Re: [PATCH 1/2] gnttab: remove guest_physmap_remove_page() call from gnttab_map_frame()

On 25.11.2021 17:37, Julien Grall wrote: > On 13/09/2021 07:41, Jan Beulich wrote: >> Without holding appropriate locks, attempting to remove a prior mapping >> of the underlying page is pointless, as the same (or another) mapping >> could be re-established by a parallel request on another vCPU. Mo

Re: [PATCH for-4.16] Revert "x86/CPUID: shrink max_{,sub}leaf fields according to actual leaf contents"

On 25.11.2021 18:28, Andrew Cooper wrote: > On 25/11/2021 10:43, Roger Pau Monné wrote: >> On Thu, Nov 25, 2021 at 11:25:36AM +0100, Jan Beulich wrote: >>> On 24.11.2021 22:11, Andrew Cooper wrote: OSSTest has identified a 3rd regression caused by this change. Migration between Xen 4.15

Re: [PATCH for-4.16] Revert "x86/CPUID: shrink max_{,sub}leaf fields according to actual leaf contents"

On Fri, Nov 26, 2021 at 09:22:50AM +0100, Jan Beulich wrote: > On 25.11.2021 18:28, Andrew Cooper wrote: > > On 25/11/2021 10:43, Roger Pau Monné wrote: > >> On Thu, Nov 25, 2021 at 11:25:36AM +0100, Jan Beulich wrote: > >>> On 24.11.2021 22:11, Andrew Cooper wrote: > OSSTest has identified a

Re: [PATCH for-4.16] Revert "x86/CPUID: shrink max_{,sub}leaf fields according to actual leaf contents"

On 26.11.2021 09:37, Roger Pau Monné wrote: > On Fri, Nov 26, 2021 at 09:22:50AM +0100, Jan Beulich wrote: >> On 25.11.2021 18:28, Andrew Cooper wrote: >>> On 25/11/2021 10:43, Roger Pau Monné wrote: On Thu, Nov 25, 2021 at 11:25:36AM +0100, Jan Beulich wrote: > On 24.11.2021 22:11, Andrew

Re: [PATCH 1/7] xz: add fall-through comments to a switch statement

Hi Jan, On 26/11/2021 07:37, Jan Beulich wrote: On 25.11.2021 18:13, Julien Grall wrote: Hi, On 25/11/2021 17:03, Jan Beulich wrote: On 25.11.2021 17:54, Julien Grall wrote: On 25/11/2021 16:49, Julien Grall wrote: On 19/11/2021 10:21, Jan Beulich wrote: From: Lasse Collin It's good styl

Re: [PATCH 1/7] xz: add fall-through comments to a switch statement

On 26.11.2021 10:03, Julien Grall wrote: > On 26/11/2021 07:37, Jan Beulich wrote: >> On 25.11.2021 18:13, Julien Grall wrote: >>> On 25/11/2021 17:03, Jan Beulich wrote: On 25.11.2021 17:54, Julien Grall wrote: > On 25/11/2021 16:49, Julien Grall wrote: >> On 19/11/2021 10:21, Jan Beu

Re: [PATCH] public: add RING_NR_UNCONSUMED_*() macros to ring.h

On 26.11.2021 07:55, Juergen Gross wrote: > Today RING_HAS_UNCONSUMED_*() macros are returning the number of > unconsumed requests or responses instead of a boolean as the name of > the macros would imply. > > As this "feature" is already being used, rename the macros to > RING_NR_UNCONSUMED_*() a

Re: [PATCH] public: add RING_NR_UNCONSUMED_*() macros to ring.h

On 26.11.21 10:17, Jan Beulich wrote: On 26.11.2021 07:55, Juergen Gross wrote: Today RING_HAS_UNCONSUMED_*() macros are returning the number of unconsumed requests or responses instead of a boolean as the name of the macros would imply. As this "feature" is already being used, rename the macro

Failed to terminate hdcp ta during suspend on Xen

Hi, I'm trying to solve problems during Suspend/Resume on Qubes OS (which is running Xen). What happens is that the resume works, but the screen blanks out each time I type a letter on the keyboard and then returns again, then after a while the screen just goes black. If I boot the same kernel w

