From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 88A5BF36C5C for ; Mon, 20 Apr 2026 12:04:14 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.1285734.1566908 (Exim 4.92) (envelope-from ) id 1wEnM4-0000ZV-DA; Mon, 20 Apr 2026 12:03:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1285734.1566908; Mon, 20 Apr 2026 12:03:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wEnM4-0000ZO-9r; Mon, 20 Apr 2026 12:03:56 +0000 Received: by outflank-mailman (input) for mailman id 1285734; Mon, 20 Apr 2026 12:03:55 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wEnM3-0000ZI-Ev for xen-devel@lists.xenproject.org; Mon, 20 Apr 2026 12:03:55 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wEnM2-008GoQ-7I for xen-devel@lists.xenproject.org; Mon, 20 Apr 2026 14:03:54 +0200 Received: from [10.42.69.1] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 69e61623-2eae-0a2a0a5409dd-0a2a4501d6f4-18 for ; Mon, 20 Apr 2026 14:03:54 +0200 Received: from [209.85.221.45] (helo=mail-wr1-f45.google.com) by tlsNG-d62444.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.1) (envelope-from ) id 69e61629-c1f2-0a2a45010019-d155dd2dad8e-3 for ; Mon, 20 Apr 2026 14:03:53 +0200 Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-43cfd832155so2132498f8f.1 for ; Mon, 20 Apr 2026 05:03:53 -0700 (PDT) Received: from [10.156.60.236] (ip-037-024-206-209.um08.pools.vodafone-ip.de. [37.24.206.209]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43fe4cc0d51sm28244813f8f.10.2026.04.20.05.03.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 20 Apr 2026 05:03:52 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:In-Reply-To:Autocrypt:From:Content-Language:References:Cc:To:Subject:User-Agent:MIME-Version:Date:Message-ID" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1776686633; x=1777291433; darn=lists.xenproject.org; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:from:to:cc:subject:date:message-id:reply-to; bh=FHQyH0ChRMEy7TyYaNhEhuy9y8erwRbfu73qi33Badc=; b=g9vIvkcSo+7OOdrNhFnVV3EpjWKKL+giycoUdkRmsllTYJ45HsNzt0GBVNDl70MYhX wdkKUITe6v3VoPvgeHtDBKp7lv7GuctcI6BszrsGebtH+WxQBlDZ3+QheI0HbkInkuD1 YIwqfidh+aKXe5r7XTrNRxr/a5iFQBHuwJ9u0FvuDYAGH5QFMIY8Qnp3BxmNzldR6vyQ ru7RrijphACQOw0kZwY2O+ve7r/vpGFrEjVZA4kR41xA3UsShO6isVlmKblQuNJINY/P bJ7lh0i2gYIspXAuBt6b1/Un3AWUSF4s8BB1nY0wKjFVvmMFrjoGWaiATIxfXqS7Ayb5 SHSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776686633; x=1777291433; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=FHQyH0ChRMEy7TyYaNhEhuy9y8erwRbfu73qi33Badc=; b=N/fhNLLc1Ezo6dTn0Cya1aHEPOmLrc/3qlHV5bHCldDOnfeUtIEedr1VkWdkln0Ip0 C/9SyGhd724B5EC3zKFd3GZATUiKyfMzt8vjoh4OrdxB5dak8cQ88jahznSEIGIGa023 io6jiQxKVvXk/P5fOwLyHxwHhEPQ8QFfm6qCtToTcCR/3Iqfd75lJrruV+c4ubMQqp+h hSlEWqnSwRpFCoHTH+DYowJkCCpbXdgObqCuaFT4iTZH1uHHHn2h4No1XiEFyGFdUPcl B9/gs+lEYB+1s8HqM+althwgIKBtPT2E4aaCNP6wLJ6x67PJiOa+3+JQvhqxXDMH8Xa8 taEg== X-Forwarded-Encrypted: i=1; AFNElJ+CyRd9+efOtYIVSmthCz04Vi2gw8lDhpvE7ZW9ro51K1iaWYkVgkCNayV7V8XRWV2aOWoVYd2jf7M=@lists.xenproject.org X-Gm-Message-State: AOJu0YyvpXdcUp3nt7mb0DbipeRuTPD8O2sPQJVii/8S8oGgjcBoND7O ADk2tpzbWSUaoDxqO+L09GhEF1VSrkf9aq3Uu+3LKKJFQ4gaH68M9O6wohWKazCACg== X-Gm-Gg: AeBDietWUXQXRg7bOIqp5KdqW9YO1/IZZz3Z7oqwE6dOI7kMgwpppQQskrCDdnTPNnA 9oew6+rNCZIlZSvwtqOBYThkJRajZU/I/OlTFGbssFNFH4Da7dVaGTze5WQzge8uyFD3rHvQ3zb ofH6RpjksXJ3xm+S86J7GXbCfaekzluGhYJRh0VHWXgF5hp06Wjw6B/8agLHW7aJ89SQ5QZzmxl p2WZKjKR+MM7Fz930cuQkN/O+IYHR5enuE3OtGnfpYuZyYg4h6VtSgWxKOAEn1nlGjwShosQuD8 YdWE0A+Wo6QvSETvxhLl/+kT+bQ0wMTN3VDHpIf8fDqnepPF+ckTGw3j9+TnQDWLMmGyZxLUolR X+nysIvo0AdoEw/NLoqOIYJbkrw6Xd7pEYXd9mFiW3QXqe5JqSL+2MZ2mQ09kC1W2OwbzcYiDBk 3JQ5dApmCVeWNBKrs9MMPB5J386zfDjofOBx9omH0UzWjOsmp2pmBPZDhdRYHxt4gFHqy965lqJ AGygFfxSDlaq7fK1+/kOn1LcQ== X-Received: by 2002:a05:6000:2389:b0:43d:7ea8:62e6 with SMTP id ffacd0b85a97d-43fe3e12691mr22200467f8f.46.1776686633264; Mon, 20 Apr 2026 05:03:53 -0700 (PDT) Message-ID: Date: Mon, 20 Apr 2026 14:03:54 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v1 18/27] xen/riscv: add vaplic access check To: Oleksii Kurochko Cc: Romain Caritey , Alistair Francis , Connor Davis , Andrew Cooper , Anthony PERARD , Michal Orzel , Julien Grall , =?UTF-8?Q?Roger_Pau_Monn=C3=A9?