[v2,2/2] s390x/pci: Fix memory_region_access_valid call

Message ID	1608243397-29428-3-git-send-email-mjrosato@linux.ibm.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=2nBp=FV=nongnu.org=qemu-devel-bounces+qemu-devel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9DD9923437 From: Matthew Rosato <mjrosato@linux.ibm.com> To: cohuck@redhat.com, thuth@redhat.com Subject: [PATCH v2 2/2] s390x/pci: Fix memory_region_access_valid call Date: Thu, 17 Dec 2020 17:16:37 -0500 Message-Id: <1608243397-29428-3-git-send-email-mjrosato@linux.ibm.com> In-Reply-To: <1608243397-29428-1-git-send-email-mjrosato@linux.ibm.com> References: <1608243397-29428-1-git-send-email-mjrosato@linux.ibm.com> Received-SPF: pass client-ip=148.163.158.5; envelope-from=mjrosato@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Cc: pmorel@linux.ibm.com, david@redhat.com, richard.henderson@linaro.org, qemu-devel@nongnu.org, pasic@linux.ibm.com, borntraeger@de.ibm.com, qemu-s390x@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>
Series	s390x/pci: some pcistb fixes \| expand [v2,0/2] s390x/pci: some pcistb fixes [v2,1/2] s390x/pci: fix pcistb length [v2,2/2] s390x/pci: Fix memory_region_access_valid call

Matthew Rosato Dec. 17, 2020, 10:16 p.m. UTC

In pcistb_service_handler, a call is made to validate that the memory
region can be accessed.  However, the call is made using the entire length
of the pcistb operation, which can be larger than the allowed memory
access size (8).  Since we already know that the provided buffer is a
multiple of 8, fix the call to memory_region_access_valid to iterate
over the memory region in the same way as the subsequent call to
memory_region_dispatch_write.

Fixes: 863f6f52b7 ("s390: implement pci instructions")
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
---
 hw/s390x/s390-pci-inst.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Thomas Huth Dec. 18, 2020, 6:10 a.m. UTC | #1

On 17/12/2020 23.16, Matthew Rosato wrote:
> In pcistb_service_handler, a call is made to validate that the memory
> region can be accessed.  However, the call is made using the entire length
> of the pcistb operation, which can be larger than the allowed memory
> access size (8).  Since we already know that the provided buffer is a
> multiple of 8, fix the call to memory_region_access_valid to iterate
> over the memory region in the same way as the subsequent call to
> memory_region_dispatch_write.
> 
> Fixes: 863f6f52b7 ("s390: implement pci instructions")
> Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
> ---
>  hw/s390x/s390-pci-inst.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
> index e230293..76b08a3 100644
> --- a/hw/s390x/s390-pci-inst.c
> +++ b/hw/s390x/s390-pci-inst.c
> @@ -821,10 +821,12 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uint8_t r3, uint64_t gaddr,
>      mr = s390_get_subregion(mr, offset, len);
>      offset -= mr->addr;
>  
> -    if (!memory_region_access_valid(mr, offset, len, true,
> -                                    MEMTXATTRS_UNSPECIFIED)) {
> -        s390_program_interrupt(env, PGM_OPERAND, ra);
> -        return 0;
> +    for (i = 0; i < len; i += 8) {
> +        if (!memory_region_access_valid(mr, offset + i, 8, true,
> +                                        MEMTXATTRS_UNSPECIFIED)) {
> +            s390_program_interrupt(env, PGM_OPERAND, ra);
> +            return 0;
> +        }
>      }
>  
>      if (s390_cpu_virt_mem_read(cpu, gaddr, ar, buffer, len)) {
> 