Re: [PATCH] public: add RING_NR_UNCONSUMED_*() macros to ring.h

On 26.11.2021 10:21, Juergen Gross wrote: > On 26.11.21 10:17, Jan Beulich wrote: >> On 26.11.2021 07:55, Juergen Gross wrote: >>> Today RING_HAS_UNCONSUMED_*() macros are returning the number of >>> unconsumed requests or responses instead of a boolean as the name of >>> the macros would imply. >>

Re: [PATCH 1/7] xz: add fall-through comments to a switch statement

Hi Jan, On 26/11/2021 09:12, Jan Beulich wrote: Anyway, I think it would save time for everyone (you had to manually delete signed-off-by after all) if you just copy the commit (including all the signed-off-by) message as-is. I don't think I see why you found it necessary to verify the S-o-b s

[PATCH V6 03/49] x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

From: Lai Jiangshan While in the native case, PER_CPU_VAR(cpu_tss_rw + TSS_sp0) is the trampoline stack. But XEN pv doesn't use trampoline stack, so PER_CPU_VAR(cpu_tss_rw + TSS_sp0) is also the kernel stack. Hence source and destination stacks are identical in that case, which means reusing sw

Re: Aarch64 stand-alone application for Xen

Hi Mathieu, > On 25 Nov 2021, at 22:59, Mathieu Poirier wrote: > > Good day, > > I am in the process of adding support for aarch64 to the xen-sys > crate[1]. The crate currently supports x86_64 and includes a > stand-alone "oxerun" application that can be used to validate > hypercalls. My goa

[xen-4.16-testing test] 166394: tolerable FAIL - PUSHED

flight 166394 xen-4.16-testing real [real] http://logs.test-lab.xenproject.org/osstest/logs/166394/ Failures :-/ but no regressions. Regressions which are regarded as allowable (not blocking): test-armhf-armhf-xl-rtds18 guest-start/debian.repeat fail REGR. vs. 166322 Tests which did not suc

Re: [PATCH] public: add RING_NR_UNCONSUMED_*() macros to ring.h

Hi Juergen, thanks a lot for putting us in CC. From the Unikraft perspective, we are fine with the change because we currently maintain a copy of the Xen headers in our tree. Our main reason is that we aim to keep compiling easier by avoiding off-tree references. Obviously, we have to update ou

Re: [RFC?] xen/arm: memaccess: Pass struct npfec by reference in p2m_mem_access_check

On 26/11/2021 07:46, Jan Beulich wrote: > On 25.11.2021 23:49, Oleksandr Tyshchenko wrote: >> From: Oleksandr Tyshchenko >> >> Today I noticed a "note" when building Xen on Arm64 with >> aarch64-poky-linux-gcc (GCC) 9.3.0. It turned out that Andrew Cooper >> had alredy reported it before [1]: >> >

Re: [PATCH 3/5] hyperv/IOMMU: Enable swiotlb bounce buffer for Isolation VM

On 11/26/2021 3:40 PM, Christoph Hellwig wrote: On Wed, Nov 17, 2021 at 10:00:08PM +0800, Tianyu Lan wrote: On 11/17/2021 6:01 PM, Christoph Hellwig wrote: This doesn't really have much to do with normal DMA mapping, so why does this direct through the dma ops? According to the previous disc

Re: [PATCH 1/7] xz: add fall-through comments to a switch statement

On 26.11.2021 11:04, Julien Grall wrote: > Hi Jan, > > On 26/11/2021 09:12, Jan Beulich wrote: >>> Anyway, I think it would save time for everyone (you had to manually >>> delete signed-off-by after all) if you just copy the commit (including >>> all the signed-off-by) message as-is. >> >> I don't

Re: [PATCH v5 06/14] vpci/header: implement guest BAR register handlers

Hi, Bertrand! On 25.11.21 18:28, Bertrand Marquis wrote: > Hi Oleksandr, > >> On 25 Nov 2021, at 11:02, Oleksandr Andrushchenko wrote: >> >> From: Oleksandr Andrushchenko >> >> Add relevant vpci register handlers when assigning PCI device to a domain >> and remove those when de-assigning. This a

