From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH RFC 2/9] x86/traps: Make panic and reboot
 paths safe during early boot
Date: Thu, 15 May 2014 11:53:37 +0100
Message-ID: <53749CB1.3010008@citrix.com>
References: <1400147299-31772-1-git-send-email-andrew.cooper3@citrix.com>
	<1400147299-31772-3-git-send-email-andrew.cooper3@citrix.com>
	<5374B0D00200007800012889@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <5374B0D00200007800012889@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: Tim Deegan <tim@xen.org>, Keir Fraser <keir@xen.org>, Xen-devel <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

On 15/05/14 11:19, Jan Beulich wrote:
>>>> On 15.05.14 at 11:48, <andrew.cooper3@citrix.com> wrote:
>> Make use of SYS_STATE_smp_boot to help machine_{halt,restart}() know if/when
>> it is safe to enable interrupts and access the local apic to send IPIs.
>> Before system_state == SYS_STATE_smp_boot, we can be certain that only the BSP
>> is running.
> Hmm, tying SMP boot and IRQ enabling together seems a little
> problematic, even if on x86 the former happens soon after the latter
> right now. Perhaps these ought to be distinct states?

Which states would you suggest then?

The key problems I encountered were pagefaults before the LAPIC has its
mmio region mapped, and x2apic_enabled isn't correct until apic_init(),
risking a pagefault for the MMIO region and protection fault from the MSRs.

>
>> --- a/xen/arch/x86/mm.c
>> +++ b/xen/arch/x86/mm.c
>> @@ -5246,7 +5246,7 @@ static l3_pgentry_t *virt_to_xen_l3e(unsigned long v)
>>      pl4e = &idle_pg_table[l4_table_offset(v)];
>>      if ( !(l4e_get_flags(*pl4e) & _PAGE_PRESENT) )
>>      {
>> -        bool_t locking = system_state > SYS_STATE_boot;
>> +        bool_t locking = system_state >= SYS_STATE_active;
> Did you just mechanically adjust occurrences like this one, to (as the
> description says) have their semantics remain identical? I ask because
> it would seem to me that here you'd likely better change the semantics
> by keeping the code unchanged.
>
>> --- a/xen/common/symbols.c
>> +++ b/xen/common/symbols.c
>> @@ -96,7 +96,7 @@ static unsigned int get_symbol_offset(unsigned long pos)
>>  bool_t is_active_kernel_text(unsigned long addr)
>>  {
>>      return (is_kernel_text(addr) ||
>> -            (system_state == SYS_STATE_boot && is_kernel_inittext(addr)));
>> +            (system_state < SYS_STATE_active && is_kernel_inittext(addr)));
> And here, contrary to the description, you actually do a semantic
> (but correct!) change.
>
> Jan
>

I attempted to change each of them such that SYS_STATE_boot and
SYS_STATE_smp_boot acted the same, and that further insertions of new
states wouldn't require changes quite this wide.

~Andrew