xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH 4/9] x86/pv: Implement pv_hypercall() in C
Date: Tue, 2 Aug 2016 15:06:03 +0100	[thread overview]
Message-ID: <331cd9dd-c628-d8bb-b294-6d21a2b49256@citrix.com> (raw)
In-Reply-To: <57A0B8750200007800101C92@prv-mh.provo.novell.com>

On 02/08/16 14:12, Jan Beulich wrote:
>>>> On 18.07.16 at 11:51, <andrew.cooper3@citrix.com> wrote:
>> +long pv_hypercall(struct cpu_user_regs *regs)
>> +{
>> +    struct vcpu *curr = current;
>> +#ifndef NDEBUG
>> +    unsigned long old_rip = regs->rip;
>> +#endif
>> +    long ret;
>> +    uint32_t eax = regs->eax;
>> +
>> +    ASSERT(curr->arch.flags & TF_kernel_mode);
> I'm afraid TF_kernel_mode can't be relied on for 32-bit guests, so
> this needs to move into the if() below.

In which case it should become ASSERT(guest_mode_kernel(curr, regs))

>
>> +    if ( (eax >= NR_hypercalls) || !hypercall_table[eax] )
>> +         return -ENOSYS;
>> +
>> +    if ( !is_pv_32bit_vcpu(curr) )
>> +    {
>> +        unsigned long rdi = regs->rdi;
>> +        unsigned long rsi = regs->rsi;
>> +        unsigned long rdx = regs->rdx;
>> +        unsigned long r10 = regs->r10;
>> +        unsigned long r8 = regs->r8;
>> +        unsigned long r9 = regs->r9;
>> +
>> +#ifndef NDEBUG
>> +        /* Deliberately corrupt parameter regs not used by this hypercall. */
>> +        switch ( hypercall_args_table[eax] )
>> +        {
>> +        case 0: rdi = 0xdeadbeefdeadf00dUL;
>> +        case 1: rsi = 0xdeadbeefdeadf00dUL;
>> +        case 2: rdx = 0xdeadbeefdeadf00dUL;
>> +        case 3: r10 = 0xdeadbeefdeadf00dUL;
>> +        case 4: r8 = 0xdeadbeefdeadf00dUL;
>> +        case 5: r9 = 0xdeadbeefdeadf00dUL;
> Without comments, aren't these going to become 5 new Coverity
> issues?

There are no current warnings from the HVM side, so I doubt it. 
Coverities' logic is rather complicated, but in this case I think the
lack of any break statements at all is a sufficient hint that its fine.

>
>> --- a/xen/arch/x86/x86_64/compat/entry.S
>> +++ b/xen/arch/x86/x86_64/compat/entry.S
>> @@ -25,70 +25,10 @@ UNLIKELY_START(ne, msi_check)
>>          LOAD_C_CLOBBERED compat=1 ax=0
>>  UNLIKELY_END(msi_check)
>>  
>> -        movl  UREGS_rax(%rsp),%eax
>>          GET_CURRENT(bx)
>>  
>> -        cmpl  $NR_hypercalls,%eax
>> -        jae   compat_bad_hypercall
>> -#ifndef NDEBUG
>> -        /* Deliberately corrupt parameter regs not used by this hypercall. */
>> -        pushq UREGS_rbx(%rsp); pushq %rcx; pushq %rdx; pushq %rsi; pushq %rdi
>> -        pushq UREGS_rbp+5*8(%rsp)
>> -        leaq  compat_hypercall_args_table(%rip),%r10
>> -        movl  $6,%ecx
>> -        subb  (%r10,%rax,1),%cl
>> -        movq  %rsp,%rdi
>> -        movl  $0xDEADBEEF,%eax
>> -        rep   stosq
>> -        popq  %r8 ; popq  %r9 ; xchgl %r8d,%r9d /* Args 5&6: zero extend */
>> -        popq  %rdx; popq  %rcx; xchgl %edx,%ecx /* Args 3&4: zero extend */
>> -        popq  %rdi; popq  %rsi; xchgl %edi,%esi /* Args 1&2: zero extend */
>> -        movl  UREGS_rax(%rsp),%eax
>> -        pushq %rax
>> -        pushq UREGS_rip+8(%rsp)
>> -#define SHADOW_BYTES 16 /* Shadow EIP + shadow hypercall # */
>> -#else
>> -        /* Relocate argument registers and zero-extend to 64 bits. */
>> -        xchgl %ecx,%esi              /* Arg 2, Arg 4 */
>> -        movl  %edx,%edx              /* Arg 3        */
>> -        movl  %edi,%r8d              /* Arg 5        */
>> -        movl  %ebp,%r9d              /* Arg 6        */
>> -        movl  UREGS_rbx(%rsp),%edi   /* Arg 1        */
>> -#define SHADOW_BYTES 0  /* No on-stack shadow state */
>> -#endif
>> -        cmpb  $0,tb_init_done(%rip)
>> -UNLIKELY_START(ne, compat_trace)
>> -        call  __trace_hypercall_entry
>> -        /* Restore the registers that __trace_hypercall_entry clobbered. */
>> -        movl  UREGS_rax+SHADOW_BYTES(%rsp),%eax   /* Hypercall #  */
>> -        movl  UREGS_rbx+SHADOW_BYTES(%rsp),%edi   /* Arg 1        */
>> -        movl  UREGS_rcx+SHADOW_BYTES(%rsp),%esi   /* Arg 2        */
>> -        movl  UREGS_rdx+SHADOW_BYTES(%rsp),%edx   /* Arg 3        */
>> -        movl  UREGS_rsi+SHADOW_BYTES(%rsp),%ecx   /* Arg 4        */
>> -        movl  UREGS_rdi+SHADOW_BYTES(%rsp),%r8d   /* Arg 5        */
>> -        movl  UREGS_rbp+SHADOW_BYTES(%rsp),%r9d   /* Arg 6        */
>> -#undef SHADOW_BYTES
>> -UNLIKELY_END(compat_trace)
>> -        leaq  compat_hypercall_table(%rip),%r10
>> -        PERFC_INCR(hypercalls, %rax, %rbx)
>> -        callq *(%r10,%rax,8)
>> -#ifndef NDEBUG
>> -        /* Deliberately corrupt parameter regs used by this hypercall. */
>> -        popq  %r10         # Shadow RIP
>> -        cmpq  %r10,UREGS_rip+8(%rsp)
>> -        popq  %rcx         # Shadow hypercall index
>> -        jne   compat_skip_clobber /* If RIP has changed then don't clobber. */
>> -        leaq  compat_hypercall_args_table(%rip),%r10
>> -        movb  (%r10,%rcx,1),%cl
>> -        movl  $0xDEADBEEF,%r10d
>> -        testb %cl,%cl; jz compat_skip_clobber; movl %r10d,UREGS_rbx(%rsp)
>> -        cmpb  $2, %cl; jb compat_skip_clobber; movl %r10d,UREGS_rcx(%rsp)
>> -        cmpb  $3, %cl; jb compat_skip_clobber; movl %r10d,UREGS_rdx(%rsp)
>> -        cmpb  $4, %cl; jb compat_skip_clobber; movl %r10d,UREGS_rsi(%rsp)
>> -        cmpb  $5, %cl; jb compat_skip_clobber; movl %r10d,UREGS_rdi(%rsp)
>> -        cmpb  $6, %cl; jb compat_skip_clobber; movl %r10d,UREGS_rbp(%rsp)
>> -compat_skip_clobber:
>> -#endif
>> +        mov   %rsp, %rdi
>> +        call  pv_hypercall
>>          movl  %eax,UREGS_rax(%rsp)       # save the return value
> To follow the HVM model, this should also move into C.

