From nobody Mon Mar 23 19:52:49 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1773923189; cv=none; d=zohomail.com; s=zohoarc; b=iXzgmzYjF583a3kKFgPmfAYv7349pqATyhkuJ9w6LC9ABkJE0W/K0D0eT8jKC9DGNwr8dwGt4DGkrup4ppaCZM1GIDk55JpZcXdTiIsIZCKiP3ROCYT9w4Tlho87jobRdmgafWI2QkTFBz3JF628Jy3THB7fT+dyCi3AoFfIPL0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773923189; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=0qQivWpVp8aJ0G+OuJqncSanArkeWmdPzppoMAV3zIE=; b=bMFjpOzo31ouIbpQ99mf8s6+qahPLC+r3mcIBAMpedkzOl40Bz0UMc7L2za5iN1l4w3UEf9auMCVMZBwVtccx3QO1+nZIKkwz3RkmKzmdNO0qLkLZV7XhnhUz1XsuHGM3gY63kSc6f6FwwwjeLilvcVXj5nRZlsUSHNwfxeyMvc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1773923189354305.20351021335557; Thu, 19 Mar 2026 05:26:29 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1257010.1551450 (Exim 4.92) (envelope-from ) id 1w3CRn-0007e2-PB; Thu, 19 Mar 2026 12:25:55 +0000 Received: by outflank-mailman (output) from mailman id 1257010.1551450; Thu, 19 Mar 2026 12:25:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w3CRn-0007dv-M7; Thu, 19 Mar 2026 12:25:55 +0000 Received: by outflank-mailman (input) for mailman id 1257010; Thu, 19 Mar 2026 12:25:55 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w3CRm-0007dl-VN for xen-devel@lists.xenproject.org; Thu, 19 Mar 2026 12:25:55 +0000 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [2a00:1450:4864:20::331]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id c5e68830-238e-11f1-b164-2bf370ae4941; Thu, 19 Mar 2026 13:25:53 +0100 (CET) Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-48628ce9ab5so11741955e9.2 for ; Thu, 19 Mar 2026 05:25:53 -0700 (PDT) Received: from localhost.localdomain (host-92-22-18-152.as13285.net. [92.22.18.152]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-486f8c350aesm60831395e9.4.2026.03.19.05.25.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Mar 2026 05:25:52 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c5e68830-238e-11f1-b164-2bf370ae4941 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1773923153; x=1774527953; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0qQivWpVp8aJ0G+OuJqncSanArkeWmdPzppoMAV3zIE=; b=rrVH0g0l72BfdQK/QoSamnP+Xh5y1d6wSWipfFGq1ULhlKiRRy+r9qK3P4xob/V0ox 7+J+kcCuEiPRDqKpV320cYrTKBbiNpbDpFxTFyLVd0BxTp2v+uoaeW7JfDvfU5kw6yp/ UX1rpa31o3F3ePm6ucNUdU0NbTD/v5YkJmovk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773923153; x=1774527953; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=0qQivWpVp8aJ0G+OuJqncSanArkeWmdPzppoMAV3zIE=; b=KgMJiy4hC1bN/gfTcIIODJUQuHc5FNFdjBLHxjg0aVRXEY1Vaml/QcjdeZEFSsJjmf /3AWw0ajvf535eL6u5Skc2wHyCsBgPR8xIfOwIiaXJW5p7CmL0rPiIzSAqbUaenWZeHm See+fN6MlayhlF3ztV27RBvMFXMS/KCObjU3t9QF51rp3qDxehfIBaXT9Q6xj9CeHpNn tCrKe6EgrnJapCBR/3sfTGr2j4fUK3zU3rBKHc9TUqdqdSLpFAFDaV/YJ8NFSXcd4ZRk 4qnvvrw5ZIzpdoBt9vL9yHPUjNNPhkpmpc1tTjQEvNMRH6xBWtpUlJL0ND7C0ssaJXdD 7cxQ== X-Gm-Message-State: AOJu0YzuDtWoaWHsR7w8GLVLxGM8lV1Gd7ShhwM7GqmPTGPc9PtUwm6G