Re: [PATCH v5 01/11] xen/arm: xc_domain_ioport_permission(..) not supported on ARM.

[Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>]

On 12.10.21 13:01, Jan Beulich wrote:
> On 12.10.2021 11:38, Oleksandr Andrushchenko wrote:
>> On 12.10.21 12:32, Jan Beulich wrote:
>>> On 12.10.2021 10:41, Bertrand Marquis wrote:
>>>>> On 12 Oct 2021, at 09:29, Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>>>> On 11.10.2021 19:11, Bertrand Marquis wrote:
>>>>>>> On 11 Oct 2021, at 17:32, Roger Pau Monné <roger.pau@xxxxxxxxxx> wrote:
>>>>>>> On Mon, Oct 11, 2021 at 02:16:19PM +0000, Bertrand Marquis wrote:
>>>>>>>>> On 11 Oct 2021, at 14:57, Roger Pau Monné <roger.pau@xxxxxxxxxx> 
>>>>>>>>> wrote:
>>>>>>>>> I think the commit message needs to at least be expanded in order to
>>>>>>>>> contain the information provided here. It might also be helpful to
>>>>>>>>> figure out whether we would have to handle IO port accesses in the
>>>>>>>>> future on Arm, or if it's fine to just ignore them.
>>>>>>>> All our investigations and tests have been done without supporting it
>>>>>>>> without any issues so this is not a critical feature (most devices can
>>>>>>>> be operated without using the I/O ports).
>>>>>>> IMO we should let the users know they attempted to use a device with
>>>>>>> BARs in the IO space, and that those BARs won't be accessible which
>>>>>>> could make the device not function as expected.
>>>>>>>
>>>>>>> Do you think it would be reasonable to attempt the hypercall on Arm
>>>>>>> also, and in case of error (on Arm) just print a warning message and
>>>>>>> continue operations as normal?
>>>>>> I think this would lead to a warning printed on lots of devices where in
>>>>>> fact there would be no issues.
>>>>>>
>>>>>> If this is an issue for a device driver because it cannot operate without
>>>>>> I/O ports, this will be raised by the driver inside the guest.
>>>>> On what basis would the driver complain? The kernel might know of
>>>>> the MMIO equivalent for ports, and hence might allow the driver
>>>>> to properly obtain whatever is needed to later access the ports.
>>>>> Just that the port accesses then wouldn't work (possibly crashing
>>>>> the guest, or making it otherwise misbehave).
>>>> As ECAM and Arm does not support I/O ports, a driver requesting access
>>>> to them would get an error back.
>>>> So in practice it is not possible to try to access the ioports as there is 
>>>> no
>>>> way on arm to use them (no instructions).
>>>>
>>>> A driver could misbehave by ignoring the fact that ioports are not there 
>>>> but
>>>> I am not quite sure how we could solve that as it would be a bug in the 
>>>> driver.
>>> The minimal thing I'd suggest (or maybe you're doing this already)
>>> would be to expose such BARs to the guest as r/o zero, rather than
>>> letting their port nature "shine through".
>> If we have the same, but baremetal then which entity disallows
>> those BARs to shine?
> I'm sorry, but I don't understand what you're trying to say.
>
>> I mean that if guest wants to crash... why
>> should we stop it and try emulating something special for it?
> This isn't about a guest "wanting to crash", but a driver potentially
> getting mislead into thinking that it can driver a device a certain
> way.
Well, for the guest, as we do not advertise IO in the emulated host
bridge, the driver won't be able to allocate any IO at all. Thus, even
if we have a BAR with PCI_BASE_ADDRESS_SPACE_IO bit set, the
driver won't get anything. So, I think this is equivalent to a baremetal
use-case where we have no IO supported by the host bridge and
a device with IO BAR.
>
> Jan
>