1. Patchew
  2. Xen
  3. View series

[PATCH v2] x86: constrain sub-page access length in mmio_ro_emulated_write()

Jan Beulich posted 1 patch 7 months, 3 weeks ago
Failed in applying to current master (apply log)
[PATCH v2] x86: constrain sub-page access length in mmio_ro_emulated_write()
Posted by Jan Beulich 7 months, 3 weeks ago 
Without doing so we could trigger the ASSERT_UNREACHABLE() in
subpage_mmio_write_emulate(). A comment there actually says this
validation would already have been done ...

Fixes: 8847d6e23f97 ("x86/mm: add API for marking only part of a MMIO page read only")
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
v2: Emit a warning message otherwise.

--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -5195,8 +5195,13 @@ int cf_check mmio_ro_emulated_write(
         return X86EMUL_UNHANDLEABLE;
     }
 
-    subpage_mmio_write_emulate(mmio_ro_ctxt->mfn, PAGE_OFFSET(offset),
-                               p_data, bytes);
+    if ( bytes <= 8 )
+        subpage_mmio_write_emulate(mmio_ro_ctxt->mfn, PAGE_OFFSET(offset),
+                                   p_data, bytes);
+    else if ( subpage_mmio_find_page(mmio_ro_ctxt->mfn) )
+        gprintk(XENLOG_WARNING,
+                "unsupported %u-byte write to R/O MMIO 0x%"PRI_mfn"%03lx\n",
+                bytes, mfn_x(mmio_ro_ctxt->mfn), PAGE_OFFSET(offset));
 
     return X86EMUL_OKAY;
 }
Re: [PATCH v2] x86: constrain sub-page access length in mmio_ro_emulated_write()
Posted by Roger Pau Monné 7 months, 3 weeks ago 
On Fri, Apr 25, 2025 at 04:57:18PM +0200, Jan Beulich wrote:
> Without doing so we could trigger the ASSERT_UNREACHABLE() in
> subpage_mmio_write_emulate(). A comment there actually says this
> validation would already have been done ...
> 
> Fixes: 8847d6e23f97 ("x86/mm: add API for marking only part of a MMIO page read only")
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

> ---
> v2: Emit a warning message otherwise.
> 
> --- a/xen/arch/x86/mm.c
> +++ b/xen/arch/x86/mm.c
> @@ -5195,8 +5195,13 @@ int cf_check mmio_ro_emulated_write(
>          return X86EMUL_UNHANDLEABLE;
>      }
>  
> -    subpage_mmio_write_emulate(mmio_ro_ctxt->mfn, PAGE_OFFSET(offset),
> -                               p_data, bytes);
> +    if ( bytes <= 8 )
> +        subpage_mmio_write_emulate(mmio_ro_ctxt->mfn, PAGE_OFFSET(offset),
> +                                   p_data, bytes);
> +    else if ( subpage_mmio_find_page(mmio_ro_ctxt->mfn) )
> +        gprintk(XENLOG_WARNING,
> +                "unsupported %u-byte write to R/O MMIO 0x%"PRI_mfn"%03lx\n",
> +                bytes, mfn_x(mmio_ro_ctxt->mfn), PAGE_OFFSET(offset));

It feels more natural to me to use:

"unsupported %u-byte write to r/o MMIO %#lx\n",
bytes, mfn_to_maddr(mmio_ro_ctxt->mfn) + PAGE_OFFSET(offset)

As it simplifies the printf format string, but that's just my taste.

Thanks, Roger.
Re: [PATCH v2] x86: constrain sub-page access length in mmio_ro_emulated_write()
Posted by Jason Andryuk 7 months, 3 weeks ago 
On 2025-04-25 10:57, Jan Beulich wrote:
> Without doing so we could trigger the ASSERT_UNREACHABLE() in
> subpage_mmio_write_emulate(). A comment there actually says this
> validation would already have been done ...
> 
> Fixes: 8847d6e23f97 ("x86/mm: add API for marking only part of a MMIO page read only")
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>

Thanks,
Jason

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.