[xen-unstable test] 178355: tolerable trouble: fail/pass/starved

2023-02-24 Thread osstest service owner 
flight 178355 xen-unstable real [real]
http://logs.test-lab.xenproject.org/osstest/logs/178355/

Failures :-/ but no regressions.

Tests which are failing intermittently (not blocking):
 test-amd64-i386-xl-shadow 7 xen-install  fail in 178260 pass in 178355
 test-amd64-i386-xl-vhd 21 guest-start/debian.repeat fail in 178260 pass in 
178355
 test-amd64-amd64-xl-qcow221 guest-start/debian.repeat  fail pass in 178260

Tests which did not succeed, but are not blocking:
 test-amd64-amd64-xl-qemut-win7-amd64 19 guest-stopfail like 178260
 test-amd64-i386-xl-qemuu-win7-amd64 19 guest-stop fail like 178260
 test-amd64-amd64-xl-qemuu-ws16-amd64 19 guest-stopfail like 178260
 test-amd64-amd64-qemuu-nested-amd 20 debian-hvm-install/l1/l2 fail like 178260
 test-amd64-i386-xl-qemut-ws16-amd64 19 guest-stop fail like 178260
 test-amd64-i386-xl-qemut-win7-amd64 19 guest-stop fail like 178260
 test-amd64-amd64-libvirt-vhd 19 guest-start/debian.repeatfail  like 178260
 test-amd64-amd64-xl-qemut-ws16-amd64 19 guest-stopfail like 178260
 test-amd64-i386-xl-qemuu-ws16-amd64 19 guest-stop fail like 178260
 test-amd64-amd64-xl-qemuu-win7-amd64 19 guest-stopfail like 178260
 test-amd64-i386-xl-pvshim14 guest-start  fail   never pass
 test-amd64-amd64-libvirt-xsm 15 migrate-support-checkfail   never pass
 test-amd64-i386-libvirt-xsm  15 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt 15 migrate-support-checkfail   never pass
 test-amd64-i386-libvirt  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  16 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl  16 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl-thunderx 15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-thunderx 16 saverestore-support-checkfail   never pass
 test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm 13 migrate-support-check 
fail never pass
 test-arm64-arm64-xl-credit2  15 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-xsm 15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-credit2  16 saverestore-support-checkfail   never pass
 test-arm64-arm64-libvirt-xsm 16 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl-credit1  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-credit1  16 saverestore-support-checkfail   never pass
 test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsm 13 migrate-support-check 
fail never pass
 test-amd64-i386-libvirt-raw  14 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-raw 14 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-raw 15 saverestore-support-checkfail   never pass
 test-amd64-amd64-libvirt-vhd 14 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-vhd  14 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-vhd  15 saverestore-support-checkfail   never pass
 build-armhf-libvirt   1 build-check(1)   starved  n/a
 test-armhf-armhf-examine  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-qcow2  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-raw  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-credit1   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-credit2   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-cubietruck  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-multivcpu  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-rtds  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-vhd   1 build-check(1)   starved  n/a
 build-armhf   2 hosts-allocate   starved  n/a

version targeted for testing:
 xen  91d4d9506a4e8906253d1280bd5a1f39668fad64
baseline version:
 xen  91d4d9506a4e8906253d1280bd5a1f39668fad64

Last test of basis   178355  2023-02-24 13:12:55 Z0 days
Testing same since  (not found) 0 attempts

jobs:
 build-amd64-xsm  pass
 build-arm64-xsm  pass
 build-i386-xsm   pass
 build-amd64-xtf  pass
 build-amd64  pass
 build-arm64

[linux-linus test] 178320: regressions - trouble: fail/pass/starved

2023-02-24 Thread osstest service owner 
flight 178320 linux-linus real [real]
http://logs.test-lab.xenproject.org/osstest/logs/178320/

Regressions :-(

Tests which did not succeed and are blocking,
including tests which could not be run:
 test-amd64-amd64-xl-qemuu-ws16-amd64  8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-dom0pvh-xl-amd 14 guest-start   fail REGR. vs. 178042
 test-amd64-amd64-xl-pvshim8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-xl-vhd   8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-xl-pvhv2-intel  8 xen-boot  fail REGR. vs. 178042
 test-amd64-amd64-xl-qemuu-win7-amd64  8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-xl-qemut-win7-amd64  8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-xl-multivcpu  8 xen-bootfail REGR. vs. 178042
 test-amd64-amd64-xl-xsm   8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-xl-credit1   8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-xl   8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-xl-qemuu-debianhvm-amd64  8 xen-bootfail REGR. vs. 178042
 test-amd64-amd64-xl-qemuu-debianhvm-amd64-shadow 8 xen-boot fail REGR. vs. 
178042
 test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm 8 xen-boot fail REGR. vs. 
178042
 test-amd64-amd64-libvirt-raw  8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-qemuu-nested-amd  8 xen-bootfail REGR. vs. 178042
 test-amd64-amd64-xl-qemut-debianhvm-i386-xsm  8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-xl-pvhv2-amd  8 xen-bootfail REGR. vs. 178042
 test-amd64-amd64-xl-qemuu-dmrestrict-amd64-dmrestrict 8 xen-boot fail REGR. 
vs. 178042
 test-amd64-amd64-xl-qemut-ws16-amd64  8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-freebsd11-amd64  8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-qemuu-nested-intel  8 xen-boot  fail REGR. vs. 178042
 test-amd64-amd64-xl-qemut-stubdom-debianhvm-amd64-xsm 8 xen-boot fail REGR. 
vs. 178042
 test-amd64-amd64-xl-shadow8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-pygrub   8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-dom0pvh-xl-intel 14 guest-start fail REGR. vs. 178042
 test-amd64-amd64-pair12 xen-boot/src_hostfail REGR. vs. 178042
 test-amd64-amd64-pair13 xen-boot/dst_hostfail REGR. vs. 178042
 test-amd64-amd64-libvirt-qcow2  8 xen-boot   fail REGR. vs. 178042
 test-amd64-amd64-libvirt-xsm  8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-xl-qemut-debianhvm-amd64  8 xen-bootfail REGR. vs. 178042
 test-amd64-amd64-xl-qemuu-debianhvm-i386-xsm  8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-freebsd12-amd64  8 xen-boot fail REGR. vs. 178042
 test-arm64-arm64-xl-credit1  14 guest-start  fail REGR. vs. 178042
 test-arm64-arm64-xl  14 guest-start  fail REGR. vs. 178042
 test-arm64-arm64-xl-xsm  14 guest-start  fail REGR. vs. 178042
 test-arm64-arm64-xl-thunderx 14 guest-start  fail REGR. vs. 178042
 test-arm64-arm64-libvirt-xsm 14 guest-start  fail REGR. vs. 178042
 test-amd64-amd64-libvirt  8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-libvirt-pair 12 xen-boot/src_host   fail REGR. vs. 178042
 test-amd64-amd64-libvirt-pair 13 xen-boot/dst_host   fail REGR. vs. 178042
 test-amd64-coresched-amd64-xl  8 xen-bootfail REGR. vs. 178042
 test-arm64-arm64-xl-credit2  14 guest-start  fail REGR. vs. 178042
 test-amd64-amd64-examine-uefi  8 reboot  fail REGR. vs. 178042
 test-amd64-amd64-examine  8 reboot   fail REGR. vs. 178042
 test-amd64-amd64-xl-qemuu-ovmf-amd64  8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-xl-credit2   8 xen-boot fail REGR. vs. 178042
 test-amd64-amd64-examine-bios  8 reboot  fail REGR. vs. 178042
 test-arm64-arm64-xl-vhd  12 debian-di-installfail REGR. vs. 178042
 test-arm64-arm64-libvirt-raw 12 debian-di-installfail REGR. vs. 178042

Regressions which are regarded as allowable (not blocking):
 test-amd64-amd64-xl-rtds  8 xen-boot fail REGR. vs. 178042

Tests which did not succeed, but are not blocking:
 test-armhf-armhf-examine  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-qcow2  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-raw  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-credit1   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-credit2   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-cubietruck  1 build-check(1)

Re: [PATCH v3 00/14] x86/hvm: {svm,vmx} {c,h} cleanup

2023-02-24 Thread Xenia Ragiadakou 



On 2/24/23 23:33, Andrew Cooper wrote:

On 24/02/2023 8:08 pm, Xenia Ragiadakou wrote:


On 2/24/23 21:29, Andrew Cooper wrote:

On 24/02/2023 6:49 pm, Xenia Ragiadakou wrote:

There are more detailed per-patch changesets.

Xenia Ragiadakou (14):
    x86/svm: move declarations used only by svm code from svm.h to
private
  header
    x86/svm: make asid.h private
    x86/svm: delete header asm/hvm/svm/intr.h


Thankyou for this work.  I've acked and committed patches 1 and 3.

Note that you had one hunk in patch 5 (whitespace correction in
svm_invlpga) that obviously should have been in patch 1, so I've
moved it.


Thanks, I missed that  ...



Looking at asid.h, I still can't bare to keep it even in that state, so
I've constructed an alternative which I'll email out in a moment.


I 'm also in favor of less headers.


I've committed as far as the nestedhvm move.  At that point, I've sent
out a small patch to try and help decouple later changes.

But I think we want to change tact slightly at this point, so I'm not
going to do any further tweaking on commit.

Next, I think we want to rename asm/hvm/svm/svm.h to asm/hvm/svm.h,
updating the non-SVM include paths as we go.  Probably best to
chain-include the other svm/hvm/svm/*.h headers temporarily, so we've
only got one tree-wide cleanup of the external include paths.

Quick tangent - I will be making all of that cpu_has_svm_*
infrastructure disappear by moving it into the normal CPUID handling,
but I've not had sufficient time to finish that yet.

Next, hvm/svm/nestedsvm.h can merge straight into hvm/svm.h, and
disappear (after my decoupling patch has gone in).

After that, hvm/svm/vmcb.h can be cleanly split in half.  struct
svm_{domain,vcpu} can move sideways into hvm/svm.h (with a forward
declaration of vmcb_struct), as can the svm msr intercept declarations.
Everything else can move to being a private vmcb.h

Finally your svmdebug.h can come at the end, pretty much in the same
shape it is now.  One thing to say is that right now, you've left enum
vmcb_sync_state public, but it's type is already decoupled by virtue of
struct svm_vcpu having a uint8_t field rather than an enum field.

And I think that cleanly gets rid of the entire asm/hvm/svm/* dir, which
is a great position to get to.


Beyond that, you will want to clean up the hvm msr intercept handling as
hvm_funcs, which I think will decouple the vpmu files from svm/vmx
specifically, but that will want to be a separate series.

How does this sound?


Thanks for the review. I think it sounds good.

The last part i.e the hvm msr intercept handling as hvm_funcs, I have it 
already I just didn't have the chance to send it yet (because the 
changes affect {svm,vmx}.h). I will rebase and send it on Monday for 
review to verify that we are on the same page.




Thanks,

~Andrew


--
Xenia

[xen-unstable-smoke test] 178391: tolerable trouble: pass/starved - PUSHED

2023-02-24 Thread osstest service owner 
flight 178391 xen-unstable-smoke real [real]
http://logs.test-lab.xenproject.org/osstest/logs/178391/

Failures :-/ but no regressions.

Tests which did not succeed, but are not blocking:
 test-amd64-amd64-libvirt 15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  16 saverestore-support-checkfail   never pass
 test-armhf-armhf-xl   1 build-check(1)   starved  n/a
 build-armhf   2 hosts-allocate   starved  n/a

version targeted for testing:
 xen  608f85a1818697156b72ace4913a17c8178a0ef5
baseline version:
 xen  7b66792ea7f77fb9e587e1e9c530a7c869eecba1

Last test of basis   178376  2023-02-24 18:03:34 Z0 days
Testing same since   178391  2023-02-24 21:00:27 Z0 days1 attempts


People who touched revisions under test:
  Andrew Cooper 
  Xenia Ragiadakou 

jobs:
 build-arm64-xsm  pass
 build-amd64  pass
 build-armhf  starved 
 build-amd64-libvirt  pass
 test-armhf-armhf-xl  starved 
 test-arm64-arm64-xl-xsm  pass
 test-amd64-amd64-xl-qemuu-debianhvm-amd64pass
 test-amd64-amd64-libvirt pass



sg-report-flight on osstest.test-lab.xenproject.org
logs: /home/logs/logs
images: /home/logs/images

Logs, config files, etc. are available at
http://logs.test-lab.xenproject.org/osstest/logs

Explanation of these reports, and of osstest in general, is at
http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README.email;hb=master
http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README;hb=master

Test harness code can be found at
http://xenbits.xen.org/gitweb?p=osstest.git;a=summary


Pushing revision :

To xenbits.xen.org:/home/xen/git/xen.git
   7b66792ea7..608f85a181  608f85a1818697156b72ace4913a17c8178a0ef5 -> smoke

Re: [PATCH v4 2/3] Build system: Replace git:// and http:// with https://

2023-02-24 Thread Demi Marie Obenour 
On Tue, Feb 21, 2023 at 11:07:58AM +0100, Jan Beulich wrote:
> On 19.02.2023 03:46, Demi Marie Obenour wrote:
> > --- a/stubdom/configure
> > +++ b/stubdom/configure
> > @@ -3535,7 +3535,7 @@ if test "x$ZLIB_URL" = "x"; then :
> > if test "x$extfiles" = "xy"; then :
> >ZLIB_URL=\$\(XEN_EXTFILES_URL\)
> >  else
> > -  ZLIB_URL="http://www.zlib.net;
> > +  ZLIB_URL="https://www.zlib.net;
> >  fi
> 
> In v3 you said that this URL can't be used anymore for the version we're
> trying to fetch (which I can confirm). Leaving aside the question of why
> stubdom was never updated in that regard, what use is it to update URL
> (without even mentioning the aspect in the description) in such a case?
> (I haven't gone through any of the other URLs again, so there may well
> be more similar cases.)

Main advantage is that it will fail securely rather than downloading
whatever random code an MITM attacker put in there.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab


signature.asc
Description: PGP signature

[libvirt test] 178315: tolerable trouble: fail/pass/starved - PUSHED

2023-02-24 Thread osstest service owner 
flight 178315 libvirt real [real]
flight 178389 libvirt real-retest [real]
http://logs.test-lab.xenproject.org/osstest/logs/178315/
http://logs.test-lab.xenproject.org/osstest/logs/178389/

Failures :-/ but no regressions.

Tests which are failing intermittently (not blocking):
 test-amd64-amd64-libvirt-vhd 19 guest-start/debian.repeat fail pass in 
178389-retest

Tests which did not succeed, but are not blocking:
 test-amd64-i386-libvirt-xsm  15 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt-xsm 15 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt 15 migrate-support-checkfail   never pass
 test-amd64-i386-libvirt  15 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-xsm 15 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-xsm 16 saverestore-support-checkfail   never pass
 test-arm64-arm64-libvirt 15 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt 16 saverestore-support-checkfail   never pass
 test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsm 13 migrate-support-check 
fail never pass
 test-amd64-i386-libvirt-raw  14 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt-vhd 14 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-qcow2 14 migrate-support-checkfail never pass
 test-arm64-arm64-libvirt-qcow2 15 saverestore-support-checkfail never pass
 test-arm64-arm64-libvirt-raw 14 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-raw 15 saverestore-support-checkfail   never pass
 test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm 13 migrate-support-check 
fail never pass
 build-armhf-libvirt   1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-raw  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-qcow2  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt  1 build-check(1)   starved  n/a
 build-armhf   2 hosts-allocate   starved  n/a

version targeted for testing:
 libvirt  6af048339fe6b22fb25cf62f7ec4d1bddb7ad1d6
baseline version:
 libvirt  110d209263022c6029e398116154562518e4a474

Last test of basis   178089  2023-02-22 04:20:19 Z2 days
Testing same since   178202  2023-02-23 04:18:58 Z1 days2 attempts


People who touched revisions under test:
  Daniel P. Berrangé 
  Fedora Weblate Translation 
  Jiri Denemark 
  Laine Stump 
  Peter Krempa 
  Stefano Brivio 
  Temuri Doghonadze 
  Weblate 

jobs:
 build-amd64-xsm  pass
 build-arm64-xsm  pass
 build-i386-xsm   pass
 build-amd64  pass
 build-arm64  pass
 build-armhf  starved 
 build-i386   pass
 build-amd64-libvirt  pass
 build-arm64-libvirt  pass
 build-armhf-libvirt  starved 
 build-i386-libvirt   pass
 build-amd64-pvopspass
 build-arm64-pvopspass
 build-armhf-pvopspass
 build-i386-pvops pass
 test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm   pass
 test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsmpass
 test-amd64-amd64-libvirt-xsm pass
 test-arm64-arm64-libvirt-xsm pass
 test-amd64-i386-libvirt-xsm  pass
 test-amd64-amd64-libvirt pass
 test-arm64-arm64-libvirt pass
 test-armhf-armhf-libvirt starved 
 test-amd64-i386-libvirt  pass
 test-amd64-amd64-libvirt-pairpass
 test-amd64-i386-libvirt-pair pass
 test-arm64-arm64-libvirt-qcow2   pass
 test-armhf-armhf-libvirt-qcow2   starved 
 test-arm64-arm64-libvirt-raw pass
 test-armhf-armhf-libvirt-raw starved 
 test-amd64-i386-libvirt-raw  pass
 test-amd64-amd64-libvirt-vhd fail

Re: [PATCH v3 00/14] x86/hvm: {svm,vmx} {c,h} cleanup

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 8:08 pm, Xenia Ragiadakou wrote:
>
> On 2/24/23 21:29, Andrew Cooper wrote:
>> On 24/02/2023 6:49 pm, Xenia Ragiadakou wrote:
>>> There are more detailed per-patch changesets.
>>>
>>> Xenia Ragiadakou (14):
>>>    x86/svm: move declarations used only by svm code from svm.h to
>>> private
>>>  header
>>>    x86/svm: make asid.h private
>>>    x86/svm: delete header asm/hvm/svm/intr.h
>>
>> Thankyou for this work.  I've acked and committed patches 1 and 3.
>>
>> Note that you had one hunk in patch 5 (whitespace correction in
>> svm_invlpga) that obviously should have been in patch 1, so I've
>> moved it.
>
> Thanks, I missed that  ...
>
>>
>> Looking at asid.h, I still can't bare to keep it even in that state, so
>> I've constructed an alternative which I'll email out in a moment.
>
> I 'm also in favor of less headers.

I've committed as far as the nestedhvm move.  At that point, I've sent
out a small patch to try and help decouple later changes.

But I think we want to change tact slightly at this point, so I'm not
going to do any further tweaking on commit.

Next, I think we want to rename asm/hvm/svm/svm.h to asm/hvm/svm.h,
updating the non-SVM include paths as we go.  Probably best to
chain-include the other svm/hvm/svm/*.h headers temporarily, so we've
only got one tree-wide cleanup of the external include paths.

Quick tangent - I will be making all of that cpu_has_svm_*
infrastructure disappear by moving it into the normal CPUID handling,
but I've not had sufficient time to finish that yet.

Next, hvm/svm/nestedsvm.h can merge straight into hvm/svm.h, and
disappear (after my decoupling patch has gone in).

After that, hvm/svm/vmcb.h can be cleanly split in half.  struct
svm_{domain,vcpu} can move sideways into hvm/svm.h (with a forward
declaration of vmcb_struct), as can the svm msr intercept declarations. 
Everything else can move to being a private vmcb.h

Finally your svmdebug.h can come at the end, pretty much in the same
shape it is now.  One thing to say is that right now, you've left enum
vmcb_sync_state public, but it's type is already decoupled by virtue of
struct svm_vcpu having a uint8_t field rather than an enum field.

And I think that cleanly gets rid of the entire asm/hvm/svm/* dir, which
is a great position to get to.


Beyond that, you will want to clean up the hvm msr intercept handling as
hvm_funcs, which I think will decouple the vpmu files from svm/vmx
specifically, but that will want to be a separate series.

How does this sound?

Thanks,

~Andrew

[PATCH v3 05.5/14] x86/svm: Decouple types in struct nestedsvm

2023-02-24 Thread Andrew Cooper 
struct nestedvm uses mostly plain integer types, except for virt_ext_t which
is a union wrapping two bitfield names.  But the nested virt logic only ever
deals with it as full opaque register.

Switch it to being a plain uint64_t, allowing us to hide even more of the SVM
internal infrastructure.

Signed-off-by: Andrew Cooper 
---
CC: Jan Beulich 
CC: Xenia Ragiadakou 

This allows virt_ext_t to move out of the public vmcb.h along with all other
vmcb types.
---
 xen/arch/x86/hvm/svm/nestedsvm.c | 4 ++--
 xen/arch/x86/include/asm/hvm/svm/nestedsvm.h | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c
index 92316c6624ce..153a37f2f227 100644
--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -164,7 +164,7 @@ int cf_check nsvm_vcpu_reset(struct vcpu *v)
 svm->ns_exception_intercepts = 0;
 svm->ns_general1_intercepts = 0;
 svm->ns_general2_intercepts = 0;
-svm->ns_virt_ext.bytes = 0;
+svm->ns_virt_ext = 0;
 
 svm->ns_hap_enabled = 0;
 svm->ns_vmcb_guestcr3 = 0;
@@ -526,7 +526,7 @@ static int nsvm_vmcb_prepare4vmrun(struct vcpu *v, struct 
cpu_user_regs *regs)
 
 /* LBR and other virtualization */
 if ( !clean.lbr )
-svm->ns_virt_ext = ns_vmcb->virt_ext;
+svm->ns_virt_ext = ns_vmcb->virt_ext.bytes;
 
 n2vmcb->virt_ext.bytes =
 n1vmcb->virt_ext.bytes | ns_vmcb->virt_ext.bytes;
diff --git a/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h 
b/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h
index 94d45d2e8d47..184248bbd7c5 100644
--- a/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h
+++ b/xen/arch/x86/include/asm/hvm/svm/nestedsvm.h
@@ -44,7 +44,7 @@ struct nestedsvm {
 uint32_t ns_general2_intercepts;
 
 /* Cached real lbr and other virtual extentions of the l2 guest */
-virt_ext_t ns_virt_ext;
+uint64_t ns_virt_ext;
 
 /* Cached real MSR permission bitmaps of the l2 guest */
 unsigned long *ns_cached_msrpm;
-- 
2.30.2

Re: [PATCH v3 05/12] x86/xen: set MTRR state when running as Xen PV initial domain

2023-02-24 Thread Boris Ostrovsky 


On 2/23/23 4:32 AM, Juergen Gross wrote:

+
+   for (reg = 0; reg < MTRR_MAX_VAR_RANGES; reg++) {
+   op.u.read_memtype.reg = reg;
+   if (HYPERVISOR_platform_op())
+   break;



If we fail on the first iteration, do we still want to mark MTRRs are 
enabled/set in mtrr_overwrite_state()?


-boris



+
+   /*
+* Only called in dom0, which has all RAM PFNs mapped at
+* RAM MFNs, and all PCI space etc. is identity mapped.
+* This means we can treat MFN == PFN regarding MTTR settings.
+*/
+   var[reg].base_lo = op.u.read_memtype.type;
+   var[reg].base_lo |= op.u.read_memtype.mfn << PAGE_SHIFT;
+   var[reg].base_hi = op.u.read_memtype.mfn >> (32 - PAGE_SHIFT);
+   mask = ~((op.u.read_memtype.nr_mfns << PAGE_SHIFT) - 1);
+   mask &= (1UL << width) - 1;
+   if (mask)
+   mask |= 1 << 11;
+   var[reg].mask_lo = mask;
+   var[reg].mask_hi = mask >> 32;
+   }
+
+   mtrr_overwrite_state(var, reg, MTRR_TYPE_UNCACHABLE);
+#endif
+}

Re: [PATCH v3 05/14] x86/svm: move nestedsvm declarations used only by svm code to private header

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 8:28 pm, Xenia Ragiadakou wrote:
>
> On 2/24/23 22:12, Andrew Cooper wrote:
>> On 24/02/2023 6:50 pm, Xenia Ragiadakou wrote:
>>> diff --git a/xen/arch/x86/hvm/svm/nestedhvm.h
>>> b/xen/arch/x86/hvm/svm/nestedhvm.h
>>> new file mode 100644
>>> index 00..43245e13de
>>> --- /dev/null
>>> +++ b/xen/arch/x86/hvm/svm/nestedhvm.h
>>> @@ -0,0 +1,77 @@
>>> +/* SPDX-License-Identifier: GPL-2.0 */
>>> +/*
>>> + * nestedsvm.h: Nested Virtualization
>>> + *
>>> + * Copyright (c) 2011, Advanced Micro Devices, Inc
>>> + */
>>> +
>>> +#ifndef __X86_HVM_SVM_NESTEDHVM_PRIV_H__
>>> +#define __X86_HVM_SVM_NESTEDHVM_PRIV_H__
>>> +
>>> +#include 
>>> +#include 
>>> +
>>> +#include 
>>> +#include 
>>> +#include 
>>> +#include 
>>> +
>>> +/* SVM specific intblk types, cannot be an enum because gcc 4.5
>>> complains */
>>> +/* GIF cleared */
>>> +#define hvm_intblk_svm_gif  hvm_intblk_arch
>>
>> I know you're just moving code, but I simply don't believe this comment.
>>
>> This additional delta seems to compile fine:
>>
>> diff --git a/xen/arch/x86/hvm/svm/intr.c b/xen/arch/x86/hvm/svm/intr.c
>> index dbb0022190a8..111b10673cf4 100644
>> --- a/xen/arch/x86/hvm/svm/intr.c
>> +++ b/xen/arch/x86/hvm/svm/intr.c
>> @@ -154,7 +154,7 @@ void svm_intr_assist(void)
>>   return;
>>     intblk = hvm_interrupt_blocked(v, intack);
>> -    if ( intblk == hvm_intblk_svm_gif )
>> +    if ( intblk == hvm_intblk_arch ) /* GIF */
>>   {
>>   ASSERT(nestedhvm_enabled(v->domain));
>>   return;
>> diff --git a/xen/arch/x86/hvm/svm/nestedhvm.h
>> b/xen/arch/x86/hvm/svm/nestedhvm.h
>> index 43245e13deb7..c7747daae24a 100644
>> --- a/xen/arch/x86/hvm/svm/nestedhvm.h
>> +++ b/xen/arch/x86/hvm/svm/nestedhvm.h
>> @@ -16,10 +16,6 @@
>>   #include 
>>   #include 
>>   -/* SVM specific intblk types, cannot be an enum because gcc 4.5
>> complains */
>> -/* GIF cleared */
>> -#define hvm_intblk_svm_gif  hvm_intblk_arch
>> -
>>   #define vcpu_nestedsvm(v) (vcpu_nestedhvm(v).u.nsvm)
>>     /* True when l1 guest enabled SVM in EFER */
>> diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c
>> b/xen/arch/x86/hvm/svm/nestedsvm.c
>> index 92316c6624ce..1794eb2105be 100644
>> --- a/xen/arch/x86/hvm/svm/nestedsvm.c
>> +++ b/xen/arch/x86/hvm/svm/nestedsvm.c
>> @@ -1247,7 +1247,7 @@ enum hvm_intblk cf_check nsvm_intr_blocked(struct
>> vcpu *v)
>>   ASSERT(nestedhvm_enabled(v->domain));
>>     if ( !nestedsvm_gif_isset(v) )
>> -    return hvm_intblk_svm_gif;
>> +    return hvm_intblk_arch;
>>     if ( nestedhvm_vcpu_in_guestmode(v) )
>>   {
>>
>>
>> but the first hunk demonstrates an error in the original logic.
>> Architecturally, GIF can become set for SKINIT, and in systems where SVM
>> isn't available.
>>
>> I'm unsure whether its better to fix this up in this patch, or defer it
>> for later.
>
> I think this change merits its own patch.

Yeah, it probably does.

Seeing as you've reviewed my two alt patches, I'll commit some more as
I've already resolved the conflicts around adjacent headers.

~Andrew

Re: [PATCH v3 05/14] x86/svm: move nestedsvm declarations used only by svm code to private header

2023-02-24 Thread Xenia Ragiadakou 



On 2/24/23 22:12, Andrew Cooper wrote:

On 24/02/2023 6:50 pm, Xenia Ragiadakou wrote:

diff --git a/xen/arch/x86/hvm/svm/nestedhvm.h b/xen/arch/x86/hvm/svm/nestedhvm.h
new file mode 100644
index 00..43245e13de
--- /dev/null
+++ b/xen/arch/x86/hvm/svm/nestedhvm.h
@@ -0,0 +1,77 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * nestedsvm.h: Nested Virtualization
+ *
+ * Copyright (c) 2011, Advanced Micro Devices, Inc
+ */
+
+#ifndef __X86_HVM_SVM_NESTEDHVM_PRIV_H__
+#define __X86_HVM_SVM_NESTEDHVM_PRIV_H__
+
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+
+/* SVM specific intblk types, cannot be an enum because gcc 4.5 complains */
+/* GIF cleared */
+#define hvm_intblk_svm_gif  hvm_intblk_arch


I know you're just moving code, but I simply don't believe this comment.

This additional delta seems to compile fine:

diff --git a/xen/arch/x86/hvm/svm/intr.c b/xen/arch/x86/hvm/svm/intr.c
index dbb0022190a8..111b10673cf4 100644
--- a/xen/arch/x86/hvm/svm/intr.c
+++ b/xen/arch/x86/hvm/svm/intr.c
@@ -154,7 +154,7 @@ void svm_intr_assist(void)
  return;
  
  intblk = hvm_interrupt_blocked(v, intack);

-    if ( intblk == hvm_intblk_svm_gif )
+    if ( intblk == hvm_intblk_arch ) /* GIF */
  {
  ASSERT(nestedhvm_enabled(v->domain));
  return;
diff --git a/xen/arch/x86/hvm/svm/nestedhvm.h
b/xen/arch/x86/hvm/svm/nestedhvm.h
index 43245e13deb7..c7747daae24a 100644
--- a/xen/arch/x86/hvm/svm/nestedhvm.h
+++ b/xen/arch/x86/hvm/svm/nestedhvm.h
@@ -16,10 +16,6 @@
  #include 
  #include 
  
-/* SVM specific intblk types, cannot be an enum because gcc 4.5

complains */
-/* GIF cleared */
-#define hvm_intblk_svm_gif  hvm_intblk_arch
-
  #define vcpu_nestedsvm(v) (vcpu_nestedhvm(v).u.nsvm)
  
  /* True when l1 guest enabled SVM in EFER */

diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c
b/xen/arch/x86/hvm/svm/nestedsvm.c
index 92316c6624ce..1794eb2105be 100644
--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -1247,7 +1247,7 @@ enum hvm_intblk cf_check nsvm_intr_blocked(struct
vcpu *v)
  ASSERT(nestedhvm_enabled(v->domain));
  
  if ( !nestedsvm_gif_isset(v) )

-    return hvm_intblk_svm_gif;
+    return hvm_intblk_arch;
  
  if ( nestedhvm_vcpu_in_guestmode(v) )

  {


but the first hunk demonstrates an error in the original logic.
Architecturally, GIF can become set for SKINIT, and in systems where SVM
isn't available.

I'm unsure whether its better to fix this up in this patch, or defer it
for later.


I think this change merits its own patch.




+
+#define vcpu_nestedsvm(v) (vcpu_nestedhvm(v).u.nsvm)
+
+/* True when l1 guest enabled SVM in EFER */
+#define nsvm_efer_svm_enabled(v) \
+(!!((v)->arch.hvm.guest_efer & EFER_SVME))


This seems to be the only use of asm/msr-index.h, and it's a macro so
the header is actually unused.

I'd drop the include - its a very common header anyway.


Feel free to drop it. There was not in the other header. I have a 
tendency to include headers for everything.




~Andrew


--
Xenia

[xen-unstable-smoke test] 178376: tolerable trouble: pass/starved - PUSHED

2023-02-24 Thread osstest service owner 
flight 178376 xen-unstable-smoke real [real]
http://logs.test-lab.xenproject.org/osstest/logs/178376/

Failures :-/ but no regressions.

Tests which did not succeed, but are not blocking:
 test-amd64-amd64-libvirt 15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  16 saverestore-support-checkfail   never pass
 test-armhf-armhf-xl   1 build-check(1)   starved  n/a
 build-armhf   2 hosts-allocate   starved  n/a

version targeted for testing:
 xen  7b66792ea7f77fb9e587e1e9c530a7c869eecba1
baseline version:
 xen  91d4d9506a4e8906253d1280bd5a1f39668fad64

Last test of basis   178238  2023-02-23 12:01:59 Z1 days
Testing same since   178376  2023-02-24 18:03:34 Z0 days1 attempts


People who touched revisions under test:
  Andrew Cooper 
  Anthony PERARD 
  Bertrand Marquis 
  Jan Beulich 

jobs:
 build-arm64-xsm  pass
 build-amd64  pass
 build-armhf  starved 
 build-amd64-libvirt  pass
 test-armhf-armhf-xl  starved 
 test-arm64-arm64-xl-xsm  pass
 test-amd64-amd64-xl-qemuu-debianhvm-amd64pass
 test-amd64-amd64-libvirt pass



sg-report-flight on osstest.test-lab.xenproject.org
logs: /home/logs/logs
images: /home/logs/images

Logs, config files, etc. are available at
http://logs.test-lab.xenproject.org/osstest/logs

Explanation of these reports, and of osstest in general, is at
http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README.email;hb=master
http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README;hb=master

Test harness code can be found at
http://xenbits.xen.org/gitweb?p=osstest.git;a=summary


Pushing revision :

To xenbits.xen.org:/home/xen/git/xen.git
   91d4d9506a..7b66792ea7  7b66792ea7f77fb9e587e1e9c530a7c869eecba1 -> smoke

Re: [PATCH v3 05/14] x86/svm: move nestedsvm declarations used only by svm code to private header

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 6:50 pm, Xenia Ragiadakou wrote:
> diff --git a/xen/arch/x86/hvm/svm/nestedhvm.h 
> b/xen/arch/x86/hvm/svm/nestedhvm.h
> new file mode 100644
> index 00..43245e13de
> --- /dev/null
> +++ b/xen/arch/x86/hvm/svm/nestedhvm.h
> @@ -0,0 +1,77 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * nestedsvm.h: Nested Virtualization
> + *
> + * Copyright (c) 2011, Advanced Micro Devices, Inc
> + */
> +
> +#ifndef __X86_HVM_SVM_NESTEDHVM_PRIV_H__
> +#define __X86_HVM_SVM_NESTEDHVM_PRIV_H__
> +
> +#include 
> +#include 
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +/* SVM specific intblk types, cannot be an enum because gcc 4.5 complains */
> +/* GIF cleared */
> +#define hvm_intblk_svm_gif  hvm_intblk_arch

I know you're just moving code, but I simply don't believe this comment.

