 + /* Establishing SSP differs between IDT or FRED mode. */ + bt $32 /* ilog2(X86_CR4_FRED) */, %rcx + jc .L_fred_shstk + /* * Write a new Supervisor Token. It doesn't matter the first time= a * CPU boots, but for S3 resume or hotplug this clears the busy bi= t so @@ -71,6 +75,21 @@ ENTRY(__high_start) */ wrssq %rdx, (%rdx) setssbsy + jmp .L_ap_cet_done + +.L_fred_shstk: + + /* + * Write a Restore Token, value: &token + 8 + 64BIT (bit 0) at the + * base of the shstk (which isn't in use yet). + */ + lea 9(%rdx), %rdi + wrssq %rdi, (%rdx) + rstorssp (%rdx) + + /* Discard the Previous-SSP Token from the shstk. */ + mov $2, %edx + incsspd %edx =20 #endif /* CONFIG_XEN_SHSTK */ .L_ap_cet_done: diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 872a8c63f94a..44da5efa1d20 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -49,6 +49,7 @@ #include #include #include +#include #include #include #include @@ -908,7 +909,29 @@ static void __init noreturn reinit_bsp_stack(void) if ( cpu_has_xen_shstk ) { wrmsrl(MSR_S_CET, xen_msr_s_cet_value()); - asm volatile ("setssbsy" ::: "memory"); + + /* + * IDT and FRED differ by a Supervisor Token on the shadow stack. + * + * In IDT mode, we use SETSSBSY (itself using MSR_PL0_SSP, configu= red + * previously) to mark the Supervisor Token as Busy. In FRED mode, + * there is no token, so we need to create a temporary Restore Tok= en + * to establish SSP. + */ + if ( opt_fred ) + { + unsigned long *token =3D + (void *)stack + (PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8; + + wrss((unsigned long)token + 9, token); + asm volatile ( "rstorssp %0" : "+m" (*token) ); + /* + * We need to discard the resulting Previous-SSP Token, but + * reset_stack_and_jump() will do that for us. + */ + } + else + asm volatile ( "setssbsy" ::: "memory" ); } =20 reset_stack_and_jump(init_done); --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532065; cv=none; d=zohomail.com; s=zohoarc; b=ChPw/is9x8TSu10A/O0oewMj5g5gdD9P7QY9FZUhXYhEgpv2XhcHt/w1JAQmLtfEAGNwFYOnuWGCADg0679mvgwURSv37+AhTi0WYJTtKdg1c8v8PDQBEFFqhBE54+zuiUjaDZTkbcSS13pnb7t6DWb+VVtqVHD1ZfanpSCjB6E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532065; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=egy9XQtSd+4RovGW/slEPJzeLJH9pzKr20RQT1jfE7o=; b=m1H46QWzw9NlOsNt1QdlNnguvOk8Y5aMW3VQ8aFqxrb9dDbgSSvyIR6oKxHLUeHS7Pxxvv6FkXP/WWbKkibhpApNhG7E+p/yT6QisddnHsqh+/yB5rwAQEWKcrD1ncI8JR0H73ix+xf4hYaTCc8SWi555DoloG0M4Jd/qkj7oo4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 17595320658432.5666424029664086; Fri, 3 Oct 2025 15:54:25 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136894.1473371 (Exim 4.92) (envelope-from ) id 1v4oeu-0006Qn-TI; Fri, 03 Oct 2025 22:53:52 +0000 Received: by outflank-mailman (output) from mailman id 1136894.1473371; Fri, 03 Oct 2025 22:53:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oeu-0006Qg-Oi; Fri, 03 Oct 2025 22:53:52 +0000 Received: by outflank-mailman (input) for mailman id 1136894; Fri, 03 Oct 2025 22:53:51 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oet-0004mK-Fx for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:51 +0000 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [2a00:1450:4864:20::42d]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id d38ebc6e-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:53:49 +0200 (CEST) Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-3f0ae439bc3so1431509f8f.1 for ; Fri, 03 Oct 2025 15:53:49 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:48 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d38ebc6e-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532029; x=1760136829; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=egy9XQtSd+4RovGW/slEPJzeLJH9pzKr20RQT1jfE7o=; b=WRNJem83pjebqXEDrsReTnpufgiqBqASUlGogbTOaK3T+c54DywCdZemK/+Jesmvco tCN9s4i3aAZi4FjKIG6Enqth0kVnWWSLCj/SxP6E1GR/SM1Ik1UdRjqDlcMfQShTksrK zMlRFWnZ+ZufsILkT1rfJSOBNsq6fUiCyhaZY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532029; x=1760136829; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=egy9XQtSd+4RovGW/slEPJzeLJH9pzKr20RQT1jfE7o=; b=vtG14IklNPmd/KRFToKhw6Dlg0i9otYp+sTHSIPyvGw3XwGagQ4TJGF3i3BT1cGUgW rBfYnZ5z8qHPnfx9zigeUh4LUlIKWf3/eVOqddJAIR1a2+yEAD6zHs9KyNnBPY0FYHMt Yp/nsi60JXPQ9hJLD88OgnwT5smbts0tF5QQ8VwnWnoa7jTDGOq5BgqQ3Nwr2XxIaCeQ 5pgne6UjZo/FMD5BdWdR37CNE/En0bOJ1o6TcpF34bP/sEiKQM6cGJSRiCNtppDGfs2g IitaKYzWIsPtwphcHs8+aeKHiEN1s7bIqMT3Tuh9iqzgajhaaAbF+tTe/GsYYJXJzj1H b7Tw== X-Gm-Message-State: AOJu0YzU/Ptuyp2hJmK6hy+Xgn8vYDJdb4QdbclFBb1kteI1Sb+9bG/k 1FR6uBuWWbHq0Iiof7gBNtNi9lpuiZtaW88+ZT2aQmvSN0nqwHO0hIapkmakWkVhyhr48Z9gEkA oAWhMGwsuZQ== X-Gm-Gg: ASbGncsHT38Bm9UeT51Xy5UYGQMyEwSBNO7ylBH7VKPfJLp7APuGr2UUfgANOCcTqQd GGsCB7tO81usqkZgkk8jqqVdn5/MkS2MS8dIuxXFdaM/DNJncnMPoHuN9Eq2JPY+mfvpINV+s3X NtAnK1bLuhBrEmgGmZK5+i5F/AHqgbyyDoYET3AqolQ+cMoGbp4cgcE8QV4Wb6gmBZYlkgM++MX 8gyr9rBf35kb/LH35ynENZDrQtWvJzYdIZjRpChtzlrX17SYUtW6riFNILcC4twCst+IOsY4s4e hy0KIPfLoMaU9STTCuweSTURJbgobE6kWfO57hN+KgV0wSIifF4rxLYrMeLAzG6kGQpP2h71Zju qzaXuYgI3bkG9PT5enUNUQtVkTweiMShtC1/i3DChNjTQJGgPbpStjg9QrALrvOUOZjfycC1Ns+ 0nw2tTpONWMWQYkPUVmWJI7jGw4NuoSXI= X-Google-Smtp-Source: AGHT+IGtvZy7Y0lcTeWbgV03qNMHhHkYQjEPeUOIGpdUskckyAr1jrPc6VfxAO5QqrfVmrd51d5Ohw== X-Received: by 2002:a05:6000:2c0c:b0:3ec:6259:5079 with SMTP id ffacd0b85a97d-4256713a066mr3255902f8f.11.1759532029079; Fri, 03 Oct 2025 15:53:49 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 07/22] x86/traps: Alter switch_stack_and_jump() for FRED mode Date: Fri, 3 Oct 2025 23:53:19 +0100 Message-Id: <20251003225334.2123667-8-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532066778116600 FRED and IDT differ by a Supervisor Token on the base of the shstk. This means that switch_stack_and_jump() needs to discard one extra word when FRED is active. Fix a typo in the parameter name, which should be shstk_base. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 Leave as $%c. Otherwise it doesn't assemble correctly presented with $$245= 68 to parse as an instruction immediate. v3: * Fix a typo in the parameter name. v2: * Use X86_FEATURE_XEN_FRED --- xen/arch/x86/include/asm/current.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/= current.h index c1eb27b1c4c2..62817e8476ec 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -154,7 +154,9 @@ unsigned long get_stack_dump_bottom (unsigned long sp); "rdsspd %[ssp];" \ "cmp $1, %[ssp];" \ "je .L_shstk_done.%=3D;" /* CET not active? Skip. */ \ - "mov $%c[skstk_base], %[val];" \ + ALTERNATIVE("mov $%c[shstk_base], %[val];", \ + "mov $%c[shstk_base] + 8, %[val];", \ + X86_FEATURE_XEN_FRED) \ "and $%c[stack_mask], %[ssp];" \ "sub %[ssp], %[val];" \ "shr $3, %[val];" \ @@ -188,7 +190,7 @@ unsigned long get_stack_dump_bottom (unsigned long sp); [ssp] "=3D&r" (tmp) \ : [stk] "r" (guest_cpu_user_regs()), \ [fun] constr (fn), \ - [skstk_base] "i" \ + [shstk_base] "i" \ ((PRIMARY_SHSTK_SLOT + 1) * PAGE_SIZE - 8), \ [stack_mask] "i" (STACK_SIZE - 1), \ _ASM_BUGFRAME_INFO(BUGFRAME_bug, __LINE__, \ --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532046; cv=none; d=zohomail.com; s=zohoarc; b=Hmqip53KFznJDLsUtiO5zarzN8dJjECMLqcKBXVuGLZaFOpXILBkP6kQOVz8ZonHkaPf/cqxfy4btkgFViJJ7oA7AKIPoT69V1ntIzop4Eh6D7tDZK3CMLO2wpZDlv05kEvVTYZw1tEpJsaY3YMp70dXasIGgIJHKkj5NAnwJTc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532046; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=LCapiM0xH65oD0m1ksMUosmI8lWBCkb+MdhiFcZvJp8=; b=k+V/NszJvaPMV65tH+IbYahmcdA/4HQtxBFuflx4U0xGdcEA+CZqK+QOUxqYfMcyspPnbrJ1Clvq/wmepLCJEHWeHCeCEQU9G0nK09RsJwlzsgkxO2bUS7AzNjiTXjgfZMZsdJCM8TqHs4YCvl7m28TjlOTUPM5oFHrYgWmt4EM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532046057835.4580969534298; Fri, 3 Oct 2025 15:54:06 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136895.1473376 (Exim 4.92) (envelope-from ) id 1v4oev-0006Tk-Af; Fri, 03 Oct 2025 22:53:53 +0000 Received: by outflank-mailman (output) from mailman id 1136895.1473376; Fri, 03 Oct 2025 22:53:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oev-0006SB-1q; Fri, 03 Oct 2025 22:53:53 +0000 Received: by outflank-mailman (input) for mailman id 1136895; Fri, 03 Oct 2025 22:53:51 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oet-0004mF-JG for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:51 +0000 Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [2a00:1450:4864:20::42f]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d45fc517-a0ab-11f0-9d14-b5c5bf9af7f9; Sat, 04 Oct 2025 00:53:51 +0200 (CEST) Received: by mail-wr1-x42f.google.com with SMTP id ffacd0b85a97d-3ee130237a8so1974940f8f.0 for ; Fri, 03 Oct 2025 15:53:51 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:49 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d45fc517-a0ab-11f0-9d14-b5c5bf9af7f9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532030; x=1760136830; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LCapiM0xH65oD0m1ksMUosmI8lWBCkb+MdhiFcZvJp8=; b=lg4HrcY4+B3IogBxjk5ybz1iOGRvLkOMQwQ2ocFcMuo5XGqQHSqpRJ4rzk+r4BqVP9 4mQ4FAc91F+T0nnjlMPc5SxpbFoAJdxD0q4gThN39uLq0PpT1LeNeSqOBS8Gf0Au6nsn ReUKNyKSeb+qgYH1+paGgJ/673dvQCJKrTNVA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532030; x=1760136830; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LCapiM0xH65oD0m1ksMUosmI8lWBCkb+MdhiFcZvJp8=; b=pX30xfPZrfgmtZvLW6T5FICQ61b28UFODIsHPR+1FpjsnjnOtHaDN/JAqITK2XBHSu PY6vyCI00Ny+sTJh0GWVRWgyT5G58UjbJ+9TMd08/aQn4PdKX8Yn0JokMedh0DyWDF9D Xnts7cVjfngFU9GlUsdejsf6LvZCDpKrPjK6+qf6dHFHW+Jgn/mdo3dFVbBsE2sC1GEh isXE0CXcSMvYFoirY9qtMw0jvJc+cu9i9l2FeW2w3gVstHDubtoUbXj/u/nwqIeYikNo HoeL6l/a9REcWy30XtrnjNp7gokxUukvyV5cAoSq625uzYjromZALhfr1NsokDc5NeFF 3mKw== X-Gm-Message-State: AOJu0YyIpnD+jsMcd0lqd7KK/LRRbjxoRcuMDedrFx8xz1iSIC27L5JS nj12JMI0h80E478pArkOnMxx0BjwdOVelYvJeoQZ0CIImJkLrT6z7cx3nUx4Ed4qlenNTuPXUIJ dp+CHXw4FFg== X-Gm-Gg: ASbGncuql1iI/nABun244YSwSAcSECa+01sPYC1Pd2OfOVnK2tO1BAkudMfl3JgCmjS 5nnoQTUBJwYiXZfiU60q0wlvENeUcaoCAxm3Ohay/YWg5BMzMbJXFyOJpGaxeBXYcuaL3g/0rb5 EMTEmvihBU7cqkngQxJCLokPLwsaK8Ruir8TuMgTW2h+OzraflEtL64U9nb9tp1HMrd6if74I73 cCv03M/8Cr/ok0gfYa+SPD2a3ycr+1wF2mnmc9dflZEhUI2CEaoLig6P6a2GS2hl7JLZLjWWujh C1X+HOkRPrcYR3+dSVDu9zt2ZrOZzN4AsJJPISrcsMlmA/JkOI+RitXLRAy9lKSN+4f0/jUnlJO /Cbr0IXVuG0J/0LzwAJP2uY3f1P+2wzafmBnlTlXfJBoAgRID2EKarhJK7DfZYlOY2kPUIJwPA1 AE36raHuGE+vo60GYSeR9g X-Google-Smtp-Source: AGHT+IHDK5cVhEjzRuhbRNjA7VIYhVu6Tnt6vNSpbzNgDiwBKK5lWyaZUWlRFcLNL5u6vX9rhV1aSA== X-Received: by 2002:a05:6000:1842:b0:3ec:dd16:fc16 with SMTP id ffacd0b85a97d-425671b23bfmr2836608f8f.43.1759532030450; Fri, 03 Oct 2025 15:53:50 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 08/22] x86/traps: Skip Supervisor Shadow Stack tokens in FRED mode Date: Fri, 3 Oct 2025 23:53:20 +0100 Message-Id: <20251003225334.2123667-9-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532046696116600 FRED doesn't use Supervisor Shadow Stack tokens. Skip setting them up. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v3: * Move further still v2: * New --- xen/arch/x86/mm.c | 12 +++++++++--- xen/arch/x86/setup.c | 8 ++++---- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index b929d15d0050..043e6aa9d73a 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -129,6 +129,7 @@ #include #include #include +#include #include =20 #include @@ -6441,8 +6442,13 @@ static void write_sss_token(unsigned long *ptr) =20 void memguard_guard_stack(void *p) { - /* IST Shadow stacks. 4x 1k in stack page 0. */ - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + /* + * IST Shadow stacks. 4x 1k in stack page 0. + * + * With IDT delivery, we need Supervisor Shadow Stack tokens at the ba= se + * of each stack. With FRED delivery, these no longer exist. + */ + if ( IS_ENABLED(CONFIG_XEN_SHSTK) && !opt_fred ) { write_sss_token(p + (IST_MCE * IST_SHSTK_SIZE) - 8); write_sss_token(p + (IST_NMI * IST_SHSTK_SIZE) - 8); @@ -6453,7 +6459,7 @@ void memguard_guard_stack(void *p) =20 /* Primary Shadow Stack. 1x 4k in stack page 5. */ p +=3D PRIMARY_SHSTK_SLOT * PAGE_SIZE; - if ( IS_ENABLED(CONFIG_XEN_SHSTK) ) + if ( IS_ENABLED(CONFIG_XEN_SHSTK) && !opt_fred ) write_sss_token(p + PAGE_SIZE - 8); =20 map_pages_to_xen((unsigned long)p, virt_to_mfn(p), 1, PAGE_HYPERVISOR_= SHSTK); diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 44da5efa1d20..160a9611f456 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1923,10 +1923,6 @@ void asmlinkage __init noreturn __start_xen(void) =20 system_state =3D SYS_STATE_boot; =20 - bsp_stack =3D cpu_alloc_stack(0); - if ( !bsp_stack ) - panic("No memory for BSP stack\n"); - console_init_ring(); vesa_init(); =20 @@ -2111,6 +2107,10 @@ void asmlinkage __init noreturn __start_xen(void) =20 console_init_postirq(); =20 + bsp_stack =3D cpu_alloc_stack(0); /* Needs to know IDT vs FRED */ + if ( !bsp_stack ) + panic("No memory for BSP stack\n"); + system_state =3D SYS_STATE_smp_boot; =20 do_presmp_initcalls(); --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532066; cv=none; d=zohomail.com; s=zohoarc; b=eHKbi6j5KHQZRK/gx3cdkqmZjneFOtz/OoecjUYOfBqawL5xyoWgsocuvhhy2C9AYnkNkvb5MQhqK9ZKY7tEmYx2Di5jl+eRMuIlQxCuYIfKD9B3518ddgy6UwRO/2vjHS8CVeBdgsuIFKpE22GAcjJLEGMnJ+qr6zLdTZiGIKA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532066; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=T0oNw5K4sXHgCeJnimopXredV1uQRxUZrdiBiQflIQU=; b=JZCDEV8CK0//bTRJQU5lpvOoZ5dotHPlPfQkv1XKKQCbZMzQX+j/Lu/xyDEEPfTEUcLGtNyGIm/dknJZ91mnS10DRxW20WxirdS2V/mIJ5lPql4JiMja9aylelX1tAxOB9SRWzengc5vPJihbX03X+gLnXZZ1tJKJKe8JTn/Hwk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532066252123.78122435030002; Fri, 3 Oct 2025 15:54:26 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136896.1473389 (Exim 4.92) (envelope-from ) id 1v4oew-0006tk-QH; Fri, 03 Oct 2025 22:53:54 +0000 Received: by outflank-mailman (output) from mailman id 1136896.1473389; Fri, 03 Oct 2025 22:53:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oew-0006sK-KP; Fri, 03 Oct 2025 22:53:54 +0000 Received: by outflank-mailman (input) for mailman id 1136896; Fri, 03 Oct 2025 22:53:53 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oev-0004mF-3B for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:53 +0000 Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [2a00:1450:4864:20::435]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d53921e3-a0ab-11f0-9d14-b5c5bf9af7f9; Sat, 04 Oct 2025 00:53:52 +0200 (CEST) Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-3ee1381b835so2382795f8f.1 for ; Fri, 03 Oct 2025 15:53:52 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:50 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d53921e3-a0ab-11f0-9d14-b5c5bf9af7f9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532032; x=1760136832; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=T0oNw5K4sXHgCeJnimopXredV1uQRxUZrdiBiQflIQU=; b=nK2fnpURZVqDyxm1BYzhzgGK3xvawOkA+cDZBOSUJixSybdX09MUfP2xbwQba/ps5Q vht9fDTWIu/9TsC7gLAnudQF+ZyeZ20wYwq0r+4bW/2XTmp7MiiEQm80SRB415rpUHvD M2HNMpl2xgGDh3YkgUhtrFb7Gy6ysj+2FlwaM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532032; x=1760136832; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=T0oNw5K4sXHgCeJnimopXredV1uQRxUZrdiBiQflIQU=; b=FLAbfWS461m3rPIXIJWPlUFNooHypnTJX965R27RNG44tQ4R6TeHifGZxw7Au6vnf+ 1ATG/RMh9eiBeGCy0Kz5h7/tkTMcuqSR8tNIyopnS9LP++ylN3YMBHEAMzTVxLFpNGQM Bf6+J9MiV9kE1iK/1qRm81kDWdy1uv1yFKuC4PaYpdnZ/u3gugfcak4+QfJtUpqD6Igm nH4MR2j9uDrp3czMsoIPXw6cMvfAENV8MkXjmiXyG3RztPbd1SMNlENTf3wmXxF8FSil TC5ftPUNqlULinxJ8naBEfRNTP3BttNEmF6JsiVhg3Jm26UV8udCO/CDtVVVzG43eTdX pcPw== X-Gm-Message-State: AOJu0YzEpfvAVKeSM1Ripx8jwCCQUeT8wNeRSKdC8ygQAGRUGMTzLCwm xMG5iW2Hha0gAq2WV6bYAeTGfyP8SxE8x2b4GK9KK5lgEqck/CVNfcOhfbOQZ0WeZp/LM93I7FD Uo0eCY/UpbA== X-Gm-Gg: ASbGncvfnF7CGZX2oeqZVaDkxjXKWYUkxW4kWaDi5PIyBXI05JXxnNOgh2vBSUjD4p7 E+B2tJWo8tHD6juP5q5lorgSwHf10UBSl9e1lBB3VsVHDQI26sqYU+pwXwFzoot2t4VvJp2748L CVmYY5nQrXO+FeQg8EKcp9PtCk+s1ygZzvv5Q/hgm2oLktNfBDfFAAA9weY2rvdbuXI8LhDqN8b fHpVXBnatSgS6oI3L4qFYuH1lDfvDvDLiSo3m6dmlP5bGBqvFf2aDFw+V0vkvOETE3ShfGpEzZZ Hat7Y05rp19o35z93EEbfBIdBhh+uFI/vGO8UdW7i6HKUYn4gp7BTwj2XzIuoLBaVN65CPywVRb +70U+9G/gfR1Y+yOUqKBHEWh2PT9IeQXAMe3OQ5afkgwstb6dHFf283TFgFikNASAxqE9tmeTUN bu/26d3KB4e/HRohO+BbfXxGyn7T4+y8o= X-Google-Smtp-Source: AGHT+IGJaNuPK6BEBxqC2I2IKYUBlSfm6IpSEEWnfS9veyaiaqXtOEoe1NrwHO5cx7d/p+cLCXy4aA== X-Received: by 2002:a05:6000:4210:b0:407:7a7:1ca0 with SMTP id ffacd0b85a97d-425671463eemr3399578f8f.14.1759532031802; Fri, 03 Oct 2025 15:53:51 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 09/22] x86/traps: Make an IDT-specific #DB helper Date: Fri, 3 Oct 2025 23:53:21 +0100 Message-Id: <20251003225334.2123667-10-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532066822116600 FRED provides PENDING_DBG in the the stack frame, avoiding the need to read %dr6 manually. Rename do_debug() to handle_DB(), and update it to take a dbg field using positive polarity. Introduce a new handle_DB_IDT() which reads %dr6. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/traps.c | 28 +++++++++++++++++----------- xen/arch/x86/x86_64/entry.S | 2 +- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 545c42a10862..3fd0f5709a52 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -1992,14 +1992,11 @@ void asmlinkage do_device_not_available(struct cpu_= user_regs *regs) =20 void nocall sysenter_eflags_saved(void); =20 -void asmlinkage do_debug(struct cpu_user_regs *regs) +/* Handle #DB. @dbg is PENDING_DBG, a.k.a. %dr6 with positive polarity. */ +static void handle_DB(struct cpu_user_regs *regs, unsigned long dbg) { - unsigned long dr6; struct vcpu *v =3D current; =20 - /* Stash dr6 as early as possible. */ - dr6 =3D read_debugreg(6); - /* * At the time of writing (March 2018), on the subject of %dr6: * @@ -2067,13 +2064,13 @@ void asmlinkage do_debug(struct cpu_user_regs *regs) * If however we do, safety measures need to be enacted. Use a big * hammer and clear all debug settings. */ - if ( dr6 & (DR_TRAP3 | DR_TRAP2 | DR_TRAP1 | DR_TRAP0) ) + if ( dbg & (DR_TRAP3 | DR_TRAP2 | DR_TRAP1 | DR_TRAP0) ) { unsigned int bp, dr7 =3D read_debugreg(7); =20 for ( bp =3D 0; bp < 4; ++bp ) { - if ( (dr6 & (1u << bp)) && /* Breakpoint triggered? */ + if ( (dbg & (1u << bp)) && /* Breakpoint triggered? */ (dr7 & (3u << (bp * DR_ENABLE_SIZE))) && /* Enabled? = */ ((dr7 & (3u << ((bp * DR_CONTROL_SIZE) + /* Insn? */ DR_CONTROL_SHIFT))) =3D=3D DR_RW_EXEC= UTE) ) @@ -2094,9 +2091,9 @@ void asmlinkage do_debug(struct cpu_user_regs *regs) * so ensure the message is ratelimited. */ gprintk(XENLOG_WARNING, - "Hit #DB in Xen context: %04x:%p [%ps], stk %04x:%p, dr6 %= lx\n", + "Hit #DB in Xen context: %04x:%p [%ps], stk %04x:%p, dbg %= lx\n", regs->cs, _p(regs->rip), _p(regs->rip), - regs->ss, _p(regs->rsp), dr6); + regs->ss, _p(regs->rsp), dbg); =20 return; } @@ -2108,7 +2105,7 @@ void asmlinkage do_debug(struct cpu_user_regs *regs) * by debugging actions completed behind it's back. */ v->arch.dr6 =3D x86_merge_dr6(v->domain->arch.cpu_policy, - v->arch.dr6, dr6 ^ X86_DR6_DEFAULT); + v->arch.dr6, dbg); =20 if ( guest_kernel_mode(v, regs) && v->domain->debugger_attached ) { @@ -2116,7 +2113,16 @@ void asmlinkage do_debug(struct cpu_user_regs *regs) return; } =20 - pv_inject_DB(dr6 ^ X86_DR6_DEFAULT); + pv_inject_DB(dbg); +} + +/* + * When using IDT delivery, it is our responsibility to read %dr6. Conver= t it + * to positive polarity. + */ +void asmlinkage handle_DB_IDT(struct cpu_user_regs *regs) +{ + handle_DB(regs, read_debugreg(6) ^ X86_DR6_DEFAULT); } =20 void asmlinkage do_entry_CP(struct cpu_user_regs *regs) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 39c7b9d17f9e..789687488c5f 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -1171,7 +1171,7 @@ FUNC(handle_ist_exception) .L_ ## vec ## _done: =20 DISPATCH(X86_EXC_NMI, do_nmi) - DISPATCH(X86_EXC_DB, do_debug) + DISPATCH(X86_EXC_DB, handle_DB_IDT) DISPATCH(X86_EXC_MC, do_machine_check) #undef DISPATCH =20 --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532060; cv=none; d=zohomail.com; s=zohoarc; b=bUop26k+9s0wuh70OZHnDAsBEddd0qld4nWo8IqupAGU0wxvxcj4rMZ/pSz5yM1WfrhDbITrf1PHPcnXPSkDrxZOkHE0EdUyB3e6Hg0XhTvDvkjandHVHFNiwm58BkcMAZNwT2qEpS+jFpSH3k3ipWMCNjfU+f2Ph5eje6qW8IE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532060; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Rsyv3/4unrxbc8sHsEgG2iBwBu0kpsuEgiqdDx6AJzc=; b=SwUdqAHAIPxWZxWK9Hflx3l7V3tfCrSYKLXO43LVlbEBQe9qmmrtvJthKb7BfbQnq7ReHC0J+mXMbgqSG8yIEFD/Jx615BDYMTLiVvvPTz6Hivs9aL/Yppbx8yGXlrIw5GUrILjnxdgIcTYI0bim2kessIn4JV+Mfb7We1QhQvg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 175953206004385.11755566431941; Fri, 3 Oct 2025 15:54:20 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136899.1473400 (Exim 4.92) (envelope-from ) id 1v4oey-0007DZ-8K; Fri, 03 Oct 2025 22:53:56 +0000 Received: by outflank-mailman (output) from mailman id 1136899.1473400; Fri, 03 Oct 2025 22:53:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oey-0007DL-0c; Fri, 03 Oct 2025 22:53:56 +0000 Received: by outflank-mailman (input) for mailman id 1136899; Fri, 03 Oct 2025 22:53:55 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oex-0004mK-8j for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:55 +0000 Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [2a00:1450:4864:20::429]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id d5ca6ebc-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:53:53 +0200 (CEST) Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-3ece0e4c5faso2105650f8f.1 for ; Fri, 03 Oct 2025 15:53:53 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:52 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d5ca6ebc-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532033; x=1760136833; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Rsyv3/4unrxbc8sHsEgG2iBwBu0kpsuEgiqdDx6AJzc=; b=EkfUfAZNQ78Fd9GI7O90cVNNnNV7w0Xz3nQmlA6oTD3aQGrKSmn1oNxONsNC/TylrO 0rFcKB0HE0UdeYaVQ5czicXyvzqgBh80ayifyGRSImca23syEpFMdnefh6fiOgiIPz/8 ShGNGUctVGHFow66ZP11PJJPAIT5hp0JPWWGk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532033; x=1760136833; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Rsyv3/4unrxbc8sHsEgG2iBwBu0kpsuEgiqdDx6AJzc=; b=iOGLdu6XnKB7H+DArfgtkGD+dMbugom26ovX2kRQu0l+CI9tC5dpDNHBvxmdyUkxS7 sUmUCA19D2KRhOgFi4wtX8uf154hYPowvcZyNQLpFr19Y8EfxV3RS18IRLl7LHjakbP7 j1/e/wpMI9h4VSWZcEtbMSCO9ucfqDSh+5IQA30AeIdjmlSciISKrY3hWeR74j8bplLb ZtIH2xLByaNCkZUweF2Cx+6QignIwunD467nYAv9bBBaXIgcX8X6EyuYl7obMevALxk7 TbnMU7twQSaskQZ3POzqyhcCsRyAWslGaW0dBRs7qmHDPzppoEiOB3IZ2F7pOKVowDac mKzA== X-Gm-Message-State: AOJu0Yz13tYufoW02BF4OnV7sXyXPDupyaTvDZOvOs+NXtgf3d47Sn1p jd+b5wIFvKsG6KZMSX3iByDSuzL2HndPYnXwmOMEh0r5I/N6gTYS55uboz2bqOY5lLdY54biZe1 3/Osc3lI9EQ== X-Gm-Gg: ASbGnctTI894TLEFJMma1e5ObMmDp8D8JiWKmQsS5SeQIf+eso4iu8oaRWp0LvjE27n +FHZ3T0dzq05upuLnY7Hf5X9bcBvGQXwDjQoefmzhRv/9uSUXSMBB555wrmhDDUP1LqGyy9vd8P nNtgnXKehESQWJjX+WszFDHm1yo95MREd0womiUyQpHV99sw5SyjbkdsI7eL8l4EayPKlGWEeaw Gg05XGC0fPaXWClp+k/H90mDaEKxyC9y47Wd0FVOYEbj9awQevJSqtX4YfkiRWxaYOt+zvSREIO Wfq/xsmWrBRjMozdUgAUfE7mxlJ17kypDBmGxRV34LP27EiIu7uIcKrNfZSPTem08X2SZ2kyOQz F3R/q1+1v1OS37FaBUS9tBU7plf+455WrfaxQiOnq2dtT7cdTovDqIysC99R6XmVNPfOfpAAnus wRtRQBIduxfB+/0Qrkk4MA X-Google-Smtp-Source: AGHT+IFvkhniiJ9rxsEE2yAcXOAtoH4okjipJNVJVXijQTjiM/jBeJ/8ns7VaCTWv46AXmbPQLwwRg== X-Received: by 2002:a05:6000:43c6:10b0:415:7c56:30d9 with SMTP id ffacd0b85a97d-4256714d65dmr2765837f8f.23.1759532032710; Fri, 03 Oct 2025 15:53:52 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 10/22] x86/traps: Make an IDT-specific #PF helper Date: Fri, 3 Oct 2025 23:53:22 +0100 Message-Id: <20251003225334.2123667-11-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532060670116600 FRED provides %cr2 in the the stack frame, avoiding the need to read %cr2 manually. Rename do_page_fault() to handle_PF(), and update it to take cr2, still nam= ed addr for consistency. Introduce a new handle_PF_IDT() which reads %cr2 and conditionally re-enabl= es interrupts. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/traps.c | 26 ++++++++++++++------------ xen/arch/x86/x86_64/entry.S | 2 +- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 3fd0f5709a52..d42973660db0 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -1670,21 +1670,10 @@ static int fixup_page_fault(unsigned long addr, str= uct cpu_user_regs *regs) return 0; } =20 -void asmlinkage do_page_fault(struct cpu_user_regs *regs) +static void handle_PF(struct cpu_user_regs *regs, unsigned long addr /* cr= 2 */) { - unsigned long addr; unsigned int error_code; =20 - addr =3D read_cr2(); - - /* - * Don't re-enable interrupts if we were running an IRQ-off region when - * we hit the page fault, or we'll break that code. - */ - ASSERT(!local_irq_is_enabled()); - if ( regs->flags & X86_EFLAGS_IF ) - local_irq_enable(); - /* fixup_page_fault() might change regs->error_code, so cache it here.= */ error_code =3D regs->error_code; =20 @@ -1745,6 +1734,19 @@ void asmlinkage do_page_fault(struct cpu_user_regs *= regs) pv_inject_page_fault(regs->error_code, addr); } =20 +/* + * When using IDT delivery, it is our responsibility to read %cr2. + */ +void asmlinkage handle_PF_IDT(struct cpu_user_regs *regs) +{ + unsigned long addr =3D read_cr2(); + + if ( regs->flags & X86_EFLAGS_IF ) + local_irq_enable(); + + handle_PF(regs, addr); +} + /* * Early #PF handler to print CR2, error code, and stack. * diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 789687488c5f..c02245ac064c 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -871,7 +871,7 @@ handle_exception_saved: * reading %cr2. Otherwise a page fault in the nested interrupt ha= ndler * would corrupt %cr2. */ - DISPATCH(X86_EXC_PF, do_page_fault) + DISPATCH(X86_EXC_PF, handle_PF_IDT) =20 /* Only re-enable IRQs if they were active before taking the fault= */ testb $X86_EFLAGS_IF >> 8, UREGS_eflags + 1(%rsp) --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532056; cv=none; d=zohomail.com; s=zohoarc; b=e1ZE6LIw4gNVCpnphUSFq6iKbZEDmHWtmrWxa1OF5w2+yWhkJTfsfrSFQbvnFdQ891auipVmvgV4FUHGd8FubhJOMqiIrzpS7xVVPaIgljPXopXkleLoT6ojuo1Dnc9AKlqx7P644qqsU+Hk+k2AIozxXVtdpLeRXPS124f2Gdo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532056; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=L9xT2e+qZfb6j1FUuBgKvZ3n+Jc6Wgtnci0H5fcXpnk=; b=AAtO1d/TH+tPsF23GpOXj1PXVghSM01kYrSqfpEPDpwl8Ru/Q2eTVhYn3IMiKgB2ccRVxua7JPqhB02WIUcaj4vCVJo0G41Kxs+c6Oij+h6ad6Y1BdbZRq00g3plfWMbj2pc3Zw5MWSb68pstt1RFi6gP6FjdVqmdsL35yIKc/k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532056453906.1993133618352; Fri, 3 Oct 2025 15:54:16 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136902.1473410 (Exim 4.92) (envelope-from ) id 1v4of0-0007do-Kz; Fri, 03 Oct 2025 22:53:58 +0000 Received: by outflank-mailman (output) from mailman id 1136902.1473410; Fri, 03 Oct 2025 22:53:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4of0-0007dV-Gk; Fri, 03 Oct 2025 22:53:58 +0000 Received: by outflank-mailman (input) for mailman id 1136902; Fri, 03 Oct 2025 22:53:56 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oey-0004mK-I2 for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:56 +0000 Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [2a00:1450:4864:20::42f]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id d68d6d9a-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:53:55 +0200 (CEST) Received: by mail-wr1-x42f.google.com with SMTP id ffacd0b85a97d-42557c5cedcso1550895f8f.0 for ; Fri, 03 Oct 2025 15:53:54 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:53 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d68d6d9a-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532034; x=1760136834; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=L9xT2e+qZfb6j1FUuBgKvZ3n+Jc6Wgtnci0H5fcXpnk=; b=d/u7IctkIlWXySaM6mwf/iYi+EEgyZkPLYWtp9ecOxhcF9SE8CwZEAI37XHioYa35G s38fY0Oz2H6jxXpN6B7nOL3LVFB41HrKBPbe0NdAoHT79dH4JhVEyVJWBUmlBrrDsSon Vd28zFpoMfANKhLs/kaiW13eyDYQtaSHlgsfE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532034; x=1760136834; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=L9xT2e+qZfb6j1FUuBgKvZ3n+Jc6Wgtnci0H5fcXpnk=; b=CMRgFCjCNr2G/fw8NWO1FyoVP9Jk8aIMLNCSpUwqLmTivXeIrQZ7vA45pzSM4Fdra1 zYbwqRAA6ibBcuUdFxqvoAQlssb+fBW81ALPofwW47UbnoM0YNftQ6WzxsEXGUFr+hac akH5bUZrUA9w18VlPaas/pSgqLGi5opCYuhWhG5e/1IyNVuTl3jcl2fbyAyIWodABq2v kmZFlnlJLK4u9BeBx3c8L4uU1EOg4FEJFdqvasFpLDDgKeot/xNkcg8MdghOGWN9b4qa EVCtXipmUaSQ9uJ5e/lT263EQoFkyOeNkAgVQE6A58kWbU/ZhhX9xK8rLJbf9H7ptEvY 2/oA== X-Gm-Message-State: AOJu0YwnX28bZfLRXlaM89WYDHlqWjtMrx8W1aH/g0ojuC9a5f7UTsh5 YKZWWC3GU8RcEQD9P46yNxIKTQMemuRdVxUDdYWMcxRpWZY3+c0bDkDCbxspYVeMdJhwrOWZG7n p02k9IhfUjw== X-Gm-Gg: ASbGncs0eJzgktQeAEOAWfzLXJA9uo7ngTXie9tU1SnHw3X/HfdI2C3Og+PvfGfOmWG +/RpwJUw33mXuWsytRbHDsfrZlJyG9FQ4cbEiMX7uyQNdPsbBgX6gHO2fdeRR1cG9SaikVBLHq6 fbzs49TGrAS0hREexnEooC8YKr/BvVmIc07sWJgf7vSuuzZG+v9Ye3aB4Y6FQ2lSO/2TiX+Stzf ADBTaeYWGaQBdNJwPbRufLnoBAFAkK0Wrp2QM1YdHXMAwYhBdCvPbVhTDTcFD8xD2gDRahe2iE4 WXWGvg+kf+6sgc2SNymRdCgDUCD4eus4fg1Dz6dNZP+OQjYmcZLkt2zAZ0aCDiVykaImXG+uwwO lysyG9aAX6fFZGxLTRNUHoA7oPRWKY1sj+b0vAcoP68WtS9Q4Ps5aov/sIjvptynbdG5HzubrLp 5SwewwCxNoGThoAdnaHChA X-Google-Smtp-Source: AGHT+IGi4Mtp7sUIenwEW+G9jtr4Ezc1L39uJjX80DcyCAfWrdG2uCI/4ZVImOc792lTjwRvYtIy5g== X-Received: by 2002:a05:6000:3113:b0:3ec:2ef7:2134 with SMTP id ffacd0b85a97d-4256714bb4dmr2598203f8f.18.1759532034126; Fri, 03 Oct 2025 15:53:54 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 11/22] x86/fsgsbase: Make gskern accesses safe under FRED Date: Fri, 3 Oct 2025 23:53:23 +0100 Message-Id: <20251003225334.2123667-12-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532058659116600 Under FRED, the SWAPGS instructions is disallowed. Therefore we must use t= he MSR path instead. read_registers() is in the show_registers() path, so this allows Xen to ren= der it's current state without suffering #UD (and recursing until the stack gua= rd page is hit). All hardware with FRED is expected to have some kind of non-serialising acc= ess to these registers. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * Broken out of subsequent patch. Rebased over MSR cleanup. --- xen/arch/x86/include/asm/fsgsbase.h | 8 ++++++-- xen/arch/x86/traps.c | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/include/asm/fsgsbase.h b/xen/arch/x86/include/asm= /fsgsbase.h index 24862a6bfea7..5faa3a324332 100644 --- a/xen/arch/x86/include/asm/fsgsbase.h +++ b/xen/arch/x86/include/asm/fsgsbase.h @@ -79,7 +79,9 @@ static inline unsigned long read_gs_base(void) =20 static inline unsigned long read_gs_shadow(void) { - if ( read_cr4() & X86_CR4_FSGSBASE ) + unsigned long cr4 =3D read_cr4(); + + if ( !(cr4 & X86_CR4_FRED) && (cr4 & X86_CR4_FSGSBASE) ) return __rdgs_shadow(); else return rdmsr(MSR_SHADOW_GS_BASE); @@ -103,7 +105,9 @@ static inline void write_gs_base(unsigned long base) =20 static inline void write_gs_shadow(unsigned long base) { - if ( read_cr4() & X86_CR4_FSGSBASE ) + unsigned long cr4 =3D read_cr4(); + + if ( !(cr4 & X86_CR4_FRED) && (cr4 & X86_CR4_FSGSBASE) ) __wrgs_shadow(base); else wrmsrns(MSR_SHADOW_GS_BASE, base); diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index d42973660db0..2e3efe45edf4 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -118,7 +118,7 @@ static void read_registers(struct extra_state *state) state->cr3 =3D read_cr3(); state->cr4 =3D read_cr4(); =20 - if ( state->cr4 & X86_CR4_FSGSBASE ) + if ( !