Reviewed-by: Thomas Huth <thuth@redhat.com>

Pierre Morel Dec. 18, 2020, 9:37 a.m. UTC | #2

On 12/17/20 11:16 PM, Matthew Rosato wrote:
> In pcistb_service_handler, a call is made to validate that the memory
> region can be accessed.  However, the call is made using the entire length
> of the pcistb operation, which can be larger than the allowed memory
> access size (8).  Since we already know that the provided buffer is a
> multiple of 8, fix the call to memory_region_access_valid to iterate
> over the memory region in the same way as the subsequent call to
> memory_region_dispatch_write.
> 
> Fixes: 863f6f52b7 ("s390: implement pci instructions")
> Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
> ---
>   hw/s390x/s390-pci-inst.c | 10 ++++++----
>   1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
> index e230293..76b08a3 100644
> --- a/hw/s390x/s390-pci-inst.c
> +++ b/hw/s390x/s390-pci-inst.c
> @@ -821,10 +821,12 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uint8_t r3, uint64_t gaddr,
>       mr = s390_get_subregion(mr, offset, len);
>       offset -= mr->addr;
>   
> -    if (!memory_region_access_valid(mr, offset, len, true,
> -                                    MEMTXATTRS_UNSPECIFIED)) {
> -        s390_program_interrupt(env, PGM_OPERAND, ra);
> -        return 0;
> +    for (i = 0; i < len; i += 8) {
> +        if (!memory_region_access_valid(mr, offset + i, 8, true,
> +                                        MEMTXATTRS_UNSPECIFIED)) {
> +            s390_program_interrupt(env, PGM_OPERAND, ra);
> +            return 0;
> +        }
>       }
>   
>       if (s390_cpu_virt_mem_read(cpu, gaddr, ar, buffer, len)) {
> 

wouldn't it be made automatically by defining the io_region 
max_access_size when reading the bars in clp_service_call?

Cornelia Huck Dec. 18, 2020, 11:04 a.m. UTC | #3

On Fri, 18 Dec 2020 10:37:38 +0100
Pierre Morel <pmorel@linux.ibm.com> wrote:

> On 12/17/20 11:16 PM, Matthew Rosato wrote:
> > In pcistb_service_handler, a call is made to validate that the memory
> > region can be accessed.  However, the call is made using the entire length
> > of the pcistb operation, which can be larger than the allowed memory
> > access size (8).  Since we already know that the provided buffer is a
> > multiple of 8, fix the call to memory_region_access_valid to iterate
> > over the memory region in the same way as the subsequent call to
> > memory_region_dispatch_write.
> > 
> > Fixes: 863f6f52b7 ("s390: implement pci instructions")
> > Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
> > ---
> >   hw/s390x/s390-pci-inst.c | 10 ++++++----
> >   1 file changed, 6 insertions(+), 4 deletions(-)
> > 
> > diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
> > index e230293..76b08a3 100644
> > --- a/hw/s390x/s390-pci-inst.c
> > +++ b/hw/s390x/s390-pci-inst.c
> > @@ -821,10 +821,12 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uint8_t r3, uint64_t gaddr,
> >       mr = s390_get_subregion(mr, offset, len);
> >       offset -= mr->addr;
> >   
> > -    if (!memory_region_access_valid(mr, offset, len, true,
> > -                                    MEMTXATTRS_UNSPECIFIED)) {
> > -        s390_program_interrupt(env, PGM_OPERAND, ra);
> > -        return 0;
> > +    for (i = 0; i < len; i += 8) {
> > +        if (!memory_region_access_valid(mr, offset + i, 8, true,
> > +                                        MEMTXATTRS_UNSPECIFIED)) {
> > +            s390_program_interrupt(env, PGM_OPERAND, ra);
> > +            return 0;
> > +        }
> >       }
> >   
> >       if (s390_cpu_virt_mem_read(cpu, gaddr, ar, buffer, len)) {
> >   
> 
> wouldn't it be made automatically by defining the io_region 
> max_access_size when reading the bars in clp_service_call?
> 

But that's already what is happening, isn't it? The access check is
done for a size that is potentially too large, while the actual access
will happen in chunks of 8? I think that this patch is correct.

