Hi Jan,
> On 15 Oct 2021, at 09:13, Jan Beulich <jbeul...@suse.com> wrote:
>
> On 15.10.2021 09:37, Bertrand Marquis wrote:
>>> On 15 Oct 2021, at 07:29, Jan Beulich <jbeul...@suse.com> wrote:
>>> On 14.10.2021 19:09, Bertrand Marquis wrote:
>>>>> On 14 Oct 2021, at 17:06, Jan Beulich <jbeul...@suse.com> wrote:
>>>>> On 14.10.2021 16:49, Bertrand Marquis wrote:
>>>>>> @@ -305,7 +291,7 @@ static int vpci_portio_read(const struct
>>>>>> hvm_io_handler *handler,
>>>>>>
>>>>>> reg = hvm_pci_decode_addr(cf8, addr, &sbdf);
>>>>>>
>>>>>> - if ( !vpci_access_allowed(reg, size) )
>>>>>> + if ( !vpci_ecam_access_allowed(reg, size) )
>>>>>> return X86EMUL_OKAY;
>>>>>>
>>>>>> *data = vpci_read(sbdf, reg, size);
>>>>>> @@ -335,7 +321,7 @@ static int vpci_portio_write(const struct
>>>>>> hvm_io_handler *handler,
>>>>>>
>>>>>> reg = hvm_pci_decode_addr(cf8, addr, &sbdf);
>>>>>>
>>>>>> - if ( !vpci_access_allowed(reg, size) )
>>>>>> + if ( !vpci_ecam_access_allowed(reg, size) )
>>>>>> return X86EMUL_OKAY;
>>>>>>
>>>>>> vpci_write(sbdf, reg, size, data);
>>>>>
>>>>> Why would port I/O functions call an ECAM helper? And in how far is
>>>>> that helper actually ECAM-specific?
>>>>
>>>> The function was global before.
>>>
>>> I'm not objecting to the function being global, but to the "ecam" in
>>> its name.
>>
>> Adding ecam in the name was a request from Roger.
>> This is just a consequence of this.
>
> Roger - did you have in mind the uses here when asking for the addition
> of "ecam"?
>
>> One suggestion here could be to turn vpci_ecam_access_allowed into
>> vpci_access_allowed
>
> That's what I'm asking for.
Will do
>
>> and maybe put this into vpci.h as a static inline ?
>
> I'm not overly fussed here.
Was just a suggestion, I am ok to just rename it and keep it where it is.
>
>>>>>> @@ -434,25 +420,8 @@ static int vpci_mmcfg_read(struct vcpu *v, unsigned
>>>>>> long addr,
>>>>>> reg = vpci_mmcfg_decode_addr(mmcfg, addr, &sbdf);
>>>>>> read_unlock(&d->arch.hvm.mmcfg_lock);
>>>>>>
>>>>>> - if ( !vpci_access_allowed(reg, len) ||
>>>>>> - (reg + len) > PCI_CFG_SPACE_EXP_SIZE )
>>>>>> - return X86EMUL_OKAY;
>>>>>
>>>>> While I assume this earlier behavior is the reason for ...
>>>>
>>>> Yes :-)
>>>>
>>>>>
>>>>>> - /*
>>>>>> - * According to the PCIe 3.1A specification:
>>>>>> - * - Configuration Reads and Writes must usually be DWORD or
>>>>>> smaller
>>>>>> - * in size.
>>>>>> - * - Because Root Complex implementations are not required to
>>>>>> support
>>>>>> - * accesses to a RCRB that cross DW boundaries [...] software
>>>>>> - * should take care not to cause the generation of such accesses
>>>>>> - * when accessing a RCRB unless the Root Complex will support the
>>>>>> - * access.
>>>>>> - * Xen however supports 8byte accesses by splitting them into two
>>>>>> - * 4byte accesses.
>>>>>> - */
>>>>>> - *data = vpci_read(sbdf, reg, min(4u, len));
>>>>>> - if ( len == 8 )
>>>>>> - *data |= (uint64_t)vpci_read(sbdf, reg + 4, 4) << 32;
>>>>>> + /* Ignore return code */
>>>>>> + vpci_ecam_mmio_read(sbdf, reg, len, data);
>>>>>
>>>>> ... the commented-upon ignoring of the return value, I don't think
>>>>> that's a good way to deal with things anymore. Instead I think
>>>>> *data should be written to ~0 upon failure, unless it is intended
>>>>> for vpci_ecam_mmio_read() to take care of that case (in which case
>>>>> I'm not sure I would see why it needs to return an error indicator
>>>>> in the first place).
