Xen project Mailing List

Re: [XEN PATCH] hvmloader: Enable MMIO and I/O decode, after all resource allocation

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Tue, 7 Apr 2020 10:06:51 +0200

Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=roger.pau@xxxxxxxxxx; spf=Pass smtp.mailfrom=roger.pau@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx

Cc: 'Wei Liu' <wl@xxxxxxx>, 'Andrew Cooper' <andrew.cooper3@xxxxxxxxxx>, 'Ian Jackson' <ian.jackson@xxxxxxxxxxxxx>, 'Jan Beulich' <jbeulich@xxxxxxxx>, 'Harsha Shamsundara Havanur' <havanur@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Tue, 07 Apr 2020 08:07:08 +0000

Ironport-sdr: jofPe0U9Oo40EKbzecQgTdX4PhgnXR6GXnBnnuJ5A+Wo2gW53yOFQ4vtHzqTuayETBJLsvAUdx QwE/mFDG44T3vvVImAuJwGXVfer+eRVf3+tNMLzm0QI9uZVyDuKgLjOyHLbctPM0yvrYv1rZ1H sKwK5O/f91Bixkgx1yWpfsIkpf3tysf2qx9cR4DURRYZMn6v4nw24FXTQlwmoKso33ByDOqudd m4N7PCayIccV2WobLQd257lVzPUbPnU8e4wTF+7OeNZBLn8kXk+GAJQBesQXYCmf/N0tTpYACu RDo=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Apr 07, 2020 at 08:48:42AM +0100, Paul Durrant wrote: > > -----Original Message----- > > From: Xen-devel <xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of > > Harsha Shamsundara Havanur > > Sent: 06 April 2020 18:47 > > To: xen-devel@xxxxxxxxxxxxxxxxxxxx > > Cc: Wei Liu <wl@xxxxxxx>; Andrew Cooper <andrew.cooper3@xxxxxxxxxx>; Ian > > Jackson > > <ian.jackson@xxxxxxxxxxxxx>; Jan Beulich <jbeulich@xxxxxxxx>; Harsha > > Shamsundara Havanur > > <havanur@xxxxxxxxxx>; Roger Pau Monné <roger.pau@xxxxxxxxxx> > > Subject: [XEN PATCH] hvmloader: Enable MMIO and I/O decode, after all > > resource allocation > > > > It was observed that PCI MMIO and/or IO BARs were programmed with > > BUS master, memory and I/O decodes (bits 0,1 and 2 of PCI COMMAND > > register) enabled, during PCI setup phase. This resulted in > > spurious and premature bus transactions as soon as the lower bar of > > the 64 bit bar is programmed. It is highly recommended that BARs be > > programmed whilst decode bits are cleared to avoid spurious bus > > transactions. > > > > It's not so much spurious transactions that are the issue. I think "spurious > and premature bus transactions" should be replaced with "incorrect mappings > being created". > > I believe the PCI spec says all three bits should be clear after reset > anyway, and BAR programming whilst decodes are enabled causes problems for > emulators such as QEMU which need to create and destroy mappings between the > gaddr being programming into the virtual BAR and the maddr programmed into > the physical BAR. > Specifically the case we see is that a 64-bit memory BAR is programmed by > writing the lower half and then the upper half. After the first write the BAR > is mapped to an address under 4G that happens to contain RAM, which is > displaced by the mapping. After the second write the BAR is re-mapped to the > intended location but the RAM displaced by the other mapping is not restored. > The OS then continues to boot and function until at some point it happens to > try to use that RAM at which point it suffers a page fault and crashes. It > was only by noticing that the faulting address lay within the transient BAR > mapping that we figured out what was happening. In order to fix this isn't it enough to just disable memory and IO decodes, leaving bus mastering as it is? I assume there is (or was) some reason why bus master is enabled by hvmloader in the first place? Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.