[PATCH 02/65] x86/pv-shim: don't modify hypercall table

From: Juergen Gross When running as pv-shim the hypercall is modified today in order to replace the functions for __HYPERVISOR_event_channel_op and __HYPERVISOR_grant_table_op hypercalls. Change this to call the related functions from the normal handlers instead when running as shim. The perform

[PATCH 09/65] xen: Annotate fnptr targets from continue_hypercall_on_cpu()

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 2 +- xen/arch/x86/platform_hypercall.c | 4 ++-- xen/arch/x86/pv/shim.c| 4 +

[PATCH 07/65] xen: Annotate fnptr targets from notifier callbacks

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/arch/x86/acpi/cpu_idle.c | 2 +- xen/arch/x86/cpu/mcheck/mce.c| 2 +- xen/arch/x86/cpu/mcheck/mce_intel.c | 2 +- xen/arch

[PATCH 01/65] x86: Introduce support for CET-IBT

CET Indirect Branch Tracking is a hardware feature designed to provide forward-edge control flow integrity, protecting against jump/call oriented programming. IBT requires the placement of ENDBR{32,64} instructions at the target of every indirect call/jmp, and every entrypoint. However, the defau

[PATCH 08/65] xen: Annotate fnptr targets from acpi_table_parse()

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/arch/x86/acpi/boot.c | 24 xen/arch/x86/hvm/dom0_build.c| 16 xen/arch/x86/srat.c

[PATCH 03/65] xen/x86: don't use hypercall table for calling compat hypercalls

From: Juergen Gross Today the *_op_compat hypercalls call the modern handler functions by using the entries from the hypercall table. This is resulting in a not needed indirect function call which can be avoided by using the correct handler function directly. This is basically a revert of commit

[PATCH 04/65] x86/hypercall: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné CC: Juergen Gross Likely going to be replaced with Juergen's series doing full devirtualisation of the hypercall handling, but absent a version which passes CI, this is t

[PATCH 00/65] x86: Support for CET Indirect Branch Tracking

CET Indirect Branch Tracking is a hardware feature designed to protect against forward-edge control flow hijacking (Call/Jump oriented programming), and is a companion feature to CET Shadow Stacks added in Xen 4.14. This series depends on lots of previously posted patches. See xenbits/xen-cet-ibt

[PATCH 05/65] xen: Annotate fnptr targets from custom_param()

The "watchdog_timeout" and "cpu_type" handlers were missing __init. The "numa", "acpi", "irq_vector_map" and "flask" handlers can skip forward declarations by altering the custom_param() position. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien G

[PATCH 06/65] xen: Annotate fnptr targets from __initcall()

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/arch/x86/acpi/cpu_idle.c | 4 ++-- xen/arch/x86/acpi/cpufreq/cpufreq.c | 2 +- xen/arch/x86/cpu/mcheck/non-fatal.c | 2 +- xen/ar

Re: [PATCH 00/65] x86: Support for CET Indirect Branch Tracking

On 26.11.2021 13:33, Andrew Cooper wrote: > CET Indirect Branch Tracking is a hardware feature designed to protect against > forward-edge control flow hijacking (Call/Jump oriented programming), and is a > companion feature to CET Shadow Stacks added in Xen 4.14. > > This series depends on lots of

Re: [PATCH 1/7] xz: add fall-through comments to a switch statement

Jan Beulich writes ("Re: [PATCH 1/7] xz: add fall-through comments to a switch statement"): > On 26.11.2021 11:04, Julien Grall wrote: > > For this case, you provided some sort of an explanation but so far, I am > > still waiting for a link to confirm that the signed-off-by match the one > > on

[PATCH 24/65] xen/video: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/drivers/video/lfb.c | 4 ++-- xen/drivers/video/lfb.h | 4 ++-- xen/drivers/video/vesa.c | 4 ++-- xen/drivers/video/vga.c | 6 +++--- 4 files changed, 9 insert

[PATCH 20/65] xen/keyhandler: Annotate fnptr targets

Tweak {IRQ_,}KEYHANDLER() to use a named initialiser instead of requiring a pointer cast to compile in the IRQ case. Reposition iommu_dump_page_tables() to avoid a forward declaration. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Ro