Pierre Morel Dec. 18, 2020, 2:32 p.m. UTC | #4

On 12/18/20 12:04 PM, Cornelia Huck wrote:
> On Fri, 18 Dec 2020 10:37:38 +0100
> Pierre Morel <pmorel@linux.ibm.com> wrote:
> 
>> On 12/17/20 11:16 PM, Matthew Rosato wrote:
>>> In pcistb_service_handler, a call is made to validate that the memory
>>> region can be accessed.  However, the call is made using the entire length
>>> of the pcistb operation, which can be larger than the allowed memory
>>> access size (8).  Since we already know that the provided buffer is a
>>> multiple of 8, fix the call to memory_region_access_valid to iterate
>>> over the memory region in the same way as the subsequent call to
>>> memory_region_dispatch_write.
>>>
>>> Fixes: 863f6f52b7 ("s390: implement pci instructions")
>>> Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
>>> ---
>>>    hw/s390x/s390-pci-inst.c | 10 ++++++----
>>>    1 file changed, 6 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
>>> index e230293..76b08a3 100644
>>> --- a/hw/s390x/s390-pci-inst.c
>>> +++ b/hw/s390x/s390-pci-inst.c
>>> @@ -821,10 +821,12 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uint8_t r3, uint64_t gaddr,
>>>        mr = s390_get_subregion(mr, offset, len);
>>>        offset -= mr->addr;
>>>    
>>> -    if (!memory_region_access_valid(mr, offset, len, true,
>>> -                                    MEMTXATTRS_UNSPECIFIED)) {
>>> -        s390_program_interrupt(env, PGM_OPERAND, ra);
>>> -        return 0;
>>> +    for (i = 0; i < len; i += 8) {
>>> +        if (!memory_region_access_valid(mr, offset + i, 8, true,
>>> +                                        MEMTXATTRS_UNSPECIFIED)) {
>>> +            s390_program_interrupt(env, PGM_OPERAND, ra);
>>> +            return 0;
>>> +        }
>>>        }
>>>    
>>>        if (s390_cpu_virt_mem_read(cpu, gaddr, ar, buffer, len)) {
>>>    
>>
>> wouldn't it be made automatically by defining the io_region
>> max_access_size when reading the bars in clp_service_call?
>>
> 
> But that's already what is happening, isn't it? The access check is
> done for a size that is potentially too large, while the actual access
> will happen in chunks of 8? I think that this patch is correct.
> 

Sorry I was too rapid and half wrong in my writing I was also not 
specific enough.

In MemoryRegionOps we have a field valid with a callback accepts().

I was wondering if doing the check in the accept() callback which is 
called by the memory_region_access_valid() function and then using 
max_access_size would not be cleaner.

Note that it does not change a lot but only where the check is done.

Cornelia Huck Dec. 18, 2020, 3:32 p.m. UTC | #5

On Fri, 18 Dec 2020 15:32:08 +0100
Pierre Morel <pmorel@linux.ibm.com> wrote:

> On 12/18/20 12:04 PM, Cornelia Huck wrote:
> > On Fri, 18 Dec 2020 10:37:38 +0100
> > Pierre Morel <pmorel@linux.ibm.com> wrote:
> >   
> >> On 12/17/20 11:16 PM, Matthew Rosato wrote:  
> >>> In pcistb_service_handler, a call is made to validate that the memory
> >>> region can be accessed.  However, the call is made using the entire length
> >>> of the pcistb operation, which can be larger than the allowed memory
> >>> access size (8).  Since we already know that the provided buffer is a
> >>> multiple of 8, fix the call to memory_region_access_valid to iterate
> >>> over the memory region in the same way as the subsequent call to
> >>> memory_region_dispatch_write.
> >>>
> >>> Fixes: 863f6f52b7 ("s390: implement pci instructions")
> >>> Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
> >>> ---
> >>>    hw/s390x/s390-pci-inst.c | 10 ++++++----
> >>>    1 file changed, 6 insertions(+), 4 deletions(-)
> >>>
> >>> diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
> >>> index e230293..76b08a3 100644
> >>> --- a/hw/s390x/s390-pci-inst.c
> >>> +++ b/hw/s390x/s390-pci-inst.c
> >>> @@ -821,10 +821,12 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uint8_t r3, uint64_t gaddr,
> >>>        mr = s390_get_subregion(mr, offset, len);
> >>>        offset -= mr->addr;
> >>>    
> >>> -    if (!memory_region_access_valid(mr, offset, len, true,
> >>> -                                    MEMTXATTRS_UNSPECIFIED)) {
> >>> -        s390_program_interrupt(env, PGM_OPERAND, ra);
> >>> -        return 0;
> >>> +    for (i = 0; i < len; i += 8) {
> >>> +        if (!memory_region_access_valid(mr, offset + i, 8, true,
> >>> +                                        MEMTXATTRS_UNSPECIFIED)) {
> >>> +            s390_program_interrupt(env, PGM_OPERAND, ra);
> >>> +            return 0;
> >>> +        }
> >>>        }
> >>>    
> >>>        if (s390_cpu_virt_mem_read(cpu, gaddr, ar, buffer, len)) {
> >>>      
> >>
> >> wouldn't it be made automatically by defining the io_region
> >> max_access_size when reading the bars in clp_service_call?
> >>  
> > 
> > But that's already what is happening, isn't it? The access check is
> > done for a size that is potentially too large, while the actual access
> > will happen in chunks of 8? I think that this patch is correct.
> >   
> 
> Sorry I was too rapid and half wrong in my writing I was also not 
> specific enough.
> 
> In MemoryRegionOps we have a field valid with a callback accepts().
> 
> I was wondering if doing the check in the accept() callback which is 
> called by the memory_region_access_valid() function and then using 
> max_access_size would not be cleaner.
> 
> Note that it does not change a lot but only where the check is done.

But where would we add those ops? My understanding is that pcistb acts
on whatever region the device provided, and that differs from device to
device?

