1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
From cdde3171a2a932a6836b094c4387412e27414ec9 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 21 Mar 2023 13:51:42 +0100
Subject: [PATCH 43/61] x86/altp2m: help gcc13 to avoid it emitting a warning
Switches of altp2m-s always expect a valid altp2m to be in place (and
indeed altp2m_vcpu_initialise() sets the active one to be at index 0).
The compiler, however, cannot know that, and hence it cannot eliminate
p2m_get_altp2m()'s case of returnin (literal) NULL. If then the compiler
decides to special case that code path in the caller, the dereference in
instances of
atomic_dec(&p2m_get_altp2m(v)->active_vcpus);
can, to the code generator, appear to be NULL dereferences, leading to
In function 'atomic_dec',
inlined from '...' at ...:
./arch/x86/include/asm/atomic.h:182:5: error: array subscript 0 is outside array bounds of 'int[0]' [-Werror=array-bounds=]
Aid the compiler by adding a BUG_ON() checking the return value of the
problematic p2m_get_altp2m(). Since with the use of the local variable
the 2nd p2m_get_altp2m() each will look questionable at the first glance
(Why is the local variable not used here?), open-code the only relevant
piece of p2m_get_altp2m() there.
To avoid repeatedly doing these transformations, and also to limit how
"bad" the open-coding really is, convert the entire operation to an
inline helper, used by all three instances (and accepting the redundant
BUG_ON(idx >= MAX_ALTP2M) in two of the three cases).
Reported-by: Charles Arnold <carnold@suse.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
master commit: be62b1fc2aa7375d553603fca07299da765a89fe
master date: 2023-03-13 15:16:21 +0100
---
xen/arch/x86/hvm/vmx/vmx.c | 8 +-------
xen/arch/x86/mm/p2m.c | 14 ++------------
xen/include/asm-x86/p2m.h | 20 ++++++++++++++++++++
3 files changed, 23 insertions(+), 19 deletions(-)
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 094141be9a..c8a839cd5e 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -4036,13 +4036,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
}
}
- if ( idx != vcpu_altp2m(v).p2midx )
- {
- BUG_ON(idx >= MAX_ALTP2M);
- atomic_dec(&p2m_get_altp2m(v)->active_vcpus);
- vcpu_altp2m(v).p2midx = idx;
- atomic_inc(&p2m_get_altp2m(v)->active_vcpus);
- }
+ p2m_set_altp2m(v, idx);
}
/* XXX: This looks ugly, but we need a mechanism to ensure
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 8781df9dda..2d41446a69 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -2194,13 +2194,8 @@ bool_t p2m_switch_vcpu_altp2m_by_id(struct vcpu *v, unsigned int idx)
if ( d->arch.altp2m_eptp[idx] != mfn_x(INVALID_MFN) )
{
- if ( idx != vcpu_altp2m(v).p2midx )
- {
- atomic_dec(&p2m_get_altp2m(v)->active_vcpus);
- vcpu_altp2m(v).p2midx = idx;
- atomic_inc(&p2m_get_altp2m(v)->active_vcpus);
+ if ( p2m_set_altp2m(v, idx) )
altp2m_vcpu_update_p2m(v);
- }
rc = 1;
}
@@ -2471,13 +2466,8 @@ int p2m_switch_domain_altp2m_by_id(struct domain *d, unsigned int idx)
if ( d->arch.altp2m_visible_eptp[idx] != mfn_x(INVALID_MFN) )
{
for_each_vcpu( d, v )
- if ( idx != vcpu_altp2m(v).p2midx )
- {
- atomic_dec(&p2m_get_altp2m(v)->active_vcpus);
- vcpu_altp2m(v).p2midx = idx;
- atomic_inc(&p2m_get_altp2m(v)->active_vcpus);
+ if ( p2m_set_altp2m(v, idx) )
altp2m_vcpu_update_p2m(v);
- }
rc = 0;
}
diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h
index 2db9ab0122..f92bb97394 100644
--- a/xen/include/asm-x86/p2m.h
+++ b/xen/include/asm-x86/p2m.h
@@ -841,6 +841,26 @@ static inline struct p2m_domain *p2m_get_altp2m(struct vcpu *v)
return v->domain->arch.altp2m_p2m[index];
}
+/* set current alternate p2m table */
+static inline bool p2m_set_altp2m(struct vcpu *v, unsigned int idx)
+{
+ struct p2m_domain *orig;
+
+ BUG_ON(idx >= MAX_ALTP2M);
+
+ if ( idx == vcpu_altp2m(v).p2midx )
+ return false;
+
+ orig = p2m_get_altp2m(v);
+ BUG_ON(!orig);
+ atomic_dec(&orig->active_vcpus);
+
+ vcpu_altp2m(v).p2midx = idx;
+ atomic_inc(&v->domain->arch.altp2m_p2m[idx]->active_vcpus);
+
+ return true;
+}
+
/* Switch alternate p2m for a single vcpu */
bool_t p2m_switch_vcpu_altp2m_by_id(struct vcpu *v, unsigned int idx);
--
2.40.0
|