This additional delta seems to compile fine:

diff --git a/xen/arch/x86/hvm/svm/intr.c b/xen/arch/x86/hvm/svm/intr.c
index dbb0022190a8..111b10673cf4 100644
--- a/xen/arch/x86/hvm/svm/intr.c
+++ b/xen/arch/x86/hvm/svm/intr.c
@@ -154,7 +154,7 @@ void svm_intr_assist(void)
 return;
 
 intblk = hvm_interrupt_blocked(v, intack);
-    if ( intblk == hvm_intblk_svm_gif )
+    if ( intblk == hvm_intblk_arch ) /* GIF */
 {
 ASSERT(nestedhvm_enabled(v->domain));
 return;
diff --git a/xen/arch/x86/hvm/svm/nestedhvm.h
b/xen/arch/x86/hvm/svm/nestedhvm.h
index 43245e13deb7..c7747daae24a 100644
--- a/xen/arch/x86/hvm/svm/nestedhvm.h
+++ b/xen/arch/x86/hvm/svm/nestedhvm.h
@@ -16,10 +16,6 @@
 #include 
 #include 
 
-/* SVM specific intblk types, cannot be an enum because gcc 4.5
complains */
-/* GIF cleared */
-#define hvm_intblk_svm_gif  hvm_intblk_arch
-
 #define vcpu_nestedsvm(v) (vcpu_nestedhvm(v).u.nsvm)
 
 /* True when l1 guest enabled SVM in EFER */
diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c
b/xen/arch/x86/hvm/svm/nestedsvm.c
index 92316c6624ce..1794eb2105be 100644
--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -1247,7 +1247,7 @@ enum hvm_intblk cf_check nsvm_intr_blocked(struct
vcpu *v)
 ASSERT(nestedhvm_enabled(v->domain));
 
 if ( !nestedsvm_gif_isset(v) )
-    return hvm_intblk_svm_gif;
+    return hvm_intblk_arch;
 
 if ( nestedhvm_vcpu_in_guestmode(v) )
 {


but the first hunk demonstrates an error in the original logic. 
Architecturally, GIF can become set for SKINIT, and in systems where SVM
isn't available.

I'm unsure whether its better to fix this up in this patch, or defer it
for later.

> +
> +#define vcpu_nestedsvm(v) (vcpu_nestedhvm(v).u.nsvm)
> +
> +/* True when l1 guest enabled SVM in EFER */
> +#define nsvm_efer_svm_enabled(v) \
> +(!!((v)->arch.hvm.guest_efer & EFER_SVME))

This seems to be the only use of asm/msr-index.h, and it's a macro so
the header is actually unused.

I'd drop the include - its a very common header anyway.

~Andrew

Re: [PATCH v3 00/14] x86/hvm: {svm,vmx} {c,h} cleanup

2023-02-24 Thread Xenia Ragiadakou 



On 2/24/23 21:29, Andrew Cooper wrote:

On 24/02/2023 6:49 pm, Xenia Ragiadakou wrote:

There are more detailed per-patch changesets.

Xenia Ragiadakou (14):
   x86/svm: move declarations used only by svm code from svm.h to private
 header
   x86/svm: make asid.h private
   x86/svm: delete header asm/hvm/svm/intr.h


Thankyou for this work.  I've acked and committed patches 1 and 3.

Note that you had one hunk in patch 5 (whitespace correction in
svm_invlpga) that obviously should have been in patch 1, so I've moved it.


Thanks, I missed that  ...



Looking at asid.h, I still can't bare to keep it even in that state, so
I've constructed an alternative which I'll email out in a moment.


I 'm also in favor of less headers.



~Andrew


--
Xenia

Re: [PATCH v3 04/14 - ALT] x86/svm: Remove the asm/hvm/svm/emulate.h header

2023-02-24 Thread Xenia Ragiadakou 



On 2/24/23 21:58, Andrew Cooper wrote:

These days, this is just two length helpers.  Move into the private svm.h

No functional change intended.

Signed-off-by: Andrew Cooper 


Reviewed-by: Xenia Ragiadakou 

--
Xenia

Re: [PATCH v3 02/14 - ALT] x86/svm: Remove the asm/hvm/svm/asid.h header

2023-02-24 Thread Xenia Ragiadakou 



On 2/24/23 21:42, Andrew Cooper wrote:

Fold svm_asid_g_invlpg() into its single caller, deleting the #if 0 which has
been present for the entire 16 years this helper has existed: c/s 322a078ab140
"[HVM][SVM] Reintroduce ASIDs."

Move the two remaining prototypes into the private svm.h, forward declaring
cpuinfo_x86 in preference to including asm/processor.h

No functional change.

Signed-off-by: Andrew Cooper 


Reviewed-by: Xenia Ragiadakou

[PATCH v3 04/14 - ALT] x86/svm: Remove the asm/hvm/svm/emulate.h header

2023-02-24 Thread Andrew Cooper 
These days, this is just two length helpers.  Move into the private svm.h

No functional change intended.

Signed-off-by: Andrew Cooper 
---
CC: Jan Beulich 
CC: Xenia Ragiadakou 
---
 xen/arch/x86/hvm/svm/emulate.c |  3 +-
 xen/arch/x86/hvm/svm/nestedsvm.c   |  1 -
 xen/arch/x86/hvm/svm/svm.c |  1 -
 xen/arch/x86/hvm/svm/svm.h | 33 +++
 xen/arch/x86/include/asm/hvm/svm/emulate.h | 66 --
 5 files changed, 35 insertions(+), 69 deletions(-)
 delete mode 100644 xen/arch/x86/include/asm/hvm/svm/emulate.h

diff --git a/xen/arch/x86/hvm/svm/emulate.c b/xen/arch/x86/hvm/svm/emulate.c
index 16fc134883cf..391f0255162e 100644
--- a/xen/arch/x86/hvm/svm/emulate.c
+++ b/xen/arch/x86/hvm/svm/emulate.c
@@ -24,7 +24,8 @@
 #include 
 #include 
 #include 
-#include 
+
+#include "svm.h"
 
 static unsigned long svm_nextrip_insn_length(struct vcpu *v)
 {
diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c
index a341ccc8760e..c0b5474756f4 100644
--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -17,7 +17,6 @@
  */
 
 #include 
-#include 
 #include 
 #include 
 #include 
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 46ae0b6602e2..97783b7f1118 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -37,7 +37,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
diff --git a/xen/arch/x86/hvm/svm/svm.h b/xen/arch/x86/hvm/svm/svm.h
index b8178f62161b..d2a781fc3fb5 100644
--- a/xen/arch/x86/hvm/svm/svm.h
+++ b/xen/arch/x86/hvm/svm/svm.h
@@ -13,6 +13,7 @@
 
 struct cpu_user_regs;
 struct cpuinfo_x86;
+struct vcpu;
 
 void svm_asid_init(const struct cpuinfo_x86 *c);
 void svm_asid_handle_vmrun(void);
@@ -43,6 +44,38 @@ static inline void svm_invlpga(unsigned long linear, 
uint32_t asid)
 "a" (linear), "c" (asid) );
 }
 
+/*
+ * Encoding for svm_get_insn_len().  We take X86EMUL_OPC() for the main
+ * opcode, shifted left to make room for the ModRM byte.
+ *
+ * The Grp7 instructions have their ModRM byte expressed in octal for easier
+ * cross referencing with the opcode extension table.
+ */
+#define INSTR_ENC(opc, modrm) (((opc) << 8) | (modrm))
+
+#define INSTR_PAUSE   INSTR_ENC(X86EMUL_OPC_F3(0, 0x90), 0)
+#define INSTR_INT3INSTR_ENC(X86EMUL_OPC(   0, 0xcc), 0)
+#define INSTR_ICEBP   INSTR_ENC(X86EMUL_OPC(   0, 0xf1), 0)
+#define INSTR_HLT INSTR_ENC(X86EMUL_OPC(   0, 0xf4), 0)
+#define INSTR_XSETBV  INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0321)
+#define INSTR_VMRUN   INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0330)
+#define INSTR_VMCALL  INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0331)
+#define INSTR_VMLOAD  INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0332)
+#define INSTR_VMSAVE  INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0333)
+#define INSTR_STGIINSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0334)
+#define INSTR_CLGIINSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0335)
+#define INSTR_INVLPGA INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0337)
+#define INSTR_RDTSCP  INSTR_ENC(X86EMUL_OPC(0x0f, 0x01), 0371)
+#define INSTR_INVDINSTR_ENC(X86EMUL_OPC(0x0f, 0x08), 0)
+#define INSTR_WBINVD  INSTR_ENC(X86EMUL_OPC(0x0f, 0x09), 0)
+#define INSTR_WRMSR   INSTR_ENC(X86EMUL_OPC(0x0f, 0x30), 0)
+#define INSTR_RDTSC   INSTR_ENC(X86EMUL_OPC(0x0f, 0x31), 0)
+#define INSTR_RDMSR   INSTR_ENC(X86EMUL_OPC(0x0f, 0x32), 0)
+#define INSTR_CPUID   INSTR_ENC(X86EMUL_OPC(0x0f, 0xa2), 0)
+
+unsigned int svm_get_insn_len(struct vcpu *v, unsigned int instr_enc);
+unsigned int svm_get_task_switch_insn_len(void);
+
 /* TSC rate */
 #define DEFAULT_TSC_RATIO   0x0001ULL
 #define TSC_RATIO_RSVD_BITS 0xff00ULL
diff --git a/xen/arch/x86/include/asm/hvm/svm/emulate.h 
b/xen/arch/x86/include/asm/hvm/svm/emulate.h
deleted file mode 100644
index eb1a8c24af6d..
--- a/xen/arch/x86/include/asm/hvm/svm/emulate.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * emulate.h: SVM instruction emulation bits.
- * Copyright (c) 2005, AMD Corporation.
- * Copyright (c) 2004, Intel Corporation.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; If not, see .
- */
-
-#ifndef __ASM_X86_HVM_SVM_EMULATE_H__
-#define __ASM_X86_HVM_SVM_EMULATE_H__
-
-/*
- * Encoding for svm_get_insn_len().  We take X86EMUL_OPC() for the main
- * opcode, shifted left to make room for the ModRM byte.

Re: [PATCH v3 04/14] x86/svm: make emulate.h private

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 6:50 pm, Xenia Ragiadakou wrote:
> The header asm/hvm/svm/emulate.h is used only internally by the SVM code,
> so it can be changed into a private header.
>
> Take the opportunity to use an SPDX tag for the licence.
>
> No functional change intended.
>
> Signed-off-by: Xenia Ragiadakou 

The name emulate.h is rather stale now.  We used to have a full ad-hoc
x86 emulator in emulate.{h,c}, before the work to use one single
emulator (rather than the 4(?) we had at the time).

Nowadays, it's just the the instruction length helpers, which you can
see are wrappers around x86_insn_length() which is the main emulator.

Given that it's now just two function declarations and a few constants
for the instr_enc field, it would be better to just move them into the
private svm.h (like I did the asid declarations) and remove the header
entirely.

~Andrew

[PATCH v3 02/14 - ALT] x86/svm: Remove the asm/hvm/svm/asid.h header

2023-02-24 Thread Andrew Cooper 
Fold svm_asid_g_invlpg() into its single caller, deleting the #if 0 which has
been present for the entire 16 years this helper has existed: c/s 322a078ab140
"[HVM][SVM] Reintroduce ASIDs."

Move the two remaining prototypes into the private svm.h, forward declaring
cpuinfo_x86 in preference to including asm/processor.h

No functional change.

Signed-off-by: Andrew Cooper 
---
CC: Jan Beulich 
CC: Roger Pau Monné 
CC: Wei Liu 
CC: Xenia Ragiadakou 
---
 xen/arch/x86/hvm/svm/asid.c |  3 +-
 xen/arch/x86/hvm/svm/svm.c  |  4 +-
 xen/arch/x86/hvm/svm/svm.h  |  4 ++
 xen/arch/x86/include/asm/hvm/svm/asid.h | 49 -
 4 files changed, 8 insertions(+), 52 deletions(-)
 delete mode 100644 xen/arch/x86/include/asm/hvm/svm/asid.h

diff --git a/xen/arch/x86/hvm/svm/asid.c b/xen/arch/x86/hvm/svm/asid.c
index ab06dd3f3ae2..150d8dfc8178 100644
--- a/xen/arch/x86/hvm/svm/asid.c
+++ b/xen/arch/x86/hvm/svm/asid.c
@@ -17,9 +17,10 @@
 
 #include 
 #include 
-#include 
 #include 
 
+#include "svm.h"
+
 void svm_asid_init(const struct cpuinfo_x86 *c)
 {
 int nasids = 0;
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 6d394e4fe3bc..46ae0b6602e2 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -37,7 +37,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -2421,7 +2420,8 @@ static bool cf_check is_invlpg(
 
 static void cf_check svm_invlpg(struct vcpu *v, unsigned long linear)
 {
-svm_asid_g_invlpg(v, linear);
+/* Safe fallback. Take a new ASID. */
+hvm_asid_flush_vcpu(v);
 }
 
 static bool cf_check svm_get_pending_event(
diff --git a/xen/arch/x86/hvm/svm/svm.h b/xen/arch/x86/hvm/svm/svm.h
index f700f26f9082..b8178f62161b 100644
--- a/xen/arch/x86/hvm/svm/svm.h
+++ b/xen/arch/x86/hvm/svm/svm.h
@@ -12,6 +12,10 @@
 #include 
 
 struct cpu_user_regs;
+struct cpuinfo_x86;
+
+void svm_asid_init(const struct cpuinfo_x86 *c);
+void svm_asid_handle_vmrun(void);
 
 unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr);
 void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len);
diff --git a/xen/arch/x86/include/asm/hvm/svm/asid.h 
b/xen/arch/x86/include/asm/hvm/svm/asid.h
deleted file mode 100644
index 0e5ec3ab788a..
--- a/xen/arch/x86/include/asm/hvm/svm/asid.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * asid.h: handling ASIDs in SVM.
- * Copyright (c) 2007, Advanced Micro Devices, Inc.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; If not, see .
- */
-
-#ifndef __ASM_X86_HVM_SVM_ASID_H__
-#define __ASM_X86_HVM_SVM_ASID_H__
-
-#include 
-#include 
-#include 
-
-void svm_asid_init(const struct cpuinfo_x86 *c);
-void svm_asid_handle_vmrun(void);
-
-static inline void svm_asid_g_invlpg(struct vcpu *v, unsigned long g_linear)
-{
-#if 0
-/* Optimization? */
-svm_invlpga(g_linear, v->arch.hvm.svm.vmcb->guest_asid);
-#endif
-
-/* Safe fallback. Take a new ASID. */
-hvm_asid_flush_vcpu(v);
-}
-
-#endif /* __ASM_X86_HVM_SVM_ASID_H__ */
-
-/*
- * Local variables:
- * mode: C
- * c-file-style: "BSD"
- * c-basic-offset: 4
- * tab-width: 4
- * indent-tabs-mode: nil
- * End:
- */
-- 
2.30.2

Re: [PATCH v3 00/14] x86/hvm: {svm,vmx} {c,h} cleanup

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 6:49 pm, Xenia Ragiadakou wrote:
> There are more detailed per-patch changesets.
>
> Xenia Ragiadakou (14):
>   x86/svm: move declarations used only by svm code from svm.h to private
> header
>   x86/svm: make asid.h private
>   x86/svm: delete header asm/hvm/svm/intr.h

Thankyou for this work.  I've acked and committed patches 1 and 3.

Note that you had one hunk in patch 5 (whitespace correction in
svm_invlpga) that obviously should have been in patch 1, so I've moved it.

Looking at asid.h, I still can't bare to keep it even in that state, so
I've constructed an alternative which I'll email out in a moment.

~Andrew

[PATCH v3 11/14] x86/vmx: remove unused included headers from vmx.c

2023-02-24 Thread Xenia Ragiadakou 
Do not include the headers:
  asm/hvm/vpic.h
  asm/hvm/vpt.h
  asm/io.h
  asm/mce.h
  asm/mem_sharing.h
  asm/regs.h
  public/arch-x86/cpuid.h
  public/hvm/save.h
because none of the declarations and macro definitions in them is used.
Sort the rest of the headers alphabetically.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - none

 xen/arch/x86/hvm/vmx/vmx.c | 56 +-
 1 file changed, 25 insertions(+), 31 deletions(-)

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index cb8b133ed5..9b009ebcef 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -15,52 +15,46 @@
  * this program; If not, see .
  */
 
+#include 
 #include 
+#include 
 #include 
+#include 
 #include 
 #include 
-#include 
+#include 
 #include 
-#include 
 #include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
+#include 
+
+#include 
+#include 
 #include 
-#include 
+#include 
+#include 
 #include 
-#include 
-#include 
-#include 
+#include 
 #include 
 #include 
+#include 
+#include 
 #include 
-#include 
+#include 
+#include 
 #include 
-#include 
-#include 
+#include 
+#include 
 #include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
 #include 
+#include 
+#include 
 #include 
-#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
 
 #include "pi.h"
 #include "vmx.h"
-- 
2.37.2

[PATCH v3 14/14] x86/vmx: move vmcs declarations used only by vmx code to private header

2023-02-24 Thread Xenia Ragiadakou 
Create a new private header in arch/x86/hvm/vmx called vmcs.h and move
there all definitions and declarations that are used only by vmx code and
don't need to reside in an external header.

Take the opportunity to replace u* with uint*_t, bool_t with bool and to
re-arrange the header as follows, all structures first, then all variable
declarations, all function delarations, and finally all inline functions.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
 - new patch

 xen/arch/x86/hvm/vmx/intr.c |   1 +
 xen/arch/x86/hvm/vmx/vmcs.c |   1 +
 xen/arch/x86/hvm/vmx/vmcs.h | 100 
 xen/arch/x86/hvm/vmx/vmx.c  |   1 +
 xen/arch/x86/hvm/vmx/vvmx.c |   1 +
 xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 118 +---
 6 files changed, 128 insertions(+), 94 deletions(-)
 create mode 100644 xen/arch/x86/hvm/vmx/vmcs.h

diff --git a/xen/arch/x86/hvm/vmx/intr.c b/xen/arch/x86/hvm/vmx/intr.c
index 8431937f42..d8387e7215 100644
--- a/xen/arch/x86/hvm/vmx/intr.c
+++ b/xen/arch/x86/hvm/vmx/intr.c
@@ -38,6 +38,7 @@
 #include 
 #include 
 
+#include "vmcs.h"
 #include "vmx.h"
 #include "vvmx.h"
 
diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 3d0f6be5bb..57e19e8dad 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -42,6 +42,7 @@
 #include 
 #include 
 
+#include "vmcs.h"
 #include "vmx.h"
 #include "vvmx.h"
 
diff --git a/xen/arch/x86/hvm/vmx/vmcs.h b/xen/arch/x86/hvm/vmx/vmcs.h
new file mode 100644
index 00..c0cca0ce73
--- /dev/null
+++ b/xen/arch/x86/hvm/vmx/vmcs.h
@@ -0,0 +1,100 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * vmcs.h: VMCS related definitions
+ *
+ * Copyright (c) 2004, Intel Corporation.
+ */
+
+#ifndef __X86_HVM_VMX_VMCS_PRIV_H__
+#define __X86_HVM_VMX_VMCS_PRIV_H__
+
+#include 
+#include 
+
+#include 
+
+struct vmcs_struct {
+uint32_t vmcs_revision_id;
+unsigned char data [0]; /* vmcs size is read from MSR */
+};
+
+#define _VMX_DOMAIN_PML_ENABLED0
+#define VMX_DOMAIN_PML_ENABLED (1ul << _VMX_DOMAIN_PML_ENABLED)
+
+/*
+ * Layout of the MSR bitmap, as interpreted by hardware:
+ *  - *_low  covers MSRs 0 to 0x1fff
+ *  - *_ligh covers MSRs 0xc000 to 0xc0001fff
+ */
+struct vmx_msr_bitmap {
+unsigned long read_low  [0x2000 / BITS_PER_LONG];
+unsigned long read_high [0x2000 / BITS_PER_LONG];
+unsigned long write_low [0x2000 / BITS_PER_LONG];
+unsigned long write_high[0x2000 / BITS_PER_LONG];
+};
+
+#define NR_PML_ENTRIES   512
+
+void vmcs_dump_vcpu(struct vcpu *v);
+int vmx_vmcs_init(void);
+int cf_check vmx_cpu_up_prepare(unsigned int cpu);
+void cf_check vmx_cpu_dead(unsigned int cpu);
+int cf_check vmx_cpu_up(void);
+void cf_check vmx_cpu_down(void);
+
+int vmx_create_vmcs(struct vcpu *v);
+void vmx_destroy_vmcs(struct vcpu *v);
+bool __must_check vmx_vmcs_try_enter(struct vcpu *v);
+void vmx_vmcs_reload(struct vcpu *v);
+
+void vmx_vmcs_switch(paddr_t from, paddr_t to);
+void vmx_set_eoi_exit_bitmap(struct vcpu *v, uint8_t vector);
+void vmx_clear_eoi_exit_bitmap(struct vcpu *v, uint8_t vector);
+bool vmx_msr_is_intercepted(struct vmx_msr_bitmap *msr_bitmap,
+unsigned int msr, bool is_write) __nonnull(1);
+void virtual_vmcs_enter(const struct vcpu *);
+void virtual_vmcs_exit(const struct vcpu *);
+u64 virtual_vmcs_vmread(const struct vcpu *, uint32_t encoding);
+enum vmx_insn_errno virtual_vmcs_vmread_safe(const struct vcpu *v,
+ uint32_t vmcs_encoding,
+ uint64_t *val);
+void virtual_vmcs_vmwrite(const struct vcpu *, uint32_t encoding, uint64_t 
val);
+enum vmx_insn_errno virtual_vmcs_vmwrite_safe(const struct vcpu *v,
+  uint32_t vmcs_encoding,
+  uint64_t val);
+
+DECLARE_PER_CPU(bool, vmxon);
+
+bool vmx_vcpu_pml_enabled(const struct vcpu *v);
+int vmx_vcpu_enable_pml(struct vcpu *v);
+void vmx_vcpu_disable_pml(struct vcpu *v);
+void vmx_vcpu_flush_pml_buffer(struct vcpu *v);
+
+static inline int vmx_read_guest_loadonly_msr(
+const struct vcpu *v, uint32_t msr, uint64_t *val)
+{
+const struct vmx_msr_entry *ent =
+vmx_find_msr(v, msr, VMX_MSR_GUEST_LOADONLY);
+
+if ( !ent )
+{
+*val = 0;
+return -ESRCH;
+}
+
+*val = ent->data;
+
+return 0;
+}
+
+#endif /* __X86_HVM_VMX_VMCS_PRIV_H__ */
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 73ab4e9816..c5f6902206 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -57,6 +57,7 @@
 #include 
 
 #include "pi.h"
+#include "vmcs.h"
 #include "vmx.h"
 #include "vvmx.h"
 
diff --git

[PATCH v3 13/14] x86/vmx: move vvmx declarations used only by vmx code to private header

2023-02-24 Thread Xenia Ragiadakou 
Create a new private header in arch/x86/hvm/vmx called vvmx.h and move
there all definitions and declarations that are used only by vmx code and
don't need to reside in an external header.

Take the opportunity to replace u* with uint*_t, bool_t with bool and to
re-arrange the header as follows, all structures first, then all variable
decalarations, all function delarations, and finally all inline functions.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - new patch

 xen/arch/x86/hvm/vmx/intr.c |   1 +
 xen/arch/x86/hvm/vmx/vmcs.c |   2 +-
 xen/arch/x86/hvm/vmx/vmx.c  |   1 +
 xen/arch/x86/hvm/vmx/vvmx.c |   1 +
 xen/arch/x86/hvm/vmx/vvmx.h | 187 
 xen/arch/x86/include/asm/hvm/vmx/vvmx.h | 165 +
 6 files changed, 198 insertions(+), 159 deletions(-)
 create mode 100644 xen/arch/x86/hvm/vmx/vvmx.h

diff --git a/xen/arch/x86/hvm/vmx/intr.c b/xen/arch/x86/hvm/vmx/intr.c
index c8db501759..8431937f42 100644
--- a/xen/arch/x86/hvm/vmx/intr.c
+++ b/xen/arch/x86/hvm/vmx/intr.c
@@ -39,6 +39,7 @@
 #include 
 
 #include "vmx.h"
+#include "vvmx.h"
 
 /*
  * A few notes on virtual NMI and INTR delivery, and interactions with
diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 4eb2571abb..3d0f6be5bb 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -34,7 +34,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -44,6 +43,7 @@
 #include 
 
 #include "vmx.h"
+#include "vvmx.h"
 
 static bool_t __read_mostly opt_vpid_enabled = 1;
 boolean_param("vpid", opt_vpid_enabled);
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 72d8f058f7..73ab4e9816 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -58,6 +58,7 @@
 
 #include "pi.h"
 #include "vmx.h"
+#include "vvmx.h"
 
 static bool_t __initdata opt_force_ept;
 boolean_param("force-ept", opt_force_ept);
diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c
index 0bda8430b9..0af5411076 100644
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -30,6 +30,7 @@
 #include 
 
 #include "vmx.h"
+#include "vvmx.h"
 
 static DEFINE_PER_CPU(u64 *, vvmcs_buf);
 
diff --git a/xen/arch/x86/hvm/vmx/vvmx.h b/xen/arch/x86/hvm/vmx/vvmx.h
new file mode 100644
index 00..0367fae42a
--- /dev/null
+++ b/xen/arch/x86/hvm/vmx/vvmx.h
@@ -0,0 +1,187 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * vvmx.h: Support virtual VMX for nested virtualization.
+ *
+ * Copyright (c) 2010, Intel Corporation.
+ * Author: Qing He 
+ * Eddie Dong 
+ */
+
+#ifndef __X86_HVM_VMX_VVMX_PRIV_H__
+#define __X86_HVM_VMX_VVMX_PRIV_H__
+
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+
+struct vvmcs_list {
+unsigned long vvmcs_mfn;
+struct list_head node;
+};
+
+#define vcpu_2_nvmx(v) (vcpu_nestedhvm(v).u.nvmx)
+
+/* bit 1, 2, 4 must be 1 */
+#define VMX_PINBASED_CTLS_DEFAULT10x16
+/* bit 1, 4-6,8,13-16,26 must be 1 */
+#define VMX_PROCBASED_CTLS_DEFAULT1   0x401e172
+/* bit 0-8, 10,11,13,14,16,17 must be 1 */
+#define VMX_EXIT_CTLS_DEFAULT10x36dff
+/* bit 0-8, and 12 must be 1 */
+#define VMX_ENTRY_CTLS_DEFAULT1   0x11ff
+
+union vmx_inst_info {
+struct {
+unsigned int scaling   :2; /* bit 0-1 */
+unsigned int __rsvd0   :1; /* bit 2 */
+unsigned int reg1  :4; /* bit 3-6 */
+unsigned int addr_size :3; /* bit 7-9 */
+unsigned int memreg:1; /* bit 10 */
+unsigned int __rsvd1   :4; /* bit 11-14 */
+unsigned int segment   :3; /* bit 15-17 */
+unsigned int index_reg :4; /* bit 18-21 */
+unsigned int index_reg_invalid :1; /* bit 22 */
+unsigned int base_reg  :4; /* bit 23-26 */
+unsigned int base_reg_invalid  :1; /* bit 27 */
+unsigned int reg2  :4; /* bit 28-31 */
+} fields;
+uint32_t word;
+};
+
+/*
+ * Virtual VMCS layout
+ *
+ * Since physical VMCS layout is unknown, a custom layout is used
+ * for virtual VMCS seen by guest. It occupies a 4k page, and the
+ * field is offset by an 9-bit offset into u64[], The offset is as
+ * follow, which means every  pair has a max of 32
+ * fields available.
+ *
+ * 9   7  5   0
+ * 
+ * offset: | width | type | index |
+ * 
+ *
+ * Also, since the lower range  has only one
+ * field: VPID, it is moved to a higher offset (63), and leaves the
+ * lower range to non-indexed field like VMCS revision.
+ *
+ */
+
+struct vvmcs_header {
+uint32_t revision;
+uint32_t abort;
+};
+
+union vmcs_encoding {
+struct {
+uint32_t access_type : 1;
+uint32_t index : 9;
+

[PATCH v3 10/14] x86/vmx: move declarations used only by vmx code from vmx.h to private headers

2023-02-24 Thread Xenia Ragiadakou 
Create two new private headers in arch/x86/hvm/vmx called vmx.h and pi.h.
Move all the definitions and declarations that are used solely by vmx code
into the private vmx.h, apart from the ones related to posted interrupts that
are moved into pi.h.

EPT related declarations and definitions stay in asm/hvm/vmx/vmx.h because
they are used in arch/x86/mm and drivers/passthrough/vtd.

Also, __vmread(), used in arch/x86/cpu, and consequently the opcodes stay in
asm/hvm/vmx/vmx.h.

Take the opportunity during the movement to replace u* with uint*_t, fix minor
coding style issues and reduce scope of GAS_VMX_OP definition.
Also, rearrange the code in the following way, place all structures first,
then all variable decalarations, all function delarations, and finally all
inline functions.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - add SPDX identifier, reported by Andrew
  - add #ifndef header guard, reported by Andrew and Jan
  - fold patch reducing the scope of GAS_VMX_OP definition into this,
suggested by Jan
  - put pi related declarations in a separate priv header, suggested by Jan
  - perform minor coding style fixes pointed out by Jan
  - replace u* with uint*_t, suggested by Jan
  - rearrange the header in the way Jan's proposed
  - rebase to the latest staging

 xen/arch/x86/hvm/vmx/intr.c|   2 +
 xen/arch/x86/hvm/vmx/pi.h  |  78 +
 xen/arch/x86/hvm/vmx/realmode.c|   2 +
 xen/arch/x86/hvm/vmx/vmcs.c|   2 +
 xen/arch/x86/hvm/vmx/vmx.c |   3 +
 xen/arch/x86/hvm/vmx/vmx.h | 416 +++
 xen/arch/x86/hvm/vmx/vvmx.c|   2 +
 xen/arch/x86/include/asm/hvm/vmx/vmx.h | 439 -
 8 files changed, 505 insertions(+), 439 deletions(-)
 create mode 100644 xen/arch/x86/hvm/vmx/pi.h
 create mode 100644 xen/arch/x86/hvm/vmx/vmx.h

diff --git a/xen/arch/x86/hvm/vmx/intr.c b/xen/arch/x86/hvm/vmx/intr.c
index 6a8316de0e..c8db501759 100644
--- a/xen/arch/x86/hvm/vmx/intr.c
+++ b/xen/arch/x86/hvm/vmx/intr.c
@@ -38,6 +38,8 @@
 #include 
 #include 
 
+#include "vmx.h"
+
 /*
  * A few notes on virtual NMI and INTR delivery, and interactions with
  * interruptibility states:
diff --git a/xen/arch/x86/hvm/vmx/pi.h b/xen/arch/x86/hvm/vmx/pi.h
new file mode 100644
index 00..c72cc511da
--- /dev/null
+++ b/xen/arch/x86/hvm/vmx/pi.h
@@ -0,0 +1,78 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * pi.h: VMX Posted Interrupts
+ *
+ * Copyright (c) 2004, Intel Corporation.
+ */
+
+#ifndef __X86_HVM_VMX_PI_PRIV_H__
+#define __X86_HVM_VMX_PI_PRIV_H__
+
+#include 
+
+#include 
+
+#define POSTED_INTR_ON  0
+#define POSTED_INTR_SN  1
+
+static inline int pi_test_and_set_pir(uint8_t vector, struct pi_desc *pi_desc)
+{
+return test_and_set_bit(vector, pi_desc->pir);
+}
+
+static inline int pi_test_pir(uint8_t vector, const struct pi_desc *pi_desc)
+{
+return test_bit(vector, pi_desc->pir);
+}
+
+static inline int pi_test_and_set_on(struct pi_desc *pi_desc)
+{
+return test_and_set_bit(POSTED_INTR_ON, _desc->control);
+}
+
+static inline void pi_set_on(struct pi_desc *pi_desc)
+{
+set_bit(POSTED_INTR_ON, _desc->control);
+}
+
+static inline int pi_test_and_clear_on(struct pi_desc *pi_desc)
+{
+return test_and_clear_bit(POSTED_INTR_ON, _desc->control);
+}
+
+static inline int pi_test_on(struct pi_desc *pi_desc)
+{
+return pi_desc->on;
+}
+
+static inline unsigned long pi_get_pir(struct pi_desc *pi_desc, int group)
+{
+return xchg(_desc->pir[group], 0);
+}
+
+static inline int pi_test_sn(struct pi_desc *pi_desc)
+{
+return pi_desc->sn;
+}
+
+static inline void pi_set_sn(struct pi_desc *pi_desc)
+{
+set_bit(POSTED_INTR_SN, _desc->control);
+}
+
+static inline void pi_clear_sn(struct pi_desc *pi_desc)
+{
+clear_bit(POSTED_INTR_SN, _desc->control);
+}
+
+#endif /* __X86_HVM_VMX_PI_PRIV_H__ */
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/arch/x86/hvm/vmx/realmode.c b/xen/arch/x86/hvm/vmx/realmode.c
index 4ac93e0810..5591660230 100644
--- a/xen/arch/x86/hvm/vmx/realmode.c
+++ b/xen/arch/x86/hvm/vmx/realmode.c
@@ -23,6 +23,8 @@
 #include 
 #include 
 
+#include "vmx.h"
+
 static void realmode_deliver_exception(
 unsigned int vector,
 unsigned int insn_len,
diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index d3c75b3803..4eb2571abb 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -43,6 +43,8 @@
 #include 
 #include 
 
+#include "vmx.h"
+
 static bool_t __read_mostly opt_vpid_enabled = 1;
 boolean_param("vpid", opt_vpid_enabled);
 
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 232107bd79..cb8b133ed5 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -62,6 +62,9 @@
 #include 
 #include

[PATCH v3 06/14] x86/svm: move vmcb declarations used only by svm code to private header

2023-02-24 Thread Xenia Ragiadakou 
Create a new private header in arch/x86/hvm/svm called vmcb.h and move
there all definitions and declarations that are used only by svm code and
don't need to reside in an external header.

