Xen project Mailing List

Re: [PATCH v3 2/4] x86/hvm: fix handling of accesses to partial r/o MMIO pages

To: Roger Pau Monne <roger.pau@xxxxxxxxxx>

Date: Thu, 17 Apr 2025 17:38:54 +0200

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 17 Apr 2025 15:39:06 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 17.04.2025 17:25, Roger Pau Monne wrote: > --- a/xen/arch/x86/hvm/emulate.c > +++ b/xen/arch/x86/hvm/emulate.c > @@ -370,7 +370,15 @@ static int hvmemul_do_io( > /* If there is no suitable backing DM, just ignore accesses */ > if ( !s ) > { > - if ( is_mmio && is_hardware_domain(currd) ) > + if ( is_mmio && is_hardware_domain(currd) && > + /* > + * Do not attempt to fixup write accesses to r/o MMIO > regions, > + * they are expected to be terminated by the null handler > + * below. > + */ > + (!rangeset_contains_singleton(mmio_ro_ranges, > + PFN_DOWN(addr)) || > + dir == IOREQ_READ) ) These two would better be swapped, for the cheap one to be done first. > --- /dev/null > +++ b/xen/arch/x86/hvm/mmio.c > @@ -0,0 +1,125 @@ > +/* SPDX-License-Identifier: GPL-2.0-only */ > +/* > + * MMIO related routines. > + * > + * Copyright (c) 2025 Cloud Software Group > + */ > + > +#include <xen/io.h> > +#include <xen/mm.h> > + > +#include <asm/p2m.h> > + > +static int cf_check subpage_mmio_accept(struct vcpu *v, unsigned long addr) > +{ > + p2m_type_t t; > + mfn_t mfn = get_gfn_query_unlocked(v->domain, PFN_DOWN(addr), &t); > + > + return !mfn_eq(mfn, INVALID_MFN) && t == p2m_mmio_direct && > + subpage_mmio_find_page(mfn); > +} > + > +/* > + * The guest has read access to those regions, and consequently read accesses > + * shouldn't fault. However read-modify-write operations may take this path, > + * so handling of reads is necessary. > + */ > +static int cf_check subpage_mmio_read( > + struct vcpu *v, unsigned long addr, unsigned int len, unsigned long > *data) > +{ > + struct domain *d = v->domain; > + unsigned long gfn = PFN_DOWN(addr); > + p2m_type_t t; > + mfn_t mfn; > + struct subpage_ro_range *entry; > + volatile void __iomem *mem; > + > + *data = ~0UL; > + > + if ( !IS_ALIGNED(len | addr, len) ) What's the point of doing the | ? len can't be misaligned with itself? > --- a/xen/arch/x86/include/asm/mm.h > +++ b/xen/arch/x86/include/asm/mm.h > @@ -554,6 +554,18 @@ int cf_check mmio_ro_emulated_write( > enum x86_segment seg, unsigned long offset, void *p_data, > unsigned int bytes, struct x86_emulate_ctxt *ctxt); > > +/* r/o MMIO subpage access handlers. */ > +struct subpage_ro_range { > + struct list_head list; > + mfn_t mfn; > + void __iomem *mapped; > + DECLARE_BITMAP(ro_elems, PAGE_SIZE / MMIO_RO_SUBPAGE_GRAN); > +}; > +struct subpage_ro_range *subpage_mmio_find_page(mfn_t mfn); > +void __iomem *subpage_mmio_map_page(struct subpage_ro_range *entry); I notice you didn't move the __iomem, which - as indicated - I agree with, but Andrew didn't. Did you sort this with him privately? Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.