some old Xen hypervisors (prior to 3.2) forbid DomUs to register
NMI callbacks. E.g. we have the following code in xen-3.1:
if ( (d->domain_id != 0) || (v->vcpu_id != 0) )
return -EINVAL;
Commit 6efa20e49b9cb1db1ab66870cc37323474a75a13 introduced kernel
crash in case PV guest fails to register NMI callback. All x86_64
PV guests will fail to boot on top of such hypervisors (RHEL5
example):
(XEN) traps.c:405:d7 Unhandled invalid opcode fault/trap [#6] in domain 7 on VCPU 0 [ec=0000]
(XEN) domain_crash_sync called from entry.S
(XEN) Domain 7 (vcpu#0) crashed on cpu#3:
(XEN) ----[ Xen-3.1.2-389.el5 x86_64 debug=n Not tainted ]----
(XEN) CPU: 3
(XEN) RIP: e033:[<ffffffff81004d96>]
(XEN) RFLAGS: 0000000000000282 CONTEXT: guest
(XEN) rax: ffffffffffffffea rbx: 0000000000000000 rcx: 0000000000000002
(XEN) rdx: 0000000000000001 rsi: ffffffff81b0fe28 rdi: 0000000000000000
(XEN) rbp: ffffffff81b0fe40 rsp: ffffffff81b0fde8 r8: 0000000000000000
(XEN) r9: ffffffff81b0fdd0 r10: 0000000000007ff0 r11: 00000000ffffffff
(XEN) r12: ffffffff81d65900 r13: 0000000000000000 r14: 0000000000000000
(XEN) r15: 0000000000000000 cr0: 0000000080050033 cr4: 00000000000026b0
(XEN) cr3: 000000013a263000 cr2: 0000000000000000
(XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e02b cs: e033
...
However it is possible to proceed without NMI callback registered.
Change BUG() with warning in case of -EINVAL.
Signed-off-by: Vitaly Kuznetsov <[email protected]>
---
arch/x86/xen/setup.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c
index 821a11a..5b8b180 100644
--- a/arch/x86/xen/setup.c
+++ b/arch/x86/xen/setup.c
@@ -593,8 +593,17 @@ void xen_enable_syscall(void)
void xen_enable_nmi(void)
{
#ifdef CONFIG_X86_64
- if (register_callback(CALLBACKTYPE_nmi, (char *)nmi))
+ int ret;
+
+ ret = register_callback(CALLBACKTYPE_nmi, (char *)nmi);
+ if (ret == -EINVAL) {
+ /* Hypervisor probably forbids us to register NMI callback,
+ that is expected when running on top of Xen-3.1 and older */
+ pr_warn("xen: failed to register NMI callback\n");
+ } else if (ret != 0) {
+ /* Other hypervisor failure */
BUG();
+ }
#endif
}
void __init xen_pvmmu_arch_setup(void)
--
1.9.3
On Fri, Jun 13, 2014 at 01:26:28PM +0200, Vitaly Kuznetsov wrote:
> some old Xen hypervisors (prior to 3.2) forbid DomUs to register
> NMI callbacks. E.g. we have the following code in xen-3.1:
>
> if ( (d->domain_id != 0) || (v->vcpu_id != 0) )
> return -EINVAL;
>
> Commit 6efa20e49b9cb1db1ab66870cc37323474a75a13 introduced kernel
> crash in case PV guest fails to register NMI callback. All x86_64
> PV guests will fail to boot on top of such hypervisors (RHEL5
> example):
>
> (XEN) traps.c:405:d7 Unhandled invalid opcode fault/trap [#6] in domain 7 on VCPU 0 [ec=0000]
> (XEN) domain_crash_sync called from entry.S
> (XEN) Domain 7 (vcpu#0) crashed on cpu#3:
> (XEN) ----[ Xen-3.1.2-389.el5 x86_64 debug=n Not tainted ]----
> (XEN) CPU: 3
> (XEN) RIP: e033:[<ffffffff81004d96>]
> (XEN) RFLAGS: 0000000000000282 CONTEXT: guest
> (XEN) rax: ffffffffffffffea rbx: 0000000000000000 rcx: 0000000000000002
> (XEN) rdx: 0000000000000001 rsi: ffffffff81b0fe28 rdi: 0000000000000000
> (XEN) rbp: ffffffff81b0fe40 rsp: ffffffff81b0fde8 r8: 0000000000000000
> (XEN) r9: ffffffff81b0fdd0 r10: 0000000000007ff0 r11: 00000000ffffffff
> (XEN) r12: ffffffff81d65900 r13: 0000000000000000 r14: 0000000000000000
> (XEN) r15: 0000000000000000 cr0: 0000000080050033 cr4: 00000000000026b0
> (XEN) cr3: 000000013a263000 cr2: 0000000000000000
> (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e02b cs: e033
> ...
