Xen project Mailing List

Re: [PATCH v6 1/3] xen/vpci: Move ecam access functions to common code

From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>

Date: Fri, 15 Oct 2021 08:20:16 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ylyEFr7ZRm/Rji1Q2XsNjohqntNHuiA+r7nCGnGWRz0=; b=jq5ySdjlnvgOpdEq5xqhDq5VWoaf7rh6XPqkQkSIfmfV/KtbmRB+WADfOrjrcRPCy984Uh9rmDMc2lc37lVYIPaM219Llkpfo5/blXZMbv+QjOHv5H2MEmZ2vQRnEnvyVm+fsIF1aAGti1tCG9fjE4OXp/gNU1ai4Rvj2RBnve7N1155M6DhVoWJpa6x4DXUP4oyoTJn0K38wKZPqRcTP8jhF0h8Ih6NNZcb+N6WytCynVj1Q6wL+rVC/X9NhSMsKFdaBB51rcVpUmspgYlf9bG9Yf6L1PLd6jJXKnk6SZusPbk5hJS/dNDZZC1cVZp/swgD+X3C/1E0w35jbba2HQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bSDwOoP/GJ7hASwkFBn7Yx0nWCRlpFAd/GWK8ttS8rwQk/UXeH0cS07Ee6t028kxKHpxfd4IIwiTB6roS/+0yU6Q5gswD6iccVWtzKyb6eh6xiXwznkY8p0qp60GB5LALmAUMlYFZGWF3G1gS8Hy1Oh05XQZK/094N8rhF+8ADQZyWk7v8xDzTrK3oHqH6yO0X5tZKCPPc+HTDa5HrmT+wSbq+Y/cwhsFn+iVy6t2QROaucEndnS33GzjFNWbJIgE0esDUKdpFc78P9SMZYmr6yaPe29XIIB7CGFu1QgAyPNqVxMWvNg/kQu5yHmYJehOQ7P0CYnZTaHNje1MwXazQ==

Authentication-results-original: suse.com; dkim=none (message not signed) header.d=none;suse.com; dmarc=none action=none header.from=arm.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>

Delivery-date: Fri, 15 Oct 2021 08:20:37 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: suse.com; dkim=none (message not signed) header.d=none;suse.com; dmarc=none action=none header.from=arm.com;

Thread-index: AQHXwQraA42SZeh0QUGI/xX7keuWA6vSqLgAgAARnQCAAN+ngIAAEtoAgAAKIACAAAHqgA==

