x86/desc: Build boot_{,compat_}gdt[] in C ... where we can at least get the compiler to fill in the surrounding space without having to do it manually. This also results in the symbols having proper type/size information in the debug symbols. Reorder 'raw' in the seg_desc_t union to allow for easier initialisation. Leave a comment explaining the various restrictions we have on altering the GDT layout. No functional change. Signed-off-by: Andrew Cooper Introduce SEL2GDT(). Correct GDT indices in public header. Signed-off-by: Jan Beulich --- v2: Address my own v1 review comments. Re-base. --- There is plenty more cleanup which can be done in the future. As we are 64-bit, there is no need for load_TR() to keep the TSS in sync between the two GDTs, which means it can drop all sgdt/lgdt instructions. Also, __HYPERVISOR_CS32 is unused and could be dropped. As is demonstrated by the required includes, asm/desc.h is a tangle in need of some cleanup. The SYSEXIT GDT requirements are: R0 long code, R0 data, R3 compat code, R3 data, R3 long code, R3 data. We could make Xen compatible by shifting the R0 code/data down by one slot, moving R0 compat code elsewhere and replacing it with another R3 data. However, this seems like a fairly pointless exercise, as the only thing it will do is change the magic numbers which developers have become accustom to seeing in backtraces. --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -21,6 +21,7 @@ obj-$(CONFIG_PV) += compat.o x86_64/comp obj-$(CONFIG_KEXEC) += crash.o obj-y += debug.o obj-y += delay.o +obj-y += desc.o obj-bin-y += dmi_scan.init.o obj-y += domctl.o obj-y += domain.o --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -2,7 +2,6 @@ #include #include #include -#include #include #include #include --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -43,44 +43,11 @@ ENTRY(__high_start) multiboot_ptr: .long 0 - .word 0 -GLOBAL(boot_gdtr) - .word LAST_RESERVED_GDT_BYTE - .quad boot_gdt - FIRST_RESERVED_GDT_BYTE - GLOBAL(stack_start) .quad cpu0_stack .section .data.page_aligned, "aw", @progbits .align PAGE_SIZE, 0 -GLOBAL(boot_gdt) - .quad 0x0000000000000000 /* unused */ - .quad 0x00af9b000000ffff /* 0xe008 ring 0 code, 64-bit mode */ - .quad 0x00cf93000000ffff /* 0xe010 ring 0 data */ - .quad 0x0000000000000000 /* reserved */ - .quad 0x00cffb000000ffff /* 0xe023 ring 3 code, compatibility */ - .quad 0x00cff3000000ffff /* 0xe02b ring 3 data */ - .quad 0x00affb000000ffff /* 0xe033 ring 3 code, 64-bit mode */ - .quad 0x00cf9b000000ffff /* 0xe038 ring 0 code, compatibility */ - .fill (PER_CPU_GDT_ENTRY - __HYPERVISOR_CS32 / 8 - 1), 8, 0 - .quad 0x0000910000000000 /* per-CPU entry (limit == cpu) */ - - .align PAGE_SIZE, 0 -/* NB. Even rings != 0 get access to the full 4Gb, as only the */ -/* (compatibility) machine->physical mapping table lives there. */ -GLOBAL(boot_compat_gdt) - .quad 0x0000000000000000 /* unused */ - .quad 0x00af9b000000ffff /* 0xe008 ring 0 code, 64-bit mode */ - .quad 0x00cf93000000ffff /* 0xe010 ring 0 data */ - .quad 0x00cfbb000000ffff /* 0xe019 ring 1 code, compatibility */ - .quad 0x00cfb3000000ffff /* 0xe021 ring 1 data */ - .quad 0x00cffb000000ffff /* 0xe02b ring 3 code, compatibility */ - .quad 0x00cff3000000ffff /* 0xe033 ring 3 data */ - .quad 0x00cf9b000000ffff /* 0xe038 ring 0 code, compatibility */ - .fill (PER_CPU_GDT_ENTRY - __HYPERVISOR_CS32 / 8 - 1), 8, 0 - .quad 0x0000910000000000 /* per-CPU entry (limit == cpu) */ - .align PAGE_SIZE, 0 - /* * Mapping of first 2 megabytes of memory. This is mapped with 4kB mappings * to avoid type conflicts with fixed-range MTRRs covering the lowest megabyte --- /dev/null +++ b/xen/arch/x86/desc.c @@ -0,0 +1,109 @@ +#include +#include +#include +#include + +#include + +/* + * Native and Compat GDTs used by Xen. + * + * The R1 and R3 descriptors are fixed in Xen's ABI for PV guests. All other + * descriptors are in principle variable, with the following restrictions. + * + * All R0 descriptors must line up in both GDTs to allow for correct + * interrupt/exception handling. + * + * The SYSCALL/SYSRET GDT layout requires: + * - R0 long mode code followed by R0 data. + * - R3 compat code, followed by R3 data, followed by R3 long mode code. + * + * The SYSENTER GDT layout requirements are compatible with SYSCALL. Xen does + * not use the SYSEXIT instruction, and does not provide a compatible GDT. + * + * These tables are used directly by CPU0, and used as the template for the + * GDTs of other CPUs. Everything from the TSS onwards is unique per CPU. + */ + +#define SEL2GDT(sel) (((sel) >> 3) - FIRST_RESERVED_GDT_ENTRY) + +__section(".data.page_aligned") __aligned(PAGE_SIZE) +seg_desc_t boot_gdt[PAGE_SIZE / sizeof(seg_desc_t)] = +{ + /* 0xe008 - Ring 0 code, 64bit mode */ + [SEL2GDT(__HYPERVISOR_CS64)] = { 0x00af9b000000ffff }, + + /* 0xe010 - Ring 0 data */ + [SEL2GDT(__HYPERVISOR_DS32)] = { 0x00cf93000000ffff }, + + /* 0xe018 - reserved */ + + /* 0xe023 - Ring 3 code, compatibility */ + [SEL2GDT(FLAT_RING3_CS32)] = { 0x00cffb000000ffff }, + + /* 0xe02b - Ring 3 data */ + [SEL2GDT(FLAT_RING3_DS32)] = { 0x00cff3000000ffff }, + + /* 0xe033 - Ring 3 code, 64-bit mode */ + [SEL2GDT(FLAT_RING3_CS64)] = { 0x00affb000000ffff }, + + /* 0xe038 - Ring 0 code, compatibility */ + [SEL2GDT(__HYPERVISOR_CS32)] = { 0x00cf9b000000ffff }, + + /* 0xe040 - TSS */ + /* 0xe050 - LDT */ + + /* 0xe060 - per-CPU entry (limit == cpu) */ + [SEL2GDT(PER_CPU_GDT_SELECTOR)] = { 0x0000910000000000 }, +}; + +__section(".data.page_aligned") __aligned(PAGE_SIZE) +seg_desc_t boot_compat_gdt[PAGE_SIZE / sizeof(seg_desc_t)] = +{ + /* 0xe008 - Ring 0 code, 64bit mode */ + [SEL2GDT(__HYPERVISOR_CS64)] = { 0x00af9b000000ffff }, + + /* 0xe010 - Ring 0 data */ + [SEL2GDT(__HYPERVISOR_DS32)] = { 0x00cf93000000ffff }, + + /* 0xe019 - Ring 1 code, compatibility */ + [SEL2GDT(FLAT_COMPAT_RING1_CS)] = { 0x00cfbb000000ffff }, + + /* 0xe021 - Ring 1 data */ + [SEL2GDT(FLAT_COMPAT_RING1_DS)] = { 0x00cfb3000000ffff }, + + /* 0xe02b - Ring 3 code, compatibility */ + [SEL2GDT(FLAT_COMPAT_RING3_CS)] = { 0x00cffb000000ffff }, + + /* 0xe033 - Ring 3 data */ + [SEL2GDT(FLAT_COMPAT_RING3_DS)] = { 0x00cff3000000ffff }, + + /* 0xe038 - Ring 0 code, compatibility */ + [SEL2GDT(__HYPERVISOR_CS32)] = { 0x00cf9b000000ffff }, + + /* 0xe040 - TSS */ + /* 0xe050 - LDT */ + + /* 0xe060 - per-CPU entry (limit == cpu) */ + [SEL2GDT(PER_CPU_GDT_SELECTOR)] = { 0x0000910000000000 }, +}; + +/* + * Used by each CPU as it starts up, to enter C with a suitable %cs. + * References boot_cpu_gdt_table for a short period, until the CPUs switch + * onto their per-CPU GDTs. + */ +struct desc_ptr boot_gdtr = { + .limit = LAST_RESERVED_GDT_BYTE, + .base = (unsigned long)(boot_gdt - FIRST_RESERVED_GDT_ENTRY), +}; + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ --- a/xen/include/asm-x86/desc.h +++ b/xen/include/asm-x86/desc.h @@ -107,10 +107,10 @@ #define SYS_DESC_trap_gate 15 typedef union { + uint64_t raw; struct { uint32_t a, b; }; - uint64_t raw; } seg_desc_t; typedef union { --- a/xen/include/public/arch-x86/xen-x86_64.h +++ b/xen/include/public/arch-x86/xen-x86_64.h @@ -44,11 +44,11 @@ */ #define FLAT_RING3_CS32 0xe023 /* GDT index 260 */ -#define FLAT_RING3_CS64 0xe033 /* GDT index 261 */ -#define FLAT_RING3_DS32 0xe02b /* GDT index 262 */ +#define FLAT_RING3_DS32 0xe02b /* GDT index 261 */ +#define FLAT_RING3_CS64 0xe033 /* GDT index 262 */ #define FLAT_RING3_DS64 0x0000 /* NULL selector */ -#define FLAT_RING3_SS32 0xe02b /* GDT index 262 */ -#define FLAT_RING3_SS64 0xe02b /* GDT index 262 */ +#define FLAT_RING3_SS32 0xe02b /* GDT index 261 */ +#define FLAT_RING3_SS64 0xe02b /* GDT index 261 */ #define FLAT_KERNEL_DS64 FLAT_RING3_DS64 #define FLAT_KERNEL_DS32 FLAT_RING3_DS32