[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH 2/5] system/memory: support unaligned access
|
From: |
Tomoyuki HIROSE |
|
Subject: |
Re: [RFC PATCH 2/5] system/memory: support unaligned access |
|
Date: |
Thu, 12 Dec 2024 14:39:41 +0900 |
|
User-agent: |
Mozilla Thunderbird |
On 2024/12/12 7:54, Peter Xu wrote:
On Wed, Dec 11, 2024 at 06:35:57PM +0900, Tomoyuki HIROSE wrote:
Sorry for late reply.
On 2024/12/07 1:42, Peter Xu wrote:
On Fri, Dec 06, 2024 at 05:31:33PM +0900, Tomoyuki HIROSE wrote:
In this email, I explain what this patch set will resolve and an
overview of this patch set. I will respond to your specific code
review comments in a separate email.
Yes, that's OK.
On 2024/12/03 6:23, Peter Xu wrote:
On Fri, Nov 08, 2024 at 12:29:46PM +0900, Tomoyuki HIROSE wrote:
The previous code ignored 'impl.unaligned' and handled unaligned
accesses as is. But this implementation could not emulate specific
registers of some devices that allow unaligned access such as xHCI
Host Controller Capability Registers.
I have some comment that can be naive, please bare with me..
Firstly, could you provide an example in the commit message, of what would
start working after this patch?
Sorry, I'll describe what will start working in the next version of
this patch set. I'll also provide an example here. After applying
this patch set, a read(addr=0x2, size=2) in the xHCI Host Controller
Capability Registers region will work correctly. For example, the read
result will return 0x0110 (version 1.1.0). Previously, a
read(addr=0x2, size=2) in the Capability Register region would return
0, which is incorrect. According to the xHCI specification, the
Capability Register region does not prohibit accesses of any size or
unaligned accesses.
Thanks for the context, Tomoyuki.
I assume it's about xhci_cap_ops then. If you agree we can also mention
xhci_cap_ops when dscribing it, so readers can easily reference the MR
attributes from the code alongside with understanding the use case.
Does it mean that it could also work if xhci_cap_ops.impl.min_access_size
can be changed to 2 (together with additional xhci_cap_read/write support)?
Note that I'm not saying it must do so even if it would work for xHCI, but
if the memory API change is only for one device, then it can still be
discussed about which option would be better on changing the device or the
core.
Meanwhile, if there's more use cases on the impl.unaligned, it'll be nice
to share together when describing the issue. That will be very persuasive
input that a generic solution is needed.
OK, I understand. I will try to describe 'xhci_cap_ops' and related topics.
Thanks.
Currently, the actual 'xhci_cap_ops' code is as follows:
```
static const MemoryRegionOps xhci_cap_ops = {
.read = xhci_cap_read,
.write = xhci_cap_write,
.valid.min_access_size = 1,
.valid.max_access_size = 4,
.impl.min_access_size = 4,
.impl.max_access_size = 4,
.endianness = DEVICE_LITTLE_ENDIAN,
};
```
According to the above code, the guest can access this MemoryRegion
with 1-4 bytes. 'valid.unaligned' is also not explicitly defined, so
it is treated as 'false'. This means the guest can access this MR with
1-4 bytes, as long as the access is aligned. However, the xHCI
specification does not prohibit unaligned accesses.
Simply adding '.valid.unaligned = true' will not resolve this problem
because 'impl.unaligned' is also 'false'. In this situation, where
'valid.unaligned' is 'true' but 'impl.unaligned' is 'false', we need
to emulate unaligned accesses by splitting them into multiple aligned
accesses.
Correct.
An alternative solution would be to fix 'xhci_cap_{read,write}',
update '.impl.min_access_size = 1', and set '.impl.unaligned = true'
to allow the guest to perform unaligned accesses with 1-4 bytes. With
this solution, we wouldn't need to modify core memory code.
However, applying this approach throughout the QEMU codebase would
increase the complexity of device implementations. If a device allows
unaligned guest access to its register region, the device implementer
would needs to handle unaligned accesses explicitly. Additionally,
the distinction between 'valid' and 'impl' would become almost
meaningless, making it unclear why they are separated.
I get it now, let's stick with the core memory change.
"Ideally", we could consider one of the following changes:
1. Introduce an emulation mechanism for unaligned accesses using
multiple aligned accesses.
2. Remove either 'valid' or 'impl' and unify these functionality.
Solution 2 would require extensive changes to the codebase and memory
API, making it impractical.
Why it is impractical? Let me explain my question..
Firstly, valid.unaligned makes perfect sense to me. That describes whether
the device emulation allows unaligned access at all. So I do think we need
this, and yes when xHCI controller supports unaligned access, this is the
flag to be set TRUE instead of FALSE.
However, impl.unaligned is confusing to me.
From literal POV, it says, "the MR ops implemented unaligned access".
If you check my initial reply to this patch, I had a similar question: from
such definition, whenever a device emulation sets impl.unaligned=true, I
think it means we should simply pass over the MR request to the ops, no
matter if it's aligned or not, especially when it's not aligned memory core
shouldn't need to do any trick on amplifying the MR access, simply because
the device said it supports unaligned access in its implementation. That's
the only meaningful definition of impl.unaligned that I can think of so far.
I have the same understanding. I found a relevant section in the
documentation at 'docs/devel/memory.rst':
```
In addition various constraints can be supplied to control how these
callbacks are called:
- .valid.min_access_size, .valid.max_access_size define the access sizes
(in bytes) which the device accepts; accesses outside this range will
have device and bus specific behaviour (ignored, or machine check)
- .valid.unaligned specifies that the *device being modelled* supports
unaligned accesses; if false, unaligned accesses will invoke the
appropriate bus or CPU specific behaviour.