= , Stefano Stabellini , xen-devel@lists.xenproject.org References: <0fc9adf790d4f981e8117bd9759c7e64bb11e439.1773157782.git.oleksii.kurochko@gmail.com> <0519fb8a-48e3-4f36-8d6c-a966080ffb55@suse.com> Content-Language: en-US From: Jan Beulich Autocrypt: addr=jbeulich@suse.com; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-purgate-ID: tlsNG-d62444/1776686633-B7A79FF4-04704912/0/0 X-purgate-type: clean X-purgate-size: 3328 On 20.04.2026 13:53, Oleksii Kurochko wrote: > > > On 4/16/26 3:01 PM, Jan Beulich wrote: >> On 14.04.2026 13:45, Oleksii Kurochko wrote: >>> On 4/2/26 3:10 PM, Jan Beulich wrote: >>>> On 10.03.2026 18:08, Oleksii Kurochko wrote: >>>>> --- a/xen/arch/riscv/aplic.c >>>>> +++ b/xen/arch/riscv/aplic.c >>>>> @@ -38,6 +38,7 @@ static struct aplic_priv aplic = { >>>>> >>>>> static struct intc_info __ro_after_init aplic_info = { >>>>> .hw_version = INTC_APLIC, >>>>> + .private = &aplic, >>>> >>>> Isn't this the host instance again? How can you ... >>>> >>>>> --- a/xen/arch/riscv/vaplic.c >>>>> +++ b/xen/arch/riscv/vaplic.c >>>>> @@ -127,6 +127,20 @@ int vaplic_map_device_irqs_to_domain(struct domain *d, >>>>> return 0; >>>>> } >>>>> >>>>> +static int cf_check vaplic_is_access(const struct vcpu *vcpu, >>>>> + const unsigned long addr) >>>>> +{ >>>>> + const struct vaplic *vaplic = to_vaplic(vcpu->domain->arch.vintc); >>>>> + const struct aplic_priv *priv = vaplic->base.info->private; >>>>> + const paddr_t paddr_end = priv->paddr_start + priv->size; >>>>> + >>>>> + /* check if it is an APLIC access */ >>>>> + if ( priv->paddr_start <= addr && addr < paddr_end ) >>>> >>>> ... use that here? Or asked differently, again: Where's the virtualization, >>>> i.e. the abstraction away from host properties? >>> >>> With the current use case it was easier to choose such approach then >>> provide the full abstraction. >>> >>>> Furthermore, is it really sufficient to check just the starting address of >>>> an access? Shouldn't the last byte accessed also fall into the range in >>>> question? >>> >>> I think that it is okay, my understanding is that *paddr_end technically >>> is another range. >> >> Of course it is. But a multi-byte access crossing the paddr_end boundary >> isn't purely an APLIC one. You can reject such for simplicity, but I'm >> unconvinced that you can claim you will be able to correctly handle it >> without proper merging. > > Lets say guest has the following description of vAPLIC in its DTB: > aplic@d000000 { > phandle = <0x06>; > riscv,num-sources = <0x60>; > reg = <0x00 0xd000000 0x00 0x8000>; > ... > } > What means vAPLIC's MMIO range is [0xd000000, 0xD007FFF]. If some is > trying to access 0xd008000 it is not an MMIO address which belongs to > vAPLIC so vaplic_is_access() should return 0. > > IIUC, you concern is that if someone will try to access 0xD007FFF which > from this function point of view is legal. I think it is okay to return > here 1 what tells that this address is from our vAPLIC range as it will > be rejected that on vaplic_emulate_{load,store}() side as addr (more > accurate offset got from addr) should be properly aligned: > const unsigned int offset = addr & APLIC_REG_OFFSET_MASK; > ... > if ( offset & 3 ) > { > gdprintk(XENLOG_WARNING, "Misaligned APLIC access at offset %#x\n", > offset); > return -EINVAL; > } > > Is it okay? Actually I think we could add ( addr & 3 ) check in > vaplic_is_access() function too... Perhaps best. The load/store functions could then simply assert that property. Jan