Take the opportunity to replace u* with uint*_t and remove redundant blank
lines.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - new patch

 xen/arch/x86/hvm/svm/asid.c |   1 +
 xen/arch/x86/hvm/svm/emulate.c  |   1 +
 xen/arch/x86/hvm/svm/intr.c |   1 +
 xen/arch/x86/hvm/svm/nestedsvm.c|   1 +
 xen/arch/x86/hvm/svm/svm.c  |   1 +
 xen/arch/x86/hvm/svm/svmdebug.c |   2 +
 xen/arch/x86/hvm/svm/vmcb.c |   2 +
 xen/arch/x86/hvm/svm/vmcb.h | 591 
 xen/arch/x86/include/asm/hvm/svm/vmcb.h | 575 +--
 9 files changed, 604 insertions(+), 571 deletions(-)
 create mode 100644 xen/arch/x86/hvm/svm/vmcb.h

diff --git a/xen/arch/x86/hvm/svm/asid.c b/xen/arch/x86/hvm/svm/asid.c
index 1128434878..05ba2df9d5 100644
--- a/xen/arch/x86/hvm/svm/asid.c
+++ b/xen/arch/x86/hvm/svm/asid.c
@@ -20,6 +20,7 @@
 #include 
 
 #include "asid.h"
+#include "vmcb.h"
 
 void svm_asid_init(const struct cpuinfo_x86 *c)
 {
diff --git a/xen/arch/x86/hvm/svm/emulate.c b/xen/arch/x86/hvm/svm/emulate.c
index 4a84b4e761..573d005127 100644
--- a/xen/arch/x86/hvm/svm/emulate.c
+++ b/xen/arch/x86/hvm/svm/emulate.c
@@ -26,6 +26,7 @@
 #include 
 
 #include "emulate.h"
+#include "vmcb.h"
 
 static unsigned long svm_nextrip_insn_length(struct vcpu *v)
 {
diff --git a/xen/arch/x86/hvm/svm/intr.c b/xen/arch/x86/hvm/svm/intr.c
index dbb0022190..2655c5b4c8 100644
--- a/xen/arch/x86/hvm/svm/intr.c
+++ b/xen/arch/x86/hvm/svm/intr.c
@@ -38,6 +38,7 @@
 #include 
 
 #include "nestedhvm.h"
+#include "vmcb.h"
 
 static void svm_inject_nmi(struct vcpu *v)
 {
diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c
index 80b72b5dee..efbd9bbb77 100644
--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -28,6 +28,7 @@
 #include "emulate.h"
 #include "nestedhvm.h"
 #include "svm.h"
+#include "vmcb.h"
 
 #define NSVM_ERROR_VVMCB1
 #define NSVM_ERROR_VMENTRY  2
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 4b74ee3d7c..86b1bf3242 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -56,6 +56,7 @@
 #include "emulate.h"
 #include "nestedhvm.h"
 #include "svm.h"
+#include "vmcb.h"
 
 void noreturn svm_asm_do_resume(void);
 
diff --git a/xen/arch/x86/hvm/svm/svmdebug.c b/xen/arch/x86/hvm/svm/svmdebug.c
index bce86f0ef7..ade74dfd8f 100644
--- a/xen/arch/x86/hvm/svm/svmdebug.c
+++ b/xen/arch/x86/hvm/svm/svmdebug.c
@@ -21,6 +21,8 @@
 #include 
 #include 
 
+#include "vmcb.h"
+
 static void svm_dump_sel(const char *name, const struct segment_register *s)
 {
 printk("%s: %04x %04x %08x %016"PRIx64"\n",
diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c
index ba93375e87..1d512fedb0 100644
--- a/xen/arch/x86/hvm/svm/vmcb.c
+++ b/xen/arch/x86/hvm/svm/vmcb.c
@@ -30,6 +30,8 @@
 #include 
 #include 
 
+#include "vmcb.h"
+
 struct vmcb_struct *alloc_vmcb(void)
 {
 struct vmcb_struct *vmcb;
diff --git a/xen/arch/x86/hvm/svm/vmcb.h b/xen/arch/x86/hvm/svm/vmcb.h
new file mode 100644
index 00..c58625fd80
--- /dev/null
+++ b/xen/arch/x86/hvm/svm/vmcb.h
@@ -0,0 +1,591 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * vmcb.h: VMCB related definitions
+ *
+ * Copyright (c) 2005-2007, Advanced Micro Devices, Inc
+ * Copyright (c) 2004, Intel Corporation.
+ */
+
+#ifndef __X86_HVM_SVM_VMCB_PRIV_H__
+#define __X86_HVM_SVM_VMCB_PRIV_H__
+
+#include 
+
+#include 
+
+/* general 1 intercepts */
+enum GenericIntercept1bits
+{
+GENERAL1_INTERCEPT_INTR  = 1 << 0,
+GENERAL1_INTERCEPT_NMI   = 1 << 1,
+GENERAL1_INTERCEPT_SMI   = 1 << 2,
+GENERAL1_INTERCEPT_INIT  = 1 << 3,
+GENERAL1_INTERCEPT_VINTR = 1 << 4,
+GENERAL1_INTERCEPT_CR0_SEL_WRITE = 1 << 5,
+GENERAL1_INTERCEPT_IDTR_READ = 1 << 6,
+GENERAL1_INTERCEPT_GDTR_READ = 1 << 7,
+GENERAL1_INTERCEPT_LDTR_READ = 1 << 8,
+GENERAL1_INTERCEPT_TR_READ   = 1 << 9,
+GENERAL1_INTERCEPT_IDTR_WRITE= 1 << 10,
+GENERAL1_INTERCEPT_GDTR_WRITE= 1 << 11,
+GENERAL1_INTERCEPT_LDTR_WRITE= 1 << 12,
+GENERAL1_INTERCEPT_TR_WRITE  = 1 << 13,
+GENERAL1_INTERCEPT_RDTSC = 1 << 14,
+GENERAL1_INTERCEPT_RDPMC = 1 << 15,
+GENERAL1_INTERCEPT_PUSHF = 1 << 16,
+GENERAL1_INTERCEPT_POPF  = 1 << 17,
+GENERAL1_INTERCEPT_CPUID = 1 << 18,
+GENERAL1_INTERCEPT_RSM   = 1 << 19,
+GENERAL1_INTERCEPT_IRET  = 1 << 20,
+GENERAL1_INTERCEPT_SWINT = 1 << 21,
+GENERAL1_INTERCEPT_INVD  = 1 << 22,
+GENERAL1_INTERCEPT_PAUSE = 1 << 23,
+GENERAL1_INTERCEPT_HLT

[PATCH v3 12/14] x86/vmx: declare nvmx_enqueue_n2_exceptions() static

2023-02-24 Thread Xenia Ragiadakou 
Reduce the scope of nvmx_enqueue_n2_exceptions() to static because it is used
only in this file.

Take the opportunity to remove a trailing space.

Signed-off-by: Xenia Ragiadakou 
Reviewed-by: Jan Beulich 
---

Changes in v3:
  - add Jan's R-b tag

 xen/arch/x86/hvm/vmx/vmx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 9b009ebcef..72d8f058f7 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -1897,7 +1897,7 @@ static void cf_check vmx_update_guest_efer(struct vcpu *v)
 vmx_set_msr_intercept(v, MSR_EFER, VMX_MSR_R);
 }
 
-void nvmx_enqueue_n2_exceptions(struct vcpu *v, 
+static void nvmx_enqueue_n2_exceptions(struct vcpu *v,
 unsigned long intr_fields, int error_code, uint8_t source)
 {
 struct nestedvmx *nvmx = _2_nvmx(v);
-- 
2.37.2

[PATCH v3 09/14] x86/vmx: remove unused included headers from vmx.h

2023-02-24 Thread Xenia Ragiadakou 
Do not include the headers:
  asm/i387.h
  asm/hvm/trace.h
  asm/processor.h
  asm/regs.h
because none of the declarations and macro definitions in them is used in
this file. Sort the rest of the headers alphabetically.
Include asm/i387.h in vmx.c, needed for vcpu_restore_fpu_lazy().

Take the opportunity to include xen/types.h in the place of asm/types.h and
replace u* with uint*_t and bool_t with bool.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - reword the commit message to not look like a bug fix, reported by JAn
  - include xen/types.h instead of asm/types.h and use uint*_t instead of u*,
suggested by Jan

 xen/arch/x86/hvm/vmx/vmx.c |  1 +
 xen/arch/x86/include/asm/hvm/vmx/vmx.h | 15 ++-
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 294c8490b4..232107bd79 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -43,6 +43,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h 
b/xen/arch/x86/include/asm/hvm/vmx/vmx.h
index 82a9487b40..f5720c393c 100644
--- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h
+++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h
@@ -19,20 +19,17 @@
 #define __ASM_X86_HVM_VMX_VMX_H__
 
 #include 
-#include 
-#include 
+#include 
+
 #include 
-#include 
-#include 
-#include 
-#include 
 #include 
+#include 
 
 extern int8_t opt_ept_exec_sp;
 
 typedef union {
 struct {
-u64 r   :   1,  /* bit 0 - Read permission */
+uint64_t r  :   1,  /* bit 0 - Read permission */
 w   :   1,  /* bit 1 - Write permission */
 x   :   1,  /* bit 2 - Execute permission */
 emt :   3,  /* bits 5:3 - EPT Memory type */
@@ -49,7 +46,7 @@ typedef union {
 _rsvd   :   1,  /* bit 62 - reserved */
 suppress_ve :   1;  /* bit 63 - suppress #VE */
 };
-u64 epte;
+uint64_t epte;
 } ept_entry_t;
 
 typedef struct {
@@ -595,7 +592,7 @@ void vmx_inject_extint(int trap, uint8_t source);
 void vmx_inject_nmi(void);
 
 void ept_walk_table(struct domain *d, unsigned long gfn);
-bool_t ept_handle_misconfig(uint64_t gpa);
+bool ept_handle_misconfig(uint64_t gpa);
 int epte_get_entry_emt(struct domain *d, gfn_t gfn, mfn_t mfn,
unsigned int order, bool *ipat, p2m_type_t type);
 void setup_ept_dump(void);
-- 
2.37.2

[PATCH v3 08/14] x86/vmx: move vmx_update_debug_state() in vmcs.c and declare it static

2023-02-24 Thread Xenia Ragiadakou 
Move vmx_update_debug_state() in vmcs.c because it is used only in this
file and limit its scope to this file by declaring it static and removing
its declaration from vmx.h.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - apply the change before moving the declarations into private headers
to avoid churn, suggested by Jan

 xen/arch/x86/hvm/vmx/vmcs.c| 12 
 xen/arch/x86/hvm/vmx/vmx.c | 12 
 xen/arch/x86/include/asm/hvm/vmx/vmx.h |  1 -
 3 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index ed71ecfb62..d3c75b3803 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -1868,6 +1868,18 @@ void vmx_vmentry_failure(void)
 
 void noreturn vmx_asm_do_vmentry(void);
 
+static void vmx_update_debug_state(struct vcpu *v)
+{
+if ( v->arch.hvm.debug_state_latch )
+v->arch.hvm.vmx.exception_bitmap |= 1U << TRAP_int3;
+else
+v->arch.hvm.vmx.exception_bitmap &= ~(1U << TRAP_int3);
+
+vmx_vmcs_enter(v);
+vmx_update_exception_bitmap(v);
+vmx_vmcs_exit(v);
+}
+
 void cf_check vmx_do_resume(void)
 {
 struct vcpu *v = current;
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 0ec33bcc18..294c8490b4 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -1613,18 +1613,6 @@ static void cf_check vmx_update_host_cr3(struct vcpu *v)
 vmx_vmcs_exit(v);
 }
 
-void vmx_update_debug_state(struct vcpu *v)
-{
-if ( v->arch.hvm.debug_state_latch )
-v->arch.hvm.vmx.exception_bitmap |= 1U << TRAP_int3;
-else
-v->arch.hvm.vmx.exception_bitmap &= ~(1U << TRAP_int3);
-
-vmx_vmcs_enter(v);
-vmx_update_exception_bitmap(v);
-vmx_vmcs_exit(v);
-}
-
 static void cf_check vmx_update_guest_cr(
 struct vcpu *v, unsigned int cr, unsigned int flags)
 {
diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h 
b/xen/arch/x86/include/asm/hvm/vmx/vmx.h
index f6308ed656..82a9487b40 100644
--- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h
+++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h
@@ -88,7 +88,6 @@ void cf_check vmx_vlapic_msr_changed(struct vcpu *v);
 struct hvm_emulate_ctxt;
 void vmx_realmode_emulate_one(struct hvm_emulate_ctxt *hvmemul_ctxt);
 void vmx_realmode(struct cpu_user_regs *regs);
-void vmx_update_debug_state(struct vcpu *v);
 void vmx_update_exception_bitmap(struct vcpu *v);
 void vmx_update_cpu_exec_control(struct vcpu *v);
 void vmx_update_secondary_exec_control(struct vcpu *v);
-- 
2.37.2

[PATCH v3 05/14] x86/svm: move nestedsvm declarations used only by svm code to private header

2023-02-24 Thread Xenia Ragiadakou 
Create a new private header in arch/x86/hvm/svm called nestedsvm.h and move
there all definitions and declarations that are used only by svm code and
don't need to reside in an external header.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - new patch

 xen/arch/x86/hvm/svm/intr.c  |  2 +
 xen/arch/x86/hvm/svm/nestedhvm.h | 77 
 xen/arch/x86/hvm/svm/nestedsvm.c |  2 +-
 xen/arch/x86/hvm/svm/svm.c   |  2 +-
 xen/arch/x86/hvm/svm/svm.h   |  2 +-
 xen/arch/x86/include/asm/hvm/svm/nestedsvm.h | 53 +-
 6 files changed, 86 insertions(+), 52 deletions(-)
 create mode 100644 xen/arch/x86/hvm/svm/nestedhvm.h

diff --git a/xen/arch/x86/hvm/svm/intr.c b/xen/arch/x86/hvm/svm/intr.c
index d21e930af0..dbb0022190 100644
--- a/xen/arch/x86/hvm/svm/intr.c
+++ b/xen/arch/x86/hvm/svm/intr.c
@@ -37,6 +37,8 @@
 #include 
 #include 
 
+#include "nestedhvm.h"
+
 static void svm_inject_nmi(struct vcpu *v)
 {
 struct vmcb_struct *vmcb = v->arch.hvm.svm.vmcb;
diff --git a/xen/arch/x86/hvm/svm/nestedhvm.h b/xen/arch/x86/hvm/svm/nestedhvm.h
new file mode 100644
index 00..43245e13de
--- /dev/null
+++ b/xen/arch/x86/hvm/svm/nestedhvm.h
@@ -0,0 +1,77 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * nestedsvm.h: Nested Virtualization
+ *
+ * Copyright (c) 2011, Advanced Micro Devices, Inc
+ */
+
+#ifndef __X86_HVM_SVM_NESTEDHVM_PRIV_H__
+#define __X86_HVM_SVM_NESTEDHVM_PRIV_H__
+
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+
+/* SVM specific intblk types, cannot be an enum because gcc 4.5 complains */
+/* GIF cleared */
+#define hvm_intblk_svm_gif  hvm_intblk_arch
+
+#define vcpu_nestedsvm(v) (vcpu_nestedhvm(v).u.nsvm)
+
+/* True when l1 guest enabled SVM in EFER */
+#define nsvm_efer_svm_enabled(v) \
+(!!((v)->arch.hvm.guest_efer & EFER_SVME))
+
+int nestedsvm_vmcb_map(struct vcpu *v, uint64_t vmcbaddr);
+void nestedsvm_vmexit_defer(struct vcpu *v,
+uint64_t exitcode, uint64_t exitinfo1, uint64_t exitinfo2);
+enum nestedhvm_vmexits
+nestedsvm_vmexit_n2n1(struct vcpu *v, struct cpu_user_regs *regs);
+enum nestedhvm_vmexits
+nestedsvm_check_intercepts(struct vcpu *v, struct cpu_user_regs *regs,
+uint64_t exitcode);
+void svm_nested_features_on_efer_update(struct vcpu *v);
+
+/* Interface methods */
+void cf_check nsvm_vcpu_destroy(struct vcpu *v);
+int cf_check nsvm_vcpu_initialise(struct vcpu *v);
+int cf_check nsvm_vcpu_reset(struct vcpu *v);
+int nsvm_vcpu_vmrun(struct vcpu *v, struct cpu_user_regs *regs);
+int cf_check nsvm_vcpu_vmexit_event(struct vcpu *v,
+const struct x86_event *event);
+uint64_t cf_check nsvm_vcpu_hostcr3(struct vcpu *v);
+bool cf_check nsvm_vmcb_guest_intercepts_event(
+struct vcpu *v, unsigned int vector, int errcode);
+bool cf_check nsvm_vmcb_hap_enabled(struct vcpu *v);
+enum hvm_intblk cf_check nsvm_intr_blocked(struct vcpu *v);
+
+/* Interrupts, vGIF */
+void svm_vmexit_do_clgi(struct cpu_user_regs *regs, struct vcpu *v);
+void svm_vmexit_do_stgi(struct cpu_user_regs *regs, struct vcpu *v);
+bool nestedsvm_gif_isset(struct vcpu *v);
+int cf_check nsvm_hap_walk_L1_p2m(
+struct vcpu *v, paddr_t L2_gpa, paddr_t *L1_gpa, unsigned int *page_order,
+uint8_t *p2m_acc, struct npfec npfec);
+
+#define NSVM_INTR_NOTHANDLED 3
+#define NSVM_INTR_NOTINTERCEPTED 2
+#define NSVM_INTR_FORCEVMEXIT1
+#define NSVM_INTR_MASKED 0
+
+int nestedsvm_vcpu_interrupt(struct vcpu *v, const struct hvm_intack intack);
+
+#endif /* __X86_HVM_SVM_NESTEDHVM_PRIV_H__ */
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c
index 5f5752ce21..80b72b5dee 100644
--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -20,13 +20,13 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include  /* paging_mode_hap */
 #include  /* for local_event_delivery_(en|dis)able */
 #include  /* p2m_get_pagetable, p2m_get_nestedp2m */
 
 #include "emulate.h"
+#include "nestedhvm.h"
 #include "svm.h"
 
 #define NSVM_ERROR_VVMCB1
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index c767a3eb76..4b74ee3d7c 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -37,7 +37,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -55,6 +54,7 @@
 
 #include "asid.h"
 #include "emulate.h"
+#include "nestedhvm.h"
 #include "svm.h"
 
 void noreturn svm_asm_do_resume(void);
diff --git a/xen/arch/x86/hvm/svm/svm.h b/xen/arch/x86/hvm/svm/svm.h
index 9e65919757..f700f26f90 100644
--- a/xen/arch/x86/hvm/svm/svm.h
+++ b/xen/arch/x86/hvm/svm/svm.h
@@ -36,7 +36,7 @@ static inline void svm_invlpga(unsigned long linear, uint32_t 
asid)

[PATCH v3 07/14] x86/svm: move svmdebug.h declarations to private vmcb.h and delete it

2023-02-24 Thread Xenia Ragiadakou 
Move the declarations in svmdebug.h to private vmcb.h because are vmcb
specific and are used only by internal svm code, and delete svmdebug.h.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - new patch, suggested by Andrew

 xen/arch/x86/hvm/svm/nestedsvm.c|  1 -
 xen/arch/x86/hvm/svm/svm.c  |  1 -
 xen/arch/x86/hvm/svm/svmdebug.c |  1 -
 xen/arch/x86/hvm/svm/vmcb.c |  1 -
 xen/arch/x86/hvm/svm/vmcb.h |  6 +
 xen/arch/x86/include/asm/hvm/svm/svmdebug.h | 30 -
 6 files changed, 6 insertions(+), 34 deletions(-)
 delete mode 100644 xen/arch/x86/include/asm/hvm/svm/svmdebug.h

diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c
index efbd9bbb77..201da7d531 100644
--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -20,7 +20,6 @@
 #include 
 #include 
 #include 
-#include 
 #include  /* paging_mode_hap */
 #include  /* for local_event_delivery_(en|dis)able */
 #include  /* p2m_get_pagetable, p2m_get_nestedp2m */
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 86b1bf3242..0a1b447e36 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -38,7 +38,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
diff --git a/xen/arch/x86/hvm/svm/svmdebug.c b/xen/arch/x86/hvm/svm/svmdebug.c
index ade74dfd8f..7fd0753116 100644
--- a/xen/arch/x86/hvm/svm/svmdebug.c
+++ b/xen/arch/x86/hvm/svm/svmdebug.c
@@ -19,7 +19,6 @@
 #include 
 #include 
 #include 
-#include 
 
 #include "vmcb.h"
 
diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c
index 1d512fedb0..657b4b1670 100644
--- a/xen/arch/x86/hvm/svm/vmcb.c
+++ b/xen/arch/x86/hvm/svm/vmcb.c
@@ -27,7 +27,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 
 #include "vmcb.h"
diff --git a/xen/arch/x86/hvm/svm/vmcb.h b/xen/arch/x86/hvm/svm/vmcb.h
index c58625fd80..80143164e5 100644
--- a/xen/arch/x86/hvm/svm/vmcb.h
+++ b/xen/arch/x86/hvm/svm/vmcb.h
@@ -11,6 +11,7 @@
 
 #include 
 
+#include 
 #include 
 
 /* general 1 intercepts */
@@ -518,6 +519,11 @@ void svm_destroy_vmcb(struct vcpu *v);
 
 void setup_vmcb_dump(void);
 
+void svm_sync_vmcb(struct vcpu *v, enum vmcb_sync_state new_state);
+void svm_vmcb_dump(const char *from, const struct vmcb_struct *vmcb);
+bool svm_vmcb_isvalid(const char *from, const struct vmcb_struct *vmcb,
+  const struct vcpu *v, bool verbose);
+
 /*
  * VMCB accessor functions.
  */
diff --git a/xen/arch/x86/include/asm/hvm/svm/svmdebug.h 
b/xen/arch/x86/include/asm/hvm/svm/svmdebug.h
deleted file mode 100644
index 330c1d91aa..00
--- a/xen/arch/x86/include/asm/hvm/svm/svmdebug.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * svmdebug.h: SVM related debug defintions
- * Copyright (c) 2011, AMD Corporation.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; If not, see .
- *
- */
-
-#ifndef __ASM_X86_HVM_SVM_SVMDEBUG_H__
-#define __ASM_X86_HVM_SVM_SVMDEBUG_H__
-
-#include 
-#include 
-
-void svm_sync_vmcb(struct vcpu *v, enum vmcb_sync_state new_state);
-void svm_vmcb_dump(const char *from, const struct vmcb_struct *vmcb);
-bool svm_vmcb_isvalid(const char *from, const struct vmcb_struct *vmcb,
-  const struct vcpu *v, bool verbose);
-
-#endif /* __ASM_X86_HVM_SVM_SVMDEBUG_H__ */
-- 
2.37.2

[PATCH v3 03/14] x86/svm: delete header asm/hvm/svm/intr.h

2023-02-24 Thread Xenia Ragiadakou 
Delete asm/hvm/svm/intr.h because it contains only the declaration of
svm_intr_assist() which is referenced only by assembly.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - new patch, suggested by Andrew

 xen/arch/x86/hvm/svm/intr.c |  1 -
 xen/arch/x86/include/asm/hvm/svm/intr.h | 25 -
 2 files changed, 26 deletions(-)
 delete mode 100644 xen/arch/x86/include/asm/hvm/svm/intr.h

diff --git a/xen/arch/x86/hvm/svm/intr.c b/xen/arch/x86/hvm/svm/intr.c
index 9525f35593..d21e930af0 100644
--- a/xen/arch/x86/hvm/svm/intr.c
+++ b/xen/arch/x86/hvm/svm/intr.c
@@ -29,7 +29,6 @@
 #include 
 #include 
 #include 
-#include 
 #include  /* for nestedhvm_vcpu_in_guestmode */
 #include 
 #include 
diff --git a/xen/arch/x86/include/asm/hvm/svm/intr.h 
b/xen/arch/x86/include/asm/hvm/svm/intr.h
deleted file mode 100644
index ae52d9f948..00
--- a/xen/arch/x86/include/asm/hvm/svm/intr.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * intr.h: SVM Architecture related definitions
- * Copyright (c) 2005, AMD Corporation.
- * Copyright (c) 2004, Intel Corporation.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; If not, see .
- *
- */
-
-#ifndef __ASM_X86_HVM_SVM_INTR_H__
-#define __ASM_X86_HVM_SVM_INTR_H__
-
-void svm_intr_assist(void);
-
-#endif /* __ASM_X86_HVM_SVM_INTR_H__ */
-- 
2.37.2

[PATCH v3 04/14] x86/svm: make emulate.h private

2023-02-24 Thread Xenia Ragiadakou 
The header asm/hvm/svm/emulate.h is used only internally by the SVM code,
so it can be changed into a private header.

Take the opportunity to use an SPDX tag for the licence.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - new patch

 xen/arch/x86/hvm/svm/emulate.c|  3 ++-
 .../x86/{include/asm => }/hvm/svm/emulate.h   | 20 +--
 xen/arch/x86/hvm/svm/nestedsvm.c  |  2 +-
 xen/arch/x86/hvm/svm/svm.c|  2 +-
 4 files changed, 9 insertions(+), 18 deletions(-)
 rename xen/arch/x86/{include/asm => }/hvm/svm/emulate.h (73%)

diff --git a/xen/arch/x86/hvm/svm/emulate.c b/xen/arch/x86/hvm/svm/emulate.c
index 16fc134883..4a84b4e761 100644
--- a/xen/arch/x86/hvm/svm/emulate.c
+++ b/xen/arch/x86/hvm/svm/emulate.c
@@ -24,7 +24,8 @@
 #include 
 #include 
 #include 
-#include 
+
+#include "emulate.h"
 
 static unsigned long svm_nextrip_insn_length(struct vcpu *v)
 {
diff --git a/xen/arch/x86/include/asm/hvm/svm/emulate.h 
b/xen/arch/x86/hvm/svm/emulate.h
similarity index 73%
rename from xen/arch/x86/include/asm/hvm/svm/emulate.h
rename to xen/arch/x86/hvm/svm/emulate.h
index eb1a8c24af..c0d27772a5 100644
--- a/xen/arch/x86/include/asm/hvm/svm/emulate.h
+++ b/xen/arch/x86/hvm/svm/emulate.h
@@ -1,23 +1,13 @@
+/* SPDX-License-Identifier: GPL-2.0 */
 /*
  * emulate.h: SVM instruction emulation bits.
+ *
  * Copyright (c) 2005, AMD Corporation.
  * Copyright (c) 2004, Intel Corporation.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; If not, see .
  */
 
-#ifndef __ASM_X86_HVM_SVM_EMULATE_H__
-#define __ASM_X86_HVM_SVM_EMULATE_H__
+#ifndef __X86_HVM_SVM_EMULATE_PRIV_H__
+#define __X86_HVM_SVM_EMULATE_PRIV_H__
 
 /*
  * Encoding for svm_get_insn_len().  We take X86EMUL_OPC() for the main
@@ -53,7 +43,7 @@ struct vcpu;
 unsigned int svm_get_insn_len(struct vcpu *v, unsigned int instr_enc);
 unsigned int svm_get_task_switch_insn_len(void);
 
-#endif /* __ASM_X86_HVM_SVM_EMULATE_H__ */
+#endif /* __X86_HVM_SVM_EMULATE_PRIV_H__ */
 
 /*
  * Local variables:
diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c
index a341ccc876..5f5752ce21 100644
--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -17,7 +17,6 @@
  */
 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -27,6 +26,7 @@
 #include  /* for local_event_delivery_(en|dis)able */
 #include  /* p2m_get_pagetable, p2m_get_nestedp2m */
 
+#include "emulate.h"
 #include "svm.h"
 
 #define NSVM_ERROR_VVMCB1
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 793a10eaca..c767a3eb76 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -37,7 +37,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -55,6 +54,7 @@
 #include 
 
 #include "asid.h"
+#include "emulate.h"
 #include "svm.h"
 
 void noreturn svm_asm_do_resume(void);
-- 
2.37.2

[PATCH v3 02/14] x86/svm: make asid.h private

2023-02-24 Thread Xenia Ragiadakou 
The asm/hvm/svm/asid.h is used only internally by the SVM code, so it can be
changed into a private header.

Take the opportunity to use an SPDX tag for the licence and remove included
but unused xen/types.h.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - new patch

 xen/arch/x86/hvm/svm/asid.c |  3 +-
 xen/arch/x86/hvm/svm/asid.h | 38 +++
 xen/arch/x86/hvm/svm/svm.c  |  2 +-
 xen/arch/x86/include/asm/hvm/svm/asid.h | 49 -
 4 files changed, 41 insertions(+), 51 deletions(-)
 create mode 100644 xen/arch/x86/hvm/svm/asid.h
 delete mode 100644 xen/arch/x86/include/asm/hvm/svm/asid.h

diff --git a/xen/arch/x86/hvm/svm/asid.c b/xen/arch/x86/hvm/svm/asid.c
index ab06dd3f3a..1128434878 100644
--- a/xen/arch/x86/hvm/svm/asid.c
+++ b/xen/arch/x86/hvm/svm/asid.c
@@ -17,9 +17,10 @@
 
 #include 
 #include 
-#include 
 #include 
 
+#include "asid.h"
+
 void svm_asid_init(const struct cpuinfo_x86 *c)
 {
 int nasids = 0;
diff --git a/xen/arch/x86/hvm/svm/asid.h b/xen/arch/x86/hvm/svm/asid.h
new file mode 100644
index 00..4dd6abb5fb
--- /dev/null
+++ b/xen/arch/x86/hvm/svm/asid.h
@@ -0,0 +1,38 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * asid.h: handling ASIDs in SVM.
+ *
+ * Copyright (c) 2007, Advanced Micro Devices, Inc.
+ */
+
+#ifndef __X86_HVM_SVM_ASID_PRIV_H__
+#define __X86_HVM_SVM_ASID_PRIV_H__
+
+#include 
+#include 
+
+void svm_asid_init(const struct cpuinfo_x86 *c);
+void svm_asid_handle_vmrun(void);
+
+static inline void svm_asid_g_invlpg(struct vcpu *v, unsigned long g_linear)
+{
+#if 0
+/* Optimization? */
+svm_invlpga(g_linear, v->arch.hvm.svm.vmcb->guest_asid);
+#endif
+
+/* Safe fallback. Take a new ASID. */
+hvm_asid_flush_vcpu(v);
+}
+
+#endif /* __X86_HVM_SVM_ASID_PRIV_H__ */
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 6d394e4fe3..793a10eaca 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -37,7 +37,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -55,6 +54,7 @@
 
 #include 
 
+#include "asid.h"
 #include "svm.h"
 
 void noreturn svm_asm_do_resume(void);
diff --git a/xen/arch/x86/include/asm/hvm/svm/asid.h 
b/xen/arch/x86/include/asm/hvm/svm/asid.h
deleted file mode 100644
index 0e5ec3ab78..00
--- a/xen/arch/x86/include/asm/hvm/svm/asid.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * asid.h: handling ASIDs in SVM.
- * Copyright (c) 2007, Advanced Micro Devices, Inc.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; If not, see .
- */
-
-#ifndef __ASM_X86_HVM_SVM_ASID_H__
-#define __ASM_X86_HVM_SVM_ASID_H__
-
-#include 
-#include 
-#include 
-
-void svm_asid_init(const struct cpuinfo_x86 *c);
-void svm_asid_handle_vmrun(void);
-
-static inline void svm_asid_g_invlpg(struct vcpu *v, unsigned long g_linear)
-{
-#if 0
-/* Optimization? */
-svm_invlpga(g_linear, v->arch.hvm.svm.vmcb->guest_asid);
-#endif
-
-/* Safe fallback. Take a new ASID. */
-hvm_asid_flush_vcpu(v);
-}
-
-#endif /* __ASM_X86_HVM_SVM_ASID_H__ */
-
-/*
- * Local variables:
- * mode: C
- * c-file-style: "BSD"
- * c-basic-offset: 4
- * tab-width: 4
- * indent-tabs-mode: nil
- * End:
- */
-- 
2.37.2

[PATCH v3 01/14] x86/svm: move declarations used only by svm code from svm.h to private header

2023-02-24 Thread Xenia Ragiadakou 
Create a new private header in arch/x86/hvm/svm called svm.h and move there
all definitions and declarations that are used solely by svm code.

Take the opportunity to remove the forward declaration of struct vcpu, that is
a leftover since the removal of svm_update_guest_cr()'s declaration.

Take the opportunity to re-arrange the header as follows, all structures first,
then all variable decalarations, all function delarations, and finally all
inline functions.

No functional change intended.

