[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN v2] xen/Arm: Enforce alignment check for atomic read/write

  • To: Julien Grall <julien@xxxxxxx>, Ayan Kumar Halder <ayankuma@xxxxxxx>, "Ayan Kumar Halder" <ayan.kumar.halder@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Michal Orzel <michal.orzel@xxxxxxx>
  • Date: Tue, 8 Nov 2022 08:26:13 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=xen.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0ig6oVucpi1bLI4BiICYng/j57OErh4ZehuY3cKdoo4=; b=RE7UWcwvrXD/VoFax0q/433QLsHos25jVm4VATL1pAlog7c8dTJhJsgNAvjKxWQLGraR++bzKI5EYkL6TLgGXyhcj123Iz3RGSiB7w1Hml+BdOzITHJts3nGPxQAUlv4D0yjzX8kWLrKngjAGY4xu9m00KI0CUC4Y2UzzZa5e7zP9ex4oe5PfeisiSbiTThhVj+rIc8G57fgHnbVrlyGiPy8ssUPH5mP4fX7DcC8Lr0Jc3ghGxk6zv5eHYK4Q/ZYBPGnTkMM994ADZ5/nlj4a0+Wq20FNyyu4FEliVni8hQKwNqMErC3OUTSXm5TZfhmZ5BTJIyTOaONbcD+qzIK6w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l5Rr0k7uaNUzTc4N0RJx4WU31UmLdNhv+0f8JVY0PvQXS6r5xgRyzTJ442hKeDF/eH4mFw73cP4aoL5ooyVqHAXzuAor+uRd2YiKRP0uHGuTjeiDelUDgY9D08SE60ali+CJJYEwmmUnVCXo7wzstXrLCcbJjYUUrSFeVbfBVSu2LncEtqCbM28yYc3cA3PrE6cvBvUTc8Bo+V2b8eoAkMI57pHeT+EBE8yzbtYET8rMDiiAhUQsPDIgWIBd4ZPxe59fk8V25iqAt4EqRuQWCffRTRqUu1U4jcBng+W7BPDB7C4thNMzJ+3awignxB7NWf1y74/euzCaF8/lejKOYw==
  • Cc: <sstabellini@xxxxxxxxxx>, <stefanos@xxxxxxxxxx>, <Volodymyr_Babchuk@xxxxxxxx>, <bertrand.marquis@xxxxxxx>
  • Delivery-date: Tue, 08 Nov 2022 07:26:47 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hi Julien,

