[v10,4/5] xen/riscv: enable GENERIC_BUG_FRAME

Commit Message

Oleksii Kurochko July 12, 2024, 4:18 p.m. UTC

To have working BUG(), WARN(), ASSERT, run_in_exception_handler()
it is needed to enable GENERIC_BUG_FRAME.

Also, <xen/lib.h> is needed to be included for the reason that panic() and
printk() are used in common/bug.c and RISC-V fails if it is not included
with the following errors:
   common/bug.c:69:9: error: implicit declaration of function 'printk'
   [-Werror=implicit-function-declaration]
      69 |         printk("Xen WARN at %s%s:%d\n", prefix, filename,
   lineno);
         |         ^~~~~~
   common/bug.c:77:9: error: implicit declaration of function 'panic'
   [-Werror=implicit-function-declaration]
      77 |         panic("Xen BUG at %s%s:%d\n", prefix, filename,
   lineno);

Signed-off-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>
---
Changes in V10:
 - put 'select GENERIC_BUG_FRAME' in "Config RISCV".
 - rework do_trap() to not fetch an instruction in case when the cause of trap
   is BUG_insn.
 - drop read_instr() and is_valid_bug_insn().
 - update the commit message.
---
Changes in V9:
 - Rebase on the top of current staging.
 - use GENERIC_BUG_FRAME as now we have common code available.
 - add xen/lib.h to bug.c to fix a compilation error around printk.
 - update the commit message.
 - update the code of read_instr() in traps.c
 - fold two-s if into 1 in do_trap.
---
Changes in V8:
  - remove Pointless initializer of id.
  - make bug_frames[] array constant.
  - remove cast_to_bug_frame(addr).
  - rename is_valig_bugaddr to is_valid_bug_insn().
  - add check that read_instr is used only on xen code
  - update the commit message.
---
Changes in V7:
 - move to this patch the definition of cast_to_bug_frame() from the previous patch.
 - update the comment in bug.h.
 - update the comment above do_bug_frame().
 - fix code style.
 - add comment to read_instr func.
 - add space for bug_frames in lds.S.
---
Changes in V6:
  - Avoid LINK_TO_LOAD() as bug.h functionality expected to be used
    after MMU is enabled.
  - Change early_printk() to printk()
---
Changes in V5:
  - Remove "#include <xen/types.h>" from <asm/bug.h> as there is no any need in it anymore
  - Update macros GET_INSN_LENGTH: remove UL and 'unsigned int len;' from it
  - Remove " include <xen/bug.h>" from risc/setup.c. it is not needed in the current version of
    the patch
  - change an argument type from vaddr_t to uint32_t for is_valid_bugaddr and introduce read_instr() to
    read instruction properly as the length of qinstruction can be either 32 or 16 bits.
  - Code style fixes
  - update the comments before do_bug_frame() in riscv/trap.c
  - Refactor is_valid_bugaddr() function.
  - introduce macros cast_to_bug_frame(addr) to hide casts.
  - use LINK_TO_LOAD() for addresses which are linker time relative.
---
Changes in V4:
  - Updates in RISC-V's <asm/bug.h>:
    * Add explanatory comment about why there is only defined for 32-bits length
      instructions and 16/32-bits BUG_INSN_{16,32}.
    * Change 'unsigned long' to 'unsigned int' inside GET_INSN_LENGTH().
    * Update declaration of is_valid_bugaddr(): switch return type from int to bool
      and the argument from 'unsigned int' to 'vaddr'.
  - Updates in RISC-V's traps.c:
    * replace /xen and /asm includes
    * update definition of is_valid_bugaddr():switch return type from int to bool
      and the argument from 'unsigned int' to 'vaddr'. Code style inside function
      was updated too.
    * do_bug_frame() refactoring:
      * local variables start and bug became 'const struct bug_frame'
      * bug_frames[] array became 'static const struct bug_frame[] = ...'
      * remove all casts
      * remove unneeded comments and add an explanatory comment that the do_bug_frame()
        will be switched to a generic one.
    * do_trap() refactoring:
      * read 16-bits value instead of 32-bits as compressed instruction can
        be used and it might happen than only 16-bits may be accessible.
      * code style updates
      * re-use instr variable instead of re-reading instruction.
  - Updates in setup.c:
    * add blank line between xen/ and asm/ includes.
---
Changes in V3:
  - Rebase the patch "xen/riscv: introduce an implementation of macros
    from <asm/bug.h>" on top of patch series [introduce generic implementation
    of macros from bug.h]
---
Changes in V2:
  - Remove __ in define namings
  - Update run_in_exception_handler() with
    register void *fn_ asm(__stringify(BUG_FN_REG)) = (fn);
  - Remove bug_instr_t type and change it's usage to uint32_t
---
 xen/arch/riscv/Kconfig |  1 +
 xen/arch/riscv/traps.c | 25 ++++++++++++++++++++++++-
 xen/common/bug.c       |  1 +
 3 files changed, 26 insertions(+), 1 deletion(-)

