[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Xen/ARM - Query about a data abort seen while reading GICD registers

  • To: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxxxxx>
  • From: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxxxxx>
  • Date: Wed, 17 Nov 2021 16:21:21 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.199.80.198) smtp.rcpttodomain=arm.com smtp.mailfrom=xilinx.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=xilinx.com; dkim=none (message not signed); arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JMdnJ/41Z4FbEgOqflToYOsj2Dp5uOaTg+dKoc4ZMzQ=; b=O+E2StvEDOoVbdHFug1iyvg1ZRJbI4/IqoMmMOJ0Ufk9w9pPhIbBfBA6En6SSy3w6V9X9kb0i0SuSsykGiWZDWo58p/MUQhInbaL0/MB9PuuBNffpMF/rY7QyhxucT1tO3UYozgZxYSS+LN7mtTeEHDWCNlrp6ABXvV5WZUajNaEILH6D+wBQ5Fsg9rquFhiUGNjtlOmqMsmdzqyEquRqe2JvaD/KDR5lP/Exkoe1sMBjG03f1XXkUFzT2k3q4G6B3LkBq/VDbZ9I/fxP2KbKM2v5LuWqSBhg+tj6sR0D9itfMvNhIs5NBytgmMwLotAEF5KCO/z8OlezlYhUDOnMQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hCSztjOibQiFE50cChKSZJNQBfdaQP4191E9D5GRE3VFyhEarEe9DrmnFG+sisqsuhpSpXJ4durWDPh7ntJC/T0oDe60vJSnjDf/dljG2bI4YOjXcms1TxbT/aVhiYxcWM+mcZwQsoeJxa3NX2vdBaC7fESTo5E5z5QwPWSE87m4I0mEYzoD4yoGPjWlAyA2eywZW/jwO0d+k4/2nBjNCxZP6vCPieRCU22O+RAXWVC0AuUAMzButmsp+4rLNkgLYIWQk4xUs9MgdDZROEpQyMY4CZO4+aWJ5qPDu8lmLoZ7Y0qBYoyr0T8Y/dy5epCsgzjkOVQRy2xTF4uDhD+aPQ==
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Julien Grall" <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Wed, 17 Nov 2021 16:21:46 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hi Bertrand,

Many thanks for your response.

On 17/11/2021 15:48, Bertrand Marquis wrote:

Hi Ayan,


On 16 Nov 2021, at 16:24, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxxxxx> 
wrote:

Hi Bertrand,

Thanks for looking into it.

On 16/11/2021 15:36, Bertrand Marquis wrote:

Hi Ayan,

On 16 Nov 2021, at 15:27, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxxxxx> 
wrote:

Hi Xen/Arm experts,

I am facing a very strange issue while running a baremetal application as a 
DomU guest on arm64 platform.

The baremetal app tries to read the GICD register with post indexing as follows 
:-
ldr x1, =0x3001000
ldr w2, [x1], #4 <<<------ PC = 0x40000ca8

Increment on on load is not supported by the emulation layer.


That is surprising. The reason being if I try to read the GICC register 
(0x3002000) with post indexing then it works fine.


When the ISV bit is not set, Xen would have to decode the instruction to actually emulate the 
access and properly modify the registers values as long as providing the 
“emulated” access value.
This is very interesting. Is this being done for any of the other instructions in Xen ? 
There is not such a decoder in Xen right now which means those kind of accesses 
are not supported for emulated mmio accesses.
I am actually trying to understand where I will need to make the changes if I have to add support for the decoder. The reason being this issue is being faced by one of our customer application. Besides changing the instruction to prevent post increment, is there any other mitigation ?
The reason being I don't see a way to instruct the compiler to not generate the post indexing instructions. 



Can you point me in source where this limitation is set ?


In this case the isv field is set to 0 when the exception is received by Xen 
which means the decoding part of HSR is invalid so Xen is not handling the 
emulation of the access.

@julien and Stefano: I have been going around and around the code but I cannot 
find where the valid bit of hsr_dabt is checked, could you help me here ?
By any chance, are you referring to https://github.com/Xilinx/xen/blob/4bd2da58b5b008f77429007a307b658db9c0f636/xen/arch/arm/io.c#L129 ?
Also, post indexing works for some other registers (eg GICC). So, I am guessing that the behaviour is specific for GICD or random ? 

- Ayan



Could you try with:
add x1, x1, #4
ldr w2, [x1]


This worked fine.


Good :-)

Bertrand



-Ayan

Regards
Bertrand


And then I get :-
HSR=0x92000005 pc=0x00000040000ca8 gva=0x3001000 gpa=0x00000003001000

This problem occurs only while reading the GICD registers with post indexing. 
If I read the register with pre-indexing, then I do not see any abort. 
Alternatively, if I read GICC register with post indexing, I don't see the 
abort either.

 From the HSR value, I interpret it as
EC = 100100b # Data abort from lower exception
IL = 1b # 32 bit instruction trapped
DFSC = 101 # Translation fault level 1

On debugging, I found that the abort is triggered from

try_handle_mmio()
{ ...
    /* All the instructions used on emulated MMIO region should be valid */
    if ( !dabt.valid ) {

        return IO_ABORT;
    }
...
}

 From the Arm V8 Arm specs, I understand that dabt.valid is ISV, bit[24] in "ISS 
encoding for an exception from a Data Abort".


I saw that the caller is

do_trap_guest_sync() "case HSR_EC_DATA_ABORT_LOWER_EL"
where dabt.valid is false.
In the success scenario, dabt.valid is true.

I could not find the caller for do_trap_guest_sync()

So, can anyone help me here
1. Who is the caller for do_trap_guest_sync() ?
2. Any idea on what the issue is and how I can debug it further ?

Kind regards,
Ayan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.