From: Peter Maydell <peter.maydell@linaro.org>
To: Peter Xu <peterx@redhat.com>
Cc: Tony Nguyen <tony.nguyen@bt.com>,
Richard Henderson <rth@twiddle.net>,
QEMU Developers <qemu-devel@nongnu.org>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] memory: Set notdirty_mem_ops validator
Date: Fri, 6 Sep 2019 15:14:36 +0100 [thread overview]
Message-ID: <CAFEAcA8W0FjJ0gxgn1MU35JoUWyjzBH6HaN8JEonwNWXk8envw@mail.gmail.com> (raw)
In-Reply-To: <20190904024051.GE30402@xz-x1>
On Wed, 4 Sep 2019 at 03:41, Peter Xu <peterx@redhat.com> wrote:
> On Tue, Sep 03, 2019 at 05:50:56PM +0100, Peter Maydell wrote:
> > Do you have a backtrace of QEMU from the segfault? I'm having trouble
> > thinking of what the situation is when we'd try to invoke the
> > read handler on io_mem_notdirty...
>
> I've no good understanding of how PHYS_SECTION_NOTDIRTY is used
> yet... though from what I understand that's the thing this patch wants
> to fix. Because after the broken commit, this line will be
> overwritten:
>
> .valid.accepts = notdirty_mem_accepts,
>
> and accept() will be reset to NULL.
>
> With that, memory_region_access_valid(is_write=false) could return
> valid now (so a read could happen), while it should never, logically?
Having looked into this a bit further, I think that the problem here
is that in commit 30d7e098d5c38644359 we accidentally removed the
code for TLB_RECHECK-type TLB entries that handled the "actually this
is a RAM access" case after repeating the tlb_fill(). So instead of
read accesses to notdirty-mem going through that code and never getting
into the io_readx() function, now they do. That combined with the
bug where we made the .valid.accepts assignment stop working means
you can get into this segfault. This is quite rare because I think
only Arm M-profile CPUs and Sparc when using the 'invert endian'
page table bit (ie Solaris guests doing PCI stuff) will do this.
If we apply this patch to reinstate .valid.accepts then instead
of a segfault we'll get a guest exception; which is still not
the right behaviour.
So I think we need to:
(1) fix the cputlb code to reinstate the "handle RAM immediately"
codepath
(2) either allow reads to notdirty-mem MRs (ie make them just
read from the host backing RAM), or define them to be a QEMU
bug and make them assert immediately the read is attempted
thanks
-- PMM
next prev parent reply other threads:[~2019-09-06 14:16 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-02 1:26 [Qemu-devel] [PATCH] memory: Set notdirty_mem_ops validator Tony Nguyen
2019-09-03 10:21 ` Peter Xu
2019-09-03 10:25 ` Peter Maydell
2019-09-03 16:47 ` Tony Nguyen
2019-09-03 16:50 ` Peter Maydell
2019-09-04 2:40 ` Peter Xu
2019-09-06 14:14 ` Peter Maydell [this message]
2019-09-04 6:17 ` Tony Nguyen
2019-09-06 8:28 ` Philippe Mathieu-Daudé
2019-09-06 13:08 ` Eric Blake
2019-09-06 13:24 ` Philippe Mathieu-Daudé
2019-09-06 13:44 ` Eric Blake
2019-09-06 16:04 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA8W0FjJ0gxgn1MU35JoUWyjzBH6HaN8JEonwNWXk8envw@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=tony.nguyen@bt.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).