Comments

Jan Beulich July 22, 2024, 11:02 a.m. UTC | #1

On 12.07.2024 18:18, Oleksii Kurochko wrote:
> To have working BUG(), WARN(), ASSERT, run_in_exception_handler()
> it is needed to enable GENERIC_BUG_FRAME.
> 
> Also, <xen/lib.h> is needed to be included for the reason that panic() and
> printk() are used in common/bug.c and RISC-V fails if it is not included
> with the following errors:
>    common/bug.c:69:9: error: implicit declaration of function 'printk'
>    [-Werror=implicit-function-declaration]
>       69 |         printk("Xen WARN at %s%s:%d\n", prefix, filename,
>    lineno);
>          |         ^~~~~~
>    common/bug.c:77:9: error: implicit declaration of function 'panic'
>    [-Werror=implicit-function-declaration]
>       77 |         panic("Xen BUG at %s%s:%d\n", prefix, filename,
>    lineno);

I don't think the diagnostics themselves are needed here.

> Signed-off-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>
> ---
> Changes in V10:
>  - put 'select GENERIC_BUG_FRAME' in "Config RISCV".
>  - rework do_trap() to not fetch an instruction in case when the cause of trap
>    is BUG_insn.

It's BUG_insn here, but then ...

> @@ -103,7 +104,29 @@ static void do_unexpected_trap(const struct cpu_user_regs *regs)
>  
>  void do_trap(struct cpu_user_regs *cpu_regs)
>  {
> -    do_unexpected_trap(cpu_regs);
> +    register_t pc = cpu_regs->sepc;
> +    unsigned long cause = csr_read(CSR_SCAUSE);
> +
> +    switch ( cause )
> +    {
> +    case CAUSE_BREAKPOINT:

... BREAKPOINT here? Generally I'd deem something named "breakpoint" as
debugging related (and hence continuable). I'd have expected
CAUSE_ILLEGAL_INSTRUCTION here, but likely I'm missing something.

> +        if ( do_bug_frame(cpu_regs, pc) >= 0 )
> +        {
> +            if ( !pc ||

In how far does this really need special casing? Isn't that case covered by

> +                 !(is_kernel_text(pc + 1) || is_kernel_inittext(pc + 1)) )

... these checks anyway? And btw, why the "+ 1" in both function arguments?

> +            {
> +                printk("Something wrong with PC: 0x%lx\n", pc);

Nit: %#lx please in situations like this.

> +                die();
> +            }
> +
> +            cpu_regs->sepc += GET_INSN_LENGTH(*(uint16_t *)pc);
> +            return;

This isn't needed, is it? You'd return anyway by ...

> +        }
> +
> +        break;

.... going through here to ...

> +    default:
> +        do_unexpected_trap(cpu_regs);
> +    }
>  }

... here.

Two further nits for the default case: Please have a break statement
there as well, and please have a blank line immediately up from it.