- .impl.min_access_size, .impl.max_access_size define the access sizes
(in bytes) supported by the *implementation*; other access sizes will be
emulated using the ones available. For example a 4-byte write will be
emulated using four 1-byte writes, if .impl.max_access_size = 1.
- .impl.unaligned specifies that the *implementation* supports unaligned
accesses; if false, unaligned accesses will be emulated by two aligned
accesses.
```
However, after I try to read more of the problem, I don't think any MR ops
would like to implement such complicated logic, the norm should be like
xHCI MR ops where it supports only aligned access in MR ops, then the
memory core is hopefully always be able to convert an unaligned access into
one or multiple aligned access internally.
IOW, it makes more sense to me that we keep valid.unaligned, but drop
impl.unaligned. Would that make sense to you (and Peter)? That kind of
matches with the comment you quoted below on saying that unaligned access
is broken - I'm not 100% sure whether it's talking about impl.unaligned,
but it would make sense if so.
I agree with you.
Meanwhile, I do see that we already have two impl.unaligned=true users:
hw/pci-host/raven.c: .impl.unaligned = true,
system/ioport.c: .impl.unaligned = true,
I actually have no idea whether they're working at all if accesses can be
unaligned internally, and how they work, if at least impl.unaligned seems
to be totally broken.
I initially assumed there would be more users, so I expected that a
lot of changes would be needed. MR can be categorized into the
following patterns:
1. `impl.unaligned == true`
2. `impl.unaligned == false` and `valid.unaligned == false`
3. `impl.unaligned == false` and `valid.unaligned == true`
- Pattern 1: No special handling is required since the implementation
supports unaligned accesses. The MR can handle both aligned and
unaligned accesses seamlessly.
- Pattern 2: No additional handling is needed because unaligned
accesses are invalid in this MR. Any unaligned access is treated as
an illegal operation.
- Pattern 3: This is the only pattern that requires consideration. We
must emulate unaligned accesses using aligned accesses.
I searched by keyword "unaligned = true" and got the following result:
```
$ rg "unaligned = true"
system/memory.c
1398: .unaligned = true,
1403: .unaligned = true,
system/ioport.c
223: .valid.unaligned = true,
224: .impl.unaligned = true,
hw/xtensa/mx_pic.c
271: .unaligned = true,
hw/pci-host/raven.c
203: .impl.unaligned = true,
204: .valid.unaligned = true,
hw/riscv/riscv-iommu.c
2108: .unaligned = true,
hw/ssi/npcm7xx_fiu.c
256: .unaligned = true,
hw/cxl/cxl-host.c
285: .unaligned = true,
290: .unaligned = true,
hw/i386/xen/xen_platform.c
412: .unaligned = true,
417: .unaligned = true,
hw/display/vmware_vga.c
1306: .unaligned = true,
1309: .unaligned = true,
```
In this result, I found two pattern 3 in the codebase:
- hw/xtensa/mx_pic.c
- hw/ssi/npcm7xx_fiu.c
```
static const MemoryRegionOps xtensa_mx_pic_ops = {
.read = xtensa_mx_pic_ext_reg_read,
.write = xtensa_mx_pic_ext_reg_write,
.endianness = DEVICE_NATIVE_ENDIAN,
.valid = {
.unaligned = true,
},
};
```
```
static const MemoryRegionOps npcm7xx_fiu_flash_ops = {
.read = npcm7xx_fiu_flash_read,
.write = npcm7xx_fiu_flash_write,
.endianness = DEVICE_LITTLE_ENDIAN,
.valid = {
.min_access_size = 1,
.max_access_size = 8,
.unaligned = true,
},
};
```
Note that these implementations are implicitly 'impl.unaligned ==
false'; the 'impl.unaligned' field simply does not exist in these
cases. However, it is possible that these implementations inherently
support unaligned accesses.
To summarize, if we decide to remove the 'impl' field, we might need
to revisit and make changes to the MR implementation in these codes.
Solution 1 seems to align with QEMU's
original intentions. Actually, there is a comment in 'memory.c' that
states:
`/* FIXME: support unaligned access? */`
This patch set implements solution 1. If there is a better way to
resolve these issues, I would greatly appreciate your suggestions.
I think if my above understanding is correct, I can kind of understand your
solution now. But then I wonder whether we should already drop
impl.unaligned with your solution.
Also, I don't think I am 100% sure yet on how the amplification of the
accessed (as proposed in your patch) would have side effects to the device
emulation. For example, read(0x2, 0x4) with impl.access_size_min=4 now
will be amplified to two continuous:
read(0x0, 0x4)
read(0x4, 0x4)
Then there will be side effects of reading (addr=0x0, size=0x2) portion,
and (addr=0x6, size=0x2) portion, that is not part of the request. Maybe
it's as simple as: when device emulation has such side effect, it should
always set valid.unaligned=false already.
There is also a potential issue regarding side effects. Consider a
device where a register value changes upon a read access. Assume the
device has the following register map:
```
31 8 0 (bit)
+---------------------------------+
| Reg1(lo) | Reg0 | 0 byte
+---------------------------------+
| |Reg1(hi)| 4 byte
```
In this case, let’s assume that Reg0 is a register whose value
changes whenever it is read.
Now, if the guest issues a read(addr=0x1, size=4) on this device's
MR(impl.unaligned=false, valid.unaligned=true), the unaligned access
must be split into two aligned accesses:
1. read(addr=0x0, size=4)
2. read(addr=0x4, size=4)
However, this results in Reg0 being read as part of the first aligned
access, potentially triggering its side effect. This unintended side
effect violates the semantics of the original unaligned read. If we
don't want to allow this, we should set 'valid.unaligned = false'.
Thanks,
Tomoyuki HIROSE
Thanks,