From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH 4/9] x86/pv: Implement pv_hypercall() in C
Date: Tue, 2 Aug 2016 15:06:03 +0100 [thread overview]
Message-ID: <331cd9dd-c628-d8bb-b294-6d21a2b49256@citrix.com> (raw)
In-Reply-To: <57A0B8750200007800101C92@prv-mh.provo.novell.com>
On 02/08/16 14:12, Jan Beulich wrote:
>>>> On 18.07.16 at 11:51, <andrew.cooper3@citrix.com> wrote:
>> +long pv_hypercall(struct cpu_user_regs *regs)
>> +{
>> + struct vcpu *curr = current;
>> +#ifndef NDEBUG
>> + unsigned long old_rip = regs->rip;
>> +#endif
>> + long ret;
>> + uint32_t eax = regs->eax;
>> +
>> + ASSERT(curr->arch.flags & TF_kernel_mode);
> I'm afraid TF_kernel_mode can't be relied on for 32-bit guests, so
> this needs to move into the if() below.
In which case it should become ASSERT(guest_mode_kernel(curr, regs))
>
>> + if ( (eax >= NR_hypercalls) || !hypercall_table[eax] )
>> + return -ENOSYS;
>> +
>> + if ( !is_pv_32bit_vcpu(curr) )
>> + {
>> + unsigned long rdi = regs->rdi;
>> + unsigned long rsi = regs->rsi;
>> + unsigned long rdx = regs->rdx;
>> + unsigned long r10 = regs->r10;
>> + unsigned long r8 = regs->r8;
>> + unsigned long r9 = regs->r9;
>> +
>> +#ifndef NDEBUG
>> + /* Deliberately corrupt parameter regs not used by this hypercall. */
>> + switch ( hypercall_args_table[eax] )
>> + {
>> + case 0: rdi = 0xdeadbeefdeadf00dUL;
>> + case 1: rsi = 0xdeadbeefdeadf00dUL;
>> + case 2: rdx = 0xdeadbeefdeadf00dUL;
>> + case 3: r10 = 0xdeadbeefdeadf00dUL;
>> + case 4: r8 = 0xdeadbeefdeadf00dUL;
>> + case 5: r9 = 0xdeadbeefdeadf00dUL;
> Without comments, aren't these going to become 5 new Coverity
> issues?
There are no current warnings from the HVM side, so I doubt it.
Coverities' logic is rather complicated, but in this case I think the
lack of any break statements at all is a sufficient hint that its fine.
>
>> --- a/xen/arch/x86/x86_64/compat/entry.S
>> +++ b/xen/arch/x86/x86_64/compat/entry.S
>> @@ -25,70 +25,10 @@ UNLIKELY_START(ne, msi_check)
>> LOAD_C_CLOBBERED compat=1 ax=0
>> UNLIKELY_END(msi_check)
>>
>> - movl UREGS_rax(%rsp),%eax
>> GET_CURRENT(bx)
>>
>> - cmpl $NR_hypercalls,%eax
>> - jae compat_bad_hypercall
>> -#ifndef NDEBUG
>> - /* Deliberately corrupt parameter regs not used by this hypercall. */
>> - pushq UREGS_rbx(%rsp); pushq %rcx; pushq %rdx; pushq %rsi; pushq %rdi
>> - pushq UREGS_rbp+5*8(%rsp)
>> - leaq compat_hypercall_args_table(%rip),%r10
>> - movl $6,%ecx
>> - subb (%r10,%rax,1),%cl
>> - movq %rsp,%rdi
>> - movl $0xDEADBEEF,%eax
>> - rep stosq
>> - popq %r8 ; popq %r9 ; xchgl %r8d,%r9d /* Args 5&6: zero extend */
>> - popq %rdx; popq %rcx; xchgl %edx,%ecx /* Args 3&4: zero extend */
>> - popq %rdi; popq %rsi; xchgl %edi,%esi /* Args 1&2: zero extend */
>> - movl UREGS_rax(%rsp),%eax
>> - pushq %rax
>> - pushq UREGS_rip+8(%rsp)
>> -#define SHADOW_BYTES 16 /* Shadow EIP + shadow hypercall # */
>> -#else
>> - /* Relocate argument registers and zero-extend to 64 bits. */
>> - xchgl %ecx,%esi /* Arg 2, Arg 4 */
>> - movl %edx,%edx /* Arg 3 */
>> - movl %edi,%r8d /* Arg 5 */
>> - movl %ebp,%r9d /* Arg 6 */
>> - movl UREGS_rbx(%rsp),%edi /* Arg 1 */
>> -#define SHADOW_BYTES 0 /* No on-stack shadow state */
>> -#endif
>> - cmpb $0,tb_init_done(%rip)
>> -UNLIKELY_START(ne, compat_trace)
>> - call __trace_hypercall_entry
>> - /* Restore the registers that __trace_hypercall_entry clobbered. */
>> - movl UREGS_rax+SHADOW_BYTES(%rsp),%eax /* Hypercall # */
>> - movl UREGS_rbx+SHADOW_BYTES(%rsp),%edi /* Arg 1 */
>> - movl UREGS_rcx+SHADOW_BYTES(%rsp),%esi /* Arg 2 */
>> - movl UREGS_rdx+SHADOW_BYTES(%rsp),%edx /* Arg 3 */
>> - movl UREGS_rsi+SHADOW_BYTES(%rsp),%ecx /* Arg 4 */
>> - movl UREGS_rdi+SHADOW_BYTES(%rsp),%r8d /* Arg 5 */
