From: Jan Beulich <jbeulich@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: "Wei Liu" <wl@xen.org>, "Roger Pau Monné" <roger.pau@citrix.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Subject: Ping: [PATCH] x86emul: de-duplicate scatters to the same linear address
Date: Wed, 17 Feb 2021 09:32:43 +0100 [thread overview]
Message-ID: <ca22a3b6-8194-7880-8e84-e709ee20bcf3@suse.com> (raw)
In-Reply-To: <2e559806-5bc0-0f61-8e23-95e0dba34c41@suse.com>
On 05.02.2021 12:28, Jan Beulich wrote:
> On 05.02.2021 11:41, Andrew Cooper wrote:
>> On 10/11/2020 13:26, Jan Beulich wrote:
>>> The SDM specifically allows for earlier writes to fully overlapping
>>> ranges to be dropped. If a guest did so, hvmemul_phys_mmio_access()
>>> would crash it if varying data was written to the same address. Detect
>>> overlaps early, as doing so in hvmemul_{linear,phys}_mmio_access() would
>>> be quite a bit more difficult.
>>
>> Are you saying that there is currently a bug if a guest does encode such
>> an instruction, and we emulate it?
>
> That is my take on it, yes.
>
>>> Note that due to cache slot use being linear address based, there's no
>>> similar issue with multiple writes to the same physical address (mapped
>>> through different linear addresses).
>>>
>>> Since this requires an adjustment to the EVEX Disp8 scaling test,
>>> correct a comment there at the same time.
>>>
>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>> ---
>>> TBD: The SDM isn't entirely unambiguous about the faulting behavior in
>>> this case: If a fault would need delivering on the earlier slot
>>> despite the write getting squashed, we'd have to call ops->write()
>>> with size set to zero for the earlier write(s). However,
>>> hvm/emulate.c's handling of zero-byte accesses extends only to the
>>> virtual-to-linear address conversions (and raising of involved
>>> faults), so in order to also observe #PF changes to that logic
>>> would then also be needed. Can we live with a possible misbehavior
>>> here?
>>
>> Do you have a chapter/section reference?
>
> The instruction pages. They say in particular
>
> "If two or more destination indices completely overlap, the “earlier”
> write(s) may be skipped."
>
> and
>
> "Faults are delivered in a right-to-left manner. That is, if a fault
> is triggered by an element and delivered ..."
>
> To me this may or may not mean the skipping of indices includes the
> skipping of faults (which a later element then would raise anyway).
Does the above address your concerns / questions? If not, what else
do I need to provide?
Jan
next prev parent reply other threads:[~2021-02-17 8:32 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-10 13:26 [PATCH] x86emul: de-duplicate scatters to the same linear address Jan Beulich
2021-02-05 10:10 ` Ping: " Jan Beulich
2021-02-05 10:41 ` Andrew Cooper
2021-02-05 11:28 ` Jan Beulich
2021-02-17 8:32 ` Jan Beulich [this message]
2021-04-01 8:05 ` Ping²: " Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ca22a3b6-8194-7880-8e84-e709ee20bcf3@suse.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.