[PATCH 10/65] xen: Annotate fnptr targets from init_timer()

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/arch/x86/cpu/mcheck/amd_nonfatal.c | 2 +- xen/arch/x86/cpu/mcheck/non-fatal.c| 2 +- xen/arch/x86/hvm/pmtimer.c | 2 +- xen/arch/x86/hvm/rtc.c

[PATCH 55/65] x86/bugframe: Annotate fnptr targets

run_in_exception_handler() managed to escape typechecking, as the compiler can't see where function pointer gets called. After adding some ad-hoc typechecking, it turns out that dump_execution_state() alone differs in const-ness from the other users of run_in_exception_handler(). Introduce a new

[PATCH 15/65] xsm: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Daniel De Graaf CC: Daniel Smith --- xen/include/xsm/dummy.h | 211 ++ xen/xsm/flask/flask_op.c | 2 +- xen/xsm/flask/hooks.c| 232 ++- xen/xsm/flask/private.h | 4

[PATCH 53/65] x86/misc: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/extable.c | 4 ++-- xen/common/efi/boot.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index b6664264de31..4aa1ab4b2a45

[PATCH 60/65] x86/emul: Update emulation stubs to be CET-IBT compatible

All indirect branches need to land on an endbr64 instruction. For stub_selftests(), use endbr64 unconditionally for simplicity. For ioport and instruction emulation, add endbr64 conditionally. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/

[PATCH 42/65] x86/guest: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/guest/hyperv/hyperv.c | 10 +- xen/arch/x86/guest/xen/xen.c | 11 ++- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/xen/arch/x86/guest/hyperv/hyperv.c b/x

[PATCH 13/65] xen: Annotate fnptr targets from open_softirq()

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/arch/x86/cpu/mcheck/mce.c | 2 +- xen/arch/x86/domain.c | 2 +- xen/arch/x86/pv/traps.c | 2 +- xen/arch/x86/smp.c| 2 +-

[PATCH 34/65] x86/nmi: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/alternative.c| 4 ++-- xen/arch/x86/cpu/microcode/core.c | 3 ++- xen/arch/x86/crash.c | 3 ++- xen/arch/x86/livepatch.c | 2 +- xen/arch/x86/oprofile/nmi_int.c | 2

[PATCH 52/65] x86/time: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/hpet.c| 8 xen/arch/x86/time.c| 33 + xen/include/asm-x86/hpet.h | 4 ++-- 3 files changed, 23 insertions(+), 22 deletions(-) diff --git

[PATCH 50/65] x86/dpci: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/hvm/hvm.c| 4 ++-- xen/drivers/passthrough/vtd/x86/hvm.c | 4 ++-- xen/drivers/passthrough/x86/hvm.c | 8 3 files changed, 8 insertions(+), 8 deletions(-) diff --git

[PATCH 22/65] xen/decompress: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- tools/libs/guest/xg_dom_decompress_unsafe.h | 4 xen/common/bunzip2.c| 2 +- xen/common/decompress.c | 2 +- xen/commo

[PATCH 23/65] xen/iommu: Annotate fnptr targets

AMD's parse_ppr_log_entry() has no external callers, so becomes static. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/common/compat/memory.c | 4 +- xen/drivers/passthrough/amd/iommu.h

[PATCH 31/65] x86/ucode: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/cpu/microcode/amd.c | 9 + xen/arch/x86/cpu/microcode/core.c | 4 ++-- xen/arch/x86/cpu/microcode/intel.c | 10 +- 3 files changed, 12 insertions(+), 11 deletions(-) diff --g

[PATCH 16/65] xen/sched: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné CC: Dario Faggioli CC: Juergen Gross --- xen/common/sched/arinc653.c | 20 +++ xen/common/sched/core.c | 8 +++--- xen/common/sched/credit.c | 49

[PATCH 27/65] x86: Annotate fnptr targets from request_irq()

...and friends; alloc_direct_apic_vector() and set_direct_apic_vector(). Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/apic.c | 8 xen/arch/x86/cpu/mcheck/mce_intel.c | 4 ++-- xen/arch/x86/guest/xen/xen.