On 07/11/2022 19:06, Julien Grall wrote:
> 
> 
> Hi Ayan,
> 
> On 07/11/2022 12:49, Ayan Kumar Halder wrote:
>>
>> On 07/11/2022 10:44, Julien Grall wrote:
>>> Hi Ayan,
>> Hi Julien,
>>>
>>> On 07/11/2022 10:36, Ayan Kumar Halder wrote:
>>>>
>>>> On 06/11/2022 17:54, Julien Grall wrote:
>>>>> Hi Ayan,
>>>>
>>>> Hi Julien,
>>>>
>>>> I need some clarification.
>>>>
>>>>>
>>>>> To me the title and the explaination below suggests...
>>>>>
>>>>> On 04/11/2022 16:23, Ayan Kumar Halder wrote:
>>>>>> From: Ayan Kumar Halder <ayankuma@xxxxxxx>
>>>>>>
>>>>>> Refer ARM DDI 0487I.a ID081822, B2.2.1
>>>>>> "Requirements for single-copy atomicity
>>>>>>
>>>>>> - A read that is generated by a load instruction that loads a single
>>>>>> general-purpose register and is aligned to the size of the read in the
>>>>>> instruction is single-copy atomic.
>>>>>>
>>>>>> -A write that is generated by a store instruction that stores a single
>>>>>> general-purpose register and is aligned to the size of the write in
>>>>>> the
>>>>>> instruction is single-copy atomic"
>>>>>>
>>>>>> On AArch32, the alignment check is enabled at boot time by setting
>>>>>> HSCTLR.A bit.
>>>>>> ("HSCTLR, Hyp System Control Register").
>>>>>> However in AArch64, alignment check is not enabled at boot time.
>>>>>
>>>>> ... you want to enable the alignment check on AArch64 always.
>>>>
>>>> I want to enable alignment check *only* for atomic access.
>>>>
>>>> May be I should remove this line --> "However in AArch64, alignment
>>>> check is not enabled at boot time.".
>>>>
>>>>> However, this is not possible to do because memcpy() is using
>>>>> unaligned access.
>>>> This is a non atomic access. So the commit does not apply here.
>>>
>>> Right, but your commit message refers to the alignment check on arm32.
>>> You wrote too much for someone to wonder but not enough to explain why
>>> we can't enable the alignment check on arm64.
>>>
>>>>>
>>>>> I think the commit message/title should clarify that the check is
>>>>> *only* done during debug build. IOW, there are no enforcement in
>>>>> producation build.
>>>>
>>>> AFAICS read_atomic()/write_atomic() is enabled during non debug
>>>> builds (ie CONFIG_DEBUG=n) as well.
>>>
>>> My point was that ASSERT() is a NOP in production build. So you
>>> effectively the enforcement happens only in debug build.
>>>
>>> IOW, unless you test exhaustively with a debug build, you may never
>>> notice that the access was not atomic.
>>
>> This makes sense.
>>
>> Does the following commit message look better ?
>>
>> xen/Arm: Enforce alignment check for atomic read/write
> 
> title:
> 
> xen/arm: Enforce alignment check in debug build for {read, write}_atomic
> 
>>
>> Refer ARM DDI 0487I.a ID081822, B2.2.1
>> "Requirements for single-copy atomicity
>>
>> - A read that is generated by a load instruction that loads a single
>> general-purpose register and is aligned to the size of the read in the
>> instruction is single-copy atomic.
>>
>> -A write that is generated by a store instruction that stores a single
>> general-purpose register and is aligned to the size of the write in the
>> instruction is single-copy atomic"
>>
>> Thus, one needs to check for alignment when performing atomic operations.
>> However, as ASSERT() are disabled in production builds, so one needs to
> 
> This seems to be a bit out of context because you don't really explain
> that ASSERT() would be used. Also...
> 
>> run the debug builds to catch any unaligned access during atomic
>> operations.
>> Enforcing alignment checks during production build has quite a high
>> overhead.
>>
>> On AArch32, the alignment check is enabled at boot time by setting
>> HSCTLR.A bit.
>> ("HSCTLR, Hyp System Control Register").
>> However, on AArch64, memcpy()/memset() may be used on 64bit unaligned
>> addresses.
>> Thus, one does not wish to enable alignment check at boot time.
> 
> ... to me this paragraph should be first because this explained why we
> can't check in production. So how about the following commit message:
> 
> "
> xen/arm: Enforce alignment check in debug build for {read, write}_atomic
> 
> Xen provides helper to atomically read/write memory (see {read,
> write}_atomic()). Those helpers can only work if the address is aligned
> to the size of the access (see B2.2.1 ARM DDI 08476I.a).
> 
> On Arm32, the alignment is already enforced by the processor because
> HSCTLR.A bit is set (it enforce alignment for every access). For Arm64,
> this bit is not set because memcpy()/memset() can use unaligned access
> for performance reason (the implementation is taken from the Cortex
> library).
> 
> To avoid any overhead in production build, the alignment will only be
> checked using an ASSERT. Note that it might be possible to do it in
> production build using the acquire/exclusive version of load/store. But
> this is left to a follow-up (if wanted).
> "
This reads very well.

> 
> While trying to find a justification for the debug version. I was
> wondering whether we could actually use the acquire or exclusive
> version. I am not entirely sure about the overhead.
> 
>>
>> Signed-off-by: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>
>> Reviewed-by: Michal Orzel <michal.orzel@xxxxxxx>
>> Reviewed-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
>>
>> I think I can keep R-b as there is no code change ?
> 
> My signed-off-by will need to be added for the commit message I proposed
> above. So I would like Bertrand/Michal to confirm they are happy with it
> (I don't usually add my reviewed-by/acked-by for patch where my
> signed-off-by is added).
> 
You can keep my Rb and Bertrand or Stefano can ack it, so that we can avoid
acking a patch by one of the authors.

> Cheers,
> 
> --
> Julien Grall

~Michal

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.