EJARQkWDcLCHtONkXZHYlKmiGVRq8M7OIWvEz9Ru5FzKRCSLBISl0xOaVbLZqPnlFgGw59miTIQ U2cFB X-Gm-Gg: ATEYQzwo9aNdnf3LQM7Mgx3+4HYgKAM3e1Z5DxB09U7mKIIBgOTxEJI67xhBZLDy7co MXQwOhnablMYfCyBxbHL74tg/6FvUImqGWHH0d9fmnxJQL9VJdrL5ZIKWRhbzj7LTJnpFed/oJN EB9i/jf+fLi1NHLpG9FX9epAZMIeYZmeirVni+IEgBjE8n98Ea6FVYzer/dMhi95togTxWpGu+7 OsVPrCjkHgbxyART4ig7K1vt52eo5pOIj8qapiw8wLkUoje2smJNIe2cZYpMB5x55qzzWRFessb ar8yY7fu87mw7Qqjq9W9xEZpXE+lwRfyrVxCQesDZ3NC6kcnWKr34b1DAFBdo8nq57QXU9axJZi RPmLuDEG5YWjAqtKmbn166cf4CqkjEmW56r07fZ35H0e0rJh9Vg2SiKjIdxgvbSU1AyLCrE9vS+ zbvhOF1DVqBMfy9RtKl1PsZJaUMa63wCuZ7ivBwPDzJhSrsOQNPeEe/1lxYKvgXx+NKS69950= X-Received: by 2002:a05:600c:8b65:b0:483:badb:618e with SMTP id 5b1f17b1804b1-486f44377dcmr117409865e9.8.1773923152313; Thu, 19 Mar 2026 05:25:52 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH 1/4] x86/kexec: Stop hooking NMIs with trap_nop() Date: Thu, 19 Mar 2026 12:25:46 +0000 Message-Id: <20260319122549.922724-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260319122549.922724-1-andrew.cooper3@citrix.com> References: <20260319122549.922724-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1773923190930158500 When FRED is active, it is not possible to hook NMIs like this. NMI hooking in the crash path has undergone several revisions since its introduction. Notably since commit e7f147bf4ac7 ("x86/crash: Drop manual hooking of exception_table[]") we use the regular nmi_callback() infrastructure. Instead of asserting that we don't enter do_nmi_crash() on the crashing CPU, tolerate it and return early. It's a marginally longer codepath but behaves the same and is compatible with FRED. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 The other use of hooking the NMI handler like this is in play_dead() and introduced by commit 73cb1383bf8d ("x86/idle: re-arrange dead-idle handling"). It's unsafe, and the commit even mentions so for #MC. On x86, we simply cannot free the per-cpu block for any CPU that hasn't been put back into the wait-for-SIPI state. --- xen/arch/x86/crash.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index 1e4b0eeff21b..04fd04393b29 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -37,14 +37,18 @@ static cpumask_t waiting_to_crash; static unsigned int crashing_cpu; static DEFINE_PER_CPU_READ_MOSTLY(bool, crash_save_done); =20 -/* This becomes the NMI handler for non-crashing CPUs, when Xen is crashin= g. */ -static int noreturn cf_check do_nmi_crash( +/* This becomes the NMI handler for all CPUs when Xen is crashing. */ +static int cf_check do_nmi_crash( const struct cpu_user_regs *regs, int cpu) { stac(); =20 - /* nmi_shootdown_cpus() should ensure that this assertion is correct. = */ - ASSERT(cpu !