rpms/kernel-xen-2.6/F-9 linux-2.6-xen-0154-Pull-xen_failsafe_callback-implementation-from-XenSo.patch, NONE, 1.1 linux-2.6-xen-0155-Save-fs-and-gs-before-load_TLS-and-arch_leave_la.patch, NONE, 1.1 linux-2.6-xen-0156-xen-64-Clear-fs-on-xen_load_tls.patch, NONE, 1.1 Makefile, 1.20, 1.21 Makefile.config, 1.20, 1.21 kernel.spec, 1.42, 1.43

Sun May 11 21:59:06 UTC 2008

Author: markmc

Update of /cvs/pkgs/rpms/kernel-xen-2.6/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22904

Modified Files:
	Makefile Makefile.config kernel.spec 
Added Files:
	linux-2.6-xen-0154-Pull-xen_failsafe_callback-implementation-from-XenSo.patch 
	linux-2.6-xen-0155-Save-fs-and-gs-before-load_TLS-and-arch_leave_la.patch 
	linux-2.6-xen-0156-xen-64-Clear-fs-on-xen_load_tls.patch 
Log Message:
* Sun May 11 2008 Mark McLoughlin <markmc at redhat.com>
- Fix oops during prelink (ehabkost, #442949)


linux-2.6-xen-0154-Pull-xen_failsafe_callback-implementation-from-XenSo.patch:

--- NEW FILE linux-2.6-xen-0154-Pull-xen_failsafe_callback-implementation-from-XenSo.patch ---
>From eaccc2c020f5beb8a521b0e35d8312dea38781a7 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost at redhat.com>
Date: Fri, 9 May 2008 11:47:16 -0300
Subject: [PATCH] Pull xen_failsafe_callback implementation from XenSource tree

Signed-off-by: Eduardo Habkost <ehabkost at redhat.com>
---
 arch/x86/xen/entry_64.S |   54 +++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 50 insertions(+), 4 deletions(-)

diff --git a/arch/x86/xen/entry_64.S b/arch/x86/xen/entry_64.S
index 5c8910b..1ae3b10 100644
--- a/arch/x86/xen/entry_64.S
+++ b/arch/x86/xen/entry_64.S
@@ -2,11 +2,57 @@ ENTRY(xen_hypervisor_callback)
 	zeroentry do_hypervisor_callback
 ENDPROC(xen_hypervisor_callback)
 
+# Hypervisor uses this for application faults while it executes.
+# We get here for two reasons:
+#  1. Fault while reloading DS, ES, FS or GS
+#  2. Fault while executing IRET
+# Category 1 we do not need to fix up as Xen has already reloaded all segment
+# registers that could be reloaded and zeroed the others.
+# Category 2 we fix up by killing the current process. We cannot use the
+# normal Linux return path in this case because if we use the IRET hypercall
+# to pop the stack frame we end up in an infinite loop of failsafe callbacks.
+# We distinguish between categories by comparing each saved segment register
+# with its current contents: any discrepancy means we in category 1.
 ENTRY(xen_failsafe_callback)
-	/*FIXME: implement me! */
-	ud2a
-ENDPROC(xen_failsafe_callback)
-
+	_frame (RIP-0x30)
+	CFI_REL_OFFSET rcx, 0
+	CFI_REL_OFFSET r11, 8
+	movw %ds,%cx
+	cmpw %cx,0x10(%rsp)
+	CFI_REMEMBER_STATE
+	jne 1f
+	movw %es,%cx
+	cmpw %cx,0x18(%rsp)
+	jne 1f
+	movw %fs,%cx
+	cmpw %cx,0x20(%rsp)
+	jne 1f
+	movw %gs,%cx
+	cmpw %cx,0x28(%rsp)
+	jne 1f
+	/* All segments match their saved values => Category 2 (Bad IRET). */
+	movq (%rsp),%rcx
+	CFI_RESTORE rcx
+	movq 8(%rsp),%r11
+	CFI_RESTORE r11
+	addq $0x30,%rsp
+	CFI_ADJUST_CFA_OFFSET -0x30
+	movq $11,%rdi	/* SIGSEGV */
+	jmp do_exit			
+	CFI_RESTORE_STATE
+1:	/* Segment mismatch => Category 1 (Bad segment). Retry the IRET. */
+	movq (%rsp),%rcx
+	CFI_RESTORE rcx
+	movq 8(%rsp),%r11
+	CFI_RESTORE r11
+	addq $0x30,%rsp
+	CFI_ADJUST_CFA_OFFSET -0x30
+	pushq $0
+	CFI_ADJUST_CFA_OFFSET 8
+	SAVE_ALL
+	jmp error_exit
+	CFI_ENDPROC
+END(xen_failsafe_callback)
 
