From b28089a7ad9d07b1b35e2b781a66a200f8b8e20d Mon Sep 17 00:00:00 2001 From: Juergen Gross Date: Mon, 9 Mar 2020 16:54:41 +0100 Subject: [PATCH 1/4] xen/xenbus: remove unused xenbus_map_ring() xenbus_map_ring() is used nowhere in the tree, remove it. xenbus_unmap_ring() is used only locally, so make it static and move it up. Signed-off-by: Juergen Gross Reviewed-by: Boris Ostrovsky Signed-off-by: Juergen Gross --- drivers/xen/xenbus/xenbus_client.c | 126 ++++++++++------------------- include/xen/xenbus.h | 7 -- 2 files changed, 42 insertions(+), 91 deletions(-) diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c index e17ca8156171..31eb822ac313 100644 --- a/drivers/xen/xenbus/xenbus_client.c +++ b/drivers/xen/xenbus/xenbus_client.c @@ -517,6 +517,48 @@ static int __xenbus_map_ring(struct xenbus_device *dev, return err; } +/** + * xenbus_unmap_ring + * @dev: xenbus device + * @handles: grant handle array + * @nr_handles: number of handles in the array + * @vaddrs: addresses to unmap + * + * Unmap memory in this domain that was imported from another domain. + * Returns 0 on success and returns GNTST_* on error + * (see xen/include/interface/grant_table.h). + */ +static int xenbus_unmap_ring(struct xenbus_device *dev, grant_handle_t *handles, + unsigned int nr_handles, unsigned long *vaddrs) +{ + struct gnttab_unmap_grant_ref unmap[XENBUS_MAX_RING_GRANTS]; + int i; + int err; + + if (nr_handles > XENBUS_MAX_RING_GRANTS) + return -EINVAL; + + for (i = 0; i < nr_handles; i++) + gnttab_set_unmap_op(&unmap[i], vaddrs[i], + GNTMAP_host_map, handles[i]); + + if (HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, unmap, i)) + BUG(); + + err = GNTST_okay; + for (i = 0; i < nr_handles; i++) { + if (unmap[i].status != GNTST_okay) { + xenbus_dev_error(dev, unmap[i].status, + "unmapping page at handle %d error %d", + handles[i], unmap[i].status); + err = unmap[i].status; + break; + } + } + + return err; +} + struct map_ring_valloc_hvm { unsigned int idx; @@ -608,45 +650,6 @@ static int xenbus_map_ring_valloc_hvm(struct xenbus_device *dev, return err; } - -/** - * xenbus_map_ring - * @dev: xenbus device - * @gnt_refs: grant reference array - * @nr_grefs: number of grant reference - * @handles: pointer to grant handle to be filled - * @vaddrs: addresses to be mapped to - * @leaked: fail to clean up a failed map, caller should not free vaddr - * - * Map pages of memory into this domain from another domain's grant table. - * xenbus_map_ring does not allocate the virtual address space (you must do - * this yourself!). It only maps in the pages to the specified address. - * Returns 0 on success, and GNTST_* (see xen/include/interface/grant_table.h) - * or -ENOMEM / -EINVAL on error. If an error is returned, device will switch to - * XenbusStateClosing and the first error message will be saved in XenStore. - * Further more if we fail to map the ring, caller should check @leaked. - * If @leaked is not zero it means xenbus_map_ring fails to clean up, caller - * should not free the address space of @vaddr. - */ -int xenbus_map_ring(struct xenbus_device *dev, grant_ref_t *gnt_refs, - unsigned int nr_grefs, grant_handle_t *handles, - unsigned long *vaddrs, bool *leaked) -{ - phys_addr_t phys_addrs[XENBUS_MAX_RING_GRANTS]; - int i; - - if (nr_grefs > XENBUS_MAX_RING_GRANTS) - return -EINVAL; - - for (i = 0; i < nr_grefs; i++) - phys_addrs[i] = (unsigned long)vaddrs[i]; - - return __xenbus_map_ring(dev, gnt_refs, nr_grefs, handles, - phys_addrs, GNTMAP_host_map, leaked); -} -EXPORT_SYMBOL_GPL(xenbus_map_ring); - - /** * xenbus_unmap_ring_vfree * @dev: xenbus device @@ -858,51 +861,6 @@ static int xenbus_unmap_ring_vfree_hvm(struct xenbus_device *dev, void *vaddr) return rv; } -/** - * xenbus_unmap_ring - * @dev: xenbus device - * @handles: grant handle array - * @nr_handles: number of handles in the array - * @vaddrs: addresses to