From nobody Tue Mar 3 05:12:31 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1772234237; cv=none; d=zohomail.com; s=zohoarc; b=YzcOBa2lCbGYriTQ+7fYvfg5azumSg82H/mLTadXXUZS0J+4tU4+Qfn3FhpcbOaexsTWaLAZpnz/id3MsSa7U5cZ++/dDDIagzWT3O8is+msTmhh1yYTpzWE85sEQTB4BYiofozbx7JEVOrWGVGBKP8j80lmhIY51KIhQEb7++8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1772234237; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=IPkD49jGeQX0+NTjYasufq4vkWv8Wa7wJQ5GOxuUBzw=; b=DQTG7XflFiUkHQMPA2fk2wsPwdva8r+56hPNQSJOy/ePp8o0Z4wnmsZ5J5dfC4Q3ATjvD2Lse0l796GBly+CttllSiR1cJTWtZkPALemudSRJcf2mILFJR3sCXRMNKkWRBM0SIh3afKnPJqnSjVWYscyoiXOkLU1XE15QGFbkkI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1772234237419894.8217631285047; Fri, 27 Feb 2026 15:17:17 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1243151.1543219 (Exim 4.92) (envelope-from ) id 1vw74r-0002rE-Sr; Fri, 27 Feb 2026 23:16:57 +0000 Received: by outflank-mailman (output) from mailman id 1243151.1543219; Fri, 27 Feb 2026 23:16:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vw74r-0002ok-A5; Fri, 27 Feb 2026 23:16:57 +0000 Received: by outflank-mailman (input) for mailman id 1243151; Fri, 27 Feb 2026 23:16:55 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vw74p-0001Do-0s for xen-devel@lists.xenproject.org; Fri, 27 Feb 2026 23:16:55 +0000 Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [2a00:1450:4864:20::429]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 65a17652-1432-11f1-9ccf-f158ae23cfc8; Sat, 28 Feb 2026 00:16:51 +0100 (CET) Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-4398d9a12c6so2002729f8f.2 for ; Fri, 27 Feb 2026 15:16:51 -0800 (PST) Received: from localhost.localdomain (host-92-22-18-152.as13285.net. [92.22.18.152]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4399c70e8e8sm9680306f8f.10.2026.02.27.15.16.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Feb 2026 15:16:49 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 65a17652-1432-11f1-9ccf-f158ae23cfc8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1772234210; x=1772839010; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IPkD49jGeQX0+NTjYasufq4vkWv8Wa7wJQ5GOxuUBzw=; b=aWu0v+aKBSi+ZKXTbUAIbhqLiQ3t0UCag3SY/IXNU8JtgkdzoJIrQ60VGwJb9cv4Y4 jNGvfp2rCW7wSHNUZy3zh3kDtFHniQVLflFDdMPuqlR4IRkD2OQJX3rR/25hji2Yr8HH VuPEQ7C6rHI5+6XRZF9iwNbB4CWl99pMP+7y8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772234210; x=1772839010; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=IPkD49jGeQX0+NTjYasufq4vkWv8Wa7wJQ5GOxuUBzw=; b=DdWnCDvVvP4AqNzRXCvmgu0RjdtbedXT+uxnK61aVSi9EDuCwNfkBsgDWQ4Vcwko49 xwMSpOstGei/PHJf3MFw9W2upjdGZ+sNsAQk4rh7CnqLKupX75CqsoAhnEOHxOpGkgOX ddq/UDaizVe57NPvgGQxav1UFkWJ0pd8Ys2PB0ddmk/x8uDTuz37FymzbxcyPMreON6A ekJ9BcEk14xtQ6f17AYzFMHurBy/GchNZf9lKE7PgF/v1ObU126ndDvhd3KeqNMAqTWD JqOzLffncvpIa/J4wsVLsLVVQqARTK4gs1tSxN10sECeeCgOCR60X7XjvUHz2uuzHfZz 63vA== X-Gm-Message-State: AOJu0Yynw/kQWYsK7Gl9vJD84x3w0caPwULE5E+XnTFTR8JB4EaySAv4 oeIifRzWvhN0xnR5cXv0IGhvQ83fwdGX8zMaSmX5PJ09dyR/k6cavq26iOzcfMyeRYpNn8FjcDu rBGxP2XccOA== X-Gm-Gg: ATEYQzwLpygoeAfajVlmhzf9oEj32veKnLugd0DsSSkyl+XViBax4otbgprtdLRlHlv e1il92qsxUkEZ0jvQkPNWGWwkp7uXKp/WfvLRgjw68mj60YUlX8DXRourpImchy6ITOvimnvd79 +X9F5L7LKCL2QulJqnKjX+7PoZzC30h0Y4gbGJ3OP+f9EHl0I3PS+aeYp8j1CpYyycst19XIttL EumeAkxACZMWjf3iF8akKhdggWsYxv261LEgmXnq3EOrtb5y3wzilNEhT/BAQPjPn4VXlADKy5X GaC6zhylzoN2GHUUZ13EIYDYARmyO6C+cFiU0EQEo296G16TQa7xeLtuQrNMk0i4ui0GR/qOdc4 iWhfv2RJkYNt7XQ10YJvl8KfliWzwPzFnaQjXMVakXSmfr3vv+U1r+BCIs74URBXCUy4YjqISdn 3yAkuBG23jG3jY4ViUIaqAwz0aDJdwiQi+cZ7NYVQ1gRbL3LadQRIR58ae6qXPIHi62ocJ1fo= X-Received: by 2002:a05:6000:4301:b0:439:8487:73b2 with SMTP id ffacd0b85a97d-4399ddf1330mr8136464f8f.14.1772234210254; Fri, 27 Feb 2026 15:16:50 -0800 (PST) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v4 10/14] x86/pv: Guest exception handling in FRED mode Date: Fri, 27 Feb 2026 23:16:32 +0000 Message-Id: <20260227231636.3955109-11-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260227231636.3955109-1-andrew.cooper3@citrix.com> References: <20260227231636.3955109-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1772234238358158500 Under FRED, entry_from_pv() handles everything. To start with, implement exception handling in the same manner as entry_from_xen(), although we can unconditionally enable interrupts after the async/fatal events. After entry_from_pv() returns, test_all_events() needs to run to perform exception and interrupt injection. Split entry_FRED_R3() into two and introduce eretu_exit_to_guest() as the latter half, coming unilaterally from restore_all_guest(). For all of this, there is a slightly complicated relationship with CONFIG_P= V. entry_FRED_R3() must exist irrespective of CONFIG_PV, because it's the entrypoint registered with hardware. For simplicity, entry_from_pv() is always called, but it collapses into fatal_trap() in the !PV case. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v4: * Treat nested events as fatal. v3: * Adjust comments. * Group CP with others. It's definitely wrong for perf, but that's out the window anyway now that we're letting a compiler make the decision tree. v2: * New --- xen/arch/x86/traps.c | 78 +++++++++++++++++++++++++++++++- xen/arch/x86/x86_64/entry-fred.S | 13 +++++- xen/arch/x86/x86_64/entry.S | 4 +- 3 files changed, 92 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 48667c71d591..7563576fb477 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -2266,9 +2266,85 @@ void asmlinkage check_ist_exit(const struct cpu_user= _regs *regs, bool ist_exit) =20 void asmlinkage entry_from_pv(struct cpu_user_regs *regs) { + struct fred_info *fi =3D cpu_regs_fred_info(regs); + uint8_t type =3D regs->fred_ss.type; + uint8_t vec =3D regs->fred_ss.vector; + /* Copy fred_ss.vector into entry_vector as IDT delivery would have do= ne. */ - regs->entry_vector =3D