main.c:164:15: warning: Although the value stored to 'cr4' is used in the enclosing expression, the value is never actually read from 'cr4' [deadcode.DeadStores]
write_cr4(cr4 &= ~X86_CR4_DE);
^ ~~~~~~~~~~~
Rework all impacted logic avoid dead stores of this form.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Thu, 15 Apr 2021 00:36:20 +0000 (01:36 +0100)]
gnttab: Fix scan-build core.CallAndMessage issues
scan-build complains:
arch/x86/grant_table.c:41:17: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
pte_from_gfn(gnttab_gfns[i], PF_SYM(AD, RW, P)), UVMF_INVLPG);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
because it can't observe that GNTTABOP_setup_table fills the variable on its
success path.
Initialising the array (which is currently one entry) isn't trivial because
the array is variadic. Drop the nr_frames variable and use the sizeof()
expression directly, to create compile-time constant size.
A similar issue is reported against xsa-255, but this is trivial to resolve.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Thu, 15 Apr 2021 15:55:09 +0000 (16:55 +0100)]
Drop dependency on gcc-multilib
inttypes.h in particular isn't a freestanding header, and certain distros have
problems providing suitable freestanding headers anyway. This also gets more
complicated as we start supporting other architectures.
Take the plunge and switch to entirely local headers only.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Thu, 15 Apr 2021 17:05:05 +0000 (18:05 +0100)]
Fix LGTM static analysis issues
* xtf-runner: Class TestInstance implements __hash__ but does not define __eq__.
* mkinfo.py: Import of 'os' is not used.
LGTM also complains about gdt/idt/tss being global symbols with too-short
names. As they're the most appropriate architectural names, insert
suppression comments.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Michal Orzel [Wed, 10 Mar 2021 10:43:32 +0000 (11:43 +0100)]
xtf: Perform misc code cleanup
* Define macro ALIGN to set alignment. Header file asm_macros.h should not
contain architecture specific code. Replace hardcoded alignment value with
a call to macro ALIGN.
* Move declaration of shared_info into xtf/traps.h. Declaration of
shared_info structure should be placed in xtf/traps.h as it is a common
declaration for all the possible architectures.
* Do not protect including <arch/barrier.h>. We should always include
<arch/barrier.h> and rely on the compiler to throw an error. This would
avoid increasing #if protection each time we would add a new architecture.
Signed-off-by: Michal Orzel <michal.orzel@arm.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
[Also implement HYPERCALL0 as it is frequently opencoded] Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Wed, 11 Nov 2020 12:57:45 +0000 (12:57 +0000)]
hypercall: Refine fix for Clang code generation bug
It was incorrect to switch "=a" to "+a" and set up hcall, as the hypercall
number is encoded in the offset within hypercall_page. Switch res back to
just an output.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Fri, 6 Nov 2020 18:53:39 +0000 (18:53 +0000)]
hypercall: Work around Clang code generation bug
_hypercall64_4() is mis-compiled by some versions of Clang (5 is ok, 9 and
later not), in a way which breaks the XSA-286 PoC.
Clang loses the association between argument 4 being in %r10 between the input
"a" (_a4) and the output "=&r" (__ign4), so while the input is handled
correctly, the clobber on the output is missed.
In the XSA-286, PoC, this causes clang to hoist the setting of DOMID_SELF out
of the loop, and the test subsequently to malfunction on debug versions of Xen
which intentionally clobber the hypercall parameters.
Rewrite the hypercall macros to a single "+r" parameter form, rather than dual
input/output form, which causes all tested versions of Clang to set up %r10 on
each loop iteration.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Wed, 23 Sep 2020 13:09:03 +0000 (14:09 +0100)]
Adjust XSA-221 PoC based on XSA-343 behaviour change
XSA-343 has made SCHEDOP_poll fail for un-established event channels, which is
reasonable behaviour. Don't bother trying to audit the error codes, and
always run to the end of the loop.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Fri, 5 Jun 2020 19:20:50 +0000 (20:20 +0100)]
Remove ambiguous uses of iret/lret
GAS of at least version 2.34 complains:
Warning: no instruction mnemonic suffix given and no register operands; using default for `lret'
This is legitimate, as without a suffix, there are up to 3 possible encodings
actually meant.
Use l/q suffixes as appropriate, using __ASM_SEL() in cases where we need to
conditionally select between the suffixes. Use the same trick to clean up
some code32/64 statements.
Sadly, this cannot be done for the single ambiguous use of lcall, because
lcallq isn't accepted as a valid mnemonic. Leave the XSA-298 PoC as it is.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
There are a number of ways to do this, but by far the most efficient way is to
have vsnprintf() expand \n's in the output buffer.
This however is non-standard behaviour for vsnprintf(). Rename it to
vsnprintf_internal() and take extra flags, and have vprintk() use the new
LF_TO_CRLF control flag.
Inside vsnprintf_internal(), rearrange the non-format and %c logic to share
the expansion logic, as well as extending the logic to fmt_string().
Extend the selftests to confirm correct behaviour in both modes, for all ways
of being able to pass newline characters into a format operation.
Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Thu, 4 Jun 2020 17:36:57 +0000 (18:36 +0100)]
Fix assembler type warnings with newer binutils
GAS of at least version 2.34 complains:
hypercall_page.S: Assembler messages:
hypercall_page.S:24: Warning: symbol 'HYPERCALL_set_trap_table' already has its type set
...
hypercall_page.S:71: Warning: symbol 'HYPERCALL_arch_7' already has its type set
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Mon, 27 Apr 2020 13:57:35 +0000 (14:57 +0100)]
xtf-runner: Python3 fix when not specifying --quiet
Andy reports:
Combined test results:
Traceback (most recent call last):
File "./xtf-runner", line 716, in <module>
sys.exit(main())
File "./xtf-runner", line 711, in main
return run_tests(opts)
File "./xtf-runner", line 559, in run_tests
if res == "SUCCESS" and opts.quiet >= 2:
TypeError: '>=' not supported between instances of 'NoneType' and 'int'
Reported-by: Andy Lutomirski <luto@kernel.org> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Currently the xenbus_write() does not handle ring wrapping around
correctly. When ring buffer is almost full and there is not enough
space for next packet (e.g. there is 12 bytes of space left, but the
packet header needs to transmit 16 bytes) the memcpy() goes out of the
ring buffer boundry.
Instead, the part variable should be limited to the space available in
the ring buffer, so the memcpy() can fill up the buffer, update len
variable (to indicate that there is still some data to be copied) and
thereby the xenbus_write() loop can iterate again to finish copying
the remainder of data to the beginning of the ring buffer.
Signed-off-by: Pawel Wieczorkiewicz <wipawel@amazon.de> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Mon, 17 Feb 2020 09:48:26 +0000 (09:48 +0000)]
Fix asm constraints for push/pop instructions
There are several issues with 64bit builds. Correct the types/constraints to
prohibit encoding 32bit registers, and immediates which can't be represented
as a 32bit signed extended number.
Introduce asm_checks() in selftest as a build-time check for constraint corner
cases, to be extended as needed.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Tue, 7 May 2019 10:19:58 +0000 (11:19 +0100)]
Use named asm parameters for _ASM_EXTABLE_HANDLER()
LTO builds need to know that ex_record_fault_{eax,edi} are referenced from
within asm, to avoid the functions being discarded.
Previously, this was done with an "X" parameter listing the function twice,
but this can lead to copy/paste mistakes. Instead, use a named parameter and
the "p" type and "P" modifier, which works compatibly between GCC and Clang.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Thu, 16 May 2019 18:12:33 +0000 (18:12 +0000)]
Simplify the unhandled_exception handling for tests
Tests, being single-purpose by their very nature, don't in practice use the
flexibility to change the unhandled exception hook. Furthermore, updating the
pointer has to be done carefully (i.e. with compiler barriers) because the
compiler doesn't see any connection between the hook and surrounding code
which may fault.
Switch to the using method already used by the syscall infrastructure and use
a single weak do_unhandled_exception() function which may be overridden by
guests wanting to implement their own custom behaviour.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Fri, 10 May 2019 16:22:15 +0000 (16:22 +0000)]
Misc trivial code cleanup
* Use named asm parameters for non-trivial blocks
* "=r" (x) : "r" (x) is more commonly "+r" (x)
* Correct the header guard in x86-gate.h
* Remove brackets from absolute memory addresss
* Use unsigned int rather than unsigned long and forcing back to int with %k
* Drop unused ex_record_fault_eax reference
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Sat, 11 May 2019 18:20:34 +0000 (19:20 +0100)]
libc: Fix strcmp() ABI violations
The C standard specifies that strcmp() interprets the provided strings as
unsigned char, rather than signed. This affects the result when used on
strings with the high bit set.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 11 Jan 2019 09:50:20 +0000 (02:50 -0700)]
nested-vmx: exceptions take priority over VMFail*
The way the instruction invocations are coded, it is compiler version
dependent whether things work: With old gcc, fail_{,in}valid will not
get touched and hence remain at their initial values, while with newer
gcc evaluation of the status flags occurs outside of the asm(), i.e.
also when an exception was received (in which case EFLAGS didn't change
from its value before the faulting instruction).
Since it is more logical anyway to check for a possible exception first,
do so uniformly instead of trying to fiddle with the asm() in some way.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
These are intended to facilitate 64bit compatiblity mode segments, but are
exposed in 32bit builds as straight aliases of __{KERN,USER}_{CS,DS} for the
benefit of common code.
Fix up one opencoded use in the XSA-196 PoC.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Thu, 22 Mar 2018 11:50:50 +0000 (11:50 +0000)]
Introduce and use __maybe_unused
This allows for the 32bit ifdefary of ex_pf_user to be dropped without
suffering a warning in the 64bit build, while still allowing LTO to drop the
function.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Fri, 2 Mar 2018 14:02:35 +0000 (14:02 +0000)]
Add more helpful GDTE() helpers
All tests and some setup infrastructure need explicitly typed versions of
INIT_GDTE() and INIT_GDTE_SYM(). Introduce GDTE() and GDTE_SYM() to do just
this, and update the impacted users.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
projects / xtf.git / log