Pierre Morel Dec. 18, 2020, 4:40 p.m. UTC | #6

On 12/18/20 4:32 PM, Cornelia Huck wrote:
> On Fri, 18 Dec 2020 15:32:08 +0100
> Pierre Morel <pmorel@linux.ibm.com> wrote:
> 
>> On 12/18/20 12:04 PM, Cornelia Huck wrote:
>>> On Fri, 18 Dec 2020 10:37:38 +0100
>>> Pierre Morel <pmorel@linux.ibm.com> wrote:
>>>    
>>>> On 12/17/20 11:16 PM, Matthew Rosato wrote:
>>>>> In pcistb_service_handler, a call is made to validate that the memory
>>>>> region can be accessed.  However, the call is made using the entire length
>>>>> of the pcistb operation, which can be larger than the allowed memory
>>>>> access size (8).  Since we already know that the provided buffer is a
>>>>> multiple of 8, fix the call to memory_region_access_valid to iterate
>>>>> over the memory region in the same way as the subsequent call to
>>>>> memory_region_dispatch_write.
>>>>>
>>>>> Fixes: 863f6f52b7 ("s390: implement pci instructions")
>>>>> Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
>>>>> ---
>>>>>     hw/s390x/s390-pci-inst.c | 10 ++++++----
>>>>>     1 file changed, 6 insertions(+), 4 deletions(-)
>>>>>
>>>>> diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
>>>>> index e230293..76b08a3 100644
>>>>> --- a/hw/s390x/s390-pci-inst.c
>>>>> +++ b/hw/s390x/s390-pci-inst.c
>>>>> @@ -821,10 +821,12 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uint8_t r3, uint64_t gaddr,
>>>>>         mr = s390_get_subregion(mr, offset, len);
>>>>>         offset -= mr->addr;
>>>>>     
>>>>> -    if (!memory_region_access_valid(mr, offset, len, true,
>>>>> -                                    MEMTXATTRS_UNSPECIFIED)) {
>>>>> -        s390_program_interrupt(env, PGM_OPERAND, ra);
>>>>> -        return 0;
>>>>> +    for (i = 0; i < len; i += 8) {
>>>>> +        if (!memory_region_access_valid(mr, offset + i, 8, true,
>>>>> +                                        MEMTXATTRS_UNSPECIFIED)) {
>>>>> +            s390_program_interrupt(env, PGM_OPERAND, ra);
>>>>> +            return 0;
>>>>> +        }
>>>>>         }
>>>>>     
>>>>>         if (s390_cpu_virt_mem_read(cpu, gaddr, ar, buffer, len)) {
>>>>>       
>>>>
>>>> wouldn't it be made automatically by defining the io_region
>>>> max_access_size when reading the bars in clp_service_call?
>>>>   
>>>
>>> But that's already what is happening, isn't it? The access check is
>>> done for a size that is potentially too large, while the actual access
>>> will happen in chunks of 8? I think that this patch is correct.
>>>    
>>
>> Sorry I was too rapid and half wrong in my writing I was also not
>> specific enough.
>>
>> In MemoryRegionOps we have a field valid with a callback accepts().
>>
>> I was wondering if doing the check in the accept() callback which is
>> called by the memory_region_access_valid() function and then using
>> max_access_size would not be cleaner.
>>
>> Note that it does not change a lot but only where the check is done.
> 
> But where would we add those ops? My understanding is that pcistb acts
> on whatever region the device provided, and that differs from device to
> device?
> 
> 

The ops already exist, I thought adding a dedicated callback for s390 on 
every regions used by vfio_pci instead of the default.
But it does not add a lot, just looks cleaner to me.

Cornelia Huck Dec. 18, 2020, 4:51 p.m. UTC | #7

On Fri, 18 Dec 2020 17:40:50 +0100
Pierre Morel <pmorel@linux.ibm.com> wrote:

> On 12/18/20 4:32 PM, Cornelia Huck wrote:
> > On Fri, 18 Dec 2020 15:32:08 +0100
> > Pierre Morel <pmorel@linux.ibm.com> wrote:
> >   
> >> On 12/18/20 12:04 PM, Cornelia Huck wrote:  
> >>> On Fri, 18 Dec 2020 10:37:38 +0100
> >>> Pierre Morel <pmorel@linux.ibm.com> wrote:
> >>>      
> >>>> On 12/17/20 11:16 PM, Matthew Rosato wrote:  
> >>>>> In pcistb_service_handler, a call is made to validate that the memory
> >>>>> region can be accessed.  However, the call is made using the entire length
> >>>>> of the pcistb operation, which can be larger than the allowed memory
> >>>>> access size (8).  Since we already know that the provided buffer is a
> >>>>> multiple of 8, fix the call to memory_region_access_valid to iterate
> >>>>> over the memory region in the same way as the subsequent call to
> >>>>> memory_region_dispatch_write.
> >>>>>
> >>>>> Fixes: 863f6f52b7 ("s390: implement pci instructions")
> >>>>> Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
> >>>>> ---
> >>>>>     hw/s390x/s390-pci-inst.c | 10 ++++++----
> >>>>>     1 file changed, 6 insertions(+), 4 deletions(-)
> >>>>>
> >>>>> diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
> >>>>> index e230293..76b08a3 100644
> >>>>> --- a/hw/s390x/s390-pci-inst.c
> >>>>> +++ b/hw/s390x/s390-pci-inst.c
> >>>>> @@ -821,10 +821,12 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uint8_t r3, uint64_t gaddr,
> >>>>>         mr = s390_get_subregion(mr, offset, len);
> >>>>>         offset -= mr->addr;
> >>>>>     
> >>>>> -    if (!memory_region_access_valid(mr, offset, len, true,
> >>>>> -                                    MEMTXATTRS_UNSPECIFIED)) {
> >>>>> -        s390_program_interrupt(env, PGM_OPERAND, ra);
> >>>>> -        return 0;
> >>>>> +    for (i = 0; i < len; i += 8) {
> >>>>> +        if (!memory_region_access_valid(mr, offset + i, 8, true,
> >>>>> +                                        MEMTXATTRS_UNSPECIFIED)) {
> >>>>> +            s390_program_interrupt(env, PGM_OPERAND, ra);
> >>>>> +            return 0;
> >>>>> +        }
> >>>>>         }
> >>>>>     
> >>>>>         if (s390_cpu_virt_mem_read(cpu, gaddr, ar, buffer, len)) {
> >>>>>         
> >>>>
> >>>> wouldn't it be made automatically by defining the io_region
> >>>> max_access_size when reading the bars in clp_service_call?
> >>>>     
> >>>
> >>> But that's already what is happening, isn't it? The access check is
> >>> done for a size that is potentially too large, while the actual access
> >>> will happen in chunks of 8? I think that this patch is correct.
> >>>      
> >>
> >> Sorry I was too rapid and half wrong in my writing I was also not
> >> specific enough.
> >>
> >> In MemoryRegionOps we have a field valid with a callback accepts().
> >>
> >> I was wondering if doing the check in the accept() callback which is
> >> called by the memory_region_access_valid() function and then using
> >> max_access_size would not be cleaner.
> >>
> >> Note that it does not change a lot but only where the check is done.  
> > 
> > But where would we add those ops? My understanding is that pcistb acts
> > on whatever region the device provided, and that differs from device to
> > device?
> > 
> >   
> 
> The ops already exist, I thought adding a dedicated callback for s390 on 
> every regions used by vfio_pci instead of the default.
> But it does not add a lot, just looks cleaner to me.

But we end up here for every pci device, not just for vfio devices,
don't we?