=3D crashing_cpu); + /* + * If we are the crashing CPU, do nothing. We need to get back to the + * interrupted codepath to contine with the kexec transition. + */ + if ( cpu =3D=3D crashing_cpu ) + return 1; =20 /* Save crash information and shut down CPU. Attempt only once. */ if ( !this_cpu(crash_save_done) ) @@ -114,6 +118,8 @@ static int noreturn cf_check do_nmi_crash( =20 for ( ; ; ) halt(); + + unreachable(); } =20 static void nmi_shootdown_cpus(void) @@ -130,11 +136,7 @@ static void nmi_shootdown_cpus(void) =20 cpumask_andnot(&waiting_to_crash, &cpu_online_map, cpumask_of(cpu)); =20 - /* - * Disable IST for MCEs to avoid stack corruption race conditions, and - * change the NMI handler to a nop to avoid deviation from this codepa= th. - */ - _set_gate_lower(&idt[X86_EXC_NMI], SYS_DESC_irq_gate, 0, &trap_nop); + /* Disable IST for MCEs to avoid stack corruption race conditions */ set_ist(&idt[X86_EXC_MC], IST_NONE); =20 set_nmi_callback(do_nmi_crash); --=20 2.39.5 From nobody Mon Mar 23 19:52:49 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1773923191; cv=none; d=zohomail.com; s=zohoarc; b=JE+FeeFdEDuGqgxgVlFvpA9PISwVNQ3gPp8ZDCXIpE52z+EoRr0DBcvjtbUpUsP5Mr5Nn3InXlpTnszledEanJoEhz8Lf8P38rbzN60Ejd/G+ImbeZ2TuX18kDkt8oX+QsEpp9cXAXhdESlt98n/XJ2y9uY0ZWwKj6MTMhd5XEY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773923191; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=sNvCSrOBffuTtzSMMrot8orJxzRk8BMjuPIbTAHvYz0=; b=ImNB1MxiCDUraE95dXPBIK/JEWNhGoDngL2EBG5l5+lSSXTFqYgDlVqmagQ08b+25oN8omk11fO+d7U7vub35F8LnMyj+g+yQy3r9OEp3G9CtKod7p2xEMzBvpkRqW/naIU/00pqzZuFkGQjBlEuUWpjeTL4Csu2iZxBO44RAmc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1773923191873204.50086251521168; Thu, 19 Mar 2026 05:26:31 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1257012.1551470 (Exim 4.92) (envelope-from ) id 1w3CRq-00084J-9T; Thu, 19 Mar 2026 12:25:58 +0000 Received: by outflank-mailman (output) from mailman id 1257012.1551470; Thu, 19 Mar 2026 12:25:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w3CRq-00084B-4u; Thu, 19 Mar 2026 12:25:58 +0000 Received: by outflank-mailman (input) for mailman id 1257012; Thu, 19 Mar 2026 12:25:56 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w3CRo-0007dl-I6 for xen-devel@lists.xenproject.org; Thu, 19 Mar 2026 12:25:56 +0000 Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [2a00:1450:4864:20::330]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id c673dd97-238e-11f1-b164-2bf370ae4941; Thu, 19 Mar 2026 13:25:54 +0100 (CET) Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-4852afd42ceso6482595e9.2 for ; Thu, 19 Mar 2026 05:25:54 -0700 (PDT) Received: from localhost.localdomain (host-92-22-18-152.as13285.net. [92.22.18.152]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-486f8c350aesm60831395e9.4.2026.03.19.05.25.