| Message ID | 516ada36487fd57f7a784f9fb3fe328f5365bd85.1722960083.git.oleksii.kurochko@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | RISCV basic exception handling implementation | expand |
On 06.08.2024 18:37, Oleksii Kurochko wrote: > Enable GENERIC_BUG_FRAME to support BUG(), WARN(), ASSERT, > and run_in_exception_handler(). > > "UNIMP" is used for BUG_INSTR, which, when macros from <xen/bug.h> > are used, triggers an exception with the ILLEGAL_INSTRUCTION cause. > This instruction is encoded as a 2-byte instruction when > CONFIG_RISCV_ISA_C is enabled: > ffffffffc0046ba0: 0000 unimp > and is encoded as a 4-byte instruction when CONFIG_RISCV_ISA_C > ins't enabled: > ffffffffc005a460: c0001073 unimp > > Using 'ebreak' as BUG_INSTR does not guarantee proper handling of macros > from <xen/bug.h>. If a debugger inserts a breakpoint (using the 'ebreak' > instruction) at a location where Xen already uses 'ebreak', it > creates ambiguity. Xen cannot distinguish whether the 'ebreak' > instruction is inserted by the debugger or is part of Xen's own code. > > Remove BUG_INSN_32 and BUG_INSN_16 macros as they encode the ebreak > instruction, which is no longer used for BUG_INSN. > > Update the comment above the definition of INS_LENGTH_MASK as instead of > 'ebreak' instruction 'unimp' instruction is used. > > <xen/lib.h> is included for the reason that panic() and printk() are > used in common/bug.c and RISC-V fails if it is not included. > > Signed-off-by: Oleksii Kurochko <oleksii.kurochko@gmail.com> Acked-by: Jan Beulich <jbeulich@suse.com> Just one more (cosmetic) question: > --- a/xen/arch/riscv/include/asm/bug.h > +++ b/xen/arch/riscv/include/asm/bug.h > @@ -9,7 +9,7 @@ > > #ifndef __ASSEMBLY__ > > -#define BUG_INSTR "ebreak" > +#define BUG_INSTR "UNIMP" Deliberately all uppercase? Jan
On Wed, 2024-08-07 at 16:39 +0200, Jan Beulich wrote: > On 06.08.2024 18:37, Oleksii Kurochko wrote: > > Enable GENERIC_BUG_FRAME to support BUG(), WARN(), ASSERT, > > and run_in_exception_handler(). > > > > "UNIMP" is used for BUG_INSTR, which, when macros from <xen/bug.h> > > are used, triggers an exception with the ILLEGAL_INSTRUCTION cause. > > This instruction is encoded as a 2-byte instruction when > > CONFIG_RISCV_ISA_C is enabled: > > ffffffffc0046ba0: 0000 unimp > > and is encoded as a 4-byte instruction when CONFIG_RISCV_ISA_C > > ins't enabled: > > ffffffffc005a460: c0001073 unimp > > > > Using 'ebreak' as BUG_INSTR does not guarantee proper handling of > > macros > > from <xen/bug.h>. If a debugger inserts a breakpoint (using the > > 'ebreak' > > instruction) at a location where Xen already uses 'ebreak', it > > creates ambiguity. Xen cannot distinguish whether the 'ebreak' > > instruction is inserted by the debugger or is part of Xen's own > > code. > > > > Remove BUG_INSN_32 and BUG_INSN_16 macros as they encode the ebreak > > instruction, which is no longer used for BUG_INSN. > > > > Update the comment above the definition of INS_LENGTH_MASK as > > instead of > > 'ebreak' instruction 'unimp' instruction is used. > > > > <xen/lib.h> is included for the reason that panic() and printk() > > are > > used in common/bug.c and RISC-V fails if it is not included. > > > > Signed-off-by: Oleksii Kurochko <oleksii.kurochko@gmail.com> > > Acked-by: Jan Beulich <jbeulich@suse.com> Thanks. > > Just one more (cosmetic) question: > > > --- a/xen/arch/riscv/include/asm/bug.h > > +++ b/xen/arch/riscv/include/asm/bug.h > > @@ -9,7 +9,7 @@ > > > > #ifndef __ASSEMBLY__ > > > > -#define BUG_INSTR "ebreak" > > +#define BUG_INSTR "UNIMP" > > Deliberately all uppercase? It could be lowercase without any issue. It was mentioned in uppercase in RISC-V assembly manual: ``` To better diagnose situations where the program flow reaches an unexpected location, you might want to emit there an instruction that's known to trap. You can use an `UNIMP` pseudoinstruction, ... ``` ~ Oleksii
