From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Mon, 10 Mar 2014 10:18:05 +0000 (+0100)
Subject: x86/schedule: remove noreturn from schedule_tail() function pointer
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~5501
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks://%22Dat/%22http:/www.example.com/cgi/%22https:/%22bookmarks:/%22Dat?a=commitdiff_plain;h=7fb8e8b4e58cdd0a4ac457fd25342b35b6851521;p=xen.git

x86/schedule: remove noreturn from schedule_tail() function pointer

XenServer has recently had a support case where this bugframe in
context_switch() was hit, presumably from a corrupt function pointer as the
vcpu pointer was fine.

On balance, it is better to leave the bugframe around for peace of mind in
exceptional circumstances, than to use the optimisations provided by noreturn.

At any meaningful levels of optimisation, the noreturn causes the bugframe to
be optimised out, meaning that any exceptional returns fall into unlikely
branches, which will result in very weird behaviour.

The unreachable() in BUG() does the useful part of noreturn for us, allowing
the compiler not to mess about restoring stack frames etc, but causes a ud2
instruction to be present.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/include/asm-x86/current.h b/xen/include/asm-x86/current.h
index 4d1f20e16d..2081015ff9 100644
--- a/xen/include/asm-x86/current.h
+++ b/xen/include/asm-x86/current.h
@@ -67,7 +67,15 @@ static inline struct cpu_info *get_cpu_info(void)
         unreachable();                                                  \
     })
 
-#define schedule_tail(vcpu) (((vcpu)->arch.schedule_tail)(vcpu))
+/*
+ * Schedule tail *should* be a terminal function pointer, but leave a bugframe
+ * around just incase it returns, to save going back into the context
+ * switching code and leaving a far more subtle crash to diagnose.
+ */
+#define schedule_tail(vcpu) do {                \
+        (((vcpu)->arch.schedule_tail)(vcpu));   \
+        BUG();                                  \
+    } while (0)
 
 /*
  * Which VCPU's state is currently running on each CPU?
diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
index 49f7c0c231..4ff89f01ea 100644
--- a/xen/include/asm-x86/domain.h
+++ b/xen/include/asm-x86/domain.h
@@ -395,7 +395,7 @@ struct arch_vcpu
 
     unsigned long      flags; /* TF_ */
 
-    void noreturn (*schedule_tail) (struct vcpu *);
+    void (*schedule_tail) (struct vcpu *);
 
     void (*ctxt_switch_from) (struct vcpu *);
     void (*ctxt_switch_to) (struct vcpu *);