 /*
  * Copied from arch/xen/i386/kernel/entry.S
-- 
1.5.4.1


linux-2.6-xen-0155-Save-fs-and-gs-before-load_TLS-and-arch_leave_la.patch:

--- NEW FILE linux-2.6-xen-0155-Save-fs-and-gs-before-load_TLS-and-arch_leave_la.patch ---
>From fdf2844a547a061a42cdb1ef49fb90e503494610 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost at redhat.com>
Date: Mon, 7 Apr 2008 15:40:43 -0300
Subject: [PATCH] Save %fs and %gs before load_TLS() and arch_leave_lazy_cpu_mode()

We must do this because load_TLS() may need to clear %fs and %gs,
such (e.g. under Xen).

Signed-off-by: Eduardo Habkost <ehabkost at redhat.com>
---
 arch/x86/kernel/process_64.c |   17 +++++++++++------
 1 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index cf9ff51..d3fba53 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -604,6 +604,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
 				 *next = &next_p->thread;
 	int cpu = smp_processor_id();
 	struct tss_struct *tss = &per_cpu(init_tss, cpu);
+	unsigned fsindex, gsindex;
 
 	/* we're going to use this soon, after a few expensive things */
 	if (next_p->fpu_counter>5)
@@ -626,6 +627,15 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
 	if (unlikely(next->ds | prev->ds))
 		loadsegment(ds, next->ds);
 
+
+	/* We must save %fs and %gs before load_TLS() because
+	 * %fs and %gs may be cleared by load_TLS().
+	 *
+	 * (e.g. xen_load_tls())
+	 */
+	asm volatile("movl %%fs,%0" : "=r" (fsindex)); 
+	asm volatile("movl %%gs,%0" : "=r" (gsindex)); 
+
 	load_TLS(next, cpu);
 
 	/*
@@ -641,8 +651,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
 	 * Switch FS and GS.
 	 */
 	{ 
-		unsigned fsindex;
-		asm volatile("movl %%fs,%0" : "=r" (fsindex)); 
 		/* segment register != 0 always requires a reload. 
 		   also reload when it has changed. 
 		   when prev process used 64bit base always reload
@@ -660,10 +668,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
 		if (next->fs) 
 			wrmsrl(MSR_FS_BASE, next->fs); 
 		prev->fsindex = fsindex;
-	}
-	{ 
-		unsigned gsindex;
-		asm volatile("movl %%gs,%0" : "=r" (gsindex)); 
+
 		if (unlikely(gsindex | next->gsindex | prev->gs)) {
 			load_gs_index(next->gsindex);
 			if (gsindex)
-- 
1.5.4.1


linux-2.6-xen-0156-xen-64-Clear-fs-on-xen_load_tls.patch:

--- NEW FILE linux-2.6-xen-0156-xen-64-Clear-fs-on-xen_load_tls.patch ---
>From 9952bb1c44a6efcb94d6cb084f556649d9bc3691 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost at redhat.com>
Date: Mon, 7 Apr 2008 15:48:00 -0300
Subject: [PATCH] xen-64: Clear %fs on xen_load_tls()

We need to do this, otherwise we can get a GPF on hypercall return
after TLS descriptor is cleared but %fs is still pointing to it.

