diff mbox

[5/5] x86: drop failsafe callback invocation from assembly

Message ID 56C4B00102000078000D34B1@prv-mh.provo.novell.com (mailing list archive)
State New, archived
Headers show

Commit Message

Jan Beulich Feb. 17, 2016, 4:38 p.m. UTC 
Afaict this was never necessary on a 64-bit hypervisor, and was instead
just blindly cloned over from 32-bit code: We don't fiddle with (and
hence don't reload) any of DS, ES, FS, or GS, and an exception on IRET
itself can equally well be reported to the guest as that very exception
on the target of that IRET.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
x86: drop failsafe callback invocation from assembly

Afaict this was never necessary on a 64-bit hypervisor, and was instead
just blindly cloned over from 32-bit code: We don't fiddle with (and
hence don't reload) any of DS, ES, FS, or GS, and an exception on IRET
itself can equally well be reported to the guest as that very exception
on the target of that IRET.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/x86_64/compat/entry.S
+++ b/xen/arch/x86/x86_64/compat/entry.S
@@ -176,39 +176,7 @@ ENTRY(compat_restore_all_guest)
         ASSERT_INTERRUPTS_DISABLED
         RESTORE_ALL adj=8 compat=1
 .Lft0:  iretq
-
-.section .fixup,"ax"
-.Lfx0:  sti
-        SAVE_ALL
-        movq  UREGS_error_code(%rsp),%rsi
-        movq  %rsp,%rax
-        andq  $~0xf,%rsp
-        pushq $__HYPERVISOR_DS         # SS
-        pushq %rax                     # RSP
-        pushfq                         # RFLAGS
-        pushq $__HYPERVISOR_CS         # CS
-        leaq  .Ldf0(%rip),%rax
-        pushq %rax                     # RIP
-        pushq %rsi                     # error_code/entry_vector
-        jmp   handle_exception
-.Ldf0:  GET_CURRENT(%rbx)
-        jmp   compat_test_all_events
-compat_failsafe_callback:
-        GET_CURRENT(%rbx)
-        leaq  VCPU_trap_bounce(%rbx),%rdx
-        movl  VCPU_failsafe_addr(%rbx),%eax
-        movl  %eax,TRAPBOUNCE_eip(%rdx)
-        movl  VCPU_failsafe_sel(%rbx),%eax
-        movw  %ax,TRAPBOUNCE_cs(%rdx)
-        movb  $TBF_FAILSAFE,TRAPBOUNCE_flags(%rdx)
-        btq   $_VGCF_failsafe_disables_events,VCPU_guest_context_flags(%rbx)
-        jnc   1f
-        orb   $TBF_INTERRUPT,TRAPBOUNCE_flags(%rdx)
-1:      call  compat_create_bounce_frame
-        jmp   compat_test_all_events
-.previous
-        _ASM_PRE_EXTABLE(.Lft0, .Lfx0)
-        _ASM_EXTABLE(.Ldf0, compat_failsafe_callback)
+        _ASM_PRE_EXTABLE(.Lft0, handle_exception)
 
 /* %rdx: trap_bounce, %rbx: struct vcpu */
 ENTRY(compat_post_handle_exception)
@@ -322,17 +290,6 @@ compat_create_bounce_frame:
         movl  TRAPBOUNCE_error_code(%rdx),%eax
 .Lft8:  movl  %eax,%fs:(%rsi)           # ERROR CODE
 1:
-        testb $TBF_FAILSAFE,%cl
-UNLIKELY_START(nz, compat_bounce_failsafe)
-        subl  $4*4,%esi
-        movl  %gs,%eax
-.Lft9:  movl  %eax,%fs:3*4(%rsi)        # GS
-.Lft10: movl  %edi,%fs:2*4(%rsi)        # FS
-        movl  %es,%eax
-.Lft11: movl  %eax,%fs:1*4(%rsi)        # ES
-        movl  %ds,%eax
-.Lft12: movl  %eax,%fs:0*4(%rsi)        # DS
-UNLIKELY_END(compat_bounce_failsafe)
         /* Rewrite our stack frame and return to guest-OS mode. */
         /* IA32 Ref. Vol. 3: TF, VM, RF and NT flags are cleared on trap. */
         andl  $~(X86_EFLAGS_VM|X86_EFLAGS_RF|\
@@ -364,14 +321,8 @@ __UNLIKELY_END(compat_bounce_null_select
         _ASM_EXTABLE(.Lft6,  compat_crash_page_fault_8)
         _ASM_EXTABLE(.Lft7,  compat_crash_page_fault)
         _ASM_EXTABLE(.Lft8,  compat_crash_page_fault)
-        _ASM_EXTABLE(.Lft9,  compat_crash_page_fault_12)
-        _ASM_EXTABLE(.Lft10, compat_crash_page_fault_8)
-        _ASM_EXTABLE(.Lft11, compat_crash_page_fault_4)
-        _ASM_EXTABLE(.Lft12, compat_crash_page_fault)
         _ASM_EXTABLE(.Lft13, .Lfx13)
 
