[v18,2/2] xen/arm: check read handler behavior

Message ID	20250325172727.600716-3-stewart.hildebrand@amd.com (mailing list archive)
State	New
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Stewart Hildebrand <stewart.hildebrand@amd.com> To: <xen-devel@lists.xenproject.org> CC: Stewart Hildebrand <stewart.hildebrand@amd.com>, Stefano Stabellini <sstabellini@kernel.org>, Julien Grall <julien@xen.org>, Bertrand Marquis <bertrand.marquis@arm.com>, Michal Orzel <michal.orzel@amd.com>, "Volodymyr Babchuk" <Volodymyr_Babchuk@epam.com>, =?utf-8?q?Roger_Pau_Monn?= =?utf-8?q?=C3=A9?= <roger.pau@citrix.com> Subject: [PATCH v18 2/2] xen/arm: check read handler behavior Date: Tue, 25 Mar 2025 13:27:26 -0400 Message-ID: <20250325172727.600716-3-stewart.hildebrand@amd.com> In-Reply-To: <20250325172727.600716-1-stewart.hildebrand@amd.com> References: <20250325172727.600716-1-stewart.hildebrand@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Received-SPF: None (SATLEXMB04.amd.com: stewart.hildebrand@amd.com does not designate permitted sender hosts)
Series	PCI devices passthrough on Arm, part 3 \| expand [v18,0/2] PCI devices passthrough on Arm, part 3 [v18,1/2] xen/arm: translate virtual PCI bus topology for guests [v18,2/2] xen/arm: check read handler behavior

Message ID

20250325172727.600716-3-stewart.hildebrand@amd.com (mailing list archive)

State

New

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
From: Stewart Hildebrand <stewart.hildebrand@amd.com>
To: <xen-devel@lists.xenproject.org>
CC: Stewart Hildebrand <stewart.hildebrand@amd.com>,
 Stefano Stabellini <sstabellini@kernel.org>, Julien Grall <julien@xen.org>,
 Bertrand Marquis <bertrand.marquis@arm.com>,
 Michal Orzel <michal.orzel@amd.com>,
 "Volodymyr Babchuk" <Volodymyr_Babchuk@epam.com>, =?utf-8?q?Roger_Pau_Monn?=
	=?utf-8?q?=C3=A9?= <roger.pau@citrix.com>
Subject: [PATCH v18 2/2] xen/arm: check read handler behavior
Date: Tue, 25 Mar 2025 13:27:26 -0400
Message-ID: <20250325172727.600716-3-stewart.hildebrand@amd.com>
In-Reply-To: <20250325172727.600716-1-stewart.hildebrand@amd.com>
References: <20250325172727.600716-1-stewart.hildebrand@amd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Received-SPF: None (SATLEXMB04.amd.com: stewart.hildebrand@amd.com does not
 designate permitted sender hosts)
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Mar 2025 17:27:45.0299
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 3a056a46-cb60-489e-f8b1-08dd6bc25afb
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BL02EPF0001A102.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6842

Series

PCI devices passthrough on Arm, part 3 | expand

Commit Message

Stewart Hildebrand March 25, 2025, 5:27 p.m. UTC

We expect mmio read handlers to leave the bits above the access size
zeroed. Add an ASSERT to check this aspect of read handler behavior.

Suggested-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Stewart Hildebrand <stewart.hildebrand@amd.com>
---
v17->v18:
* no change

v16->v17:
* new patch

See https://lore.kernel.org/xen-devel/bc6660ef-59f1-4514-9792-067d987e3fbc@xen.org/

Also see 7db7bd0f319f ("arm/vpci: honor access size when returning an error")

Also see xen/arch/arm/ioreq.c:handle_ioserv()
---
 xen/arch/arm/io.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Julien Grall March 30, 2025, 10:08 p.m. UTC | #1

Hi Steward,

On 25/03/2025 17:27, Stewart Hildebrand wrote:
> We expect mmio read handlers to leave the bits above the access size
> zeroed. Add an ASSERT to check this aspect of read handler behavior.
> 
> Suggested-by: Roger Pau Monné <roger.pau@citrix.com>
> Signed-off-by: Stewart Hildebrand <stewart.hildebrand@amd.com>

