[PATCH] system/physmem: Fix cpu_memory_rw

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] system/physmem: Fix cpu_memory_rw_debug for armv7m MPU
@ 2024-11-20 15:15 Xiong Nandi
  2024-11-20 15:15 ` Xiong Nandi
  0 siblings, 1 reply; 6+ messages in thread
From: Xiong Nandi @ 2024-11-20 15:15 UTC (permalink / raw)
  To: qemu-devel

The actual page size (region size for MPU) of armv7m may
smaller than TARGET_PAGE_SIZE (2^5 vs 2^10). So we should
use the actual virtual address to get the phys page address.

Since address_space_rw do not check the region protection, so
if we have some region like [0x0020 ~ 0x003F rw], [0x0040 ~ 0x007F --],
we will be able to read out the whole [0x0020 ~ 0x007F] region.
As a debug function, this seems acceptable.

I have make a minimal reproducible demo here:
https://gist.github.com/xndcn/3c534818b6486ecd2414d1cc7925c372

after building main.elf, run:
qemu-system-arm -machine stm32vldiscovery -kernel main.elf -s & 
gdb-multiarch main.elf
(gdb) target remote :1234
(gdb) disas main
Dump of assembler code for function main:
   0x08000040 <+0>:	Cannot access memory at address 0x8000040

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH] system/physmem: Fix cpu_memory_rw_debug for armv7m MPU
  2024-11-20 15:15 [PATCH] system/physmem: Fix cpu_memory_rw_debug for armv7m MPU Xiong Nandi
@ 2024-11-20 15:15 ` Xiong Nandi
  2024-11-22 20:32   ` Richard Henderson
  0 siblings, 1 reply; 6+ messages in thread
From: Xiong Nandi @ 2024-11-20 15:15 UTC (permalink / raw)
  To: qemu-devel
  Cc: Xiong Nandi, Paolo Bonzini, Peter Xu, David Hildenbrand,
	Philippe Mathieu-Daudé

The actual page size (region size for MPU) of armv7m may
smaller than TARGET_PAGE_SIZE (2^5 vs 2^10). So we should
use the actual virtual address to get the phys page address.

Signed-off-by: Xiong Nandi <xndchn@gmail.com>
---
 system/physmem.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/system/physmem.c b/system/physmem.c
index dc1db3a384..a76b305130 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -3564,11 +3564,12 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
         MemTxResult res;
 
         page = addr & TARGET_PAGE_MASK;
-        phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
+        phys_addr = cpu_get_phys_page_attrs_debug(cpu, addr, &attrs);
         asidx = cpu_asidx_from_attrs(cpu, attrs);
         /* if no physical page mapped, return an error */
         if (phys_addr == -1)
             return -1;
+        phys_addr &= TARGET_PAGE_MASK;
         l = (page + TARGET_PAGE_SIZE) - addr;
         if (l > len)
             l = len;
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] system/physmem: Fix cpu_memory_rw_debug for armv7m MPU
  2024-11-20 15:15 ` Xiong Nandi
@ 2024-11-22 20:32   ` Richard Henderson
  2024-11-24  4:30     ` xndcn
  0 siblings, 1 reply; 6+ messages in thread
From: Richard Henderson @ 2024-11-22 20:32 UTC (permalink / raw)
  To: Xiong Nandi, qemu-devel
  Cc: Paolo Bonzini, Peter Xu, David Hildenbrand,
	Philippe Mathieu-Daudé

On 11/20/24 09:15, Xiong Nandi wrote:
> The actual page size (region size for MPU) of armv7m may
> smaller than TARGET_PAGE_SIZE (2^5 vs 2^10). So we should
> use the actual virtual address to get the phys page address.
> 
> Signed-off-by: Xiong Nandi <xndchn@gmail.com>
> ---
>   system/physmem.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/system/physmem.c b/system/physmem.c
> index dc1db3a384..a76b305130 100644
> --- a/system/physmem.c
> +++ b/system/physmem.c
> @@ -3564,11 +3564,12 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
>           MemTxResult res;
>   
>           page = addr & TARGET_PAGE_MASK;
> -        phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
> +        phys_addr = cpu_get_phys_page_attrs_debug(cpu, addr, &attrs);
>           asidx = cpu_asidx_from_attrs(cpu, attrs);
>           /* if no physical page mapped, return an error */
>           if (phys_addr == -1)
>               return -1;
> +        phys_addr &= TARGET_PAGE_MASK;
>           l = (page + TARGET_PAGE_SIZE) - addr;
>           if (l > len)
>               l = len;

So... I guess this might accidentally work, but L is definitely incorrect under the 
circumstances.  So we could easily be exchanging one set of bugs for another.

We really need to be returning the range of addresses under which the address translation 
is valid.  One solution could be passing in 'l = len, &l' to be modified so that (addr, l) 
translates to (phys_addr, l) after the call; iterate for sum l < len as we're currently doing.


r~


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] system/physmem: Fix cpu_memory_rw_debug for armv7m MPU
  2024-11-22 20:32   ` Richard Henderson
@ 2024-11-24  4:30     ` xndcn
  2024-11-24 21:23       ` Richard Henderson
  0 siblings, 1 reply; 6+ messages in thread
From: xndcn @ 2024-11-24  4:30 UTC (permalink / raw)
  To: Richard Henderson
  Cc: qemu-devel, Paolo Bonzini, Peter Xu, David Hildenbrand,
	Philippe Mathieu-Daudé

Thanks. This patch at least guarantees normal read/write access to
addresses with r/w flags, although there is still a risk of
misidentifying accessible regions within continuous address spaces.

