From: Paul Durrant <Paul.Durrant@citrix.com>
To: 'Jan Beulich' <JBeulich@suse.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>,
Razvan Cojocaru <rcojocaru@bitdefender.com>
Subject: Re: Ping: [PATCH] x86/HVM: fix hvmemul_rep_outs_set_context()
Date: Mon, 4 Dec 2017 10:33:59 +0000 [thread overview]
Message-ID: <caac0894804544eba37da3e15284944c@AMSPEX02CL03.citrite.net> (raw)
In-Reply-To: <5A252DA30200007800194405@prv-mh.provo.novell.com>
> -----Original Message-----
> From: Jan Beulich [mailto:JBeulich@suse.com]
> Sent: 04 December 2017 10:13
> To: Paul Durrant <Paul.Durrant@citrix.com>
> Cc: Razvan Cojocaru <rcojocaru@bitdefender.com>; xen-devel <xen-
> devel@lists.xenproject.org>
> Subject: Ping: [PATCH] x86/HVM: fix hvmemul_rep_outs_set_context()
>
> >>> On 23.11.17 at 16:09, <JBeulich@suse.com> wrote:
> > There were two issues with this function: Its use of
> > hvmemul_do_pio_buffer() was wrong (the function deals only with
> > individual port accesses, not repeated ones, i.e. passing it
> > "*reps * bytes_per_rep" does not have the intended effect). And it
> > could have processed a larger set of operations in one go than was
> > probably intended (limited just by the size that xmalloc() can hand
> > back).
> >
> > By converting to proper use of hvmemul_do_pio_buffer(), no
> intermediate
> > buffer is needed at all. As a result a preemption check is being added.
> >
> > Also drop unused parameters from the function.
> >
> > Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
> Ping?
Apologies. In the midst of the discussion of the issue Andrew was hitting, I forgot about this one.
>
> > --- a/xen/arch/x86/hvm/emulate.c
> > +++ b/xen/arch/x86/hvm/emulate.c
> > @@ -1348,28 +1348,41 @@ static int hvmemul_rep_ins(
> > }
> >
> > static int hvmemul_rep_outs_set_context(
> > - enum x86_segment src_seg,
> > - unsigned long src_offset,
> > uint16_t dst_port,
> > unsigned int bytes_per_rep,
> > - unsigned long *reps,
> > - struct x86_emulate_ctxt *ctxt)
> > + unsigned long *reps)
> > {
> > - unsigned int bytes = *reps * bytes_per_rep;
> > - char *buf;
> > - int rc;
> > -
> > - buf = xmalloc_array(char, bytes);
> > + const struct arch_vm_event *ev = current->arch.vm_event;
> > + const uint8_t *ptr;
> > + unsigned int avail;
> > + unsigned long done;
> > + int rc = X86EMUL_OKAY;
> >
> > - if ( buf == NULL )
> > + ASSERT(bytes_per_rep <= 4);
> > + if ( !ev )
> > return X86EMUL_UNHANDLEABLE;
> >
> > - rc = set_context_data(buf, bytes);
> > + ptr = ev->emul.read.data;
> > + avail = ev->emul.read.size;
> >
> > - if ( rc == X86EMUL_OKAY )
> > - rc = hvmemul_do_pio_buffer(dst_port, bytes, IOREQ_WRITE, buf);
> > + for ( done = 0; done < *reps; ++done )
> > + {
> > + unsigned int size = min(bytes_per_rep, avail);
> > + uint32_t data = 0;
> > +
> > + if ( done && hypercall_preempt_check() )
> > + break;
> > +
> > + memcpy(&data, ptr, size);
> > + avail -= size;
> > + ptr += size;
> > +
> > + rc = hvmemul_do_pio_buffer(dst_port, bytes_per_rep,
> IOREQ_WRITE,
> > &data);
> > + if ( rc != X86EMUL_OKAY )
> > + break;
> > + }
This is a sub-optimal way to be handling this, but I don't see a lot of choice. It would, of course, be nicer to have the context buffer be mappable by QEMU then it could handle this as a single ioreq with count > 1 and indirect data but that would involve fixing the current problem of who owns the guest memory map so...
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
> >
> > - xfree(buf);
> > + *reps = done;
> >
> > return rc;
> > }
> > @@ -1391,8 +1404,7 @@ static int hvmemul_rep_outs(
> > int rc;
> >
> > if ( unlikely(hvmemul_ctxt->set_context) )
> > - return hvmemul_rep_outs_set_context(src_seg, src_offset, dst_port,
> > - bytes_per_rep, reps, ctxt);
> > + return hvmemul_rep_outs_set_context(dst_port, bytes_per_rep,
> reps);
> >
> > rc = hvmemul_virtual_to_linear(
> > src_seg, src_offset, bytes_per_rep, reps, hvm_access_read,
> >
> >
> >
> >
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xenproject.org
> > https://lists.xenproject.org/mailman/listinfo/xen-devel
>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
prev parent reply other threads:[~2017-12-04 10:34 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-23 15:09 [PATCH] x86/HVM: fix hvmemul_rep_outs_set_context() Jan Beulich
2017-11-23 15:22 ` Razvan Cojocaru
2017-11-23 18:37 ` Andrew Cooper
2017-11-24 7:55 ` MMIO emulation failure on REP OUTS (was: [PATCH] x86/HVM: fix hvmemul_rep_outs_set_context()) Jan Beulich
2017-12-04 10:12 ` Ping: [PATCH] x86/HVM: fix hvmemul_rep_outs_set_context() Jan Beulich
2017-12-04 10:33 ` Paul Durrant [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=caac0894804544eba37da3e15284944c@AMSPEX02CL03.citrite.net \
--to=paul.durrant@citrix.com \
--cc=JBeulich@suse.com \
--cc=rcojocaru@bitdefender.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).