Hi Julien,
On 07/03/2022 23:59, Julien Grall wrote:
Hi,
On 07/03/2022 22:23, Ayan Kumar Halder wrote:
On 07/03/2022 19:37, Julien Grall wrote:
On 07/03/2022 14:27, Ayan Kumar Halder wrote:
Hi Julien,
Hi Ayan,
Hi Julien,
I need a bit of clarification to understand this.
One clarification.
On 04/03/2022 10:39, Julien Grall wrote:
Hi Ayan,
On 01/03/2022 12:40, Ayan Kumar Halder wrote:
If the abort was caused due to access to stage1 translation
table, Xen
will assume that the stage1 translation table is in the non MMIO
region.
Reading this commit message again. I think you want to explain why
we want to do that because, from my understanding, this is
technically not forbidden by the Arm Arm.
From the previous discussion, we want to do this because we can't
easily handle such fault on emulated region (we have no away to the
walker the value read).
Sorry, Can you explain this a bit more ? Do you mean that if the page
table is located in the emulated region, map_domain_page() (called
from p2m_next_level()) will fail.
For data abort with valid syndrome, you will have a register to write
back the value read. When the data abort has s1ptw == 1, AFAICT, we
have no information how to return the value.
Do you mean that for s1ptw, we get an intermediate physical address ?
if ( hpfar_is_valid(xabt.s1ptw, fsc) )
gpa = get_faulting_ipa(gva);
If the IPA corresponds to an emulated region, then Xen can read the
emulated address, but can't return the value to the guest OS.
(I actually want to understand this very well).
But for emulated region, shouldn't pages be already mapped for Xen to
access them ?
I am not sure which "pages" you are referring to here. The
implementation of emulated regions is left to the discretion of Xen.
This may be reading/writing to a buffer allocated by Xen or return a
fixed value.
It will try to resolve the translation fault. If it succeeds, it
will
return to the guest to retry the instruction. If not, then it means
that the table is in MMIO region which is not expected by Xen. Thus,
Xen will forward the abort to the guest.
Signed-off-by: Ayan Kumar Halder <ayank...@xilinx.com>
---
Changelog :-
v1..v8 - NA
v9 - 1. Extracted this change from "[XEN v8 2/2] xen/arm64: io:
Support
instructions (for which ISS is not..." into a separate patch of
its own.
The reason being this is an existing bug in the codebase.
xen/arch/arm/io.c | 11 +++++++++++
xen/arch/arm/traps.c | 12 +++++++++++-
2 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c
index bea69ffb08..ebcb8ed548 100644
--- a/xen/arch/arm/io.c
+++ b/xen/arch/arm/io.c
@@ -128,6 +128,17 @@ void try_decode_instruction(const struct
cpu_user_regs *regs,
return;
}
+ /*
+ * At this point, we know that the stage1 translation table
is in the MMIO
+ * region. This is not expected by Xen and thus it forwards
the abort to the
We don't know that. We only know that there are no corresponding
valid mapping in the P2M. So the address may be part of an
emulated MMIO region or invalid.
For both cases, we will want to send an abort.
Furthermore, I would say "emulated MMIO region" rather than MMIO
region because the P2M can also contain MMIO mapping (we usually
call then "direct MMIO").
Can I say MMIO region (to indicate both emulated and direct) ? The
reason being the assumption that stage1 page tables cannot be in
the MMIO region. And thus, when check_p2m() is invoked, we do not
invoke try_map_mmio(gaddr_to_gfn(gpa).
See this snippet :-
if ( xabt.s1ptw )
check_mmio_region = false;
Thinking a bit more of this. I would actually drop this check. We
don't need to decode the instruction, so I don't think there are
much benefits here to restrict access for direct MMIO. Did I miss
anything?
Can Linux or any OS keep its page tables in the direct MMIO space ?
If yes, then try_map_mmio() needs to be invoked to map the region, so
that OS can access it. If not, then Xen needs to return abort because
the OS may be behaving maliciously.
I think what matters is whether the Arm Arm would or would not allow
it. From what I can tell there are no such restriction. So we would
need to be cautious to restrict it further than necessary.
My understanding from previous discussion was that it does not make
sense for linux or any OS to keep its page tables in any MMIO region
(emulated or direct). Please correct me if mistaken.
At the moment, none of the regions emulated by Xen could be used for
page-tables. I am also not sure how we should handle such access if
they arise. So it is more convenient to simply forbid them.
Regarding direct MMIO, see above. Correct me if I am wrong, but it
should not be a problem for Xen to deal with them. So while I agree
this doesn't seem to make sense, the restriction seems unnecessary.
So the behavior will be :-
1. If the stage1 translation table is in the non MMIO region or 'direct
mapped' MMIO region, then invoke p2m_resolve_translation_fault() and
try_map_mmio() to resolve the fault. If it succeeds, then return to the
guest to retry.
2. If the previous step fails and for any other scenario (ie stage1
translation table is in emulated MMIO region or the address is invalid),
return the abort to the guest.
- Ayan
Cheers,