>
> However it is possible to proceed without NMI callback registered.
> Change BUG() with warning in case of -EINVAL.
>
> Signed-off-by: Vitaly Kuznetsov <[email protected]>
Oh, we had a similar patch - somebody reported it earlier - and we
just checked the version of Xen:
http://lists.xenproject.org/archives/html/xen-devel/2014-05/msg01474.html
But I can't remember why I didn't post it.
However I do like your path of checking the 'ret'.
Vitaly, could expand your patch to also do a check in cvt_gate_to_trap
so that it won't enable the NMI handler and then lets pick your
patch?
> ---
> arch/x86/xen/setup.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c
> index 821a11a..5b8b180 100644
> --- a/arch/x86/xen/setup.c
> +++ b/arch/x86/xen/setup.c
> @@ -593,8 +593,17 @@ void xen_enable_syscall(void)
> void xen_enable_nmi(void)
> {
> #ifdef CONFIG_X86_64
> - if (register_callback(CALLBACKTYPE_nmi, (char *)nmi))
> + int ret;
> +
> + ret = register_callback(CALLBACKTYPE_nmi, (char *)nmi);
> + if (ret == -EINVAL) {
> + /* Hypervisor probably forbids us to register NMI callback,
> + that is expected when running on top of Xen-3.1 and older */
> + pr_warn("xen: failed to register NMI callback\n");
> + } else if (ret != 0) {
> + /* Other hypervisor failure */
> BUG();
> + }
> #endif
> }
> void __init xen_pvmmu_arch_setup(void)
> --
> 1.9.3
>
Konrad Rzeszutek Wilk <[email protected]> writes:
> On Fri, Jun 13, 2014 at 01:26:28PM +0200, Vitaly Kuznetsov wrote:
>> some old Xen hypervisors (prior to 3.2) forbid DomUs to register
>> NMI callbacks. E.g. we have the following code in xen-3.1:
>>
>> if ( (d->domain_id != 0) || (v->vcpu_id != 0) )
>> return -EINVAL;
>>
>> Commit 6efa20e49b9cb1db1ab66870cc37323474a75a13 introduced kernel
>> crash in case PV guest fails to register NMI callback. All x86_64
>> PV guests will fail to boot on top of such hypervisors (RHEL5
>> example):
>>
>> (XEN) traps.c:405:d7 Unhandled invalid opcode fault/trap [#6] in domain 7 on VCPU 0 [ec=0000]
>> (XEN) domain_crash_sync called from entry.S
>> (XEN) Domain 7 (vcpu#0) crashed on cpu#3:
>> (XEN) ----[ Xen-3.1.2-389.el5 x86_64 debug=n Not tainted ]----
>> (XEN) CPU: 3
>> (XEN) RIP: e033:[<ffffffff81004d96>]
>> (XEN) RFLAGS: 0000000000000282 CONTEXT: guest
>> (XEN) rax: ffffffffffffffea rbx: 0000000000000000 rcx: 0000000000000002
>> (XEN) rdx: 0000000000000001 rsi: ffffffff81b0fe28 rdi: 0000000000000000
>> (XEN) rbp: ffffffff81b0fe40 rsp: ffffffff81b0fde8 r8: 0000000000000000
>> (XEN) r9: ffffffff81b0fdd0 r10: 0000000000007ff0 r11: 00000000ffffffff
>> (XEN) r12: ffffffff81d65900 r13: 0000000000000000 r14: 0000000000000000
>> (XEN) r15: 0000000000000000 cr0: 0000000080050033 cr4: 00000000000026b0
>> (XEN) cr3: 000000013a263000 cr2: 0000000000000000
>> (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e02b cs: e033
>> ...