Signed-off-by: Xenia Ragiadakou 
---

Changes in v3:
  - add SPDX identifier in priv header, reported by Andrew
  - add #ifndef header guard, reported by Andrew and Jan
  - move svm_invlpga() as well, it was not called anyway
  - fold patch removing redundant forward declaration of struct vcpu into
this patch, suggested by Andrew
  - rearrange the header in the way Jan's proposed
  - update commit message

 xen/arch/x86/hvm/svm/nestedsvm.c   |  1 +
 xen/arch/x86/hvm/svm/svm.c |  2 +
 xen/arch/x86/hvm/svm/svm.h | 62 ++
 xen/arch/x86/include/asm/hvm/svm/svm.h | 41 -
 4 files changed, 65 insertions(+), 41 deletions(-)
 create mode 100644 xen/arch/x86/hvm/svm/svm.h

diff --git a/xen/arch/x86/hvm/svm/nestedsvm.c b/xen/arch/x86/hvm/svm/nestedsvm.c
index 77f7547360..a341ccc876 100644
--- a/xen/arch/x86/hvm/svm/nestedsvm.c
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c
@@ -27,6 +27,7 @@
 #include  /* for local_event_delivery_(en|dis)able */
 #include  /* p2m_get_pagetable, p2m_get_nestedp2m */
 
+#include "svm.h"
 
 #define NSVM_ERROR_VVMCB1
 #define NSVM_ERROR_VMENTRY  2
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 9c43227b76..6d394e4fe3 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -55,6 +55,8 @@
 
 #include 
 
+#include "svm.h"
+
 void noreturn svm_asm_do_resume(void);
 
 u32 svm_feature_flags;
diff --git a/xen/arch/x86/hvm/svm/svm.h b/xen/arch/x86/hvm/svm/svm.h
new file mode 100644
index 00..9e65919757
--- /dev/null
+++ b/xen/arch/x86/hvm/svm/svm.h
@@ -0,0 +1,62 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * svm.h: SVM Architecture related definitions
+ *
+ * Copyright (c) 2005, AMD Corporation.
+ * Copyright (c) 2004, Intel Corporation.
+ */
+
+#ifndef __X86_HVM_SVM_SVM_PRIV_H__
+#define __X86_HVM_SVM_SVM_PRIV_H__
+
+#include 
+
+struct cpu_user_regs;
+
+unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr);
+void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len);
+
+static inline void svm_vmload_pa(paddr_t vmcb)
+{
+asm volatile (
+".byte 0x0f,0x01,0xda" /* vmload */
+: : "a" (vmcb) : "memory" );
+}
+
+static inline void svm_vmsave_pa(paddr_t vmcb)
+{
+asm volatile (
+".byte 0x0f,0x01,0xdb" /* vmsave */
+: : "a" (vmcb) : "memory" );
+}
+
+static inline void svm_invlpga(unsigned long linear, uint32_t asid)
+{
+asm volatile (
+".byte 0x0f,0x01,0xdf"
+: /* output */
+: /* input */
+"a" (linear), "c" (asid));
+}
+
+/* TSC rate */
+#define DEFAULT_TSC_RATIO   0x0001ULL
+#define TSC_RATIO_RSVD_BITS 0xff00ULL
+
+/* EXITINFO1 fields on NPT faults */
+#define _NPT_PFEC_with_gla 32
+#define NPT_PFEC_with_gla  (1UL<<_NPT_PFEC_with_gla)
+#define _NPT_PFEC_in_gpt   33
+#define NPT_PFEC_in_gpt(1UL<<_NPT_PFEC_in_gpt)
+
+#endif /* __X86_HVM_SVM_SVM_PRIV_H__ */
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/xen/arch/x86/include/asm/hvm/svm/svm.h 
b/xen/arch/x86/include/asm/hvm/svm/svm.h
index cf9ed517d5..7d5de0122a 100644
--- a/xen/arch/x86/include/asm/hvm/svm/svm.h
+++ b/xen/arch/x86/include/asm/hvm/svm/svm.h
@@ -20,37 +20,6 @@
 #ifndef __ASM_X86_HVM_SVM_H__
 #define __ASM_X86_HVM_SVM_H__
 
-#include 
-
-static inline void svm_vmload_pa(paddr_t vmcb)
-{
-asm volatile (
-".byte 0x0f,0x01,0xda" /* vmload */
-: : "a" (vmcb) : "memory" );
-}
-
-static inline void svm_vmsave_pa(paddr_t vmcb)
-{
-asm volatile (
-".byte 0x0f,0x01,0xdb" /* vmsave */
-: : "a" (vmcb) : "memory" );
-}
-
-static inline void svm_invlpga(unsigned long linear, uint32_t asid)
-{
-asm volatile (
-".byte 0x0f,0x01,0xdf"
-: /* output */
-: /* input */
-"a" (linear), "c" (asid));
-}
-
-struct cpu_user_regs;
-struct vcpu;
-
-unsigned long *svm_msrbit(unsigned long *msr_bitmap, uint32_t msr);
-void __update_guest_eip(struct cpu_user_regs *regs, unsigned int inst_len);
-
 /*
  * PV context switch helpers.  Prefetching the VMCB area itself has been shown
  * to be useful for performance.
@@ -96,14 +65,4 @@ extern u32 svm_feature_flags;
 #define cpu_has_svm_sss   cpu_has_svm_feature(SVM_FEATURE_SSS)
 #define cpu_has_svm_spec_ctrl cpu_has_svm_feature(SVM_FEATURE_SPEC_CTRL)
 
-/* TSC rate

[PATCH v3 00/14] x86/hvm: {svm,vmx} {c,h} cleanup

2023-02-24 Thread Xenia Ragiadakou 
This patch series attempts a cleanup of files {svm,vmx} files and headers
by removing redundant headers and sorting the rest, reducing the scope of
declarations and definitions, moving functions used only by internal {svm,vmx}
code to private headers, fix coding style, replace u* with uint*_t types etc.

This series aims to address the comments made on v2.

Main changes from the v2 series:
  - move all internal svm/vmx declarations found in external headers into
private headers
  - add SPDX tags and guards to the new headers
  - take the opportunity to fix coding style issues and rearrange the code
per Jan's suggestion
  - replace u* with uint*_t
  - rebased to the latest staging

There are more detailed per-patch changesets.

Xenia Ragiadakou (14):
  x86/svm: move declarations used only by svm code from svm.h to private
header
  x86/svm: make asid.h private
  x86/svm: delete header asm/hvm/svm/intr.h
  x86/svm: make emulate.h private
  x86/svm: move nestedsvm declarations used only by svm code to private
header
  x86/svm: move vmcb declarations used only by svm code to private
header
  x86/svm: move svmdebug.h declarations to private vmcb.h and delete it
  x86/vmx: move vmx_update_debug_state() in vmcs.c and declare it static
  x86/vmx: remove unused included headers from vmx.h
  x86/vmx: move declarations used only by vmx code from vmx.h to private
headers
  x86/vmx: remove unused included headers from vmx.c
  x86/vmx: declare nvmx_enqueue_n2_exceptions() static
  x86/vmx: move vvmx declarations used only by vmx code to private
header
  x86/vmx: move vmcs declarations used only by vmx code to private
header

 xen/arch/x86/hvm/svm/asid.c   |   4 +-
 xen/arch/x86/hvm/svm/asid.h   |  38 ++
 xen/arch/x86/hvm/svm/emulate.c|   4 +-
 .../x86/{include/asm => }/hvm/svm/emulate.h   |  20 +-
 xen/arch/x86/hvm/svm/intr.c   |   4 +-
 xen/arch/x86/hvm/svm/nestedhvm.h  |  77 +++
 xen/arch/x86/hvm/svm/nestedsvm.c  |   7 +-
 xen/arch/x86/hvm/svm/svm.c|  10 +-
 xen/arch/x86/hvm/svm/svm.h|  62 ++
 xen/arch/x86/hvm/svm/svmdebug.c   |   3 +-
 xen/arch/x86/hvm/svm/vmcb.c   |   3 +-
 xen/arch/x86/hvm/svm/vmcb.h   | 597 ++
 xen/arch/x86/hvm/vmx/intr.c   |   4 +
 xen/arch/x86/hvm/vmx/pi.h |  78 +++
 xen/arch/x86/hvm/vmx/realmode.c   |   2 +
 xen/arch/x86/hvm/vmx/vmcs.c   |  17 +-
 xen/arch/x86/hvm/vmx/vmcs.h   | 100 +++
 xen/arch/x86/hvm/vmx/vmx.c|  76 +--
 xen/arch/x86/hvm/vmx/vmx.h| 416 
 xen/arch/x86/hvm/vmx/vvmx.c   |   4 +
 xen/arch/x86/hvm/vmx/vvmx.h   | 187 ++
 xen/arch/x86/include/asm/hvm/svm/asid.h   |  49 --
 xen/arch/x86/include/asm/hvm/svm/intr.h   |  25 -
 xen/arch/x86/include/asm/hvm/svm/nestedsvm.h  |  53 +-
 xen/arch/x86/include/asm/hvm/svm/svm.h|  41 --
 xen/arch/x86/include/asm/hvm/svm/svmdebug.h   |  30 -
 xen/arch/x86/include/asm/hvm/svm/vmcb.h   | 575 +
 xen/arch/x86/include/asm/hvm/vmx/vmcs.h   | 118 +---
 xen/arch/x86/include/asm/hvm/vmx/vmx.h| 453 +
 xen/arch/x86/include/asm/hvm/vmx/vvmx.h   | 165 +
 30 files changed, 1685 insertions(+), 1537 deletions(-)
 create mode 100644 xen/arch/x86/hvm/svm/asid.h
 rename xen/arch/x86/{include/asm => }/hvm/svm/emulate.h (73%)
 create mode 100644 xen/arch/x86/hvm/svm/nestedhvm.h
 create mode 100644 xen/arch/x86/hvm/svm/svm.h
 create mode 100644 xen/arch/x86/hvm/svm/vmcb.h
 create mode 100644 xen/arch/x86/hvm/vmx/pi.h
 create mode 100644 xen/arch/x86/hvm/vmx/vmcs.h
 create mode 100644 xen/arch/x86/hvm/vmx/vmx.h
 create mode 100644 xen/arch/x86/hvm/vmx/vvmx.h
 delete mode 100644 xen/arch/x86/include/asm/hvm/svm/asid.h
 delete mode 100644 xen/arch/x86/include/asm/hvm/svm/intr.h
 delete mode 100644 xen/arch/x86/include/asm/hvm/svm/svmdebug.h

-- 
2.37.2

Re: [XEN PATCH v3 0/4] automation: Update containers to allow HTTPS access to xenbits

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 6:12 pm, Anthony PERARD wrote:
> On Fri, Feb 24, 2023 at 05:37:44PM +, Andrew Cooper wrote:
>> On 24/02/2023 5:29 pm, Anthony PERARD wrote:
>>> Patch series available in this git branch:
>>> https://xenbits.xen.org/git-http/people/aperard/xen-unstable.git 
>>> br.gitlab-containers-update-v3
>>>
>>> v3:
>>> - new patch which remove non-debug x86_32 builds
>>> - don't fix root certificates in jessie containers as those won't be used
>>>   anymore on the main branch.
>>>
>>> v2:
>>> - Remove CentOS 7.2
>>> - Remove Debian Jessie test, but update container recipe for the benefit of
>>>   older branches.
>>> - Fix CentOS 7 containner recipe to update all packages. (Fix missing 
>>> update of
>>>   HTTPS root certificates)
>>>
>>> There is work in progress [1] to update urls in our repo to use https, but
>>> those https urls to xenbits don't work in our containers, due to an expired
>>> root certificate. So we need to update those containers.
>>>
>>> This series update the dockerfile where just rebuilding the container isn't 
>>> enough.
>> LGTM.
>>
>> Acked-by: Andrew Cooper 
>>
>> I'll add this to my commit sweep, and rebuild the remaining containers.
>>
>> But on that note, I noticed that the debian unstable container was 2.3G
>> when I last rebuilt it.  Which I think is obscenely large for what we're
>> doing.
>>
>> Can we see about switching to slim/tiny container bases?
> I don't think that would help much, the non-slim container is only 116MB
> vs 74.6MB

That's 64% smaller to start with...

>  for the slim (amd64 containers). But maybe we could try to use
> "--no-install-recommends", that might save a few bytes in our containers.

Oh wow - yeah.  For buster-gcc-ibt (which is already slim), we're getting:

Suggested packages:
  binutils-doc bison-doc bzip2-doc cpp-doc gcc-8-locales dbus-user-session
  libpam-systemd pinentry-gnome3 tor debian-keyring flex-doc g++-multilib
  g++-8-multilib gcc-8-doc libstdc++6-8-dbg autoconf automake libtool gdb
  gcc-doc libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan5-dbg
  liblsan0-dbg libtsan0-dbg libubsan1-dbg libmpx2-dbg libquadmath0-dbg
  parcimonie xloadimage scdaemon glibc-doc sensible-utils git bzr gdbm-l10n
  gmp-doc libgmp10-doc libmpfr-doc libsasl2-modules-gssapi-mit
  | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap
libsasl2-modules-otp
  libsasl2-modules-sql libstdc++-8-doc m4-doc make-doc man-browser ed
  diffutils-doc perl-doc libterm-readline-gnu-perl
  | libterm-readline-perl-perl libb-debug-perl liblocale-codes-perl
  pinentry-doc readline-doc


which is a whole bunch of junk we absolutely do not need.

~Andrew

Re: [RFC QEMU] docs: vhost-user: Add custom memory mapping support

2023-02-24 Thread Alex Bennée 


Viresh Kumar  writes:

> The current model of memory mapping at the back-end works fine with
> Qemu, where a standard call to mmap() for the respective file
> descriptor, passed from front-end, is generally all we need to do before
> the front-end can start accessing the guest memory.
>
> There are other complex cases though, where we need more information at
> the backend and need to do more than just an mmap() call. For example,
> Xen, a type-1 hypervisor, currently supports memory mapping via two
> different methods, foreign-mapping (via /dev/privcmd) and grant-dev (via
> /dev/gntdev). In both these cases, the back-end needs to call mmap()
> followed by an ioctl() (or vice-versa), and need to pass extra
> information via the ioctl(), like the Xen domain-id of the guest whose
> memory we are trying to map.
>
> Add a new protocol feature, 'VHOST_USER_PROTOCOL_F_CUSTOM_MMAP', which
> lets the back-end know about the additional memory mapping requirements.
> When this feature is negotiated, the front-end can send the
> 'VHOST_USER_CUSTOM_MMAP' message type to provide the additional
> information to the back-end.
>
> Signed-off-by: Viresh Kumar 
> ---
>  docs/interop/vhost-user.rst | 32 
>  1 file changed, 32 insertions(+)
>
> diff --git a/docs/interop/vhost-user.rst b/docs/interop/vhost-user.rst
> index 3f18ab424eb0..f2b1d705593a 100644
> --- a/docs/interop/vhost-user.rst
> +++ b/docs/interop/vhost-user.rst
> @@ -258,6 +258,23 @@ Inflight description
>  
>  :queue size: a 16-bit size of virtqueues
>  
> +Custom mmap description
> +^^^
> +
> ++---+---+
> +| flags | value |
> ++---+---+
> +
> +:flags: 64-bit bit field
> +
> +- Bit 0 is Xen foreign memory access flag - needs Xen foreign memory mapping.
> +- Bit 1 is Xen grant memory access flag - needs Xen grant memory mapping.
> +
> +:value: a 64-bit hypervisor specific value.
> +
> +- For Xen foreign or grant memory access, this is set with guest's xen domain
> +  id.
> +
>  C structure
>  ---
>  
> @@ -867,6 +884,7 @@ Protocol features
>#define VHOST_USER_PROTOCOL_F_INBAND_NOTIFICATIONS 14
>#define VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS  15
>#define VHOST_USER_PROTOCOL_F_STATUS   16
> +  #define VHOST_USER_PROTOCOL_F_CUSTOM_MMAP  17
>  
>  Front-end message types
>  ---
> @@ -1422,6 +1440,20 @@ Front-end message types
>query the back-end for its device status as defined in the Virtio
>specification.
>  
> +``VHOST_USER_CUSTOM_MMAP``
> +  :id: 41
> +  :equivalent ioctl: N/A
> +  :request payload: Custom mmap description
> +  :reply payload: N/A
> +
> +  When the ``VHOST_USER_PROTOCOL_F_CUSTOM_MMAP`` protocol feature has been
> +  successfully negotiated, this message is submitted by the front-end to
> +  notify the back-end of the special memory mapping requirements, that the
> +  back-end needs to take care of, while mapping any memory regions sent
> +  over by the front-end. The front-end must send this message before
> +  any memory-regions are sent to the back-end via 
> ``VHOST_USER_SET_MEM_TABLE``
> +  or ``VHOST_USER_ADD_MEM_REG`` message types.
> +
>  
>  Back-end message types
>  --

This looks good enough for me. We will see how it works in prototype.

Reviewed-by: Alex Bennée 

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

Re: [XEN PATCH v3 0/4] automation: Update containers to allow HTTPS access to xenbits

2023-02-24 Thread Anthony PERARD 
On Fri, Feb 24, 2023 at 05:37:44PM +, Andrew Cooper wrote:
> On 24/02/2023 5:29 pm, Anthony PERARD wrote:
> > Patch series available in this git branch:
> > https://xenbits.xen.org/git-http/people/aperard/xen-unstable.git 
> > br.gitlab-containers-update-v3
> >
> > v3:
> > - new patch which remove non-debug x86_32 builds
> > - don't fix root certificates in jessie containers as those won't be used
> >   anymore on the main branch.
> >
> > v2:
> > - Remove CentOS 7.2
> > - Remove Debian Jessie test, but update container recipe for the benefit of
> >   older branches.
> > - Fix CentOS 7 containner recipe to update all packages. (Fix missing 
> > update of
> >   HTTPS root certificates)
> >
> > There is work in progress [1] to update urls in our repo to use https, but
> > those https urls to xenbits don't work in our containers, due to an expired
> > root certificate. So we need to update those containers.
> >
> > This series update the dockerfile where just rebuilding the container isn't 
> > enough.
> 
> LGTM.
> 
> Acked-by: Andrew Cooper 
> 
> I'll add this to my commit sweep, and rebuild the remaining containers.
> 
> But on that note, I noticed that the debian unstable container was 2.3G
> when I last rebuilt it.  Which I think is obscenely large for what we're
> doing.
> 
> Can we see about switching to slim/tiny container bases?

I don't think that would help much, the non-slim container is only 116MB
vs 74.6MB for the slim (amd64 containers). But maybe we could try to use
"--no-install-recommends", that might save a few bytes in our containers.

Cheers,

-- 
Anthony PERARD

[xen-4.16-testing test] 178275: regressions - trouble: blocked/broken/fail/pass/starved

2023-02-24 Thread osstest service owner 
flight 178275 xen-4.16-testing real [real]
http://logs.test-lab.xenproject.org/osstest/logs/178275/

Regressions :-(

Tests which did not succeed and are blocking,
including tests which could not be run:
 test-amd64-amd64-xl-qemuu-debianhvm-i386-xsmbroken
 build-arm64   6 xen-buildfail REGR. vs. 177405

Tests which are failing intermittently (not blocking):
 test-amd64-amd64-xl-qemuu-debianhvm-i386-xsm 5 host-install(5) broken pass in 
178195
 test-amd64-i386-xl 20 guest-localmigrate/x10 fail in 178195 pass in 178275

Tests which did not succeed, but are not blocking:
 test-arm64-arm64-libvirt-raw  1 build-check(1)   blocked  n/a
 test-arm64-arm64-libvirt-xsm  1 build-check(1)   blocked  n/a
 test-arm64-arm64-xl   1 build-check(1)   blocked  n/a
 build-arm64-libvirt   1 build-check(1)   blocked  n/a
 test-arm64-arm64-xl-credit1   1 build-check(1)   blocked  n/a
 test-arm64-arm64-xl-credit2   1 build-check(1)   blocked  n/a
 test-arm64-arm64-xl-thunderx  1 build-check(1)   blocked  n/a
 test-arm64-arm64-xl-vhd   1 build-check(1)   blocked  n/a
 test-amd64-i386-xl-qemuu-ws16-amd64 19 guest-stop   fail blocked in 177405
 test-amd64-amd64-xl-qemut-win7-amd64 19 guest-stopfail like 177405
 test-amd64-amd64-xl-qemuu-win7-amd64 19 guest-stopfail like 177405
 test-amd64-i386-xl-qemuu-win7-amd64 19 guest-stop fail like 177405
 test-amd64-i386-xl-qemut-win7-amd64 19 guest-stop fail like 177405
 test-amd64-amd64-xl-qemuu-ws16-amd64 19 guest-stopfail like 177405
 test-amd64-amd64-qemuu-nested-amd 20 debian-hvm-install/l1/l2 fail like 177405
 test-amd64-amd64-xl-qemut-ws16-amd64 19 guest-stopfail like 177405
 test-amd64-i386-xl-qemut-ws16-amd64 19 guest-stop fail like 177405
 test-amd64-i386-xl-pvshim14 guest-start  fail   never pass
 test-amd64-amd64-libvirt-xsm 15 migrate-support-checkfail   never pass
 test-amd64-i386-libvirt  15 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt 15 migrate-support-checkfail   never pass
 test-amd64-i386-libvirt-xsm  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  16 saverestore-support-checkfail   never pass
 test-amd64-amd64-libvirt-vhd 14 migrate-support-checkfail   never pass
 test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsm 13 migrate-support-check 
fail never pass
 test-amd64-i386-libvirt-raw  14 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm 13 migrate-support-check 
fail never pass
 build-armhf-libvirt   1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-qcow2  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-raw  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-credit1   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-credit2   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-cubietruck  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-multivcpu  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-rtds  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-vhd   1 build-check(1)   starved  n/a
 build-armhf   2 hosts-allocate   starved  n/a

version targeted for testing:
 xen  0802504627453a54b1ab408b6e9dc8b5c561172d
baseline version:
 xen  d4e286db89d80c862b4a24bf971dd71008c8b53e

Last test of basis   177405  2023-02-15 16:37:16 Z9 days
Testing same since   178138  2023-02-22 14:37:31 Z2 days3 attempts


People who touched revisions under test:
  Andrew Cooper 
  Anthony PERARD 

jobs:
 build-amd64-xsm  pass
 build-arm64-xsm  pass
 build-i386-xsm   pass
 build-amd64-xtf  pass
 build-amd64  pass
 build-arm64  fail
 build-armhf  starved 
 build-i386   pass
 build-amd64-libvirt  pass
 build-arm64-libvirt  blocked 
 build-armhf-libvirt  starved

[xen-4.14-testing test] 178273: tolerable trouble: fail/pass/starved - PUSHED

2023-02-24 Thread osstest service owner 
flight 178273 xen-4.14-testing real [real]
http://logs.test-lab.xenproject.org/osstest/logs/178273/

Failures :-/ but no regressions.

Tests which did not succeed, but are not blocking:
 test-amd64-i386-xl-qemuu-win7-amd64 19 guest-stop fail like 174677
 test-amd64-amd64-xl-qemut-win7-amd64 19 guest-stopfail like 174677
 test-amd64-amd64-xl-qemuu-win7-amd64 19 guest-stopfail like 174677
 test-amd64-amd64-qemuu-nested-amd 20 debian-hvm-install/l1/l2 fail like 174677
 test-amd64-i386-xl-qemut-win7-amd64 19 guest-stop fail like 174677
 test-amd64-amd64-xl-qemuu-ws16-amd64 19 guest-stopfail like 174677
 test-amd64-amd64-xl-qemut-ws16-amd64 19 guest-stopfail like 174677
 test-amd64-i386-xl-qemut-ws16-amd64 19 guest-stop fail like 174677
 test-amd64-i386-xl-qemuu-ws16-amd64 19 guest-stop fail like 174677
 test-amd64-i386-libvirt  15 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt-xsm 15 migrate-support-checkfail   never pass
 test-amd64-i386-xl-pvshim14 guest-start  fail   never pass
 test-amd64-i386-libvirt-xsm  15 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt 15 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm 13 migrate-support-check 
fail never pass
 test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsm 13 migrate-support-check 
fail never pass
 test-arm64-arm64-xl-thunderx 15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-thunderx 16 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  16 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl  16 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl-credit2  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-credit2  16 saverestore-support-checkfail   never pass
 test-arm64-arm64-libvirt-xsm 15 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-xsm 16 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl-credit1  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-credit1  16 saverestore-support-checkfail   never pass
 test-amd64-i386-libvirt-raw  14 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt-vhd 14 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-raw 14 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-raw 15 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl-vhd  14 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-vhd  15 saverestore-support-checkfail   never pass
 build-armhf-libvirt   1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-qcow2  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-raw  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-credit1   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-credit2   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-cubietruck  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-multivcpu  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-rtds  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-vhd   1 build-check(1)   starved  n/a
 build-armhf   2 hosts-allocate   starved  n/a

version targeted for testing:
 xen  c267abfaf2d8176371eda037f9b9152458e0656d
baseline version:
 xen  46040a5fe68831530b8ffdea7d264e52ae316c87

Last test of basis   174677  2022-11-08 18:07:02 Z  107 days
Testing same since   178136  2023-02-22 14:37:17 Z2 days3 attempts


People who touched revisions under test:
  Andrew Cooper 
  Anthony PERARD 

jobs:
 build-amd64-xsm  pass
 build-arm64-xsm  pass
 build-i386-xsm   pass
 build-amd64-xtf  pass
 build-amd64  pass
 build-arm64  pass
 build-armhf  starved 
 build-i386   pass
 build-amd64-libvirt  pass
 build-arm64-libvirt

Re: [XEN PATCH v3 0/4] automation: Update containers to allow HTTPS access to xenbits

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 5:29 pm, Anthony PERARD wrote:
> Patch series available in this git branch:
> https://xenbits.xen.org/git-http/people/aperard/xen-unstable.git 
> br.gitlab-containers-update-v3
>
> v3:
> - new patch which remove non-debug x86_32 builds
> - don't fix root certificates in jessie containers as those won't be used
>   anymore on the main branch.
>
> v2:
> - Remove CentOS 7.2
> - Remove Debian Jessie test, but update container recipe for the benefit of
>   older branches.
> - Fix CentOS 7 containner recipe to update all packages. (Fix missing update 
> of
>   HTTPS root certificates)
>
> There is work in progress [1] to update urls in our repo to use https, but
> those https urls to xenbits don't work in our containers, due to an expired
> root certificate. So we need to update those containers.
>
> This series update the dockerfile where just rebuilding the container isn't 
> enough.

LGTM.

Acked-by: Andrew Cooper 

I'll add this to my commit sweep, and rebuild the remaining containers.

But on that note, I noticed that the debian unstable container was 2.3G
when I last rebuilt it.  Which I think is obscenely large for what we're
doing.

Can we see about switching to slim/tiny container bases?

~Andrew

[XEN PATCH v3 4/4] automation: Remove non-debug x86_32 build jobs

2023-02-24 Thread Anthony PERARD 
In the interest of having less jobs, we remove the x86_32 build jobs
that do release build. Debug build is very likely to be enough to find
32bit build issues.

Signed-off-by: Anthony PERARD 
---

Notes:
v3:
- new patch

Proposed here:

https://lore.kernel.org/r/7ec61260-0fec-25e2-6fa7-ec1d86e80...@citrix.com

 automation/gitlab-ci/build.yaml | 20 
 1 file changed, 20 deletions(-)

diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
index 2be1b05d5c..a2891c5937 100644
--- a/automation/gitlab-ci/build.yaml
+++ b/automation/gitlab-ci/build.yaml
@@ -251,21 +251,11 @@ debian-stretch-gcc-debug:
   variables:
 CONTAINER: debian:stretch
 
-debian-stretch-32-clang:
-  extends: .clang-x86-32-build
-  variables:
-CONTAINER: debian:stretch-i386
-
 debian-stretch-32-clang-debug:
   extends: .clang-x86-32-build-debug
   variables:
 CONTAINER: debian:stretch-i386
 
-debian-stretch-32-gcc:
-  extends: .gcc-x86-32-build
-  variables:
-CONTAINER: debian:stretch-i386
-
 debian-stretch-32-gcc-debug:
   extends: .gcc-x86-32-build-debug
   variables:
@@ -311,21 +301,11 @@ debian-unstable-gcc-debug-randconfig:
 CONTAINER: debian:unstable
 RANDCONFIG: y
 
-debian-unstable-32-clang:
-  extends: .clang-x86-32-build
-  variables:
-CONTAINER: debian:unstable-i386
-
 debian-unstable-32-clang-debug:
   extends: .clang-x86-32-build-debug
   variables:
 CONTAINER: debian:unstable-i386
 
-debian-unstable-32-gcc:
-  extends: .gcc-x86-32-build
-  variables:
-CONTAINER: debian:unstable-i386
-
 debian-unstable-32-gcc-debug:
   extends: .gcc-x86-32-build-debug
   variables:
-- 
Anthony PERARD

[XEN PATCH v3 3/4] automation: Remove expired root certificates used to be used by let's encrypt

2023-02-24 Thread Anthony PERARD 
While the Let's Encrypt root certificate ISRG_Root_X1.crt is already
present, openssl seems to still check for the root certificate
DST_Root_CA_X3.crt which has expired. This prevent https connections.

Removing DST_Root_CA_X3 fix the issue.

Signed-off-by: Anthony PERARD 
---

Notes:
v3:
- remove change to Debian Jessie containers, as we won't use them with
  HTTPS urls.

v2:
- remove unneeded changes to CentOS containers

 automation/build/ubuntu/trusty.dockerfile | 5 +
 1 file changed, 5 insertions(+)

diff --git a/automation/build/ubuntu/trusty.dockerfile 
b/automation/build/ubuntu/trusty.dockerfile
index b298a515c6..22e294c20c 100644
--- a/automation/build/ubuntu/trusty.dockerfile
+++ b/automation/build/ubuntu/trusty.dockerfile
@@ -47,3 +47,8 @@ RUN apt-get update && \
 apt-get autoremove -y && \
 apt-get clean && \
 rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
+
+# Remove expired certificate that Let's Encrypt certificates used to relie on.
+# (Not needed anymore)
+RUN sed -i 's#mozilla/DST_Root_CA_X3\.crt#!\0#' /etc/ca-certificates.conf && \
+update-ca-certificates
-- 
Anthony PERARD

[XEN PATCH v3 0/4] automation: Update containers to allow HTTPS access to xenbits

2023-02-24 Thread Anthony PERARD 
Patch series available in this git branch:
https://xenbits.xen.org/git-http/people/aperard/xen-unstable.git 
br.gitlab-containers-update-v3

v3:
- new patch which remove non-debug x86_32 builds
- don't fix root certificates in jessie containers as those won't be used
  anymore on the main branch.

v2:
- Remove CentOS 7.2
- Remove Debian Jessie test, but update container recipe for the benefit of
  older branches.
- Fix CentOS 7 containner recipe to update all packages. (Fix missing update of
  HTTPS root certificates)

There is work in progress [1] to update urls in our repo to use https, but
those https urls to xenbits don't work in our containers, due to an expired
root certificate. So we need to update those containers.

This series update the dockerfile where just rebuilding the container isn't 
enough.

Cheers,

Anthony PERARD (4):
  automation: Use EOL tag for Jessie container
  automation: Remove testing on Debian Jessie
  automation: Remove expired root certificates used to be used by let's
encrypt
  automation: Remove non-debug x86_32 build jobs

 .../build/debian/jessie-i386.dockerfile   |  2 +-
 automation/build/debian/jessie.dockerfile |  2 +-
 automation/build/ubuntu/trusty.dockerfile |  5 ++
 automation/gitlab-ci/build.yaml   | 60 ---
 4 files changed, 7 insertions(+), 62 deletions(-)

-- 
Anthony PERARD

[XEN PATCH v3 1/4] automation: Use EOL tag for Jessie container

2023-02-24 Thread Anthony PERARD 
As Jessie is EOL, the official tag isn't supported anymore. Also, the
GPG key for the packages on the repository on the official image are
expired and it isn't possible to update or install packages.

But we can use the image from "debian/eol" tag which use repositories
from archive.debian.org and have workaround to ignore the validity
date of the keys.

There isn't a dedicated i386 tag for jessie, but we can ask docker to
pull the i386 image of the "debial/eol:jessie" tag.

Signed-off-by: Anthony PERARD 
---

Notes:
v2:
- new patch, this replace "automation: Ignore package authentification 
issue in Jessie container"

workaround I've seen in the debian/eol:jessie:
'Acquire::Check-Valid-Until "false";' in /etc/apt/apt.conf.d/
And a script to replace the "gpgv" binary used by apt, which check that
the only issue with a signature is that the key has expired.

 automation/build/debian/jessie-i386.dockerfile | 2 +-
 automation/build/debian/jessie.dockerfile  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/automation/build/debian/jessie-i386.dockerfile 
b/automation/build/debian/jessie-i386.dockerfile
index b152d658d3..c9ac15a3ff 100644
--- a/automation/build/debian/jessie-i386.dockerfile
+++ b/automation/build/debian/jessie-i386.dockerfile
@@ -1,4 +1,4 @@
-FROM i386/debian:jessie
+FROM --platform=linux/i386 debian/eol:jessie
 LABEL maintainer.name="The Xen Project" \
   maintainer.email="xen-devel@lists.xenproject.org"
 
diff --git a/automation/build/debian/jessie.dockerfile 
b/automation/build/debian/jessie.dockerfile
index 1e33e635d2..63b2c1e5b7 100644
--- a/automation/build/debian/jessie.dockerfile
+++ b/automation/build/debian/jessie.dockerfile
@@ -1,4 +1,4 @@
-FROM debian:jessie
+FROM debian/eol:jessie
 LABEL maintainer.name="The Xen Project" \
   maintainer.email="xen-devel@lists.xenproject.org"
 
-- 
Anthony PERARD

[XEN PATCH v3 2/4] automation: Remove testing on Debian Jessie

2023-02-24 Thread Anthony PERARD 
Jessie as rearch EOL in 2020.

Even if we update the containers, we would still not be able to reach
HTTPS webside with Let's Encrypt certificates and thus would need more
change to the container.

