| Message ID | CACMJ4GYBsg2TNNiYQqd5WTNiYRL6K9DxXWyPy5XReHd3fnCvpw@mail.gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
>>> On 09.08.17 at 03:01, <christopher.w.clark@gmail.com> wrote: > Move the point where interrupts are disabled in tboot_shutdown > to slightly later, to after the call to map_pages_to_xen. > > This patch originated in OpenXT with the following report: > > "Disabling interrupts early causes debug assertions. > > This is only seen with debug builds but since it causes assertions it is > probably a bigger problem. It clearly says in map_pages_to_xen that it > should not be called with interrupts disabled. Moved disabling to just > after that call." > > The Xen code comment ahead of map_pages_to_xen notes that the CPU cache > flushing in map_pages_to_xen differs depending on whether interrupts are > enabled or not. The flush logic with interrupts enabled is more > conservative, flushing all CPUs' TLBs/caches, rather than just local. > This is just before the tboot memory integrity MAC calculation is performed > in the case of entering S3. > > Original patch author credit: Ross Philipson. > > Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c index cc26821..59d7c47 100644 --- a/xen/arch/x86/tboot.c +++ b/xen/arch/x86/tboot.c @@ -341,8 +341,6 @@ void tboot_shutdown(uint32_t shutdown_type) g_tboot_shared->shutdown_type = shutdown_type; - local_irq_disable(); - /* Create identity map for tboot shutdown code. */ /* do before S3 integrity because mapping tboot may change xenheap */ map_base = PFN_DOWN(g_tboot_shared->tboot_base); @@ -357,6 +355,10 @@ void tboot_shutdown(uint32_t shutdown_type) return; } + /* Disable interrupts as early as possible but not prior to */ + /* calling map_pages_to_xen */ + local_irq_disable(); + /* if this is S3 then set regions to MAC */ if ( shutdown_type == TB_SHUTDOWN_S3 ) {
Move the point where interrupts are disabled in tboot_shutdown to slightly later, to after the call to map_pages_to_xen. This patch originated in OpenXT with the following report: "Disabling interrupts early causes debug assertions. This is only seen with debug builds but since it causes assertions it is probably a bigger problem. It clearly says in map_pages_to_xen that it should not be called with interrupts disabled. Moved disabling to just after that call." The Xen code comment ahead of map_pages_to_xen notes that the CPU cache flushing in map_pages_to_xen differs depending on whether interrupts are enabled or not. The flush logic with interrupts enabled is more conservative, flushing all CPUs' TLBs/caches, rather than just local. This is just before the tboot memory integrity MAC calculation is performed in the case of entering S3. Original patch author credit: Ross Philipson. Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com> --- xen/arch/x86/tboot.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)