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Mar 2026 05:25:52 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c673dd97-238e-11f1-b164-2bf370ae4941 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1773923154; x=1774527954; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=sNvCSrOBffuTtzSMMrot8orJxzRk8BMjuPIbTAHvYz0=; b=RNlQOr+bemU/6niK4DzhTF2Od9gVL/MBhqUOzn9suiBZguQt2vtiVoFwiKR4/2xtbC A9VpZ4XFwBsgFWDM3VVCqztOJMs7T3LjMinREbNG8jCyanwu4sMEUa4/4kXa2BpTjIsM 73Zyb3VBSt+4q0DCyyReAo7IUDb6JS+rOnHfI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773923154; x=1774527954; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=sNvCSrOBffuTtzSMMrot8orJxzRk8BMjuPIbTAHvYz0=; b=ZYcwk3kieH2lg2UFwiMEaZRVY30TO2m3TbPIgmW/jDik0g3PtyFaDC7sgVMbR59tI4 yK8bRCNYG678g2ieGeqy9Wk8ih9ClxpoyaJdwD60kTvWseaireafMaRg9vaoivXOtNox TbV/uEUF9YiOEkRqNv9iYjbQz+Jef/UT5+fN9nOdKjX7YY+ZYXk5Ko4hYZwOiVW9RirC vThzSGK1Gaxf+7HXFsVkc9pMI8+Z7ckOswtf6nIRklJeZH8l6zYfr4/+wq2fO9TpBJ42 dQDKr7D7zEHHKk/c3m6lv58QhXnM9fW9+CUwDLDRO8aQmC8RPUKY2E5vSg47AP7wbkL1 oX9w== X-Gm-Message-State: AOJu0YxNyqpbRK5ajzhPjDcBCqlEcoM1ff+muyFXL+i1sZ4qw8/bVd9g gs1jO5JT6jA262MKcwAEK25kzXJd4DpoAzDyuSsxDoMzjZswIDAYlPM7FQ52ZJdx06J2yrGCiaI 3Ey7u X-Gm-Gg: ATEYQzwGb2JlxZUqeKPYarVO3QR7lKAVuHFX+17f8Rc040d/gXrHR4sG9LCAJ629cI+ ht1VEL+XwSTSFmr4wOXUTTqAPIxzaJJChmemI4DP+IcqHeizxRYa24LPotjwn7ksD+4tilbPkKh AK2jnMJhQq7TTlP+nBTxNkTWRj0F0lTzEzPnnJtx5TLNA3Ewd7yLk2OY42YQBPXJzdZfZV0fDp5 GlsBCfJ2/tl3zUonNe0eC65wGwPmqYrCbIC0FBjFX0C3iEd0CvtfbQ9ZEaW1pz4OkgcJNF2f00y N/zeXvssYt517ZI2MFryK/Bd4fOJtTY4H/aAqBmSBmYo4Rh1qjaSvrm2vf+WzRmVPtjLlJQJD5y RsU+jW51SGAZ3FWZnQVswz4eJyRP8e5BZ0MQ3RdboFytXzH51LvcksPsTgh6EDb2UvaLAGKVMrx C7ujO41TgLHLAaEk74xg/X6IRnyf5/fB0atZ/tvsiX8fRqEzlJ/j3Tjdg8l+IoPbtOoIj019A= X-Received: by 2002:a05:600c:4ed4:b0:485:3c2d:d02b with SMTP id 5b1f17b1804b1-486f4444050mr121170235e9.22.1773923153070; Thu, 19 Mar 2026 05:25:53 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH 2/4] x86/kexec: Fix and expands comments for kexec_reloc() Date: Thu, 19 Mar 2026 12:25:47 +0000 Message-Id: <20260319122549.922724-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260319122549.922724-1-andrew.cooper3@citrix.com> References: <20260319122549.922724-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1773923192496158500 The order of shutdown is delicate. Explain things a little better. Fix two comments about leaving Long Mode. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 --- xen/arch/x86/x86_64/kexec_reloc.S | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/x86_64/kexec_reloc.S b/xen/arch/x86/x86_64/kexec_= reloc.S index b52d31a654e0..d0951ea1e1c4 100644 --- a/xen/arch/x86/x86_64/kexec_reloc.S +++ b/xen/arch/x86/x86_64/kexec_reloc.S @@ -27,6 +27,14 @@ .section .text.kexec, "ax", @progbits .code64 =20 + /* + * kexec_reloc() is entered in it's natural position within Xen. + * + * A copy of .text.kexec is identity mapped at %rdi within the + * pagetables in %rsi. Xen's .text is mapped into %rsi at it's hi= gh + * alias allowing to pivot, but most other things including the st= acks + * are not mapped. + */ FUNC(kexec_reloc, PAGE_SIZE) /* %rdi - code page maddr */ /* %rsi - page table maddr */ @@ -36,10 +44,17 @@ FUNC(kexec_reloc, PAGE_SIZE) =20 movq %rcx, %rbp =20 - /* Setup stack. */ + /* + * Move to the identity mapped stack. + * + * Note this mapping doesn't