-compat_crash_page_fault_12:
-        addl  $4,%esi
 compat_crash_page_fault_8:
         addl  $4,%esi
 compat_crash_page_fault_4:
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -64,37 +64,7 @@ restore_all_guest:
 iret_exit_to_guest:
         addq  $8,%rsp
 .Lft0:  iretq
-
-.section .fixup,"ax"
-.Lfx0:  sti
-        SAVE_ALL
-        movq  UREGS_error_code(%rsp),%rsi
-        movq  %rsp,%rax
-        andq  $~0xf,%rsp
-        pushq $__HYPERVISOR_DS         # SS
-        pushq %rax                     # RSP
-        pushfq                         # RFLAGS
-        pushq $__HYPERVISOR_CS         # CS
-        leaq  .Ldf0(%rip),%rax
-        pushq %rax                     # RIP
-        pushq %rsi                     # error_code/entry_vector
-        jmp   handle_exception
-.Ldf0:  GET_CURRENT(%rbx)
-        jmp   test_all_events
-failsafe_callback:
-        GET_CURRENT(%rbx)
-        leaq  VCPU_trap_bounce(%rbx),%rdx
-        movq  VCPU_failsafe_addr(%rbx),%rax
-        movq  %rax,TRAPBOUNCE_eip(%rdx)
-        movb  $TBF_FAILSAFE,TRAPBOUNCE_flags(%rdx)
-        bt    $_VGCF_failsafe_disables_events,VCPU_guest_context_flags(%rbx)
-        jnc   1f
-        orb   $TBF_INTERRUPT,TRAPBOUNCE_flags(%rdx)
-1:      call  create_bounce_frame
-        jmp   test_all_events
-.previous
-        _ASM_PRE_EXTABLE(.Lft0, .Lfx0)
-        _ASM_EXTABLE(.Ldf0, failsafe_callback)
+        _ASM_PRE_EXTABLE(.Lft0, handle_exception)
 
         ALIGN
 /* No special register assumptions. */
@@ -405,18 +375,7 @@ __UNLIKELY_END(create_bounce_frame_bad_s
         subq  $8,%rsi
         movl  TRAPBOUNCE_error_code(%rdx),%eax
 .Lft7:  movq  %rax,(%rsi)               # ERROR CODE
-1:      testb $TBF_FAILSAFE,%cl
-UNLIKELY_START(nz, bounce_failsafe)
-        subq  $32,%rsi
-        movl  %gs,%eax
-.Lft8:  movq  %rax,24(%rsi)             # GS
-        movl  %fs,%eax
-.Lft9:  movq  %rax,16(%rsi)             # FS
-        movl  %es,%eax
-.Lft10: movq  %rax,8(%rsi)              # ES
-        movl  %ds,%eax
-.Lft11: movq  %rax,(%rsi)               # DS
-UNLIKELY_END(bounce_failsafe)
+1:
         subq  $16,%rsi
         movq  UREGS_r11+8(%rsp),%rax
 .Lft12: movq  %rax,8(%rsi)              # R11
@@ -446,10 +405,6 @@ __UNLIKELY_END(create_bounce_frame_bad_b
         _ASM_EXTABLE(.Lft5,  domain_crash_page_fault_16)
         _ASM_EXTABLE(.Lft6,  domain_crash_page_fault)
         _ASM_EXTABLE(.Lft7,  domain_crash_page_fault)
-        _ASM_EXTABLE(.Lft8,  domain_crash_page_fault_24)
-        _ASM_EXTABLE(.Lft9,  domain_crash_page_fault_16)
-        _ASM_EXTABLE(.Lft10, domain_crash_page_fault_8)
-        _ASM_EXTABLE(.Lft11, domain_crash_page_fault)
         _ASM_EXTABLE(.Lft12, domain_crash_page_fault_8)
         _ASM_EXTABLE(.Lft13, domain_crash_page_fault)
 
--- a/xen/include/asm-x86/processor.h
+++ b/xen/include/asm-x86/processor.h
@@ -128,7 +128,6 @@
 #define TBF_EXCEPTION          1
 #define TBF_EXCEPTION_ERRCODE  2
 #define TBF_INTERRUPT          8
-#define TBF_FAILSAFE          16
 
 /* 'arch_vcpu' flags values */
 #define _TF_kernel_mode        0

Comments

Andrew Cooper Feb. 17, 2016, 7:01 p.m. UTC | #1 
On 17/02/16 16:38, Jan Beulich wrote:
> Afaict this was never necessary on a 64-bit hypervisor, and was instead
> just blindly cloned over from 32-bit code: We don't fiddle with (and
> hence don't reload) any of DS, ES, FS, or GS, and an exception on IRET
> itself can equally well be reported to the guest as that very exception
> on the target of that IRET.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

As best as I can tell, this looks safe.