>> - movl UREGS_rbp+SHADOW_BYTES(%rsp),%r9d /* Arg 6 */
>> -#undef SHADOW_BYTES
>> -UNLIKELY_END(compat_trace)
>> - leaq compat_hypercall_table(%rip),%r10
>> - PERFC_INCR(hypercalls, %rax, %rbx)
>> - callq *(%r10,%rax,8)
>> -#ifndef NDEBUG
>> - /* Deliberately corrupt parameter regs used by this hypercall. */
>> - popq %r10 # Shadow RIP
>> - cmpq %r10,UREGS_rip+8(%rsp)
>> - popq %rcx # Shadow hypercall index
>> - jne compat_skip_clobber /* If RIP has changed then don't clobber. */
>> - leaq compat_hypercall_args_table(%rip),%r10
>> - movb (%r10,%rcx,1),%cl
>> - movl $0xDEADBEEF,%r10d
>> - testb %cl,%cl; jz compat_skip_clobber; movl %r10d,UREGS_rbx(%rsp)
>> - cmpb $2, %cl; jb compat_skip_clobber; movl %r10d,UREGS_rcx(%rsp)
>> - cmpb $3, %cl; jb compat_skip_clobber; movl %r10d,UREGS_rdx(%rsp)
>> - cmpb $4, %cl; jb compat_skip_clobber; movl %r10d,UREGS_rsi(%rsp)
>> - cmpb $5, %cl; jb compat_skip_clobber; movl %r10d,UREGS_rdi(%rsp)
>> - cmpb $6, %cl; jb compat_skip_clobber; movl %r10d,UREGS_rbp(%rsp)
>> -compat_skip_clobber:
>> -#endif
>> + mov %rsp, %rdi
>> + call pv_hypercall
>> movl %eax,UREGS_rax(%rsp) # save the return value
> To follow the HVM model, this should also move into C.
I can do for now.
I haven't quite decided yet whether it would be sensible simplify the
continuation logic in the tail end of C, or by using -ERESTART at this
point.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-08-02 14:06 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-18 9:51 [PATCH 0/9] x86: Move the pv hypercall into C Andrew Cooper
2016-07-18 9:51 ` [PATCH 1/9] x86/hypercall: Move some of the hvm hypercall infrastructure into hypercall.h Andrew Cooper
2016-08-02 12:50 ` Jan Beulich
2016-08-02 13:14 ` Andrew Cooper
2016-08-02 13:28 ` Jan Beulich
2016-08-02 14:04 ` Julien Grall
2016-08-02 14:17 ` Jan Beulich
2016-08-02 14:26 ` Julien Grall
2016-08-02 14:54 ` Jan Beulich
2016-08-02 14:59 ` Andrew Cooper
2016-08-02 15:05 ` Jan Beulich
2016-08-02 18:43 ` Stefano Stabellini
2016-08-03 8:53 ` Jan Beulich
2016-08-03 10:55 ` Julien Grall
2016-08-03 18:20 ` Stefano Stabellini
2016-08-04 11:27 ` Julien Grall
2016-07-18 9:51 ` [PATCH 2/9] x86/pv: Support do_set_segment_base() for compat guests Andrew Cooper
2016-08-02 12:52 ` Jan Beulich
2016-08-02 13:25 ` Andrew Cooper
2016-08-02 13:31 ` Jan Beulich
2016-08-02 13:39 ` Andrew Cooper
2016-08-02 13:47 ` Jan Beulich
2016-07-18 9:51 ` [PATCH 3/9] x86/hypercall: Move the hypercall arg tables into C Andrew Cooper
2016-08-02 12:59 ` Jan Beulich
2016-07-18 9:51 ` [PATCH 4/9] x86/pv: Implement pv_hypercall() in C Andrew Cooper
2016-08-02 13:12 ` Jan Beulich
2016-08-02 14:06 ` Andrew Cooper [this message]
2016-08-02 14:19 ` Jan Beulich
2016-08-11 11:57 ` Andrew Cooper
2016-08-11 12:20 ` Jan Beulich
2016-07-18 9:51 ` [PATCH 5/9] x86/hypercall: Move the hypercall tables into C Andrew Cooper
2016-08-02 13:23 ` Jan Beulich
2016-08-02 13:30 ` Andrew Cooper
2016-08-02 13:40 ` Jan Beulich
2016-08-11 12:00 ` Andrew Cooper
2016-07-18 9:51 ` [PATCH 6/9] xen/multicall: Rework arch multicall handling Andrew Cooper
2016-07-20 12:35 ` Julien Grall
2016-08-03 15:02 ` Jan Beulich
2016-08-03 15:12 ` Andrew Cooper
2016-07-18 9:51 ` [PATCH 7/9] x86/pv: Merge the pv hypercall tables Andrew Cooper
2016-08-03 15:07 ` Jan Beulich
2016-08-11 12:36 ` Andrew Cooper
2016-07-18 9:51 ` [PATCH 8/9] x86/hypercall: Merge the hypercall arg tables Andrew Cooper
2016-08-03 15:12 ` Jan Beulich
2016-08-03 15:15 ` Andrew Cooper
2016-08-03 15:28 ` Jan Beulich
2016-07-18 9:51 ` [PATCH 9/9] x86/hypercall: Reduce the size of the hypercall tables Andrew Cooper
2016-08-03 15:17 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=331cd9dd-c628-d8bb-b294-6d21a2b49256@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).