x86/crash: Drop manual hooking of exception_table[]

NMI hooking in the crash path has undergone several revisions since its
introduction.  What we have now is not sufficiently different from the regular
nmi_callback() mechanism to warrant special casing.

Use set_nmi_callback() directly, and do away with patching a read-only data
structure via a read-write alias.  This also means that the
vmx_vmexit_handler() can and should call do_nmi() directly, rather than
indirecting through the exception table to pick up the crash path hook.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c
index 0611b4fb9b09a5692b5c7f45681f168714845a86..f6264946a6817dd6b18bb8d06dc27cd971930ac1 100644 (file)
--- a/xen/arch/x86/crash.c
+++ b/xen/arch/x86/crash.c
@@ -36,10 +36,8 @@ static unsigned int crashing_cpu;
 static DEFINE_PER_CPU_READ_MOSTLY(bool, crash_save_done);
 
 /* This becomes the NMI handler for non-crashing CPUs, when Xen is crashing. */
-static void noreturn do_nmi_crash(const struct cpu_user_regs *regs)
+static int noreturn do_nmi_crash(const struct cpu_user_regs *regs, int cpu)
 {
-    unsigned int cpu = smp_processor_id();
-
     stac();
 
     /* nmi_shootdown_cpus() should ensure that this assertion is correct. */
@@ -136,16 +134,7 @@ static void nmi_shootdown_cpus(void)
                     SYS_DESC_irq_gate, 0, &trap_nop);
     set_ist(&idt_tables[cpu][TRAP_machine_check], IST_NONE);
 
-    /*
-     * Ideally would be:
-     *   exception_table[TRAP_nmi] = &do_nmi_crash;
-     *
-     * but the exception_table is read only.  Access it via its directmap
-     * mappings.
-     */
-    write_atomic((unsigned long *)__va(__pa(&exception_table[TRAP_nmi])),
-                 (unsigned long)&do_nmi_crash);
-
+    set_nmi_callback(do_nmi_crash);
     smp_send_nmi_allbutself();
 
     msecs = 1000; /* Wait at most a second for the other cpus to stop */

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index d403e2d8060aa3c98069faaadb4e2abd7d70ca34..37c31c08b984dd6c12adb34d628bb43bac17034d 100644 (file)
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -3887,7 +3887,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
              ((intr_info & INTR_INFO_INTR_TYPE_MASK) ==
               MASK_INSR(X86_EVENTTYPE_NMI, INTR_INFO_INTR_TYPE_MASK)) )
         {
-            exception_table[TRAP_nmi](regs);
+            do_nmi(regs);
             enable_nmis();
         }
         break;

diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 3bc4cd5e1e6859cb3bae28eda86758d05ebd5465..6d7d88c3c4329e4fc74e8acfb23df77e796a58b7 100644 (file)
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1883,6 +1883,11 @@ void do_nmi(const struct cpu_user_regs *regs)
     this_cpu(nmi_count)++;
     nmi_enter();
 
+    /*
+     * Think carefully before putting any logic before this point.
+     * nmi_callback() might be the crash quiesce...
+     */
+
     callback = ACCESS_ONCE(nmi_callback);
     if ( unlikely(callback) && callback(regs, cpu) )
         goto out;