From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D07B7C64E7B for ; Tue, 1 Dec 2020 10:24:06 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3B13E20770 for ; Tue, 1 Dec 2020 10:24:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=xen.org header.i=@xen.org header.b="5c8pDQFQ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3B13E20770 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=xen.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.41807.75261 (Exim 4.92) (envelope-from ) id 1kk2or-0002Cf-CA; Tue, 01 Dec 2020 10:23:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 41807.75261; Tue, 01 Dec 2020 10:23:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kk2or-0002CY-8f; Tue, 01 Dec 2020 10:23:37 +0000 Received: by outflank-mailman (input) for mailman id 41807; Tue, 01 Dec 2020 10:23:35 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kk2op-0002CT-Qr for xen-devel@lists.xenproject.org; Tue, 01 Dec 2020 10:23:35 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kk2oo-0000dq-5O; Tue, 01 Dec 2020 10:23:34 +0000 Received: from [54.239.6.187] (helo=a483e7b01a66.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1kk2on-0006Nj-Ok; Tue, 01 Dec 2020 10:23:34 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: MIME-Version:Date:Message-ID:From:References:Cc:To:Subject; bh=Wv1H4jfX8yg2Bf63sq8U5hxCS4N0pJHUxdaTsf8FBGM=; b=5c8pDQFQi7sQ0kfi9fOB87g23u Vdz4kBG3dCYjf62L2qmXrXZb3oHZyeYVScadjamjDh18vFaORZDQ74Pa1EEKLBpTzS1Y6VBtDl3D9 CwLHWQUjpi2wzDidJEmy/+RPp9CJomvI9VVW678o0H9jZy/DETt7xXJOhO9Q430c/ufc=; Subject: Re: [PATCH V3 19/23] xen/arm: io: Abstract sign-extension To: Oleksandr , Volodymyr Babchuk Cc: "xen-devel@lists.xenproject.org" , Oleksandr Tyshchenko , Stefano Stabellini , Julien Grall References: <1606732298-22107-1-git-send-email-olekstysh@gmail.com> <1606732298-22107-20-git-send-email-olekstysh@gmail.com> <878sai7e1a.fsf@epam.com> From: Julien Grall Message-ID: <25057245-5885-5b11-753d-91f501eb070a@xen.org> Date: Tue, 1 Dec 2020 10:23:31 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 8bit On 30/11/2020 23:27, Oleksandr wrote: > > On 30.11.20 23:03, Volodymyr Babchuk wrote: >> Hi, > > Hi Volodymyr > > >> >> Oleksandr Tyshchenko writes: >> >>> From: Oleksandr Tyshchenko >>> >>> In order to avoid code duplication (both handle_read() and >>> handle_ioserv() contain the same code for the sign-extension) >>> put this code to a common helper to be used for both. >>> >>> Signed-off-by: Oleksandr Tyshchenko >>> CC: Julien Grall >>> >>> --- >>> Please note, this is a split/cleanup/hardening of Julien's PoC: >>> "Add support for Guest IO forwarding to a device emulator" >>> >>> Changes V1 -> V2: >>>     - new patch >>> >>> Changes V2 -> V3: >>>     - no changes >>> --- >>> --- >>>   xen/arch/arm/io.c           | 18 ++---------------- >>>   xen/arch/arm/ioreq.c        | 17 +---------------- >>>   xen/include/asm-arm/traps.h | 24 ++++++++++++++++++++++++ >>>   3 files changed, 27 insertions(+), 32 deletions(-) >>> >>> diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c >>> index f44cfd4..8d6ec6c 100644 >>> --- a/xen/arch/arm/io.c >>> +++ b/xen/arch/arm/io.c >>> @@ -23,6 +23,7 @@ >>>   #include >>>   #include >>>   #include >>> +#include >>>   #include >>>   #include "decode.h" >>> @@ -39,26 +40,11 @@ static enum io_state handle_read(const struct >>> mmio_handler *handler, >>>        * setting r). >>>        */ >>>       register_t r = 0; >>> -    uint8_t size = (1 << dabt.size) * 8; >>>       if ( !handler->ops->read(v, info, &r, handler->priv) ) >>>           return IO_ABORT; >>> -    /* >>> -     * Sign extend if required. >>> -     * Note that we expect the read handler