Signed-off-by: Anthony PERARD 
---

Notes:
While we remove some x86_32 testing, there's still
debian-stretch-32-* and debian-unstable-32-*.

 automation/gitlab-ci/build.yaml | 40 -
 1 file changed, 40 deletions(-)

diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
index 22ce1c45e7..2be1b05d5c 100644
--- a/automation/gitlab-ci/build.yaml
+++ b/automation/gitlab-ci/build.yaml
@@ -221,46 +221,6 @@ centos-7-gcc-debug:
   variables:
 CONTAINER: centos:7
 
-debian-jessie-clang:
-  extends: .clang-x86-64-build
-  variables:
-CONTAINER: debian:jessie
-
-debian-jessie-clang-debug:
-  extends: .clang-x86-64-build-debug
-  variables:
-CONTAINER: debian:jessie
-
-debian-jessie-gcc:
-  extends: .gcc-x86-64-build
-  variables:
-CONTAINER: debian:jessie
-
-debian-jessie-gcc-debug:
-  extends: .gcc-x86-64-build-debug
-  variables:
-CONTAINER: debian:jessie
-
-debian-jessie-32-clang:
-  extends: .clang-x86-32-build
-  variables:
-CONTAINER: debian:jessie-i386
-
-debian-jessie-32-clang-debug:
-  extends: .clang-x86-32-build-debug
-  variables:
-CONTAINER: debian:jessie-i386
-
-debian-jessie-32-gcc:
-  extends: .gcc-x86-32-build
-  variables:
-CONTAINER: debian:jessie-i386
-
-debian-jessie-32-gcc-debug:
-  extends: .gcc-x86-32-build-debug
-  variables:
-CONTAINER: debian:jessie-i386
-
 debian-stretch-clang:
   extends: .clang-x86-64-build
   variables:
-- 
Anthony PERARD

RE : Weekly meeting - Xen Gitlab Issues Review

2023-02-24 Thread Marc Ungeschikts 
 2023-02-24 Report minutes Xen Gitlab Issues review meeting:
https://cryptpad.fr/pad/#/2/pad/edit/PhI0GK3pNtbm80GI+mqUDXs9/


 For next Week 2023-03-03 14 :00 UTC :
https://cryptpad.fr/pad/#/2/pad/edit/GBcZpfFD5WELm7mdE2C-anKD/
and https://meet.jit.si/XenIssuesReview

Marc Ungeschikts (Vates)



  *De : *Marc Ungeschikts 
*Envoyé le :*vendredi 17 février 2023 16:15
*À : *xen-devel@lists.xenproject.org

*Objet :*RE : Weekly meeting - Xen Gitlab Issues Review





   2023-02-17 Report minutes Xen Gitlab Issues review meeting:
https://cryptpad.fr/pad/#/2/pad/edit/fRRWiCN07eq4oa6q31w5HLOx/


For next Week 2023-02-24 :
https://cryptpad.fr/pad/#/2/pad/edit/PhI0GK3pNtbm80GI+mqUDXs9/

 Marc Ungeschikts (Vates)



  *De : *Marc Ungeschikts 
*Envoyé le :*vendredi 3 février 2023 16:55
*À : *xen-devel@lists.xenproject.org

*Objet :*RE : Weekly meeting - Xen Gitlab Issues Review





    Report minutes of today's Xen Gitlab Issues review meeting:
https://cryptpad.fr/pad/#/2/pad/edit/CymKm6lKLO-y81RRYtrPdJOI/




 For next week:
https://cryptpad.fr/pad/#/2/pad/edit/fRRWiCN07eq4oa6q31w5HLOx/






 Marc Ungeschikts (Vates)



  *De : *Marc Ungeschikts 
*Envoyé le :*lundi 30 janvier 2023 10:56
*À : *xen-devel@lists.xenproject.org

*Objet :*Weekly meeting - Xen Gitlab Issues Review





Hi everydody, last Friday, during the Backlog Review meeting, we
decided to schedule a weekly meeting *every Friday-14:00(UTC)* to talk
about Xen Gitlab issues
(discussion, grooming,
triage,...)
 *Jitsi Room*: https://meet.jit.si/XenIssuesReview


You are all welcome, specially developers and maintainers.





* Marc Ungeschikts | Vates Project Manager*
  *Mobile: 0613302401*
  *XCP-ng & Xen Orchestra - *Vates solutions
  *w:* vates.fr | xcp-ng.org | xen-orchestra.com

Re: [PATCH] xen/riscv: init bss section

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 2:48 pm, Oleksii Kurochko wrote:
> Signed-off-by: Oleksii Kurochko 
> ---
>  xen/arch/riscv/setup.c | 14 ++
>  1 file changed, 14 insertions(+)
>
> diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
> index 154bf3a0bc..593bb471a4 100644
> --- a/xen/arch/riscv/setup.c
> +++ b/xen/arch/riscv/setup.c
> @@ -24,6 +24,18 @@ static void test_macros_from_bug_h(void)
>  early_printk("WARN is most likely working\n");
>  }
>  
> +static void __init init_bss(void)
> +{
> +extern char __bss_start;
> +extern char __bss_end;
> +char *bss = &__bss_start;
> +
> +while ( bss < &__bss_end ) {
> +*bss = 0;
> +bss++;
> +}
> +}
> +
>  void __init noreturn start_xen(void)
>  {
>  /*
> @@ -38,6 +50,8 @@ void __init noreturn start_xen(void)
>  
>  asm volatile( "mv %0, a1" : "=r" (dtb_base) );
>  
> +init_bss();
> +
>  early_printk("Hello from C env\n");
>  
>  trap_init();

Zeroing the BSS needs to one of the earliest thing you do.  It really
does need to be before entering C, and needs to be as close to the start
of head.S as you can reasonably make it.

I'd put it even before loading sp in start.

Even like this, there are various things the compiler might do behind
your back which expect a) the BSS to already be zeroed, and b) not
change value unexpectedly.


Also, note:

arch/riscv/xen.lds.S-143-    . = ALIGN(POINTER_ALIGN);
arch/riscv/xen.lds.S:144:    __bss_end = .;

The POINTER_ALIGN there is specifically so you can depend on
__bss_{start,end} being suitably aligned to use a register-width store,
rather than using byte stores, which in 64bit means you've got 8x fewer
iterations.

~Andrew

Re: [PATCH] CI: Simplify RISCV smoke testing

2023-02-24 Thread Oleksii 
Looks good to me.

Thanks.

Reviewed-by: Oleksii Kurochko 

~ Oleksii

On Fri, 2023-02-24 at 15:37 +, Andrew Cooper wrote:
> Use a single fairly generic string as the "all done" message to look
> for,
> which avoids the need to patch qemu-smoke-riscv64.sh each time a new
> feature
> is added.
> 
> Signed-off-by: Andrew Cooper 
> ---
> CC: Oleksii Kurochko 
> CC: Bob Eshleman 
> CC: Alistair Francis 
> CC: Connor Davis 
> CC: Anthony PERARD 
> CC: Stefano Stabellini 
> CC: Michal Orzel 
> CC: Doug Goldstein 
> 
> I considered "All set up and nowhere to go" but it's probably a
> little niche.
> ---
>  automation/scripts/qemu-smoke-riscv64.sh | 2 +-
>  xen/arch/riscv/setup.c   | 1 +
>  2 files changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/automation/scripts/qemu-smoke-riscv64.sh
> b/automation/scripts/qemu-smoke-riscv64.sh
> index e0f06360bc43..4008191302f9 100755
> --- a/automation/scripts/qemu-smoke-riscv64.sh
> +++ b/automation/scripts/qemu-smoke-riscv64.sh
> @@ -16,5 +16,5 @@ qemu-system-riscv64 \
>  |& tee smoke.serial
>  
>  set -e
> -(grep -q "Hello from C env" smoke.serial) || exit 1
> +(grep -q "All set up" smoke.serial) || exit 1
>  exit 0
> diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
> index d09ffe1454a4..1c87899e8e90 100644
> --- a/xen/arch/riscv/setup.c
> +++ b/xen/arch/riscv/setup.c
> @@ -11,6 +11,7 @@ void __init noreturn start_xen(void)
>  {
>  early_printk("Hello from C env\n");
>  
> +    early_printk("All set up\n");
>  for ( ;; )
>  asm volatile ("wfi");
>  

Re: [PATCH v1 3/3] automation: update RISC-V smoke test

2023-02-24 Thread Oleksii 
On Fri, 2023-02-24 at 15:27 +, Andrew Cooper wrote:
> On 24/02/2023 3:06 pm, Oleksii Kurochko wrote:
> > The smoke test was updated to verify that MMU has been enabled.
> > 
> > Signed-off-by: Oleksii Kurochko 
> > ---
> >  automation/scripts/qemu-smoke-riscv64.sh | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/automation/scripts/qemu-smoke-riscv64.sh
> > b/automation/scripts/qemu-smoke-riscv64.sh
> > index 02fc66be03..01cd08e407 100755
> > --- a/automation/scripts/qemu-smoke-riscv64.sh
> > +++ b/automation/scripts/qemu-smoke-riscv64.sh
> > @@ -16,5 +16,5 @@ qemu-system-riscv64 \
> >  |& tee smoke.serial
> >  
> >  set -e
> > -(grep -q "WARN is most likely working" smoke.serial) || exit 1
> > +(grep -q "MMU has been enabled" smoke.serial) || exit 1
> >  exit 0
> 
> There's a more simple way than this.  I'll do a patch.
Definitely your way is more simple. Thanks.
> 
> ~Andrew
~ Oleksii

Re: [PATCH] xen/riscv: init bss section

2023-02-24 Thread Oleksii 
On Fri, 2023-02-24 at 15:56 +0100, Jan Beulich wrote:
> On 24.02.2023 15:48, Oleksii Kurochko wrote:
> > --- a/xen/arch/riscv/setup.c
> > +++ b/xen/arch/riscv/setup.c
> > @@ -24,6 +24,18 @@ static void test_macros_from_bug_h(void)
> >  early_printk("WARN is most likely working\n");
> >  }
> >  
> > +static void __init init_bss(void)
> > +{
> > +    extern char __bss_start;
> > +    extern char __bss_end;
> 
> Better use [] and then perhaps omit the & operators further down.
> However, I thought we have a compiler warning option in use which
> precludes extern declarations which aren't at file scope. Even if
> I'm misremembering, perhaps better to move them.
Thanks. I will update the code then to use [].
> 
> > +    char *bss = &__bss_start;
> > +
> > +    while ( bss < &__bss_end ) {
> > +    *bss = 0;
> > +    bss++;
> > +    }
> > +}
> 
> If you're sure you can defer this until being in C code, why not use
> memset()?
I had an issue with from 


#ifndef __HAVE_ARCH_MEMSET
#define memset(s, c, n) __builtin_memset(s, c, n)
#endif

but there is no issue any more so I think I can use memset().
> 
> Jan
~ Oleksii

Re: [PATCH v2 3/3] x86/shadow: drop dead code from HVM-only sh_page_fault() pieces

2023-02-24 Thread Andrew Cooper 
On 23/01/2023 2:27 pm, Jan Beulich wrote:
> The shadow_mode_refcounts() check immediately ahead of the "emulate"
> label renders redundant two subsequent is_hvm_domain() checks (the
> latter of which was already redundant with the former).
>
> Also guest_mode() checks are pointless when we already know we're
> dealing with a HVM domain.
>
> Finally style-adjust a comment which otherwise would be fully visible as
> patch context anyway.
>
> Signed-off-by: Jan Beulich 

Acked-by: Andrew Cooper 

Thanks for splitting apart - it's much easier to follow like this.

Re: [PATCH v2 2/3] x86/shadow: mark more of sh_page_fault() HVM-only

2023-02-24 Thread Andrew Cooper 
On 23/01/2023 2:27 pm, Jan Beulich wrote:
> The types p2m_is_readonly() checks for aren't applicable to PV;
> specifically get_gfn() won't ever return any such type for PV domains.
> Extend the HVM-conditional block of code, also past the subsequent HVM-
> only if(). This way the "emulate_readonly" also becomes unreachable when
> !HVM, so move the conditional there upwards as well. Noticing the
> earlier shadow_mode_refcounts() check, move it up even further, right
> after that check. With that, the "done" label also needs marking as
> potentially unused.
>
> Signed-off-by: Jan Beulich 

Acked-by: Andrew Cooper

Re: [PATCH v2 1/3] x86/shadow: move dm-mmio handling code in sh_page_fault()

2023-02-24 Thread Andrew Cooper 
On 23/01/2023 3:08 pm, Jan Beulich wrote:
> On 23.01.2023 15:26, Jan Beulich wrote:
>> Do away with the partly mis-named "mmio" label there, which really is
>> only about emulated MMIO. Move the code to the place where the sole
>> "goto" was. Re-order steps slightly: Assertion first, perfc increment
>> outside of the locked region, and "gpa" calculation closer to the first
>> use of the variable. Also make the HVM conditional cover the entire
>> if(), as p2m_mmio_dm isn't applicable to PV; specifically get_gfn()
>> won't ever return this type for PV domains.
>>
>> Signed-off-by: Jan Beulich 
>> ---
>> v2: New.
>>
>> --- a/xen/arch/x86/mm/shadow/multi.c
>> +++ b/xen/arch/x86/mm/shadow/multi.c
> I've sent a stale patch, I'm sorry. This further hunk is needed to keep
> !HVM builds working:
>
> @@ -2144,8 +2144,8 @@ static int cf_check sh_page_fault(
>  gfn_t gfn = _gfn(0);
>  mfn_t gmfn, sl1mfn = _mfn(0);
>  shadow_l1e_t sl1e, *ptr_sl1e;
> -paddr_t gpa;
>  #ifdef CONFIG_HVM
> +paddr_t gpa;
>  struct sh_emulate_ctxt emul_ctxt;
>  const struct x86_emulate_ops *emul_ops;
>  int r;

Acked-by: Andrew Cooper

Re: [PATCH] xen/riscv: read hart_id and dtb_base passed by bootloader

2023-02-24 Thread Oleksii 
On Fri, 2023-02-24 at 16:04 +0100, Jan Beulich wrote:
> On 24.02.2023 15:48, Oleksii Kurochko wrote:
> > Signed-off-by: Oleksii Kurochko 
> > ---
> >  xen/arch/riscv/setup.c | 12 
> >  1 file changed, 12 insertions(+)
> > 
> > diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
> > index b3f8b10f71..154bf3a0bc 100644
> > --- a/xen/arch/riscv/setup.c
> > +++ b/xen/arch/riscv/setup.c
> > @@ -26,6 +26,18 @@ static void test_macros_from_bug_h(void)
> >  
> >  void __init noreturn start_xen(void)
> >  {
> > +    /*
> > + * The following things are passed by bootloader:
> > + *   a0 -> hart_id
> > + *   a1 -> dtb_base
> > +    */
> > +    register unsigned long hart_id  asm("a0");
> > +    register unsigned long dtb_base asm("a1");
> > +
> > +    asm volatile( "mv %0, a0" : "=r" (hart_id) );
> > +
> > +    asm volatile( "mv %0, a1" : "=r" (dtb_base) );
> 
> Are you sure this (a) works and (b) is what you want? You're
> inserting
Oh, yeah... it should be:
  unsigned long hart_id;
  unsigned long dtb_base;

I did experiments with 'register' and 'asm()' and after rebase of my
internal branches git backed these changes...

Sorry for that I have to double check patches next time.

It looks like it works only because the variables aren't used anywhere.
> "mov a0, a0" and "mov a1, a1". I suppose as long as the two local
> variables aren't used further down in the function, the compiler will
> be able to recognize both registers as dead, and hence use them for
> argument passing to later functions that you call. But I would expect
> that to break once you actually consume either of the variables.
> 
> Fundamentally I think this is the kind of thing you want do to in
> assembly. However, in the specific case here, can't you simply have
> 
> void __init noreturn start_xen(unsigned long hard_id,
>    unsigned long dtb_base)
> {
>     ...
> 
> and all is going to be fine, without any asm()?
One of the things that I would like to do is to not use an assembler as
much as possible. And as we have C environment ready after a few
assembly instructions in head.S I thought it would be OK to do it in C
code somewhere at the start so someone/sonething doesn't alter register
a0 and a1.
> 
> Otherwise again a style nit: In the asm statements (not the register
> declarations) there is a missing blank each before the opening
> parenthesis.
> 


> Jan
~Oleksii

Re: [PATCH] x86/asm: ELF metadata for simple cases

2023-02-24 Thread Andrew Cooper 
On 20/02/2023 11:51 am, Ross Lagerwall wrote:
>> From: Andrew Cooper 
>> Sent: Monday, February 20, 2023 11:04 AM
>> To: Xen-devel 
>> Cc: Andrew Cooper ; Jan Beulich 
>> ; Roger Pau Monne ; Wei Liu 
>> ; Konrad Rzeszutek Wilk ; Ross 
>> Lagerwall 
>> Subject: [PATCH] x86/asm: ELF metadata for simple cases 
>>  
>> This is generally good practice, and necessary for livepatch binary diffing 
>> to
>> work.
>>
>> With this, livepatching of the SVM entry path works.  The only complication 
>> is
>> with svm_stgi_label which is only used by oprofile to guestimate (not
>> completely correctly) when an NMI hit guest context.
>>
>> Livepatching of VMX is still an open question, because the logic doesn't form
>> anything remotely resembling functions.  Both code fragments jump into each
>> other so need to be updated in tandem.  Also, both code fragment entries need
>> trampolines in the case that patching actually occurs.  For now, just treat 
>> it
>> as a single function.
> If it is treated as two functions and both functions are always included in
> the live patch, would that work?

I think so, but only because the first jumped-to label in
vmx_asm_do_vmentry is beyond the trampoline.

But I guess the question is how to tie the two symbols together.  We
don't want to be hardcoding this in livepatch-build-tools IMO.

Perhaps we want a CONFIG_LIVEPATCH build of Xen to include a
section/note/something identifying "grouped symbols", meaning "if
there's a delta in one, include all even if they haven't changed" ?

I'm getting the distinct impression that we're going to need it it for
the PV entry/exit paths too.

~Andrew

Re: xenstored: Interaction bettwen SET_PERMS and transaction

2023-02-24 Thread Juergen Gross 

On 24.02.23 17:01, Julien Grall wrote:

Hi Juergen,

On 24/02/2023 16:00, Juergen Gross wrote:

On 24.02.23 16:00, Julien Grall wrote:

Hi Juergen,

For some internal purpose, I need to write a script that would do the following:

   1) Start a transaction
   2) Call GET_PERMS
   3) Call SET_PERMS with the permission just retrieved
   4) Commit the transaction

(Don't ask why :))

This was executed from dom0 on every nodes. In some cases, we noticed that 4) 
would return -ENOSPC.


When digging through the code, it looks like this is because 
transaction_fix_domains() (now called acc_fix_domains()) will check that the 
quota is correct.


The domain is question were over its limit, but given this is called by dom0, 
I would have expected that it should not never return -ENOSPC (note that a 
SET_PERMS outside of a transaction would work, but this can't be used our case).


Furthermore, the transaction is not changing any accounting. So I find a bit 
strange that we would prevent it even if this was run from an unprivileged 
domain.


Do you know if this issues would be fixed by your current rework?

If not, then I think we at least want to skip the quota check if the domain 
is privileged.


For non-privileged domain, I am not entirely sure what to do. I was 
originally thinking to check if cd->nbentry is 0 and then skip the quota 
check. But this would allow a domain to remove a node and then replace by a 
new one (I think we still want to forbid that).


What do you think?


Patch sent. Could you please test it with your script?


Thanks! I will give a try next week and let you know the result.


Thanks.

No need to hurry, as I'll be away most of next week (after Monday).


Juergen


OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: xenstored: Interaction bettwen SET_PERMS and transaction

2023-02-24 Thread Julien Grall 

Hi Juergen,

On 24/02/2023 16:00, Juergen Gross wrote:

On 24.02.23 16:00, Julien Grall wrote:

Hi Juergen,

For some internal purpose, I need to write a script that would do the 
following:


   1) Start a transaction
   2) Call GET_PERMS
   3) Call SET_PERMS with the permission just retrieved
   4) Commit the transaction

(Don't ask why :))

This was executed from dom0 on every nodes. In some cases, we noticed 
that 4) would return -ENOSPC.


When digging through the code, it looks like this is because 
transaction_fix_domains() (now called acc_fix_domains()) will check 
that the quota is correct.


The domain is question were over its limit, but given this is called 
by dom0, I would have expected that it should not never return -ENOSPC 
(note that a SET_PERMS outside of a transaction would work, but this 
can't be used our case).


Furthermore, the transaction is not changing any accounting. So I find 
a bit strange that we would prevent it even if this was run from an 
unprivileged domain.


Do you know if this issues would be fixed by your current rework?

If not, then I think we at least want to skip the quota check if the 
domain is privileged.


For non-privileged domain, I am not entirely sure what to do. I was 
originally thinking to check if cd->nbentry is 0 and then skip the 
quota check. But this would allow a domain to remove a node and then 
replace by a new one (I think we still want to forbid that).


What do you think?


Patch sent. Could you please test it with your script?


Thanks! I will give a try next week and let you know the result.

Cheers,

--
Julien Grall

Re: xenstored: Interaction bettwen SET_PERMS and transaction

2023-02-24 Thread Juergen Gross 

On 24.02.23 16:00, Julien Grall wrote:

Hi Juergen,

For some internal purpose, I need to write a script that would do the following:

   1) Start a transaction
   2) Call GET_PERMS
   3) Call SET_PERMS with the permission just retrieved
   4) Commit the transaction

(Don't ask why :))

This was executed from dom0 on every nodes. In some cases, we noticed that 4) 
would return -ENOSPC.


When digging through the code, it looks like this is because 
transaction_fix_domains() (now called acc_fix_domains()) will check that the 
quota is correct.


The domain is question were over its limit, but given this is called by dom0, I 
would have expected that it should not never return -ENOSPC (note that a 
SET_PERMS outside of a transaction would work, but this can't be used our case).


Furthermore, the transaction is not changing any accounting. So I find a bit 
strange that we would prevent it even if this was run from an unprivileged domain.


Do you know if this issues would be fixed by your current rework?

If not, then I think we at least want to skip the quota check if the domain is 
privileged.


For non-privileged domain, I am not entirely sure what to do. I was originally 
thinking to check if cd->nbentry is 0 and then skip the quota check. But this 
would allow a domain to remove a node and then replace by a new one (I think we 
still want to forbid that).


What do you think?


Patch sent. Could you please test it with your script?


Juergen



OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

[PATCH] tools/xenstore: fix quota check in acc_fix_domains()

2023-02-24 Thread Juergen Gross 
Today when finalizing a transaction the number of node quota is checked
to not being exceeded after the transaction. This check is always done,
even if the transaction is being performed by a privileged connection,
or if there were no nodes created in the transaction.

Correct that by checking quota only if:
- the transaction is being performed by an unprivileged guest, and
- at least one node was created in the transaction

Reported-by: Julien Grall 
Fixes: f2bebf72c4d5 ("xenstore: rework of transaction handling")
Signed-off-by: Juergen Gross 
---
 tools/xenstore/xenstored_core.c|  3 +++
 tools/xenstore/xenstored_domain.c  |  4 ++--
 tools/xenstore/xenstored_domain.h  |  2 +-
 tools/xenstore/xenstored_transaction.c | 16 ++--
 tools/xenstore/xenstored_transaction.h |  3 +++
 5 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index a61db2db2d..3ca68681e3 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -1472,6 +1472,9 @@ static struct node *create_node(struct connection *conn, 
const void *ctx,
if (!node)
return NULL;
 
+   if (conn && conn->transaction)
+   ta_node_created(conn->transaction);
+
node->data = data;
node->datalen = datalen;
 
diff --git a/tools/xenstore/xenstored_domain.c 
b/tools/xenstore/xenstored_domain.c
index d7fc2fafc7..f62be2245c 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -544,7 +544,7 @@ static struct domain *find_domain_by_domid(unsigned int 
domid)
return (d && d->introduced) ? d : NULL;
 }
 
-int acc_fix_domains(struct list_head *head, bool update)
+int acc_fix_domains(struct list_head *head, bool chk_quota, bool update)
 {
struct changed_domain *cd;
int cnt;
@@ -552,7 +552,7 @@ int acc_fix_domains(struct list_head *head, bool update)
list_for_each_entry(cd, head, list) {
cnt = domain_nbentry_fix(cd->domid, cd->nbentry, update);
if (!update) {
-   if (cnt >= quota_nb_entry_per_domain)
+   if (chk_quota && cnt >= quota_nb_entry_per_domain)
return ENOSPC;
if (cnt < 0)
return ENOMEM;
diff --git a/tools/xenstore/xenstored_domain.h 
b/tools/xenstore/xenstored_domain.h
index dc4660861e..ec6aa00cc7 100644
--- a/tools/xenstore/xenstored_domain.h
+++ b/tools/xenstore/xenstored_domain.h
@@ -96,7 +96,7 @@ void domain_outstanding_dec(struct connection *conn);
 void domain_outstanding_domid_dec(unsigned int domid);
 int domain_get_quota(const void *ctx, struct connection *conn,
 unsigned int domid);
-int acc_fix_domains(struct list_head *head, bool update);
+int acc_fix_domains(struct list_head *head, bool chk_quota, bool update);
 
 /* Write rate limiting */
 
diff --git a/tools/xenstore/xenstored_transaction.c 
b/tools/xenstore/xenstored_transaction.c
index 1aa9d3cb3d..2b15506953 100644
--- a/tools/xenstore/xenstored_transaction.c
+++ b/tools/xenstore/xenstored_transaction.c
@@ -160,12 +160,20 @@ struct transaction
/* List of changed domains - to record the changed domain entry number 
*/
struct list_head changed_domains;
 
+   /* There was at least one node created in the transaction. */
+   bool node_created;
+
/* Flag for letting transaction fail. */
bool fail;
 };
 
 uint64_t generation;
 
+void ta_node_created(struct transaction *trans)
+{
+   trans->node_created = true;
+}
+
 static struct accessed_node *find_accessed_node(struct transaction *trans,
const char *name)
 {
@@ -509,6 +517,7 @@ int do_transaction_end(const void *ctx, struct connection 
*conn,
const char *arg = onearg(in);
struct transaction *trans;
bool is_corrupt = false;
+   bool chk_quota;
int ret;
 
if (!arg || (!streq(arg, "T") && !streq(arg, "F")))
@@ -523,13 +532,16 @@ int do_transaction_end(const void *ctx, struct connection 
*conn,
if (!conn->transaction_started)
conn->ta_start_time = 0;
 
+   chk_quota = trans->node_created && domain_is_unprivileged(conn);
+
/* Attach transaction to ctx for auto-cleanup */
talloc_steal(ctx, trans);
 
if (streq(arg, "T")) {
if (trans->fail)
return ENOMEM;
-   ret = acc_fix_domains(>changed_domains, false);
+   ret = acc_fix_domains(>changed_domains, chk_quota,
+ false);
if (ret)
return ret;
ret = finalize_transaction(conn, trans, _corrupt);
@@ -539,7 +551,7 @@ int do_transaction_end(const void *ctx, struct connection 
*conn,
wrl_apply_debit_trans_commit(conn);

Re: [XEN PATCH v2 6/7] automation: Remove testing on Debian Jessie

2023-02-24 Thread Anthony PERARD 
On Tue, Feb 21, 2023 at 06:01:19PM +, Andrew Cooper wrote:
> On 21/02/2023 5:59 pm, Andrew Cooper wrote:
> > On 21/02/2023 4:55 pm, Anthony PERARD wrote:
> >> Jessie as rearch EOL in 2020.
> >>
> >> Even if we update the containers, we would still not be able to reach
> >> HTTPS webside with Let's Encrypt certificates and thus would need more
> >> change to the container.
> >>
> >> Signed-off-by: Anthony PERARD 
> > How is this interact with the other patches in the series?
> >
> > I presume we do want to take patch 4 and rebuild the containers, for the
> > older branches.  And that's fine.
> >
> > And IMO we should be dropping jessie testing, so this is almost fine for
> > staging.
> >
> > Except, jessie-32 is the only x86-32 build test we've got, so I think we
> > want to replace it with a newer container before dropping the jessie*.

Actually, we have two mores: debian-unstable-32-* and
debian-stretch-32-*. So an old distrib and a very new. So there's
probably no need to add more.

> Further to this, I really don't think we need to have a 4-wide matrix of
> {clang,gcc}{debug,release} for just a 32bit tools userspace.  Debug
> clang+gcc will do, and save on some testing cycles.

I guess we could remove debian-{stretch,unstable}-32-{clang,gcc}. I'll
add a patch for that.

> ~Andrew
> 
> >
> >> ---
> >> Notes:
> >> HTTPS would fail unless we commit "automation: Remove expired root
> >> certificates used to be used by let's encrypt", that is. Patch still in
> >> the series, and fix Jessie.
> > If we're dropping the jessie containers, do we really need that change
> > too?  Because we really shouldn't be playing around with URLs on older
> > branches.

No, there's no need to change it. It's just a bit confusing to both
update and delete. In the patch that remove the debian-jessie jobs, I
kind of want to also remove the dockerfile, but if the dockerfile is
updated in the series it is weird to remove it in that same series.

Thanks,

-- 
Anthony PERARD

[PATCH] CI: Simplify RISCV smoke testing

2023-02-24 Thread Andrew Cooper 
Use a single fairly generic string as the "all done" message to look for,
which avoids the need to patch qemu-smoke-riscv64.sh each time a new feature
is added.

Signed-off-by: Andrew Cooper 
---
CC: Oleksii Kurochko 
CC: Bob Eshleman 
CC: Alistair Francis 
CC: Connor Davis 
CC: Anthony PERARD 
CC: Stefano Stabellini 
CC: Michal Orzel 
CC: Doug Goldstein 

I considered "All set up and nowhere to go" but it's probably a little niche.
---
 automation/scripts/qemu-smoke-riscv64.sh | 2 +-
 xen/arch/riscv/setup.c   | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/automation/scripts/qemu-smoke-riscv64.sh 
b/automation/scripts/qemu-smoke-riscv64.sh
index e0f06360bc43..4008191302f9 100755
--- a/automation/scripts/qemu-smoke-riscv64.sh
+++ b/automation/scripts/qemu-smoke-riscv64.sh
@@ -16,5 +16,5 @@ qemu-system-riscv64 \
 |& tee smoke.serial
 
 set -e
-(grep -q "Hello from C env" smoke.serial) || exit 1
+(grep -q "All set up" smoke.serial) || exit 1
 exit 0
diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
index d09ffe1454a4..1c87899e8e90 100644
--- a/xen/arch/riscv/setup.c
+++ b/xen/arch/riscv/setup.c
@@ -11,6 +11,7 @@ void __init noreturn start_xen(void)
 {
 early_printk("Hello from C env\n");
 
+early_printk("All set up\n");
 for ( ;; )
 asm volatile ("wfi");
 
-- 
2.30.2

[PATCH] drm/virtio: Pass correct device to dma_sync_sgtable_for_device()

2023-02-24 Thread Oleksandr Tyshchenko 
From: Oleksandr Tyshchenko 

The "vdev->dev.parent" should be used instead of "vdev->dev" as a device
for which to perform the DMA operation in both
virtio_gpu_cmd_transfer_to_host_2d(3d).

Because the virtio-gpu device "vdev->dev" doesn't really have DMA OPS
assigned to it, but parent (virtio-pci or virtio-mmio) device
"vdev->dev.parent" has. The more, the sgtable in question the code is
trying to sync here was mapped for the parent device (by using its DMA OPS)
previously at:
virtio_gpu_object_shmem_init()->drm_gem_shmem_get_pages_sgt()->
dma_map_sgtable(), so should be synced here for the same parent device.

Fixes: b5c9ed70d1a9 ("drm/virtio: Improve DMA API usage for shmem BOs")
Signed-off-by: Oleksandr Tyshchenko 
---
This patch fixes the following issue when running on top of Xen with 
CONFIG_XEN_VIRTIO=y (patch was only tested in Xen environment (ARM64 guest)
w/ and w/o using Xen grants for virtio):

[0.830235] [drm] pci: virtio-gpu-pci detected at :00:03.0
[0.832078] [drm] features: +virgl +edid -resource_blob -host_visible
[0.832084] [drm] features: -context_init
[0.837320] [drm] number of scanouts: 1
[0.837460] [drm] number of cap sets: 2
[0.904372] [drm] cap set 0: id 1, max-version 1, max-size 308
[0.905399] [drm] cap set 1: id 2, max-version 2, max-size 696
[0.907202] [drm] Initialized virtio_gpu 0.1.0 0 for :00:03.0 on minor 0
[0.927241] virtio-pci :00:03.0: [drm] 
drm_plane_enable_fb_damage_clips() not called
[0.927279] Unable to handle kernel paging request at virtual address 
c0053000
[0.927284] Mem abort info:
[0.927286]   ESR = 0x96000144
[0.927289]   EC = 0x25: DABT (current EL), IL = 32 bits
[0.927293]   SET = 0, FnV = 0
[0.927295]   EA = 0, S1PTW = 0
[0.927298]   FSC = 0x04: level 0 translation fault
[0.927301] Data abort info:
[0.927303]   ISV = 0, ISS = 0x0144
[0.927305]   CM = 1, WnR = 1
[0.927308] swapper pgtable: 4k pages, 48-bit VAs, pgdp=4127f000
[0.927312] [c0053000] pgd=, p4d=
[0.927323] Internal error: Oops: 96000144 [#1] PREEMPT SMP
[0.927329] Modules linked in:
[0.927336] CPU: 0 PID: 1 Comm: swapper/0 Tainted: GW  
6.2.0-rc4-yocto-standard #1
[0.927343] Hardware name: XENVM-4.18 (DT)
[0.927346] pstate: 6005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[0.927352] pc : dcache_clean_poc+0x20/0x38
[0.927370] lr : arch_sync_dma_for_device+0x24/0x30
[0.927379] sp : 8972b3e0
[0.927381] x29: 8972b3e0 x28: 01aa8a00 x27: 
[0.927389] x26:  x25: 02815010 x24: 
[0.927396] x23: 890f9078 x22: 0001 x21: 0002
[0.927403] x20: 02b6b580 x19: 80053000 x18: 
[0.927410] x17:  x16:  x15: 8963b94e
[0.927416] x14: 0001 x13: 8963b93b x12: 64615f616d645f67
[0.927423] x11: 89513110 x10: 000a x9 : 8972b360
[0.927430] x8 : 895130c8 x7 : 8972b150 x6 : 000c
[0.927436] x5 :  x4 :  x3 : 003f
[0.927443] x2 : 0040 x1 : c0067000 x0 : c0053000
[0.927450] Call trace:
[0.927452]  dcache_clean_poc+0x20/0x38
[0.927459]  dma_direct_sync_sg_for_device+0x124/0x130
[0.927466]  dma_sync_sg_for_device+0x64/0xd0
[0.927475]  virtio_gpu_cmd_transfer_to_host_2d+0x10c/0x110
[0.927483]  virtio_gpu_primary_plane_update+0x340/0x3d0
[0.927490]  drm_atomic_helper_commit_planes+0xe8/0x20c
[0.927497]  drm_atomic_helper_commit_tail+0x54/0xa0
[0.927503]  commit_tail+0x160/0x190
[0.927507]  drm_atomic_helper_commit+0x16c/0x180
[0.927513]  drm_atomic_commit+0xa8/0xe0
[0.927521]  drm_client_modeset_commit_atomic+0x200/0x260
[0.927529]  drm_client_modeset_commit_locked+0x5c/0x1a0
[0.927536]  drm_client_modeset_commit+0x30/0x60
[0.927540]  drm_fb_helper_set_par+0xc8/0x120
[0.927548]  fbcon_init+0x3b8/0x510
[0.927557]  visual_init+0xb4/0x104
[0.927565]  do_bind_con_driver.isra.0+0x1c4/0x394
[0.927572]  do_take_over_console+0x144/0x1fc
[0.927577]  do_fbcon_takeover+0x6c/0xe4
[0.927583]  fbcon_fb_registered+0x1e4/0x1f0
[0.927588]  register_framebuffer+0x214/0x310
[0.927592]  __drm_fb_helper_initial_config_and_unlock+0x33c/0x540
[0.927599]  drm_fb_helper_initial_config+0x4c/0x60
[0.927604]  drm_fbdev_client_hotplug+0xc4/0x150
[0.927609]  drm_fbdev_generic_setup+0x90/0x154
[0.927614]  virtio_gpu_probe+0xc8/0x16c
[0.927621]  virtio_dev_probe+0x19c/0x240
[0.927629]  really_probe+0xbc/0x2dc
[0.927637]  __driver_probe_device+0x78/0xe0
[0.927641]  driver_probe_device+0xd8/0x160
[0.927645]  __driver_attach+0x94/0x19c
[0.927649]

Re: [RFC PATCH v2 2/2] tools/misc: Add xen-vcpus-stats tool

2023-02-24 Thread Matias Ezequiel Vara Larsen 
Hello Andrew and thanks for the comments,

On Thu, Feb 23, 2023 at 04:01:09PM +, Andrew Cooper wrote:
> On 07/10/2022 1:39 pm, Matias Ezequiel Vara Larsen wrote:
> 
> A couple of observations, all unrelated to the stats themselves.
> 
> Although overall, I'm not entirely certain that a tool like this is
> going to be very helpful after initial development.  Something to
> consider would be to alter libxenstat to use this new interface?
> 

Yes. We discussed about this in a design sesion at the summit. I could not move
forward on that direction yet but it is the right way to go. I use this tool
only to play with the interface and I could just remove it from the RFC in next
versions.