exist until the pagetable switch. + */ leaq (.Lreloc_stack_base - kexec_reloc)(%rdi), %rsp =20 - /* Load reloc page table. */ + /* + * Move to the relocation pagetables. Xen's .text is mapped allow= ing + * the pivot, but very little else is. + */ movq %rsi, %cr3 =20 /* Jump to identity mapped code. */ @@ -153,12 +168,12 @@ FUNC_LOCAL(compatibility_mode) movl %eax, %gs movl %eax, %ss =20 - /* Disable paging and therefore leave 64 bit mode. */ + /* Disable paging and therefore leave long mode. */ movl %cr0, %eax andl $~X86_CR0_PG, %eax movl %eax, %cr0 =20 - /* Disable long mode */ + /* Clear EFER.LME */ movl $MSR_EFER, %ecx rdmsr andl $~EFER_LME, %eax --=20 2.39.5 From nobody Mon Mar 23 19:52:49 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1773923181; cv=none; d=zohomail.com; s=zohoarc; b=cJU6oaLzSsg/R/mZI4iunwAF+XWeT4J6Y7onl1wu5ckB5ub9al0OpRkkHwlCCYhFaM9H5Q2PDdYB4zYd1LjFa0FzNGmC7aCHluEKMbbeP22O3R6pbuD6r6uou5ueAgglN5he0l8hHJ0W9KD/6hCG+rSi1og5ElsGdw7h8ieb/v8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773923181; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=DfzaREpgue5aOwMwONNRYs0JWFfpCu2AsihViVXhTqA=; b=RhWTn5U8aVAltj8WLrmFgkRaSIqdtzaifoWOy5s/tRz/kQfj/iYAVuzU1de2Hey/TX+gaQgubRRtchchiNqXzSS938InYq/bSyvgYzK8eVq8zKRYFBIdsLjne/XIpISS8u+5+F1vsOKO7zGJUvfi+VuAEWac4VQrcxGmnW03HME= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1773923181768978.8369064543956; Thu, 19 Mar 2026 05:26:21 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1257011.1551460 (Exim 4.92) (envelope-from ) id 1w3CRp-0007r6-0R; Thu, 19 Mar 2026 12:25:57 +0000 Received: by outflank-mailman (output) from mailman id 1257011.1551460; Thu, 19 Mar 2026 12:25:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w3CRo-0007qz-Th; Thu, 19 Mar 2026 12:25:56 +0000 Received: by outflank-mailman (input) for mailman id 1257011; Thu, 19 Mar 2026 12:25:55 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w3CRn-0007dl-I3 for xen-devel@lists.xenproject.org; Thu, 19 Mar 2026 12:25:55 +0000 Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [2a00:1450:4864:20::32a]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id c65eee1b-238e-11f1-b164-2bf370ae4941; Thu, 19 Mar 2026 13:25:54 +0100 (CET) Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-486fd5360d4so2517205e9.1 for ; Thu, 19 Mar 2026 05:25:54 -0700 (PDT) Received: from localhost.localdomain (host-92-22-18-152.as13285.net. [92.22.18.152]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-486f8c350aesm60831395e9.4.2026.03.19.05.25.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Mar 2026 05:25:53 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c65eee1b-238e-11f1-b164-2bf370ae4941 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1773923154; x=1774527954; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DfzaREpgue5aOwMwONNRYs0JWFfpCu2AsihViVXhTqA=; b=jQulXTJyAiUaesbJ/uWRJCcVcZYa0XFWr2GPcdU795QS1uWDctqVWOANEC9FppQubO c95d4KXGMqEGbBy8FScP30iD/eo0Lf9iJnWICgJUpkzJxCpcuT1xKcNgBfKjEhczmCv3 