[PATCH 21/65] xen/vpci: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/drivers/vpci/header.c | 18 +- xen/drivers/vpci/msi.c| 42 +- xen/drivers/vpci/msix.c | 20 ++

[PATCH 45/65] x86/hap: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/mm/hap/guest_walk.c | 4 ++-- xen/arch/x86/mm/hap/hap.c| 21 +++-- xen/arch/x86/mm/hap/private.h| 30 -- 3 files changed, 25 insertions(+),

[PATCH 36/65] x86/idle: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/acpi/cpu_idle.c | 31 +--- xen/arch/x86/acpi/cpuidle_menu.c | 6 +++--- xen/arch/x86/cpu/mwait-idle.c| 2 +- xen/arch/x86/doma

[PATCH 58/65] x86/alternatives: Clear CR4.CET when clearing CR0.WP

This allows us to have CET active much earlier in boot. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu Still TODO: Implement alternatives in a way which doesn't depend on clearing CR0.WP --- xen/arch/x86/alternative.c | 9 - 1 file changed, 8 inserti

[PATCH 14/65] xsm/flask: Annotate fnptr targets in the security server

Signed-off-by: Andrew Cooper --- CC: Daniel De Graaf CC: Daniel Smith --- xen/xsm/flask/ss/avtab.c | 4 ++-- xen/xsm/flask/ss/conditional.c | 10 xen/xsm/flask/ss/conditional.h | 6 ++--- xen/xsm/flask/ss/policydb.c| 53 ++ xen/xsm/fl

[PATCH 19/65] xen/tasklet: Annotate fnptr targets

The function pointer cast in hvm_vcpu_initialise() is undefined behaviour. While it happens to function correctly before this point, it is not incompatible with control flow typechecking, so introduce a new hvm_assert_evtchn_irq_tasklet() to handle the parameter type conversion in a legal way. Si

[PATCH 26/65] xen/misc: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/arch/x86/mm.c| 6 -- xen/arch/x86/setup.c | 4 ++-- xen/common/domain.c | 2 +- xen/common/gdb

[PATCH 44/65] x86/shadow: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/mm/shadow/common.c | 11 +++--- xen/arch/x86/mm/shadow/hvm.c | 8 ++-- xen/arch/x86/mm/shadow/multi.c | 80 xen/arch/x86/mm/shadow/multi.h | 20 +

[PATCH 43/65] x86/logdirty: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/mm/hap/hap.c | 6 +++--- xen/arch/x86/mm/shadow/common.c | 12 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/ha

[PATCH 65/65] x86: Enable CET Indirect Branch Tracking

With all the pieces now in place, turn CET-IBT on when available. MSR_S_CET, like SMEP/SMAP, controls Ring1 meaning that ENDBR_EN can't be enabled for Xen independently of PV32 kernels. As we already disable PV32 for CET-SS, extend this to all CET, adjusting the documentation/comments as appropri

[PATCH 51/65] x86/pt: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/emul-i8254.c | 2 +- xen/arch/x86/hvm/hpet.c | 2 +- xen/arch/x86/hvm/rtc.c| 2 +- xen/arch/x86/hvm/vlapic.c | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch

[PATCH 62/65] x86/entry: Make IDT entrypoints CET-IBT compatible

Each IDT vector needs to land on an endbr64 instruction. This is especially important for the #CP handler, which will escalate to #DF if the endbr64 is missing. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/x86_64/compat/entry.S | 1 + xen

[PATCH 59/65] x86/traps: Rework write_stub_trampoline() to not hardcode the jmp

For CET-IBT, we will need to optionally insert an endbr64 instruction at the start of the stub. Don't hardcode the jmp displacement assuming that it starts at byte 24 of the stub. Also add extra comments describing what is going on. The mix of %rax and %rsp is far from trivial to follow. Signed

[PATCH 12/65] xen: Annotate fnptr targets from IPIs

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/arch/x86/acpi/cpu_idle.c| 2 +- xen/arch/x86/acpi/cpufreq/cpufreq.c | 8 xen/arch/x86/acpi/cpufreq/powernow.c| 6 +++--- xen/arch/x