> > diff --git a/tools/misc/Makefile b/tools/misc/Makefile
> > index 2b683819d4..837e4b50da 100644
> > --- a/tools/misc/Makefile
> > +++ b/tools/misc/Makefile
> > @@ -49,6 +49,7 @@ TARGETS_COPY += xenpvnetboot
> >
> > # Everything which needs to be built
> > TARGETS_BUILD := $(filter-out $(TARGETS_COPY),$(TARGETS_ALL))
> > +TARGETS_BUILD += xen-vcpus-stats
> 
> This patch is whitespace corrupted.  If at all possible, you need to see
> about getting `git send-email` working to send patches with, as it deals
> with most of the whitespace problems for you.
> 
> I'm afraid you can't simply copy the patch text into an email and send that.
> 

I am using `git send-email` to send patches. I may have missed some flag.
I'll double-check. 

> >
> > # ... including build-only targets
> > TARGETS_BUILD-$(CONFIG_X86)    += xen-vmtrace
> > @@ -135,4 +136,9 @@ xencov: xencov.o
> > xen-ucode: xen-ucode.o
> > $(CC) $(LDFLAGS) -o $@ $< $(LDLIBS_libxenctrl) $(APPEND_LDFLAGS)
> >
> > +xen-vcpus-stats.o: CFLAGS += $(CFLAGS_libxenforeginmemory)
> > +
> > +xen-vcpus-stats: xen-vcpus-stats.o
> > +    $(CC) $(LDFLAGS) -o $@ $< $(LDLIBS_libxenctrl)
> > $(LDLIBS_libxenforeignmemory) $(APPEND_LDFLAGS)
> > +
> > -include $(DEPS_INCLUDE)
> > diff --git a/tools/misc/xen-vcpus-stats.c b/tools/misc/xen-vcpus-stats.c
> > new file mode 100644
> > index 00..29d0efb124
> > --- /dev/null
> > +++ b/tools/misc/xen-vcpus-stats.c
> > @@ -0,0 +1,87 @@
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +
> > +#include 
> > +#include 
> > +#include 
> > +
> > +#define rmb()   asm volatile("lfence":::"memory")
> 
> This is rmb(), but rmb() isn't what you want.
> 
> You want smp_rmb(), which is
> 
> #define smp_rmb() asm volatile ("" ::: "memory")
> 
> 
> I'm surprised we haven't got this in a common location, considering how
> often it goes wrong.  (Doesn't help that there's plenty of buggy
> examples to copy, even in xen.git)
> 

Got it. I'll rework on it in the next version. For inspiration, I used the code
at arch/x86/kernel/pvclock.c:pvclock_read_wallclock(). 

> > +
> > +static sig_atomic_t interrupted;
> > +static void close_handler(int signum)
> > +{
> > +    interrupted = 1;
> > +}
> > +
> > +int main(int argc, char **argv)
> > +{
> > +    xenforeignmemory_handle *fh;
> > +    xenforeignmemory_resource_handle *res;
> > +    size_t size;
> > +    int rc, domid, period, vcpu;
> > +    shared_vcpustatspage_t * info;
> 
> shared_vcpustatspage_t *info;
> 
> no space after the *.
> 
> But you also cannot have a single structure describing that.  I'll reply
> to the cover letter discussing ABIs.

I am reading it and I will comment on this soon. 

> 
> > +    struct sigaction act;
> > +    uint32_t version;
> > +    uint64_t value;
> > +
> > +    if (argc != 4 ) {
> 
> { on a new line.
> 
> > +    fprintf(stderr, "Usage: %s   \n", argv[0]);
> > +    return 1;
> > +    }
> > +
> > +    domid = atoi(argv[1]);
> > +    vcpu = atoi(argv[2]);
> > +    period = atoi(argv[3]);
> > +
> > +    act.sa_handler = close_handler;
> > +    act.sa_flags = 0;
> > +    sigemptyset(_mask);
> > +    sigaction(SIGHUP,  , NULL);
> > +    sigaction(SIGTERM, , NULL);
> > +    sigaction(SIGINT,  , NULL);
> > +    sigaction(SIGALRM, , NULL);
> > +
> > +    fh = xenforeignmemory_open(NULL, 0);
> > +
> > +    if ( !fh )
> > +    err(1, "xenforeignmemory_open");
> > +
> > +    rc = xenforeignmemory_resource_size(
> > +    fh, domid, XENMEM_resource_stats_table,
> > +    0, );
> > +
> > +    if ( rc )
> > +    err(1, "Fail: Get size");
> > +
> > +    res = xenforeignmemory_map_resource(
> > +    fh, domid, XENMEM_resource_stats_table,
> > +    0, XENMEM_resource_stats_frame_vcpustats, size >> XC_PAGE_SHIFT,
> > +    (void **), PROT_READ, 0);
> > +
> > +    if ( !res )
> > +    err(1, "Fail: Map");
> > +
> > +    while ( !interrupted ) {
> 
> { on newline again.
> 
> > +    sleep(period);
> > +    do {
> > +    version = info->vcpu_info[vcpu].version;
> > +    rmb();
> > +    value = info->vcpu_info[vcpu].runstate_running_time;
> > +    rmb();
> > +    } while ((info->vcpu_info[vcpu].version & 1) ||
> > +    (version !=

Re: [PATCH v1 3/3] automation: update RISC-V smoke test

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 3:06 pm, Oleksii Kurochko wrote:
> The smoke test was updated to verify that MMU has been enabled.
>
> Signed-off-by: Oleksii Kurochko 
> ---
>  automation/scripts/qemu-smoke-riscv64.sh | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/automation/scripts/qemu-smoke-riscv64.sh 
> b/automation/scripts/qemu-smoke-riscv64.sh
> index 02fc66be03..01cd08e407 100755
> --- a/automation/scripts/qemu-smoke-riscv64.sh
> +++ b/automation/scripts/qemu-smoke-riscv64.sh
> @@ -16,5 +16,5 @@ qemu-system-riscv64 \
>  |& tee smoke.serial
>  
>  set -e
> -(grep -q "WARN is most likely working" smoke.serial) || exit 1
> +(grep -q "MMU has been enabled" smoke.serial) || exit 1
>  exit 0

There's a more simple way than this.  I'll do a patch.

~Andrew

Re: [XEN PATCH v7 08/20] xen/arm: ffa: note dependency on 4k pages

2023-02-24 Thread Bertrand Marquis 
HI Jens,

> On 22 Feb 2023, at 16:33, Jens Wiklander  wrote:
> 
> Adds a BUILD_BUG_ON() to assert the dependency on 4k pages in the FF-A
> mediator.
> 
> Signed-off-by: Jens Wiklander 

NIT: I would s/note/enforce/ in the title:
xen/arm: ffa: enforce 4k pages

Reviewed-by: Bertrand Marquis 

Cheers
Bertrand

> ---
> xen/arch/arm/tee/ffa.c | 21 +
> 1 file changed, 21 insertions(+)
> 
> diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
> index d04bac9cc47f..8b0b80ce1ff5 100644
> --- a/xen/arch/arm/tee/ffa.c
> +++ b/xen/arch/arm/tee/ffa.c
> @@ -56,6 +56,16 @@
> #define FFA_MY_VERSION  MAKE_FFA_VERSION(FFA_MY_VERSION_MAJOR, \
>  FFA_MY_VERSION_MINOR)
> 
> +/*
> + * The FF-A specification explicitly works with 4K pages as a measure of
> + * memory size, for example, FFA_RXTX_MAP takes one parameter "RX/TX page
> + * count" which is the number of contiguous 4K pages allocated. Xen may use
> + * a different page size depending on the configuration to avoid confusion
> + * with PAGE_SIZE use a special define when it's a page size as in the FF-A
> + * specification.
> + */
> +#define FFA_PAGE_SIZE   SZ_4K
> +
> /* Framework direct request/response */
> #define FFA_MSG_FLAG_FRAMEWORK  BIT(31, U)
> #define FFA_MSG_TYPE_MASK   0xFFU;
> @@ -242,6 +252,17 @@ static bool ffa_probe(void)
> unsigned int major_vers;
> unsigned int minor_vers;
> 
> +/*
> + * FF-A often works in units of 4K pages and currently it's assumed
> + * that we can map memory using that granularity. See also the comment
> + * above the FFA_PAGE_SIZE define.
> + *
> + * It is possible to support a PAGE_SIZE larger than 4K in Xen, but
> + * until that is fully handled in this code make sure that we only use
> + * 4K page sizes.
> + */
> +BUILD_BUG_ON(PAGE_SIZE != FFA_PAGE_SIZE);
> +
> /*
>  * psci_init_smccc() updates this value with what's reported by EL-3
>  * or secure world.
> -- 
> 2.34.1
>

Re: [PATCH v1 1/3] xen/riscv: introduce setup_initial_pages

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 3:06 pm, Oleksii Kurochko wrote:
> diff --git a/xen/arch/riscv/include/asm/page.h 
> b/xen/arch/riscv/include/asm/page.h
> new file mode 100644
> index 00..fabbe1305f
> --- /dev/null
> +++ b/xen/arch/riscv/include/asm/page.h
> @@ -0,0 +1,90 @@
> +#ifndef _ASM_RISCV_PAGE_H
> +#define _ASM_RISCV_PAGE_H
> +
> +#include 
> +#include 
> +
> +#define PAGE_ENTRIES512
> +#define VPN_BITS(9)
> +#define VPN_MASK((unsigned long)((1 << VPN_BITS) - 1))
> +
> +#ifdef CONFIG_RISCV_64
> +/* L3 index Bit[47:39] */
> +#define THIRD_SHIFT (39)
> +#define THIRD_MASK  (VPN_MASK << THIRD_SHIFT)
> +/* L2 index Bit[38:30] */
> +#define SECOND_SHIFT(30)
> +#define SECOND_MASK (VPN_MASK << SECOND_SHIFT)
> +/* L1 index Bit[29:21] */
> +#define FIRST_SHIFT (21)
> +#define FIRST_MASK  (VPN_MASK << FIRST_SHIFT)
> +/* L0 index Bit[20:12] */
> +#define ZEROETH_SHIFT   (12)
> +#define ZEROETH_MASK(VPN_MASK << ZEROETH_SHIFT)

Don't name these with words.  That's an error ultimately inherited from
an architectural mistake ARM.

These should be named L1 (4k) thru L4 (512T), and don't need separate
separate masks or shifts because it looks like RISC-V designed their
pagetables in a coherent and uniform way.

You'll find the code simplifies substantially if you have
PAGETABLE_ORDER 9 somewhere in here.

The shift is always (PAGE_ORDER + level * PAGETABLE_ORDER), and it's
rare that you need something other than "(addr >> shift) & mask".  About
the only time you need a virtual address masked but unshifted is for
debugging.

~Andrew

Re: [PATCH v1 0/3] enable MMU for RISC-V

2023-02-24 Thread Oleksii 
On Fri, 2023-02-24 at 17:06 +0200, Oleksii Kurochko wrote:
> The patch series introduces the following things:
> 1. Functionality to build the page tables for Xen that map the
>    following:
>  * The physical location of Xen (where the bootloader loaded it)
>  * The link-time location of Xen (where the linker expected Xen's
>    addresses to be.
> 2. Load the built page table into the SATP
> 3. Enables MMU.
> 4. Updates smoke test to grep message which should be printed after
>    MMU is enabled.
> 
> Oleksii Kurochko (3):
>   xen/riscv: introduce setup_initial_pages
>   xen/riscv: setup initial pagetables
>   automation: update RISC-V smoke test
> 
>  automation/scripts/qemu-smoke-riscv64.sh |   2 +-
>  xen/arch/riscv/Makefile  |   1 +
>  xen/arch/riscv/include/asm/mm.h  |   9 +
>  xen/arch/riscv/include/asm/page.h    |  90 +
>  xen/arch/riscv/mm.c  | 223
> +++
>  xen/arch/riscv/setup.c   |  11 ++
>  6 files changed, 335 insertions(+), 1 deletion(-)
>  create mode 100644 xen/arch/riscv/include/asm/mm.h
>  create mode 100644 xen/arch/riscv/include/asm/page.h
>  create mode 100644 xen/arch/riscv/mm.c
> 

I forgot to mention in cover letter that the patch series is based on
top of 'introduce generic implementation of macros from bug.h' and
'RISCV basic exception handling implementation' patch series.

Re: xenstored: Interaction bettwen SET_PERMS and transaction

2023-02-24 Thread Juergen Gross 

On 24.02.23 16:00, Julien Grall wrote:

Hi Juergen,

For some internal purpose, I need to write a script that would do the following:

   1) Start a transaction
   2) Call GET_PERMS
   3) Call SET_PERMS with the permission just retrieved
   4) Commit the transaction

(Don't ask why :))

This was executed from dom0 on every nodes. In some cases, we noticed that 4) 
would return -ENOSPC.


When digging through the code, it looks like this is because 
transaction_fix_domains() (now called acc_fix_domains()) will check that the 
quota is correct.


The domain is question were over its limit, but given this is called by dom0, I 
would have expected that it should not never return -ENOSPC (note that a 
SET_PERMS outside of a transaction would work, but this can't be used our case).


Furthermore, the transaction is not changing any accounting. So I find a bit 
strange that we would prevent it even if this was run from an unprivileged domain.


You are right. It should only be rejected if nodes are added in the transaction.



Do you know if this issues would be fixed by your current rework?


I don't think so.



If not, then I think we at least want to skip the quota check if the domain is 
privileged.


I'll add something to check quota only for unprivileged domains AND only if
nodes have been added in the transaction.



For non-privileged domain, I am not entirely sure what to do. I was originally 
thinking to check if cd->nbentry is 0 and then skip the quota check. But this 
would allow a domain to remove a node and then replace by a new one (I think we 
still want to forbid that).


Correct. Node creation is the trigger we want.

BTW, current code is really bad, as it would even reject removing a node
in a transaction for a domain being above quota after that remove.


Juergen


OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [PATCH] xen/riscv: disable fpu

2023-02-24 Thread Jan Beulich 
On 24.02.2023 15:48, Oleksii Kurochko wrote:
> Disable FPU to detect illegal usage of floating point in kernel
> space.
> 
> Signed-off-by: Oleksii Kurochko 
> ---
>  xen/arch/riscv/setup.c | 7 +++
>  1 file changed, 7 insertions(+)

This looks to contextually depend on earlier individually sent patches.
When there are dependencies, preferably group the patches in a series,
or if not at the very least call out the dependency in the post-commit-
message area, for committers to be aware.

Jan

> --- a/xen/arch/riscv/setup.c
> +++ b/xen/arch/riscv/setup.c
> @@ -36,6 +36,11 @@ static void __init init_bss(void)
>  }
>  }
>  
> +static void __init disable_fpu(void)
> +{
> +csr_write(CSR_SSTATUS, SSTATUS_FS);
> +}
> +
>  void __init noreturn start_xen(void)
>  {
>  /*
> @@ -52,6 +57,8 @@ void __init noreturn start_xen(void)
>  
>  init_bss();
>  
> +disable_fpu();
> +
>  early_printk("Hello from C env\n");
>  
>  trap_init();

[PATCH v1 2/3] xen/riscv: setup initial pagetables

2023-02-24 Thread Oleksii Kurochko 
Calculate load and linker linker image addresses and
setup initial pagetables.

Signed-off-by: Oleksii Kurochko 
---
 xen/arch/riscv/setup.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
index b7cd438a1d..f69bc278bb 100644
--- a/xen/arch/riscv/setup.c
+++ b/xen/arch/riscv/setup.c
@@ -1,9 +1,11 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
+#include 
 #include 
 
 /* Xen stack for bringing up the first CPU. */
@@ -43,6 +45,11 @@ static void __init disable_fpu(void)
 
 void __init noreturn start_xen(void)
 {
+unsigned long load_start= (unsigned long)start;
+unsigned long load_end  = load_start + (unsigned long)(_end - _start);
+unsigned long linker_start  = (unsigned long)_start;
+unsigned long linker_end= (unsigned long)_end;
+
 /*
  * The following things are passed by bootloader:
  *   a0 -> hart_id
@@ -65,6 +72,10 @@ void __init noreturn start_xen(void)
 
 test_macros_from_bug_h();
 
+setup_initial_pagetables(load_start, load_end, linker_start, linker_end);
+
+early_printk("MMU has been enabled\n");
+
 for ( ;; )
 asm volatile ("wfi");
 
-- 
2.39.0

[PATCH v1 1/3] xen/riscv: introduce setup_initial_pages

2023-02-24 Thread Oleksii Kurochko 
Mostly the code for setup_initial_pages was taken from Bobby's
repo except for the following changes:
* Use only a minimal part of the code enough to enable MMU
* rename {_}setup_initial_pagetables functions
* add writable argument for _setup_initial_pagetables to have
  an opportunity to make some sections read-only
* update setup_initial_pagetables function to make some sections
  read-only
* change the order of _setup_inital_pagetables()
  in setup_initial_pagetable():
  * first it is called for text, init, rodata sections
  * after call it for ranges [link_addr_start : link_addr_end] and
[load_addr_start : load_addr_end]
  Before it was done first for the ranges and after for sections but
  in that case read-only status will be equal to 'true' and
  as sections' addresses  can/are inside the ranges the read-only status
  won't be updated for them as it was set up before.

Origin: https://gitlab.com/xen-on-risc-v/xen/-/tree/riscv-rebase 4af165b468af
Signed-off-by: Oleksii Kurochko 
---
 xen/arch/riscv/Makefile   |   1 +
 xen/arch/riscv/include/asm/mm.h   |   9 ++
 xen/arch/riscv/include/asm/page.h |  90 
 xen/arch/riscv/mm.c   | 223 ++
 4 files changed, 323 insertions(+)
 create mode 100644 xen/arch/riscv/include/asm/mm.h
 create mode 100644 xen/arch/riscv/include/asm/page.h
 create mode 100644 xen/arch/riscv/mm.c

diff --git a/xen/arch/riscv/Makefile b/xen/arch/riscv/Makefile
index 443f6bf15f..956ceb02df 100644
--- a/xen/arch/riscv/Makefile
+++ b/xen/arch/riscv/Makefile
@@ -1,5 +1,6 @@
 obj-$(CONFIG_EARLY_PRINTK) += early_printk.o
 obj-y += entry.o
+obj-y += mm.o
 obj-$(CONFIG_RISCV_64) += riscv64/
 obj-y += sbi.o
 obj-y += setup.o
diff --git a/xen/arch/riscv/include/asm/mm.h b/xen/arch/riscv/include/asm/mm.h
new file mode 100644
index 00..fc1866b1d8
--- /dev/null
+++ b/xen/arch/riscv/include/asm/mm.h
@@ -0,0 +1,9 @@
+#ifndef _ASM_RISCV_MM_H
+#define _ASM_RISCV_MM_H
+
+void setup_initial_pagetables(unsigned long load_addr_start,
+  unsigned long load_addr_end,
+  unsigned long linker_addr_start,
+  unsigned long linker_addr_end);
+
+#endif /* _ASM_RISCV_MM_H */
diff --git a/xen/arch/riscv/include/asm/page.h 
b/xen/arch/riscv/include/asm/page.h
new file mode 100644
index 00..fabbe1305f
--- /dev/null
+++ b/xen/arch/riscv/include/asm/page.h
@@ -0,0 +1,90 @@
+#ifndef _ASM_RISCV_PAGE_H
+#define _ASM_RISCV_PAGE_H
+
+#include 
+#include 
+
+#define PAGE_ENTRIES512
+#define VPN_BITS(9)
+#define VPN_MASK((unsigned long)((1 << VPN_BITS) - 1))
+
+#ifdef CONFIG_RISCV_64
+/* L3 index Bit[47:39] */
+#define THIRD_SHIFT (39)
+#define THIRD_MASK  (VPN_MASK << THIRD_SHIFT)
+/* L2 index Bit[38:30] */
+#define SECOND_SHIFT(30)
+#define SECOND_MASK (VPN_MASK << SECOND_SHIFT)
+/* L1 index Bit[29:21] */
+#define FIRST_SHIFT (21)
+#define FIRST_MASK  (VPN_MASK << FIRST_SHIFT)
+/* L0 index Bit[20:12] */
+#define ZEROETH_SHIFT   (12)
+#define ZEROETH_MASK(VPN_MASK << ZEROETH_SHIFT)
+
+#else // CONFIG_RISCV_32
+
+/* L1 index Bit[31:22] */
+#define FIRST_SHIFT (22)
+#define FIRST_MASK  (VPN_MASK << FIRST_SHIFT)
+
+/* L0 index Bit[21:12] */
+#define ZEROETH_SHIFT   (12)
+#define ZEROETH_MASK(VPN_MASK << ZEROETH_SHIFT)
+#endif
+
+#define THIRD_SIZE  (1 << THIRD_SHIFT)
+#define THIRD_MAP_MASK  (~(THIRD_SIZE - 1))
+#define SECOND_SIZE (1 << SECOND_SHIFT)
+#define SECOND_MAP_MASK (~(SECOND_SIZE - 1))
+#define FIRST_SIZE  (1 << FIRST_SHIFT)
+#define FIRST_MAP_MASK  (~(FIRST_SIZE - 1))
+#define ZEROETH_SIZE(1 << ZEROETH_SHIFT)
+#define ZEROETH_MAP_MASK(~(ZEROETH_SIZE - 1))
+
+#define PTE_SHIFT   10
+
+#define PTE_VALID   BIT(0, UL)
+#define PTE_READABLEBIT(1, UL)
+#define PTE_WRITABLEBIT(2, UL)
+#define PTE_EXECUTABLE  BIT(3, UL)
+#define PTE_USERBIT(4, UL)
+#define PTE_GLOBAL  BIT(5, UL)
+#define PTE_ACCESSEDBIT(6, UL)
+#define PTE_DIRTY   BIT(7, UL)
+#define PTE_RSW (BIT(8, UL) | BIT(9, UL))
+
+#define PTE_LEAF_DEFAULT(PTE_VALID | PTE_READABLE | PTE_WRITABLE | 
PTE_EXECUTABLE)
+#define PTE_TABLE   (PTE_VALID)
+
+/* Calculate the offsets into the pagetables for a given VA */
+#define zeroeth_linear_offset(va)   ((va) >> ZEROETH_SHIFT)
+#define first_linear_offset(va) ((va) >> FIRST_SHIFT)
+#define second_linear_offset(va)((va) >> SECOND_SHIFT)
+#define third_linear_offset(va) ((va) >> THIRD_SHIFT)
+
+#define pagetable_zeroeth_index(va) zeroeth_linear_offset((va) & ZEROETH_MASK)
+#define pagetable_first_index(va)   first_linear_offset((va) & FIRST_MASK)
+#define

[PATCH v1 0/3] enable MMU for RISC-V

2023-02-24 Thread Oleksii Kurochko 
The patch series introduces the following things:
1. Functionality to build the page tables for Xen that map the
   following:
 * The physical location of Xen (where the bootloader loaded it)
 * The link-time location of Xen (where the linker expected Xen's
   addresses to be.
2. Load the built page table into the SATP
3. Enables MMU.
4. Updates smoke test to grep message which should be printed after
   MMU is enabled.

Oleksii Kurochko (3):
  xen/riscv: introduce setup_initial_pages
  xen/riscv: setup initial pagetables
  automation: update RISC-V smoke test

 automation/scripts/qemu-smoke-riscv64.sh |   2 +-
 xen/arch/riscv/Makefile  |   1 +
 xen/arch/riscv/include/asm/mm.h  |   9 +
 xen/arch/riscv/include/asm/page.h|  90 +
 xen/arch/riscv/mm.c  | 223 +++
 xen/arch/riscv/setup.c   |  11 ++
 6 files changed, 335 insertions(+), 1 deletion(-)
 create mode 100644 xen/arch/riscv/include/asm/mm.h
 create mode 100644 xen/arch/riscv/include/asm/page.h
 create mode 100644 xen/arch/riscv/mm.c

-- 
2.39.0

[PATCH v1 3/3] automation: update RISC-V smoke test

2023-02-24 Thread Oleksii Kurochko 
The smoke test was updated to verify that MMU has been enabled.

Signed-off-by: Oleksii Kurochko 
---
 automation/scripts/qemu-smoke-riscv64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/automation/scripts/qemu-smoke-riscv64.sh 
b/automation/scripts/qemu-smoke-riscv64.sh
index 02fc66be03..01cd08e407 100755
--- a/automation/scripts/qemu-smoke-riscv64.sh
+++ b/automation/scripts/qemu-smoke-riscv64.sh
@@ -16,5 +16,5 @@ qemu-system-riscv64 \
 |& tee smoke.serial
 
 set -e
-(grep -q "WARN is most likely working" smoke.serial) || exit 1
+(grep -q "MMU has been enabled" smoke.serial) || exit 1
 exit 0
-- 
2.39.0

Re: [PATCH] xen/riscv: read hart_id and dtb_base passed by bootloader

2023-02-24 Thread Jan Beulich 
On 24.02.2023 15:48, Oleksii Kurochko wrote:
> Signed-off-by: Oleksii Kurochko 
> ---
>  xen/arch/riscv/setup.c | 12 
>  1 file changed, 12 insertions(+)
> 
> diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
> index b3f8b10f71..154bf3a0bc 100644
> --- a/xen/arch/riscv/setup.c
> +++ b/xen/arch/riscv/setup.c
> @@ -26,6 +26,18 @@ static void test_macros_from_bug_h(void)
>  
>  void __init noreturn start_xen(void)
>  {
> +/*
> + * The following things are passed by bootloader:
> + *   a0 -> hart_id
> + *   a1 -> dtb_base
> +*/
> +register unsigned long hart_id  asm("a0");
> +register unsigned long dtb_base asm("a1");
> +
> +asm volatile( "mv %0, a0" : "=r" (hart_id) );
> +
> +asm volatile( "mv %0, a1" : "=r" (dtb_base) );

Are you sure this (a) works and (b) is what you want? You're inserting
"mov a0, a0" and "mov a1, a1". I suppose as long as the two local
variables aren't used further down in the function, the compiler will
be able to recognize both registers as dead, and hence use them for
argument passing to later functions that you call. But I would expect
that to break once you actually consume either of the variables.

Fundamentally I think this is the kind of thing you want do to in
assembly. However, in the specific case here, can't you simply have

void __init noreturn start_xen(unsigned long hard_id,
   unsigned long dtb_base)
{
...

and all is going to be fine, without any asm()?

Otherwise again a style nit: In the asm statements (not the register
declarations) there is a missing blank each before the opening
parenthesis.

Jan

Re: [PATCH v1 2/2] backup_ptes: fix leak on realloc failure

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 1:36 pm, Edwin Török wrote:
> From: Edwin Török 
>
> From `man 2 realloc`:
> `If realloc() fails, the original block is left untouched; it is not freed or 
> moved.`
>
> Found using GCC -fanalyzer:
> ```
> |  184 | backup->entries = realloc(backup->entries,
> |  | ~~
> |  | |   | |
> |  | |   | (91) when ‘realloc’ fails
> |  | |   (92) ‘old_ptes.entries’ leaks here; was 
> allocated at (44)
> |  | (90) ...to here
> ```
>
> Signed-off-by: Edwin Török 

In terms of the fix, Acked-by: Andrew Cooper
, but

> ---
>  tools/libs/guest/xg_offline_page.c | 7 +--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/tools/libs/guest/xg_offline_page.c 
> b/tools/libs/guest/xg_offline_page.c
> index c594fdba41..a8bcea768b 100644
> --- a/tools/libs/guest/xg_offline_page.c
> +++ b/tools/libs/guest/xg_offline_page.c
> @@ -181,10 +181,13 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset,
>  
>  if (backup->max == backup->cur)
>  {
> -backup->entries = realloc(backup->entries,
> +void* orig = backup->entries;

void *orig, and a newline.

> +backup->entries = realloc(orig,
>  backup->max * 2 * sizeof(struct 
> pte_backup_entry));
> -if (backup->entries == NULL)
> +if (backup->entries == NULL) {

Newline.

Can be fixed on commit.

~Andrew

> +free(orig);
>  return -1;
> +}
>  else
>  backup->max *= 2;
>  }

xenstored: Interaction bettwen SET_PERMS and transaction

2023-02-24 Thread Julien Grall 

Hi Juergen,

For some internal purpose, I need to write a script that would do the 
following:


  1) Start a transaction
  2) Call GET_PERMS
  3) Call SET_PERMS with the permission just retrieved
  4) Commit the transaction

(Don't ask why :))

This was executed from dom0 on every nodes. In some cases, we noticed 
that 4) would return -ENOSPC.


When digging through the code, it looks like this is because 
transaction_fix_domains() (now called acc_fix_domains()) will check that 
the quota is correct.


The domain is question were over its limit, but given this is called by 
dom0, I would have expected that it should not never return -ENOSPC 
(note that a SET_PERMS outside of a transaction would work, but this 
can't be used our case).


Furthermore, the transaction is not changing any accounting. So I find a 
bit strange that we would prevent it even if this was run from an 
unprivileged domain.


Do you know if this issues would be fixed by your current rework?

If not, then I think we at least want to skip the quota check if the 
domain is privileged.


For non-privileged domain, I am not entirely sure what to do. I was 
originally thinking to check if cd->nbentry is 0 and then skip the quota 
check. But this would allow a domain to remove a node and then replace 
by a new one (I think we still want to forbid that).


What do you think?

Cheers,

--
Julien Grall

Re: [PATCH] xen/riscv: init bss section

2023-02-24 Thread Jan Beulich 
On 24.02.2023 15:56, Jan Beulich wrote:
> On 24.02.2023 15:48, Oleksii Kurochko wrote:
>> +char *bss = &__bss_start;
>> +
>> +while ( bss < &__bss_end ) {
>> +*bss = 0;
>> +bss++;
>> +}
>> +}
> 
> If you're sure you can defer this until being in C code, why not use
> memset()?

Oh, otherwise: Nit (style) - brace placement.