unmap - * - * Unmap memory in this domain that was imported from another domain. - * Returns 0 on success and returns GNTST_* on error - * (see xen/include/interface/grant_table.h). - */ -int xenbus_unmap_ring(struct xenbus_device *dev, - grant_handle_t *handles, unsigned int nr_handles, - unsigned long *vaddrs) -{ - struct gnttab_unmap_grant_ref unmap[XENBUS_MAX_RING_GRANTS]; - int i; - int err; - - if (nr_handles > XENBUS_MAX_RING_GRANTS) - return -EINVAL; - - for (i = 0; i < nr_handles; i++) - gnttab_set_unmap_op(&unmap[i], vaddrs[i], - GNTMAP_host_map, handles[i]); - - if (HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, unmap, i)) - BUG(); - - err = GNTST_okay; - for (i = 0; i < nr_handles; i++) { - if (unmap[i].status != GNTST_okay) { - xenbus_dev_error(dev, unmap[i].status, - "unmapping page at handle %d error %d", - handles[i], unmap[i].status); - err = unmap[i].status; - break; - } - } - - return err; -} -EXPORT_SYMBOL_GPL(xenbus_unmap_ring); - - /** * xenbus_read_driver_state * @path: path for driver diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h index 850a43bd69d3..8c0d1edc121c 100644 --- a/include/xen/xenbus.h +++ b/include/xen/xenbus.h @@ -209,15 +209,8 @@ int xenbus_grant_ring(struct xenbus_device *dev, void *vaddr, unsigned int nr_pages, grant_ref_t *grefs); int xenbus_map_ring_valloc(struct xenbus_device *dev, grant_ref_t *gnt_refs, unsigned int nr_grefs, void **vaddr); -int xenbus_map_ring(struct xenbus_device *dev, - grant_ref_t *gnt_refs, unsigned int nr_grefs, - grant_handle_t *handles, unsigned long *vaddrs, - bool *leaked); int xenbus_unmap_ring_vfree(struct xenbus_device *dev, void *vaddr); -int xenbus_unmap_ring(struct xenbus_device *dev, - grant_handle_t *handles, unsigned int nr_handles, - unsigned long *vaddrs); int xenbus_alloc_evtchn(struct xenbus_device *dev, int *port); int xenbus_free_evtchn(struct xenbus_device *dev, int port); From 69086bd698574501a59073b07b629f2a00b82552 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 20 Mar 2020 04:09:18 +0100 Subject: [PATCH 2/4] xen-pciback: fix INTERRUPT_TYPE_* defines MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit xen_pcibk_get_interrupt_type() assumes INTERRUPT_TYPE_NONE being 0 (initialize ret to 0 and return as INTERRUPT_TYPE_NONE). Fix the definition to make INTERRUPT_TYPE_NONE really 0, and also shift other values to not leave holes. But also, do not assume INTERRUPT_TYPE_NONE being 0 anymore to avoid similar confusions in the future. Fixes: 476878e4b2be ("xen-pciback: optionally allow interrupt enable flag writes") Signed-off-by: Marek Marczykowski-Górecki Reviewed-by: Boris Ostrovsky Reviewed-by: Roger Pau Monné Signed-off-by: Juergen Gross --- drivers/xen/xen-pciback/conf_space.c | 2 +- drivers/xen/xen-pciback/conf_space.h | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/xen/xen-pciback/conf_space.c b/drivers/xen/xen-pciback/conf_space.c index b20e43e148ce..da51a5d34e6e 100644 --- a/drivers/xen/xen-pciback/conf_space.c +++ b/drivers/xen/xen-pciback/conf_space.c @@ -320,7 +320,7 @@ int xen_pcibk_get_interrupt_type(struct pci_dev *dev) if (val & PCI_MSIX_FLAGS_ENABLE) ret |= INTERRUPT_TYPE_MSIX; } - return ret; + return ret ?: INTERRUPT_TYPE_NONE; } void xen_pcibk_config_free_dyn_fields(struct pci_dev *dev) diff --git a/drivers/xen/xen-pciback/conf_space.h b/drivers/xen/xen-pciback/conf_space.h index 28c45180a12e..5fe431c79f25 100644 --- a/drivers/xen/xen-pciback/conf_space.h +++ b/drivers/xen/xen-pciback/conf_space.h @@ -65,10 +65,10 @@ struct config_field_entry { void *data; }; -#define INTERRUPT_TYPE_NONE (1<<0) -#define INTERRUPT_TYPE_INTX (1<<1) -#define INTERRUPT_TYPE_MSI (1<<2) -#define INTERRUPT_TYPE_MSIX (1<<3) +#define INTERRUPT_TYPE_NONE (0) +#define INTERRUPT_TYPE_INTX (1<<0) +#define INTERRUPT_TYPE_MSI (1<<1) +#define INTERRUPT_TYPE_MSIX (1<<2) extern bool xen_pcibk_permissive; From 