From: "Michael S. Tsirkin" <mst@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@linaro.org>
Cc: Laszlo Ersek <lersek@redhat.com>,
qemu devel list <qemu-devel@nongnu.org>,
Ani Sinha <ani@anisinha.ca>, Ard Biesheuvel <ardb@kernel.org>,
Igor Mammedov <imammedo@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
qemu-stable@nongnu.org
Subject: Re: [PATCH] acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block
Date: Thu, 5 Jan 2023 04:51:07 -0500 [thread overview]
Message-ID: <20230105045025-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <2f32e669-2263-01c5-28d4-5721b3144b32@linaro.org>
On Thu, Jan 05, 2023 at 10:00:00AM +0100, Philippe Mathieu-Daudé wrote:
> On 5/1/23 08:13, Laszlo Ersek wrote:
> > On 1/4/23 13:35, Michael S. Tsirkin wrote:
> > > On Wed, Jan 04, 2023 at 10:01:38AM +0100, Laszlo Ersek wrote:
> [...]
>
> > > > To make things *even more* complicated, the breakage was (and remains, as
> > > > of today) visible with TCG acceleration only. Commit 5d971f9e6725 makes
> > > > no difference with KVM acceleration -- the DWORD accesses still work,
> > > > despite "valid.max_access_size = 1".
> > >
> > > BTW do you happen to know why that's the case for KVM? Because if kvm
> > > ignores valid.max_access_size generally then commit 5d971f9e6725 is
> > > incomplete, and we probably have some related kvm-only bugs.
> >
> > It remains a mystery for me why KVM accel does not enforce
> > "valid.max_access_size".
> >
> > In the thread I started earlier (which led to this patch), at
> >
> > "IO port write width clamping differs between TCG and KVM"
> > https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg00199.html
>
> [...]
>
> > So, I think the bug is somehow "distributed" between
> > flatview_write_continue(), flatview_access_allowed(), and
> > memory_access_size(). flatview_access_allowed() does not care about "l"
> > at all, when it should (maybe?) compare it against
> > "mr->ops->valid.max_access_size". In turn, memory_access_size()
> > *silently* reduces the access width, based on
> > "->ops->valid.max_access_size".
> >
> > And all this this *precedes* the call to memory_region_access_valid(),
> > which is only called from within memory_region_dispatch_write(), which
> > already gets the reduced width only.
> >
> > Now, flatview_access_allowed() is from commit 3ab6fdc91b72
> > ("softmmu/physmem: Introduce MemTxAttrs::memory field and
> > MEMTX_ACCESS_ERROR", 2022-03-21), and the fact it does not check "len"
> > seems intentional -- it only takes "len" for logging.
> >
> > Hmm. After digging a lot more, I find the issue may have been introduced
> > over three commits:
> >
> > - 82f2563fc815 ("exec: introduce memory_access_size", 2013-05-29), which
> > (IIUC) was the first step towards automatically reducing the address
> > width, but at first only based on alignment,
> >
> > - 23326164ae6f ("exec: Support 64-bit operations in address_space_rw",
> > 2013-07-14), which extended the splitting based on
> > "MemoryRegionOps.impl",
> >
> > - e1622f4b1539 ("exec: fix incorrect assumptions in memory_access_size",
> > 2013-07-18), which flipped the splitting basis to
> > "MemoryRegionOps.valid".
> >
> > To me, 23326164ae6f seems *vaguely* correct ("vague" is not criticism
> > for the commit, it's criticism for my understanding :)); after all we're
> > on our way towards the device model, and the device model exposes via
> > "MemoryRegionOps.impl" what it can handle. Plus, commit 5d971f9e6725
> > does direct us towards "MemoryRegionOps.impl"!
> >
> > But clearly there must have been something wrong with 23326164ae6f,
> > according to e1622f4b1539...
>
> Maybe the long-standing unaligned access problem? Could be fixed by:
> https://lore.kernel.org/qemu-devel/20210619172626.875885-15-richard.henderson@linaro.org/
indeed. want to dust it up and post?
> > The latter is what introduced the current "silent splitting of access
> > based on 'valid'". The message of commit e1622f4b1539 says, almost like
> > an afterthought:
> >
> > > access_size_max can be mr->ops->valid.max_access_size because memory.c
> > > can and will still break accesses bigger than
> > > mr->ops->impl.max_access_size.
> >
> > I think this argument may have been wrong: if "impl.max_access_size" is
> > large (such as: unset), but "valid.max_access_size" is small, that just
> > means:
> >
> > the implementation is flexible and can deal with any access widths (so
> > "memory.c" *need not* break up accesses for the device model's sake),
> > but the device should restrict the *guest* to small accesses. So if
> > the guest tries something larger, we shouldn't silently accommodate
> > that.
>
> Indeed. '.impl' is a software thing for the device modeller, ideally one
> will chose a value that allows the simplest implementation. I.e. if a
> device only allows 8-bit access, use 8-bit registers aligned on a 64-bit
> boundary, the model might use:
>
> .impl.min_access_size = 8,
> .impl.max_access_size = 1,
>
> Also we need to keep in mind that even if most MemoryRegionOps structs
> are 'static const', such structure can be dynamically created. I.e.:
> https://lore.kernel.org/qemu-devel/20200817161853.593247-5-f4bug@amsat.org/
>
> > I have zero idea how to fix this, but I feel that the quoted argument
> > from commit e1622f4b1539 is the reason why KVM accel is so lenient that
> > it sort of "de-fangs" commit 5d971f9e6725.
> >
> > Laszlo
> >
next prev parent reply other threads:[~2023-01-05 9:54 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-04 9:01 [PATCH] acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block Laszlo Ersek
2023-01-04 9:33 ` Ard Biesheuvel
2023-01-04 10:26 ` Laszlo Ersek
2023-01-04 9:34 ` Philippe Mathieu-Daudé
2023-01-04 10:29 ` Laszlo Ersek
2023-01-04 10:38 ` Igor Mammedov
2023-01-04 12:27 ` Philippe Mathieu-Daudé
2023-01-04 10:35 ` Igor Mammedov
2023-01-04 12:13 ` Laszlo Ersek
2023-01-04 12:35 ` Michael S. Tsirkin
2023-01-05 7:13 ` Laszlo Ersek
2023-01-05 9:00 ` Philippe Mathieu-Daudé
2023-01-05 9:51 ` Michael S. Tsirkin [this message]
2023-03-01 7:17 ` Christian Ehrhardt
2023-03-01 8:03 ` Laszlo Ersek
2023-03-02 8:32 ` Christian Ehrhardt
2023-03-02 10:38 ` Laszlo Ersek
-- strict thread matches above, loose matches on Subject: below --
2023-01-05 16:18 Laszlo Ersek
2023-01-05 16:21 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230105045025-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=ani@anisinha.ca \
--cc=ardb@kernel.org \
--cc=imammedo@redhat.com \
--cc=lersek@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.