Enable GENERIC_BUG_FRAME to support BUG(), WARN(), ASSERT,
and run_in_exception_handler().
The 0x0000 opcode is used for BUG_INSTR, which, when macros from
<xen/bug.h> are used, triggers an exception with the
ILLEGAL_INSTRUCTION cause.
This opcode is encoded as a 2-byte instruction and is invalid if
CONFIG_RISCV_ISA_C is enabled or not.
Using 'ebreak' as BUG_INSTR does not guarantee proper handling of macros
from <xen/bug.h>. If a debugger inserts a breakpoint (using the 'ebreak'
instruction) at a location where Xen already uses 'ebreak', it
creates ambiguity. Xen cannot distinguish whether the 'ebreak'
instruction is inserted by the debugger or is part of Xen's own code.
Remove BUG_INSN_32 and BUG_INSN_16 macros as they encode the ebreak
instruction, which is no longer used for BUG_INSN.
Update the commit above the definition of INS_LENGTH_MASK as ebreak
isn't and 2-byte instruction is used to encode BUG_INSTR so it doesn't
matter if CONFIG_RISCV_ISA_C is enabled or not.
<xen/lib.h> is included for the reason that panic() and printk() are
used in common/bug.c and RISC-V fails if it is not included.
Signed-off-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>
---
Changes in V12:
- Update the commit message
- Use 0x0000 as BUG_INSTR instead of 'ebreak' to deal with cases when
the debugger inserts 'ebreak' into the place where Xen has ebreak.
- Remove BUG_INSN_32 and BUG_INSN_16 macros as they encode the ebreak
instruction, which is no longer used for BUG_INSN.
- Update the commit above the definition of INS_LENGTH_MASK.
- Move break inside "if ( do_bug_frame(cpu_regs, pc) >= 0 )".
---
Changes in V11:
- update the commit message
- change "%lx" to "%#x" for PC register printing.
- drop +1 in argument of is_kernel_text(pc) and is_kernel_inittext(pc).
- drop return for case CAUSE_BREAKPOINT.
- add break to default and add a blank like above it.
- add a comment CAUSE_BREAKPOINT is handled instead of illegal instruction.
---
Changes in V10:
- put 'select GENERIC_BUG_FRAME' in "Config RISCV".
- rework do_trap() to not fetch an instruction in case when the cause of trap
is BUG_insn.
- drop read_instr() and is_valid_bug_insn().
- update the commit message.
---
Changes in V9:
- Rebase on the top of current staging.
- use GENERIC_BUG_FRAME as now we have common code available.
- add xen/lib.h to bug.c to fix a compilation error around printk.
- update the commit message.
- update the code of read_instr() in traps.c
- fold two-s if into 1 in do_trap.
---
Changes in V8:
- remove Pointless initializer of id.
- make bug_frames[] array constant.
- remove cast_to_bug_frame(addr).
- rename is_valig_bugaddr to is_valid_bug_insn().
- add check that read_instr is used only on xen code
- update the commit message.
---
Changes in V7:
- move to this patch the definition of cast_to_bug_frame() from the previous patch.
- update the comment in bug.h.
- update the comment above do_bug_frame().
- fix code style.
- add comment to read_instr func.
- add space for bug_frames in lds.S.
---
Changes in V6:
- Avoid LINK_TO_LOAD() as bug.h functionality expected to be used
after MMU is enabled.
- Change early_printk() to printk()
---
Changes in V5:
- Remove "#include <xen/types.h>" from <asm/bug.h> as there is no any need in it anymore
- Update macros GET_INSN_LENGTH: remove UL and 'unsigned int len;' from it
- Remove " include <xen/bug.h>" from risc/setup.c. it is not needed in the current version of
the patch
- change an argument type from vaddr_t to uint32_t for is_valid_bugaddr and introduce read_instr() to
read instruction properly as the length of qinstruction can be either 32 or 16 bits.
- Code style fixes
- update the comments before do_bug_frame() in riscv/trap.c
- Refactor is_valid_bugaddr() function.