[PATCH 17/65] xen/evtchn: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/common/event_2l.c | 21 - xen/common/event_channel.c | 3 ++- xen/common/event_fifo.c| 30 -- 3 files cha

[PATCH 32/65] x86/power: Annotate fnptr targets

cpufreq_governor_dbs() has no external callers so make it static. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/acpi/cpufreq/cpufreq.c| 14 +++--- xen/arch/x86/acpi/cpufreq/powernow.c | 15 --- xen/common/core_parki

[PATCH 25/65] xen/console: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/drivers/char/console.c | 4 ++-- xen/drivers/char/ehci-dbgp.c | 24 +--- xen/drivers/char/ns16550.c | 26 +- 3 fil

[PATCH 29/65] x86/hvm: Annotate fnptr targets from device emulation

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/emul-i8254.c | 8 +++ xen/arch/x86/hvm/emulate.c| 21 - xen/arch/x86/hvm/hpet.c | 6 ++--- xen/arch/x86/hvm/hvm.c

[PATCH 38/65] x86/hvmsave: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/cpu/mcheck/vmce.c | 4 ++-- xen/arch/x86/emul-i8254.c| 4 ++-- xen/arch/x86/hvm/hpet.c | 4 ++-- xen/arch/x86/hvm/hvm.c | 18 ++ xen

[PATCH 41/65] x86/cpu: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/cpu/amd.c | 6 +++--- xen/arch/x86/cpu/centaur.c | 2 +- xen/arch/x86/cpu/common.c | 2 +- xen/arch/x86/cpu/cpu.h | 2 +- xen/arch/x86/cpu/hygon.c| 2 +- xen/arch/x86/cpu/intel.c

[PATCH 47/65] x86/irq: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/hpet.c | 11 ++- xen/arch/x86/i8259.c | 10 +- xen/arch/x86/io_apic.c | 24 xen/arch/x86/irq.c

[PATCH 54/65] x86/stack: Annotate fnptr targets

The function typecheck in switch_stack_and_jump() is incompatible with control flow typechecking. It's ok for reset_stack_and_jump_ind(), but for reset_stack_and_jump(), it would force us to ENDBR64 the targets which are branched to directly. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC:

[PATCH 61/65] x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible

Each of MSR_{L,C}STAR and MSR_SYSENTER_EIP need to land on an endbr64 instruction. For sysenter, this is easy. Unfortunately for syscall, the stubs are already 29 byte long with a limit of 32. endbr64 is 4 bytes. Luckily, there is a 1 byte instruction which can move from the stubs into the main

[PATCH 57/65] x86/setup: Read CR4 earlier in __start_xen()

This is necessary for read_cr4() to function correctly. Move the EFER caching at the same time. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/set

[PATCH 48/65] x86/aepi: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu I was very surprised when encountering this... AML and EFI are bad enough, but why on earth do we need yet another firmware provided arbitrary turning machine to be executing in Xen's context. --- xen/drivers/ac

[PATCH 18/65] xen/hypfs: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné CC: Juergen Gross --- xen/common/hypfs.c | 57 +++--- xen/common/sched/cpupool.c | 25 ++-- xen/include/xe

[PATCH 33/65] x86/apic: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/genapic/bigsmp.c | 4 ++-- xen/arch/x86/genapic/delivery.c | 12 ++-- xen/arch/x86/genapic/x2apic.c | 16 ++-- xen/arch/x86/smp.c | 6 +++--- xen/include/asm

[PATCH 28/65] x86/hvm: Annotate fnptr targets from hvm_funcs

In svm.c, make a few rearrangements. svm_update_guest_cr() has no external callers so can become static, but needs moving along with svm_fpu_enter() to avoid a forward declaration. Also move svm_update_guest_efer() to drop its forward declaration. Signed-off-by: Andrew Cooper --- CC: Jan Beulic

[PATCH 63/65] x86/setup: Rework MSR_S_CET handling for CET-IBT

CET-SS and CET-IBT can be independently controlled, so the configuration of MSR_S_CET can't be constants any more. Introduce xen_msr_s_cet_value(), mostly because I don't fancy writing/maintaining that logic in assembly. Use this in the 3 paths which alter MSR_S_CET when both features are potenti

