From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org,
"Gregory Price" <gregory.price@memverge.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Sajjan Rao" <sajjanr@gmail.com>,
"Dimitrios Palyvos" <dimitrios.palyvos@zptcorp.com>,
richard.henderson@linaro.org,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
linux-cxl@vger.kernel.org
Subject: Re: [PATCH 1/3] accel/tcg: Set can_do_io at at start of lookup_tb_ptr helper
Date: Thu, 15 Feb 2024 16:04:31 +0000 [thread overview]
Message-ID: <20240215160431.00005355@huawei.com> (raw)
In-Reply-To: <CAFEAcA-_z8FWxXRdGVdk7u5rgOMOEnfSLokdx6_ocyObzPF8bA@mail.gmail.com>
On Thu, 15 Feb 2024 15:11:17 +0000
Peter Maydell <peter.maydell@linaro.org> wrote:
> On Thu, 15 Feb 2024 at 15:02, Jonathan Cameron via
> <qemu-devel@nongnu.org> wrote:
> >
> > From: Peter Maydell <peter.maydell@linaro.org>
> >
> > Peter posted this in the thread trying to fix x86 TCG handling
> > of page tables in MMIO space (specifically emulated CXL interleaved memory)
> > https://lore.kernel.org/qemu-devel/CAFEAcA_a_AyQ=Epz3_+CheAT8Crsk9mOu894wbNW_FywamkZiw@mail.gmail.com/#t
> >
> > Peter, are you happy to give your SoB on this one?
> >
Thanks, I'll also add a summary of your description of why there is
a bug based on your email to v2 as the above doesn't really
provide any useful info :(
If a page table is in IO memory and lookup_tb_ptr probes
the TLB it can result in a page table walk for the instruction
fetch. If this hits IO memory and io_prepare falsely assumes
it needs to do a TLB recompile.
Avoid that by setting can_do_io at the start of lookup_tb_ptr.
> > Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > ---
> > accel/tcg/cpu-exec.c | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
> > diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
> > index 977576ca14..52239a441f 100644
> > --- a/accel/tcg/cpu-exec.c
> > +++ b/accel/tcg/cpu-exec.c
> > @@ -396,6 +396,14 @@ const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
> > uint64_t cs_base;
> > uint32_t flags, cflags;
> >
> > + /*
> > + * By definition we've just finished a TB, so I/O is OK.
> > + * Avoid the possibility of calling cpu_io_recompile() if
> > + * a page table walk triggered by tb_lookup() calling
> > + * probe_access_internal() happens to touch an MMIO device.
> > + * The next TB, if we chain to it, will clear the flag again.
> > + */
> > + cpu->neg.can_do_io = true;
> > cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
> >
> > cflags = curr_cflags(cpu);
> > --
>
> Happy to provide a
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>
> but I'd appreciate RTH's review to confirm this is the right
> way to deal with the problem.
>
> thanks
> -- PMM
WARNING: multiple messages have this Message-ID (diff)
From: Jonathan Cameron via <qemu-devel@nongnu.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org,
"Gregory Price" <gregory.price@memverge.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Sajjan Rao" <sajjanr@gmail.com>,
"Dimitrios Palyvos" <dimitrios.palyvos@zptcorp.com>,
richard.henderson@linaro.org,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
linux-cxl@vger.kernel.org
Subject: Re: [PATCH 1/3] accel/tcg: Set can_do_io at at start of lookup_tb_ptr helper
Date: Thu, 15 Feb 2024 16:04:31 +0000 [thread overview]
Message-ID: <20240215160431.00005355@huawei.com> (raw)
In-Reply-To: <CAFEAcA-_z8FWxXRdGVdk7u5rgOMOEnfSLokdx6_ocyObzPF8bA@mail.gmail.com>
On Thu, 15 Feb 2024 15:11:17 +0000
Peter Maydell <peter.maydell@linaro.org> wrote:
> On Thu, 15 Feb 2024 at 15:02, Jonathan Cameron via
> <qemu-devel@nongnu.org> wrote:
> >
> > From: Peter Maydell <peter.maydell@linaro.org>
> >
> > Peter posted this in the thread trying to fix x86 TCG handling
> > of page tables in MMIO space (specifically emulated CXL interleaved memory)
> > https://lore.kernel.org/qemu-devel/CAFEAcA_a_AyQ=Epz3_+CheAT8Crsk9mOu894wbNW_FywamkZiw@mail.gmail.com/#t
> >
> > Peter, are you happy to give your SoB on this one?
