commit e7f147bf4ac725492962a501da72f5ab6be682db
Author: Andrew Cooper <andrew.cooper3@citrix.com>
AuthorDate: Thu Oct 7 14:02:10 2021 +0100
Commit: Andrew Cooper <andrew.cooper3@citrix.com>
CommitDate: Mon Nov 29 13:53:05 2021 +0000
x86/crash: Drop manual hooking of exception_table[]
NMI hooking in the crash path has undergone several revisions since its
introduction. What we have now is not sufficiently different from the regular
nmi_callback() mechanism to warrant special casing.
Use set_nmi_callback() directly, and do away with patching a read-only data
structure via a read-write alias. This also means that the
vmx_vmexit_handler() can and should call do_nmi() directly, rather than
indirecting through the exception table to pick up the crash path hook.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
xen/arch/x86/crash.c | 15 ++-------------
xen/arch/x86/hvm/vmx/vmx.c | 2 +-
xen/arch/x86/traps.c | 5 +++++
3 files changed, 8 insertions(+), 14 deletions(-)
diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c
index 0611b4fb9b..f6264946a6 100644
--- a/xen/arch/x86/crash.c
+++ b/xen/arch/x86/crash.c
@@ -36,10 +36,8 @@ static unsigned int crashing_cpu;
static DEFINE_PER_CPU_READ_MOSTLY(bool, crash_save_done);
/* This becomes the NMI handler for non-crashing CPUs, when Xen is crashing. */
-static void noreturn do_nmi_crash(const struct cpu_user_regs *regs)
+static int noreturn do_nmi_crash(const struct cpu_user_regs *regs, int cpu)
{
- unsigned int cpu = smp_processor_id();
-
stac();
/* nmi_shootdown_cpus() should ensure that this assertion is correct. */
@@ -136,16 +134,7 @@ static void nmi_shootdown_cpus(void)
SYS_DESC_irq_gate, 0, &trap_nop);
set_ist(&idt_tables[cpu][TRAP_machine_check], IST_NONE);
- /*
- * Ideally would be:
- * exception_table[TRAP_nmi] = &do_nmi_crash;
- *
- * but the exception_table is read only. Access it via its directmap
- * mappings.
- */
- write_atomic((unsigned long *)__va(__pa(&exception_table[TRAP_nmi])),
- (unsigned long)&do_nmi_crash);
-
+ set_nmi_callback(do_nmi_crash);
smp_send_nmi_allbutself();
msecs = 1000; /* Wait at most a second for the other cpus to stop */
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index d403e2d806..37c31c08b9 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -3887,7 +3887,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
((intr_info & INTR_INFO_INTR_TYPE_MASK) ==
MASK_INSR(X86_EVENTTYPE_NMI, INTR_INFO_INTR_TYPE_MASK)) )
{
- exception_table[TRAP_nmi](regs);
+ do_nmi(regs);
enable_nmis();
}
break;
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 3bc4cd5e1e..6d7d88c3c4 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1883,6 +1883,11 @@ void do_nmi(const struct cpu_user_regs *regs)
this_cpu(nmi_count)++;
nmi_enter();
+ /*
+ * Think carefully before putting any logic before this point.
+ * nmi_callback() might be the crash quiesce...
+ */
+
callback = ACCESS_ONCE(nmi_callback);
if ( unlikely(callback) && callback(regs, cpu) )
goto out;
--
generated by git-patchbot for /home/xen/git/xen.git#staging
Author: Andrew Cooper <andrew.cooper3@citrix.com>
AuthorDate: Thu Oct 7 14:02:10 2021 +0100
Commit: Andrew Cooper <andrew.cooper3@citrix.com>
CommitDate: Mon Nov 29 13:53:05 2021 +0000
x86/crash: Drop manual hooking of exception_table[]
NMI hooking in the crash path has undergone several revisions since its
introduction. What we have now is not sufficiently different from the regular
nmi_callback() mechanism to warrant special casing.
Use set_nmi_callback() directly, and do away with patching a read-only data
structure via a read-write alias. This also means that the
vmx_vmexit_handler() can and should call do_nmi() directly, rather than
indirecting through the exception table to pick up the crash path hook.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
xen/arch/x86/crash.c | 15 ++-------------
xen/arch/x86/hvm/vmx/vmx.c | 2 +-
xen/arch/x86/traps.c | 5 +++++
3 files changed, 8 insertions(+), 14 deletions(-)
diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c
index 0611b4fb9b..f6264946a6 100644
--- a/xen/arch/x86/crash.c
+++ b/xen/arch/x86/crash.c
@@ -36,10 +36,8 @@ static unsigned int crashing_cpu;
static DEFINE_PER_CPU_READ_MOSTLY(bool, crash_save_done);
/* This becomes the NMI handler for non-crashing CPUs, when Xen is crashing. */
-static void noreturn do_nmi_crash(const struct cpu_user_regs *regs)
+static int noreturn do_nmi_crash(const struct cpu_user_regs *regs, int cpu)
{
- unsigned int cpu = smp_processor_id();
-
stac();
/* nmi_shootdown_cpus() should ensure that this assertion is correct. */
@@ -136,16 +134,7 @@ static void nmi_shootdown_cpus(void)
SYS_DESC_irq_gate, 0, &trap_nop);
set_ist(&idt_tables[cpu][TRAP_machine_check], IST_NONE);
- /*
- * Ideally would be:
- * exception_table[TRAP_nmi] = &do_nmi_crash;
- *
- * but the exception_table is read only. Access it via its directmap
- * mappings.
- */
- write_atomic((unsigned long *)__va(__pa(&exception_table[TRAP_nmi])),
- (unsigned long)&do_nmi_crash);
-
+ set_nmi_callback(do_nmi_crash);
smp_send_nmi_allbutself();
msecs = 1000; /* Wait at most a second for the other cpus to stop */
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index d403e2d806..37c31c08b9 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -3887,7 +3887,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
((intr_info & INTR_INFO_INTR_TYPE_MASK) ==
MASK_INSR(X86_EVENTTYPE_NMI, INTR_INFO_INTR_TYPE_MASK)) )
{
- exception_table[TRAP_nmi](regs);
+ do_nmi(regs);
enable_nmis();
}
break;
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 3bc4cd5e1e..6d7d88c3c4 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1883,6 +1883,11 @@ void do_nmi(const struct cpu_user_regs *regs)
this_cpu(nmi_count)++;
nmi_enter();
+ /*
+ * Think carefully before putting any logic before this point.
+ * nmi_callback() might be the crash quiesce...
+ */
+
callback = ACCESS_ONCE(nmi_callback);
if ( unlikely(callback) && callback(regs, cpu) )
goto out;
--
generated by git-patchbot for /home/xen/git/xen.git#staging