linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Zhenzhong Duan <zhenzhong.duan@oracle.com>,
	<linux-kernel@vger.kernel.org>
Cc: Juergen Gross <jgross@suse.com>,
	Stefano Stabellini <sstabellini@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>, <x86@kernel.org>,
	<srinivas.eeda@oracle.com>, Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>,
	<xen-devel@lists.xenproject.org>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [Xen-devel] [PATCH v2] xen/pv: Fix a boot up hang revealed by int3 self test
Date: Fri, 12 Jul 2019 09:06:23 -0500	[thread overview]
Message-ID: <ebf9657b-7d97-87a0-e32e-af8453ee7bba@citrix.com> (raw)
In-Reply-To: <1562832921-20831-1-git-send-email-zhenzhong.duan@oracle.com>

On 11/07/2019 03:15, Zhenzhong Duan wrote:
> Commit 7457c0da024b ("x86/alternatives: Add int3_emulate_call()
> selftest") is used to ensure there is a gap setup in exception stack
> which could be used for inserting call return address.
>
> This gap is missed in XEN PV int3 exception entry path, then below panic
> triggered:
>
> [    0.772876] general protection fault: 0000 [#1] SMP NOPTI
> [    0.772886] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.2.0+ #11
> [    0.772893] RIP: e030:int3_magic+0x0/0x7
> [    0.772905] RSP: 3507:ffffffff82203e98 EFLAGS: 00000246
> [    0.773334] Call Trace:
> [    0.773334]  alternative_instructions+0x3d/0x12e
> [    0.773334]  check_bugs+0x7c9/0x887
> [    0.773334]  ? __get_locked_pte+0x178/0x1f0
> [    0.773334]  start_kernel+0x4ff/0x535
> [    0.773334]  ? set_init_arg+0x55/0x55
> [    0.773334]  xen_start_kernel+0x571/0x57a
>
> As xenint3 and int3 entry code are same except xenint3 doesn't generate
> a gap, we can fix it by using int3 and drop useless xenint3.

For 64bit PV guests, Xen's ABI enters the kernel with using SYSRET, with
%rcx/%r11 on the stack.

To convert back to "normal" looking exceptions, the xen thunks do `pop
%rcx; pop %r11; jmp do_*`...

> diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
> index 0ea4831..35a66fc 100644
> --- a/arch/x86/entry/entry_64.S
> +++ b/arch/x86/entry/entry_64.S
> @@ -1176,7 +1176,6 @@ idtentry stack_segment		do_stack_segment	has_error_code=1
>  #ifdef CONFIG_XEN_PV
>  idtentry xennmi			do_nmi			has_error_code=0
>  idtentry xendebug		do_debug		has_error_code=0
> -idtentry xenint3		do_int3			has_error_code=0
>  #endif

What is confusing is why there are 3 extra magic versions here.  At a
guess, I'd say something to do with IST settings (given the vectors),
but I don't see why #DB/#BP would need to be different in the first
place.  (NMI sure, but that is more to do with the crazy hoops needing
to be jumped through to keep native functioning safely.)

~Andrew

  parent reply	other threads:[~2019-07-12 14:06 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-11  8:15 [PATCH v2] xen/pv: Fix a boot up hang revealed by int3 self test Zhenzhong Duan
2019-07-12 12:06 ` Peter Zijlstra
2019-07-12 13:04   ` Zhenzhong Duan
2019-07-12 13:09     ` Peter Zijlstra
2019-07-12 13:17       ` Peter Zijlstra
2019-07-12 13:27       ` Zhenzhong Duan
2019-07-12 14:06 ` Andrew Cooper [this message]
2019-07-15  5:05   ` [Xen-devel] " Zhenzhong Duan
2019-07-15  6:54     ` Jan Beulich
2019-07-15  9:09       ` Andrew Cooper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ebf9657b-7d97-87a0-e32e-af8453ee7bba@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=boris.ostrovsky@oracle.com \
    --cc=bp@alien8.de \
    --cc=jgross@suse.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=srinivas.eeda@oracle.com \
    --cc=sstabellini@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    --cc=zhenzhong.duan@oracle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).