[PATCH 40/65] x86/pmu: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/cpu/vpmu_amd.c | 16 xen/arch/x86/cpu/vpmu_intel.c | 16 xen/arch/x86/oprofile/op_model_athlon.c | 16 xen/arch/x86/oprofil

[PATCH 11/65] xen: Annotate fnptr targets from call_rcu()

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Roger Pau Monné --- xen/arch/x86/hvm/mtrr.c | 2 +- xen/arch/x86/hvm/vmsi.c | 2 +- xen/arch/x86/mm/mem_sharing.c | 2 +- xen/arch/x86/percpu.c | 2 +- xen/common/doma

[PATCH 37/65] x86/quirks: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/dmi_scan.c | 10 +- xen/arch/x86/hvm/quirks.c | 2 +- xen/arch/x86/shutdown.c | 2 +- xen/arch/x86/x86_64/mmconfig-shared.c | 8 4 files

[PATCH 35/65] x86/mtrr: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu Most of mtrr/ looks to be compatibility for pre-64bit days. It can probably be pruned substantially. --- xen/arch/x86/cpu/mtrr/generic.c | 18 ++ xen/arch/x86/cpu/mtrr/mtrr.h| 8 2

[PATCH 49/65] x86/psr: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/psr.c | 33 + 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c index 6c9cabf3843d..ccb761998f9a 100644 --- a/

[PATCH 39/65] x86/mce: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/cpu/mcheck/mce.c | 8 xen/arch/x86/cpu/mcheck/mce.h | 2 +- xen/arch/x86/cpu/mcheck/mce_amd.c | 9 xen/arch/x86/cpu/mcheck/mce_amd.h | 4 ++-- xen/arch/x86/cp

[PATCH 30/65] x86/emul: Annotate fnptr targets

pv_emul_is_mem_write() only has a single user. Having it as a static inline is pointless because it can't be inlined to begin with. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/hvm/emulate.c | 72 +--

[PATCH 64/65] x86/efi: Disable CET-IBT around Runtime Services calls

At least one TigerLake NUC has UEFI firmware which isn't CET-IBT compatible. Read under a function pointer to see whether an endbr64 instruction is present, and use this as a heuristic. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu This was disappointing to

[PATCH 46/65] x86/p2m: Annotate fnptr targets

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu --- xen/arch/x86/mm/hap/hap.c| 2 +- xen/arch/x86/mm/hap/nested_hap.c | 2 +- xen/arch/x86/mm/p2m-ept.c| 32 +++- xen/arch/x86/mm/p2m-pt.c | 19 +--

[PATCH 56/65] x86: Use control flow typechecking where possible

Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monné CC: Wei Liu RFC. This is still an experimental compiler extention https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102953 However, it is also the entire basis of being able to sanely use -mmanual-endbr in the first place, so is

Re: [PATCH 00/65] x86: Support for CET Indirect Branch Tracking

On 26/11/2021 12:48, Jan Beulich wrote: > On 26.11.2021 13:33, Andrew Cooper wrote: >> CET Indirect Branch Tracking is a hardware feature designed to protect >> against >> forward-edge control flow hijacking (Call/Jump oriented programming), and is >> a >> companion feature to CET Shadow Stacks a

Re: [RFC PATCH] Added the logic to decode 32 bit ldr/str post-indexing instructions

On Fri, 19 Nov 2021 16:52:02 + Ayan Kumar Halder wrote: Hi, > At present, post indexing instructions are not emulated by Xen. > When Xen gets the exception, EL2_ESR.ISV bit not set. Thus as a > result, data abort is triggered. > > Added the logic to decode ldr/str post indexing instructions

Re: [PATCH 00/65] x86: Support for CET Indirect Branch Tracking

On 26/11/2021 13:13, Andrew Cooper wrote: > On 26/11/2021 12:48, Jan Beulich wrote: >> On 26.11.2021 13:33, Andrew Cooper wrote: >>> Various note accumulated through the work: >>> * I have already posted patches fixing some of the most egregious >>> (ab)uses of >>> function pointers. There