Signed-off-by: Eduardo Habkost <ehabkost at redhat.com>
---
 arch/x86/xen/enlighten.c |   21 +++++++++++----------
 1 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 5509f11..42135b9 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -404,7 +404,6 @@ static void xen_load_tls(struct thread_struct *t, unsigned int cpu)
 
 	xen_mc_issue(PARAVIRT_LAZY_CPU);
 
-#ifdef CONFIG_X86_32
 	/*
 	 * XXX sleazy hack: If we're being called in a lazy-cpu zone,
 	 * it means we're in a context switch, and %gs has just been
@@ -414,20 +413,22 @@ static void xen_load_tls(struct thread_struct *t, unsigned int cpu)
 	 * loaded properly.  This will go away as soon as Xen has been
 	 * modified to not save/restore %gs for normal hypercalls.
 	 *
-	 * This hack is not used on x86_64, because:
-	 * - For %gs: x86_64 gs points to KERNEL_GS_BASE (and uses it for PDA
-	 *   references), so we must not zero %gs on x86_64
-	 * - For %fs: x86_64 may have %fs pointing to TLS descriptors, but
-	 *   __switch_to() reads %fs after load_TLS(). We can't clear it
+	 * On x86_64, this hack is not used for %gs, because gs points
+	 * to KERNEL_GS_BASE (and uses it for PDA references), so we
+	 * must not zero %gs on x86_64
 	 *
-	 * FIXME: we need to be sure we don't _need_ the hack on x86_64.
-	 * Can we get a #GP when switch back from the hypervisor if
-	 * TLS descriptor is cleared but %fs still points to it?
+	 * For x86_64, we need to zero %fs, otherwise we may
+	 * get an exception between the new %fs descriptor being
+	 * loaded and %fs being effectively cleared at __switch_to().
 	 */
 	if (paravirt_get_lazy_mode() == PARAVIRT_LAZY_CPU) {
+#ifdef CONFIG_X86_64
+		loadsegment(fs, 0);
+#endif
+#ifdef CONFIG_X86_32
 		loadsegment(gs, 0);
-	}
 #endif
+	}
 }
 
 #ifdef CONFIG_X86_64
-- 
1.5.4.1







Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel-xen-2.6/F-9/kernel.spec,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- kernel.spec	8 May 2008 09:15:17 -0000	1.42
+++ kernel.spec	11 May 2008 21:58:30 -0000	1.43
@@ -842,6 +842,9 @@
 Patch5150: linux-2.6-xen-0151-reserve_early-kernel-text-and-data-segments.patch
 Patch5151: linux-2.6-xen-0152-Xen-Clear-__START_KERNEL_map-PTEs-on-free_init_page.patch
 Patch5152: linux-2.6-xen-0153-Set-pvops-machine_ops-for-Xen-on-x86_64-also-MERGE.patch
+Patch5153: linux-2.6-xen-0154-Pull-xen_failsafe_callback-implementation-from-XenSo.patch
+Patch5154: linux-2.6-xen-0155-Save-fs-and-gs-before-load_TLS-and-arch_leave_la.patch
+Patch5155: linux-2.6-xen-0156-xen-64-Clear-fs-on-xen_load_tls.patch
 # kernel-xen patches end
 
 # Xen hypervisor patches (20000+)
@@ -1567,6 +1570,9 @@
 ApplyPatch linux-2.6-xen-0151-reserve_early-kernel-text-and-data-segments.patch
 ApplyPatch linux-2.6-xen-0152-Xen-Clear-__START_KERNEL_map-PTEs-on-free_init_page.patch
 ApplyPatch linux-2.6-xen-0153-Set-pvops-machine_ops-for-Xen-on-x86_64-also-MERGE.patch
+ApplyPatch linux-2.6-xen-0154-Pull-xen_failsafe_callback-implementation-from-XenSo.patch
+ApplyPatch linux-2.6-xen-0155-Save-fs-and-gs-before-load_TLS-and-arch_leave_la.patch
+ApplyPatch linux-2.6-xen-0156-xen-64-Clear-fs-on-xen_load_tls.patch
 %endif
 # kernel-xen apply end
 
@@ -2176,6 +2182,9 @@
 %kernel_variant_files -a /%{image_install_path}/xen*-%{KVERREL}.xen -e /etc/ld.so.conf.d/kernelcap-%{KVERREL}.xen.conf %{with_xen} xen
 
 %changelog
+* Sun May 11 2008 Mark McLoughlin <markmc at redhat.com>
+- Fix oops during prelink (ehabkost, #442949)
+
 * Thu May  8 2008 Mark McLoughlin <markmc at redhat.com>
 - Rebase to kernel-2_6_25-14_fc9
 