- introduce macros cast_to_bug_frame(addr) to hide casts.
- use LINK_TO_LOAD() for addresses which are linker time relative.
---
Changes in V4:
- Updates in RISC-V's <asm/bug.h>:
* Add explanatory comment about why there is only defined for 32-bits length
instructions and 16/32-bits BUG_INSN_{16,32}.
* Change 'unsigned long' to 'unsigned int' inside GET_INSN_LENGTH().
* Update declaration of is_valid_bugaddr(): switch return type from int to bool
and the argument from 'unsigned int' to 'vaddr'.
- Updates in RISC-V's traps.c:
* replace /xen and /asm includes
* update definition of is_valid_bugaddr():switch return type from int to bool
and the argument from 'unsigned int' to 'vaddr'. Code style inside function
was updated too.
* do_bug_frame() refactoring:
* local variables start and bug became 'const struct bug_frame'
* bug_frames[] array became 'static const struct bug_frame[] = ...'
* remove all casts
* remove unneeded comments and add an explanatory comment that the do_bug_frame()
will be switched to a generic one.
* do_trap() refactoring:
* read 16-bits value instead of 32-bits as compressed instruction can
be used and it might happen than only 16-bits may be accessible.
* code style updates
* re-use instr variable instead of re-reading instruction.
- Updates in setup.c:
* add blank line between xen/ and asm/ includes.
---
Changes in V3:
- Rebase the patch "xen/riscv: introduce an implementation of macros
from <asm/bug.h>" on top of patch series [introduce generic implementation
of macros from bug.h]
---
Changes in V2:
- Remove __ in define namings
- Update run_in_exception_handler() with
register void *fn_ asm(__stringify(BUG_FN_REG)) = (fn);
- Remove bug_instr_t type and change it's usage to uint32_t
---
xen/arch/riscv/Kconfig | 1 +
xen/arch/riscv/include/asm/bug.h | 12 +++++-------
xen/arch/riscv/traps.c | 25 ++++++++++++++++++++++++-
xen/common/bug.c | 1 +
4 files changed, 31 insertions(+), 8 deletions(-)
diff --git a/xen/arch/riscv/Kconfig b/xen/arch/riscv/Kconfig
index b4b354a778..f531e96657 100644
--- a/xen/arch/riscv/Kconfig
+++ b/xen/arch/riscv/Kconfig
@@ -1,6 +1,7 @@
config RISCV
def_bool y
select FUNCTION_ALIGNMENT_16B
+ select GENERIC_BUG_FRAME
config RISCV_64
def_bool y
diff --git a/xen/arch/riscv/include/asm/bug.h b/xen/arch/riscv/include/asm/bug.h
index f5ff96140f..1fffef5037 100644
--- a/xen/arch/riscv/include/asm/bug.h
+++ b/xen/arch/riscv/include/asm/bug.h
@@ -9,7 +9,11 @@
#ifndef __ASSEMBLY__
-#define BUG_INSTR "ebreak"
+#include <xen/stringify.h>
+
+#define BUG_OPCODE 0x0000
+
+#define BUG_INSTR ".hword " __stringify(BUG_OPCODE)
/*
* The base instruction set has a fixed length of 32-bit naturally aligned
@@ -17,16 +21,10 @@
*
* There are extensions of variable length ( where each instruction can be
* any number of 16-bit parcels in length ).