Actually, initially I did write a patch with a modified page size as
an argument, but I soon found that the current implementation of
armv7a (pmsav7) will return the page size (lg_page_size) as 0 in many
situations (such as overlapping regions).
Maybe we can simply make the page size as 2^5 (minimal page size) when
the returned lg_page_size == 0?

On Sat, Nov 23, 2024 at 4:32 AM Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 11/20/24 09:15, Xiong Nandi wrote:
> > The actual page size (region size for MPU) of armv7m may
> > smaller than TARGET_PAGE_SIZE (2^5 vs 2^10). So we should
> > use the actual virtual address to get the phys page address.
> >
> > Signed-off-by: Xiong Nandi <xndchn@gmail.com>
> > ---
> >   system/physmem.c | 3 ++-
> >   1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/system/physmem.c b/system/physmem.c
> > index dc1db3a384..a76b305130 100644
> > --- a/system/physmem.c
> > +++ b/system/physmem.c
> > @@ -3564,11 +3564,12 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
> >           MemTxResult res;
> >
> >           page = addr & TARGET_PAGE_MASK;
> > -        phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
> > +        phys_addr = cpu_get_phys_page_attrs_debug(cpu, addr, &attrs);
> >           asidx = cpu_asidx_from_attrs(cpu, attrs);
> >           /* if no physical page mapped, return an error */
> >           if (phys_addr == -1)
> >               return -1;
> > +        phys_addr &= TARGET_PAGE_MASK;
> >           l = (page + TARGET_PAGE_SIZE) - addr;
> >           if (l > len)
> >               l = len;
>
> So... I guess this might accidentally work, but L is definitely incorrect under the
> circumstances.  So we could easily be exchanging one set of bugs for another.
>
> We really need to be returning the range of addresses under which the address translation
> is valid.  One solution could be passing in 'l = len, &l' to be modified so that (addr, l)
> translates to (phys_addr, l) after the call; iterate for sum l < len as we're currently doing.
>
>
> r~


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] system/physmem: Fix cpu_memory_rw_debug for armv7m MPU
  2024-11-24  4:30     ` xndcn
@ 2024-11-24 21:23       ` Richard Henderson
  2024-11-25  2:50         ` xndcn
  0 siblings, 1 reply; 6+ messages in thread
From: Richard Henderson @ 2024-11-24 21:23 UTC (permalink / raw)
  To: xndcn
  Cc: qemu-devel, Paolo Bonzini, Peter Xu, David Hildenbrand,
	Philippe Mathieu-Daudé

On 11/23/24 22:30, xndcn wrote:
> Thanks. This patch at least guarantees normal read/write access to
> addresses with r/w flags, although there is still a risk of
> misidentifying accessible regions within continuous address spaces.
> 
> Actually, initially I did write a patch with a modified page size as
> an argument, but I soon found that the current implementation of
> armv7a (pmsav7) will return the page size (lg_page_size) as 0 in many
> situations (such as overlapping regions).

0 was arbitrarily chosen as "anything less than TARGET_PAGE_BITS".

> Maybe we can simply make the page size as 2^5 (minimal page size) when
> the returned lg_page_size == 0?

No, don't lie, or make unhelpful guesses at the generic level. The only thing you could do 
for arm m-profile is give accurate information, which for now will be immediately 
discarded as *still* being less than TARGET_PAGE_BITS.  But I do have plans for that.

Anyway, nothing you do with page sizes is helpful along the debug path.  For that, we need 
to swap away from "pages" to "ranges", where some ranges are in fact pages, but others 
aren't.  This means changing the API for cpu_get_phys_<something>_debug.

r~

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] system/physmem: Fix cpu_memory_rw_debug for armv7m MPU
  2024-11-24 21:23       ` Richard Henderson
@ 2024-11-25  2:50         ` xndcn
  0 siblings, 0 replies; 6+ messages in thread
From: xndcn @ 2024-11-25  2:50 UTC (permalink / raw)
  To: Richard Henderson
  Cc: qemu-devel, Paolo Bonzini, Peter Xu, David Hildenbrand,
	Philippe Mathieu-Daudé

Got it, thanks.
It seems like there is still a lot of work surrounding the API, so I
create a issue to track it
https://gitlab.com/qemu-project/qemu/-/issues/2697

On Mon, Nov 25, 2024 at 5:23 AM Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 11/23/24 22:30, xndcn wrote:
> > Thanks. This patch at least guarantees normal read/write access to
> > addresses with r/w flags, although there is still a risk of
> > misidentifying accessible regions within continuous address spaces.
> >
> > Actually, initially I did write a patch with a modified page size as
> > an argument, but I soon found that the current implementation of
> > armv7a (pmsav7) will return the page size (lg_page_size) as 0 in many
> > situations (such as overlapping regions).
>
> 0 was arbitrarily chosen as "anything less than TARGET_PAGE_BITS".
>
> > Maybe we can simply make the page size as 2^5 (minimal page size) when
> > the returned lg_page_size == 0?
>
> No, don't lie, or make unhelpful guesses at the generic level. The only thing you could do
> for arm m-profile is give accurate information, which for now will be immediately
> discarded as *still* being less than TARGET_PAGE_BITS.  But I do have plans for that.
>
> Anyway, nothing you do with page sizes is helpful along the debug path.  For that, we need
> to swap away from "pages" to "ranges", where some ranges are in fact pages, but others
> aren't.  This means changing the API for cpu_get_phys_<something>_debug.
>
>
> r~


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2024-11-25  2:51 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-20 15:15 [PATCH] system/physmem: Fix cpu_memory_rw_debug for armv7m MPU Xiong Nandi
2024-11-20 15:15 ` Xiong Nandi
2024-11-22 20:32   ` Richard Henderson
2024-11-24  4:30     ` xndcn
2024-11-24 21:23       ` Richard Henderson
2024-11-25  2:50         ` xndcn

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).