Jan

Oleksii Kurochko July 22, 2024, 2:09 p.m. UTC | #2

On Mon, 2024-07-22 at 13:02 +0200, Jan Beulich wrote:
> On 12.07.2024 18:18, Oleksii Kurochko wrote:
> > To have working BUG(), WARN(), ASSERT, run_in_exception_handler()
> > it is needed to enable GENERIC_BUG_FRAME.
> > 
> > Also, <xen/lib.h> is needed to be included for the reason that
> > panic() and
> > printk() are used in common/bug.c and RISC-V fails if it is not
> > included
> > with the following errors:
> >    common/bug.c:69:9: error: implicit declaration of function
> > 'printk'
> >    [-Werror=implicit-function-declaration]
> >       69 |         printk("Xen WARN at %s%s:%d\n", prefix,
> > filename,
> >    lineno);
> >          |         ^~~~~~
> >    common/bug.c:77:9: error: implicit declaration of function
> > 'panic'
> >    [-Werror=implicit-function-declaration]
> >       77 |         panic("Xen BUG at %s%s:%d\n", prefix, filename,
> >    lineno);
> 
> I don't think the diagnostics themselves are needed here.
> 
> > Signed-off-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>
> > ---
> > Changes in V10:
> >  - put 'select GENERIC_BUG_FRAME' in "Config RISCV".
> >  - rework do_trap() to not fetch an instruction in case when the
> > cause of trap
> >    is BUG_insn.
> 
> It's BUG_insn here, but then ...
> 
> > @@ -103,7 +104,29 @@ static void do_unexpected_trap(const struct
> > cpu_user_regs *regs)
> >  
> >  void do_trap(struct cpu_user_regs *cpu_regs)
> >  {
> > -    do_unexpected_trap(cpu_regs);
> > +    register_t pc = cpu_regs->sepc;
> > +    unsigned long cause = csr_read(CSR_SCAUSE);
> > +
> > +    switch ( cause )
> > +    {
> > +    case CAUSE_BREAKPOINT:
> 
> ... BREAKPOINT here? Generally I'd deem something named "breakpoint"
> as
> debugging related (and hence continuable). I'd have expected
> CAUSE_ILLEGAL_INSTRUCTION here, but likely I'm missing something.
Agree, that is is confusing, but BUG_insn is defined as ebreak
instruction ( Linux kernel uses also ebreak ) and it generates
CAUSE_BREAKPOINT.

> 
> > +        if ( do_bug_frame(cpu_regs, pc) >= 0 )
> > +        {
> > +            if ( !pc ||
> 
> In how far does this really need special casing? Isn't that case
> covered by
> 
> > +                 !(is_kernel_text(pc + 1) || is_kernel_inittext(pc
> > + 1)) )
> 
> ... these checks anyway?
Good point. We could drop it.

> And btw, why the "+ 1" in both function arguments?
There is no need for them anymore, just missed to drop +1.

~ Oleksii

> 
> > +            {
> > +                printk("Something wrong with PC: 0x%lx\n", pc);
> 
> Nit: %#lx please in situations like this.
> 
> > +                die();
> > +            }
> > +
> > +            cpu_regs->sepc += GET_INSN_LENGTH(*(uint16_t *)pc);
> > +            return;
> 
> This isn't needed, is it? You'd return anyway by ...
> 
> > +        }
> > +
> > +        break;
> 
> .... going through here to ...
> 
> > +    default:
> > +        do_unexpected_trap(cpu_regs);
> > +    }
> >  }
> 
> ... here.
> 
> Two further nits for the default case: Please have a break statement
> there as well, and please have a blank line immediately up from it.
> 
> Jan

Jan Beulich July 22, 2024, 3:32 p.m. UTC | #3

On 22.07.2024 16:09, Oleksii wrote:
> On Mon, 2024-07-22 at 13:02 +0200, Jan Beulich wrote:
>> On 12.07.2024 18:18, Oleksii Kurochko wrote:
>>> ---
>>> Changes in V10:
>>>  - put 'select GENERIC_BUG_FRAME' in "Config RISCV".
>>>  - rework do_trap() to not fetch an instruction in case when the
>>> cause of trap
>>>    is BUG_insn.
>>
>> It's BUG_insn here, but then ...
>>
>>> @@ -103,7 +104,29 @@ static void do_unexpected_trap(const struct
>>> cpu_user_regs *regs)
>>>  
>>>  void do_trap(struct cpu_user_regs *cpu_regs)
>>>  {
>>> -    do_unexpected_trap(cpu_regs);
>>> +    register_t pc = cpu_regs->sepc;
>>> +    unsigned long cause = csr_read(CSR_SCAUSE);
>>> +
>>> +    switch ( cause )
>>> +    {
>>> +    case CAUSE_BREAKPOINT:
>>
>> ... BREAKPOINT here? Generally I'd deem something named "breakpoint"
>> as
>> debugging related (and hence continuable). I'd have expected
>> CAUSE_ILLEGAL_INSTRUCTION here, but likely I'm missing something.
> Agree, that is is confusing, but BUG_insn is defined as ebreak
> instruction ( Linux kernel uses also ebreak ) and it generates
> CAUSE_BREAKPOINT.

I'm curious: How do you / does a debugger tell a breakpoint set on
such an EBREAK insn (e.g. as a result of a use of WARN_ON()) from
the original, unmodified insn? If there's a breakpoint, you want
to forward to the debugger. Whereas if there's no breakpoint, you
want to process the WARN_ON() normally.