- *
- * Compressed ISA is used now where the instruction length is 16 bit and
- * 'ebreak' instruction, in this case, can be either 16 or 32 bit (
- * depending on if compressed ISA is used or not )
*/
#define INSN_LENGTH_MASK _UL(0x3)
#define INSN_LENGTH_32 _UL(0x3)
-#define BUG_INSN_32 _UL(0x00100073) /* ebreak */
-#define BUG_INSN_16 _UL(0x9002) /* c.ebreak */
#define COMPRESSED_INSN_MASK _UL(0xffff)
#define GET_INSN_LENGTH(insn) \
diff --git a/xen/arch/riscv/traps.c b/xen/arch/riscv/traps.c
index cb18b30ff2..72ffdcd79e 100644
--- a/xen/arch/riscv/traps.c
+++ b/xen/arch/riscv/traps.c
@@ -5,6 +5,7 @@
* RISC-V Trap handlers
*/
+#include <xen/bug.h>
#include <xen/lib.h>
#include <xen/sched.h>
@@ -103,7 +104,29 @@ static void do_unexpected_trap(const struct cpu_user_regs *regs)
void do_trap(struct cpu_user_regs *cpu_regs)
{
- do_unexpected_trap(cpu_regs);
+ register_t pc = cpu_regs->sepc;
+ unsigned long cause = csr_read(CSR_SCAUSE);
+
+ switch ( cause )
+ {
+ case CAUSE_ILLEGAL_INSTRUCTION:
+ if ( do_bug_frame(cpu_regs, pc) >= 0 )
+ {
+ if ( !(is_kernel_text(pc) || is_kernel_inittext(pc)) )
+ {
+ printk("Something wrong with PC: %#lx\n", pc);
+ die();
+ }
+
+ cpu_regs->sepc += GET_INSN_LENGTH(*(uint16_t *)pc);
+
+ break;
+ }
+
+ default:
+ do_unexpected_trap(cpu_regs);
+ break;
+ }
}
void vcpu_show_execution_state(struct vcpu *v)
diff --git a/xen/common/bug.c b/xen/common/bug.c
index b7c5d8fd4d..75cb35fcfa 100644
--- a/xen/common/bug.c
+++ b/xen/common/bug.c
@@ -1,6 +1,7 @@
#include <xen/bug.h>
#include <xen/errno.h>
#include <xen/kernel.h>
+#include <xen/lib.h>
#include <xen/livepatch.h>
#include <xen/string.h>
#include <xen/types.h>
--
2.45.2On 02.08.2024 15:54, Oleksii Kurochko wrote:
> Enable GENERIC_BUG_FRAME to support BUG(), WARN(), ASSERT,
> and run_in_exception_handler().
>
> The 0x0000 opcode is used for BUG_INSTR, which, when macros from
> <xen/bug.h> are used, triggers an exception with the
> ILLEGAL_INSTRUCTION cause.
> This opcode is encoded as a 2-byte instruction and is invalid if
> CONFIG_RISCV_ISA_C is enabled or not.
Yes, but there's a caveat: Without the C extension instructions have
to be aligned on 32-bit boundaries. You can't just go and insert a
16-bit item there. When RISCV_ISA_C is not set, I think you want to
insert two such 16-bit zeroes. Beware of an alignment handling bug
in the assembler - don't think of using an alignment directive here.
> Update the commit above the definition of INS_LENGTH_MASK as ebreak
s/commit/comment/?
> --- a/xen/arch/riscv/include/asm/bug.h
> +++ b/xen/arch/riscv/include/asm/bug.h
> @@ -9,7 +9,11 @@
>
> #ifndef __ASSEMBLY__
>
> -#define BUG_INSTR "ebreak"
> +#include <xen/stringify.h>
> +
> +#define BUG_OPCODE 0x0000
You don't really use this other than ...
> +#define BUG_INSTR ".hword " __stringify(BUG_OPCODE)
... here - does this really warrant a separate #define _and_ inclusion of
stringify.h?
Furthermore you want to avoid using .hword (or any data generating
directive), to avoid disturbing disassembly. Please use .insn if at all
possible. I understand though that in certain cases you won't be able to
use .insn. Yet for the common case (more recent binutils) you'd still
better avoid .hword or alike, imo.