Jan

Re: [PATCH v1 1/2] xc_core_arch_map_p2m_tree_rw: fix memory leak

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 1:36 pm, Edwin Török wrote:
> From: Edwin Török 
>
> Prior to bd7a29c3d0 'out' would've always been executed and memory
> freed, but that commit changed it such that it returns early and leaks.
>
> Found using gcc 12.2.1 `-fanalyzer`:
> ```
> xg_core_x86.c: In function ‘xc_core_arch_map_p2m_tree_rw’:
> xg_core_x86.c:300:5: error: leak of ‘p2m_frame_list_list’ [CWE-401] 
> [-Werror=analyzer-malloc-leak]
>   300 | return p2m_frame_list;
>   | ^~
>   ‘xc_core_arch_map_p2m_writable’: events 1-2
> |
> |  378 | xc_core_arch_map_p2m_writable(xc_interface *xch, struct 
> domain_info_context *dinfo, xc_dominfo_t *info,
> |  | ^
> |  | |
> |  | (1) entry to ‘xc_core_arch_map_p2m_writable’
> |..
> |  381 | return xc_core_arch_map_p2m_rw(xch, dinfo, info, 
> live_shinfo, live_p2m, 1);
> |  |
> ~~~
> |  ||
> |  |(2) calling ‘xc_core_arch_map_p2m_rw’ from 
> ‘xc_core_arch_map_p2m_writable’
> |
> +--> ‘xc_core_arch_map_p2m_rw’: events 3-10
>|
>|  319 | xc_core_arch_map_p2m_rw(xc_interface *xch, struct 
> domain_info_context *dinfo, xc_dominfo_t *info,
>|  | ^~~
>|  | |
>|  | (3) entry to ‘xc_core_arch_map_p2m_rw’
>|..
>|  328 | if ( xc_domain_nr_gpfns(xch, info->domid, 
> >p2m_size) < 0 )
>|  |~
>|  ||
>|  |(4) following ‘false’ branch...
>|..
>|  334 | if ( dinfo->p2m_size < info->nr_pages  )
>|  | ~~ ~
>|  | |  |
>|  | |  (6) following ‘false’ branch...
>|  | (5) ...to here
>|..
>|  340 | p2m_cr3 = GET_FIELD(live_shinfo, arch.p2m_cr3, 
> dinfo->guest_width);
>|  | ~~~
>|  | |
>|  | (7) ...to here
>|  341 |
>|  342 | p2m_frame_list = p2m_cr3 ? 
> xc_core_arch_map_p2m_list_rw(xch, dinfo, dom, live_shinfo, p2m_cr3)
>|  |  
> ~
>|  343 |  : 
> xc_core_arch_map_p2m_tree_rw(xch, dinfo, dom, live_shinfo);
>|  |  
> 
>|  |  | |
>|  |  | (9) ...to here
>|  |  | (10) calling 
> ‘xc_core_arch_map_p2m_tree_rw’ from ‘xc_core_arch_map_p2m_rw’
>|  |  (8) following ‘false’ 
> branch...
>|
>+--> ‘xc_core_arch_map_p2m_tree_rw’: events 11-24
>   |
>   |  228 | xc_core_arch_map_p2m_tree_rw(xc_interface *xch, 
> struct domain_info_context *dinfo,
>   |  | ^~~~
>   |  | |
>   |  | (11) entry to ‘xc_core_arch_map_p2m_tree_rw’
>   |..
>   |  245 | if ( !live_p2m_frame_list_list )
>   |  |~
>   |  ||
>   |  |(12) following ‘false’ branch (when 
> ‘live_p2m_frame_list_list’ is non-NULL)...
>   |..
>   |  252 | if ( !(p2m_frame_list_list = 
> malloc(PAGE_SIZE)) )
>   |  | ~~ ~ ~
>   |  | |  | |
>   |  | |  | (14) allocated 
> here
>   |  | |  (15) assuming ‘p2m_frame_list_list’ is 
> non-NULL
>   |  | |  (16) following ‘false’ branch (when 
> ‘p2m_frame_list_list’ is non-NULL)...
>   |  | (13) ...to here
>   |..
>   |  257 | memcpy(p2m_frame_list_list, 
> live_p2m_frame_list_list, PAGE_SIZE);
>   |  | ~~
>   |  | |
>   |  | (17) ...to here
>   |..
>   |  266 | else if ( dinfo->guest_width < sizeof(unsigned 
> long) )
>   |  | ~
>   |  | |
>   |  | (18) following ‘false’ branch...
>   |..
>   |  270 | live_p2m_frame_list =
>   |  | ~~~
>   |  | |
>   |  | (19) ...to

Re: [PATCH] xen/riscv: init bss section

2023-02-24 Thread Jan Beulich 
On 24.02.2023 15:48, Oleksii Kurochko wrote:
> --- a/xen/arch/riscv/setup.c
> +++ b/xen/arch/riscv/setup.c
> @@ -24,6 +24,18 @@ static void test_macros_from_bug_h(void)
>  early_printk("WARN is most likely working\n");
>  }
>  
> +static void __init init_bss(void)
> +{
> +extern char __bss_start;
> +extern char __bss_end;

Better use [] and then perhaps omit the & operators further down.
However, I thought we have a compiler warning option in use which
precludes extern declarations which aren't at file scope. Even if
I'm misremembering, perhaps better to move them.

> +char *bss = &__bss_start;
> +
> +while ( bss < &__bss_end ) {
> +*bss = 0;
> +bss++;
> +}
> +}

If you're sure you can defer this until being in C code, why not use
memset()?

Jan

[PATCH] xen/riscv: disable fpu

2023-02-24 Thread Oleksii Kurochko 
Disable FPU to detect illegal usage of floating point in kernel
space.

Signed-off-by: Oleksii Kurochko 
---
 xen/arch/riscv/setup.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
index 593bb471a4..b7cd438a1d 100644
--- a/xen/arch/riscv/setup.c
+++ b/xen/arch/riscv/setup.c
@@ -36,6 +36,11 @@ static void __init init_bss(void)
 }
 }
 
+static void __init disable_fpu(void)
+{
+csr_write(CSR_SSTATUS, SSTATUS_FS);
+}
+
 void __init noreturn start_xen(void)
 {
 /*
@@ -52,6 +57,8 @@ void __init noreturn start_xen(void)
 
 init_bss();
 
+disable_fpu();
+
 early_printk("Hello from C env\n");
 
 trap_init();
-- 
2.39.0

[PATCH] xen/riscv: init bss section

2023-02-24 Thread Oleksii Kurochko 
Signed-off-by: Oleksii Kurochko 
---
 xen/arch/riscv/setup.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
index 154bf3a0bc..593bb471a4 100644
--- a/xen/arch/riscv/setup.c
+++ b/xen/arch/riscv/setup.c
@@ -24,6 +24,18 @@ static void test_macros_from_bug_h(void)
 early_printk("WARN is most likely working\n");
 }
 
+static void __init init_bss(void)
+{
+extern char __bss_start;
+extern char __bss_end;
+char *bss = &__bss_start;
+
+while ( bss < &__bss_end ) {
+*bss = 0;
+bss++;
+}
+}
+
 void __init noreturn start_xen(void)
 {
 /*
@@ -38,6 +50,8 @@ void __init noreturn start_xen(void)
 
 asm volatile( "mv %0, a1" : "=r" (dtb_base) );
 
+init_bss();
+
 early_printk("Hello from C env\n");
 
 trap_init();
-- 
2.39.0

[PATCH] xen/riscv: read hart_id and dtb_base passed by bootloader

2023-02-24 Thread Oleksii Kurochko 
Signed-off-by: Oleksii Kurochko 
---
 xen/arch/riscv/setup.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
index b3f8b10f71..154bf3a0bc 100644
--- a/xen/arch/riscv/setup.c
+++ b/xen/arch/riscv/setup.c
@@ -26,6 +26,18 @@ static void test_macros_from_bug_h(void)
 
 void __init noreturn start_xen(void)
 {
+/*
+ * The following things are passed by bootloader:
+ *   a0 -> hart_id
+ *   a1 -> dtb_base
+*/
+register unsigned long hart_id  asm("a0");
+register unsigned long dtb_base asm("a1");
+
+asm volatile( "mv %0, a0" : "=r" (hart_id) );
+
+asm volatile( "mv %0, a1" : "=r" (dtb_base) );
+
 early_printk("Hello from C env\n");
 
 trap_init();
-- 
2.39.0

[PATCH v1 0/2] fix memory leaks reported by GCC -fanalyzer

2023-02-24 Thread Edwin Török 
From: Edwin Török 

Using GCC 12.2.1 with -fanalyzer it has shown some memory leaks:

This is how I enabled -fanalyzer (adding it to CFLAGS for toplevel
configure didn't seem to work):

```
CFLAGS += $(call cc-option,$(CC),-fanalyzer)
```

Note that there are more errors shown than fixed here, but they seem to
be false positives (which is why this flag cannot, yet, be enabled by
default).

Edwin Török (2):
  xc_core_arch_map_p2m_tree_rw: fix memory leak
  backup_ptes: fix leak on realloc failure

 tools/libs/guest/xg_core_x86.c | 2 ++
 tools/libs/guest/xg_offline_page.c | 7 +--
 2 files changed, 7 insertions(+), 2 deletions(-)

-- 
2.39.1

[PATCH v1 1/2] xc_core_arch_map_p2m_tree_rw: fix memory leak

2023-02-24 Thread Edwin Török 
From: Edwin Török 

Prior to bd7a29c3d0 'out' would've always been executed and memory
freed, but that commit changed it such that it returns early and leaks.

Found using gcc 12.2.1 `-fanalyzer`:
```
xg_core_x86.c: In function ‘xc_core_arch_map_p2m_tree_rw’:
xg_core_x86.c:300:5: error: leak of ‘p2m_frame_list_list’ [CWE-401] 
[-Werror=analyzer-malloc-leak]
  300 | return p2m_frame_list;
  | ^~
  ‘xc_core_arch_map_p2m_writable’: events 1-2
|
|  378 | xc_core_arch_map_p2m_writable(xc_interface *xch, struct 
domain_info_context *dinfo, xc_dominfo_t *info,
|  | ^
|  | |
|  | (1) entry to ‘xc_core_arch_map_p2m_writable’
|..
|  381 | return xc_core_arch_map_p2m_rw(xch, dinfo, info, live_shinfo, 
live_p2m, 1);
|  |
~~~
|  ||
|  |(2) calling ‘xc_core_arch_map_p2m_rw’ from 
‘xc_core_arch_map_p2m_writable’
|
+--> ‘xc_core_arch_map_p2m_rw’: events 3-10
   |
   |  319 | xc_core_arch_map_p2m_rw(xc_interface *xch, struct 
domain_info_context *dinfo, xc_dominfo_t *info,
   |  | ^~~
   |  | |
   |  | (3) entry to ‘xc_core_arch_map_p2m_rw’
   |..
   |  328 | if ( xc_domain_nr_gpfns(xch, info->domid, 
>p2m_size) < 0 )
   |  |~
   |  ||
   |  |(4) following ‘false’ branch...
   |..
   |  334 | if ( dinfo->p2m_size < info->nr_pages  )
   |  | ~~ ~
   |  | |  |
   |  | |  (6) following ‘false’ branch...
   |  | (5) ...to here
   |..
   |  340 | p2m_cr3 = GET_FIELD(live_shinfo, arch.p2m_cr3, 
dinfo->guest_width);
   |  | ~~~
   |  | |
   |  | (7) ...to here
   |  341 |
   |  342 | p2m_frame_list = p2m_cr3 ? 
xc_core_arch_map_p2m_list_rw(xch, dinfo, dom, live_shinfo, p2m_cr3)
   |  |  
~
   |  343 |  : 
xc_core_arch_map_p2m_tree_rw(xch, dinfo, dom, live_shinfo);
   |  |  

   |  |  | |
   |  |  | (9) ...to here
   |  |  | (10) calling 
‘xc_core_arch_map_p2m_tree_rw’ from ‘xc_core_arch_map_p2m_rw’
   |  |  (8) following ‘false’ branch...
   |
   +--> ‘xc_core_arch_map_p2m_tree_rw’: events 11-24
  |
  |  228 | xc_core_arch_map_p2m_tree_rw(xc_interface *xch, 
struct domain_info_context *dinfo,
  |  | ^~~~
  |  | |
  |  | (11) entry to ‘xc_core_arch_map_p2m_tree_rw’
  |..
  |  245 | if ( !live_p2m_frame_list_list )
  |  |~
  |  ||
  |  |(12) following ‘false’ branch (when 
‘live_p2m_frame_list_list’ is non-NULL)...
  |..
  |  252 | if ( !(p2m_frame_list_list = malloc(PAGE_SIZE)) )
  |  | ~~ ~ ~
  |  | |  | |
  |  | |  | (14) allocated here
  |  | |  (15) assuming ‘p2m_frame_list_list’ is 
non-NULL
  |  | |  (16) following ‘false’ branch (when 
‘p2m_frame_list_list’ is non-NULL)...
  |  | (13) ...to here
  |..
  |  257 | memcpy(p2m_frame_list_list, 
live_p2m_frame_list_list, PAGE_SIZE);
  |  | ~~
  |  | |
  |  | (17) ...to here
  |..
  |  266 | else if ( dinfo->guest_width < sizeof(unsigned 
long) )
  |  | ~
  |  | |
  |  | (18) following ‘false’ branch...
  |..
  |  270 | live_p2m_frame_list =
  |  | ~~~
  |  | |
  |  | (19) ...to here
  |..
  |  275 | if ( !live_p2m_frame_list )
  |  |~
  |  ||
  |  |(20) following ‘false’ branch (when 
‘live_p2m_frame_list’ is

[PATCH v1 2/2] backup_ptes: fix leak on realloc failure

2023-02-24 Thread Edwin Török 
From: Edwin Török 

>From `man 2 realloc`:
`If realloc() fails, the original block is left untouched; it is not freed or 
moved.`

Found using GCC -fanalyzer:
```
|  184 | backup->entries = realloc(backup->entries,
|  | ~~
|  | |   | |
|  | |   | (91) when ‘realloc’ fails
|  | |   (92) ‘old_ptes.entries’ leaks here; was 
allocated at (44)
|  | (90) ...to here
```

Signed-off-by: Edwin Török 
---
 tools/libs/guest/xg_offline_page.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tools/libs/guest/xg_offline_page.c 
b/tools/libs/guest/xg_offline_page.c
index c594fdba41..a8bcea768b 100644
--- a/tools/libs/guest/xg_offline_page.c
+++ b/tools/libs/guest/xg_offline_page.c
@@ -181,10 +181,13 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset,
 
 if (backup->max == backup->cur)
 {
-backup->entries = realloc(backup->entries,
+void* orig = backup->entries;
+backup->entries = realloc(orig,
 backup->max * 2 * sizeof(struct pte_backup_entry));
-if (backup->entries == NULL)
+if (backup->entries == NULL) {
+free(orig);
 return -1;
+}
 else
 backup->max *= 2;
 }
-- 
2.39.1

Re: [XEN PATCH v7 06/20] xen/arm: ffa: add flags for FFA_PARTITION_INFO_GET

2023-02-24 Thread Jens Wiklander 
Hi Bertrand,

On Fri, Feb 24, 2023 at 10:30 AM Bertrand Marquis
 wrote:
>
> Hi Jens,
>
> > On 22 Feb 2023, at 16:33, Jens Wiklander  wrote:
> >
> > Defines flags used for the function FFA_PARTITION_INFO_GET.
> >
> > Signed-off-by: Jens Wiklander 
> > ---
> > xen/arch/arm/tee/ffa.c | 26 ++
> > 1 file changed, 26 insertions(+)
> >
> > diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
> > index aa6cdbe0a4f9..f4562ed2defc 100644
> > --- a/xen/arch/arm/tee/ffa.c
> > +++ b/xen/arch/arm/tee/ffa.c
> > @@ -56,6 +56,32 @@
> > #define FFA_MY_VERSION  MAKE_FFA_VERSION(FFA_MY_VERSION_MAJOR, \
> >  FFA_MY_VERSION_MINOR)
> >
> > +/*
> > + * Flags used for the FFA_PARTITION_INFO_GET return message:
>
> This is somehow no completely precise.
> Could I suggest to use what the doc says:
> Flags to determine partition properties in FFA_PARTITION_INFO_GET return 
> message

OK

>
>
> > + * BIT(0): Supports receipt of direct requests
> > + * BIT(1): Can send direct requests
> > + * BIT(2): Can send and receive indirect messages
> > + * BIT(3): Supports receipt of notifications
> > + * BIT(4-5): Partition ID is a PE endpoint ID
>
> You describe all bits until 5 but not 6,7 and 8.
> Please describe all of them to be coherent.

OK

>
> > + */
> > +#define FFA_PART_PROP_DIRECT_REQ_RECV   BIT(0, U)
> > +#define FFA_PART_PROP_DIRECT_REQ_SEND   BIT(1, U)
> > +#define FFA_PART_PROP_INDIRECT_MSGS BIT(2, U)
> > +#define FFA_PART_PROP_RECV_NOTIFBIT(3, U)
> > +#define FFA_PART_PROP_IS_PE_ID  (0U << 4)
> > +#define FFA_PART_PROP_IS_SEPID_INDEP(1U << 4)
> > +#define FFA_PART_PROP_IS_SEPID_DEP  (2U << 4)
> > +#define FFA_PART_PROP_IS_AUX_ID (3U << 4)
> > +#define FFA_PART_PROP_NOTIF_CREATED BIT(6, U)
> > +#define FFA_PART_PROP_NOTIF_DESTROYED   BIT(7, U)
> > +#define FFA_PART_PROP_AARCH64_STATE BIT(8, U)
>
> bits definitions are coherent with the standard
>
> > +
> > +/*
> > + * Flag used as parameter to FFA_PARTITION_INFO_GET to return partition
> > + * count only.
> > + */
> > +#define FFA_PARTITION_INFO_GET_COUNT_FLAG BIT(0, U)
>
> same here.

Thanks,
Jens

>
> Cheers
> Bertrand
>
> > +
> > /* Function IDs */
> > #define FFA_ERROR   0x8460U
> > #define FFA_SUCCESS_32  0x8461U
> > --
> > 2.34.1
> >
>

[xen-unstable test] 178260: tolerable trouble: fail/pass/starved - PUSHED

2023-02-24 Thread osstest service owner 
flight 178260 xen-unstable real [real]
flight 178348 xen-unstable real-retest [real]
http://logs.test-lab.xenproject.org/osstest/logs/178260/
http://logs.test-lab.xenproject.org/osstest/logs/178348/

Failures :-/ but no regressions.

Tests which are failing intermittently (not blocking):
 test-amd64-amd64-libvirt-vhd 19 guest-start/debian.repeat fail pass in 
178348-retest
 test-amd64-i386-xl-vhd 21 guest-start/debian.repeat fail pass in 178348-retest

Tests which did not succeed, but are not blocking:
 test-amd64-i386-xl-shadow 7 xen-install  fail  like 178160
 test-amd64-amd64-xl-qemut-win7-amd64 19 guest-stopfail like 178160
 test-amd64-i386-xl-qemuu-win7-amd64 19 guest-stop fail like 178160
 test-amd64-amd64-xl-qemuu-ws16-amd64 19 guest-stopfail like 178160
 test-amd64-amd64-qemuu-nested-amd 20 debian-hvm-install/l1/l2 fail like 178160
 test-amd64-i386-xl-qemut-ws16-amd64 19 guest-stop fail like 178160
 test-amd64-i386-xl-qemut-win7-amd64 19 guest-stop fail like 178160
 test-amd64-amd64-xl-qemut-ws16-amd64 19 guest-stopfail like 178160
 test-amd64-i386-xl-qemuu-ws16-amd64 19 guest-stop fail like 178160
 test-amd64-amd64-xl-qemuu-win7-amd64 19 guest-stopfail like 178160
 test-amd64-i386-xl-pvshim14 guest-start  fail   never pass
 test-amd64-amd64-libvirt-xsm 15 migrate-support-checkfail   never pass
 test-amd64-i386-libvirt-xsm  15 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt 15 migrate-support-checkfail   never pass
 test-amd64-i386-libvirt  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-xsm  16 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl  16 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl-thunderx 15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-thunderx 16 saverestore-support-checkfail   never pass
 test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm 13 migrate-support-check 
fail never pass
 test-arm64-arm64-xl-credit2  15 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-xsm 15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-credit2  16 saverestore-support-checkfail   never pass
 test-arm64-arm64-libvirt-xsm 16 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl-credit1  15 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-credit1  16 saverestore-support-checkfail   never pass
 test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsm 13 migrate-support-check 
fail never pass
 test-amd64-i386-libvirt-raw  14 migrate-support-checkfail   never pass
 test-amd64-amd64-libvirt-vhd 14 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-raw 14 migrate-support-checkfail   never pass
 test-arm64-arm64-libvirt-raw 15 saverestore-support-checkfail   never pass
 test-arm64-arm64-xl-vhd  14 migrate-support-checkfail   never pass
 test-arm64-arm64-xl-vhd  15 saverestore-support-checkfail   never pass
 build-armhf-libvirt   1 build-check(1)   starved  n/a
 test-armhf-armhf-examine  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-qcow2  1 build-check(1)   starved  n/a
 test-armhf-armhf-libvirt-raw  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-credit1   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-credit2   1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-cubietruck  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-multivcpu  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-rtds  1 build-check(1)   starved  n/a
 test-armhf-armhf-xl-vhd   1 build-check(1)   starved  n/a
 build-armhf   2 hosts-allocate   starved  n/a

version targeted for testing:
 xen  91d4d9506a4e8906253d1280bd5a1f39668fad64
baseline version:
 xen  c15e2d4c1c93d3d1744501b7f938db4ca23ee5e1

Last test of basis   178160  2023-02-22 19:11:20 Z1 days
Testing same since   178260  2023-02-23 16:14:10 Z0 days1 attempts


People who touched revisions under test:
  Jan Beulich 
  Tamas K Lengyel 
  Xenia Ragiadakou 

jobs:
 build-amd64-xsm  pass
 build-arm64-xsm  pass
 build-i386-xsm

Re: [PATCH v2] xen: Work around Clang-IAS macro \@ expansion bug

2023-02-24 Thread Andrew Cooper 
On 24/02/2023 7:14 am, Jan Beulich wrote:
> On 23.02.2023 21:36, Andrew Cooper wrote:
>> https://github.com/llvm/llvm-project/issues/60792
>>
>> It turns out that Clang-IAS does not expand \@ uniquely in a translaition
>> unit, and the XSA-426 change tickles this bug:
>>
>>   :4:1: error: invalid symbol redefinition
>>   .L1_fill_rsb_loop:
>>   ^
>>   make[3]: *** [Rules.mk:247: arch/x86/acpi/cpu_idle.o] Error 1
>>
>> Extend DO_OVERWRITE_RSB with an optional parameter so C callers can mix %= in
>> too, which Clang does seem to expand properly.
>>
>> Fixes: 63305e5392ec ("x86/spec-ctrl: Mitigate Cross-Thread Return Address 
>> Predictions")
>> Signed-off-by: Andrew Cooper 
> A little hesitantly
> Reviewed-by: Jan Beulich 

Thanks.

>
>> --- a/xen/arch/x86/include/asm/spec_ctrl.h
>> +++ b/xen/arch/x86/include/asm/spec_ctrl.h
>> @@ -83,7 +83,7 @@ static always_inline void spec_ctrl_new_guest_context(void)
>>  wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
>>  
>>  /* (ab)use alternative_input() to specify clobbers. */
>> -alternative_input("", "DO_OVERWRITE_RSB", X86_BUG_IBPB_NO_RET,
>> +alternative_input("", "DO_OVERWRITE_RSB xu=%=", X86_BUG_IBPB_NO_RET,
> Especially with there possibly appearing more cases where we need to
> add such, wrapping the extra parameter in a C macro continues to
> seem better to me, for having a minimal level of documentation (I
> has CLANG in the suggested name for exactly this purpose) right at
> the place of use. The way you have it you force readers to go look
> up the assembler macro and read through the commentary there in order
> to find any explanation for the oddity.

I'm not massively happy with the patch in this form, but it is less bad
than splitting the name out.

We do not separate out parameters elsewhere.  Doing so adds cognitive
complexity to following the C, because now instead of having 2 places to
look at to figure out what's going on, you have 3.

Even a name like CLANG_EXTRA_UNIQUE is only meaningful to you and me. 
Everyone else has to go and find the two other places to understand
what's going on.

Finally, and most importantly, despite having moved to a 2-char macro
parameter name, there's still not a meaningful identifier here in C
that's shorter.

I do understand the want to try and make this more obvious, but adding
cognitive complexity and code volume isn't a good way of improving things.

~Andrew

Re: [PATCH 2/2] xen/misra: add entries to exclude-list.json

2023-02-24 Thread Luca Fancellu 
Hi Stefano,

>> Hi Jan,
>> 
>> my personal opinion is that we can’t handle them for files that needs to be 
>> kept
>> in sync from an external source, because we can’t justify findings or tag 
>> false
>> positives, if we are lucky we might fix the non compliances but even in that 
>> case
>> there might be times when the fix goes through and cases where the fix is 
>> objected
>> by the maintainers just because their project is not following the MISRA 
>> standard.
>> 
>> On our side, what we can do is track these files and from time to time check 
>> that
>> they are still eligible to backport, because when they are not anymore we 
>> could
>> just port them to Xen coding style and start doing direct changes.
>> 
>> 
>> @Stefano/@Bertrand/@Julien thanks for your effort on the list, yesterday 
>> morning
>> I’ve also had a look on the Michal’s file list and I’ve tracked down the 
>> origin, here
>> my findings, maybe we could merge your list with mine?
> 
> Yes to merge the two lists, but I think we should keep only items that we
> actually need for the sake of having a cleaner baseline. So I would only
> add things we need today to reduce the noise on cppcheck results
> (excluding 20.7 and also excluding unusedStructMember which I think we
> should probably stop scanning with cppcheck altogether).

Yes I thought about excluding unusedStructMember, I see there are a lot of 
findings on x86
which are not real findings, it’s just that the tool has not the complete 
picture.

Here the ways are two:
1) exclude globally unusedStructMember
2) exclude unusedStructMember only on some selected files (available only on 
cppcheck)
this requires some work to add a field to this list, like 
“cppcheck-error-exclude” and a list,
comma separated, of error-id to be suppressed from the corresponding file.

Regarding the list, I merged your list with mine (and Michal’s work) to create 
a complete list,
I think it’s better to have it complete because all those files are external 
and even if today we don’t
have findings for some of these files, we could have some in the future, and 
since we know today 
that we can’t do direct changes to them, in my opinion it’s better to list them 
now instead of forgetting
them later.

I left out for now these files to start a discussion for them, because I think 
they should be included in
the analysis:

common/symbols-dummy.c:
  this file accepts direct changes, cppcheck complains about misra-c2012-8.4 
but I think it is right, also
  Coverity complains about the same findings, they can be fixed adding 
declarations on symbols.h I think
  and removing the declarations from symbol.c module

common/version.c:
  Apart from unusedStructMember, cppcheck is confused only on 2 findings that 
compares one local symbol
  and one linker defined symbol, could we have just one tag to suppress those 
two findings instead of removing
  completely the file? This file is under our control, so we could push changes.

include/xen/lib.h:
  Findings are from the bsearch function, which is derived from Linux, but I 
can see the codestyle is the Xen style
  and it seems (I might be wrong) that it has diverged from Linux, so we might 
do changes and fix the findings that
  are correct, void* arithmetic is working because gcc make it work assigning a 
sizeof of 1, using char* pointers we
  have the same result without having the undefined behaviour (correct me if I 
am wrong).

include/xen/sort.h:
  Also this one is derived from Linux, but seems that we converted it to our 
coding style and we can do direct changes,
  the same reasoning about void* pointers arithmetic applies here.


What are your thoughts?

Here the merged list, capturing also Jan comments:

{
   "version": "1.0",
   "content": [
   {
   "rel_path": "arch/arm/arm64/cpufeature.c",
   "comment": "Imported from Linux, ignore for now"
   },
   {
   "rel_path": "arch/arm/arm64/insn.c",
   "comment": "Imported on Linux"
   },
   {
   "rel_path": "arch/arm/arm64/lib/find_next_bit.c",
   "comment": "Imported from Linux, ignore for now"
   },
   {
   "rel_path": "arch/x86/acpi/boot.c",
   "comment": "Imported from Linux, ignore for now"
   },
   {
   "rel_path": "arch/x86/acpi/cpu_idle.c",
   "comment": "Imported from Linux, ignore for now"
   },
   {
   "rel_path": "arch/x86/acpi/cpufreq/cpufreq.c",
   "comment": "Imported from Linux, ignore for now"
   },
   {
   "rel_path": "arch/x86/acpi/cpuidle_menu.c",
   "comment": "Imported from Linux, ignore for now"
   },
   {
   "rel_path": "arch/x86/acpi/lib.c",
   "comment": "Imported from Linux, ignore for now"
   },
   {
   "rel_path": "arch/x86/cpu/amd.c",
   "comment": "Imported from Linux, ignore for now"
   },
   {
   "rel_path": "arch/x86/cpu/centaur.c",

[PATCH v4 5/5] automation: modify RISC-V smoke test

2023-02-24 Thread Oleksii Kurochko 
The patch modifies the grep pattern to reflect the usage of WARN.

Signed-off-by: Oleksii Kurochko 
Reviewed-by: Alistair Francis 
Acked-by: Stefano Stabellini 
---
Changes in V4:
 - Add Reviewed-by: Alistair Francis 
   and Acked-by: Stefano Stabellini 
---
Changes in V3:
 - Update commit message
---
Changes in V2:
 - Leave only the latest "grep ..."
---
 automation/scripts/qemu-smoke-riscv64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/automation/scripts/qemu-smoke-riscv64.sh 
b/automation/scripts/qemu-smoke-riscv64.sh
index e0f06360bc..02fc66be03 100755
--- a/automation/scripts/qemu-smoke-riscv64.sh
+++ b/automation/scripts/qemu-smoke-riscv64.sh
@@ -16,5 +16,5 @@ qemu-system-riscv64 \
 |& tee smoke.serial
 
 set -e
-(grep -q "Hello from C env" smoke.serial) || exit 1
+(grep -q "WARN is most likely working" smoke.serial) || exit 1
 exit 0
-- 
2.39.0

[PATCH v4 3/5] xen/riscv: introduce an implementation of macros from

2023-02-24 Thread Oleksii Kurochko 
The patch introduces macros: BUG(), WARN(), run_in_exception(),
assert_failed.

The implementation uses "ebreak" instruction in combination with
diffrent bug frame tables (for each type) which contains useful
information.

Signed-off-by: Oleksii Kurochko 
---
Changes in V4:
  - Updates in RISC-V's :
* Add explanatory comment about why there is only defined for 32-bits length
  instructions and 16/32-bits BUG_INSN_{16,32}.
* Change 'unsigned long' to 'unsigned int' inside GET_INSN_LENGTH().
* Update declaration of is_valid_bugaddr(): switch return type from int to 
bool
  and the argument from 'unsigned int' to 'vaddr'.
  - Updates in RISC-V's traps.c:
* replace /xen and /asm includes 
* update definition of is_valid_bugaddr():switch return type from int to 
bool
  and the argument from 'unsigned int' to 'vaddr'. Code style inside 
function
  was updated too.
* do_bug_frame() refactoring:
  * local variables start and bug became 'const struct bug_frame'
  * bug_frames[] array became 'static const struct bug_frame[] = ...'
  * remove all casts
  * remove unneeded comments and add an explanatory comment that the 
do_bug_frame()
will be switched to a generic one.
* do_trap() refactoring:
  * read 16-bits value instead of 32-bits as compressed instruction can
be used and it might happen than only 16-bits may be accessible.
  * code style updates
  * re-use instr variable instead of re-reading instruction.
  - Updates in setup.c:
* add blank line between xen/ and asm/ includes.
---
Changes in V3:
  - Rebase the patch "xen/riscv: introduce an implementation of macros
from " on top of patch series [introduce generic implementation
of macros from bug.h]
---
Changes in V2:
  - Remove __ in define namings
  - Update run_in_exception_handler() with
register void *fn_ asm(__stringify(BUG_FN_REG)) = (fn);
  - Remove bug_instr_t type and change it's usage to uint32_t
---
 xen/arch/riscv/include/asm/bug.h   |  48 ++
 xen/arch/riscv/include/asm/processor.h |   2 +
 xen/arch/riscv/setup.c |   1 +
 xen/arch/riscv/traps.c | 125 +
 xen/arch/riscv/xen.lds.S   |  10 ++
 5 files changed, 186 insertions(+)
 create mode 100644 xen/arch/riscv/include/asm/bug.h

diff --git a/xen/arch/riscv/include/asm/bug.h b/xen/arch/riscv/include/asm/bug.h
new file mode 100644
index 00..67ade6f895
--- /dev/null
+++ b/xen/arch/riscv/include/asm/bug.h
@@ -0,0 +1,48 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (C) 2012 Regents of the University of California
+ * Copyright (C) 2021-2023 Vates
+ *
+ */
+#ifndef _ASM_RISCV_BUG_H
+#define _ASM_RISCV_BUG_H
+
+#include 
+
+#ifndef __ASSEMBLY__
+
+#define BUG_INSTR "ebreak"
+
+/*
+ * The base instruction set has a fixed length of 32-bit naturally aligned
+ * instructions.
+ *
+ * There are extensions of variable length ( where each instruction can be
+ * any number of 16-bit parcels in length ) but they aren't used in Xen
+ * and Linux kernel ( where these definitions were taken from ).
+ *
+ * Compressed ISA is used now where the instruction length is 16 bit  and
+ * 'ebreak' instruction, in this case, can be either 16 or 32 bit (
+ * depending on if compressed ISA is used or not )
+ */
+#define INSN_LENGTH_MASK_UL(0x3)
+#define INSN_LENGTH_32  _UL(0x3)
+
+#define BUG_INSN_32 _UL(0x00100073) /* ebreak */
+#define BUG_INSN_16 _UL(0x9002) /* c.ebreak */
+#define COMPRESSED_INSN_MASK_UL(0x)
+
+#define GET_INSN_LENGTH(insn)   \
+({  \
+unsigned int len;   \
+len = ((insn & INSN_LENGTH_MASK) == INSN_LENGTH_32) ?   \
+4UL : 2UL;  \
+len;\
+})
+
+/* These are defined by the architecture */
+bool is_valid_bugaddr(vaddr_t addr);
+
+#endif /* !__ASSEMBLY__ */
+
+#endif /* _ASM_RISCV_BUG_H */
diff --git a/xen/arch/riscv/include/asm/processor.h 
b/xen/arch/riscv/include/asm/processor.h
index a71448e02e..ef23d9589e 100644
--- a/xen/arch/riscv/include/asm/processor.h
+++ b/xen/arch/riscv/include/asm/processor.h
@@ -69,6 +69,8 @@ static inline void die(void)
 wfi();
 }
 
+void show_execution_state(const struct cpu_user_regs *regs);
+
 #endif /* __ASSEMBLY__ */
 
 #endif /* _ASM_RISCV_PROCESSOR_H */
diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
index c8513ca4f8..73b9a82883 100644
--- a/xen/arch/riscv/setup.c
+++ b/xen/arch/riscv/setup.c
@@ -1,3 +1,4 @@
+#include 
 #include 
 #include 
 
diff --git a/xen/arch/riscv/traps.c b/xen/arch/riscv/traps.c
index ad7311f269..d87a9cfd2c 100644
--- a/xen/arch/riscv/traps.c
+++ b/xen/arch/riscv/traps.c
@@ -5,6 +5,7 @@
  * RISC-V Trap handlers
  */
 
+#include 
 #include 
 #include

[PATCH v4 1/5] xen/riscv: introduce decode_cause() stuff

2023-02-24 Thread Oleksii Kurochko 
The patch introduces stuff needed to decode a reason of an
exception.