>>
>> However it is possible to proceed without NMI callback registered.
>> Change BUG() with warning in case of -EINVAL.
>>
>> Signed-off-by: Vitaly Kuznetsov <[email protected]>
>
> Oh, we had a similar patch - somebody reported it earlier - and we
> just checked the version of Xen:
>
> http://lists.xenproject.org/archives/html/xen-devel/2014-05/msg01474.html
>
> But I can't remember why I didn't post it.
>
> However I do like your path of checking the 'ret'.
>
> Vitaly, could expand your patch to also do a check in cvt_gate_to_trap
> so that it won't enable the NMI handler and then lets pick your
> patch?
Sure,
I also suggest we lower the required xen version to 3.2 instead of 4.0
as 3.2 has the following:
commit a2308fa704a40f23916a176d9e06bbc0e3469caf
Author: Keir Fraser <[email protected]>
Date: Mon Oct 22 13:04:32 2007 +0100
x86: Allow NMI callback CS to be specified via set_trap_table()
hypercall.
Based on a patch by Jan Beulich.
Signed-off-by: Keir Fraser <[email protected]>
I'll update my patch and re-send it.
>
>> ---
>> arch/x86/xen/setup.c | 11 ++++++++++-
>> 1 file changed, 10 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c
>> index 821a11a..5b8b180 100644
>> --- a/arch/x86/xen/setup.c
>> +++ b/arch/x86/xen/setup.c
>> @@ -593,8 +593,17 @@ void xen_enable_syscall(void)
>> void xen_enable_nmi(void)
>> {
>> #ifdef CONFIG_X86_64
>> - if (register_callback(CALLBACKTYPE_nmi, (char *)nmi))
>> + int ret;
>> +
>> + ret = register_callback(CALLBACKTYPE_nmi, (char *)nmi);
>> + if (ret == -EINVAL) {
>> + /* Hypervisor probably forbids us to register NMI callback,
>> + that is expected when running on top of Xen-3.1 and older */
>> + pr_warn("xen: failed to register NMI callback\n");
>> + } else if (ret != 0) {
>> + /* Other hypervisor failure */
>> BUG();
>> + }
>> #endif
>> }
>> void __init xen_pvmmu_arch_setup(void)
>> --
>> 1.9.3
>>
--
Vitaly
On 06/13/2014 08:45 AM, Konrad Rzeszutek Wilk wrote:
> On Fri, Jun 13, 2014 at 01:26:28PM +0200, Vitaly Kuznetsov wrote:
>> some old Xen hypervisors (prior to 3.2) forbid DomUs to register
>> NMI callbacks. E.g. we have the following code in xen-3.1:
>>
>> if ( (d->domain_id != 0) || (v->vcpu_id != 0) )
>> return -EINVAL;
>>
>> Commit 6efa20e49b9cb1db1ab66870cc37323474a75a13 introduced kernel
>> crash in case PV guest fails to register NMI callback. All x86_64
>> PV guests will fail to boot on top of such hypervisors (RHEL5
>> example):
>>
>> (XEN) traps.c:405:d7 Unhandled invalid opcode fault/trap [#6] in domain 7 on VCPU 0 [ec=0000]
>> (XEN) domain_crash_sync called from entry.S
>> (XEN) Domain 7 (vcpu#0) crashed on cpu#3:
>> (XEN) ----[ Xen-3.1.2-389.el5 x86_64 debug=n Not tainted ]----
>> (XEN) CPU: 3
>> (XEN) RIP: e033:[<ffffffff81004d96>]
>> (XEN) RFLAGS: 0000000000000282 CONTEXT: guest
>> (XEN) rax: ffffffffffffffea rbx: 0000000000000000 rcx: 0000000000000002
>> (XEN) rdx: 0000000000000001 rsi: ffffffff81b0fe28 rdi: 0000000000000000
>> (XEN) rbp: ffffffff81b0fe40 rsp: ffffffff81b0fde8 r8: 0000000000000000
>> (XEN) r9: ffffffff81b0fdd0 r10: 0000000000007ff0 r11: 00000000ffffffff
>> (XEN) r12: ffffffff81d65900 r13: 0000000000000000 r14: 0000000000000000
>> (XEN) r15: 0000000000000000 cr0: 0000000080050033 cr4: 00000000000026b0
>> (XEN) cr3: 000000013a263000 cr2: 0000000000000000
>> (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e02b cs: e033
>> ...