to have zeroed the bits >>> -     * outside the requested access size. >>> -     */ >>> -    if ( dabt.sign && (r & (1UL << (size - 1))) ) >>> -    { >>> -        /* >>> -         * We are relying on register_t using the same as >>> -         * an unsigned long in order to keep the 32-bit assembly >>> -         * code smaller. >>> -         */ >>> -        BUILD_BUG_ON(sizeof(register_t) != sizeof(unsigned long)); >>> -        r |= (~0UL) << size; >>> -    } >>> +    r = sign_extend(dabt, r); >>>       set_user_reg(regs, dabt.reg, r); >>> diff --git a/xen/arch/arm/ioreq.c b/xen/arch/arm/ioreq.c >>> index f08190c..2f39289 100644 >>> --- a/xen/arch/arm/ioreq.c >>> +++ b/xen/arch/arm/ioreq.c >>> @@ -28,7 +28,6 @@ enum io_state handle_ioserv(struct cpu_user_regs >>> *regs, struct vcpu *v) >>>       const union hsr hsr = { .bits = regs->hsr }; >>>       const struct hsr_dabt dabt = hsr.dabt; >>>       /* Code is similar to handle_read */ >>> -    uint8_t size = (1 << dabt.size) * 8; >>>       register_t r = v->io.req.data; >>>       /* We are done with the IO */ >>> @@ -37,21 +36,7 @@ enum io_state handle_ioserv(struct cpu_user_regs >>> *regs, struct vcpu *v) >>>       if ( dabt.write ) >>>           return IO_HANDLED; >>> -    /* >>> -     * Sign extend if required. >>> -     * Note that we expect the read handler to have zeroed the bits >>> -     * outside the requested access size. >>> -     */ >>> -    if ( dabt.sign && (r & (1UL << (size - 1))) ) >>> -    { >>> -        /* >>> -         * We are relying on register_t using the same as >>> -         * an unsigned long in order to keep the 32-bit assembly >>> -         * code smaller. >>> -         */ >>> -        BUILD_BUG_ON(sizeof(register_t) != sizeof(unsigned long)); >>> -        r |= (~0UL) << size; >>> -    } >>> +    r = sign_extend(dabt, r); >>>       set_user_reg(regs, dabt.reg, r); >>> diff --git a/xen/include/asm-arm/traps.h b/xen/include/asm-arm/traps.h >>> index 997c378..e301c44 100644 >>> --- a/xen/include/asm-arm/traps.h >>> +++ b/xen/include/asm-arm/traps.h >>> @@ -83,6 +83,30 @@ static inline bool VABORT_GEN_BY_GUEST(const >>> struct cpu_user_regs *regs) >>>           (unsigned long)abort_guest_exit_end == regs->pc; >>>   } >>> +/* Check whether the sign extension is required and perform it */ >>> +static inline register_t sign_extend(const struct hsr_dabt dabt, >>> register_t r) >>> +{ >>> +    uint8_t size = (1 << dabt.size) * 8; >>> + >>> +    /* >>> +     * Sign extend if required. >>> +     * Note that we expect the read handler to have zeroed the bits >>> +     * outside the requested access size. >>> +     */ >>> +    if ( dabt.sign && (r & (1UL << (size - 1))) ) >>> +    { >>> +        /* >>> +         * We are relying on register_t using the same as >>> +         * an unsigned long in order to keep the 32-bit assembly >>> +         * code smaller. >>> +         */ >>> +        BUILD_BUG_ON(sizeof(register_t) != sizeof(unsigned long)); >>> +        r |= (~0UL) << size; >> If `size` is 64, you will get undefined behavior there. > I think, we don't need to worry about undefined behavior here. Having > size=64 would be possible with doubleword (dabt.size=3). But if "r" > adjustment gets called (I mean Syndrome Sign Extend bit is set) then > we deal with byte, halfword or word operations (dabt.size<3). Or I > missed something? This is known and was pointed out in the commit message introducing the sign-extension: "Note that the bit can only be set for access size smaller than the register size (i.e byte/half-word for aarch32, byte/half-word/word for aarch32). So we don't have to worry about undefined C behavior." Cheers, -- Julien Grall