Signed-off-by: Oleksii Kurochko 
---
Changes in V4:
  - fix string in decode_reserved_interrupt_cause()
---
Changes in V3:
  - Nothing changed
---
Changes in V2:
  - Make decode_trap_cause() more optimization friendly.
  - Merge the pathc which introduces do_unexpected_trap() to the current one.
---
 xen/arch/riscv/traps.c | 87 +-
 1 file changed, 86 insertions(+), 1 deletion(-)

diff --git a/xen/arch/riscv/traps.c b/xen/arch/riscv/traps.c
index ccd3593f5a..29b1a0dfae 100644
--- a/xen/arch/riscv/traps.c
+++ b/xen/arch/riscv/traps.c
@@ -4,10 +4,95 @@
  *
  * RISC-V Trap handlers
  */
+
+#include 
+#include 
+
+#include 
+#include 
 #include 
 #include 
 
-void do_trap(struct cpu_user_regs *cpu_regs)
+static const char *decode_trap_cause(unsigned long cause)
+{
+static const char *const trap_causes[] = {
+[CAUSE_MISALIGNED_FETCH] = "Instruction Address Misaligned",
+[CAUSE_FETCH_ACCESS] = "Instruction Access Fault",
+[CAUSE_ILLEGAL_INSTRUCTION] = "Illegal Instruction",
+[CAUSE_BREAKPOINT] = "Breakpoint",
+[CAUSE_MISALIGNED_LOAD] = "Load Address Misaligned",
+[CAUSE_LOAD_ACCESS] = "Load Access Fault",
+[CAUSE_MISALIGNED_STORE] = "Store/AMO Address Misaligned",
+[CAUSE_STORE_ACCESS] = "Store/AMO Access Fault",
+[CAUSE_USER_ECALL] = "Environment Call from U-Mode",
+[CAUSE_SUPERVISOR_ECALL] = "Environment Call from S-Mode",
+[CAUSE_MACHINE_ECALL] = "Environment Call from M-Mode",
+[CAUSE_FETCH_PAGE_FAULT] = "Instruction Page Fault",
+[CAUSE_LOAD_PAGE_FAULT] = "Load Page Fault",
+[CAUSE_STORE_PAGE_FAULT] = "Store/AMO Page Fault",
+[CAUSE_FETCH_GUEST_PAGE_FAULT] = "Instruction Guest Page Fault",
+[CAUSE_LOAD_GUEST_PAGE_FAULT] = "Load Guest Page Fault",
+[CAUSE_VIRTUAL_INST_FAULT] = "Virtualized Instruction Fault",
+[CAUSE_STORE_GUEST_PAGE_FAULT] = "Guest Store/AMO Page Fault",
+};
+
+if ( cause < ARRAY_SIZE(trap_causes) && trap_causes[cause] )
+return trap_causes[cause];
+return "UNKNOWN";
+}
+
+const char *decode_reserved_interrupt_cause(unsigned long irq_cause)
+{
+switch ( irq_cause )
+{
+case IRQ_M_SOFT:
+return "M-mode Software Interrupt";
+case IRQ_M_TIMER:
+return "M-mode TIMER Interrupt";
+case IRQ_M_EXT:
+return "M-mode External Interrupt";
+default:
+return "UNKNOWN IRQ type";
+}
+}
+
+const char *decode_interrupt_cause(unsigned long cause)
+{
+unsigned long irq_cause = cause & ~CAUSE_IRQ_FLAG;
+
+switch ( irq_cause )
+{
+case IRQ_S_SOFT:
+return "Supervisor Software Interrupt";
+case IRQ_S_TIMER:
+return "Supervisor Timer Interrupt";
+case IRQ_S_EXT:
+return "Supervisor External Interrupt";
+default:
+return decode_reserved_interrupt_cause(irq_cause);
+}
+}
+
+const char *decode_cause(unsigned long cause)
+{
+if ( cause & CAUSE_IRQ_FLAG )
+return decode_interrupt_cause(cause);
+
+return decode_trap_cause(cause);
+}
+
+static void do_unexpected_trap(const struct cpu_user_regs *regs)
 {
+unsigned long cause = csr_read(CSR_SCAUSE);
+
+early_printk("Unhandled exception: ");
+early_printk(decode_cause(cause));
+early_printk("\n");
+
 die();
 }
+
+void do_trap(struct cpu_user_regs *cpu_regs)
+{
+do_unexpected_trap(cpu_regs);
+}
-- 
2.39.0

[PATCH v4 4/5] xen/riscv: test basic handling stuff

2023-02-24 Thread Oleksii Kurochko 
Signed-off-by: Oleksii Kurochko 
Acked-by: Alistair Francis 
---
Changes in V4:
  - Add Acked-by: Alistair Francis 
---
Changes in V3:
  - Nothing changed
---
Changes in V2:
  - Nothing changed
---
 xen/arch/riscv/setup.c | 16 
 1 file changed, 16 insertions(+)

diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
index 73b9a82883..b3f8b10f71 100644
--- a/xen/arch/riscv/setup.c
+++ b/xen/arch/riscv/setup.c
@@ -10,12 +10,28 @@
 unsigned char __initdata cpu0_boot_stack[STACK_SIZE]
 __aligned(STACK_SIZE);
 
+static void test_run_in_exception(struct cpu_user_regs *regs)
+{
+early_printk("If you see this message, ");
+early_printk("run_in_exception_handler is most likely working\n");
+}
+
+static void test_macros_from_bug_h(void)
+{
+run_in_exception_handler(test_run_in_exception);
+WARN();
+early_printk("If you see this message, ");
+early_printk("WARN is most likely working\n");
+}
+
 void __init noreturn start_xen(void)
 {
 early_printk("Hello from C env\n");
 
 trap_init();
 
+test_macros_from_bug_h();
+
 for ( ;; )
 asm volatile ("wfi");
 
-- 
2.39.0

[PATCH v4 2/5] xen/riscv: introduce trap_init()

2023-02-24 Thread Oleksii Kurochko 
Signed-off-by: Oleksii Kurochko 
Reviewed-by: Alistair Francis 
---
Changes in V4:
  - Nothing changed
---
Changes in V3:
  - Nothing changed
---
Changes in V2:
  - Rename setup_trap_handler() to trap_init().
  - Add Reviewed-by to the commit message.
---
 xen/arch/riscv/include/asm/traps.h | 1 +
 xen/arch/riscv/setup.c | 4 
 xen/arch/riscv/traps.c | 7 +++
 3 files changed, 12 insertions(+)

diff --git a/xen/arch/riscv/include/asm/traps.h 
b/xen/arch/riscv/include/asm/traps.h
index f3fb6b25d1..f1879294ef 100644
--- a/xen/arch/riscv/include/asm/traps.h
+++ b/xen/arch/riscv/include/asm/traps.h
@@ -7,6 +7,7 @@
 
 void do_trap(struct cpu_user_regs *cpu_regs);
 void handle_trap(void);
+void trap_init(void);
 
 #endif /* __ASSEMBLY__ */
 
diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
index d09ffe1454..c8513ca4f8 100644
--- a/xen/arch/riscv/setup.c
+++ b/xen/arch/riscv/setup.c
@@ -1,7 +1,9 @@
 #include 
 #include 
 
+#include 
 #include 
+#include 
 
 /* Xen stack for bringing up the first CPU. */
 unsigned char __initdata cpu0_boot_stack[STACK_SIZE]
@@ -11,6 +13,8 @@ void __init noreturn start_xen(void)
 {
 early_printk("Hello from C env\n");
 
+trap_init();
+
 for ( ;; )
 asm volatile ("wfi");
 
diff --git a/xen/arch/riscv/traps.c b/xen/arch/riscv/traps.c
index 29b1a0dfae..ad7311f269 100644
--- a/xen/arch/riscv/traps.c
+++ b/xen/arch/riscv/traps.c
@@ -13,6 +13,13 @@
 #include 
 #include 
 
+void trap_init(void)
+{
+unsigned long addr = (unsigned long)_trap;
+
+csr_write(CSR_STVEC, addr);
+}
+
 static const char *decode_trap_cause(unsigned long cause)
 {
 static const char *const trap_causes[] = {
-- 
2.39.0

[PATCH v4 0/5] RISCV basic exception handling implementation

2023-02-24 Thread Oleksii Kurochko 
The patch series is based on [introduce generic implementation
of macros from bug.h] which hasn't been commited yet.

The patch series provides a basic implementation of exception handling.
It can do only basic things such as decode a cause of an exception,
save/restore registers and execute "wfi" instruction if an exception
can not be handled.

To verify that exception handling works well it was implemented macros
from  such as BUG/WARN/run_in_exception/assert_failed.
The implementation of macros is used "ebreak" instruction and set up bug
frame tables for each type of macros.
Also it was implemented register save/restore to return and continue work
after WARN/run_in_exception.
Not all functionality of the macros was implemented as some of them
require hard-panic the system which is not available now. Instead of
hard-panic 'wfi' instruction is used but it should be definitely changed
in the neareset future.
It wasn't implemented show_execution_state() and stack trace discovering
as it's not necessary now.

---
Changes in V4:
  - Rebase the patch series on top of new version of [introduce generic
implementation of macros from bug.h] patch series.
  - Update the cover letter message as 'Early printk' was merged and
the current one patch series is based only on [introduce generic
implementation of macros from bug.h] which hasn't been commited yet.
  - The following patches of the patch series were merged to staging:
  [PATCH v3 01/14] xen/riscv: change ISA to r64G
  [PATCH v3 02/14] xen/riscv: add  header
  [PATCH v3 03/14] xen/riscv: add  header
  [PATCH v3 05/14] xen/riscv: introduce empty 
  [PATCH v3 06/14] xen/riscv: introduce empty 
  [PATCH v3 07/14] xen/riscv: introduce exception context
  [PATCH v3 08/14] xen/riscv: introduce exception handlers implementation
  [PATCH v3 10/14] xen/riscv: mask all interrupts
  - Fix addressed comments in xen-devel mailing list.

---
Changes in V3:
  - Change the name of config RISCV_ISA_RV64IMA to RISCV_ISA_RV64G
as instructions from Zicsr and Zifencei extensions aren't part of
I extension any more.
  - Rebase the patch "xen/riscv: introduce an implementation of macros
from " on top of patch series [introduce generic implementation
of macros from bug.h]
  - Update commit messages
---
Changes in V2:
  - take the latest riscv_encoding.h from OpenSBI, update it with Xen
related changes, and update the commit message with "Origin:"
tag and the commit message itself.
  - add "Origin:" tag to the commit messag of the patch
[xen/riscv: add  header].
  - Remove the patch [xen/riscv: add early_printk_hnum() function] as the
functionality provided by the patch isn't used now.
  - Refactor prcoess.h: move structure offset defines to asm-offsets.c,
change register_t to unsigned long.
  - Refactor entry.S to use offsets defined in asm-offsets.C
  - Rename {__,}handle_exception to handle_trap() and do_trap() to be more
consistent with RISC-V spec.
  - Merge the pathc which introduces do_unexpected_trap() with the patch
[xen/riscv: introduce exception handlers implementation].
  - Rename setup_trap_handler() to trap_init() and update correspondingly
the patches in the patch series.
  - Refactor bug.h, remove bug_instr_t type from it.
  - Refactor decode_trap_cause() function to be more optimization-friendly.
  - Add two new empty headers:  and  as they are needed to
include  which provides ARRAY_SIZE and other macros.
  - Code style fixes.
---

Oleksii Kurochko (5):
  xen/riscv: introduce decode_cause() stuff
  xen/riscv: introduce trap_init()
  xen/riscv: introduce an implementation of macros from 
  xen/riscv: test basic handling stuff
  automation: modify RISC-V smoke test

 automation/scripts/qemu-smoke-riscv64.sh |   2 +-
 xen/arch/riscv/include/asm/bug.h |  48 +
 xen/arch/riscv/include/asm/processor.h   |   2 +
 xen/arch/riscv/include/asm/traps.h   |   1 +
 xen/arch/riscv/setup.c   |  21 +++
 xen/arch/riscv/traps.c   | 219 ++-
 xen/arch/riscv/xen.lds.S |  10 ++
 7 files changed, 301 insertions(+), 2 deletions(-)
 create mode 100644 xen/arch/riscv/include/asm/bug.h

-- 
2.39.0

[PATCH v3 2/4] xen: change to

2023-02-24 Thread Oleksii Kurochko 
Since the generic version of bug.h stuff was introduced use 
instead of unnecessary 

Signed-off-by: Oleksii Kurochko 
---
Changes in V3:
 * Update patch 2 not to break compilation: move some parts from patches 3 and 4
   to patch 2:
   * move some generic parts from  to 
   * add define BUG_FRAME_STRUCT in ARM's 
---
Changes in V2:
 * Put [PATCH v1 4/4] xen: change  to  as second patch,
   update the patch to change all  to  among the whole 
project
   to not break build.
 * Update the commit message.
---
 xen/arch/arm/include/asm/bug.h   | 19 +++
 xen/arch/arm/include/asm/div64.h |  2 +-
 xen/arch/arm/vgic/vgic-v2.c  |  2 +-
 xen/arch/arm/vgic/vgic.c |  2 +-
 xen/arch/x86/acpi/cpufreq/cpufreq.c  |  2 +-
 xen/arch/x86/include/asm/asm_defns.h |  2 +-
 xen/arch/x86/include/asm/bug.h   | 19 ++-
 xen/drivers/cpufreq/cpufreq.c|  2 +-
 xen/include/xen/lib.h|  2 +-
 9 files changed, 12 insertions(+), 40 deletions(-)

diff --git a/xen/arch/arm/include/asm/bug.h b/xen/arch/arm/include/asm/bug.h
index f4088d0913..cacaf014ab 100644
--- a/xen/arch/arm/include/asm/bug.h
+++ b/xen/arch/arm/include/asm/bug.h
@@ -1,6 +1,8 @@
 #ifndef __ARM_BUG_H__
 #define __ARM_BUG_H__
 
+#include 
+
 #if defined(CONFIG_ARM_32)
 # include 
 #elif defined(CONFIG_ARM_64)
@@ -9,9 +11,7 @@
 # error "unknown ARM variant"
 #endif
 
-#define BUG_DISP_WIDTH24
-#define BUG_LINE_LO_WIDTH (31 - BUG_DISP_WIDTH)
-#define BUG_LINE_HI_WIDTH (31 - BUG_DISP_WIDTH)
+#define BUG_FRAME_STRUCT
 
 struct bug_frame {
 signed int loc_disp;/* Relative address to the bug address */
@@ -26,13 +26,6 @@ struct bug_frame {
 #define bug_line(b) ((b)->line)
 #define bug_msg(b) ((const char *)(b) + (b)->msg_disp)
 
-#define BUGFRAME_run_fn 0
-#define BUGFRAME_warn   1
-#define BUGFRAME_bug2
-#define BUGFRAME_assert 3
-
-#define BUGFRAME_NR 4
-
 /* Many versions of GCC doesn't support the asm %c parameter which would
  * be preferable to this unpleasantness. We use mergeable string
  * sections to avoid multiple copies of the string appearing in the
@@ -89,12 +82,6 @@ struct bug_frame {
 unreachable();  \
 } while (0)
 
-extern const struct bug_frame __start_bug_frames[],
-  __stop_bug_frames_0[],
-  __stop_bug_frames_1[],
-  __stop_bug_frames_2[],
-  __stop_bug_frames_3[];
-
 #endif /* __ARM_BUG_H__ */
 /*
  * Local variables:
diff --git a/xen/arch/arm/include/asm/div64.h b/xen/arch/arm/include/asm/div64.h
index 1cd58bc51a..fc667a80f9 100644
--- a/xen/arch/arm/include/asm/div64.h
+++ b/xen/arch/arm/include/asm/div64.h
@@ -74,7 +74,7 @@
 
 #elif __GNUC__ >= 4
 
-#include 
+#include 
 
 /*
  * If the divisor happens to be constant, we determine the appropriate
diff --git a/xen/arch/arm/vgic/vgic-v2.c b/xen/arch/arm/vgic/vgic-v2.c
index 1a99d3a8b4..c90e88fddb 100644
--- a/xen/arch/arm/vgic/vgic-v2.c
+++ b/xen/arch/arm/vgic/vgic-v2.c
@@ -16,8 +16,8 @@
  */
 
 #include 
-#include 
 #include 
+#include 
 #include 
 #include 
 
diff --git a/xen/arch/arm/vgic/vgic.c b/xen/arch/arm/vgic/vgic.c
index f0f2ea5021..b9463a5f27 100644
--- a/xen/arch/arm/vgic/vgic.c
+++ b/xen/arch/arm/vgic/vgic.c
@@ -15,9 +15,9 @@
  * along with this program.  If not, see .
  */
 
+#include 
 #include 
 #include 
-#include 
 #include 
 #include 
 
diff --git a/xen/arch/x86/acpi/cpufreq/cpufreq.c 
b/xen/arch/x86/acpi/cpufreq/cpufreq.c
index c27cbb2304..18ff2a443b 100644
--- a/xen/arch/x86/acpi/cpufreq/cpufreq.c
+++ b/xen/arch/x86/acpi/cpufreq/cpufreq.c
@@ -27,6 +27,7 @@
  * ~~
  */
 
+#include 
 #include 
 #include 
 #include 
@@ -35,7 +36,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
diff --git a/xen/arch/x86/include/asm/asm_defns.h 
b/xen/arch/x86/include/asm/asm_defns.h
index d9431180cf..a8526cf36c 100644
--- a/xen/arch/x86/include/asm/asm_defns.h
+++ b/xen/arch/x86/include/asm/asm_defns.h
@@ -6,7 +6,7 @@
 /* NB. Auto-generated from arch/.../asm-offsets.c */
 #include 
 #endif
-#include 
+#include 
 #include 
 #include 
 #include 
diff --git a/xen/arch/x86/include/asm/bug.h b/xen/arch/x86/include/asm/bug.h
index b7265bdfbe..4b3e7b019d 100644
--- a/xen/arch/x86/include/asm/bug.h
+++ b/xen/arch/x86/include/asm/bug.h
@@ -1,19 +1,10 @@
 #ifndef __X86_BUG_H__
 #define __X86_BUG_H__
 
-#define BUG_DISP_WIDTH24
-#define BUG_LINE_LO_WIDTH (31 - BUG_DISP_WIDTH)
-#define BUG_LINE_HI_WIDTH (31 - BUG_DISP_WIDTH)
-
-#define BUGFRAME_run_fn 0
-#define BUGFRAME_warn   1
-#define BUGFRAME_bug2
-#define BUGFRAME_assert 3
-
-#define BUGFRAME_NR 4
-
 #ifndef __ASSEMBLY__
 
+#define BUG_FRAME_STRUCT
+
 struct bug_frame {
 signed int loc_disp:BUG_DISP_WIDTH;
 unsigned int line_hi:BUG_LINE_HI_WIDTH;
@@

[PATCH v3 4/4] xen/x86: switch x86 to use generic implemetation of bug.h

2023-02-24 Thread Oleksii Kurochko 
The following changes were made:
* Make GENERIC_BUG_FRAME mandatory for X86
* Update asm/bug.h using generic implementation in 
* Change prototype of debugger_trap_fatal() in asm/debugger.h
  to align it with generic prototype in .
* Update do_invalid_op using generic do_bug_frame()

Signed-off-by: Oleksii Kurochko 
---
Changes in V3:
 * As prototype and what do_bug_frame() returns was changed so patch 3 and 4
   was updated to use a new version of do_bug_frame
 * MODIFIER was change to BUG_ASM_CONST to align with generic implementation
---
Changes in V2:
  * Remove all unnecessary things from  as they were introduced in
.
  * Define BUG_INSTR = 'ud2' and MODIFIER = 'c' ( it is needed to skip '$'
when use an imidiate in x86 assembly )
  * Update do_invalid_op() to re-use handle_bug_frame() and find_bug_frame()
from generic implemetation of CONFIG_GENERIC_BUG_FRAME
  * Code style fixes.
---
 xen/arch/x86/Kconfig|  1 +
 xen/arch/x86/include/asm/bug.h  | 73 ++
 xen/arch/x86/include/asm/debugger.h |  4 +-
 xen/arch/x86/traps.c| 81 +++--
 4 files changed, 14 insertions(+), 145 deletions(-)

diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 6a7825f4ba..b0ff1f3ee6 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -11,6 +11,7 @@ config X86
select ARCH_MAP_DOMAIN_PAGE
select ARCH_SUPPORTS_INT128
select CORE_PARKING
+   select GENERIC_BUG_FRAME
select HAS_ALTERNATIVE
select HAS_COMPAT
select HAS_CPUFREQ
diff --git a/xen/arch/x86/include/asm/bug.h b/xen/arch/x86/include/asm/bug.h
index 4b3e7b019d..d7eb41baf3 100644
--- a/xen/arch/x86/include/asm/bug.h
+++ b/xen/arch/x86/include/asm/bug.h
@@ -3,75 +3,10 @@
 
 #ifndef __ASSEMBLY__
 
-#define BUG_FRAME_STRUCT
+#define BUG_INSTR   "ud2"
+#define BUG_ASM_CONST   "c"
 
-struct bug_frame {
-signed int loc_disp:BUG_DISP_WIDTH;
-unsigned int line_hi:BUG_LINE_HI_WIDTH;
-signed int ptr_disp:BUG_DISP_WIDTH;
-unsigned int line_lo:BUG_LINE_LO_WIDTH;
-signed int msg_disp[];
-};
-
-#define bug_loc(b) ((const void *)(b) + (b)->loc_disp)
-#define bug_ptr(b) ((const void *)(b) + (b)->ptr_disp)
-#define bug_line(b) (b)->line_hi + ((b)->loc_disp < 0)) &\
-   ((1 << BUG_LINE_HI_WIDTH) - 1)) <<\
-  BUG_LINE_LO_WIDTH) +   \
- (((b)->line_lo + ((b)->ptr_disp < 0)) & \
-  ((1 << BUG_LINE_LO_WIDTH) - 1)))
-#define bug_msg(b) ((const char *)(b) + (b)->msg_disp[1])
-
-#define _ASM_BUGFRAME_TEXT(second_frame) \
-".Lbug%=: ud2\n" \
-".pushsection .bug_frames.%c[bf_type], \"a\", @progbits\n"   \
-".p2align 2\n"   \
-".Lfrm%=:\n" \
-".long (.Lbug%= - .Lfrm%=) + %c[bf_line_hi]\n"   \
-".long (%c[bf_ptr] - .Lfrm%=) + %c[bf_line_lo]\n"\
-".if " #second_frame "\n"\
-".long 0, %c[bf_msg] - .Lfrm%=\n"\
-".endif\n"   \
-".popsection\n"  \
-
-#define _ASM_BUGFRAME_INFO(type, line, ptr, msg) \
-[bf_type]"i" (type), \
-[bf_ptr] "i" (ptr),  \
-[bf_msg] "i" (msg),  \
-[bf_line_lo] "i" ((line & ((1 << BUG_LINE_LO_WIDTH) - 1))\
-  << BUG_DISP_WIDTH),\
-[bf_line_hi] "i" (((line) >> BUG_LINE_LO_WIDTH) << BUG_DISP_WIDTH)
-
-#define BUG_FRAME(type, line, ptr, second_frame, msg) do {   \
-BUILD_BUG_ON((line) >> (BUG_LINE_LO_WIDTH + BUG_LINE_HI_WIDTH)); \
-BUILD_BUG_ON((type) >= BUGFRAME_NR); \
-asm volatile ( _ASM_BUGFRAME_TEXT(second_frame)  \
-   :: _ASM_BUGFRAME_INFO(type, line, ptr, msg) );\
-} while (0)
-
-
-#define WARN() BUG_FRAME(BUGFRAME_warn, __LINE__, __FILE__, 0, NULL)
-#define BUG() do {  \
-BUG_FRAME(BUGFRAME_bug,  __LINE__, __FILE__, 0, NULL);  \
-unreachable();  \
-} while (0)
-
-/*
- * TODO: untangle header dependences, break BUILD_BUG_ON() out of xen/lib.h,
- * and use a real static inline here to get proper type checking of fn().
- */
-#define

[PATCH v3 1/4] xen: introduce CONFIG_GENERIC_BUG_FRAME

2023-02-24 Thread Oleksii Kurochko 
A large part of the content of the bug.h is repeated among all
architectures, so it was decided to create a new config
CONFIG_GENERIC_BUG_FRAME.

The version of  from x86 was taken as the base version.

The patch introduces the following stuff:
  * common bug.h header
  * generic implementation of do_bug_frame
  * new config CONFIG_GENERIC_BUG_FRAME

Signed-off-by: Oleksii Kurochko 
---
Changes in V3:
 * Add debugger_trap_fatal() to do_bug_frame(). It simplifies usage of
   do_bug_frame() for x86 so making handle_bug_frame() and find_bug_frame()
   not needed anymore.
 * Update do_bug_frame() to return -EINVAL if something goes wrong; otherwise
   id of bug_frame
 * Update _ASM_BUGFRAME_TEXT to make it more portable.
 * Drop unnecessary comments.
 * define stub value for TRAP_invalid_op in case if wasn't defined in
   arch-specific folders.
---
Changes in V2:
  - Switch to x86 implementation as generic as it is more compact
( at least from the point of view of bug frame structure ).
  - Rename CONFIG_GENERIC_DO_BUG_FRAME to CONFIG_GENERIC_BUG_FRAME.
  - Change the macro bug_loc(b) to avoid the need for a cast:
#define bug_loc(b) ((unsigned long)(b) + (b)->loc_disp)
  - Rename BUG_FRAME_STUFF to BUG_FRAME_STRUCT
  - Make macros related to bug frame structure more generic.
  - Introduce BUG_INSTR and MODIFIER to make _ASM_BUGFRAME_TEXT reusable
between x86 and RISC-V.
  - Rework do_bug_frame() and introduce find_bug_frame() and handle_bug_frame()
functions to make it reusable by x86.
  - code style fixes
---
 xen/common/Kconfig|   3 +
 xen/common/Makefile   |   1 +
 xen/common/bug.c  | 109 ++
 xen/include/xen/bug.h | 150 ++
 4 files changed, 263 insertions(+)
 create mode 100644 xen/common/bug.c
 create mode 100644 xen/include/xen/bug.h

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index f1ea3199c8..b226323537 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -28,6 +28,9 @@ config ALTERNATIVE_CALL
 config ARCH_MAP_DOMAIN_PAGE
bool
 
+config GENERIC_BUG_FRAME
+   bool
+
 config HAS_ALTERNATIVE
bool
 
diff --git a/xen/common/Makefile b/xen/common/Makefile
index bbd75b4be6..46049eac35 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -1,5 +1,6 @@
 obj-$(CONFIG_ARGO) += argo.o
 obj-y += bitmap.o
+obj-$(CONFIG_GENERIC_BUG_FRAME) += bug.o
 obj-$(CONFIG_HYPFS_CONFIG) += config_data.o
 obj-$(CONFIG_CORE_PARKING) += core_parking.o
 obj-y += cpu.o
diff --git a/xen/common/bug.c b/xen/common/bug.c
new file mode 100644
index 00..f81724fc9b
--- /dev/null
+++ b/xen/common/bug.c
@@ -0,0 +1,109 @@
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+/* Set default value for TRAP_invalid_op as it is defined only for X86 now */
+#ifndef TRAP_invalid_op
+#define TRAP_invalid_op 0
+#endif
+
+int do_bug_frame(const struct cpu_user_regs *regs, unsigned long pc)
+{
+const struct bug_frame *bug = NULL;
+const struct virtual_region *region;
+const char *prefix = "", *filename, *predicate;
+unsigned long fixup;
+unsigned int id = BUGFRAME_NR, lineno;
+
+region = find_text_region(pc);
+if ( region )
+{
+for ( id = 0; id < BUGFRAME_NR; id++ )
+{
+const struct bug_frame *b;
+unsigned int i;
+
+for ( i = 0, b = region->frame[id].bugs;
+  i < region->frame[id].n_bugs; b++, i++ )
+{
+if ( bug_loc(b) == pc )
+{
+bug = b;
+goto found;
+}
+}
+}
+}
+
+ found:
+if ( !bug )
+return -EINVAL;
+
+if ( id == BUGFRAME_run_fn )
+{
+#ifdef BUG_FN_REG
+void (*fn)(const struct cpu_user_regs *) = (void *)regs->BUG_FN_REG;
+#else
+void (*fn)(const struct cpu_user_regs *) = bug_ptr(bug);
+#endif
+
+fn(regs);
+
+return id;
+}
+
+/* WARN, BUG or ASSERT: decode the filename pointer and line number. */
+filename = bug_ptr(bug);
+if ( !is_kernel(filename) && !is_patch(filename) )
+return -EINVAL;
+fixup = strlen(filename);
+if ( fixup > 50 )
+{
+filename += fixup - 47;
+prefix = "...";
+}
+lineno = bug_line(bug);
+
+switch ( id )
+{
+case BUGFRAME_warn:
+printk("Xen WARN at %s%s:%d\n", prefix, filename, lineno);
+show_execution_state(regs);
+
+return id;
+
+case BUGFRAME_bug:
+printk("Xen BUG at %s%s:%d\n", prefix, filename, lineno);
+
+if ( debugger_trap_fatal(TRAP_invalid_op, regs) )
+return id;
+
+show_execution_state(regs);
+panic("Xen BUG at %s%s:%d\n", prefix, filename, lineno);
+
+case BUGFRAME_assert:
+/* ASSERT: decode the predicate string pointer. */
+predicate = bug_msg(bug);
+if ( !is_kernel(predicate) &&

[PATCH v3 3/4] xen/arm: switch ARM to use generic implementation of bug.h

2023-02-24 Thread Oleksii Kurochko 
The following changes were made:
* make GENERIC_BUG_FRAME mandatory for ARM
* As do_bug_frame() returns -EINVAL in case something goes wrong
  otherwise id of bug frame. Thereby 'if' cases where do_bug_frame() was
  updated to check if the returned value is less than 0
* Change macros bug_file() to bug_ptr() to align it with generic
  implementation.

Signed-off-by: Oleksii Kurochko 
---
Changes in V3:
 * As prototype and what do_bug_frame() returns was changed so patch 3 and 4
   was updated to use a new version of do_bug_frame
---
Changes in V2:
 * Rename bug_file() in ARM implementation to bug_ptr() as
   generic do_bug_frame() uses bug_ptr().
 * Remove generic parts from bug.h
 * Remove declaration of 'int do_bug_frame(...)'
   from  as it was introduced in 
---
 xen/arch/arm/Kconfig |  1 +
 xen/arch/arm/arm32/traps.c   |  2 +-
 xen/arch/arm/include/asm/bug.h   | 15 +-
 xen/arch/arm/include/asm/traps.h |  2 -
 xen/arch/arm/traps.c | 81 +---
 5 files changed, 4 insertions(+), 97 deletions(-)

diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 239d3aed3c..aad6644a7b 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -12,6 +12,7 @@ config ARM_64
 
 config ARM
def_bool y
+   select GENERIC_BUG_FRAME
select HAS_ALTERNATIVE
select HAS_DEVICE_TREE
select HAS_PASSTHROUGH
diff --git a/xen/arch/arm/arm32/traps.c b/xen/arch/arm/arm32/traps.c
index a2fc1c22cb..61c61132c7 100644
--- a/xen/arch/arm/arm32/traps.c
+++ b/xen/arch/arm/arm32/traps.c
@@ -48,7 +48,7 @@ void do_trap_undefined_instruction(struct cpu_user_regs *regs)
 if ( instr != BUG_OPCODE )
 goto die;
 
-if ( do_bug_frame(regs, pc) )
+if ( do_bug_frame(regs, pc) < 0 )
 goto die;
 
 regs->pc += 4;
diff --git a/xen/arch/arm/include/asm/bug.h b/xen/arch/arm/include/asm/bug.h
index cacaf014ab..e6cc37e1d6 100644
--- a/xen/arch/arm/include/asm/bug.h
+++ b/xen/arch/arm/include/asm/bug.h
@@ -21,8 +21,7 @@ struct bug_frame {
 uint32_t pad0:16;   /* Padding for 8-bytes align */
 };
 
-#define bug_loc(b) ((const void *)(b) + (b)->loc_disp)
-#define bug_file(b) ((const void *)(b) + (b)->file_disp);
+#define bug_ptr(b) ((const void *)(b) + (b)->file_disp)
 #define bug_line(b) ((b)->line)
 #define bug_msg(b) ((const char *)(b) + (b)->msg_disp)
 
@@ -70,18 +69,6 @@ struct bug_frame {
  ".popsection" :: "r" (fn) : __stringify(BUG_FN_REG) ); \
 } while (0)
 
-#define WARN() BUG_FRAME(BUGFRAME_warn, __LINE__, __FILE__, 0, "")
-
-#define BUG() do {  \
-BUG_FRAME(BUGFRAME_bug,  __LINE__, __FILE__, 0, "");\
-unreachable();  \
-} while (0)
-
-#define assert_failed(msg) do { \
-BUG_FRAME(BUGFRAME_assert, __LINE__, __FILE__, 1, msg); \
-unreachable();  \
-} while (0)
-
 #endif /* __ARM_BUG_H__ */
 /*
  * Local variables:
diff --git a/xen/arch/arm/include/asm/traps.h b/xen/arch/arm/include/asm/traps.h
index 883dae368e..c6518008ec 100644
--- a/xen/arch/arm/include/asm/traps.h
+++ b/xen/arch/arm/include/asm/traps.h
@@ -69,8 +69,6 @@ void do_cp(struct cpu_user_regs *regs, const union hsr hsr);
 void do_trap_smc(struct cpu_user_regs *regs, const union hsr hsr);
 void do_trap_hvc_smccc(struct cpu_user_regs *regs);
 
-int do_bug_frame(const struct cpu_user_regs *regs, vaddr_t pc);
-
 void noreturn do_unexpected_trap(const char *msg,
  const struct cpu_user_regs *regs);
 void do_trap_hyp_sync(struct cpu_user_regs *regs);
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 061c92acbd..9c6eb66422 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -1197,85 +1197,6 @@ void do_unexpected_trap(const char *msg, const struct 
cpu_user_regs *regs)
 panic("CPU%d: Unexpected Trap: %s\n", smp_processor_id(), msg);
 }
 
-int do_bug_frame(const struct cpu_user_regs *regs, vaddr_t pc)
-{
-const struct bug_frame *bug = NULL;
-const char *prefix = "", *filename, *predicate;
-unsigned long fixup;
-int id = -1, lineno;
-const struct virtual_region *region;
-
-region = find_text_region(pc);
-if ( region )
-{
-for ( id = 0; id < BUGFRAME_NR; id++ )
-{
-const struct bug_frame *b;
-unsigned int i;
-
-for ( i = 0, b = region->frame[id].bugs;
-  i < region->frame[id].n_bugs; b++, i++ )
-{
-if ( ((vaddr_t)bug_loc(b)) == pc )
-{
-bug = b;
-goto found;
-}
-}
-}
-}
- found:
-if ( !bug )
-return -ENOENT;
-
-if ( id == BUGFRAME_run_fn )
-{
-void (*fn)(const struct cpu_user_regs *) = (void *)regs->BUG_FN_REG;
-
-fn(regs);
-return

  1   2   >