Jan

Oleksii Kurochko July 22, 2024, 5:01 p.m. UTC | #4

On Mon, 2024-07-22 at 17:32 +0200, Jan Beulich wrote:
> On 22.07.2024 16:09, Oleksii wrote:
> > On Mon, 2024-07-22 at 13:02 +0200, Jan Beulich wrote:
> > > On 12.07.2024 18:18, Oleksii Kurochko wrote:
> > > > ---
> > > > Changes in V10:
> > > >  - put 'select GENERIC_BUG_FRAME' in "Config RISCV".
> > > >  - rework do_trap() to not fetch an instruction in case when
> > > > the
> > > > cause of trap
> > > >    is BUG_insn.
> > > 
> > > It's BUG_insn here, but then ...
> > > 
> > > > @@ -103,7 +104,29 @@ static void do_unexpected_trap(const
> > > > struct
> > > > cpu_user_regs *regs)
> > > >  
> > > >  void do_trap(struct cpu_user_regs *cpu_regs)
> > > >  {
> > > > -    do_unexpected_trap(cpu_regs);
> > > > +    register_t pc = cpu_regs->sepc;
> > > > +    unsigned long cause = csr_read(CSR_SCAUSE);
> > > > +
> > > > +    switch ( cause )
> > > > +    {
> > > > +    case CAUSE_BREAKPOINT:
> > > 
> > > ... BREAKPOINT here? Generally I'd deem something named
> > > "breakpoint"
> > > as
> > > debugging related (and hence continuable). I'd have expected
> > > CAUSE_ILLEGAL_INSTRUCTION here, but likely I'm missing something.
> > Agree, that is is confusing, but BUG_insn is defined as ebreak
> > instruction ( Linux kernel uses also ebreak ) and it generates
> > CAUSE_BREAKPOINT.
> 
> I'm curious: How do you / does a debugger tell a breakpoint set on
> such an EBREAK insn (e.g. as a result of a use of WARN_ON()) from
> the original, unmodified insn? If there's a breakpoint, you want
> to forward to the debugger. Whereas if there's no breakpoint, you
> want to process the WARN_ON() normally.
I don't know details of debug spec but AFAIU ebreak triggers a debug
trap, which starts in debug mode and is then filtered by every mode as
it goes towards user-mode. So first GDB will handle this debug trap and
will check if this ebreak was set by him or not.

~ Oleksii

Patch

diff --git a/xen/arch/riscv/Kconfig b/xen/arch/riscv/Kconfig
index b4b354a778..f531e96657 100644
--- a/xen/arch/riscv/Kconfig
+++ b/xen/arch/riscv/Kconfig
@@ -1,6 +1,7 @@ 
 config RISCV
 	def_bool y
 	select FUNCTION_ALIGNMENT_16B
+	select GENERIC_BUG_FRAME
 
 config RISCV_64
 	def_bool y
diff --git a/xen/arch/riscv/traps.c b/xen/arch/riscv/traps.c
index cb18b30ff2..e39603dc95 100644
--- a/xen/arch/riscv/traps.c
+++ b/xen/arch/riscv/traps.c
@@ -5,6 +5,7 @@ 
  * RISC-V Trap handlers
  */
 
+#include <xen/bug.h>
 #include <xen/lib.h>
 #include <xen/sched.h>
 
@@ -103,7 +104,29 @@  static void do_unexpected_trap(const struct cpu_user_regs *regs)
 
 void do_trap(struct cpu_user_regs *cpu_regs)
 {
-    do_unexpected_trap(cpu_regs);
+    register_t pc = cpu_regs->sepc;
+    unsigned long cause = csr_read(CSR_SCAUSE);
+
+    switch ( cause )
+    {
+    case CAUSE_BREAKPOINT:
+        if ( do_bug_frame(cpu_regs, pc) >= 0 )
+        {
+            if ( !pc ||
+                 !(is_kernel_text(pc + 1) || is_kernel_inittext(pc + 1)) )
+            {
+                printk("Something wrong with PC: 0x%lx\n", pc);
+                die();
+            }
+
+            cpu_regs->sepc += GET_INSN_LENGTH(*(uint16_t *)pc);
+            return;
+        }
+
+        break;
+    default:
+        do_unexpected_trap(cpu_regs);
+    }
 }
 
 void vcpu_show_execution_state(struct vcpu *v)
diff --git a/xen/common/bug.c b/xen/common/bug.c
index b7c5d8fd4d..75cb35fcfa 100644
--- a/xen/common/bug.c
+++ b/xen/common/bug.c
@@ -1,6 +1,7 @@ 
 #include <xen/bug.h>
 #include <xen/errno.h>
 #include <xen/kernel.h>
+#include <xen/lib.h>
 #include <xen/livepatch.h>
 #include <xen/string.h>
 #include <xen/types.h>