Pierre Morel Dec. 18, 2020, 5:05 p.m. UTC | #8

On 12/18/20 5:51 PM, Cornelia Huck wrote:
> On Fri, 18 Dec 2020 17:40:50 +0100
> Pierre Morel <pmorel@linux.ibm.com> wrote:
> 
>> On 12/18/20 4:32 PM, Cornelia Huck wrote:
>>> On Fri, 18 Dec 2020 15:32:08 +0100
>>> Pierre Morel <pmorel@linux.ibm.com> wrote:
>>>    
>>>> On 12/18/20 12:04 PM, Cornelia Huck wrote:
>>>>> On Fri, 18 Dec 2020 10:37:38 +0100
>>>>> Pierre Morel <pmorel@linux.ibm.com> wrote:
>>>>>       
>>>>>> On 12/17/20 11:16 PM, Matthew Rosato wrote:
>>>>>>> In pcistb_service_handler, a call is made to validate that the memory
>>>>>>> region can be accessed.  However, the call is made using the entire length
>>>>>>> of the pcistb operation, which can be larger than the allowed memory
>>>>>>> access size (8).  Since we already know that the provided buffer is a
>>>>>>> multiple of 8, fix the call to memory_region_access_valid to iterate
>>>>>>> over the memory region in the same way as the subsequent call to
>>>>>>> memory_region_dispatch_write.
>>>>>>>
>>>>>>> Fixes: 863f6f52b7 ("s390: implement pci instructions")
>>>>>>> Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
>>>>>>> ---
>>>>>>>      hw/s390x/s390-pci-inst.c | 10 ++++++----
>>>>>>>      1 file changed, 6 insertions(+), 4 deletions(-)
>>>>>>>
>>>>>>> diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
>>>>>>> index e230293..76b08a3 100644
>>>>>>> --- a/hw/s390x/s390-pci-inst.c
>>>>>>> +++ b/hw/s390x/s390-pci-inst.c
>>>>>>> @@ -821,10 +821,12 @@ int pcistb_service_call(S390CPU *cpu, uint8_t r1, uint8_t r3, uint64_t gaddr,
>>>>>>>          mr = s390_get_subregion(mr, offset, len);
>>>>>>>          offset -= mr->addr;
>>>>>>>      
>>>>>>> -    if (!memory_region_access_valid(mr, offset, len, true,
>>>>>>> -                                    MEMTXATTRS_UNSPECIFIED)) {
>>>>>>> -        s390_program_interrupt(env, PGM_OPERAND, ra);
>>>>>>> -        return 0;
>>>>>>> +    for (i = 0; i < len; i += 8) {
>>>>>>> +        if (!memory_region_access_valid(mr, offset + i, 8, true,
>>>>>>> +                                        MEMTXATTRS_UNSPECIFIED)) {
>>>>>>> +            s390_program_interrupt(env, PGM_OPERAND, ra);
>>>>>>> +            return 0;
>>>>>>> +        }
>>>>>>>          }
>>>>>>>      
>>>>>>>          if (s390_cpu_virt_mem_read(cpu, gaddr, ar, buffer, len)) {
>>>>>>>          
>>>>>>
>>>>>> wouldn't it be made automatically by defining the io_region
>>>>>> max_access_size when reading the bars in clp_service_call?
>>>>>>      
>>>>>
>>>>> But that's already what is happening, isn't it? The access check is
>>>>> done for a size that is potentially too large, while the actual access
>>>>> will happen in chunks of 8? I think that this patch is correct.
>>>>>       
>>>>
>>>> Sorry I was too rapid and half wrong in my writing I was also not
>>>> specific enough.
>>>>
>>>> In MemoryRegionOps we have a field valid with a callback accepts().
>>>>
>>>> I was wondering if doing the check in the accept() callback which is
>>>> called by the memory_region_access_valid() function and then using
>>>> max_access_size would not be cleaner.
>>>>
>>>> Note that it does not change a lot but only where the check is done.
>>>
>>> But where would we add those ops? My understanding is that pcistb acts
>>> on whatever region the device provided, and that differs from device to
>>> device?
>>>
>>>    
>>
>> The ops already exist, I thought adding a dedicated callback for s390 on
>> every regions used by vfio_pci instead of the default.
>> But it does not add a lot, just looks cleaner to me.
> 
> But we end up here for every pci device, not just for vfio devices,
> don't we?
> 
> 

Yes, but isn't what is done here?

Pierre Morel Dec. 21, 2020, 8:50 a.m. UTC | #9

On 12/18/20 6:05 PM, Pierre Morel wrote:
> 
> 
> On 12/18/20 5:51 PM, Cornelia Huck wrote:
>> On Fri, 18 Dec 2020 17:40:50 +0100
>> Pierre Morel <pmorel@linux.ibm.com> wrote:
>>
>>> On 12/18/20 4:32 PM, Cornelia Huck wrote:
>>>> On Fri, 18 Dec 2020 15:32:08 +0100
>>>> Pierre Morel <pmorel@linux.ibm.com> wrote:
>>>>> On 12/18/20 12:04 PM, Cornelia Huck wrote:
>>>>>> On Fri, 18 Dec 2020 10:37:38 +0100
>>>>>> Pierre Morel <pmorel@linux.ibm.com> wrote:
>>>>>>> On 12/17/20 11:16 PM, Matthew Rosato wrote:
>>>>>>>> In pcistb_service_handler, a call is made to validate that the 
>>>>>>>> memory
>>>>>>>> region can be accessed.  However, the call is made using the 
>>>>>>>> entire length
>>>>>>>> of the pcistb operation, which can be larger than the allowed 
>>>>>>>> memory
>>>>>>>> access size (8).  Since we already know that the provided buffer 
>>>>>>>> is a
>>>>>>>> multiple of 8, fix the call to memory_region_access_valid to 
>>>>>>>> iterate
>>>>>>>> over the memory region in the same way as the subsequent call to
>>>>>>>> memory_region_dispatch_write.
>>>>>>>>
>>>>>>>> Fixes: 863f6f52b7 ("s390: implement pci instructions")
>>>>>>>> Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
>>>>>>>> ---

...snip...