MbwqenpmksJmr736mcQ65dt1UCuPv9/vD7LWI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773923154; x=1774527954; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=DfzaREpgue5aOwMwONNRYs0JWFfpCu2AsihViVXhTqA=; b=CVQ5iQ6mX3pWXjT7j0lGE8EKwVGN9evUQYt+QHHwF8B4uRJQXp7Gkvu/HwZqmmBegU 13GpALh5ISMg+U2i9PQuuwtANVrhF66kuRvRWmR02Bmdb6uDSJLPvYix1OLa+F/Wd+p9 CqTXaeDbsirBrMicwAklwPB9ShzcsGSVWEn6ytrPsgUZdxI54RzsA0xRxasQqePOnmJ+ QECoRGtEF+4GSAY1Is0nxtegWMN3MirVhTGsiLep4IdxCXqv2sfYKoRG5lBE8YeSpXCi lpKvulOxlAJvQFiSUGUvMXeDyADr78yvb6c5c9WnoYWTKRQXlb4CMt5r4H9S3wH2Nz6f 7e1w== X-Gm-Message-State: AOJu0YxdGigkZCYa9lb1a+3z4Ldq+mNQ9rYauoiVtyvIvsYDWG+p1fOP 9GojqEUe+2gctSVhqIum2kQqpiABHEQI/tcF4Qj8DvxBSI7gOqLoiZ2ljL+9IaFppXFoqYV2zY6 ajwse X-Gm-Gg: ATEYQzxOoZZmPz7Dq7nnY2zQk/hPTNsybZlQ3PXJ45NQFisVaeUiOBVUxYDsKcGVptM 55jhlyiAAUJw5Jqw3uFvK7DgRDb1PcZsLeNOm+NyrbfBLnAT53vjlX+EpVXq3mSzG6UNKp/enSp 2Os960FhCqZ+77J20OAbQQPOcOXIA8P/A1Dstd2oLExem1S+L+y62MxlYh9OZlMsM2v/d1ux2pA EO4Kpul0kN3o9EXi6aZAhjIatpfRLSmUFxo8n4ynLzBQ5MMmJkFs3QnizTVKrP9O8L5NtMmwus0 B5rOMIHHrqfZR0s4araOYeSOYL9L/lTQHvBWbbrm+oM59l5GV7yA5RSo4Cw2Eb6F42UhGSxe6RS 9neXWBVB/nxeD7CDSfNdU9Py1l27OT15w9yDYmFxslkyzKfvKDl0o1T/nXNYekSHsC+UTBwbB1P GzQpWgs4l8KyKOi1pW8+hf0NfuHrgdDU8Jm0eJj0NTbWOLOI0vxXsx0WCL9tlcUQKOqkIQmxw= X-Received: by 2002:a05:600c:8218:b0:47e:e57d:404 with SMTP id 5b1f17b1804b1-486f4475336mr131451655e9.16.1773923153601; Thu, 19 Mar 2026 05:25:53 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH 3/4] x86/kexec: Invalidate the IDT earlier in kexec_reloc() Date: Thu, 19 Mar 2026 12:25:48 +0000 Message-Id: <20260319122549.922724-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260319122549.922724-1-andrew.cooper3@citrix.com> References: <20260319122549.922724-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1773923183707154100 After switching stack, it is not safe to run any exception handlers, because attempts to access the cpu_info block are out-of-bounds and will generate w= ild accesses. Invalidating the IDT in the common path means there's no need to do so again in the 32bit path, so drop compat_mode_idt entirely. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 --- xen/arch/x86/x86_64/kexec_reloc.S | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/x86_64/kexec_reloc.S b/xen/arch/x86/x86_64/kexec_= reloc.S index d0951ea1e1c4..7a6dd2cbe736 100644 --- a/xen/arch/x86/x86_64/kexec_reloc.S +++ b/xen/arch/x86/x86_64/kexec_reloc.S @@ -44,6 +44,16 @@ FUNC(kexec_reloc, PAGE_SIZE) =20 movq %rcx, %rbp =20 + /* + * Invalidate the IDT. After switching off Xen's stacks, the + * exception handlers are unsafe to use, because there's no way to + * perform arithmetic on the stack pointer to find the cpu_info bl= ock. + */ + push $0 + pushw $0 + lidt (%rsp) + add $10, %rsp + /* * Move to the identity mapped stack. * @@ -94,8 +104,6 @@ FUNC(kexec_reloc, PAGE_SIZE) jmp *%rbp =20 .L_call_32_bit: - /* Setup IDT. */ - lidt compat_mode_idt(%rip) =20 /* Load compat GDT. */ leaq compat_mode_gdt(%rip), %rax @@ -202,11 +210,6 @@ DATA_LOCAL(compat_mode_gdt, 8) .Lcompat_mode_gdt_end: END(compat_mode_gdt) =20 -DATA_LOCAL(compat_mode_idt) - .word 0 /* limit */ - .long 0 /* base */ -END(compat_mode_idt) - /* * 16 words of stack are more than enough. */ --=20 2.39.5 From nobody Mon Mar 23 19:52:49 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1773923183; cv=none; d=zohomail.com; s=zohoarc; b=NJcyvZCMZGdllt3Im4PZslHiPwZKk2OjPfDf162AT5f4Iyxm5GPnYkTgbs8Tixma1NJ0ghvRrnCpFuvyCUSyP3AkNBk+6O1QSHXYw6hPmsFJo8Owy+jVPjPOT05etlc9HfI6Qm9MJV1+E5KgTqGuc0qYBSDBjbm3UIThr46suyw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773923183; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=9p44d1QjTPa2JEIp8Q6GJVyP9/yGjHqxAPwdkkT/xok=; b=Pu5s8EifHi7Wine5DN5ggIGTJrCTFQpgyXc5V+hXIzLZnbhXbPK6q0q3/pCOOMgk5oL0HXA8PXsgyx3OnNjb+fAEUHApM2BPt6hwWToj8HHAdWnd3a8kuANgVqS54KHbSBgDpFbzjTb/hCooDVQ4RNIrDSOtwg9Z50fbp+F022w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1773923183987575.5529854187444; Thu, 19 Mar 2026 05:26:23 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1257014.1551478 (Exim 4.92) (envelope-from ) id 1w3CRq-0008Da-Q5; Thu, 19 Mar 2026 12:25:58 +0000 Received: by outflank-mailman (output) from mailman id 1257014.1551478; Thu, 19 Mar 2026 12:25:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w3CRq-0008CW-Lc; Thu, 19 Mar 2026 12:25:58 +0000 Received: by outflank-mailman (input) for mailman id 1257014; Thu, 19 Mar 2026 12:25:57 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1w3CRp-0007qy-PN for xen-devel@lists.xenproject.org; Thu, 19 Mar 2026 12:25:57 +0000 Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [2a00:1450:4864:20::333]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id c6c87e61-238e-11f1-9ccf-f158ae23cfc8; Thu, 19 Mar 2026 13:25:55 +0100 (CET) Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-486fd3a577eso2454285e9.1 for ; Thu, 19 Mar 2026 05:25:55 -0700 (PDT) Received: from localhost.localdomain (host-92-22-18-152.as13285.net. [92.22.18.152]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-486f8c350aesm60831395e9.4.2026.03.19.05.25.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Mar 2026 05:25:53 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c6c87e61-238e-11f1-9ccf-f158ae23cfc8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1773923155; x=1774527955; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9p44d1QjTPa2JEIp8Q6GJVyP9/yGjHqxAPwdkkT/xok=; b=ButVIA7qQACsmmtZXOyCZTkpG/9yM4/ZMqjoHXCQWE33BBw1iWt5OBz5FRClTegjxH RWPbivp78mMWuJKo9eDPI+wmX32lGQUt5Mw7lD48TIltIGrdVJW7x2pIyQ2+NRJzDo+f SRjNxCUTheLPUoECcYuGg+WQDiv2sfM9n7cZc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773923155; x=1774527955; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=9p44d1QjTPa2JEIp8Q6GJVyP9/yGjHqxAPwdkkT/xok=; b=PF4D21Z3R8vZKr0gFuIMLkVkUnblW4X8IILk4SbAU8ABBnp2zYbK19Y4RytLElYHLV j7y07Sz9RUONCtYCv5M6dl2E+uSo+ta+P889UHcVM0fGfsvpz50CWy0iDl3ESVWVQc74 