>>
>> However it is possible to proceed without NMI callback registered.
>> Change BUG() with warning in case of -EINVAL.
>>
>> Signed-off-by: Vitaly Kuznetsov <[email protected]>
> Oh, we had a similar patch - somebody reported it earlier - and we
> just checked the version of Xen:
>
> http://lists.xenproject.org/archives/html/xen-devel/2014-05/msg01474.html
>
> But I can't remember why I didn't post it.
>
> However I do like your path of checking the 'ret'.
Should we be checking both ret and version? NMI callback registration
can return -EINVAL for other reasons (non-canonical address, for example).
-boris
>
> Vitaly, could expand your patch to also do a check in cvt_gate_to_trap
> so that it won't enable the NMI handler and then lets pick your
> patch?
>
>> ---
>> arch/x86/xen/setup.c | 11 ++++++++++-
>> 1 file changed, 10 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c
>> index 821a11a..5b8b180 100644
>> --- a/arch/x86/xen/setup.c
>> +++ b/arch/x86/xen/setup.c
>> @@ -593,8 +593,17 @@ void xen_enable_syscall(void)
>> void xen_enable_nmi(void)
>> {
>> #ifdef CONFIG_X86_64
>> - if (register_callback(CALLBACKTYPE_nmi, (char *)nmi))
>> + int ret;
>> +
>> + ret = register_callback(CALLBACKTYPE_nmi, (char *)nmi);
>> + if (ret == -EINVAL) {
>> + /* Hypervisor probably forbids us to register NMI callback,
>> + that is expected when running on top of Xen-3.1 and older */
>> + pr_warn("xen: failed to register NMI callback\n");
>> + } else if (ret != 0) {
>> + /* Other hypervisor failure */
>> BUG();
>> + }
>> #endif
>> }
>> void __init xen_pvmmu_arch_setup(void)
>> --
>> 1.9.3
>>
On 13/06/14 12:26, Vitaly Kuznetsov wrote:
>
> --- a/arch/x86/xen/setup.c
> +++ b/arch/x86/xen/setup.c
> @@ -593,8 +593,17 @@ void xen_enable_syscall(void)
> void xen_enable_nmi(void)
> {
> #ifdef CONFIG_X86_64
> - if (register_callback(CALLBACKTYPE_nmi, (char *)nmi))
> + int ret;
> +
> + ret = register_callback(CALLBACKTYPE_nmi, (char *)nmi);
> + if (ret == -EINVAL) {
> + /* Hypervisor probably forbids us to register NMI callback,
> + that is expected when running on top of Xen-3.1 and older */
> + pr_warn("xen: failed to register NMI callback\n");
> + } else if (ret != 0) {
> + /* Other hypervisor failure */
> BUG();
I don't think we ever want to BUG() if this hypercall fails. Just print
a warning.
David