> @@ -103,7 +104,29 @@ static void do_unexpected_trap(const struct cpu_user_regs *regs)
>
> void do_trap(struct cpu_user_regs *cpu_regs)
> {
> - do_unexpected_trap(cpu_regs);
> + register_t pc = cpu_regs->sepc;
> + unsigned long cause = csr_read(CSR_SCAUSE);
> +
> + switch ( cause )
> + {
> + case CAUSE_ILLEGAL_INSTRUCTION:
> + if ( do_bug_frame(cpu_regs, pc) >= 0 )
> + {
> + if ( !(is_kernel_text(pc) || is_kernel_inittext(pc)) )
> + {
> + printk("Something wrong with PC: %#lx\n", pc);
> + die();
> + }
> +
> + cpu_regs->sepc += GET_INSN_LENGTH(*(uint16_t *)pc);
> +
> + break;
> + }
> +
> + default:
The falling-through here wants annotating, preferably with the pseudo-
keyword.
Jan
> + do_unexpected_trap(cpu_regs);
> + break;
> + }
> }
On Mon, 2024-08-05 at 17:41 +0200, Jan Beulich wrote:
> On 02.08.2024 15:54, Oleksii Kurochko wrote:
> > Enable GENERIC_BUG_FRAME to support BUG(), WARN(), ASSERT,
> > and run_in_exception_handler().
> >
> > The 0x0000 opcode is used for BUG_INSTR, which, when macros from
> > <xen/bug.h> are used, triggers an exception with the
> > ILLEGAL_INSTRUCTION cause.
> > This opcode is encoded as a 2-byte instruction and is invalid if
> > CONFIG_RISCV_ISA_C is enabled or not.
>
> Yes, but there's a caveat: Without the C extension instructions have
> to be aligned on 32-bit boundaries. You can't just go and insert a
> 16-bit item there. When RISCV_ISA_C is not set, I think you want to
> insert two such 16-bit zeroes. Beware of an alignment handling bug
> in the assembler - don't think of using an alignment directive here.
Then probably it will be better to define BUG_INSTR as:
#define BUG_INSTR "UNIMP"
and let compiler to provide proper opcode.
Or define BUG_INSTRT always as 0x00000000 will be better?
>
>
> > --- a/xen/arch/riscv/include/asm/bug.h
> > +++ b/xen/arch/riscv/include/asm/bug.h
> > @@ -9,7 +9,11 @@
> >
> > #ifndef __ASSEMBLY__
> >
> > -#define BUG_INSTR "ebreak"
> > +#include <xen/stringify.h>
> > +
> > +#define BUG_OPCODE 0x0000
>
> You don't really use this other than ...
>
> > +#define BUG_INSTR ".hword " __stringify(BUG_OPCODE)
>
> ... here - does this really warrant a separate #define _and_
> inclusion of
> stringify.h?
>
> Furthermore you want to avoid using .hword (or any data generating
> directive), to avoid disturbing disassembly. Please use .insn if at
> all
> possible. I understand though that in certain cases you won't be able
> to
> use .insn. Yet for the common case (more recent binutils) you'd still
> better avoid .hword or alike, imo.
>
> > @@ -103,7 +104,29 @@ static void do_unexpected_trap(const struct
> > cpu_user_regs *regs)
> >
> > void do_trap(struct cpu_user_regs *cpu_regs)
> > {
> > - do_unexpected_trap(cpu_regs);
> > + register_t pc = cpu_regs->sepc;
> > + unsigned long cause = csr_read(CSR_SCAUSE);
> > +
> > + switch ( cause )
> > + {
> > + case CAUSE_ILLEGAL_INSTRUCTION:
> > + if ( do_bug_frame(cpu_regs, pc) >= 0 )
> > + {
> > + if ( !(is_kernel_text(pc) || is_kernel_inittext(pc)) )
> > + {
> > + printk("Something wrong with PC: %#lx\n", pc);
> > + die();
> > + }
> > +
> > + cpu_regs->sepc += GET_INSN_LENGTH(*(uint16_t *)pc);
> > +
> > + break;
> > + }
> > +
> > + default:
>
> The falling-through here wants annotating, preferably with the
> pseudo-
> keyword.