I can do for now.

I haven't quite decided yet whether it would be sensible simplify the
continuation logic in the tail end of C, or by using -ERESTART at this
point.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

  reply	other threads:[~2016-08-02 14:06 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-18  9:51 [PATCH 0/9] x86: Move the pv hypercall into C Andrew Cooper
2016-07-18  9:51 ` [PATCH 1/9] x86/hypercall: Move some of the hvm hypercall infrastructure into hypercall.h Andrew Cooper
2016-08-02 12:50   ` Jan Beulich
2016-08-02 13:14     ` Andrew Cooper
2016-08-02 13:28       ` Jan Beulich
2016-08-02 14:04         ` Julien Grall
2016-08-02 14:17           ` Jan Beulich
2016-08-02 14:26             ` Julien Grall
2016-08-02 14:54               ` Jan Beulich
2016-08-02 14:59                 ` Andrew Cooper
2016-08-02 15:05                   ` Jan Beulich
2016-08-02 18:43                     ` Stefano Stabellini
2016-08-03  8:53                       ` Jan Beulich
2016-08-03 10:55                         ` Julien Grall
2016-08-03 18:20                           ` Stefano Stabellini
2016-08-04 11:27                             ` Julien Grall
2016-07-18  9:51 ` [PATCH 2/9] x86/pv: Support do_set_segment_base() for compat guests Andrew Cooper
2016-08-02 12:52   ` Jan Beulich
2016-08-02 13:25     ` Andrew Cooper
2016-08-02 13:31       ` Jan Beulich
2016-08-02 13:39         ` Andrew Cooper
2016-08-02 13:47           ` Jan Beulich
2016-07-18  9:51 ` [PATCH 3/9] x86/hypercall: Move the hypercall arg tables into C Andrew Cooper
2016-08-02 12:59   ` Jan Beulich
2016-07-18  9:51 ` [PATCH 4/9] x86/pv: Implement pv_hypercall() in C Andrew Cooper
2016-08-02 13:12   ` Jan Beulich
2016-08-02 14:06     ` Andrew Cooper [this message]
2016-08-02 14:19       ` Jan Beulich
2016-08-11 11:57     ` Andrew Cooper
2016-08-11 12:20       ` Jan Beulich
2016-07-18  9:51 ` [PATCH 5/9] x86/hypercall: Move the hypercall tables into C Andrew Cooper
2016-08-02 13:23   ` Jan Beulich
2016-08-02 13:30     ` Andrew Cooper
2016-08-02 13:40       ` Jan Beulich
2016-08-11 12:00         ` Andrew Cooper
2016-07-18  9:51 ` [PATCH 6/9] xen/multicall: Rework arch multicall handling Andrew Cooper
2016-07-20 12:35   ` Julien Grall
2016-08-03 15:02   ` Jan Beulich
2016-08-03 15:12     ` Andrew Cooper
2016-07-18  9:51 ` [PATCH 7/9] x86/pv: Merge the pv hypercall tables Andrew Cooper
2016-08-03 15:07   ` Jan Beulich
2016-08-11 12:36     ` Andrew Cooper
2016-07-18  9:51 ` [PATCH 8/9] x86/hypercall: Merge the hypercall arg tables Andrew Cooper
2016-08-03 15:12   ` Jan Beulich
2016-08-03 15:15     ` Andrew Cooper
2016-08-03 15:28       ` Jan Beulich
2016-07-18  9:51 ` [PATCH 9/9] x86/hypercall: Reduce the size of the hypercall tables Andrew Cooper
2016-08-03 15:17   ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=331cd9dd-c628-d8bb-b294-6d21a2b49256@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=JBeulich@suse.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).