> >
Thanks, I'll also add a summary of your description of why there is
a bug based on your email to v2 as the above doesn't really
provide any useful info :(
If a page table is in IO memory and lookup_tb_ptr probes
the TLB it can result in a page table walk for the instruction
fetch. If this hits IO memory and io_prepare falsely assumes
it needs to do a TLB recompile.
Avoid that by setting can_do_io at the start of lookup_tb_ptr.
> > Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > ---
> > accel/tcg/cpu-exec.c | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
> > diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
> > index 977576ca14..52239a441f 100644
> > --- a/accel/tcg/cpu-exec.c
> > +++ b/accel/tcg/cpu-exec.c
> > @@ -396,6 +396,14 @@ const void *HELPER(lookup_tb_ptr)(CPUArchState *env)
> > uint64_t cs_base;
> > uint32_t flags, cflags;
> >
> > + /*
> > + * By definition we've just finished a TB, so I/O is OK.
> > + * Avoid the possibility of calling cpu_io_recompile() if
> > + * a page table walk triggered by tb_lookup() calling
> > + * probe_access_internal() happens to touch an MMIO device.
> > + * The next TB, if we chain to it, will clear the flag again.
> > + */
> > + cpu->neg.can_do_io = true;
> > cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
> >
> > cflags = curr_cflags(cpu);
> > --
>
> Happy to provide a
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>
> but I'd appreciate RTH's review to confirm this is the right
> way to deal with the problem.
>
> thanks
> -- PMM
next prev parent reply other threads:[~2024-02-15 16:04 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-15 15:01 [PATCH 0/3 qemu] tcg/i386: Page tables in MMIO memory fixes (CXL) Jonathan Cameron
2024-02-15 15:01 ` Jonathan Cameron via
2024-02-15 15:01 ` [PATCH 1/3] accel/tcg: Set can_do_io at at start of lookup_tb_ptr helper Jonathan Cameron
2024-02-15 15:01 ` Jonathan Cameron via
2024-02-15 15:11 ` Peter Maydell
2024-02-15 16:04 ` Jonathan Cameron [this message]
2024-02-15 16:04 ` Jonathan Cameron via
2024-02-15 19:11 ` Richard Henderson
2024-02-15 15:01 ` [PATCH 2/3] target/i386: Enable page walking from MMIO memory Jonathan Cameron
2024-02-15 15:01 ` Jonathan Cameron via
2024-02-15 15:31 ` Philippe Mathieu-Daudé
2024-02-15 15:56 ` Jonathan Cameron
2024-02-15 15:56 ` Jonathan Cameron via
2024-02-15 19:21 ` Richard Henderson
2024-02-15 19:31 ` Richard Henderson
2024-02-15 15:01 ` [PATCH 3/3] tcg: Avoid double lock if page tables happen to be in mmio memory Jonathan Cameron
2024-02-15 15:01 ` Jonathan Cameron via
2024-02-15 15:33 ` Philippe Mathieu-Daudé
2024-02-15 16:11 ` Jonathan Cameron
2024-02-15 16:11 ` Jonathan Cameron via
2024-02-15 16:11 ` Peter Maydell
2024-02-15 17:34 ` Jonathan Cameron
2024-02-15 17:34 ` Jonathan Cameron via
2024-02-15 19:30 ` Richard Henderson
2024-02-19 12:14 ` Jonathan Cameron
2024-02-19 12:14 ` Jonathan Cameron via
2024-02-20 11:56 ` Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240215160431.00005355@huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=alex.bennee@linaro.org \
--cc=dimitrios.palyvos@zptcorp.com \
--cc=eduardo@habkost.net \
--cc=gregory.price@memverge.com \
--cc=linux-cxl@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=sajjanr@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.