File 5b752762-x86-hvm-emul-rep-IO-should-not-cross-G... of Package xen.10697

Overview Repositories Revisions Requests Users Attributes Meta

File 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch of Package xen.10697

# Commit 7626edeaca972e3e823535dcc44338f6b2f0b21f
# Date 2018-08-16 09:27:30 +0200
# Author Paul Durrant <paul.durrant@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/hvm/emulate: make sure rep I/O emulation does not cross GFN boundaries

When emulating a rep I/O operation it is possible that the ioreq will
describe a single operation that spans multiple GFNs. This is fine as long
as all those GFNs fall within an MMIO region covered by a single device
model, but unfortunately the higher levels of the emulation code do not
guarantee that. This is something that should almost certainly be fixed,
but in the meantime this patch makes sure that MMIO is truncated at GFN
boundaries and hence the appropriate device model is re-evaluated for each
target GFN.

NOTE: This patch does not deal with the case of a single MMIO operation
      spanning a GFN boundary. That is more complex to deal with and is
      deferred to a subsequent patch.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>

Convert calculations to be 32-bit only.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/hvm/emulate.c
+++ b/xen/arch/x86/hvm/emulate.c
@@ -210,6 +210,25 @@ static int hvmemul_do_io(
     if ( dir == IOREQ_WRITE )
         hvmtrace_io_assist(is_mmio, p);
 
+    /*
+     * Make sure that we truncate rep MMIO at any GFN boundary. This is
+     * necessary to ensure that the correct device model is targetted
+     * or that we correctly handle a rep op spanning MMIO and RAM.
+     */
+    if ( unlikely(p->count > 1) && is_mmio )
+    {
+        unsigned int off = addr & ~PAGE_MASK;
+        unsigned int tail = PAGE_SIZE - off;
+
+        if ( tail < size ) /* single rep spans GFN */
+            p->count = 1;
+        else
+            p->count = min(p->count,
+                           (df ? off + size : tail) / size);
+        vio->io_count = p->count;
+    }
+    ASSERT(p->count);
+
     if ( is_mmio )
     {
         rc = hvm_mmio_intercept(p);
@@ -222,7 +241,7 @@ static int hvmemul_do_io(
     }
 
     /*
-     * p->count may have got reduced (see hvm_mmio_access() and
+     * p->count may have got reduced (above, and also see hvm_mmio_access() and
      * process_portio_intercept()) - inform our callers and mirror this into
      * latched state.
      */

Places

File 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch of Package xen.10697

Places