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

This is one area I intend to write an XTF test for, but I havn't had
time to yet.  I will see if I can dig out the start of the test and
complete it.

~Andrew
diff mbox

Patch

--- a/xen/arch/x86/x86_64/compat/entry.S
+++ b/xen/arch/x86/x86_64/compat/entry.S
@@ -176,39 +176,7 @@  ENTRY(compat_restore_all_guest)
         ASSERT_INTERRUPTS_DISABLED
         RESTORE_ALL adj=8 compat=1
 .Lft0:  iretq
-
-.section .fixup,"ax"
-.Lfx0:  sti
-        SAVE_ALL
-        movq  UREGS_error_code(%rsp),%rsi
-        movq  %rsp,%rax
-        andq  $~0xf,%rsp
-        pushq $__HYPERVISOR_DS         # SS
-        pushq %rax                     # RSP
-        pushfq                         # RFLAGS
-        pushq $__HYPERVISOR_CS         # CS
-        leaq  .Ldf0(%rip),%rax
-        pushq %rax                     # RIP
-        pushq %rsi                     # error_code/entry_vector
-        jmp   handle_exception
-.Ldf0:  GET_CURRENT(%rbx)
-        jmp   compat_test_all_events
-compat_failsafe_callback:
-        GET_CURRENT(%rbx)
-        leaq  VCPU_trap_bounce(%rbx),%rdx
-        movl  VCPU_failsafe_addr(%rbx),%eax
-        movl  %eax,TRAPBOUNCE_eip(%rdx)
-        movl  VCPU_failsafe_sel(%rbx),%eax
-        movw  %ax,TRAPBOUNCE_cs(%rdx)
-        movb  $TBF_FAILSAFE,TRAPBOUNCE_flags(%rdx)
-        btq   $_VGCF_failsafe_disables_events,VCPU_guest_context_flags(%rbx)
-        jnc   1f
-        orb   $TBF_INTERRUPT,TRAPBOUNCE_flags(%rdx)
-1:      call  compat_create_bounce_frame
-        jmp   compat_test_all_events
-.previous
-        _ASM_PRE_EXTABLE(.Lft0, .Lfx0)
-        _ASM_EXTABLE(.Ldf0, compat_failsafe_callback)
+        _ASM_PRE_EXTABLE(.Lft0, handle_exception)
 
 /* %rdx: trap_bounce, %rbx: struct vcpu */
 ENTRY(compat_post_handle_exception)
@@ -322,17 +290,6 @@  compat_create_bounce_frame:
         movl  TRAPBOUNCE_error_code(%rdx),%eax
 .Lft8:  movl  %eax,%fs:(%rsi)           # ERROR CODE
 1:
-        testb $TBF_FAILSAFE,%cl
-UNLIKELY_START(nz, compat_bounce_failsafe)
-        subl  $4*4,%esi
-        movl  %gs,%eax
-.Lft9:  movl  %eax,%fs:3*4(%rsi)        # GS
-.Lft10: movl  %edi,%fs:2*4(%rsi)        # FS
-        movl  %es,%eax
-.Lft11: movl  %eax,%fs:1*4(%rsi)        # ES
-        movl  %ds,%eax
-.Lft12: movl  %eax,%fs:0*4(%rsi)        # DS
-UNLIKELY_END(compat_bounce_failsafe)
         /* Rewrite our stack frame and return to guest-OS mode. */
         /* IA32 Ref. Vol. 3: TF, VM, RF and NT flags are cleared on trap. */
         andl  $~(X86_EFLAGS_VM|X86_EFLAGS_RF|\
@@ -364,14 +321,8 @@  __UNLIKELY_END(compat_bounce_null_select
         _ASM_EXTABLE(.Lft6,  compat_crash_page_fault_8)
         _ASM_EXTABLE(.Lft7,  compat_crash_page_fault)
         _ASM_EXTABLE(.Lft8,  compat_crash_page_fault)
-        _ASM_EXTABLE(.Lft9,  compat_crash_page_fault_12)
-        _ASM_EXTABLE(.Lft10, compat_crash_page_fault_8)
-        _ASM_EXTABLE(.Lft11, compat_crash_page_fault_4)
-        _ASM_EXTABLE(.Lft12, compat_crash_page_fault)
         _ASM_EXTABLE(.Lft13, .Lfx13)
 