regs->fred_ss.vector; + regs->entry_vector =3D vec; + + if ( !IS_ENABLED(CONFIG_PV) ) + goto fatal; + + /* + * First, handle the asynchronous or fatal events. These are either + * unrelated to the interrupted context, or may not have valid context + * recorded, and all have special rules on how/whether to re-enable IR= Qs. + */ + if ( regs->fred_ss.nested ) + goto fatal; + + switch ( type ) + { + case X86_ET_EXT_INTR: + return do_IRQ(regs); + + case X86_ET_NMI: + return do_nmi(regs); + + case X86_ET_HW_EXC: + switch ( vec ) + { + case X86_EXC_DF: return do_double_fault(regs); + case X86_EXC_MC: return do_machine_check(regs); + } + break; + } =20 + /* + * With the asynchronous events handled, what remains are the synchron= ous + * ones. PV guest context always had interrupts enabled. + */ + local_irq_enable(); + + switch ( type ) + { + case X86_ET_HW_EXC: + case X86_ET_PRIV_SW_EXC: + case X86_ET_SW_EXC: + switch ( vec ) + { + case X86_EXC_PF: handle_PF(regs, fi->edata); break; + case X86_EXC_GP: do_general_protection(regs); break; + case X86_EXC_UD: do_invalid_op(regs); break; + case X86_EXC_NM: do_device_not_available(regs); break; + case X86_EXC_BP: do_int3(regs); break; + case X86_EXC_DB: handle_DB(regs, fi->edata); break; + case X86_EXC_CP: do_entry_CP(regs); break; + + case X86_EXC_DE: + case X86_EXC_OF: + case X86_EXC_BR: + case X86_EXC_NP: + case X86_EXC_SS: + case X86_EXC_MF: + case X86_EXC_AC: + case X86_EXC_XM: + do_trap(regs); + break; + + default: + goto fatal; + } + break; + + default: + goto fatal; + } + + return; + + fatal: fatal_trap(regs, false); } =20 diff --git a/xen/arch/x86/x86_64/entry-fred.S b/xen/arch/x86/x86_64/entry-f= red.S index 3c3320df22cb..a1ff9a4a9747 100644 --- a/xen/arch/x86/x86_64/entry-fred.S +++ b/xen/arch/x86/x86_64/entry-fred.S @@ -15,9 +15,20 @@ FUNC(entry_FRED_R3, 4096) mov %rsp, %rdi call entry_from_pv =20 +#ifdef CONFIG_PV + GET_STACK_END(14) + movq STACK_CPUINFO_FIELD(current_vcpu)(%r14), %rbx + + jmp test_all_events +#else + BUG /* Not Reached */ +#endif +END(entry_FRED_R3) + +FUNC(eretu_exit_to_guest) POP_GPRS eretu -END(entry_FRED_R3) +END(eretu_exit_to_guest) =20 /* The Ring0 entrypoint is at Ring3 + 0x100. */ .org entry_FRED_R3 + 0x100, 0xcc diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 8b83082413a5..17ca6a493906 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -63,7 +63,7 @@ UNLIKELY_END(syscall_no_callback) /* Conditionally clear DF */ and %esi, UREGS_eflags(%rsp) /* %rbx: struct vcpu */ -test_all_events: +LABEL(test_all_events, 0) ASSERT_NOT_IN_ATOMIC cli # tests must not race interrupts /*test_softirqs:*/ @@ -152,6 +152,8 @@ END(switch_to_kernel) FUNC_LOCAL(restore_all_guest) ASSERT_INTERRUPTS_DISABLED =20 + ALTERNATIVE "", "jmp eretu_exit_to_guest", X86_FEATURE_XEN_FRED + /* Stash guest SPEC_CTRL value while we can read struct vcpu. */ mov VCPU_arch_msrs(%rbx), %rdx mov VCPUMSR_spec_ctrl_raw(%rdx), %r15d --=20 2.39.5