diff --git a/xen/arch/riscv/Kconfig b/xen/arch/riscv/Kconfig index b4b354a778..f531e96657 100644 --- a/xen/arch/riscv/Kconfig +++ b/xen/arch/riscv/Kconfig @@ -1,6 +1,7 @@ config RISCV def_bool y select FUNCTION_ALIGNMENT_16B + select GENERIC_BUG_FRAME config RISCV_64 def_bool y diff --git a/xen/arch/riscv/include/asm/bug.h b/xen/arch/riscv/include/asm/bug.h index f5ff96140f..30941816de 100644 --- a/xen/arch/riscv/include/asm/bug.h +++ b/xen/arch/riscv/include/asm/bug.h @@ -9,7 +9,7 @@ #ifndef __ASSEMBLY__ -#define BUG_INSTR "ebreak" +#define BUG_INSTR "UNIMP" /* * The base instruction set has a fixed length of 32-bit naturally aligned @@ -18,15 +18,13 @@ * There are extensions of variable length ( where each instruction can be * any number of 16-bit parcels in length ). * - * Compressed ISA is used now where the instruction length is 16 bit and - * 'ebreak' instruction, in this case, can be either 16 or 32 bit ( + * Compressed ISA is used now where the instruction length is 16 bit and + * 'unimp' instruction, in this case, can be either 16 or 32 bit ( * depending on if compressed ISA is used or not ) */ #define INSN_LENGTH_MASK _UL(0x3) #define INSN_LENGTH_32 _UL(0x3) -#define BUG_INSN_32 _UL(0x00100073) /* ebreak */ -#define BUG_INSN_16 _UL(0x9002) /* c.ebreak */ #define COMPRESSED_INSN_MASK _UL(0xffff) #define GET_INSN_LENGTH(insn) \ diff --git a/xen/arch/riscv/traps.c b/xen/arch/riscv/traps.c index 7149504ebc..d55a4a827b 100644 --- a/xen/arch/riscv/traps.c +++ b/xen/arch/riscv/traps.c @@ -5,6 +5,8 @@ * RISC-V Trap handlers */ +#include <xen/bug.h> +#include <xen/compiler.h> #include <xen/lib.h> #include <xen/nospec.h> #include <xen/sched.h> @@ -106,7 +108,29 @@ static void do_unexpected_trap(const struct cpu_user_regs *regs) void do_trap(struct cpu_user_regs *cpu_regs) { - do_unexpected_trap(cpu_regs); + register_t pc = cpu_regs->sepc; + unsigned long cause = csr_read(CSR_SCAUSE); + + switch ( cause ) + { + case CAUSE_ILLEGAL_INSTRUCTION: + if ( do_bug_frame(cpu_regs, pc) >= 0 ) + { + if ( !(is_kernel_text(pc) || is_kernel_inittext(pc)) ) + { + printk("Something wrong with PC: %#lx\n", pc); + die(); + } + + cpu_regs->sepc += GET_INSN_LENGTH(*(uint16_t *)pc); + + break; + } + fallthrough; + default: + do_unexpected_trap(cpu_regs); + break; + } } void vcpu_show_execution_state(struct vcpu *v) diff --git a/xen/common/bug.c b/xen/common/bug.c index b7c5d8fd4d..75cb35fcfa 100644 --- a/xen/common/bug.c +++ b/xen/common/bug.c @@ -1,6 +1,7 @@ #include <xen/bug.h> #include <xen/errno.h> #include <xen/kernel.h> +#include <xen/lib.h> #include <xen/livepatch.h> #include <xen/string.h> #include <xen/types.h>
Enable GENERIC_BUG_FRAME to support BUG(), WARN(), ASSERT, and run_in_exception_handler(). "UNIMP" is used for BUG_INSTR, which, when macros from <xen/bug.h> are used, triggers an exception with the ILLEGAL_INSTRUCTION cause. This instruction is encoded as a 2-byte instruction when CONFIG_RISCV_ISA_C is enabled: ffffffffc0046ba0: 0000 unimp and is encoded as a 4-byte instruction when CONFIG_RISCV_ISA_C ins't enabled: ffffffffc005a460: c0001073 unimp Using 'ebreak' as BUG_INSTR does not guarantee proper handling of macros from <xen/bug.h>. If a debugger inserts a breakpoint (using the 'ebreak' instruction) at a location where Xen already uses 'ebreak', it creates ambiguity. Xen cannot distinguish whether the 'ebreak' instruction is inserted by the debugger or is part of Xen's own code. Remove BUG_INSN_32 and BUG_INSN_16 macros as they encode the ebreak instruction, which is no longer used for BUG_INSN. Update the comment above the definition of INS_LENGTH_MASK as instead of 'ebreak' instruction 'unimp' instruction is used. <xen/lib.h> is included for the reason that panic() and printk() are used in common/bug.c and RISC-V fails if it is not included. Signed-off-by: Oleksii Kurochko <oleksii.kurochko@gmail.com> --- Changes in V13: - add fallthrough for " case CAUSE_ILLEGAL_INSTRUCTION" in do_trap(). - define BUG_INSTR as "UNIMP" to cover properly the cases when CONFIG_RISCV_ISA_C is enabled and not. - Update the comment above the definition of INS_LENGTH_MASK. - Update the commit message. --- Changes in V12: - Update the commit message - Use 0x0000 as BUG_INSTR instead of 'ebreak' to deal with cases when the debugger inserts 'ebreak' into the place where Xen has ebreak. - Remove BUG_INSN_32 and BUG_INSN_16 macros as they encode the ebreak instruction, which is no longer used for BUG_INSN. - Update