Xen project Mailing List

[PATCH v2 7/8] x86: Fix merging of new status bits into %dr6

From: Jinoh Kang <jinoh.kang.kr@xxxxxxxxx>

Date: Fri, 25 Aug 2023 00:26:28 +0900

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 24 Aug 2023 15:33:46 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> The current logic used to update %dr6 when injecting #DB is buggy. The architectural behaviour is to overwrite B{0..3} (rather than accumulate) and accumulate all other bits. Introduce a new merge_dr6() helper, which also takes care of handing RTM correctly. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> [ jinoh: Rebase onto staging, move constants to x86-defns.h ] Signed-off-by: Jinoh Kang <jinoh.kang.kr@xxxxxxxxx> --- CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Wei Liu <wl@xxxxxxx> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> CC: Jun Nakajima <jun.nakajima@xxxxxxxxx> CC: Kevin Tian <kevin.tian@xxxxxxxxx> v1 -> v2: [S-o-b fixes.] --- xen/arch/x86/hvm/svm/svm.c | 3 ++- xen/arch/x86/hvm/vmx/vmx.c | 3 ++- xen/arch/x86/include/asm/debugreg.h | 20 +++++++++++++++++++- xen/arch/x86/include/asm/x86-defns.h | 6 ++++++ xen/arch/x86/pv/traps.c | 3 ++- 5 files changed, 31 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 7bb572e72b..c92b2d7f86 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1338,7 +1338,8 @@ static void cf_check svm_inject_event(const struct x86_event *event) * Item 2 is done by hardware when injecting a #DB exception. */ __restore_debug_registers(vmcb, curr); - vmcb_set_dr6(vmcb, vmcb_get_dr6(vmcb) | _event.pending_dbg); + vmcb_set_dr6(vmcb, merge_dr6(vmcb_get_dr6(vmcb), _event.pending_dbg, + curr->domain->arch.cpuid->feat.rtm)); /* fall through */ case X86_EXC_BP: diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index b35278992a..377f33d632 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2030,7 +2030,8 @@ static void cf_check vmx_inject_event(const struct x86_event *event) * All actions are left up to the hypervisor to perform. */ __restore_debug_registers(curr); - write_debugreg(6, read_debugreg(6) | event->pending_dbg); + write_debugreg(6, merge_dr6(read_debugreg(6), event->pending_dbg, + curr->domain->arch.cpuid->feat.rtm)); if ( !nestedhvm_vcpu_in_guestmode(curr) || !nvmx_intercepts_exception(curr, X86_EXC_DB, _event.error_code) ) diff --git a/xen/arch/x86/include/asm/debugreg.h b/xen/arch/x86/include/asm/debugreg.h index f83b1b96ec..5fdd25d238 100644 --- a/xen/arch/x86/include/asm/debugreg.h +++ b/xen/arch/x86/include/asm/debugreg.h @@ -22,7 +22,6 @@ #define DR_STEP (0x4000) /* single-step */ #define DR_SWITCH (0x8000) /* task switch */ #define DR_NOT_RTM (0x10000) /* clear: #BP inside RTM region */ -#define DR_STATUS_RESERVED_ONE 0xffff0ff0UL /* Reserved, read as one */ /* Now define a bunch of things for manipulating the control register. The top two bytes of the control register consist of 4 fields of 4 @@ -89,6 +88,25 @@ static inline unsigned long adjust_dr6_rsvd(unsigned long dr6, bool rtm) return dr6; } +static inline unsigned long merge_dr6(unsigned long dr6, unsigned long new, + bool rtm) +{ + /* Flip dr6 to have positive polarity. */ + dr6 ^= X86_DR6_DEFAULT; + + /* Sanity check that only known values are passed in. */ + ASSERT(!(dr6 & ~X86_DR6_KNOWN_MASK)); + ASSERT(!(new & ~X86_DR6_KNOWN_MASK)); + + /* Breakpoints 0-3 overridden. BD, BS, BT and RTM accumulate. */ + dr6 = (dr6 & ~X86_DR6_BP_MASK) | new; + + /* Flip dr6 back to having default polarity. */ + dr6 ^= X86_DR6_DEFAULT; + + return adjust_dr6_rsvd(dr6, rtm); +} + static inline unsigned long adjust_dr7_rsvd(unsigned long dr7, bool rtm) { dr7 |= X86_DR7_MBS; diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/asm/x86-defns.h index b13ca680c2..6d76d5dcc5 100644 --- a/xen/arch/x86/include/asm/x86-defns.h +++ b/xen/arch/x86/include/asm/x86-defns.h @@ -118,6 +118,12 @@ #define X86_DR6_MBS_BASE (0xfffe0ff0UL) /* Reserved, read as one */ #define X86_DR6_MBS_NO_RTM (X86_DR6_RTM) /* - if RTM unavailable */ +#define X86_DR6_BP_MASK \ + (X86_DR6_B0 | X86_DR6_B1 | X86_DR6_B2 | X86_DR6_B3) + +#define X86_DR6_KNOWN_MASK \ + (X86_DR6_BP_MASK | X86_DR6_BD | X86_DR6_BS | X86_DR6_BT | X86_DR6_RTM) + #define X86_DR6_DEFAULT 0xffff0ff0 /* Default %dr6 value. */ /* diff --git a/xen/arch/x86/pv/traps.c b/xen/arch/x86/pv/traps.c index 4f5641a47c..65b41e6115 100644 --- a/xen/arch/x86/pv/traps.c +++ b/xen/arch/x86/pv/traps.c @@ -66,7 +66,8 @@ void pv_inject_event(const struct x86_event *event) break; case X86_EXC_DB: - curr->arch.dr6 |= event->pending_dbg; + curr->arch.dr6 = merge_dr6(curr->arch.dr6, event->pending_dbg, + curr->domain->arch.cpuid->feat.rtm); /* Fallthrough */ default: -- 2.41.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.