-compat_crash_page_fault_12:
-        addl  $4,%esi
 compat_crash_page_fault_8:
         addl  $4,%esi
 compat_crash_page_fault_4:
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -64,37 +64,7 @@  restore_all_guest:
 iret_exit_to_guest:
         addq  $8,%rsp
 .Lft0:  iretq
-
-.section .fixup,"ax"
-.Lfx0:  sti
-        SAVE_ALL
-        movq  UREGS_error_code(%rsp),%rsi
-        movq  %rsp,%rax
-        andq  $~0xf,%rsp
-        pushq $__HYPERVISOR_DS         # SS
-        pushq %rax                     # RSP
-        pushfq                         # RFLAGS
-        pushq $__HYPERVISOR_CS         # CS
-        leaq  .Ldf0(%rip),%rax
-        pushq %rax                     # RIP
-        pushq %rsi                     # error_code/entry_vector
-        jmp   handle_exception
-.Ldf0:  GET_CURRENT(%rbx)
-        jmp   test_all_events
-failsafe_callback:
-        GET_CURRENT(%rbx)
-        leaq  VCPU_trap_bounce(%rbx),%rdx
-        movq  VCPU_failsafe_addr(%rbx),%rax
-        movq  %rax,TRAPBOUNCE_eip(%rdx)
-        movb  $TBF_FAILSAFE,TRAPBOUNCE_flags(%rdx)
-        bt    $_VGCF_failsafe_disables_events,VCPU_guest_context_flags(%rbx)
-        jnc   1f
-        orb   $TBF_INTERRUPT,TRAPBOUNCE_flags(%rdx)
-1:      call  create_bounce_frame
-        jmp   test_all_events
-.previous
-        _ASM_PRE_EXTABLE(.Lft0, .Lfx0)
-        _ASM_EXTABLE(.Ldf0, failsafe_callback)
+        _ASM_PRE_EXTABLE(.Lft0, handle_exception)
 
         ALIGN
 /* No special register assumptions. */
@@ -405,18 +375,7 @@  __UNLIKELY_END(create_bounce_frame_bad_s
         subq  $8,%rsi
         movl  TRAPBOUNCE_error_code(%rdx),%eax
 .Lft7:  movq  %rax,(%rsi)               # ERROR CODE
-1:      testb $TBF_FAILSAFE,%cl
-UNLIKELY_START(nz, bounce_failsafe)
-        subq  $32,%rsi
-        movl  %gs,%eax
-.Lft8:  movq  %rax,24(%rsi)             # GS
-        movl  %fs,%eax
-.Lft9:  movq  %rax,16(%rsi)             # FS
-        movl  %es,%eax
-.Lft10: movq  %rax,8(%rsi)              # ES
-        movl  %ds,%eax
-.Lft11: movq  %rax,(%rsi)               # DS
-UNLIKELY_END(bounce_failsafe)
+1:
         subq  $16,%rsi
         movq  UREGS_r11+8(%rsp),%rax
 .Lft12: movq  %rax,8(%rsi)              # R11
@@ -446,10 +405,6 @@  __UNLIKELY_END(create_bounce_frame_bad_b
         _ASM_EXTABLE(.Lft5,  domain_crash_page_fault_16)
         _ASM_EXTABLE(.Lft6,  domain_crash_page_fault)
         _ASM_EXTABLE(.Lft7,  domain_crash_page_fault)
-        _ASM_EXTABLE(.Lft8,  domain_crash_page_fault_24)
-        _ASM_EXTABLE(.Lft9,  domain_crash_page_fault_16)
-        _ASM_EXTABLE(.Lft10, domain_crash_page_fault_8)
-        _ASM_EXTABLE(.Lft11, domain_crash_page_fault)
         _ASM_EXTABLE(.Lft12, domain_crash_page_fault_8)
         _ASM_EXTABLE(.Lft13, domain_crash_page_fault)
 
--- a/xen/include/asm-x86/processor.h
+++ b/xen/include/asm-x86/processor.h
@@ -128,7 +128,6 @@ 
 #define TBF_EXCEPTION          1
 #define TBF_EXCEPTION_ERRCODE  2
 #define TBF_INTERRUPT          8
-#define TBF_FAILSAFE          16
 
 /* 'arch_vcpu' flags values */
 #define _TF_kernel_mode        0