From: "Michael S. Tsirkin" <mst@redhat.com>
To: Richard Henderson <richard.henderson@linaro.org>
Cc: Gavin Shan <gshan@redhat.com>,
qemu-arm@nongnu.org, qemu-devel@nongnu.org, peterx@redhat.com,
peter.maydell@linaro.org, berrange@redhat.com, david@kernel.org,
alex@shazbot.org, clg@redhat.com, pbonzini@redhat.com,
philmd@mailo.com, phrdina@redhat.com, jugraham@redhat.com,
shan.gavin@gmail.com
Subject: Re: [PATCH 1/2] system/memory: Use __builtin_mem{cpy, move} in accessors of ram device region
Date: Sun, 14 Jun 2026 11:42:01 -0400 [thread overview]
Message-ID: <20260614112224-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <223f5f94-b9b7-46b0-8466-5be655203a0e@linaro.org>
On Fri, Jun 12, 2026 at 08:29:34AM -0700, Richard Henderson wrote:
> On 6/12/26 04:03, Gavin Shan wrote:
> > All ram device regions was turned to be indirectly accessible by commit
> > 4a2e242bbb ("memory: Don't use memcpy for ram_device regions"). This leads
> > to guest hang on compiling 'cuda-samples' as reported by Julia. The guest
> > is started by the following command lines, with a GH100 GPU card.
> >
> > host$ lspci | grep GH100
> > 0009:01:00.0 3D controller: NVIDIA Corporation GH100 [GH200 120GB / 480GB] (rev a1)
> > host$ /home/sandbox/gavin/qemu.main/build/qemu-system-aarch64 \
> > -machine virt,gic-version=host,ras=on,highmem-mmio-size=4T \
> > -accel kvm -cpu host -smp cpus=48 -m size=8G \
> > -drive file=/home/gavin/sandbox/images/disk.qcow2,if=none,id=d0 \
> > -device virtio-blk-pci,id=vb0,bus=pcie.0,drive=d0,num-queues=4 \
> > -device vfio-pci-nohotplug,host=0009:01:00.0,bus=pcie.1.0
> > :
> > guest$ cd cuda-samples/build
> > guest$ make -j 20 clean
> > guest$ make -j 20
> > :
> > [ 54%] Linking CUDA executable graphMemoryNodes
> > [ 54%] Built target graphMemoryNodes
> > <no more output afterwards, guest becomes frozen here>
> >
> > guest$ qemu-system-aarch64: virtio: bogus descriptor or out of resources
> > [ 555.814025] virtio_blk virtio0: [vda] new size: 268435456 512-byte logical blocks (137 GB/128 GiB)
> >
> > When the GPU's driver (NVidia open driver) is loaded on guest bootup,
> > the memory blocks residing in the PCI BAR#4 can be presented to the
> > guest through memory hot-add. The page cache can be allocated from the
> > hot added memory blocks when cuda-samples is being compiled. Afterwards,
> > the page cache is sent to QEMU's virtio-blk device as part of the DMA
> > request, the bounce buffer has to be used to accomodate the request as
> > the corresponding memory region (MemoryRegion) is a RAM DEVICE region
> > and indirectly accessible in qemu. However, the max bounce bufer size
> > is only 4096 bytes by default. We're running out of that space quickly.
> >
> > QEMU
> > ====
> > virtio_blk_handle_output
> > virtio_blk_handle_vq
> > virtio_blk_get_request
> > virtqueue_pop
> > virtqueue_split_pop
> > virtqueue_map_desc
> > address_space_map
> > memory_access_is_direct # Return false
> > memory_region_supports_direct_access
> >
> > (qemu) info mtree
> > memory-region: pci_bridge_pci
> > 0000000000000000-ffffffffffffffff (prio 0, container): pci_bridge_pci
> > 0000042000000000-0000043fffffffff (prio 1, i/o): 0009:01:00.0 base BAR 4
> > 0000042000000000-0000043fffffffff (prio 0, i/o): 0009:01:00.0 BAR 4
> > 0000042000000000-000004379fffffff (prio 0, ramd): 0009:01:00.0 BAR 4 mmaps[0]
> >
> > This replaces mem{cpy, move} with __builtin_mem{cpy, move} in the memory
> > accessors to ram device memory region, preparatory work to make ram device
> > region directly accessible and bypass the bounce buffer in the DMA path
> > in next patch.