What kind of pseudo-keyword? I though about /* goto default */ to
underline that CAUSE_ILLEGAL_INSTRUCTION should be close to "default:".
~ Oleksii
> > + do_unexpected_trap(cpu_regs);
> > + break;
> > + }
> > }
>
On 06.08.2024 12:11, oleksii.kurochko@gmail.com wrote:
> On Mon, 2024-08-05 at 17:41 +0200, Jan Beulich wrote:
>> On 02.08.2024 15:54, Oleksii Kurochko wrote:
>>> Enable GENERIC_BUG_FRAME to support BUG(), WARN(), ASSERT,
>>> and run_in_exception_handler().
>>>
>>> The 0x0000 opcode is used for BUG_INSTR, which, when macros from
>>> <xen/bug.h> are used, triggers an exception with the
>>> ILLEGAL_INSTRUCTION cause.
>>> This opcode is encoded as a 2-byte instruction and is invalid if
>>> CONFIG_RISCV_ISA_C is enabled or not.
>>
>> Yes, but there's a caveat: Without the C extension instructions have
>> to be aligned on 32-bit boundaries. You can't just go and insert a
>> 16-bit item there. When RISCV_ISA_C is not set, I think you want to
>> insert two such 16-bit zeroes. Beware of an alignment handling bug
>> in the assembler - don't think of using an alignment directive here.
> Then probably it will be better to define BUG_INSTR as:
> #define BUG_INSTR "UNIMP"
> and let compiler to provide proper opcode.
>
> Or define BUG_INSTRT always as 0x00000000 will be better?
I don't know.
>>> --- a/xen/arch/riscv/include/asm/bug.h
>>> +++ b/xen/arch/riscv/include/asm/bug.h
>>> @@ -9,7 +9,11 @@
>>>
>>> #ifndef __ASSEMBLY__
>>>
>>> -#define BUG_INSTR "ebreak"
>>> +#include <xen/stringify.h>
>>> +
>>> +#define BUG_OPCODE 0x0000
>>
>> You don't really use this other than ...
>>
>>> +#define BUG_INSTR ".hword " __stringify(BUG_OPCODE)
>>
>> ... here - does this really warrant a separate #define _and_
>> inclusion of
>> stringify.h?
>>
>> Furthermore you want to avoid using .hword (or any data generating
>> directive), to avoid disturbing disassembly. Please use .insn if at
>> all
>> possible. I understand though that in certain cases you won't be able
>> to
>> use .insn. Yet for the common case (more recent binutils) you'd still
>> better avoid .hword or alike, imo.
>>
>>> @@ -103,7 +104,29 @@ static void do_unexpected_trap(const struct
>>> cpu_user_regs *regs)
>>>
>>> void do_trap(struct cpu_user_regs *cpu_regs)
>>> {
>>> - do_unexpected_trap(cpu_regs);
>>> + register_t pc = cpu_regs->sepc;
>>> + unsigned long cause = csr_read(CSR_SCAUSE);
>>> +
>>> + switch ( cause )
>>> + {
>>> + case CAUSE_ILLEGAL_INSTRUCTION:
>>> + if ( do_bug_frame(cpu_regs, pc) >= 0 )
>>> + {
>>> + if ( !(is_kernel_text(pc) || is_kernel_inittext(pc)) )
>>> + {
>>> + printk("Something wrong with PC: %#lx\n", pc);
>>> + die();
>>> + }
>>> +
>>> + cpu_regs->sepc += GET_INSN_LENGTH(*(uint16_t *)pc);
>>> +
>>> + break;
>>> + }
>>> +
>>> + default:
>>
>> The falling-through here wants annotating, preferably with the
>> pseudo-
>> keyword.
> What kind of pseudo-keyword? I though about /* goto default */ to
> underline that CAUSE_ILLEGAL_INSTRUCTION should be close to "default:".
In compiler.h we define "fallthrough" specifically for purposes like
this.
Jan
© 2016 - 2026 Red Hat, Inc.