Xen project Mailing List

Re: [RFC PATCH] x86/xen: Fix PVH dom0 xen_hypercall detection

From: Alejandro Vallejo <agarciav@xxxxxxx>

Date: Fri, 11 Apr 2025 15:10:50 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=k3gZr5LjNZQH+4KVqZsVsu+tUyCscGyBA+5h/coiKb0=; b=FXfLC3CwbZxzBMRoSqvajxBc5RRuykmoyoECm3o4n+pweWC1WcBOCY9ctpAb4ZfCfml9PS4WfaTBfTMRrsEkNYkoiS1pK1OsrW0eQwrrAMIvUPfQmpTIcpTCDk6Yb06/l13Hn/YEBtC2lcO7biPuiVAKdXsYY6kkEwkEdNoe5WVOjo4Zptk/WqmnzwjifGrb/2c+V1Hl9Zemh1+ien0UzOVz0ft2GG5wHdGmDbnPnb3USjH2ShSmGWlFtxhECOW+xvCfjTxbp3XFTpmkMwqH35+DnJgLjoS3Y/Y0AAew4piMmc90WQrWFxhcMeFaGjqMNVonmL6xkphBjYBDn6SaWQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=E6bvp1wTn6hD3WkHOUodv7vBosBWpjbilGhc94W8uhHqAcmkp7wIBTKkzDXKMddBSxyY6GJtnsv4RrX1dHNIgvYOg8ivsYhtk+75zmRIBf2xE8TvtcqsWgoo9UZoY5/RnLOS1WSL5Mki0V6cy18vy3EJU0eQ51O107/MhB/wHth0HRRCUjNieDHw9Ldl2QboNjYHi45tSk9Te+mrP53Nwk7ZsL+yGezYr7rv0KqID76wi2mHR54OOINNZ9LkraqdwSqn1cpuhBFwsECq/in16W6lV/YRL4+3+bwEjplM7rWf7j9uF8nvDptopnWWyy+bYKPUVNm/E7WXDTQHbZ4HDg==

Cc: <andrew.cooper3@xxxxxxxxxx>, <anthony.perard@xxxxxxxxxx>, <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, <michal.orzel@xxxxxxx>, <roger.pau@xxxxxxxxxx>, <sstabellini@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>, <jgross@xxxxxxxx>

Delivery-date: Fri, 11 Apr 2025 14:11:06 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri Apr 11, 2025 at 2:08 PM BST, Jan Beulich wrote: > On 11.04.2025 14:46, Alejandro Vallejo wrote: >> On Thu Apr 10, 2025 at 8:50 PM BST, Jason Andryuk wrote: >>> A Xen PVH dom0 on an AMD processor triple faults early in boot on >>> 6.6.86. CPU detection appears to fail, as the faulting instruction is >>> vmcall in xen_hypercall_intel() and not vmmcall in xen_hypercall_amd(). >>> >>> Detection fails because __xen_hypercall_setfunc() returns the full >>> kernel mapped address of xen_hypercall_amd() or xen_hypercall_intel() - >>> e.g. 0xffffffff815b93f0. But this is compared against the rip-relative >>> xen_hypercall_amd(%rip), which when running from identity mapping, is >>> only 0x015b93f0. >>> >>> Replace the rip-relative address with just loading the actual address to >>> restore the proper comparision. >>> >>> This only seems to affect PVH dom0 boot. This is probably because the >>> XENMEM_memory_map hypercall is issued early on from the identity >>> mappings. With a domU, the memory map is provided via hvm_start_info >>> and the hypercall is skipped. The domU is probably running from the >>> kernel high mapping when it issues hypercalls. >>> >>> Signed-off-by: Jason Andryuk <jason.andryuk@xxxxxxx> >>> --- >>> I think this sort of address mismatch would be addresed by >>> e8fbc0d9cab6 ("x86/pvh: Call C code via the kernel virtual mapping") >>> >>> That could be backported instead, but it depends on a fair number of >>> patches. >>> >>> Not sure on how getting a patch just into 6.6 would work. This patch >>> could go into upstream Linux though it's not strictly necessary when the >>> rip-relative address is a high address. >>> --- >>> arch/x86/xen/xen-head.S | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S >>> index 059f343da76d..71a0eda2da60 100644 >>> --- a/arch/x86/xen/xen-head.S >>> +++ b/arch/x86/xen/xen-head.S >>> @@ -117,7 +117,7 @@ SYM_FUNC_START(xen_hypercall_hvm) >>> pop %ebx >>> pop %eax >>> #else >>> - lea xen_hypercall_amd(%rip), %rcx >>> + mov $xen_hypercall_amd, %rcx >> >> (Now that this is known to be the fix upstream) This probably wants to >> be plain lea without RIP-relative addressing, like the x86_32 branch >> above? > > Why would you want to use LEA there? It's functionally identical, but the > MOV can be encoded without ModR/M byte. > > Jan It's not the using of a particular encoding that I meant, but not using the same on both 32 and 64 bit paths. Surely whatever argument in favour of either would hold for both 32 and 64 bits. Cheers, Alejandro

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.