(state->cr4 & X86_CR4_FRED) && (state->cr4 & X86_CR4_FSGSBASE) ) { state->fsb =3D __rdfsbase(); state->gsb =3D __rdgsbase(); --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532060; cv=none; d=zohomail.com; s=zohoarc; b=FpaoslnNVv2Zjc6XFQJkbbD+xutINaLEHrNPkkJzgTZmgrdStReft9/TkXhu/lQomVo2iAYL/n+Bgo0z/SggVY8xnZY1ND3NMavEFREFrwPyR5qH7oIlj3GedYcNJXgDYcwup9x/xwmh6iT49tH41GYMakw/PIxVbcFS2jXa8Kg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532060; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=C1bN21O9E9iaUXFirFx56v5gHa9tBSUu8dMdcIlZelw=; b=Jz1XccIJXtl3WjSQArS2iD8Nq9gOc87F7nzOdP3Uste+VggHaYdceWbYcFiDa0XhYwcBCqs8qHf5dBZ37B3RfKrUcUoEO0QTDmHuyBPjWt8etxWMfz6FeJDTqM0ibXfrV+lTocokGsqn39ltGbtASO2ooxrAs/YT1+++KTUlYIw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532060704540.5487486216239; Fri, 3 Oct 2025 15:54:20 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136904.1473423 (Exim 4.92) (envelope-from ) id 1v4of2-0007ve-RS; Fri, 03 Oct 2025 22:54:00 +0000 Received: by outflank-mailman (output) from mailman id 1136904.1473423; Fri, 03 Oct 2025 22:54:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4of2-0007u7-7l; Fri, 03 Oct 2025 22:54:00 +0000 Received: by outflank-mailman (input) for mailman id 1136904; Fri, 03 Oct 2025 22:53:58 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oez-0004mK-Pk for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:57 +0000 Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [2a00:1450:4864:20::430]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id d71c6f6f-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:53:55 +0200 (CEST) Received: by mail-wr1-x430.google.com with SMTP id ffacd0b85a97d-3ee12a63af1so1843220f8f.1 for ; Fri, 03 Oct 2025 15:53:55 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:54 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d71c6f6f-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532035; x=1760136835; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=C1bN21O9E9iaUXFirFx56v5gHa9tBSUu8dMdcIlZelw=; b=svLuul7Zyw7GDhNe0hczkZWm5sadyJAE7EHwq5fIOqVmNRxcaz6K/V5qixsLl9csgz tDA3tOet6OSI4uilhdK8zx7UrHweeAeUEmysLiTffNYrlZZu4wsBa7KMgsdikHbvGSqi fRTG7drwSS75DEodDU1ZLYCiMbLbzxXdRGsHM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532035; x=1760136835; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C1bN21O9E9iaUXFirFx56v5gHa9tBSUu8dMdcIlZelw=; b=wnxR0UP537ZF9C1uT/u7Vlikt3Y2b2ogjGST7G7vuQ2hSXK5iBY0n19tP8GTptQYAx SNRAudQ1Cm8TM6Sd60mBN8PZNqvYb+H/WHu/RNCFbsSwbVpi4VxtjR7RUgMKkkn1Mi5R avgbvbx3B7TSzqVGA1x7kFOfqlujvsEtJifXN381o1W0s9ubK1PQZ3PpJiQLwozg/flm 83BBdBx/ckaRjst2xFdjd5rSYA76/2oHIiHPjT47ucIbnf8hOfDqUK9bGwrpD+WzAfOp lZez6qXh8kEiRkvBJbf0Zo8Y5dqIbqdGnRNfhTbNwu1P0+IfGJ4QvdIUWMmxvnuTYYyY bGQw== X-Gm-Message-State: AOJu0YxwVhM14zr6Qhgk20x9v7gA2VOHOXj3QKbgL1qEXxhOFJHRYyV6 mgXo3bHTG+wgcEKvimqZwurJ5bXWqQ3fSKCMI1shYJ23tW2bl0gRkX16NIUCXp5k1OkbvX2ZXJj ZOw4iPzkEpA== X-Gm-Gg: ASbGncvIEP84ZD/QY0HO1B199SK8kWMeYLl4FUaXnv5ZXypiSbg26kKWwK3sMF2fbNh CeevSBOZY9bZdH68OSuXWdXM0EyBArlLeK5wT64JSiBDyonwTLjxWh010cCIjJmhBniv5R5Qc37 nlZzMG/D4MPclKfGoSZzHm+GhUmi7lX53T4mXXjy24D1YHJyMjBghrsWijXNDVnDAMbeL0t86sy OhVjUoYEnX1M71nprH3bbEgaPbhsVmxYTdbSjZ3QkB6YBgcUguPWrP28dFu06pcHaVPolpl9kjo lWX92eVBnjmjjxOKux9BSFQy/pKnqZmRK2+ONf/0DrTMqQ7jUorI9YvA+KDRI36gb2NzM6C/F+C kdZ7gEshIRBMxDaDaWTrv3bTKy3/gABCGKVq6Ujc5RaLGjAwdQI/xnelh6580fnNROnh+HND/n9 ySqt+tYFTBNFRI/a+YKR3j X-Google-Smtp-Source: AGHT+IE6GpiPnDTB08HyF1hebJipc0fF1gsf1JZSsnRWscEJCy2txLu4bZbcKp/RbdYEJP1l2iFp+A== X-Received: by 2002:a05:6000:1869:b0:3e7:458e:f69 with SMTP id ffacd0b85a97d-425671c381bmr3226464f8f.56.1759532034939; Fri, 03 Oct 2025 15:53:54 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 12/22] x86/traps: Introduce FRED entrypoints Date: Fri, 3 Oct 2025 23:53:24 +0100 Message-Id: <20251003225334.2123667-13-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532062829116600 Under FRED, there's one entrypoint from Ring 3, and one from Ring 0. FRED gives us a good stack (even for SYSCALL/SYSENTER), and a unified event frame on the stack, meaing that all software needs to do is spill the GPRs with a line of PUSHes. Introduce PUSH_AND_CLEAR_GPRS and POP_GPRS for this purpose. Introduce entry_FRED_R0() which to a first appoximation is complete for all event handling within Xen. entry_FRED_R0() needs deriving from entry_FRED_R3(), so introduce a basic handler. There is more work required to make the return-to-guest path work under FRED. Also introduce entry_from_{xen,pv}() to be the C level handlers. By simply copying regs->fred_ss.vector into regs->entry_vector, we can reuse all the existing fault handlers. Extend fatal_trap() to render the event type, including by name, when FRED = is active. This is slightly complicated, because X86_ET_OTHER must not use vector_name() or SYSCALL and SYSENTER get rendered as #BP and #DB. This is sufficient to handle all interrupts and exceptions encountered duri= ng development, including plenty of Double Faults. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v3: * Adjust commit message to remove stale details * Adjust formatting in fatal_trap() * Group CP with others. It's probably wrong for perf, but that's out the window anyway now that we're letting a compiler make the decision tree. v2: * Don't render a vector name for X86_ET_SW_INT * Fix typos in names[] * Link entry-fred.o first SIMICS hasn't been updated to the FRED v9, and still wants ENDBR instructio= ns at the entrypoints. --- xen/arch/x86/include/asm/asm_defns.h | 65 ++++++++++++ xen/arch/x86/traps.c | 152 +++++++++++++++++++++++++++ xen/arch/x86/x86_64/Makefile | 1 + xen/arch/x86/x86_64/entry-fred.S | 33 ++++++ 4 files changed, 251 insertions(+) create mode 100644 xen/arch/x86/x86_64/entry-fred.S diff --git a/xen/arch/x86/include/asm/asm_defns.h b/xen/arch/x86/include/as= m/asm_defns.h index 72a0082d319d..a81a4043d0f1 100644 --- a/xen/arch/x86/include/asm/asm_defns.h +++ b/xen/arch/x86/include/asm/asm_defns.h @@ -315,6 +315,71 @@ static always_inline void stac(void) subq $-(UREGS_error_code-UREGS_r15+\adj), %rsp .endm =20 +/* + * Push and clear GPRs + */ +.macro PUSH_AND_CLEAR_GPRS + push %rdi + xor %edi, %edi + push %rsi + xor %esi, %esi + push %rdx + xor %edx, %edx + push %rcx + xor %ecx, %ecx + push %rax + xor %eax, %eax + push %r8 + xor %r8d, %r8d + push %r9 + xor %r9d, %r9d + push %r10 + xor %r10d, %r10d + push %r11 + xor %r11d, %r11d + push %rbx + xor %ebx, %ebx + push %rbp +#ifdef CONFIG_FRAME_POINTER +/* Indicate special exception stack frame by inverting the frame pointer. = */ + mov %rsp, %rbp + notq %rbp +#else + xor %ebp, %ebp +#endif + push %r12 + xor %r12d, %r12d + push %r13 + xor %r13d, %r13d + push %r14 + xor %r14d, %r14d + push %r15 + xor %r15d, %r15d +.endm + +/* + * POP GPRs from a UREGS_* frame on the stack. Does not modify flags. + * + * @rax: Alternative destination for the %rax value on the stack. + */ +.macro POP_GPRS rax=3D%rax + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %r11 + pop %r10 + pop %r9 + pop %r8 + pop \rax + pop %rcx + pop %rdx + pop %rsi + pop %rdi +.endm + #ifdef CONFIG_PV32 #define CR4_PV32_RESTORE \ ALTERNATIVE_2 "", \ diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 2e3efe45edf4..0027f096a6c3 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -89,6 +89,13 @@ const unsigned int nmi_cpu; #define stack_words_per_line 4 #define ESP_BEFORE_EXCEPTION(regs) ((unsigned long *)(regs)->rsp) =20 +/* Only valid to use when FRED is active. */ +static inline struct fred_info *cpu_regs_fred_info(struct cpu_user_regs *r= egs) +{ + ASSERT(read_cr4() & X86_CR4_FRED); + return &container_of(regs, struct cpu_info, guest_cpu_user_regs)->_fre= d; +} + struct extra_state { unsigned long cr0, cr2, cr3, cr4; @@ -1023,6 +1030,32 @@ void show_execution_state_nmi(const cpumask_t *mask,= bool show_all) printk("Non-responding CPUs: {%*pbl}\n", CPUMASK_PR(&show_state_ma= sk)); } =20 +static const char *x86_et_name(unsigned int type) +{ + static const char *const names[] =3D { + [X86_ET_EXT_INTR] =3D "EXT_INTR", + [X86_ET_NMI] =3D "NMI", + [X86_ET_HW_EXC] =3D "HW_EXC", + [X86_ET_SW_INT] =3D "SW_INT", + [X86_ET_PRIV_SW_EXC] =3D "PRIV_SW_EXC", + [X86_ET_SW_EXC] =3D "SW_EXC", + [X86_ET_OTHER] =3D "OTHER", + }; + + return (type < ARRAY_SIZE(names) && names[type]) ? names[type] : "???"; +} + +static const char *x86_et_other_name(unsigned int what) +{ + static const char *const names[] =3D { + [0] =3D "MTF", + [1] =3D "SYSCALL", + [2] =3D "SYSENTER", + }; + + return (what < ARRAY_SIZE(names) && names[what]) ? names[what] : "???"; +} + const char *vector_name(unsigned int vec) { static const char names[][4] =3D { @@ -1101,6 +1134,38 @@ void fatal_trap(const struct cpu_user_regs *regs, bo= ol show_remote) } } =20 + if ( read_cr4() & X86_CR4_FRED ) + { + bool render_ec =3D false; + const char *vec_name =3D NULL; + + switch ( regs->fred_ss.type ) + { + case X86_ET_HW_EXC: + case X86_ET_PRIV_SW_EXC: + case X86_ET_SW_EXC: + render_ec =3D true; + vec_name =3D vector_name(regs->fred_ss.vector); + break; + + case X86_ET_OTHER: + vec_name =3D x86_et_other_name(regs->fred_ss.vector); + break; + } + + if ( render_ec ) + panic("FATAL TRAP: type %u, %s, vec %u, %s[%04x]%s\n", + regs->fred_ss.type, x86_et_name(regs->fred_ss.type), + regs->fred_ss.vector, vec_name ?: "", + regs->error_code, + (regs->eflags & X86_EFLAGS_IF) ? "" : " IN INTERRUPT CON= TEXT"); + else + panic("FATAL TRAP: type %u, %s, vec %u, %s%s\n", + regs->fred_ss.type, x86_et_name(regs->fred_ss.type), + regs->fred_ss.vector, vec_name ?: "", + (regs->eflags & X86_EFLAGS_IF) ? "" : " IN INTERRUPT CON= TEXT"); + } + panic("FATAL TRAP: vec %u, %s[%04x]%s\n", trapnr, vector_name(trapnr), regs->error_code, (regs->eflags & X86_EFLAGS_IF) ? "" : " IN INTERRUPT CONTEXT"); @@ -2199,6 +2264,93 @@ void asmlinkage check_ist_exit(const struct cpu_user= _regs *regs, bool ist_exit) } #endif =20 +void asmlinkage entry_from_pv(struct cpu_user_regs *regs) +{ + /* Copy fred_ss.vector into entry_vector as IDT delivery would have do= ne. */ + regs->entry_vector =3D regs->fred_ss.vector; + + fatal_trap(regs, false); +} + +void asmlinkage entry_from_xen(struct cpu_user_regs *regs) +{ + struct fred_info *fi =3D cpu_regs_fred_info(regs); + uint8_t type =3D regs->fred_ss.type; + + /* Copy fred_ss.vector into entry_vector as IDT delivery would have do= ne. */ + regs->entry_vector =3D regs->fred_ss.vector; + + /* + * First, handle the asynchronous or fatal events. These are either + * unrelated to the interrupted context, or may not have valid context + * recorded, and all have special rules on how/whether to re-enable IR= Qs. + */ + switch ( type ) + { + case X86_ET_EXT_INTR: + return do_IRQ(regs); + + case X86_ET_NMI: + return do_nmi(regs); + + case X86_ET_HW_EXC: + switch ( regs->fred_ss.vector ) + { + case X86_EXC_DF: return do_double_fault(regs); + case X86_EXC_MC: return do_machine_check(regs); + } + break; + } + + /* + * With the asynchronous events handled, what remains are the synchron= ous + * ones. If we interrupted an IRQs-on region, we should re-enable IRQs + * now; for #PF and #DB, %cr2 and %dr6 are on the stack in edata. + */ + if ( regs->eflags & X86_EFLAGS_IF ) + local_irq_enable(); + + switch ( type ) + { + case X86_ET_HW_EXC: + case X86_ET_PRIV_SW_EXC: + case X86_ET_SW_EXC: + switch ( regs->fred_ss.vector ) + { + case X86_EXC_PF: handle_PF(regs, fi->edata); break; + case X86_EXC_GP: do_general_protection(regs); break; + case X86_EXC_UD: do_invalid_op(regs); break; + case X86_EXC_NM: do_device_not_available(regs); break; + case X86_EXC_BP: do_int3(regs); break; + case X86_EXC_DB: handle_DB(regs, fi->edata); break; + case X86_EXC_CP: do_entry_CP(regs); break; + + case X86_EXC_DE: + case X86_EXC_OF: + case X86_EXC_BR: + case X86_EXC_NP: + case X86_EXC_SS: + case X86_EXC_MF: + case X86_EXC_AC: + case X86_EXC_XM: + do_trap(regs); + break; + + default: + goto fatal; + } + break; + + default: + goto fatal; + } + + return; + + fatal: + fatal_trap(regs, false); +} + /* * Local variables: * mode: C diff --git a/xen/arch/x86/x86_64/Makefile b/xen/arch/x86/x86_64/Makefile index f20763088740..c0a0b6603221 100644 --- a/xen/arch/x86/x86_64/Makefile +++ b/xen/arch/x86/x86_64/Makefile @@ -1,5 +1,6 @@ obj-$(CONFIG_PV32) +=3D compat/ =20 +obj-bin-y +=3D entry-fred.o obj-bin-y +=3D entry.o obj-$(CONFIG_KEXEC) +=3D machine_kexec.o obj-y +=3D pci.o diff --git a/xen/arch/x86/x86_64/entry-fred.S b/xen/arch/x86/x86_64/entry-f= red.S new file mode 100644 index 000000000000..3c3320df22cb --- /dev/null +++ b/xen/arch/x86/x86_64/entry-fred.S @@ -0,0 +1,33 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ + + .file "x86_64/entry-fred.S" + +#include +#include + + .section .text.entry, "ax", @progbits + + /* The Ring3 entry point is required to be 4k aligned. */ + +FUNC(entry_FRED_R3, 4096) + PUSH_AND_CLEAR_GPRS + + mov %rsp, %rdi + call entry_from_pv + + POP_GPRS + eretu +END(entry_FRED_R3) + + /* The Ring0 entrypoint is at Ring3 + 0x100. */ + .org entry_FRED_R3 + 0x100, 0xcc + +FUNC_LOCAL(entry_FRED_R0, 0) + PUSH_AND_CLEAR_GPRS + + mov %rsp, %rdi + call entry_from_xen + + POP_GPRS + erets +END(entry_FRED_R0) --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532063; cv=none; d=zohomail.com; s=zohoarc; b=kiliPd6ZFrcg0GdzVsK2M2o/7Ai1xjlCosdKf4LTMWuLkH7rvC+gVM8RsMVA4fmt74YAI8P6gff0lXnttN3kbDknHqaSxHHBIs4catA//y+0JshgxKkGMyaorG4/5iZLDuRJUpNq5DY1U5aBruE612Un9lYku1uOY0IunClnA80= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532063; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ZB02FQCtZ7HQMg+a6BPzi5/pgcHeCMvxoE+tfd+QO6E=; b=mGRVh6l0BkeSHiDeLN/GaoNy7kPlIY265gcJMd8uQQNLfpBBUlkv68rl00uOu3VBUS4yUp2IYFWjZR1bYmZ5mZ1Mlu+MvQWEUYL2f7GTa3nXIYNebPuJbDbiT8ArePtQfe3HCgW3W9XCXxKLCBEAj5RX0ZMXrlmKB1m45XCUaNU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532063386454.884193092395; Fri, 3 Oct 2025 15:54:23 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136903.1473416 (Exim 4.92) (envelope-from ) id 1v4of1-0007pI-RT; Fri, 03 Oct 2025 22:53:59 +0000 Received: by outflank-mailman (output) from mailman id 1136903.1473416; Fri, 03 Oct 2025 22:53:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4of1-0007mf-Il; Fri, 03 Oct 2025 22:53:59 +0000 Received: by outflank-mailman (input) for mailman id 1136903; Fri, 03 Oct 2025 22:53:57 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oez-0004mF-P5 for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:57 +0000 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [2a00:1450:4864:20::32e]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d805581f-a0ab-11f0-9d14-b5c5bf9af7f9; Sat, 04 Oct 2025 00:53:57 +0200 (CEST) Received: by mail-wm1-x32e.google.com with SMTP id 5b1f17b1804b1-46e326e4e99so20303505e9.1 for ; Fri, 03 Oct 2025 15:53:57 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:55 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d805581f-a0ab-11f0-9d14-b5c5bf9af7f9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532036; x=1760136836; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZB02FQCtZ7HQMg+a6BPzi5/pgcHeCMvxoE+tfd+QO6E=; b=Vo0xUkl5gAxFKKGtGhWUtuQIP6NXNAnYbLw6n28mueER/d8A7V35zwswXXwSSjocdA LNIiTFdhwDATzxhHtiGhiQuexf9wtVbzjLq7oPsO6fu1MHdB5aXhpZGT82Gw/Lo2wg7s 7DgJVLZhaz4k8RoaO5zhrFibpwBlkAARjonbM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532036; x=1760136836; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZB02FQCtZ7HQMg+a6BPzi5/pgcHeCMvxoE+tfd+QO6E=; b=uL8BGYUfdOk0Xiood4nwK8N/LjV8Rb5+J6bk8bw95m+fBpcXTaGBJC1HPtfaan7pKT tsOnfEYKnwaN5GjFFVriSTnVR6kFHALVE1k0quWIothttKs7nhjzKKy61qpVR7XZrWG6 nN4STD5ZVAVSy8i5HEJGY83AOGz4dUzNJms/mT93J8DvrcX8v3X1uPBek2FIzfBiUF6X vZyw4SKOpFk+2Z0gbvZ1tScjgp9vNXA0f3TXCCsFpUPYHasw2mvOvu4prEJ99a1rzva4 2Qf5KcZ52CaiE2yXWFGacijI5GWct5AHWIh2/VOv69Prk5kxOagvLLAqbDQDQxrzxA11 Ma8A== X-Gm-Message-State: AOJu0YzsJUHdgcvsxcfiVRgQOfb+mY9i9F0so6YBZ3JfI9wc499Ffta4 ThE9sMZhb5gVFWLBhZ2M3yK8s6IZPEnMgbSVBv4Ol9DwEz2pMpLzsCeA8+gBewQv1ulqvrY9Nk5 c9uN7tnSNPA== X-Gm-Gg: ASbGncuZWeYHRUN+0lulCVdf5Hd/wltzQq4vtK9Tvp2YT4Y/KivVnm8xoM9jwWUJBvp LiPC2H7PDM3NVmDpgV5VYRt+cDiGvEXk6FWU5NYe10v+CibF+b87UiSq6z6gOxCSfhT4Io6Wb+/ JJdTMkq3jsxxrdX0zzIGVfg/2mLnPOjorNlZj+8FwYmhIj7aL46Xh0iyK0iTryd+6621NV1eQ31 uWkewOm6S8iTYBfnKYaAIgzRcQ9vdzLk82xKt2M9cCpkqsoJTwtIGVbunKbeExmF4zYh5FXO4Ak ML4tBSK8LzUljlRnDhOnH33/KoNdSw6NZ8BUCSmy/7vRkpmYOwJOcdZWkkAaAY0XfJeQsSbr6Bz bHrwZd3GzcudgLJC6Iik88hI7SEl+954M1CLW3iWD7CeN1joTP7Hu7BNx14opAG26DkPAw7hRYC ZpLYpbwO2KFHu1nLMPKdJ8JnIfQES/Ypk= X-Google-Smtp-Source: AGHT+IHDojY8NuOAkeDeOCm7hdMc7HP70ugcxmaKP4MOK/BXN/C9Zg+Cvz+hNWk+dwRPTfEr6AYdww== X-Received: by 2002:a5d:64e9:0:b0:3e7:6424:1b47 with SMTP id ffacd0b85a97d-42566c00d2fmr3521319f8f.6.1759532036300; Fri, 03 Oct 2025 15:53:56 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 13/22] x86/traps: Enable FRED when requested Date: Fri, 3 Oct 2025 23:53:25 +0100 Message-Id: <20251003225334.2123667-14-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532064885116601 With the shadow stack and exception handling adjustements in place, we can = now activate FRED when appropriate. Note that opt_fred is still disabled by default. Introduce init_fred() to set up all the MSRs relevant for FRED. FRED uses MSR_STAR (entries from Ring3 only), and MSR_FRED_SSP_SL0 aliases MSR_PL0_SSP when CET-SS is active. Otherwise, they're all new MSRs. With init_fred() existing, load_system_tables() and legacy_syscall_init() should only be used when setting up IDT delivery. Insert ASSERT()s to this effect, and adjust the various *_init() functions to make this property tru= e. Per the documentation, percpu_early_traps_init() is responsible for switchi= ng off the boot GDT, which needs doing even in FRED mode. Finally, set CR4.FRED in traps_init()/percpu_early_traps_init(). Xen can now boot in FRED mode up until starting a PV guest, where it faults because IRET is not permitted to change privilege. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v3: * Fix poisoning of SL1 pointers. * Adjust bsp_traps_reinit(). It probably doesn't matter. v2: * Explain the lack of BUG_ON() * Posion SL1 In principle we can stop allocating the IDT and TSS for CPUs now, although I want to get shutdown and kexec working before making this optimisation, in case there's something I've overlooked. --- xen/arch/x86/include/asm/current.h | 3 ++ xen/arch/x86/include/asm/traps.h | 2 + xen/arch/x86/traps-setup.c | 83 ++++++++++++++++++++++++++++-- 3 files changed, 83 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/include/asm/current.h b/xen/arch/x86/include/asm/= current.h index 62817e8476ec..6139980ab115 100644 --- a/xen/arch/x86/include/asm/current.h +++ b/xen/arch/x86/include/asm/current.h @@ -23,6 +23,9 @@ * 2 - NMI IST stack * 1 - #MC IST stack * 0 - IST Shadow Stacks (4x 1k, read-only) + * + * In FRED mode, #DB and NMI do not need special stacks, so their IST stac= ks + * are unused. */ =20 /* diff --git a/xen/arch/x86/include/asm/traps.h b/xen/arch/x86/include/asm/tr= aps.h index 73097e957d05..5d7504bc44d1 100644 --- a/xen/arch/x86/include/asm/traps.h +++ b/xen/arch/x86/include/asm/traps.h @@ -16,6 +16,8 @@ void traps_init(void); void bsp_traps_reinit(void); void percpu_traps_init(void); =20 +void nocall entry_FRED_R3(void); + extern unsigned int ler_msr; =20 const char *vector_name(unsigned int vec); diff --git a/xen/arch/x86/traps-setup.c b/xen/arch/x86/traps-setup.c index d77be8f83921..d937209ae606 100644 --- a/xen/arch/x86/traps-setup.c +++ b/xen/arch/x86/traps-setup.c @@ -59,6 +59,8 @@ static void load_system_tables(void) .limit =3D sizeof(bsp_idt) - 1, }; =20 + ASSERT(opt_fred =3D=3D 0); + /* * Set up the TSS. Warning - may be live, and the NMI/#MC must remain * valid on every instruction boundary. (Note: these are all @@ -191,6 +193,8 @@ static void legacy_syscall_init(void) unsigned char *stub_page; unsigned int offset; =20 + ASSERT(opt_fred =3D=3D 0); + /* No PV guests? No need to set up SYSCALL/SYSENTER infrastructure. */ if ( !IS_ENABLED(CONFIG_PV) ) return; @@ -268,6 +272,52 @@ static void __init init_ler(void) setup_force_cpu_cap(X86_FEATURE_XEN_LBR); } =20 +/* + * Set up all MSRs relevant for FRED event delivery. + * + * Xen does not use any of the optional config in MSR_FRED_CONFIG, so all = that + * is needed is the entrypoint. + * + * Because FRED always provides a good stack, NMI and #DB do not need any + * special treatment. Only #DF needs another stack level, and #MC for the + * offchance that Xen's main stack suffers an uncorrectable error. + * + * This makes Stack Level 1 unused, but we use #DB's stacks, and with the + * regular and shadow stacks reversed as posion to guarantee that any use + * escalates to #DF. + * + * FRED reuses MSR_STAR to provide the segment selector values to load on + * entry from Ring3. Entry from Ring0 leave %cs and %ss unmodified. + */ +static void init_fred(void) +{ + unsigned long stack_top =3D get_stack_bottom() & ~(STACK_SIZE - 1); + + ASSERT(opt_fred =3D=3D 1); + + wrmsrns(MSR_STAR, XEN_MSR_STAR); + wrmsrns(MSR_FRED_CONFIG, (unsigned long)entry_FRED_R3); + + /* + * MSR_FRED_RSP_* all come with an 64-byte alignment check, avoiding t= he + * need for an explicit BUG_ON(). + */ + wrmsrns(MSR_FRED_RSP_SL0, (unsigned long)(&get_cpu_info()->_fred + 1)); + wrmsrns(MSR_FRED_RSP_SL1, stack_top + (IST_DB * IST_SHSTK_SIZE)); /* P= oison */ + wrmsrns(MSR_FRED_RSP_SL2, stack_top + (1 + IST_MCE) * PAGE_SIZE); + wrmsrns(MSR_FRED_RSP_SL3, stack_top + (1 + IST_DF) * PAGE_SIZE); + wrmsrns(MSR_FRED_STK_LVLS, ((2UL << (X86_EXC_MC * 2)) | + (3UL << (X86_EXC_DF * 2)))); + + if ( cpu_has_xen_shstk ) + { + wrmsrns(MSR_FRED_SSP_SL0, stack_top + (PRIMARY_SHSTK_SLOT + 1) * P= AGE_SIZE); + wrmsrns(MSR_FRED_SSP_SL1, stack_top + (1 + IST_DB) * PAGE_SIZE); /= * Poison */ + wrmsrns(MSR_FRED_SSP_SL2, stack_top + (IST_MCE * IST_SHSTK_SIZE)); + wrmsrns(MSR_FRED_SSP_SL3, stack_top + (IST_DF * IST_SHSTK_SIZE)); + } +} + /* * Configure basic exception handling. This is prior to parsing the comma= nd * line or configuring a console, and needs to be as simple as possible. @@ -329,16 +379,20 @@ void __init traps_init(void) printk(XENLOG_INFO "Disabling PV32 due to FRED\n"); } #endif + + init_fred(); + set_in_cr4(X86_CR4_FRED); + setup_force_cpu_cap(X86_FEATURE_XEN_FRED); printk("Using FRED event delivery\n"); } else { + load_system_tables(); + printk("Using IDT event delivery\n"); } =20 - load_system_tables(); - init_ler(); =20 /* Cache {,compat_}gdt_l1e now that physically relocation is done. */ @@ -356,7 +410,11 @@ void __init traps_init(void) */ void __init bsp_traps_reinit(void) { - load_system_tables(); + if ( opt_fred ) + init_fred(); + else + load_system_tables(); + percpu_traps_init(); } =20 @@ -366,7 +424,8 @@ void __init bsp_traps_reinit(void) */ void percpu_traps_init(void) { - legacy_syscall_init(); + if ( !opt_fred ) + legacy_syscall_init(); =20 if ( cpu_has_xen_lbr ) wrmsrl(MSR_IA32_DEBUGCTLMSR, IA32_DEBUGCTLMSR_LBR); @@ -381,7 +440,21 @@ void percpu_traps_init(void) */ void asmlinkage percpu_early_traps_init(void) { - load_system_tables(); + if ( opt_fred ) + { + const seg_desc_t *gdt =3D this_cpu(gdt) - FIRST_RESERVED_GDT_ENTRY; + const struct desc_ptr gdtr =3D { + .base =3D (unsigned long)gdt, + .limit =3D LAST_RESERVED_GDT_BYTE, + }; + + lgdt(&gdtr); + + init_fred(); + write_cr4(read_cr4() | X86_CR4_FRED); + } + else + load_system_tables(); } =20 static void __init __maybe_unused build_assertions(void) --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532073; cv=none; d=zohomail.com; s=zohoarc; b=gtLe3Ss3H0gytL9Z3KCKqGUvc+n9Z+Dv2EJ5Iz/lSp34WICrsMDK352nN60RY9VaLRLexdcJxoEjNsPK6JzfchbWLmmGUniUg/cKzyWPnitHYU7KH+r92KYnKM8/ggInrz7peNkY48NaQJcSrCXWbCS8KUm/otSI5ophWFjiWkw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532073; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=iRfAmeeR6zAUL5Qp5V1Fb0vHuvHuaq0E0X01lnE0vvw=; b=R2pGrpWfOA6vljhKXxN5AOsd6bfjP0sBfqfpuE4OhBDUCD/YZassxEvdKyreZbWsqP6QS/EaOIPgWeze3gPtUvYEq6EcdIT2kU89OSsEpmtBmO7AzfAxK7ZzX3cfnv2XacwcrPpDaVgMA/wH2qNvPlOpTQknB1IHm6ga144Ebac= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 175953207329429.939890238980183; Fri, 3 Oct 2025 15:54:33 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136906.1473429 (Exim 4.92) (envelope-from ) id 1v4of3-00086d-UQ; Fri, 03 Oct 2025 22:54:01 +0000 Received: by outflank-mailman (output) from mailman id 1136906.1473429; Fri, 03 Oct 2025 22:54:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4of3-00082f-7Y; Fri, 03 Oct 2025 22:54:01 +0000 Received: by outflank-mailman (input) for mailman id 1136906; Fri, 03 Oct 2025 22:53:58 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4of0-0004mF-Q0 for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:53:58 +0000 Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [2a00:1450:4864:20::444]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d89fee68-a0ab-11f0-9d14-b5c5bf9af7f9; Sat, 04 Oct 2025 00:53:58 +0200 (CEST) Received: by mail-wr1-x444.google.com with SMTP id ffacd0b85a97d-42557c5cedcso1550912f8f.0 for ; Fri, 03 Oct 2025 15:53:58 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:56 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d89fee68-a0ab-11f0-9d14-b5c5bf9af7f9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532037; x=1760136837; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iRfAmeeR6zAUL5Qp5V1Fb0vHuvHuaq0E0X01lnE0vvw=; b=Jcq5ITeYUXvEjsV98E1N1kka5T76+aUHhgezPl9aSXOoqUGpvrdSku5uY7o4FNgC8Z dXzDbQvgAWAOe/qk88NbANa+/+S0xANQ+LW9ACsJXwjKOe5daAXRo7h1217Ft2GJDAX4 snMKhM0tornjHWQhpBSNYMoOvhGyvybOXGGRg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532037; x=1760136837; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iRfAmeeR6zAUL5Qp5V1Fb0vHuvHuaq0E0X01lnE0vvw=; b=Mz1RBtTxpxLFrXOYZWiICg65W5Y9ppQADq7ocCJ+6WO1N7WVkg+jzQ1QtfJxoWgnl9 MjbNNZ1pdnkyqMSU1x4R5OAPwD9PEE7DNr6Afh9tLwtkNWk3XggsXLOB/msw0S/DwHH5 i/XbIQSrv94mxjZMHYt+JgO4VDIkvfln4zhkaZKZkwsOvYsHhsZNCBkItSaxdOSd3Gj1 Ldrnn4xUSyw3Q9rWrHFcFesuhKcKSz5zK6Oi0QBj0YPvSNvEO7isES74Qgb8//jftDdc eKwJXPyDYzg8XPXb2dtj0FfB/Jxqd0JL1boiKbrUJ/cTYDPOKmsQw+V7ImK1T/L7/TNO LAwA== X-Gm-Message-State: AOJu0YzLznw7o+owbMpvQirLhuAioAYUC2GbYZ4bCdYLQ9DMqT8EZfRk kXuiEaZyEUj6mVL8v9msOhZBA2GsvT8Va7vUHrY9NlAffA7BKYVpnBMpIkU0on/o4dNFgjVodR1 EkntyJ2j60zQK X-Gm-Gg: ASbGncs1rbw1zkQd9KqAjMJlzTAwmdK/lsRCJcjm7mNResKsuFP6pN2Q/3NRJlWeMA5 4h1JvnGl9Y7RothwXgQ/EABsS/G7y4kDut/CMcSjGLtLuTOZvjjVCMb3pEUFJSPNyYIaVWVaC2w twYA4p16v20QCvD6LjZ6gir9uvWlpdEN1UD8O/9O/X0f/9Gojp1GTbD9rcy8GsOo88bBna1c0cF q9F88G0nbQLwdjetjon+ZY3zpMHyHdOQuqApz6HtdkwmYc9FgvilGHluhBvle86Bs8YRQ8d3zBk H5HcwWKJDXPghu174jsv+iTXIJTIfy2XBj7UMCtAUJZHT5nZ7UOTdGHQLvIKW/X9B8tkCMO74Ey jkq/GAGxVSf/OqHa82iVKwJVmAd1Z1hH8wFXOTPHt/iNHAwO5i6+0NY3DvRt/jcVqTSv7YT1X4W p2x6y1O26MF5rGYjZsna9V X-Google-Smtp-Source: AGHT+IEiAOCbCOb8YqE1eusNq1HSVlGn8l0T3VYg2moBLnwH7xsGfpC6+V23VPQNoQDG2DCPBoivrw== X-Received: by 2002:a05:6000:2303:b0:40e:31a2:7efe with SMTP id ffacd0b85a97d-4256714bac2mr3112200f8f.14.1759532037024; Fri, 03 Oct 2025 15:53:57 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 14/22] x86/pv: Deduplicate is_canonical_address() in do_set_segment_base() Date: Fri, 3 Oct 2025 23:53:26 +0100 Message-Id: <20251003225334.2123667-15-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532074923116600 This is really a rearrangement to make adding FRED support easier. No functional change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New There is a marginal code size improvement: add/remove: 0/0 grow/shrink: 0/1 up/down: 0/-46 (-46) Function old new delta do_set_segment_base 496 450 -46 but it does get undone by the FRED support. --- xen/arch/x86/pv/misc-hypercalls.c | 32 ++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hyper= calls.c index 7a37f16bf038..4c2abeb4add8 100644 --- a/xen/arch/x86/pv/misc-hypercalls.c +++ b/xen/arch/x86/pv/misc-hypercalls.c @@ -176,27 +176,29 @@ long do_set_segment_base(unsigned int which, unsigned= long base) switch ( which ) { case SEGBASE_FS: - if ( is_canonical_address(base) ) - write_fs_base(base); - else + case SEGBASE_GS_USER: + case SEGBASE_GS_KERNEL: + if ( !is_canonical_address(base) ) + { ret =3D -EINVAL; - break; + break; + } =20 - case SEGBASE_GS_USER: - if ( is_canonical_address(base) ) + switch ( which ) { - write_gs_shadow(base); + case SEGBASE_FS: + write_fs_base(base); + break; + + case SEGBASE_GS_USER: v->arch.pv.gs_base_user =3D base; - } - else - ret =3D -EINVAL; - break; + write_gs_shadow(base); + break; =20 - case SEGBASE_GS_KERNEL: - if ( is_canonical_address(base) ) + case SEGBASE_GS_KERNEL: write_gs_base(base); - else - ret =3D -EINVAL; + break; + } break; =20 case SEGBASE_GS_USER_SEL: --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532073; cv=none; d=zohomail.com; s=zohoarc; b=kFuavXih+kmKB3Xl0pT399rYUa0xAKcqffCuYvDyXN8pU7utjfIFppl8TFQ32SQveFogZPOKBSDFXkZt6jBXQxEwcpvH9qqPnMc1I9Swd1DhB/XrJ1g+x3JupVnEMd0hsr2pHfuV2x0PR3YJ1PvTVMKB5JTNCtvw/ySZQeJ20KI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532073; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=x7HaizuWoCOqmZuee74baF1kDN75Kwc6FxkeaKG4Enc=; b=kmzlXy2J6lc+rOD2fxk4TdijAAqrv/RWed6MJDrVA46l/+CiHump+Od6ohhkdry/lkI+5dit2wXs73elXGBjEQZ6AXf492Li6tWdKBuJ8t8s6qP4HSu2UrTcL2g4glsPplwQaQMUQZJzF/TERijNpUTeI7shCQ55lr7U1JD8dmU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532073630152.79832786572183; Fri, 3 Oct 2025 15:54:33 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136913.1473441 (Exim 4.92) (envelope-from ) id 1v4of6-0000Eg-6b; Fri, 03 Oct 2025 22:54:04 +0000 Received: by outflank-mailman (output) from mailman id 1136913.1473441; Fri, 03 Oct 2025 22:54:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4of5-0000CX-JV; Fri, 03 Oct 2025 22:54:03 +0000 Received: by outflank-mailman (input) for mailman id 1136913; Fri, 03 Oct 2025 22:54:01 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4of2-0004mK-OT for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:54:00 +0000 Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [2a00:1450:4864:20::431]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id d9024e14-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:53:59 +0200 (CEST) Received: by mail-wr1-x431.google.com with SMTP id ffacd0b85a97d-4060b4b1200so2364479f8f.3 for ; Fri, 03 Oct 2025 15:53:59 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:57 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d9024e14-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532038; x=1760136838; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=x7HaizuWoCOqmZuee74baF1kDN75Kwc6FxkeaKG4Enc=; b=k1DGaaqcWANTBp0S61SuRqdWkNCcljlKPNtpK0U0WBU883UJz6gcYs3sXdcyt0MDrT Zrqa0csQJJqYNWu8jbfmNM+c/KfIK3jrotCHmfAPP4d+pzQrzz4NKcVVIZQrA4PhtgP+ 0hxbdribFQTGy7dkDen99l8iC2nQhxzCnd5kI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532038; x=1760136838; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=x7HaizuWoCOqmZuee74baF1kDN75Kwc6FxkeaKG4Enc=; b=nnikoz0n8LN6Yzyowwa1U84d/1GZ5XWyTVeGNAn/0vZoOIcarvjl5ZuKrS+40ROp5r Q9yk1w4TeUg67XlZxAhFBETWTskx6h4drkBpTzRX9yEWMv6ugLMk6znESJD1w3WKwR44 76xh8I+IUQZ/Sjp8cP/ZkHRNF5iY6LUQ5H1HcNQSrQmxr5yAzmspU+HYHtzalPV5YeLr 6yC2rQay9SObpYm4YE11kccME9M7ymya033EHCQy7Y1mG/C5AiZIgLcS5vPVTOhgF0wv 7d31T3jioopONp7kq9/6AvbVZcqJuHEPr1HuhA3QAT1gqE2Aq1uP8UKtjPTy5PW6zSNL 0cSQ== X-Gm-Message-State: AOJu0YzQxnrD5Gw4Ip63YQb8/nIfCM7vsc+LXkIjLIUFhtym4EjPIfRZ ElTXZ0VJsGaRCWd6+wN0JmvHGMrLIKn9a+uo5ib/ZDdceTq6N4b5XUNp3jNEk4B6sn92YgAMPxD kC9tPfYqqNw== X-Gm-Gg: ASbGncsKdAnnygK5a9720qolJVWKjDbheHY1B70QrQ0oYpXWN1P3WvpDYXpf5BC5795 ZlfAOBO+eR96CskI1SKKipnkfOLgR+TMpDlCqdW5KpjBQ4Spu51nIud8hxkrdRXDFKxkUk1YPKM r5jRc6/axEPW5fIJ+quFP0ElpPdTfrMmMzIULqFLbmejl/eltZWFiFIJ4PI5VnI4hLnQl40AkUZ TLhyNm0eV5zrO8Gse72ul+5Uz7Nt5YxSZCEfAO/9Yv3yVEP7tLFlCFyCFJYiRg2Sq8bn7Tq2Cdn rkucnOlMtf7mXNHJRHw+GQTEPiT2+S5zStqulfOc9oQgqxua6RBREK4qbueEN7f9Vox+weXqnlA WtiWSMYDcpDjp1wOPgLqYiS1c1yonQ7n1JyWeEY6efbyyJKl+xtdHwTg6K7EqABdN5AQ01Fkjkw G3u32NUEae58t9HGg9lFb6 X-Google-Smtp-Source: AGHT+IELJCVFGLqkCST4IltIhXDZM9S/siO085/FDhprxOh2wFsisvOsYxp1EzupU4fvuGfuKFAMGg== X-Received: by 2002:a05:6000:616:b0:3fe:efa8:7f1d with SMTP id ffacd0b85a97d-42567137428mr2651888f8f.7.1759532038150; Fri, 03 Oct 2025 15:53:58 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 15/22] x86/entry: Alter how IRET faults are recognised Date: Fri, 3 Oct 2025 23:53:27 +0100 Message-Id: <20251003225334.2123667-16-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532074996116600 Right now we have two IRET instructions that can fault for guest reasons, a= nd the pre exception table gives handle_exception as the fixup for both. Instead, we can have compat_restore_all_guest() use restore_all_guest()'s I= RET which gives us just a single position to handle specially. In exception_with_ints_disabled(), remove search_pre_exception_table() and = use a simpler check. Explain how the recovery works, because this isn't the fi= rst time I've had to reverse engineer it for my own understanding. The reference to iret_to_guest highlights that any checking here is specific to CONFIG_PV, so exclude it in !PV builds. Later in exception_with_ints_disabled(), it suffices to load %ecx rather th= an %rcx, and remove a stray semi-colon from the rep movsq. No functional change. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/x86_64/compat/entry.S | 3 +-- xen/arch/x86/x86_64/entry.S | 31 ++++++++++++++++++++++-------- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compa= t/entry.S index d7b381ea546d..39925d80a677 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -167,8 +167,7 @@ FUNC(compat_restore_all_guest) scf=3DSTK_REL(CPUINFO_scf, CPUINFO_rip), \ sel=3DSTK_REL(CPUINFO_verw_sel, CPUINFO_rip) =20 -.Lft0: iretq - _ASM_PRE_EXTABLE(.Lft0, handle_exception) + jmp iret_to_guest END(compat_restore_all_guest) =20 /* Callers can cope with both %rax and %rcx being clobbered. */ diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index c02245ac064c..01b431793b7b 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -241,8 +241,9 @@ iret_exit_to_guest: SPEC_CTRL_COND_VERW /* Req: %rsp=3Deframe C= lob: efl */ =20 addq $8,%rsp -.Lft0: iretq - _ASM_PRE_EXTABLE(.Lft0, handle_exception) + +LABEL(iret_to_guest, 0) + iretq END(restore_all_guest) =20 /* @@ -920,10 +921,23 @@ handle_exception_saved: exception_with_ints_disabled: testb $3,UREGS_cs(%rsp) # interrupts disabled outside Xen? jnz FATAL_exception_with_ints_disabled - movq %rsp,%rdi - call search_pre_exception_table - testq %rax,%rax # no fixup code for faulting EIP? - jz .Ldispatch_exceptions + +#ifndef CONFIG_PV + /* No PV? No IRETs-to-guest to worry about. */ + jmp .Ldispatch_exceptions +#else + /* Check to see if the exception was on the IRET to guest context.= */ + lea iret_to_guest(%rip), %rax + cmp %rax, UREGS_rip(%rsp) + jne .Ldispatch_exceptions + + /* + * Recovery is at handle_exception. It may be necessary to make s= pace + * on the interrupted stack for ec/ev, after which the current ec/= ev + * is copied to make it appear as if this exception occurred in gu= est + * context. + */ + lea handle_exception(%rip), %rax movq %rax,UREGS_rip(%rsp) # fixup regular stack =20 #ifdef CONFIG_XEN_SHSTK @@ -940,13 +954,14 @@ exception_with_ints_disabled: movq %rsp,%rsi subq $8,%rsp movq %rsp,%rdi - movq $UREGS_kernel_sizeof/8,%rcx - rep; movsq # make room for ec/ev + mov $UREGS_kernel_sizeof/8, %ecx + rep movsq # make room for ec/ev 1: movq UREGS_error_code(%rsp),%rax # ec/ev movq %rax,UREGS_kernel_sizeof(%rsp) mov %r15, STACK_CPUINFO_FIELD(xen_cr3)(%r14) mov %r13b, STACK_CPUINFO_FIELD(use_pv_cr3)(%r14) jmp restore_all_xen # return to fixup code +#endif /* !CONFIG_PV */ =20 /* No special register assumptions. */ FATAL_exception_with_ints_disabled: --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532057; cv=none; d=zohomail.com; s=zohoarc; b=UIFnTDKPSFuwVRO7uh+NVTiE1ReWyn2sE0f1AY6S4npHqlznMqQXjELQASZSb0h+YQ9LPswsstHlWU+Ec4FUg6MHPgb5be+j6M2sJzfFsyPzNQaE6yu/xvdwPuUyRBODLPYS1IBCi+nTRDdDchTtzdrnIaQZawk24N+H2o0A/NU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532057; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ANvzpW72vwwsvyjhYzLTTiCaXWsRhxHL8R8E+kHqpjw=; b=DgMebIPc/WgCKQNRtT8D2PqdK+B5Pr8wb74XM793eXOf54e5nBrbZslIFIp0VAhh3l9gwWuasyKEotumS96r/myyrh05OJpUYbeRZb1eJ/MnNKigM5g38NzUBMbozpwNXkCDY4SngHcZsCfv6XHfobqVcL0gdLaPTW46FQ4zxlg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532057211110.16282858065074; Fri, 3 Oct 2025 15:54:17 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136915.1473449 (Exim 4.92) (envelope-from ) id 1v4of7-0000Ri-MK; Fri, 03 Oct 2025 22:54:05 +0000 Received: by outflank-mailman (output) from mailman id 1136915.1473449; Fri, 03 Oct 2025 22:54:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4of6-0000Nw-Je; Fri, 03 Oct 2025 22:54:04 +0000 Received: by outflank-mailman (input) for mailman id 1136915; Fri, 03 Oct 2025 22:54:01 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4of3-0004mF-56 for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:54:01 +0000 Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [2a00:1450:4864:20::330]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id da0b9c5e-a0ab-11f0-9d14-b5c5bf9af7f9; Sat, 04 Oct 2025 00:54:00 +0200 (CEST) Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-46e384dfde0so30096515e9.2 for ; Fri, 03 Oct 2025 15:54:00 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.53.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:53:59 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: da0b9c5e-a0ab-11f0-9d14-b5c5bf9af7f9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532040; x=1760136840; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ANvzpW72vwwsvyjhYzLTTiCaXWsRhxHL8R8E+kHqpjw=; b=pYGmjyV314wYCdbhUHlLvOw7W28qWla+iyuvtN/TF4gofkqrM1bsSB138ei4znNs+c ccnFuOLFX48GKUaffP/5hNOFdQFvOU/q+gidy/EH4xOj1EYE4HJse5JdgUv9p9pLlv+G buKtRW3zSVWApol2FT1p52t9nYBX8o0lSK5mA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532040; x=1760136840; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ANvzpW72vwwsvyjhYzLTTiCaXWsRhxHL8R8E+kHqpjw=; b=q2gS74IB+RFBbUO7R/LvObHzFzHMyHRrYVJI9gIwfmer89HX/5o7HH/17pyAxg6DJS XrFhuJ6h8zOekSqM46EsmnRodtBH3K9/KhV0uj9qn8pi4StOjYnWw5q7pjGfPiQAVWT+ Q1oqDQ1RJhmdA+fRL/7PhPHUr38fRXqVx3aIatUqDTPlnNGMO6VtEnbr+FAbJvAbIIrl F+5MOUZANidPJC/XHAjsGDQvAqtwUozbm9UY1b0dT+GMi+7BdzbEOzCCcystWTY/CHXW 2i6r5Gm58MtJADtcvtrUY2ooAA87p7fhZ7VIkVkdPsXTcNAwjU6UyvMMGCI72vtA+OQQ cbug== X-Gm-Message-State: AOJu0YzJAQbu1Fx5WtJufgw0qzswnvbsctVMRr6xucV9UcKM/RNZpTyi tpTyIExEJs23RLy0jB9aCwI4CsuaiY8BjjLi+Y1I/ray7vipnjCnhceqAdfyLLJboWhIvA46OK3 Xmv4pidOdLQ== X-Gm-Gg: ASbGncsI4LWd7RX2bku/F/xIagCbk5i7gEPvm8Ib0f1ZMcjOUYMaZlRGn9Xhr1CnrCA RDWdgf5Z3Dgxt/YWDnlbKBWDclbF40koU2fUj6nYJ+5KVqKvO1IWqBcmbLadh6h4NDy5d1wyi4c Pts0ge12e5xxU8W0UgotrJtFAGKn4Y//tRS7MJKNHGKSYuuRwI9CBDCC/iCF8Ns6jF74tpvxhZP sQL5QPJLPdNY+1pJXGKcrHQEl92i1lR9KJqhXnyU+GLNXtXGIrriLwYXYydMv2oodylEizBcU+u nRJf8fn78+UqaxkZ+SMsZ6XaT+FGBD7z87jOHGFn3Yb3STLHLdhwH/oVFYS4yPHT8GIhC1w0aST 1YJuWEP/xhzua+91RNqIWIOVRkRJRpL3PSxxtsNk7PTRIbfkkN0/keWgVd0dTGtEaUr3wU5nR2w Yxgv+viCG//KNGMnt1iX0C X-Google-Smtp-Source: AGHT+IF8aEJo+fOqUAgR0jh5lYjGuweJ2kLO3kj48UhE4rEUCkOi0B236wTO2XQ7xbpR05hk9r+xNA== X-Received: by 2002:a05:6000:2483:b0:3dc:1473:18bc with SMTP id ffacd0b85a97d-42566e05d8fmr2659758f8f.0.1759532039956; Fri, 03 Oct 2025 15:53:59 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 16/22] x86/entry: Drop the pre exception table infrastructure Date: Fri, 3 Oct 2025 23:53:28 +0100 Message-Id: <20251003225334.2123667-17-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532058701116600 It is no longer used. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/extable.c | 14 -------------- xen/arch/x86/include/asm/asm_defns.h | 11 ++++------- xen/arch/x86/include/asm/uaccess.h | 2 -- xen/arch/x86/xen.lds.S | 5 ----- 4 files changed, 4 insertions(+), 28 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index cf637d0921e4..a9b6c6b904f5 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -61,7 +61,6 @@ void init_or_livepatch sort_exception_table(struct except= ion_table_entry *start, void __init sort_exception_tables(void) { sort_exception_table(__start___ex_table, __stop___ex_table); - sort_exception_table(__start___pre_ex_table, __stop___pre_ex_table); } =20 static unsigned long @@ -219,16 +218,3 @@ int __init cf_check stub_selftest(void) } __initcall(stub_selftest); #endif /* CONFIG_SELF_TESTS */ - -unsigned long asmlinkage search_pre_exception_table(struct cpu_user_regs *= regs) -{ - unsigned long addr =3D regs->rip; - unsigned long fixup =3D search_one_extable( - __start___pre_ex_table, __stop___pre_ex_table, addr); - if ( fixup ) - { - dprintk(XENLOG_INFO, "Pre-exception: %p -> %p\n", _p(addr), _p(fix= up)); - perfc_incr(exception_fixed); - } - return fixup; -} diff --git a/xen/arch/x86/include/asm/asm_defns.h b/xen/arch/x86/include/as= m/asm_defns.h index a81a4043d0f1..d7eafedf0e4c 100644 --- a/xen/arch/x86/include/asm/asm_defns.h +++ b/xen/arch/x86/include/asm/asm_defns.h @@ -65,22 +65,19 @@ register unsigned long current_stack_pointer asm("rsp"); =20 /* Exception table entry */ #ifdef __ASSEMBLY__ -# define _ASM__EXTABLE(sfx, from, to) \ - .section .ex_table##sfx, "a" ; \ +# define _ASM_EXTABLE(from, to) \ + .section .ex_table, "a" ; \ .balign 4 ; \ .long _ASM_EX(from), _ASM_EX(to) ; \ .previous #else -# define _ASM__EXTABLE(sfx, from, to) \ - " .section .ex_table" #sfx ",\"a\"\n" \ +# define _ASM_EXTABLE(from, to) \ + " .section .ex_table,\"a\"\n" \ " .balign 4\n" \ " .long " _ASM_EX(from) ", " _ASM_EX(to) "\n" \ " .previous\n" #endif =20 -#define _ASM_EXTABLE(from, to) _ASM__EXTABLE(, from, to) -#define _ASM_PRE_EXTABLE(from, to) _ASM__EXTABLE(.pre, from, to) - #ifdef __ASSEMBLY__ =20 .macro BUILD_BUG_ON condstr, cond:vararg diff --git a/xen/arch/x86/include/asm/uaccess.h b/xen/arch/x86/include/asm/= uaccess.h index 719d053936b9..4c41a0fe0426 100644 --- a/xen/arch/x86/include/asm/uaccess.h +++ b/xen/arch/x86/include/asm/uaccess.h @@ -410,8 +410,6 @@ struct exception_table_entry }; extern struct exception_table_entry __start___ex_table[]; extern struct exception_table_entry __stop___ex_table[]; -extern struct exception_table_entry __start___pre_ex_table[]; -extern struct exception_table_entry __stop___pre_ex_table[]; =20 union stub_exception_token { struct { diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 966e514f2034..66075bc0ae6d 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -119,11 +119,6 @@ SECTIONS *(.ex_table) __stop___ex_table =3D .; =20 - /* Pre-exception table */ - __start___pre_ex_table =3D .; - *(.ex_table.pre) - __stop___pre_ex_table =3D .; - . =3D ALIGN(PAGE_SIZE); __ro_after_init_end =3D .; =20 --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532179; cv=none; d=zohomail.com; s=zohoarc; b=XNoqRmx3LXOrBPqzyt3zFEzfCwkijRY8yGeQEEVJdCXM3CzNOw8c8FnBouIoLkoVC9T9b3avvWl6icRJBNdrGuOMybrpBpUaUjkstsnD88LouaCAajjdsiYWOKTiLYLCsO60wKr7AddmKEvzT+6g4/AILQn0emi6EtuqBHa7Mc0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532179; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=mWok3/ERT2Kd1oqFiPyrt4RuQmQhVZTmRdQZKV98WJM=; b=VXM2HoFI6gKILe2gsQHvPaS6ysC1486eWbiMyo/IbOn8yWvuVUesWyQzGzImDO32UH1AqarTOTe+BFPoesXfBNk46E09Vuck9HuYQ194bCOeWqUwu+GZcdztPKNSgp/fzv4ByW2UPljig2U6xQH7wxWyEOhCu0i6lkfjpxY4p+g= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 175953217902281.94718644265265; Fri, 3 Oct 2025 15:56:19 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1136997.1473471 (Exim 4.92) (envelope-from ) id 1v4oh5-0004zT-Rm; Fri, 03 Oct 2025 22:56:07 +0000 Received: by outflank-mailman (output) from mailman id 1136997.1473471; Fri, 03 Oct 2025 22:56:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oh5-0004zM-MW; Fri, 03 Oct 2025 22:56:07 +0000 Received: by outflank-mailman (input) for mailman id 1136997; Fri, 03 Oct 2025 22:56:05 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4of6-0004mK-8r for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:54:04 +0000 Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [2a00:1450:4864:20::433]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id da8d35cf-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:54:01 +0200 (CEST) Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-42557c5cedcso1550919f8f.0 for ; Fri, 03 Oct 2025 15:54:01 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.54.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:54:00 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: da8d35cf-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532041; x=1760136841; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mWok3/ERT2Kd1oqFiPyrt4RuQmQhVZTmRdQZKV98WJM=; b=LzXkfqppwPGWgnVAnoDUTbjyMpT1tGNl4eIVoGuMGcOZqS7vItKiWDS3eOtkqQYLq4 W5F1Lun7lOEdLiRz/49QCHdzfh5ekx/UGdv2qISgDTPGmsfgbxXQAmBvsL2ZIyJ1H6CW pfszVGxy429GjuBvCfx2kALgHPEfEv3zDNDb4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532041; x=1760136841; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mWok3/ERT2Kd1oqFiPyrt4RuQmQhVZTmRdQZKV98WJM=; b=lgVEmH91hMh+6ymqDklLMRi5U/InN6zH1RsW+usYQZt5/hQ1JfdPr/DKfJoPy6iMHm lxnUAKSIdNxpSHmc1jFCtrqArftpQFn4uc3phngcdemXnv2lAYqibeWoOqqewUtxMXOh eIe8YtTj3j1iM34QBIfQ2LXv/D8Q4MdcjRyvyl974ZiF2WT4wVY8plkOFCkJdMf4JHmQ 1SlOL6PWbZkZqtdXsBxT/BnavLrxgnc8IooBu+pEOCIygToO+vtDpSkwtWVTyRS+2PRZ 4i+aL6AK7k3ds/0PrSncg6SrD/Zsp/ftNQhzyzJhXaqcDGxVL92Vd35aw5r/unryww9l dqpw== X-Gm-Message-State: AOJu0Ywo+jZ9dYLFy79Halx8taMk4E5vRUSYLfZTQNj9zkP9+uL/WTT3 i5L4Gx+8obE8DDRKj5vG+HV+aLhk1VarMyVSCpqWPLPKkxdEyFyVAczXBt/qqLsjR5GXBqdNr49 8pHlBDDfX0A== X-Gm-Gg: ASbGncszh3DTvTnmteA2bdLFzGyVMkGVQIpAQm6I3Hyrp7VlV/eQBzcWegXIEPI/JUh yX/Ufh/RuQUgRw9iSr32SjCDdIZRNvtFDYhoRa/8IapzGp2cS4dGKT7sgeYBQlV4TRRMxyco1aQ Edo4tnY+eVKaOFfYvell5VxeiSaSEikuDemc+5xVc8N+w5WrgHF9KmuQfcU67oTm9H5K8phnYaq cNSzFUZRkKmJI20Lq/cQxQYsqmdqNe05pRSGRDISNkSkBnesKqqxYteDyV/gOIPj7rAgpzS19xB xLM5gO/jM8ETAsnBc4Qg0LcS87IW/XnamEKOhQx6jGcC9ZhzsnXwi1IQdH5/wYg8OFQxGZ/sCK6 EL1Hr1pHLuiCbyjk4d3/UbkCvSVtnBRgLnxn/HlSYPH4cFztSG6oMBrKINjDVBvn/R1YMz7dWlw fMMbJxaLO6Ax/w4cDMc1JxOwakp+ka2MY= X-Google-Smtp-Source: AGHT+IGAlj9NvArVgrk3EIWYhVj9LhocWPo66bi9Ey3W4rHABnNTDyCv5iC1f+VVMdCI3V+43cm1vQ== X-Received: by 2002:a5d:5d0b:0:b0:3fe:4fa2:8cdc with SMTP id ffacd0b85a97d-425671c3b54mr2819740f8f.60.1759532040804; Fri, 03 Oct 2025 15:54:00 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 17/22] x86/entry: Rework the comment about SYSCALL and DF Date: Fri, 3 Oct 2025 23:53:29 +0100 Message-Id: <20251003225334.2123667-18-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532180641116600 It's soon going to be needed in a second location. Right now it's misleading saying that nothing else would be cleared. It's missing the more important point that SYSCALLs are treated like all other interrupts and exceptions, and undergo normal flags handling there. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/x86_64/entry.S | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 01b431793b7b..ca446c6ff0ce 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -39,10 +39,9 @@ FUNC_LOCAL(switch_to_kernel) leal (,%rcx,TBF_INTERRUPT),%ecx =20 /* - * The PV ABI hardcodes the (guest-inaccessible and virtual) - * SYSCALL_MASK MSR such that DF (and nothing else) would be clear= ed. - * Note that the equivalent of IF (VGCF_syscall_disables_events) is - * dealt with separately above. + * The PV ABI, given no virtual SYSCALL_MASK, hardcodes that DF is + * cleared. Other flags are handled in the same way as interrupts= and + * exceptions in create_bounce_frame(). */ mov $~X86_EFLAGS_DF, %esi =20 --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532196; cv=none; d=zohomail.com; s=zohoarc; b=khZldr1mcmfmS0hiQ7GP1NvRqmiHBvmzTpM8RVxMGOGHCROJHX+mEOoTSMPQlsrQ4HB6hEwsa1+amrrIGN13gr10OCg0QU5fgLt+papdHdpTtECqxDzceiKWxfM1xHf50eqX28v7W1Jc3+xho34D5ONiORw3mmm87IV9mFI6XBw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532196; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Ce/veHiNQH7XIBxxQhrirY27AHnw8PAuWqqvFIesB+M=; b=Hu/GTWzqAZSxtzNoOb886WzYTpFWaaZUpTRE5i9q69yt8rF0rFWmLc3SJ2RWEdWobGKBwU9EMONFE8wauPxdASlnwRcDcneMN5kDGvtgwK1nd3dSVZdVTb3YTQ3VeL+ulMLYw7VUOHV+fhanGD7TUawrq4wRzrOpo5ZulmYyocU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532196548301.5092193718265; Fri, 3 Oct 2025 15:56:36 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1137055.1473512 (Exim 4.92) (envelope-from ) id 1v4ohH-0006Ra-1d; Fri, 03 Oct 2025 22:56:19 +0000 Received: by outflank-mailman (output) from mailman id 1137055.1473512; Fri, 03 Oct 2025 22:56:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4ohG-0006RL-QW; Fri, 03 Oct 2025 22:56:18 +0000 Received: by outflank-mailman (input) for mailman id 1137055; Fri, 03 Oct 2025 22:56:17 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4ofA-0004mK-9q for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:54:08 +0000 Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [2a00:1450:4864:20::444]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id dbe96831-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:54:03 +0200 (CEST) Received: by mail-wr1-x444.google.com with SMTP id ffacd0b85a97d-3ee12332f3dso2347181f8f.2 for ; Fri, 03 Oct 2025 15:54:03 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.54.