Thread-topic: [PATCH v6 1/3] xen/vpci: Move ecam access functions to common code

Hi Jan, > On 15 Oct 2021, at 09:13, Jan Beulich <jbeulich@xxxxxxxx> wrote: > > On 15.10.2021 09:37, Bertrand Marquis wrote: >>> On 15 Oct 2021, at 07:29, Jan Beulich <jbeulich@xxxxxxxx> wrote: >>> On 14.10.2021 19:09, Bertrand Marquis wrote: >>>>> On 14 Oct 2021, at 17:06, Jan Beulich <jbeulich@xxxxxxxx> wrote: >>>>> On 14.10.2021 16:49, Bertrand Marquis wrote: >>>>>> @@ -305,7 +291,7 @@ static int vpci_portio_read(const struct >>>>>> hvm_io_handler *handler, >>>>>> >>>>>> reg = hvm_pci_decode_addr(cf8, addr, &sbdf); >>>>>> >>>>>> - if ( !vpci_access_allowed(reg, size) ) >>>>>> + if ( !vpci_ecam_access_allowed(reg, size) ) >>>>>> return X86EMUL_OKAY; >>>>>> >>>>>> *data = vpci_read(sbdf, reg, size); >>>>>> @@ -335,7 +321,7 @@ static int vpci_portio_write(const struct >>>>>> hvm_io_handler *handler, >>>>>> >>>>>> reg = hvm_pci_decode_addr(cf8, addr, &sbdf); >>>>>> >>>>>> - if ( !vpci_access_allowed(reg, size) ) >>>>>> + if ( !vpci_ecam_access_allowed(reg, size) ) >>>>>> return X86EMUL_OKAY; >>>>>> >>>>>> vpci_write(sbdf, reg, size, data); >>>>> >>>>> Why would port I/O functions call an ECAM helper? And in how far is >>>>> that helper actually ECAM-specific? >>>> >>>> The function was global before. >>> >>> I'm not objecting to the function being global, but to the "ecam" in >>> its name. >> >> Adding ecam in the name was a request from Roger. >> This is just a consequence of this. > > Roger - did you have in mind the uses here when asking for the addition > of "ecam"? > >> One suggestion here could be to turn vpci_ecam_access_allowed into >> vpci_access_allowed > > That's what I'm asking for. Will do > >> and maybe put this into vpci.h as a static inline ? > > I'm not overly fussed here. Was just a suggestion, I am ok to just rename it and keep it where it is. > >>>>>> @@ -434,25 +420,8 @@ static int vpci_mmcfg_read(struct vcpu *v, unsigned >>>>>> long addr, >>>>>> reg = vpci_mmcfg_decode_addr(mmcfg, addr, &sbdf); >>>>>> read_unlock(&d->arch.hvm.mmcfg_lock); >>>>>> >>>>>> - if ( !vpci_access_allowed(reg, len) || >>>>>> - (reg + len) > PCI_CFG_SPACE_EXP_SIZE ) >>>>>> - return X86EMUL_OKAY; >>>>> >>>>> While I assume this earlier behavior is the reason for ... >>>> >>>> Yes :-) >>>> >>>>> >>>>>> - /* >>>>>> - * According to the PCIe 3.1A specification: >>>>>> - * - Configuration Reads and Writes must usually be DWORD or >>>>>> smaller >>>>>> - * in size. >>>>>> - * - Because Root Complex implementations are not required to >>>>>> support >>>>>> - * accesses to a RCRB that cross DW boundaries [...] software >>>>>> - * should take care not to cause the generation of such accesses >>>>>> - * when accessing a RCRB unless the Root Complex will support the >>>>>> - * access. >>>>>> - * Xen however supports 8byte accesses by splitting them into two >>>>>> - * 4byte accesses. >>>>>> - */ >>>>>> - *data = vpci_read(sbdf, reg, min(4u, len)); >>>>>> - if ( len == 8 ) >>>>>> - *data |= (uint64_t)vpci_read(sbdf, reg + 4, 4) << 32; >>>>>> + /* Ignore return code */ >>>>>> + vpci_ecam_mmio_read(sbdf, reg, len, data); >>>>> >>>>> ... the commented-upon ignoring of the return value, I don't think >>>>> that's a good way to deal with things anymore. Instead I think >>>>> *data should be written to ~0 upon failure, unless it is intended >>>>> for vpci_ecam_mmio_read() to take care of that case (in which case >>>>> I'm not sure I would see why it needs to return an error indicator >>>>> in the first place). >>>> >>>> I am not sure in the first place why this is actually ignored and just >>>> returning a -1 value. >>>> If an access is not right, an exception should be generated to the >>>> Guest instead. >>> >>> No. That's also not what happens on bare metal, at least not on x86. >>> Faults cannot be raised for reasons outside of the CPU; such errors >>> (if these are errors in the first place) need to be dealt with >>> differently. Signaling an error on the PCI bus would be possible, >>> but would leave open how that's actually to be dealt with. Instead >>> bad reads return all ones, while bad writes simply get dropped. >> >> So that behaviour is kept here on x86 and I think as the function is >> generic it is right for it to return an error here. It is up to the caller to >> ignore it or not. >> To make this more generic I could return 0 on success and -EACCESS, >> the caller would then handle it as he wants. > > I think boolean is sufficient here, but I wouldn't object to errno- > style return values. All I do object to is int when boolean is meant. Boolean sounds right as there is only one error case. I will use that. > >>>>>> +int vpci_ecam_mmio_write(pci_sbdf_t sbdf, unsigned int reg, unsigned >>>>>> int len, >>>>>> + unsigned long data) >>>>>> +{ >>>>>> + if ( !vpci_ecam_access_allowed(reg, len) || >>>>>> + (reg + len) > PCI_CFG_SPACE_EXP_SIZE ) >>>>>> + return 0; >>>>>> + >>>>>> + vpci_write(sbdf, reg, min(4u, len), data); >>>>>> + if ( len == 8 ) >>>>>> + vpci_write(sbdf, reg + 4, 4, data >> 32); >>>>>> + >>>>>> + return 1; >>>>>> +} >>>>>> + >>>>>> +int vpci_ecam_mmio_read(pci_sbdf_t sbdf, unsigned int reg, unsigned int >>>>>> len, >>>>>> + unsigned long *data) >>>>>> +{ >>>>>> + if ( !vpci_ecam_access_allowed(reg, len) || >>>>>> + (reg + len) > PCI_CFG_SPACE_EXP_SIZE ) >>>>>> + return 0; >>>>>> + >>>>>> + /* >>>>>> + * According to the PCIe 3.1A specification: >>>>>> + * - Configuration Reads and Writes must usually be DWORD or >>>>>> smaller >>>>>> + * in size. >>>>>> + * - Because Root Complex implementations are not required to >>>>>> support >>>>>> + * accesses to a RCRB that cross DW boundaries [...] software >>>>>> + * should take care not to cause the generation of such accesses >>>>>> + * when accessing a RCRB unless the Root Complex will support the >>>>>> + * access. >>>>>> + * Xen however supports 8byte accesses by splitting them into two >>>>>> + * 4byte accesses. >>>>>> + */ >>>>>> + *data = vpci_read(sbdf, reg, min(4u, len)); >>>>>> + if ( len == 8 ) >>>>>> + *data |= (uint64_t)vpci_read(sbdf, reg + 4, 4) << 32; >>>>>> + >>>>>> + return 1; >>>>>> +} >>>>> >>>>> Why do these two functions return int/0/1 instead of >>>>> bool/false/true (assuming, as per above, that them returning non- >>>>> void is warranted at all)? >>>> >>>> This is what the mmio handlers should return to say that an access >>>> was ok or not so the function stick to this standard. >>> >>> Sticking to this would be okay if the functions here needed their >>> address taken, such that they can be installed as hooks for a >>> more general framework to invoke. The functions, however, only get >>> called directly. Hence there's no reason to mirror what is in need >>> of cleaning up elsewhere. I'm sure you're aware there we're in the >>> (slow going) process of improving which types get used where. >>> While the functions you refer to may not have undergone such >>> cleanup yet, we generally expect new code to conform to the new >>> model. >> >> I am ok to rename those to vpci_ecam_{read/write}. >> Is it what you want ? > > Yes, that's what I've been asking for, and I just saw Roger requesting > the same. (I'm a little puzzled about the context though, as you reply > looks disconnected here.) Oups sorry. Anyway if we agree on naming scheme and bool return type I think all your comments here are covered ? Cheers Bertrand > > Jan >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.