v3JCtQ09uD4XLtdJqgXNHljoFm4pvg3OpTIsRW6KGgqSc3jWkSxN1+rVr95NDz/IZq1g M6IC0A2zo/y0gxHNzqLLP/y5j/eEd2lGmJLyQswG18nnlgY3Zm5OoVy2XTsqq+cU+ZGU PNPSbeMP+uPvo8b5y9nx8dEM5aRganUdOTgs9awgla2IfI9mjy1Lh7yBteFdavSlhJay 0R+w== X-Gm-Message-State: AOJu0YyA9heCCvK304QkCj+ct/2aOkcwIU1hpquZaOjQjTzZExE9EHRT zh6Rw+ndAfXG0x4l823/PdwEwWutQwlx+wlOI8ipD0fSMw1GckzdVlIsBqkkZFGA+GV1mQgLmFh 2a9fj X-Gm-Gg: ATEYQzxhe2wLM0XAYmlIjjEojwduunRxkiVqrBLSf7bD2KGvLu/YUE87WAnuRjnca6h 9+k8GU02phEZHAvgiYkcQ42304/mr/n/tb1Bsbi1uVbGyW7VnIskTGhnLign0Ov47l/FgnRKizc tiJFKiSxgw73Ad/SmuWGoBbmwhIAu6nXJa1pDyiE5Ppi6I4iN3JOgV49PNTZEh1qrRdeqfuRCiu NoAoZPta+0p9fv8QTKz/dMF5Qo2Aqlj+BFnvpY4EsJ9JVWxGsRqSlfTsJWtYerE+F9eytUWJ6f5 d+mUC3wCFpWB1kpJPvYSGs0/eyHz5+0HBe42Q7iQ9b8gTyP63tgUyCkkbIyAxY89AhSCn8JMJ+a zAPsLfyf8cKTcbxkpAgLmXBcoV9RpuyvIVffREsbcMi5UNUzCs3TP0oLQWxfVJa12ktsC1rKc5q gGdGiQMJrLFqKHfac6hjzjlQmBfvcBiUteCNIoTAWc6d905P9Hvslt/Oe5qvbADqY0rWkdtZI= X-Received: by 2002:a05:600c:4507:b0:486:fb69:4960 with SMTP id 5b1f17b1804b1-486fb694a11mr28642655e9.19.1773923154081; Thu, 19 Mar 2026 05:25:54 -0700 (PDT) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH 4/4] x86/kexec: Disable FRED earlier in kexec_reloc() Date: Thu, 19 Mar 2026 12:25:49 +0000 Message-Id: <20260319122549.922724-5-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260319122549.922724-1-andrew.cooper3@citrix.com> References: <20260319122549.922724-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1773923185821154100 With FRED just as with IDT, it's unsafe to run the exception handlers after switching stack. To remove this unsafe window, %cr4 needs clearing earlier. In turn, we may need to switch to PCID 0 earlier too in order to be able to clear CR4.PCIDE. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 The pagetable switch cannot easily be moved to be earlier, as that leaves a period of time where FRED is enabled but all stack pointers point to non-existent mappings. --- xen/arch/x86/x86_64/kexec_reloc.S | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/x86_64/kexec_reloc.S b/xen/arch/x86/x86_64/kexec_= reloc.S index 7a6dd2cbe736..81da81a827de 100644 --- a/xen/arch/x86/x86_64/kexec_reloc.S +++ b/xen/arch/x86/x86_64/kexec_reloc.S @@ -54,6 +54,21 @@ FUNC(kexec_reloc, PAGE_SIZE) lidt (%rsp) add $10, %rsp =20 + /* Move to PCID 0 if necessary, as a prerequisite to clearing CR4.= PCIDE */ + mov %cr3, %rax + test $0xfff, %eax + jz 1f + and $~0xfff, %rax + mov %rax, %cr3 +1: + + /* + * Set CR4 to PAE only. This may disable FRED, which must happen + * before switching off Xen's stack. + */ + mov $X86_CR4_PAE, %eax + mov %rax, %cr4 + /* * Move to the identity mapped stack. * @@ -86,13 +101,6 @@ FUNC(kexec_reloc, PAGE_SIZE) orl $(X86_CR0_PG | X86_CR0_PE), %eax movq %rax, %cr0 =20 - /* - * Set cr4 to a known state: - * - physical address extension enabled - */ - movl $X86_CR4_PAE, %eax - movq %rax, %cr4 - movq %rdx, %rdi call relocate_pages =20 --=20 2.39.5