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:54:01 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dbe96831-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532043; x=1760136843; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ce/veHiNQH7XIBxxQhrirY27AHnw8PAuWqqvFIesB+M=; b=TCXAKjJdbAKRpAxsJO4jVDsR3ArX7CKm4agt94bkEGihsvo0SOnI6xLulQ+BV0ropC /nkR1z4k4Nw5wnyKv2aucmnZbp/h+8ocq+NXp5YJzlRrOVG5uG/xjGO2/OahJq1lAFJl eyOLxqrAf2YB1HogTJouXBdUOaWNqMTJukGfs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532043; x=1760136843; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ce/veHiNQH7XIBxxQhrirY27AHnw8PAuWqqvFIesB+M=; b=BMNFLT7ddqN7ry2Wpel4/5hsi+YF6Wq6YmIyrEO3xGPQs30ZdzTSrCN2vgWHGlWI9W ec8ykLdnZUjm1Z+CjNgI3L/4lrVcsbeLjiMcE+FtimP2lu+SGx+aO1VtMZaHcBhUTPgI /FcyW0lj+vIzrFIIhejLu03mVNrQuQNS7kRcO7i4mMV2QSNNyOn5G8uFr+nDUgkwCxJ7 bL/CCebewUxklNSoFBC4g21KurTCSJpyCtKzZz182DZr9RfCSY+YKgd+xdEh/R8F4rsa 4elA6XNzA8AoEt5IbhC5y2QRzgVUCP9uTL0aAks1D5mgFXIvFYfI3qq/ilFOhLAkJOMq 8sww== X-Gm-Message-State: AOJu0Yw/s27Mo6M991hzusThTdWtPD/0uqJQpwXGpQD9mh8WA8DhPez8 mooKfKIJJg2chvCqfS6yd/rr+r6qN02Wg6MYA3IwdRbby2etf93RQtuePN7jwPUbceTiOn4r9eO hXq6tQMw2fHzB X-Gm-Gg: ASbGncsl7p8/vBT7fVQfc4dJp8B/5hxUNQroM9yyKc5ZeHRE9ZBti0ioXUqg7ZWOMu2 sRX8VbYhnwKkLJK5guhDG8giour2DFUvbaSu+5uEixKRDmSWse4IicHgpqn58lT6E1RqcNdJBOr MumA0sm00lJvZFQEiBBkY0pmq9CCreGi2ddOnKMa75Glf3jAGKQIJ9RqFVrYNR6BhmNMJRisaQV n3YPOJlrs2uy+kFgWDRm6CeYUv3+nIb9SNI2sDzQF7tHOPeysZLx/w4jcbkZuBTeK/JsMWjnyPP d6QrRP+tGOklCTPLSDEzqX6ASHqw1ORgp3/U5lD/MM9FyOwqMaVyZ6P1Yme80cmI/wu5+LUJliS dqtRhhzWOtTJDIAnhLl7lrChYYH27yyGfjpoF1bb3/BcIEr0imaGEQAhzCSMj+ogJg5q4NG5/iq B6/vqX7xLI/usM4zzSvnaPGM4C+JCHWaw= X-Google-Smtp-Source: AGHT+IFnm/X8LPCGnPd/A+pzm7HYTAVEUtlYINF/Zo5nS6xrAQpb2V3Ra5GfuNY8K39DQsv+h/QpcA== X-Received: by 2002:a05:6000:2086:b0:3ea:63d:44c6 with SMTP id ffacd0b85a97d-42567194b16mr2975580f8f.35.1759532042908; Fri, 03 Oct 2025 15:54:02 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 18/22] x86/pv: Adjust GS handling for FRED mode Date: Fri, 3 Oct 2025 23:53:30 +0100 Message-Id: <20251003225334.2123667-19-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532198845116600 When FRED is active, hardware automatically swaps GS when changing privileg= e, and the SWAPGS instruction is disallowed. For native OSes using GS as the thread local pointer this is a massive improvement on the pre-FRED architecture, but under Xen it makes handling PV guests more complicated. Specifically, it means that GS_BASE and GS_SHADOW are the opposite way around in FRED mode, as opposed to IDT mode. This leads to the following changes: * In load_segments(), we have to load both GSes. Account for this in the SWAP() condition and avoid the path with SWAGS. * In save_segments(), we need to read GS_SHADOW rather than GS_BASE. * In toggle_guest_mode(), we need to emulate SWAPGS. * In do_set_segment_base(), merge the SEGBASE_GS_{USER,KERNEL} cases and take FRED into account when choosing which base to update. SEGBASE_GS_USER_SEL was already an LKGS invocation (decades before FRED) so under FRED needs to be just a MOV %gs. Simply skip the SWAPGSes. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v3: * Rename things v2: * New I think this functions, but it's not ideal. The conditions are asymmetric = and awkward. --- xen/arch/x86/domain.c | 22 +++++++++++++++++----- xen/arch/x86/pv/domain.c | 22 ++++++++++++++++++++-- xen/arch/x86/pv/misc-hypercalls.c | 16 ++++++++++------ 3 files changed, 47 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 8089ff929bf7..ce08f91be3af 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1819,9 +1819,10 @@ static void load_segments(struct vcpu *n) =20 /* * Figure out which way around gsb/gss want to be. gsb needs to be - * the active context, and gss needs to be the inactive context. + * the active context, and gss needs to be the inactive context, + * unless we're in FRED mode where they're reversed. */ - if ( !(n->arch.flags & TF_kernel_mode) ) + if ( !(n->arch.flags & TF_kernel_mode) ^ opt_fred ) SWAP(gsb, gss); =20 if ( using_svm() && (n->arch.pv.fs | n->arch.pv.gs) <=3D 3 ) @@ -1842,7 +1843,9 @@ static void load_segments(struct vcpu *n) =20 if ( !fs_gs_done && !compat ) { - if ( read_cr4() & X86_CR4_FSGSBASE ) + unsigned long cr4 =3D read_cr4(); + + if ( !(cr4 & X86_CR4_FRED) && (cr4 & X86_CR4_FSGSBASE) ) { __wrgsbase(gss); __wrfsbase(n->arch.pv.fs_base); @@ -1959,6 +1962,9 @@ static void load_segments(struct vcpu *n) * Guests however cannot use SWAPGS, so there is no mechanism to modify the * inactive GS base behind Xen's back. Therefore, Xen's copy of the inact= ive * GS base is still accurate, and doesn't need reading back from hardware. + * + * Under FRED, hardware automatically swaps GS for us, so SHADOW_GS is the + * active GS from the guest's point of view. */ static void save_segments(struct vcpu *v) { @@ -1974,12 +1980,18 @@ static void save_segments(struct vcpu *v) if ( read_cr4() & X86_CR4_FSGSBASE ) { fs_base =3D __rdfsbase(); - gs_base =3D __rdgsbase(); + if ( opt_fred ) + gs_base =3D rdmsr(MSR_SHADOW_GS_BASE); + else + gs_base =3D __rdgsbase(); } else { fs_base =3D rdmsr(MSR_FS_BASE); - gs_base =3D rdmsr(MSR_GS_BASE); + if ( opt_fred ) + gs_base =3D rdmsr(MSR_SHADOW_GS_BASE); + else + gs_base =3D rdmsr(MSR_GS_BASE); } =20 v->arch.pv.fs_base =3D fs_base; diff --git a/xen/arch/x86/pv/domain.c b/xen/arch/x86/pv/domain.c index 9c4785c187dd..369af444c29b 100644 --- a/xen/arch/x86/pv/domain.c +++ b/xen/arch/x86/pv/domain.c @@ -14,9 +14,10 @@ #include #include #include -#include #include #include +#include +#include =20 #ifdef CONFIG_PV32 int8_t __read_mostly opt_pv32 =3D -1; @@ -480,11 +481,28 @@ void toggle_guest_mode(struct vcpu *v) * subsequent context switch won't bother re-reading it. */ gs_base =3D read_gs_base(); + + /* + * In FRED mode, not only are the two GSes the other way around (i.e. = we + * want to read GS_SHADOW here), the SWAPGS instruction is disallowed = so + * we have to emulate it. + */ + if ( opt_fred ) + { + unsigned long gs_shadow =3D rdmsr(MSR_SHADOW_GS_BASE); + + wrmsrns(MSR_SHADOW_GS_BASE, gs_base); + write_gs_base(gs_shadow); + + gs_base =3D gs_shadow; + } + else + asm volatile ( "swapgs" ); + if ( v->arch.flags & TF_kernel_mode ) v->arch.pv.gs_base_kernel =3D gs_base; else v->arch.pv.gs_base_user =3D gs_base; - asm volatile ( "swapgs" ); =20 _toggle_guest_pt(v); =20 diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hyper= calls.c index 4c2abeb4add8..2c9cf50638db 100644 --- a/xen/arch/x86/pv/misc-hypercalls.c +++ b/xen/arch/x86/pv/misc-hypercalls.c @@ -11,6 +11,7 @@ =20 #include #include +#include =20 long do_set_debugreg(int reg, unsigned long value) { @@ -192,11 +193,12 @@ long do_set_segment_base(unsigned int which, unsigned= long base) =20 case SEGBASE_GS_USER: v->arch.pv.gs_base_user =3D base; - write_gs_shadow(base); - break; - + fallthrough; case SEGBASE_GS_KERNEL: - write_gs_base(base); + if ( (which =3D=3D SEGBASE_GS_KERNEL) ^ opt_fred ) + write_gs_base(base); + else + write_gs_shadow(base); break; } break; @@ -209,7 +211,8 @@ long do_set_segment_base(unsigned int which, unsigned l= ong base) * We wish to update the user %gs from the GDT/LDT. Currently, the * guest kernel's GS_BASE is in context. */ - asm volatile ( "swapgs" ); + if ( !opt_fred ) + asm volatile ( "swapgs" ); =20 if ( sel > 3 ) /* Fix up RPL for non-NUL selectors. */ @@ -247,7 +250,8 @@ long do_set_segment_base(unsigned int which, unsigned l= ong base) /* Update the cache of the inactive base, as read from the GDT/LDT= . */ v->arch.pv.gs_base_user =3D read_gs_base(); =20 - asm volatile ( safe_swapgs ); + if ( !opt_fred ) + asm volatile ( safe_swapgs ); break; } =20 --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532189; cv=none; d=zohomail.com; s=zohoarc; b=RDLvXrTFwHxis/vp2cGAUlSE5cpISdN+ni2iBPGpDTW9cbb8OC0owPDgh9V69hjyfmTnKasX9717vIEIBRrlsQxJTWucfnMhFzumXml4GYqUXN1pB0ybalLwePm7fYGRvAoa83AjWvouBl1qnpK3spozyceHCTDNmcU4Hxjglms= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532189; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=6XTD7h2Ab6a+CORJxr33+ND6CJ87jCU42y3vBojuyiI=; b=NoZ+AvMIB/a+dH74vbMOEQqjA1g2IeOAsxhUF0bIUhAexb+q3/ut0fZQkHdL+TOtwYThE/JaxcPtj1T5LPMZlIKIBwstPptd9BXffppfBjaQSjriv/kRpApFdurC0NtteIKYQGp0QWdJ2gvRgcczwdn9o86A56dbb2f0wZYaqfM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532189650544.8427702650698; Fri, 3 Oct 2025 15:56:29 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1137043.1473501 (Exim 4.92) (envelope-from ) id 1v4ohE-00064j-L5; Fri, 03 Oct 2025 22:56:16 +0000 Received: by outflank-mailman (output) from mailman id 1137043.1473501; Fri, 03 Oct 2025 22:56:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4ohE-00064a-GX; Fri, 03 Oct 2025 22:56:16 +0000 Received: by outflank-mailman (input) for mailman id 1137043; Fri, 03 Oct 2025 22:56:15 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4of8-0004mF-9C for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:54:06 +0000 Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [2a00:1450:4864:20::431]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id dcbe6d48-a0ab-11f0-9d14-b5c5bf9af7f9; Sat, 04 Oct 2025 00:54:05 +0200 (CEST) Received: by mail-wr1-x431.google.com with SMTP id ffacd0b85a97d-3b9edf4cf6cso2056662f8f.3 for ; Fri, 03 Oct 2025 15:54:05 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.54.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:54:03 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dcbe6d48-a0ab-11f0-9d14-b5c5bf9af7f9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532044; x=1760136844; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6XTD7h2Ab6a+CORJxr33+ND6CJ87jCU42y3vBojuyiI=; b=QIhTsC7askTFAkRtIfBqGq+2dUtdATmX4hs02LbH7CrS+OUVkSZe0LjdcPODz+gePp 44cq8JA2AMZlmcdQAErV1V/Amhc9zllz9gpPp2PxoYOTC63Xh01lYnOOL5e7kHjsdWZT VEhVuqTNO/0T7Lll9kEPzd8Cw/6QyFFVUcBnc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532044; x=1760136844; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6XTD7h2Ab6a+CORJxr33+ND6CJ87jCU42y3vBojuyiI=; b=lUjnp4Dp/KsJS6ZsTCvus5kIhc+sqT9UrrRDj1Mgxan5+Qw2y6m/WpF9ZO824YtMAP kAYIWgL3X18M1BEE1I2VEp7WbNwlep0hRiN/HsSqaZxfSTgH3wPD0uzreWK0dqfYP957 Km0XSvrGFtmkJQqiq9hMMs2JgAdyOaTlzJuaWYnTHONzzfFDBWuujTNywYcNPwhyfWRZ NM/ED/102QWMfjnCM8PaEaVJDtO0qdRkwLgPI4SDnVuOQyZb83d5BOlnHY8+3ro787ce RaS0Wa15JyAd1ws/v8fZqMFPkNlv4dLTyZjevjEN6t+s2qAkCxFWAVGTuzv+b91Me/yn mw6A== X-Gm-Message-State: AOJu0YxpQbVoC/qZVdpUwRvSZ13KXSc7PMN9YO3THYp3bL67BXVocczr HuW1e3CmS2q/ip+ws8nWWb5uJ76X35RKtI4WriXt986xNFfbyoACI1JZuHntGB2IyrGzurLwAJF WT9It/sSbKA== X-Gm-Gg: ASbGnctzUIWRmxrAoIsMKkNbm6tVsJrkctb8/eFfXWa18hRO26KEr79uPELs7wjOxxF aqYY5q232d/VQlb1JzR/7K/A37fN0V48DDv4gGn1A0elWYaa3cni5JyvrZvbmf/U1Ay45y/vsZt PpswL+oD/ya6XfYfaP4UbSdQtNcUG91TUNjzEIpPbcg7a+21nU6ZEMZ9xYjj19fu2Icv1ABMzg1 fGWbyztDozWCZUASa2khe69OtUVJZpcymGIhsSGR7530+7lohULYShfBv02EXropqJ+YY994xY4 SZfzDLwbCk9ZmhAtAlKMy/Wf/1WY1nqb+e+fKN2jiZR+3r0UpLfzfh6sTMDiYtkgK2kiprXGojL qaIByPs5MgvHuZ5+VpZvqRcEAbWRr0jwAbcQscFy47DkEVSOZPJDFlghzcxFnOdIFgxi3V4YzDT 0KAA2y2BrdKg1rQf6kyEru66+z6B8K47A= X-Google-Smtp-Source: AGHT+IGOcfyNSZTubcAKC8WOfHT1jDZKuYz6MiU79gd8rsVFJtwdlf4g6w6Cc3Jl4HKHfY0WPVGuLg== X-Received: by 2002:a05:6000:288a:b0:3ee:1233:4681 with SMTP id ffacd0b85a97d-4256715327emr3150252f8f.23.1759532044330; Fri, 03 Oct 2025 15:54:04 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 19/22] x86/pv: Guest exception handling in FRED mode Date: Fri, 3 Oct 2025 23:53:31 +0100 Message-Id: <20251003225334.2123667-20-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532190780116600 Under FRED, entry_from_pv() handles everything. To start with, implement exception handling in the same manner as entry_from_xen(), although we can unconditionally enable interrupts after the async/fatal events. After entry_from_pv() returns, test_all_events() needs to run to perform exception and interrupt injection. Split entry_FRED_R3() into two and introduce eretu_exit_to_guest() as the latter half, coming unilaterally from restore_all_guest(). For all of this, there is a slightly complicated relationship with CONFIG_P= V. entry_FRED_R3() must exist irrespective of CONFIG_PV, because it's the entrypoint registered with hardware. For simplicity, entry_from_pv() is always called, but it collapses into fatal_trap() in the !PV case. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v3: * Adjust comments. * Group CP with others. It's definitely wrong for perf, but that's out the window anyway now that we're letting a compiler make the decision tree. v2: * New --- xen/arch/x86/traps.c | 75 +++++++++++++++++++++++++++++++- xen/arch/x86/x86_64/entry-fred.S | 13 +++++- xen/arch/x86/x86_64/entry.S | 4 +- 3 files changed, 89 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 0027f096a6c3..3f7db11c247b 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -2266,9 +2266,82 @@ void asmlinkage check_ist_exit(const struct cpu_user= _regs *regs, bool ist_exit) =20 void asmlinkage entry_from_pv(struct cpu_user_regs *regs) { + struct fred_info *fi =3D cpu_regs_fred_info(regs); + uint8_t type =3D regs->fred_ss.type; + uint8_t vec =3D regs->fred_ss.vector; + /* Copy fred_ss.vector into entry_vector as IDT delivery would have do= ne. */ - regs->entry_vector =3D regs->fred_ss.vector; + regs->entry_vector =3D vec; + + if ( !IS_ENABLED(CONFIG_PV) ) + goto fatal; + + /* + * First, handle the asynchronous or fatal events. These are either + * unrelated to the interrupted context, or may not have valid context + * recorded, and all have special rules on how/whether to re-enable IR= Qs. + */ + switch ( type ) + { + case X86_ET_EXT_INTR: + return do_IRQ(regs); + + case X86_ET_NMI: + return do_nmi(regs); + + case X86_ET_HW_EXC: + switch ( vec ) + { + case X86_EXC_DF: return do_double_fault(regs); + case X86_EXC_MC: return do_machine_check(regs); + } + break; + } + + /* + * With the asynchronous events handled, what remains are the synchron= ous + * ones. PV guest context always had interrupts enabled. + */ + local_irq_enable(); + + switch ( type ) + { + case X86_ET_HW_EXC: + case X86_ET_PRIV_SW_EXC: + case X86_ET_SW_EXC: + switch ( vec ) + { + case X86_EXC_PF: handle_PF(regs, fi->edata); break; + case X86_EXC_GP: do_general_protection(regs); break; + case X86_EXC_UD: do_invalid_op(regs); break; + case X86_EXC_NM: do_device_not_available(regs); break; + case X86_EXC_BP: do_int3(regs); break; + case X86_EXC_DB: handle_DB(regs, fi->edata); break; + case X86_EXC_CP: do_entry_CP(regs); break; + + case X86_EXC_DE: + case X86_EXC_OF: + case X86_EXC_BR: + case X86_EXC_NP: + case X86_EXC_SS: + case X86_EXC_MF: + case X86_EXC_AC: + case X86_EXC_XM: + do_trap(regs); + break; =20 + default: + goto fatal; + } + break; + + default: + goto fatal; + } + + return; + + fatal: fatal_trap(regs, false); } =20 diff --git a/xen/arch/x86/x86_64/entry-fred.S