the commit above the definition of INS_LENGTH_MASK. - Move break inside "if ( do_bug_frame(cpu_regs, pc) >= 0 )". --- Changes in V11: - update the commit message - change "%lx" to "%#x" for PC register printing. - drop +1 in argument of is_kernel_text(pc) and is_kernel_inittext(pc). - drop return for case CAUSE_BREAKPOINT. - add break to default and add a blank like above it. - add a comment CAUSE_BREAKPOINT is handled instead of illegal instruction. --- Changes in V10: - put 'select GENERIC_BUG_FRAME' in "Config RISCV". - rework do_trap() to not fetch an instruction in case when the cause of trap is BUG_insn. - drop read_instr() and is_valid_bug_insn(). - update the commit message. --- Changes in V9: - Rebase on the top of current staging. - use GENERIC_BUG_FRAME as now we have common code available. - add xen/lib.h to bug.c to fix a compilation error around printk. - update the commit message. - update the code of read_instr() in traps.c - fold two-s if into 1 in do_trap. --- Changes in V8: - remove Pointless initializer of id. - make bug_frames[] array constant. - remove cast_to_bug_frame(addr). - rename is_valig_bugaddr to is_valid_bug_insn(). - add check that read_instr is used only on xen code - update the commit message. --- Changes in V7: - move to this patch the definition of cast_to_bug_frame() from the previous patch. - update the comment in bug.h. - update the comment above do_bug_frame(). - fix code style. - add comment to read_instr func. - add space for bug_frames in lds.S. --- Changes in V6: - Avoid LINK_TO_LOAD() as bug.h functionality expected to be used after MMU is enabled. - Change early_printk() to printk() --- Changes in V5: - Remove "#include <xen/types.h>" from <asm/bug.h> as there is no any need in it anymore - Update macros GET_INSN_LENGTH: remove UL and 'unsigned int len;' from it - Remove " include <xen/bug.h>" from risc/setup.c. it is not needed in the current version of the patch - change an argument type from vaddr_t to uint32_t for is_valid_bugaddr and introduce read_instr() to read instruction properly as the length of qinstruction can be either 32 or 16 bits. - Code style fixes - update the comments before do_bug_frame() in riscv/trap.c - Refactor is_valid_bugaddr() function. - introduce macros cast_to_bug_frame(addr) to hide casts. - use LINK_TO_LOAD() for addresses which are linker time relative. --- Changes in V4: - Updates in RISC-V's <asm/bug.h>: * Add explanatory comment about why there is only defined for 32-bits length instructions and 16/32-bits BUG_INSN_{16,32}. * Change 'unsigned long' to 'unsigned int' inside GET_INSN_LENGTH(). * Update declaration of is_valid_bugaddr(): switch return type from int to bool and the argument from 'unsigned int' to 'vaddr'. - Updates in RISC-V's traps.c: * replace /xen and /asm includes * update definition of is_valid_bugaddr():switch return type from int to bool and the argument from 'unsigned int' to 'vaddr'. Code style inside function was updated too. * do_bug_frame() refactoring: * local variables start and bug became 'const struct bug_frame' * bug_frames[] array became 'static const struct bug_frame[] = ...' * remove all casts * remove unneeded comments and add an explanatory comment that the do_bug_frame() will be switched to a generic one. * do_trap() refactoring: * read 16-bits value instead of 32-bits as compressed instruction can be used and it might happen than only 16-bits may be accessible. * code style updates * re-use instr variable instead of re-reading instruction. - Updates in setup.c: * add blank line between xen/ and asm/ includes. --- Changes in V3: - Rebase the patch "xen/riscv: introduce an implementation of macros from <asm/bug.h>" on top of patch series [introduce generic implementation of macros from bug.h] --- Changes in V2: - Remove __ in define namings - Update run_in_exception_handler() with register void *fn_ asm(__stringify(BUG_FN_REG)) = (fn); - Remove bug_instr_t type and change it's usage to uint32_t --- xen/arch/riscv/Kconfig | 1 + xen/arch/riscv/include/asm/bug.h | 8 +++----- xen/arch/riscv/traps.c | 26 +++++++++++++++++++++++++- xen/common/bug.c | 1 + 4 files changed, 30 insertions(+), 6 deletions(-)