Re: [PATCH 00/65] x86: Support for CET Indirect Branch Tracking

On 26.11.2021 14:13, Andrew Cooper wrote: > On 26/11/2021 12:48, Jan Beulich wrote: >> On 26.11.2021 13:33, Andrew Cooper wrote: >>> * I have not checked for misaligned endbr64's, and I'm not sure there is >>> anything useful we could do upon discovering that there were any. >>> Naively,

[qemu-mainline test] 166370: tolerable FAIL - PUSHED

flight 166370 qemu-mainline real [real] http://logs.test-lab.xenproject.org/osstest/logs/166370/ Failures :-/ but no regressions. Regressions which are regarded as allowable (not blocking): test-armhf-armhf-xl-rtds 14 guest-start fail REGR. vs. 166300 Tests which did not succee

Re: [RFC PATCH V3] xen/gnttab: Store frame GFN in struct page_info on Arm

On 25.11.21 21:04, Julien Grall wrote: Hi Oleksandr, Apologies for the late answer. I was waiting for XSA-387 to go out before commenting. Hi Julien, I got it, no problem On 23/09/2021 20:32, Oleksandr Tyshchenko wrote: From: Oleksandr Tyshchenko Rework Arm implementation to stor

Re: [PATCH 01/65] x86: Introduce support for CET-IBT

On 26.11.2021 13:33, Andrew Cooper wrote: > @@ -124,6 +129,18 @@ config XEN_SHSTK > When CET-SS is active, 32bit PV guests cannot be used. Backwards > compatiblity can be provided via the PV Shim mechanism. > > +config XEN_IBT > + bool "Supervisor Indirect Branch Tracking" >

Re: [RFC?] xen/arm: memaccess: Pass struct npfec by reference in p2m_mem_access_check

On 26.11.21 09:46, Jan Beulich wrote: Hi Jan On 25.11.2021 23:49, Oleksandr Tyshchenko wrote: From: Oleksandr Tyshchenko Today I noticed a "note" when building Xen on Arm64 with aarch64-poky-linux-gcc (GCC) 9.3.0. It turned out that Andrew Cooper had alredy reported it before [1]: mem_acc

Re: [PATCH 04/65] x86/hypercall: Annotate fnptr targets

On 26.11.2021 13:33, Andrew Cooper wrote: > Signed-off-by: Andrew Cooper I understand there's not much to say here, but the title saying just "annotate" without any context as to the purpose of the annotation is too little information imo. I guess this then goes for many more titles in this serie

Re: [PATCH 04/65] x86/hypercall: Annotate fnptr targets

On 26/11/2021 14:21, Jan Beulich wrote: > On 26.11.2021 13:33, Andrew Cooper wrote: >> Signed-off-by: Andrew Cooper > I understand there's not much to say here, but the title saying just > "annotate" without any context as to the purpose of the annotation > is too little information imo. I guess t

Re: [RFC?] xen/arm: memaccess: Pass struct npfec by reference in p2m_mem_access_check

On 26.11.21 13:39, Andrew Cooper wrote: Hi Andrew On 26/11/2021 07:46, Jan Beulich wrote: On 25.11.2021 23:49, Oleksandr Tyshchenko wrote: From: Oleksandr Tyshchenko Today I noticed a "note" when building Xen on Arm64 with aarch64-poky-linux-gcc (GCC) 9.3.0. It turned out that Andrew Coo

Re: [PATCH 0/2] xen: make debugreg accessors always_inline

On 11/25/21 4:20 AM, Juergen Gross wrote: Juergen Gross (2): xen: make HYPERVISOR_get_debugreg() always_inline xen: make HYPERVISOR_set_debugreg() always_inline arch/x86/include/asm/xen/hypercall.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Applied to for-linus-5.16

Re: [PATCH V3 4/6] xen/unpopulated-alloc: Add mechanism to use Xen resource

On 11/24/21 3:53 PM, Oleksandr Tyshchenko wrote: + if (target_resource != &iomem_resource) { + tmp_res = kzalloc(sizeof(*tmp_res), GFP_KERNEL); + if (!res) { If (!tmp_res) + ret = -ENOMEM; + goto err_insert; +

  1   2   >