2f62f36e62daec43aa7b9633ef7f18e042a80bed Mon Sep 17 00:00:00 2001 From: Miroslav Benes Date: Thu, 26 Mar 2020 10:26:02 +0100 Subject: [PATCH 3/4] x86/xen: Make the boot CPU idle task reliable The unwinder reports the boot CPU idle task's stack on XEN PV as unreliable, which affects at least live patching. There are two reasons for this. First, the task does not follow the x86 convention that its stack starts at the offset right below saved pt_regs. It allows the unwinder to easily detect the end of the stack and verify it. Second, startup_xen() function does not store the return address before jumping to xen_start_kernel() which confuses the unwinder. Amend both issues by moving the starting point of initial stack in startup_xen() and storing the return address before the jump, which is exactly what call instruction does. Signed-off-by: Miroslav Benes Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross --- arch/x86/xen/xen-head.S | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S index 1d0cee3163e4..d63806e1ff7a 100644 --- a/arch/x86/xen/xen-head.S +++ b/arch/x86/xen/xen-head.S @@ -35,7 +35,11 @@ SYM_CODE_START(startup_xen) rep __ASM_SIZE(stos) mov %_ASM_SI, xen_start_info - mov $init_thread_union+THREAD_SIZE, %_ASM_SP +#ifdef CONFIG_X86_64 + mov initial_stack(%rip), %rsp +#else + mov pa(initial_stack), %esp +#endif #ifdef CONFIG_X86_64 /* Set up %gs. @@ -51,7 +55,7 @@ SYM_CODE_START(startup_xen) wrmsr #endif - jmp xen_start_kernel + call xen_start_kernel SYM_CODE_END(startup_xen) __FINIT #endif From c3881eb58d56116c79ac4ee4f40fd15ead124c4b Mon Sep 17 00:00:00 2001 From: Miroslav Benes Date: Thu, 26 Mar 2020 10:26:03 +0100 Subject: [PATCH 4/4] x86/xen: Make the secondary CPU idle tasks reliable The unwinder reports the secondary CPU idle tasks' stack on XEN PV as unreliable, which affects at least live patching. cpu_initialize_context() sets up the context of the CPU through VCPUOP_initialise hypercall. After it is woken up, the idle task starts in cpu_bringup_and_idle() function and its stack starts at the offset right below pt_regs. The unwinder correctly detects the end of stack there but it is confused by NULL return address in the last frame. Introduce a wrapper in assembly, which just calls cpu_bringup_and_idle(). The return address is thus pushed on the stack and the wrapper contains the annotation hint for the unwinder regarding the stack state. Signed-off-by: Miroslav Benes Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross --- arch/x86/xen/smp_pv.c | 3 ++- arch/x86/xen/xen-head.S | 10 ++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c index 802ee5bba66c..8fb8a50a28b4 100644 --- a/arch/x86/xen/smp_pv.c +++ b/arch/x86/xen/smp_pv.c @@ -53,6 +53,7 @@ static DEFINE_PER_CPU(struct xen_common_irq, xen_irq_work) = { .irq = -1 }; static DEFINE_PER_CPU(struct xen_common_irq, xen_pmu_irq) = { .irq = -1 }; static irqreturn_t xen_irq_work_interrupt(int irq, void *dev_id); +void asm_cpu_bringup_and_idle(void); static void cpu_bringup(void) { @@ -309,7 +310,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) * pointing just below where pt_regs would be if it were a normal * kernel entry. */ - ctxt->user_regs.eip = (unsigned long)cpu_bringup_and_idle; + ctxt->user_regs.eip = (unsigned long)asm_cpu_bringup_and_idle; ctxt->flags = VGCF_IN_KERNEL; ctxt->user_regs.eflags = 0x1000; /* IOPL_RING1 */ ctxt->user_regs.ds = __USER_DS; diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S index d63806e1ff7a..7d1c4fcbe8f7 100644 --- a/arch/x86/xen/xen-head.S +++ b/arch/x86/xen/xen-head.S @@ -58,6 +58,16 @@ SYM_CODE_START(startup_xen) call xen_start_kernel SYM_CODE_END(startup_xen) __FINIT + +#ifdef CONFIG_XEN_PV_SMP +.pushsection .text +SYM_CODE_START(asm_cpu_bringup_and_idle) + UNWIND_HINT_EMPTY + + call cpu_bringup_and_idle +SYM_CODE_END(asm_cpu_bringup_and_idle) +.popsection +#endif #endif .pushsection .text