| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
details
The fault info should be useful to see what specifically BIOS tried to
do and why it faulted. E.g. it might allow to see which EFI memory
segment needs to be mapped in addition to normal runtime segments, to
work around the fault.
Reviewed by: kevans, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D48186
|
| |
|
|
|
|
|
|
| |
Suggested by: markj
Reviewed by: kevans, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D48186
|
| |
|
|
|
|
|
|
|
|
| |
This macro has not been in use since commit "inline atomics and allow tied
modules to inline locks" (r335873, f4b3640475cec929).
Reviewed by: markj, kib, emaste, imp
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48061
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to match reality, allow using these functions with pointers on
const objects, and bring us closer to C11.
Remove the '+' modifier in the atomic_load_acq_64_i586()'s inline asm
statement's constraint for '*p' (the value to load). CMPXCHG8B always
writes back some value, even when the value exchange does not happen in
which case what was read is written back. atomic_load_acq_64_i586()
further takes care of the operation atomically writing back the same
value that was read in any case. All in all, this makes the inline
asm's write back undetectable by any other code, whether executing on
other CPUs or code on the same CPU before and after the call to
atomic_load_acq_64_i586(), except for the fact that CMPXCHG8B will
trigger a #GP(0) if the memory address is part of a read-only mapping.
This unfortunate property is however out of scope of the C abstract
machine, and in particular independent of whether the 'uint64_t' pointed
to is declared 'const' or not.
Approved by: markj (mentor)
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46887
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds several routines that track and expose information
about various XSAVE-related features. More specifically, it adds the
ability to check whether a given XFEATURE is supported and which XSAVE
extensions are supported. Furthermore, it adds several routines for
calculating the size and offsets within a save area given a XSAVE
feature bitmap.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D47394
|
| |
|
|
|
| |
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D46984
|
| |
|
|
|
|
|
|
|
|
| |
This refactor aims to add the ability to share performance counter
interrupts by refactoring the kernel-mode NMI handler. The handler now
allows multiple drivers to service the same interrupt (e.g. hwpmc(4)
and hwt(4)'s Intel Processor Trace backend).
Reviewed by: kib, avg
Differential Revision: https://reviews.freebsd.org/D46421
|
| |
|
|
|
|
| |
Noted by: rm
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
|
| |
|
|
|
| |
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
If you need to use libc with jemalloc without commit
eade2001aa9d91440886de8359a4dec9edcde2a9 (head, or
b90d68c9b28b0a458bdf4a963397817974ed0f90 stable/14), you have to set
vm.pmap.la57 to 0 for system-global effect, or use proccontrol -m la48
on affected image.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D47675
|
| |
|
|
|
| |
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D47674
|
| |
|
|
|
| |
Fixes: 0b32ef71f9f1 ("vmm: Correctly suspend and resume the vmm driver.")
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, VMXON would be executed on a resume, contrary to proper
initalization. The contents of MSR_IA32_FEATURE_CONTROL may be lost on
suspension, therefore must be restored. Likewise, the VMX Enable bit may be
cleared upon suspend, requiring it to be re-set.
Concretely disable VMX on suspend, and re-enable it on resume.
Note: any IOMMU context will remain lost for any enabled vmm devices.
Signed-off-by: Joshua Rogers <Joshua@Joshua.Hu>
Reviewed by: jhb,imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1419
|
| |
|
|
|
|
|
|
|
|
|
| |
Following arm64 and risc-v, move definitions that describe
hardware-enforced layout of PTEs and #PF error bits, into a dedicated
header.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D47749
|
| |
|
|
|
|
|
|
|
|
|
| |
instead of constructing transient pte itself. This pre-set PG_A and
PG_M bits, avoiding atomic pte update on access and modification. Also
it set the nx bit, the mapping is not supposed to be used for executing.
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D47717
|
| |
|
|
|
|
|
|
|
| |
Based on alc@ comments from https://reviews.freebsd.org/D47678.
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D47717
|
| |
|
|
|
|
|
|
| |
PR: 282860
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D47694
|
| |
|
|
|
|
|
|
|
|
| |
For current architectures, these are just aliases for the existing
operation on the relevant scalar integer.
Reviewed by: imp, kib
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D47631
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
vmmops_modinit() needs to create a device file, and this must happen
after SI_SUB_DEVFS. On non-EARLY_AP_STARTUP platforms (i.e., !x86) this
happens already by accident, but we shouldn't rely on it.
On riscv, remove the current SI_SUB_SMP ordering since that was copied
from arm64 and isn't needed. In particular, riscv's vmmops_modinit()
does not call smp_rendezvous().
Reported by: Oleksandr Kryvulia <shuriku@shurik.kiev.ua>
Fixes: a97f683fe3c4 ("vmm: Add a device file interface for creating and destroying VMs")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This supersedes the sysctl interface, which has the limitations of being
root-only and not supporting automatic resource destruction, i.e., we
cannot easily destroy VMs automatically when bhyve terminates.