With one question below:

Acked-by: Julien Grall <jgrall@amazon.com>

> ---
> v17->v18:
> * no change
> 
> v16->v17:
> * new patch
> 
> See https://lore.kernel.org/xen-devel/bc6660ef-59f1-4514-9792-067d987e3fbc@xen.org/
> 
> Also see 7db7bd0f319f ("arm/vpci: honor access size when returning an error")
> 
> Also see xen/arch/arm/ioreq.c:handle_ioserv()
> ---
>   xen/arch/arm/io.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c
> index 653428e16c1f..68b5dca70026 100644
> --- a/xen/arch/arm/io.c
> +++ b/xen/arch/arm/io.c
> @@ -37,6 +37,8 @@ static enum io_state handle_read(const struct mmio_handler *handler,
>       if ( !handler->ops->read(v, info, &r, handler->priv) )
>           return IO_ABORT;
>   
> +    ASSERT((r & ~GENMASK_ULL((1U << info->dabt.size) * 8 - 1, 0)) == 0);

OOI, I was expecing GENMASK to be sufficient because "r" is effectively 
an "unsigned long". So any reason to use GENMASK_ULL?

Cheers,

Stewart Hildebrand April 1, 2025, 7:50 p.m. UTC | #2

On 3/30/25 18:08, Julien Grall wrote:
> Hi Steward,
> 
> On 25/03/2025 17:27, Stewart Hildebrand wrote:
>> We expect mmio read handlers to leave the bits above the access size
>> zeroed. Add an ASSERT to check this aspect of read handler behavior.
>>
>> Suggested-by: Roger Pau Monné <roger.pau@citrix.com>
>> Signed-off-by: Stewart Hildebrand <stewart.hildebrand@amd.com>
> 
> With one question below:
> 
> Acked-by: Julien Grall <jgrall@amazon.com>

Thanks!

>> ---
>> v17->v18:
>> * no change
>>
>> v16->v17:
>> * new patch
>>
>> See https://lore.kernel.org/xen-devel/bc6660ef-59f1-4514-9792-067d987e3fbc@xen.org/
>>
>> Also see 7db7bd0f319f ("arm/vpci: honor access size when returning an error")
>>
>> Also see xen/arch/arm/ioreq.c:handle_ioserv()
>> ---
>>   xen/arch/arm/io.c | 2 ++
>>   1 file changed, 2 insertions(+)
>>
>> diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c
>> index 653428e16c1f..68b5dca70026 100644
>> --- a/xen/arch/arm/io.c
>> +++ b/xen/arch/arm/io.c
>> @@ -37,6 +37,8 @@ static enum io_state handle_read(const struct mmio_handler *handler,
>>       if ( !handler->ops->read(v, info, &r, handler->priv) )
>>           return IO_ABORT;
>>   +    ASSERT((r & ~GENMASK_ULL((1U << info->dabt.size) * 8 - 1, 0)) == 0);
> 
> OOI, I was expecing GENMASK to be sufficient because "r" is effectively an "unsigned long". So any reason to use GENMASK_ULL?

Only reason was that I took inspiration from Roger's suggestion at [1].
However, I agree that GENMASK is indeed sufficient. Feel free to fix up
on commit. Lastly, this is OK to commit out of order as there is no
dependency on the first patch.

[1] https://lore.kernel.org/xen-devel/Zk72jPtd9iXhChbc@macbook/

diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c
index 653428e16c1f..68b5dca70026 100644
--- a/xen/arch/arm/io.c
+++ b/xen/arch/arm/io.c
@@ -37,6 +37,8 @@  static enum io_state handle_read(const struct mmio_handler *handler,
     if ( !handler->ops->read(v, info, &r, handler->priv) )
         return IO_ABORT;
 
+    ASSERT((r & ~GENMASK_ULL((1U << info->dabt.size) * 8 - 1, 0)) == 0);
+
     r = sign_extend(dabt, r);
 
     set_user_reg(regs, dabt.reg, r);

[v18,2/2] xen/arm: check read handler behavior

Commit Message

Comments

Patch