Xen project Mailing List

Re: [PATCH v4 1/9] xen/riscv: dt_processor_hartid() implementation

To: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>

Date: Wed, 11 Jun 2025 10:31:58 +0200

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: Alistair Francis <alistair.francis@xxxxxxx>, Bob Eshleman <bobbyeshleman@xxxxxxxxx>, Connor Davis <connojdavis@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Wed, 11 Jun 2025 08:32:15 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 11.06.2025 10:26, Oleksii Kurochko wrote: > > On 6/10/25 4:08 PM, Jan Beulich wrote: >> On 05.06.2025 17:58, Oleksii Kurochko wrote: >>> @@ -14,3 +17,77 @@ void __init smp_prepare_boot_cpu(void) >>> cpumask_set_cpu(0, &cpu_possible_map); >>> cpumask_set_cpu(0, &cpu_online_map); >>> } >>> + >>> +/** >>> + * dt_get_hartid - Get the hartid from a CPU device node >>> + * >>> + * @cpun: CPU number(logical index) for which device node is required >>> + * >>> + * Return: The hartid for the CPU node or ~0UL if not found. >>> + */ >>> +static unsigned long dt_get_hartid(const struct dt_device_node *cpun) >>> +{ >>> + const __be32 *cell; >>> + unsigned int ac; >>> + uint32_t len; >>> + unsigned int max_cells = UINT32_MAX / sizeof(*cell); >>> + >>> + ac = dt_n_addr_cells(cpun); >>> + cell = dt_get_property(cpun, "reg", &len); >>> + >>> + if (ac > max_cells) { >> Besides the (double) style issue, why's this needed? Can't you simply ... >> >>> + printk("%s: cell count overflow (ac=%u, max=%u)\n", __func__, ac, >>> + max_cells); >>> + return ~0UL; >>> + } >>> + >>> + if ( !cell || !ac || ((sizeof(*cell) * ac) > len) ) >> ... write the last part here in a way that there can't be overflow? >> ac > len / sizeof(*cell) that is? (Remaining question then is what to >> do when len isn't evenly divisible by sizeof(*cell).) > > reg property should be always evenly divisible by sizeof(*cell) according to > device > tree binding: > The reg property describes the address of the device’s resources within > the address space defined by its parent bus. Most commonly this means > the offsets and lengths of memory-mapped IO register blocks, but may > have a different meaning on some bus types. Addresses in the address > space defined by the root node are CPU real addresses. > > The value is a <prop-encoded-array>, composed of an arbitrary number of > pairs of address and length, <address length>. The number of <u32> cells > required to specify the address and length are bus-specific and are > specified by the #address-cells and #size-cells properties in the parent > of the device node. If the parent node specifies a value of 0 for > #size-cells, the length field in the value of reg shall be omitted. So > it is guaranteed by DTC compiler and it would be enough to check > overflow in suggested by you way: ac > len / sizeof(*cell) > But considering what you noticed below ... > >> >>> + return ~0UL; >>> + >>> + return dt_read_number(cell, ac); >> What meaning does this have for ac > 2? (As per your checking above >> it can be up to UINT32_MAX / 4.) > > ... It will be an issue for dt_read_number() which could deal only with > uint64_t what means > we can't have ac > 2. (UINT32_MAX / 4 it is a theoretical maximum IIUC) > > Thereby we could do in the following way: > @@ -30,19 +30,18 @@ static unsigned long dt_get_hartid(const struct > dt_device_node *cpun) > const __be32 *cell; > unsigned int ac; > uint32_t len; > - unsigned int max_cells = UINT32_MAX / sizeof(*cell); > > ac = dt_n_addr_cells(cpun); > cell = dt_get_property(cpun, "reg", &len); > > - if (ac > max_cells) { > - printk("%s: cell count overflow (ac=%u, max=%u)\n", __func__, ac, > - max_cells); > + if ( !cell || !ac || (ac > len / sizeof(*cell)) ) > return ~0UL; > - } > > - if ( !cell || !ac || ((sizeof(*cell) * ac) > len) ) > - return ~0UL; > + /* > + * If ac > 2, the result may be truncated or meaningless unless > + * dt_read_number() supports wider integers. > + */ > + BUG_ON(ac > 2); > > return dt_read_number(cell, ac); > } > > I am not sure that BUG_ON() should be in dt_get_hartid(). Probably it would > be better move it > to dt_read_number() as if one day support for RV128 will be needed I assume > that it will be > needed to change a prototype of dt_read_number() to work with address-cells = > 3. > What do you think? Could I go with the suggested above changes or it would be > better to move > BUG_ON() to dt_read_number()? Don't know; the DT maintainers would have to judge. I don't, however, think it should be BUG_ON() - as said several times before, that's a check suitable to cover for possible mistakes in Xen code. Here however you're trying to cover for a flaw in DT. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.