>>>>
>>>
>>> The ops already exist, I thought adding a dedicated callback for s390 on
>>> every regions used by vfio_pci instead of the default.
>>> But it does not add a lot, just looks cleaner to me.
>>
>> But we end up here for every pci device, not just for vfio devices,
>> don't we?
>>
>>
> 
> Yes, but isn't what is done here?
> 

It was not my intention to slow the integration process.
We can start with this fix and eventually move the code to the callback 
in another series when/if we all agree.

Acked-by: Pierre Morel <pmorel@linux.ibm.com>

Cornelia Huck Dec. 21, 2020, 10:21 a.m. UTC | #10

On Mon, 21 Dec 2020 09:50:23 +0100
Pierre Morel <pmorel@linux.ibm.com> wrote:

> On 12/18/20 6:05 PM, Pierre Morel wrote:
> > 
> > 
> > On 12/18/20 5:51 PM, Cornelia Huck wrote:  
> >> On Fri, 18 Dec 2020 17:40:50 +0100
> >> Pierre Morel <pmorel@linux.ibm.com> wrote:
> >>  
> >>> On 12/18/20 4:32 PM, Cornelia Huck wrote:  
> >>>> On Fri, 18 Dec 2020 15:32:08 +0100
> >>>> Pierre Morel <pmorel@linux.ibm.com> wrote:  
> >>>>> On 12/18/20 12:04 PM, Cornelia Huck wrote:  
> >>>>>> On Fri, 18 Dec 2020 10:37:38 +0100
> >>>>>> Pierre Morel <pmorel@linux.ibm.com> wrote:  
> >>>>>>> On 12/17/20 11:16 PM, Matthew Rosato wrote:  
> >>>>>>>> In pcistb_service_handler, a call is made to validate that the 
> >>>>>>>> memory
> >>>>>>>> region can be accessed.  However, the call is made using the 
> >>>>>>>> entire length
> >>>>>>>> of the pcistb operation, which can be larger than the allowed 
> >>>>>>>> memory
> >>>>>>>> access size (8).  Since we already know that the provided buffer 
> >>>>>>>> is a
> >>>>>>>> multiple of 8, fix the call to memory_region_access_valid to 
> >>>>>>>> iterate
> >>>>>>>> over the memory region in the same way as the subsequent call to
> >>>>>>>> memory_region_dispatch_write.
> >>>>>>>>
> >>>>>>>> Fixes: 863f6f52b7 ("s390: implement pci instructions")
> >>>>>>>> Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
> >>>>>>>> ---  
> 
> ...snip...
> 
> >>>>  
> >>>
> >>> The ops already exist, I thought adding a dedicated callback for s390 on
> >>> every regions used by vfio_pci instead of the default.
> >>> But it does not add a lot, just looks cleaner to me.  
> >>
> >> But we end up here for every pci device, not just for vfio devices,
> >> don't we?
> >>
> >>  
> > 
> > Yes, but isn't what is done here?
> >   
> 
> It was not my intention to slow the integration process.
> We can start with this fix and eventually move the code to the callback 
> in another series when/if we all agree.

Yeah, I also fear that we might have been talking past each other. It's
late in the year :)

> 
> Acked-by: Pierre Morel <pmorel@linux.ibm.com>

Thanks!

[v2,2/2] s390x/pci: Fix memory_region_access_valid call

Commit Message

Comments

Patch