Fix iotlb_to_section() for different AddressSpace

[PATCH 0/2] Fix iotlb_to_section() for different AddressSpace

Jim Shu posted 2 patches 1 week, 2 days ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260128063907.2066100-1-jim.shu@sifive.com

Maintainers: Richard Henderson <richard.henderson@linaro.org>, Paolo Bonzini <pbonzini@redhat.com>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Eduardo Habkost <eduardo@habkost.net>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Yanan Wang <wangyanan55@huawei.com>, Zhao Liu <zhao1.liu@intel.com>, Peter Xu <peterx@redhat.com>

accel/tcg/cputlb.c        | 32 +++++++++++++++-----------------
include/accel/tcg/iommu.h | 15 ---------------
include/exec/cputlb.h     |  2 +-
include/hw/core/cpu.h     | 12 +++++++-----
system/physmem.c          | 31 -------------------------------
5 files changed, 23 insertions(+), 69 deletions(-)

Expand all Fold all

[PATCH 0/2] Fix iotlb_to_section() for different AddressSpace

Posted by Jim Shu 1 week, 2 days ago

Current 'iotlb_to_section()' API only finds the sections from CPU's
AddressSpace but not other AddressSpaces. However, If address space
translation is over IOMMUMemoryRegion, like ARM MPC device, it could
return section from other AddressSpaces, which will break
'iotlb_to_section()'.

To fix this bug, store complete MemoryRegionSection pointer in
CPUTLBEntryFull, and we can directly use section pointer in it w/o need
of 'iotlb_to_section()' API.

Besides ARM MPC device, the upcoming RISC-V wgChecker [1] and RISC-V IOPMP [2]
devices also require this bugfix.

[1] RISC-V WG:
https://patchew.org/QEMU/20251021155548.584543-1-jim.shu@sifive.com/
[2] RISC-V IOPMP:
https://patchew.org/QEMU/20250312093735.1517740-1-ethan84@andestech.com/

Jim Shu (2):
  accel/tcg: Fix iotlb_to_section() for different AddressSpace
  system/physmem: Remove the assertion of page-aligned section number

 accel/tcg/cputlb.c        | 32 +++++++++++++++-----------------
 include/accel/tcg/iommu.h | 15 ---------------
 include/exec/cputlb.h     |  2 +-
 include/hw/core/cpu.h     | 12 +++++++-----
 system/physmem.c          | 31 -------------------------------
 5 files changed, 23 insertions(+), 69 deletions(-)

-- 
2.43.0

Re: [PATCH 0/2] Fix iotlb_to_section() for different AddressSpace

Posted by Michael Tokarev 3 days, 21 hours ago

On 1/28/26 09:39, Jim Shu wrote:
> Current 'iotlb_to_section()' API only finds the sections from CPU's
> AddressSpace but not other AddressSpaces. However, If address space
> translation is over IOMMUMemoryRegion, like ARM MPC device, it could
> return section from other AddressSpaces, which will break
> 'iotlb_to_section()'.
> 
> To fix this bug, store complete MemoryRegionSection pointer in
> CPUTLBEntryFull, and we can directly use section pointer in it w/o need
> of 'iotlb_to_section()' API.
> 
> Besides ARM MPC device, the upcoming RISC-V wgChecker [1] and RISC-V IOPMP [2]
> devices also require this bugfix.

 From the description it feels like this patch series should NOT be
picked up for qemu-stable, since while the bug is here, but it only
happens in a very specific narrow case, and the fix is rather involved.

Please let me know if I still should pick this one up for qemu-stable.

P.S.  This is for the first time when I'm asking if a change
       is *not* for stable :)

Thanks,

/mjt

> [1] RISC-V WG:
> https://patchew.org/QEMU/20251021155548.584543-1-jim.shu@sifive.com/
> [2] RISC-V IOPMP:
> https://patchew.org/QEMU/20250312093735.1517740-1-ethan84@andestech.com/
> 
> Jim Shu (2):
>    accel/tcg: Fix iotlb_to_section() for different AddressSpace
>    system/physmem: Remove the assertion of page-aligned section number
> 
>   accel/tcg/cputlb.c        | 32 +++++++++++++++-----------------
>   include/accel/tcg/iommu.h | 15 ---------------
>   include/exec/cputlb.h     |  2 +-
>   include/hw/core/cpu.h     | 12 +++++++-----
>   system/physmem.c          | 31 -------------------------------
>   5 files changed, 23 insertions(+), 69 deletions(-)
>

Re: [PATCH 0/2] Fix iotlb_to_section() for different AddressSpace

Posted by Philippe Mathieu-Daudé 3 days, 19 hours ago

On 3/2/26 09:05, Michael Tokarev wrote:
> On 1/28/26 09:39, Jim Shu wrote:
>> Current 'iotlb_to_section()' API only finds the sections from CPU's
>> AddressSpace but not other AddressSpaces. However, If address space
>> translation is over IOMMUMemoryRegion, like ARM MPC device, it could
>> return section from other AddressSpaces, which will break
>> 'iotlb_to_section()'.
>>
>> To fix this bug, store complete MemoryRegionSection pointer in
>> CPUTLBEntryFull, and we can directly use section pointer in it w/o need
>> of 'iotlb_to_section()' API.
>>
>> Besides ARM MPC device, the upcoming RISC-V wgChecker [1] and RISC-V 
>> IOPMP [2]
>> devices also require this bugfix.
> 
>  From the description it feels like this patch series should NOT be
> picked up for qemu-stable, since while the bug is here, but it only
> happens in a very specific narrow case, and the fix is rather involved.
> 
> Please let me know if I still should pick this one up for qemu-stable.

No, you are right, the issue this patch fixes isn't yet reachable by
our current code, so not useful for the stable releases.

> P.S.  This is for the first time when I'm asking if a change
>        is *not* for stable :)

:)