b/xen/arch/x86/x86_64/entry-f= red.S index 3c3320df22cb..a1ff9a4a9747 100644 --- a/xen/arch/x86/x86_64/entry-fred.S +++ b/xen/arch/x86/x86_64/entry-fred.S @@ -15,9 +15,20 @@ FUNC(entry_FRED_R3, 4096) mov %rsp, %rdi call entry_from_pv =20 +#ifdef CONFIG_PV + GET_STACK_END(14) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx + + jmp test_all_events +#else + BUG /* Not Reached */ +#endif +END(entry_FRED_R3) + +FUNC(eretu_exit_to_guest) POP_GPRS eretu -END(entry_FRED_R3) +END(eretu_exit_to_guest) =20 /* The Ring0 entrypoint is at Ring3 + 0x100. */ .org entry_FRED_R3 + 0x100, 0xcc diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index ca446c6ff0ce..0692163faa44 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -63,7 +63,7 @@ UNLIKELY_END(syscall_no_callback) /* Conditionally clear DF */ and %esi, UREGS_eflags(%rsp) /* %rbx: struct vcpu */ -test_all_events: +LABEL(test_all_events, 0) ASSERT_NOT_IN_ATOMIC cli # tests must not race interrupts /*test_softirqs:*/ @@ -152,6 +152,8 @@ END(switch_to_kernel) FUNC_LOCAL(restore_all_guest) ASSERT_INTERRUPTS_DISABLED =20 + ALTERNATIVE "", "jmp eretu_exit_to_guest", X86_FEATURE_XEN_FRED + /* Stash guest SPEC_CTRL value while we can read struct vcpu. */ mov VCPU_arch_msrs(%rbx), %rdx mov VCPUMSR_spec_ctrl_raw(%rdx), %r15d --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532197; cv=none; d=zohomail.com; s=zohoarc; b=MCa4XQlJD+SySin81XWSB3U4aYtipf8BcwKQYEK9GBWh5TjRrAe/DX8W9nyNbf86cIHgVocqv5v8bKe2l7t3Xkei6a/SqrVgYyXdbuLoqZPP/C9/8zfmG93LZTEMbsANXX5mHstU9mxvh8dikAlhziCsiIjL10R3hDxJGuGSME4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532197; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=WAM/JhGgwRbXnxpkX9BmZCueQhFCGHIiDKu4L8Kc5NI=; b=HjpKH0teGh7xSkAitWEl7GfZwEdK+xC5Nvil87F5Are1uK9ynQJA/7Rj5iawz8pnWdCb/adVxVpT0rD1y8iwvyPPhrglf9Ngg1DFQUpj5zGlJ65VHBt0djN0tyRYoq/OIP7oQxaf2p+lfMXAsupW0T7WHPhwJuqLTq4qU2BqNtc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532197452512.6936817773147; Fri, 3 Oct 2025 15:56:37 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1137091.1473522 (Exim 4.92) (envelope-from ) id 1v4ohO-0007F4-ED; Fri, 03 Oct 2025 22:56:26 +0000 Received: by outflank-mailman (output) from mailman id 1137091.1473522; Fri, 03 Oct 2025 22:56:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4ohO-0007Dx-7w; Fri, 03 Oct 2025 22:56:26 +0000 Received: by outflank-mailman (input) for mailman id 1137091; Fri, 03 Oct 2025 22:56:25 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4ofB-0004mK-A8 for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:54:09 +0000 Received: from mail-wm1-x341.google.com (mail-wm1-x341.google.com [2a00:1450:4864:20::341]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id dd247d1e-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:54:06 +0200 (CEST) Received: by mail-wm1-x341.google.com with SMTP id 5b1f17b1804b1-45b4d89217aso17314265e9.2 for ; Fri, 03 Oct 2025 15:54:06 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.54.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:54:04 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: dd247d1e-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532045; x=1760136845; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WAM/JhGgwRbXnxpkX9BmZCueQhFCGHIiDKu4L8Kc5NI=; b=l+ocZeIZ7vHcWu6WaT7MfDWYXWo42Ht1hVndHlnC17zavjX+u7XhIevnEb6Ced6xLN KkBKPn6P4m34+8EikLU7FY9QdACP1T7xNTRXQkpx2C+SyqPwXKp5Yoo2WbkbkrZY/2au aD626tyTuShJHxRhVYZYW078kPCzGGKsfKgqg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532045; x=1760136845; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WAM/JhGgwRbXnxpkX9BmZCueQhFCGHIiDKu4L8Kc5NI=; b=WIBkLixK8g6awlNH+PtqplhMobx/YM5FyJ2vp2LilMZlj0rniFG9UxZvj5wqyCkUDg p7e2+KwVUfjzb4WP7/A2VjL7g3oCqMxfBk6F+8pJfPw0W9E0f9nvTjZZ6SDmM/xNzYMm Of5UGjdpBBkZp+l1mUDxa462nrjB63F+/R8zrSf3hMYiF//YjYwKK4kWxZ9BCNV5jeAX q7bGQq2sb/VTOBKPK5FZD6mWnxpOsF8xz0Gt/FU5gChkK85V/9IR0q0rMnpeDjaX+5Y/ mDCuKfOkhhia3JKYYFRt06BaB/GhMMMK2TXK7UG/nq+Nnph/ohpSf+77MpO/BY4QRpGw btQQ== X-Gm-Message-State: AOJu0Yx4L1bTvyFlQLq8ETKVF7P9pLCFRCpK+qkopguUz0CTIG3dO6a3 njABXmDdw876RWJUnmLkI7uU0JOWRlkQQ6RRD0+GCX2IEUaCGVad556FZjEre/fk7R2VBGDIjp7 X9sOK4E8rBbnJ X-Gm-Gg: ASbGncs4goLPk59ySaGFnsukY33H7VGvymHO+bj48+Eo377Fw2mR9fJjIEaOAtmDJvF lDEcSgvyvB8nYJld2xtiymAubQR9Gs/OKg3Z2hbjgQn69fufUdhwko4dx4Sx4rJBrtQNy8dxkgK hiSyPtIY2LdfGri0ek3d8oPYo6dmU+lfDu6E6CIv6fALlcDRV12a+iybdGtS8VUWrq8tOLkgjjL 4pm7Z5M4hkYPpvOAIjcln5KRgX971zYe0AuNBX8bs5MjTuOxUbIFwBQWcVXk0CfjQU79QZWgQj3 PcfKpwZ2+0+usf1hTJtQDhzFbGmkVAV9QiB3Sg/jTOdP1Pm+/j3aQBGFFsBJIKIa8OTNmeuM1fL AvETTyEv4vMjnrvzilffgNXv/G8WXDBWN+L5P4HHmH99SIQMkb/T9okkLGqayKMJmvRsIlOYzoR /COCt3rQkVwQNBOOJcXKp3 X-Google-Smtp-Source: AGHT+IHf/5Lk7C3mfMNu6HKxbtLJZy158+oGM/lvWpJaZ1zxx5/FO9MKr26tOoQHviQmduexjGe1xg== X-Received: by 2002:a5d:64e7:0:b0:3ff:d5c5:6b01 with SMTP id ffacd0b85a97d-42567135191mr2675741f8f.19.1759532045068; Fri, 03 Oct 2025 15:54:05 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 20/22] x86/pv: ERETU error handling Date: Fri, 3 Oct 2025 23:53:32 +0100 Message-Id: <20251003225334.2123667-21-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532198852116600 ERETU can fault for guest reasons, and like IRET needs special handling to forward the error into the guest. As this is largely written in C, take the opportunity to better classify the sources of error, and in particilar, not forward errors that are actually Xen's fault into the guest, opting for a domain crash instead. Because ERETU does not enable NMIs if it faults, a corner case exists if an NMI was taken while in guest context, and the ERETU back out faults. Recov= ery must involve an ERETS with the interrupted context's NMI flag. See the comments for full details. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * New --- xen/arch/x86/traps.c | 115 +++++++++++++++++++++++++++++++ xen/arch/x86/x86_64/entry-fred.S | 13 ++++ 2 files changed, 128 insertions(+) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 3f7db11c247b..955cff32d75f 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -2345,6 +2345,113 @@ void asmlinkage entry_from_pv(struct cpu_user_regs = *regs) fatal_trap(regs, false); } =20 +void nocall eretu_error_dom_crash(void); + +/* + * Classify an event at the ERETU instruction, and handle if possible. + * Returns @true if handled, @false if the event should continue down the + * normal handlers. + */ +static bool handle_eretu_event(struct cpu_user_regs *regs) +{ + unsigned long recover; + + /* + * WARNING: The GPRs in gregs overlaps with regs. Only gregs->error_c= ode + * and later are legitimate to access. + */ + struct cpu_user_regs *gregs =3D + _p(regs->rsp - offsetof(struct cpu_user_regs, error_code)); + + /* + * The asynchronous or fatal events (INTR, NMI, #MC, #DF) have been de= alt + * with, meaning we only have syncrhonous ones to consider. Anything + * which isn't a hardware exception wants handling normally. + */ + if ( regs->fred_ss.type !=3D X86_ET_HW_EXC ) + return false; + + /* + * Guests are permitted to write non-present GDT/LDT entries. Therefo= re + * #NP[sel] (%cs) and #SS[sel] (%ss) must be handled as guest errors. = The + * only other source of #SS is for a bad %ss-relative memory access in + * Xen, and if the stack is that bad, we'll have escalated to #DF. + * + * #PF can happen from ERETU accessing the GDT/LDT. Xen may translate + * these into #GP for the guest, so must be handled as guest errors. = In + * theory we can get #PF for a bad instruction fetch or bad stack acce= ss, + * but either of these will be fatal and not end up here. + */ + switch ( regs->fred_ss.vector ) + { + case X86_EXC_GP: + /* + * #GP[0] can occur because of a NULL %cs or %ss (which are a guest + * error), but some #GP[0]'s are errors in Xen (ERETU at SL !=3D 0= ), or + * errors of Xen handling guest state (bad metadata). These magic + * numbers came from the FRED Spec; they check that ERETU is tryin= g to + * return to Ring 3, and that reserved or inapplicable bits are 0. + */ + if ( regs->error_code =3D=3D 0 && (gregs->cs & ~3) && (gregs->ss &= ~3) && + (regs->fred_cs.sl !=3D 0 || + (gregs->csx & 0xffffffffffff0003UL) !=3D 3 || + (gregs->rflags & 0xffffffffffc2b02aUL) !=3D 2 || + (gregs->ssx & 0xfff80003UL) !=3D 3) ) + { + recover =3D (unsigned long)eretu_error_dom_crash; + + if ( regs->fred_cs.sl ) + gprintk(XENLOG_ERR, "ERETU at SL %u\n", regs->fred_cs.sl); + else + gprintk(XENLOG_ERR, "Bad return state: csx %#lx, rflags %#= lx, ssx %#x\n", + gregs->csx, gregs->rflags, (unsigned int)gregs->ss= x); + break; + } + fallthrough; + case X86_EXC_NP: + case X86_EXC_SS: + case X86_EXC_PF: + recover =3D (unsigned long)entry_FRED_R3; + break; + + /* + * Handle everything else normally. #BP and #DB would be debugging + * activities in Xen. In theory we can get #UD if CR4.FRED gets + * cleared, but in practice if that were the case we wouldn't be h= ere + * handling the result. + */ + default: + return false; + } + + this_cpu(last_extable_addr) =3D regs->rip; + + /* + * Everything else is recoverable, one way or another. + * + * If an NMI was taken in guest context and the ERETU faulted, NMIs wi= ll + * still be blocked. Therefore we copy the interrupted frame's NMI st= atus + * into our own, and must ERETS as part of recovery. + */ + regs->fred_ss.nmi =3D gregs->fred_ss.nmi; + + /* + * Next, copy the exception information from the current frame back on= to + * the interrupted frame, preserving the interrupted frame's %cs and %= ss. + */ + *cpu_regs_fred_info(regs) =3D *cpu_regs_fred_info(gregs); + gregs->ssx =3D (regs->ssx & ~0xffff) | gregs->ss; + gregs->csx =3D (regs->csx & ~0xffff) | gregs->cs; + gregs->error_code =3D regs->error_code; + gregs->entry_vector =3D regs->entry_vector; + + fixup_exception_return(regs, recover, 0); + + return true; +} + +void nocall eretu(void); + void asmlinkage entry_from_xen(struct cpu_user_regs *regs) { struct fred_info *fi =3D cpu_regs_fred_info(regs); @@ -2383,6 +2490,14 @@ void asmlinkage entry_from_xen(struct cpu_user_regs = *regs) if ( regs->eflags & X86_EFLAGS_IF ) local_irq_enable(); =20 + /* + * An event taken at the ERETU instruction may be because of guest sta= te + * and in that case will need special handling. + */ + if ( unlikely(regs->rip =3D=3D (unsigned long)eretu) && + handle_eretu_event(regs) ) + return; + switch ( type ) { case X86_ET_HW_EXC: diff --git a/xen/arch/x86/x86_64/entry-fred.S b/xen/arch/x86/x86_64/entry-f= red.S index a1ff9a4a9747..2fa57beb930c 100644 --- a/xen/arch/x86/x86_64/entry-fred.S +++ b/xen/arch/x86/x86_64/entry-fred.S @@ -27,9 +27,22 @@ END(entry_FRED_R3) =20 FUNC(eretu_exit_to_guest) POP_GPRS + + /* + * Exceptions here are handled by redirecting either to + * entry_FRED_R3() (for an error to be passed to the guest), or to + * eretu_error_dom_crash() (for a Xen error handling guest state). + */ +LABEL(eretu, 0) eretu END(eretu_exit_to_guest) =20 +FUNC(eretu_error_dom_crash) + PUSH_AND_CLEAR_GPRS + sti + call asm_domain_crash_synchronous /* Does not return */ +END(eretu_error_dom_crash) + /* The Ring0 entrypoint is at Ring3 + 0x100. */ .org entry_FRED_R3 + 0x100, 0xcc =20 --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532180; cv=none; d=zohomail.com; s=zohoarc; b=VkQkNAzs4EJxmKOFav6j9vqy8vPS6aiBjxoLB8n3mbltf2mhVx7P2HAqyvvC7M+TWbJ/H7NqLpv+8SQGY2tpa9eIy41MAuzXZ9pYeNz/usQrbxmv/GYb1Mv3t/r4lseRcrOSLfP+vT8Smr1bRP+sPXbBVDQaO8YAD0f5AsVM5d4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532180; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=K2jmA55hxQIRybSi+QXhuQx18AD/+63g0N2r29v59ko=; b=EwCeQ5L0kruMJVn5KavOo18iA3WhZYNxqrCvMNY6F9vaPlFmXijj4sxhs0LKzbWnHHLC9g4v3Jx/mf3P57a+4XdDXkc3VPZO7Uo+7aTUOIY7iE9ylkwA2Py5DZWbMnyG/aHksrqeQhYZDHKNHmsc6fbbH7g31H26U+p19VuZwZ4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532180962159.3590128705249; Fri, 3 Oct 2025 15:56:20 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1137010.1473481 (Exim 4.92) (envelope-from ) id 1v4oh8-0005Gu-3W; Fri, 03 Oct 2025 22:56:10 +0000 Received: by outflank-mailman (output) from mailman id 1137010.1473481; Fri, 03 Oct 2025 22:56:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4oh7-0005Gk-Tl; Fri, 03 Oct 2025 22:56:09 +0000 Received: by outflank-mailman (input) for mailman id 1137010; Fri, 03 Oct 2025 22:56:07 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4ofF-0004mK-Ax for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:54:13 +0000 Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [2a00:1450:4864:20::32a]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ddf65ebb-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:54:07 +0200 (CEST) Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-46e504975dbso16982345e9.1 for ; Fri, 03 Oct 2025 15:54:07 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.54.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:54:06 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ddf65ebb-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532046; x=1760136846; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=K2jmA55hxQIRybSi+QXhuQx18AD/+63g0N2r29v59ko=; b=sXKezuC96MrzHZ8kG8R3AkqnGnDqmT+nIOunz5rWDOuQLoX6hD11yw8vQ1wDLlFJA+ nOj2xLT19aIcSUu21koaSEhlb41aw3uTJtQRrSbqT9fXSN3rWmo5kcfov9G0T6tpZr8E GaNYLAl55infnT1JpmZXNKF5rGrxsPrZV5H1g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532046; x=1760136846; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K2jmA55hxQIRybSi+QXhuQx18AD/+63g0N2r29v59ko=; b=e7okFuMY9oLoKCScmg/4ISxvR0pOdi1LWj4iZGeQUItzfu5R9w/kPBDXJWx7jD+Vq5 pX91DyOfNzDMMmGhD5aSD+Dx2/6LbmgJRdaDX1whAQjzT4zYhb5H34uJLc9Wd1m+Q24S /p/ejD1srUkUg7YARsMU9+Iw2B2k4A3e7HSeszJ7RMnQu5OhCwMzmowVoZudjPn5AP52 ZP8yuDagHx+gttw/Q1D4Ug1s56ImcRkLIZA3g+ohkteVAPPKbJyTj+O+BCH7aYw6Pebz M0Ytr/YF+xjKPbq/O+M8esvjIKPGZXp3C9bnX/cF7xp6dMmMr9XID/Sm/AGFPqR7QVM/ rS3w== X-Gm-Message-State: AOJu0YyDgC1Y/FGA5EmD726S0MzWsAwVtqBHPaThzRejsK6Fc6Hu0xa2 i0pQV6yzZSZ/v6vHyobXqxkc47ZERuSDQj2/bZeQbA75du43f39LWek0XSYZuJF4f0WmnCqPE5Y XUttalx7xow== X-Gm-Gg: ASbGncvzQVjGRggkuloUeJm8qkEI4VNSahDAlpqeZuHTReaKa02MIVtJ1wcOlhu4Kha r/8XBuQfkEKZXpwpJ9caloCaJX5hPPUFgnCch9YuHauupKU9RHQ177hj4lxyNAA3De56cHOZAUY UajxRdb7sKx8lxvRQ8W/hch54itEaHKuezWf8G2+OwNt9i8e+a87q/rIhU10aYM6kEFZDquTaSE qTtTN1+K4Q9IQVi0RnIFtB3aI+Uu6ilG4889oOcl6CocffY2Pse/Wxup+hSIZ66x7yUgPxQs62B N4yjo2NIf3fKJ8J25szoXWaTp18iSj+l8CSuEDfXdc0aSq8OYMFkCpvGAmh2u3VyEDmGk48UmGW LZ0lD7G7vZYWHE4iNvxixjv8WgIC7dQL0D7Q4tw4DgA2F/fWALN5SrBh889vlLdeHe/PtIH9Gzi CUHRtVGlqdj/dMYKqENy4dRiLjzNn9+80= X-Google-Smtp-Source: AGHT+IER8+bmuMbdjcD97+5cotGEKUK5WaBZmZaquXW1IzNe26x9Hzq0KqVwDRfOBxcOXNEFRJ9Dog== X-Received: by 2002:a05:6000:616:b0:3ec:ea73:a94d with SMTP id ffacd0b85a97d-425671c0be5mr2758662f8f.37.1759532046511; Fri, 03 Oct 2025 15:54:06 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 21/22] x86/pv: System call handling in FRED mode Date: Fri, 3 Oct 2025 23:53:33 +0100 Message-Id: <20251003225334.2123667-22-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532182829116600 Under FRED, entry_from_pv() handles everything, even system calls. This me= ans more of our logic is written in C now, rather than assembly. In order to facilitate this, introduce pv_inject_callback(), which reuses struct trap_bounce infrastructure to inject the syscall/sysenter callbacks. This in turns requires some !PV compatibility for pv_inject_callback() and pv_hypercall() which can both be ASSERT_UNREACHABLE(). For each of INT $N, SYSCALL and SYSENTER, FRED gives us interrupted context which was previously lost. As the guest can't see FRED, Xen has to lose st= ate in the same way to maintain the prior behaviour. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v3: * Simplify DCE handling. * Add ASSERT_UNREACHABLE() to pv_inject_callback(). * Adjust comment for X86_ET_SW_INT v2: * New --- xen/arch/x86/include/asm/domain.h | 2 + xen/arch/x86/include/asm/hypercall.h | 2 - xen/arch/x86/pv/traps.c | 39 ++++++++++ xen/arch/x86/traps.c | 110 +++++++++++++++++++++++++++ 4 files changed, 151 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/d= omain.h index 5df8c7825333..828f42c3e448 100644 --- a/xen/arch/x86/include/asm/domain.h +++ b/xen/arch/x86/include/asm/domain.h @@ -710,6 +710,8 @@ void arch_vcpu_regs_init(struct vcpu *v); struct vcpu_hvm_context; int arch_set_info_hvm_guest(struct vcpu *v, const struct vcpu_hvm_context = *ctx); =20 +void pv_inject_callback(unsigned int type); + #ifdef CONFIG_PV void pv_inject_event(const struct x86_event *event); #else diff --git a/xen/arch/x86/include/asm/hypercall.h b/xen/arch/x86/include/as= m/hypercall.h index f6e9e2313b3c..ded3c24d40e2 100644 --- a/xen/arch/x86/include/asm/hypercall.h +++ b/xen/arch/x86/include/asm/hypercall.h @@ -18,9 +18,7 @@ =20 #define __HYPERVISOR_paging_domctl_cont __HYPERVISOR_arch_1 =20 -#ifdef CONFIG_PV void pv_hypercall(struct cpu_user_regs *regs); -#endif =20 void pv_ring1_init_hypercall_page(void *ptr); void pv_ring3_init_hypercall_page(void *ptr); diff --git a/xen/arch/x86/pv/traps.c b/xen/arch/x86/pv/traps.c index c3c0976c440f..00de03412639 100644 --- a/xen/arch/x86/pv/traps.c +++ b/xen/arch/x86/pv/traps.c @@ -19,6 +19,8 @@ #include #include =20 +#include + void pv_inject_event(const struct x86_event *event) { struct vcpu *curr =3D current; @@ -95,6 +97,43 @@ void pv_inject_event(const struct x86_event *event) } } =20 +void pv_inject_callback(unsigned int type) +{ + struct vcpu *curr =3D current; + struct trap_bounce *tb =3D &curr->arch.pv.trap_bounce; + unsigned long rip; + bool irq; + + ASSERT(is_pv_64bit_vcpu(curr)); + + switch ( type ) + { + case CALLBACKTYPE_syscall: + rip =3D curr->arch.pv.syscall_callback_eip; + irq =3D curr->arch.pv.vgc_flags & VGCF_syscall_disables_events; + break; + + case CALLBACKTYPE_syscall32: + rip =3D curr->arch.pv.syscall32_callback_eip; + irq =3D curr->arch.pv.syscall32_disables_events; + break; + + case CALLBACKTYPE_sysenter: + rip =3D curr->arch.pv.sysenter_callback_eip; + irq =3D curr->arch.pv.sysenter_disables_events; + break; + + default: + ASSERT_UNREACHABLE(); + rip =3D 0; + irq =3D false; + break; + } + + tb->flags =3D TBF_EXCEPTION | (irq ? TBF_INTERRUPT : 0); + tb->eip =3D rip; +} + /* * Called from asm to set up the MCE trapbounce info. * Returns false no callback is set up, else true. diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 955cff32d75f..5f89928d8128 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -52,6 +53,8 @@ #include #include =20 +#include + /* * opt_nmi: one of 'ignore', 'dom0', or 'fatal'. * fatal: Xen prints diagnostic message and then hangs. @@ -2267,6 +2270,7 @@ void asmlinkage check_ist_exit(const struct cpu_user_= regs *regs, bool ist_exit) void asmlinkage entry_from_pv(struct cpu_user_regs *regs) { struct fred_info *fi =3D cpu_regs_fred_info(regs); + struct vcpu *curr =3D current; uint8_t type =3D regs->fred_ss.type; uint8_t vec =3D regs->fred_ss.vector; =20 @@ -2306,6 +2310,30 @@ void asmlinkage entry_from_pv(struct cpu_user_regs *= regs) =20 switch ( type ) { + case X86_ET_SW_INT: + /* + * For better or worse, Xen writes IDT vectors 3 and 4 with DPL3 (= so + * INT3/INTO work), making INT $3/4 indistinguishable, and the gue= st + * choice of DPL for these vectors is ignored. + * + * Have them fall through into X86_ET_HW_EXC, as #BP in particular + * needs handling by do_int3() in case an external debugger is + * attached. + */ + if ( vec !=3D X86_EXC_BP && vec !=3D X86_EXC_OF ) + { + const struct trap_info *ti =3D &curr->arch.pv.trap_ctxt[vec]; + + if ( permit_softint(TI_GET_DPL(ti), curr, regs) ) + pv_inject_sw_interrupt(vec); + else + { + regs->rip -=3D 2; + pv_inject_hw_exception(X86_EXC_GP, (vec << 3) | X86_XEC_ID= T); + } + break; + } + fallthrough; case X86_ET_HW_EXC: case X86_ET_PRIV_SW_EXC: case X86_ET_SW_EXC: @@ -2335,6 +2363,88 @@ void asmlinkage entry_from_pv(struct cpu_user_regs *= regs) } break; =20 + case X86_ET_OTHER: + switch ( regs->fred_ss.vector ) + { + case 1: /* SYSCALL */ + { + /* + * FRED delivery preserves the interrupted %cs/%ss, but previo= usly + * SYSCALL lost the interrupted selectors, and SYSRET forced t= he + * use of the ones in MSR_STAR. + * + * The guest isn't aware of FRED, so recreate the legacy + * behaviour, including the guess of instruction length for + * faults. + * + * The non-FRED SYSCALL path sets TRAP_syscall in entry_vector= to + * signal that SYSRET can be used, but this isn't relevant in = FRED + * mode. + * + * When setting the selectors, clear all upper metadata again = for + * backwards compatibility. In particular fred_ss.swint becom= es + * pend_DB on ERETx, and nothing else in the pv_hypercall() wo= uld + * clean up. + */ + bool l =3D regs->fred_ss.l; + + regs->ssx =3D l ? FLAT_KERNEL_SS : FLAT_USER_SS32; + regs->csx =3D l ? FLAT_KERNEL_CS64 : FLAT_USER_CS32; + + if ( guest_kernel_mode(curr, regs) ) + pv_hypercall(regs); + else if ( (l ? curr->arch.pv.syscall_callback_eip + : curr->arch.pv.syscall32_callback_eip) =3D=3D 0 ) + { + regs->rip -=3D 2; + pv_inject_hw_exception(X86_EXC_UD, X86_EVENT_NO_EC); + } + else + { + /* + * The PV ABI, given no virtual SYSCALL_MASK, hardcodes th= at + * DF is cleared. Other flags are handled in the same way= as + * interrupts and exceptions in create_bounce_frame(). + */ + regs->eflags &=3D ~X86_EFLAGS_DF; + pv_inject_callback(l ? CALLBACKTYPE_syscall + : CALLBACKTYPE_syscall32); + } + break; + } + + case 2: /* SYSENTER */ + /* + * FRED delivery preserves the interrupted state, but previous= ly + * SYSENTER discarded almost everything. + * + * The guest isn't aware of FRED, so recreate the legacy + * behaviour, including the guess of instruction length for + * faults. + * + * When setting the selectors, clear all upper metadata. In + * particular fred_ss.swint becomes pend_DB on ERETx. + */ + regs->ssx =3D FLAT_USER_SS; + regs->rsp =3D 0; + regs->eflags &=3D ~(X86_EFLAGS_VM | X86_EFLAGS_IF); + regs->csx =3D 3; + regs->rip =3D 0; + + if ( !curr->arch.pv.sysenter_callback_eip ) + { + regs->rip -=3D 2; + pv_inject_hw_exception(X86_EXC_GP, 0); + } + else + pv_inject_callback(CALLBACKTYPE_sysenter); + break; + + default: + goto fatal; + } + break; + default: goto fatal; } --=20 2.39.5 From nobody Sat Oct 4 22:09:05 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1759532189; cv=none; d=zohomail.com; s=zohoarc; b=UYm5162rOk3o3tVEyEavBbeEpYVM4ThULzASoprHozZ46HE3dMCEr9a2Kh0SREwyer1dtSR05n9JYo57YWQ9Op1PKAxui4SZRQnD0nXLQkTxzzFDTuTThBMhuyTOsY+HleqcfTcBgSxYwM9JEo800wGc/zaWTprJApc/m/lj78E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1759532189; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=sn6fXbvwyibf5aUodrVJm6JuvhOw4aWmGnw59RjgLws=; b=I11G79XhW/dGh2sNN7lyu1xE4ZsaZ0/i20WQHF9GvC6yW1QmLnHfAK8EjaLRkv+SG6twh9Xn9SHp3csTfar2+PJBgWJtGPyWmvUzrJtheE17a76JLQBIhHJpqwZVkLIKjXKxn0pufzTiOhUHmEDFy2Y5DQT3A1ML6Wv4E2/THW8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1759532189973589.2438641028632; Fri, 3 Oct 2025 15:56:29 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1137041.1473491 (Exim 4.92) (envelope-from ) id 1v4ohD-0005nQ-Ds; Fri, 03 Oct 2025 22:56:15 +0000 Received: by outflank-mailman (output) from mailman id 1137041.1473491; Fri, 03 Oct 2025 22:56:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4ohD-0005nJ-AE; Fri, 03 Oct 2025 22:56:15 +0000 Received: by outflank-mailman (input) for mailman id 1137041; Fri, 03 Oct 2025 22:56:14 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1v4ofH-0004mK-As for xen-devel@lists.xenproject.org; Fri, 03 Oct 2025 22:54:15 +0000 Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [2a00:1450:4864:20::443]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id debd2545-a0ab-11f0-9809-7dc792cee155; Sat, 04 Oct 2025 00:54:08 +0200 (CEST) Received: by mail-wr1-x443.google.com with SMTP id ffacd0b85a97d-3ecdf2b1751so1826319f8f.0 for ; Fri, 03 Oct 2025 15:54:08 -0700 (PDT) Received: from localhost.localdomain (host-92-22-57-86.as13285.net. [92.22.57.86]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4255d8a6bbesm9616571f8f.12.2025.10.03.15.54.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 15:54:07 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: debd2545-a0ab-11f0-9809-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1759532048; x=1760136848; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=sn6fXbvwyibf5aUodrVJm6JuvhOw4aWmGnw59RjgLws=; b=Ol1uOYN6iFH1Q9ePKse2G7AQDJ3LybFqAL1vtshiUm9TKxNhLXXSSa3/aqfROjeio1 qx1U+TvZ9MVllMRDSOV0PSeKkffmKwtaIxqG74PcoN5zxuuyOEbKyz46X4WtdS1BfJp6 bnd1fq6FQrhuzCYg4KZidbeAP0OvRSBqUyqdQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759532048; x=1760136848; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sn6fXbvwyibf5aUodrVJm6JuvhOw4aWmGnw59RjgLws=; b=oySh1FH6Srg2wZpZmcaj2Avw8oj4Fw1kAHnawOI0ReWUUFxZkgcCcudBo+ccCMm8Uo o05OhQTsa9VlEwtj2dQKMb8g752bXaCwrqRzIbS2Gqi2zuW9DqAQdv7l7m4eZnCl6Tb5 pHyddNvt2ykiqgExTsvUPSjX7iJ8Udhrt60hlL8CjP5EtMSsqy+M6sM+ytVU8KQwL7Vb AxcD9D+5IKGhmqDukncveT3UQC4FDrbmC4jCyU+qwwylHMaOzHmCwDDTV3yg/4V0Qbvo 2E4+JInFrKGzdJWoDqegD51FG7TIQfAb3LF1H0AIDzjacwfRbv9hutDzqb6LlLY4+M4+ w6dg== X-Gm-Message-State: AOJu0YxEiSSA4PigjhSS5P83rGT/6XAcj+1EEUfy21eMNZkYhvaihX36 6z1v97YMGlyjk+dk3QZ8h8sMMYYXBDBMw4i0YrdWLpK9S+WUPcn9zQDvvbwTCtISo3Xh5MkIV2j LT3XAU7FOzC64 X-Gm-Gg: ASbGncuo5cPaUbnqm8NCsvkf/cyMvad9YYYtDPJDbM4be5pZMXHJi/BGlhIlamjdVyc mqvvDhRYS4Ngsq00H449+cp2Btvv7AyX66f1cMA1RSNg3evkMGzHhPzBqhnkhxDCORpIQ2Vr4pr tU3qDbz9BdQSo7VqliuhHPtXzn6SIWgCD4eKzd5r5mbm9y/0KQy+k141A05tQO0jnsfsZN+Y/Cr mqxKjcMtRxQ77WJ1ercYn+bFQk3TVRoNd0XfGQ1LIcbt4UxEBrk+7BJ9zqaJW3pogYsaD3J3z7R HnQSpZkXgnu5fFf/t14/bn1z3AR2eLmy4eIfb0w4chG/ADptLatGe0vzl9kxWDZKqaWuL51OZFI Exjn+wM7Xg/NemjBBtj/J555adhOzKAvs12cExDMXmysd4d/aQfPQ4UNQN1DlE/ciFZ6SG9HPRc er5Q7YNhLdLbN6vxJSR55X3TRpB5stoRU= X-Google-Smtp-Source: AGHT+IHbMLuoC41nePwr7XwlQNRwJGW5DZ9YhlUUXU/U86EiWOUWA9oDMmV7RihOf5Z2HIlk4mA2ew== X-Received: by 2002:a05:6000:402b:b0:3ea:6680:8fce with SMTP id ffacd0b85a97d-4256719383emr3027011f8f.48.1759532047882; Fri, 03 Oct 2025 15:54:07 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v3 22/22] x86: Clamp reserved bits in eflags more aggressively Date: Fri, 3 Oct 2025 23:53:34 +0100 Message-Id: <20251003225334.2123667-23-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251003225334.2123667-1-andrew.cooper3@citrix.com> References: <20251003225334.2123667-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1759532190984116600 ERETU, unlike IRET, requires the sticky-1 bit (bit 2) be set, and reserved bits to be clear. Notably this means that dom0_construct() must set X86_EFLAGS_MBS it in order for a PV dom0 to start. Xen has been overly lax with reserved bit handling. Adjust arch_set_info_guest*() and hypercall_iret() which consume flags to clamp the reserved bits for all guest types. This is a minor ABI change, but by the same argument as commit 9f892f84c279 ("x86/domctl: Stop using XLAT_cpu_user_regs()"), the reserved bits would get clamped naturally by hardware when the vCPU is run. This allows PV guests to start when Xen is using FRED mode. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v3: * Rewrite the commit message. v2: * New The handling of VM is complicated. It turns out that it's simply ignored by IRET in Long Mode (i.e. clearing it commit 0e47f92b0725 ("x86: force EFLAGS.IF on when exiting to PV guests") wasn't actually necessary) but ERETU does care. But, it's unclear how to handle this in in arch_set_info(). We must preser= ve it for HVM guests (which can use vm86 mode). PV32 has special handling but only in hypercall_iret(), not in arch_set_info(). --- xen/arch/x86/domain.c | 4 ++-- xen/arch/x86/hvm/domain.c | 4 ++-- xen/arch/x86/include/asm/x86-defns.h | 7 +++++++ xen/arch/x86/pv/dom0_build.c | 2 +- xen/arch/x86/pv/iret.c | 8 +++++--- 5 files changed, 17 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index ce08f91be3af..423d0a6af4f3 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1273,7 +1273,7 @@ int arch_set_info_guest( v->arch.user_regs.rax =3D c.nat->user_regs.rax; v->arch.user_regs.rip =3D c.nat->user_regs.rip; v->arch.user_regs.cs =3D c.nat->user_regs.cs; - v->arch.user_regs.rflags =3D c.nat->user_regs.rflags; + v->arch.user_regs.rflags =3D (c.nat->user_regs.rflags &= X86_EFLAGS_ALL) | X86_EFLAGS_MBS; v->arch.user_regs.rsp =3D c.nat->user_regs.rsp; v->arch.user_regs.ss =3D c.nat->user_regs.ss; v->arch.pv.es =3D c.nat->user_regs.es; @@ -1297,7 +1297,7 @@ int arch_set_info_guest( v->arch.user_regs.eax =3D c.cmp->user_regs.eax; v->arch.user_regs.eip =3D c.cmp->user_regs.eip; v->arch.user_regs.cs =3D c.cmp->user_regs.cs; - v->arch.user_regs.eflags =3D c.cmp->user_regs.eflags; + v->arch.user_regs.eflags =3D (c.cmp->user_regs.eflags &= X86_EFLAGS_ALL) | X86_EFLAGS_MBS; v->arch.user_regs.esp =3D c.cmp->user_regs.esp; v->arch.user_regs.ss =3D c.cmp->user_regs.ss; v->arch.pv.es =3D c.cmp->user_regs.es; diff --git a/xen/arch/x86/hvm/domain.c b/xen/arch/x86/hvm/domain.c index 048f29ae4911..1e874d598952 100644 --- a/xen/arch/x86/hvm/domain.c +++ b/xen/arch/x86/hvm/domain.c @@ -194,7 +194,7 @@ int arch_set_info_hvm_guest(struct vcpu *v, const struc= t vcpu_hvm_context *ctx) uregs->rsi =3D regs->esi; uregs->rdi =3D regs->edi; uregs->rip =3D regs->eip; - uregs->rflags =3D regs->eflags; + uregs->rflags =3D (regs->eflags & X86_EFLAGS_ALL) | X86_EFLAGS_MBS; =20 v->arch.hvm.guest_cr[0] =3D regs->cr0; v->arch.hvm.guest_cr[3] =3D regs->cr3; @@ -245,7 +245,7 @@ int arch_set_info_hvm_guest(struct vcpu *v, const struc= t vcpu_hvm_context *ctx) uregs->rsi =3D regs->rsi; uregs->rdi =3D regs->rdi; uregs->rip =3D regs->rip; - uregs->rflags =3D regs->rflags; + uregs->rflags =3D (regs->rflags & X86_EFLAGS_ALL) | X86_EFLAGS_MBS; =20 v->arch.hvm.guest_cr[0] =3D regs->cr0; v->arch.hvm.guest_cr[3] =3D regs->cr3; diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/as= m/x86-defns.h index 0a0ba83de786..edeb0b4ff95a 100644 --- a/xen/arch/x86/include/asm/x86-defns.h +++ b/xen/arch/x86/include/asm/x86-defns.h @@ -27,6 +27,13 @@ (X86_EFLAGS_CF | X86_EFLAGS_PF | X86_EFLAGS_AF | \ X86_EFLAGS_ZF | X86_EFLAGS_SF | X86_EFLAGS_OF) =20 +#define X86_EFLAGS_ALL \ + (X86_EFLAGS_ARITH_MASK | X86_EFLAGS_TF | X86_EFLAGS_IF | \ + X86_EFLAGS_DF | X86_EFLAGS_OF | X86_EFLAGS_IOPL | \ + X86_EFLAGS_NT | X86_EFLAGS_RF | X86_EFLAGS_VM | \ + X86_EFLAGS_AC | X86_EFLAGS_VIF | X86_EFLAGS_VIP | \ + X86_EFLAGS_ID) + /* * Intel CPU flags in CR0 */ diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 21158ce1812e..f9bbbea2ff70 100644 --- a/xen/arch/x86/pv/dom0_build.c +++ b/xen/arch/x86/pv/dom0_build.c @@ -1021,7 +1021,7 @@ static int __init dom0_construct(const struct boot_do= main *bd) regs->rip =3D parms.virt_entry; regs->rsp =3D vstack_end; regs->rsi =3D vstartinfo_start; - regs->eflags =3D X86_EFLAGS_IF; + regs->eflags =3D X86_EFLAGS_IF | X86_EFLAGS_MBS; =20 /* * We don't call arch_set_info_guest(), so some initialisation needs d= oing diff --git a/xen/arch/x86/pv/iret.c b/xen/arch/x86/pv/iret.c index d3a1fb2c685b..39ce316b8d91 100644 --- a/xen/arch/x86/pv/iret.c +++ b/xen/arch/x86/pv/iret.c @@ -80,8 +80,9 @@ long do_iret(void) =20 regs->rip =3D iret_saved.rip; regs->cs =3D iret_saved.cs | 3; /* force guest privilege */ - regs->rflags =3D ((iret_saved.rflags & ~(X86_EFLAGS_IOPL|X86_EFLAGS_VM= )) - | X86_EFLAGS_IF); + regs->rflags =3D ((iret_saved.rflags & X86_EFLAGS_ALL & + ~(X86_EFLAGS_IOPL | X86_EFLAGS_VM)) | + X86_EFLAGS_IF | X86_EFLAGS_MBS); regs->rsp =3D iret_saved.rsp; regs->ss =3D iret_saved.ss | 3; /* force guest privilege */ =20 @@ -143,7 +144,8 @@ int compat_iret(void) if ( VM_ASSIST(v->domain, architectural_iopl) ) v->arch.pv.iopl =3D eflags & X86_EFLAGS_IOPL; =20 - regs->eflags =3D (eflags & ~X86_EFLAGS_IOPL) | X86_EFLAGS_IF; + regs->eflags =3D ((eflags & X86_EFLAGS_ALL & ~X86_EFLAGS_IOPL) | + X86_EFLAGS_IF | X86_EFLAGS_MBS); =20 if ( unlikely(eflags & X86_EFLAGS_VM) ) { --=20 2.39.5