>
> memcpy/memmove *always* compile to __builtin_memcpy/memmove, and the
> compiler later decides whether or not to expand inline.
Did some research.
The issue that prompted use of __builtin_memcpy in bswap.h is musl's fortify headers
that Alpine Linux was using back in 2019.
Try this:
git clone --depth=1 https://github.com/jvoisin/fortify-headers /tmp/fortify-headers
git -C /tmp/fortify-headers checkout 5aabc7e~1
now:
musl-gcc -O2 -D_FORTIFY_SOURCE=2 -isystem /tmp/fortify-headers/include -S -o- test.c
where test.c is:
#include <string.h>
#include <stdint.h>
void test_memcpy(void *dst, const void *src) {
memcpy(dst, src, 4);
}
void test_builtin_memcpy(void *dst, const void *src) {
__builtin_memcpy(dst, src, 4);
}
On x86:
test_memcpy:
.LFB13:
.cfi_startproc
cmpq %rsi, %rdi
jnb .L2
leaq 4(%rdi), %rax
cmpq %rax, %rsi
jb .L6
.L4:
movl $4, %edx
jmp memcpy
.p2align 4,,10
.p2align 3
.L2:
cmpq %rdi, %rsi
jnb .L4
leaq 4(%rsi), %rax
cmpq %rax, %rdi
jb .L3
movl $4, %edx
jmp memcpy
.L6:
jmp .L3
.cfi_endproc
.section .text.unlikely
.cfi_startproc
.type test_memcpy.cold, @function
test_memcpy.cold:
.LFSB13:
.L3:
ud2
.cfi_endproc
.LFE13:
.text
.size test_memcpy, .-test_memcpy
A jmp so a function call.
While builtin:
test_builtin_memcpy:
.LFB14:
.cfi_startproc
movl (%rsi), %eax
movl %eax, (%rdi)
ret
.cfi_endproc
.LFE14:
.size test_builtin_memcpy, .-test_builtin_memcpy
So it's a fortify headers Version 1.0 bug. Version 1.1 has the fix.
I guess we should rewrite bswap.h then.
> So, this doesn't do what you think it does.
> My real question is: what are you attempting to achieve?
>
> (1) is the problem unaligned access to a mapped physical device?
> (2) is the problem vector access to a mapped physical device?
> (3) something else?
>
>
> r~
next prev parent reply other threads:[~2026-06-14 15:42 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-12 11:03 [PATCH 0/2] system/memory: Make ram device region directly accessible Gavin Shan
2026-06-12 11:03 ` [PATCH 1/2] system/memory: Use __builtin_mem{cpy, move} in accessors of ram device region Gavin Shan
2026-06-12 11:22 ` Michael S. Tsirkin
2026-06-14 10:04 ` Gavin Shan
2026-06-12 14:05 ` Philippe Mathieu-Daudé
2026-06-14 10:08 ` Gavin Shan
2026-06-12 15:29 ` Richard Henderson
2026-06-12 16:36 ` Peter Maydell
2026-06-12 17:25 ` Richard Henderson
2026-06-12 17:57 ` Peter Maydell
2026-06-14 15:13 ` Michael S. Tsirkin
2026-06-14 16:01 ` Peter Maydell
2026-06-14 16:06 ` Michael S. Tsirkin
2026-06-14 16:17 ` Michael S. Tsirkin
2026-06-14 16:45 ` Richard Henderson
2026-06-14 17:22 ` Michael S. Tsirkin
2026-06-15 1:17 ` Gavin Shan
2026-06-15 1:41 ` Richard Henderson
2026-06-15 7:24 ` Michael S. Tsirkin
2026-06-15 7:58 ` Michael S. Tsirkin
2026-06-15 10:08 ` Gavin Shan
2026-06-14 15:42 ` Michael S. Tsirkin [this message]
2026-06-12 11:03 ` [PATCH 2/2] system/memory: Make ram device region directly accessible Gavin Shan
2026-06-12 23:35 ` [PATCH 0/2] " Gavin Shan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260614112224-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=alex@shazbot.org \
--cc=berrange@redhat.com \
--cc=clg@redhat.com \
--cc=david@kernel.org \
--cc=gshan@redhat.com \
--cc=jugraham@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=peterx@redhat.com \
--cc=philmd@mailo.com \
--cc=phrdina@redhat.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=shan.gavin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.