For now, two ioctls are implemented VMMCTL_VM_CREATE and
VMMCTL_VM_DESTROY. Eventually I would like to support tying a VM's
lifetime to that of the descriptor, so that it is automatically
destroyed when the descriptor is closed. However, this will require
some work in bhyve: when the guest wants to reboot, bhyve exits with a
status that indicates that it is to be restarted. This is incompatible
with the idea of tying a VM's lifetime to that of a descriptor, since we
want to avoid creating and destroying a VM across each reboot (as this
involves freeing all of the guest memory, among other things). One
possible design would be to decompose bhyve into two processes, a parent
which handles reboots, and a child which runs in capability mode and
handles guest execution.
In any case, this gets us closer to addressing the shortcomings
mentioned above.
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D47028
|
| |
|
|
|
|
|
|
| |
To avoid a conflict with the new amdiommu driver imported recently.
Fixes: 0f5116d7efe3 ("AMD IOMMU driver")
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D47415
|
| |
|
|
|
|
|
|
|
| |
None of these drivers are for bus devices, so bus_generic_* is not
appropriate. Most of these were nops except that detach would
actually "succeed" (but not do any cleanup).
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D47374
|
| |
|
|
|
|
|
|
|
|
|
| |
Load vcpu with acquire semantics as we are making a critical code
section between creating vcpu and using it.
Tested on risc-v only.
Pointed out by: markj
Reviewed by: jhb, markj
Differential Revision: https://reviews.freebsd.org/D47306
|
| | |
|
| |
|
|
|
|
|
| |
Reviewed by: markj, imp (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D47208
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the guest VM emits the exit code VM_EXITCODE_DB the kernel will
execute the function named vm_handle_db.
If the value of rsp is not page aligned and if rsp+sizeof(uint64_t)
spans across two pages, the function vm_copy_setup will need two structs
vm_copyinfo to prepare the copy operation.
For instance is rsp value is 0xFFC, two vm_copyinfo objects are needed:
* address=0xFFC, len=4
* address=0x1000, len=4
The vulnerability was addressed by commit 51fda658baa ("vmm: Properly
handle writes spanning across two pages in vm_handle_db"). Still,
replace the KASSERT with an error return as a more defensive approach.
Reported by: Synacktiv
Reviewed by markj, emaste
Security: HYP-09
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46133
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The vm_handle_db function is responsible for writing correct status
register values into memory when a guest VM is being single-stepped
using the RFLAGS.TF mechanism. However, it currently does not properly
handle an edge case where the resulting write spans across two pages.
This commit fixes this by making vm_handle_db use two vm_copy_info
structs.
Security: HYP-09
Reviewed by: markj
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Wrap long lines.
Remove redundand declaration.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case of an error in a code pattern like
```
uint64_t val;
error = memread(vcpu, gpa, &val, 1, arg);
error = vie_update_register(vcpu, reg, val, size);
```
uninitialized stack data would be used.
Reported by: Synacktiv
Reviewed by: markj
Security: HYP-21
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46107
|
| |
|
|
|
|
| |
Signed-off-by: Joshua Rogers <Joshua@Joshua.Hu>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1418
|
| |
|
|
|
|
|
|
| |
With the new 32-bit UEFI loader, it's convenient to have a sysctl to
figure out how we booted. Can be accessed at machdep.efi_arch
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1098
|
| |
|
|
|
|
|
|
| |
making LA48 processes have the same limit as with the pre-LA57 kernels.
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
| |
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
| |
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
| |
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
after the trip through protected mode. This is required by AMD64 ARM.
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
The bit is reserved for PLM5, causing #PF on KVA access on real
hardware, unlike QEMU.
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
AMD64 ARM states that 64bit part of the architectural state is undefined
after 32<->64 mode switching.
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
| |
Extend its storage to be compliant.
This is currently nop due to padding and nul gdt descriptor right after
the lgdt descriptor.
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
SDM is explicit that having CR4.PCID=1 while toggling CR3.PG causes #GP.
To be safe and to avoid some more effects, also turn off CR4.PGE.
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
Changing paging mode while LME is set seems to be not allowed.
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: jThe FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
Store %cr0 in %ebp. %rdx is needed for MSR access.
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
Literally follow requirements from SDM and execute jmp right after
%cr0 CR0_PG bit is toggled back.
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
| |
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
| |
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
| |
For rangeset-next search, use exact search rather than greater-than search.
Move a bit of the testing logic from the pmap code to the common rangeset code.
Reviewed by: kib (previous version)
Tested by: pho (previous version)
Differential Revision: https://reviews.freebsd.org/D46314
|
| |
|
|
|
| |
Reviewed by: imp, emaste
Pull Request: https://github.com/freebsd/freebsd-src/pull/1356
|