>>>>
>>>> I am not sure in the first place why this is actually ignored and just
>>>> returning a -1 value.
>>>> If an access is not right, an exception should be generated to the
>>>> Guest instead.
>>>
>>> No. That's also not what happens on bare metal, at least not on x86.
>>> Faults cannot be raised for reasons outside of the CPU; such errors
>>> (if these are errors in the first place) need to be dealt with
>>> differently. Signaling an error on the PCI bus would be possible,
>>> but would leave open how that's actually to be dealt with. Instead
>>> bad reads return all ones, while bad writes simply get dropped.
>>
>> So that behaviour is kept here on x86 and I think as the function is
>> generic it is right for it to return an error here. It is up to the caller to
>> ignore it or not.
>> To make this more generic I could return 0 on success and -EACCESS,
>> the caller would then handle it as he wants.
>
> I think boolean is sufficient here, but I wouldn't object to errno-
> style return values. All I do object to is int when boolean is meant.
Boolean sounds right as there is only one error case.
I will use that.
>
>>>>>> +int vpci_ecam_mmio_write(pci_sbdf_t sbdf, unsigned int reg, unsigned
>>>>>> int len,
>>>>>> + unsigned long data)
>>>>>> +{
>>>>>> + if ( !vpci_ecam_access_allowed(reg, len) ||
>>>>>> + (reg + len) > PCI_CFG_SPACE_EXP_SIZE )
>>>>>> + return 0;
>>>>>> +
>>>>>> + vpci_write(sbdf, reg, min(4u, len), data);
>>>>>> + if ( len == 8 )
>>>>>> + vpci_write(sbdf, reg + 4, 4, data >> 32);
>>>>>> +
>>>>>> + return 1;
>>>>>> +}
>>>>>> +
>>>>>> +int vpci_ecam_mmio_read(pci_sbdf_t sbdf, unsigned int reg, unsigned int
>>>>>> len,
>>>>>> + unsigned long *data)
>>>>>> +{
>>>>>> + if ( !vpci_ecam_access_allowed(reg, len) ||
>>>>>> + (reg + len) > PCI_CFG_SPACE_EXP_SIZE )
>>>>>> + return 0;
>>>>>> +
>>>>>> + /*
>>>>>> + * According to the PCIe 3.1A specification:
>>>>>> + * - Configuration Reads and Writes must usually be DWORD or
>>>>>> smaller
>>>>>> + * in size.
>>>>>> + * - Because Root Complex implementations are not required to
>>>>>> support
>>>>>> + * accesses to a RCRB that cross DW boundaries [...] software
>>>>>> + * should take care not to cause the generation of such accesses
>>>>>> + * when accessing a RCRB unless the Root Complex will support the
>>>>>> + * access.
>>>>>> + * Xen however supports 8byte accesses by splitting them into two
>>>>>> + * 4byte accesses.
>>>>>> + */
>>>>>> + *data = vpci_read(sbdf, reg, min(4u, len));
>>>>>> + if ( len == 8 )
>>>>>> + *data |= (uint64_t)vpci_read(sbdf, reg + 4, 4) << 32;
>>>>>> +
>>>>>> + return 1;
>>>>>> +}
>>>>>
>>>>> Why do these two functions return int/0/1 instead of
>>>>> bool/false/true (assuming, as per above, that them returning non-
>>>>> void is warranted at all)?
>>>>
>>>> This is what the mmio handlers should return to say that an access
>>>> was ok or not so the function stick to this standard.
>>>
>>> Sticking to this would be okay if the functions here needed their
>>> address taken, such that they can be installed as hooks for a
>>> more general framework to invoke. The functions, however, only get
>>> called directly. Hence there's no reason to mirror what is in need
>>> of cleaning up elsewhere. I'm sure you're aware there we're in the
>>> (slow going) process of improving which types get used where.
>>> While the functions you refer to may not have undergone such
>>> cleanup yet, we generally expect new code to conform to the new
>>> model.
>>
>> I am ok to rename those to vpci_ecam_{read/write}.
>> Is it what you want ?
>
> Yes, that's what I've been asking for, and I just saw Roger requesting
> the same. (I'm a little puzzled about the context though, as you reply
> looks disconnected here.)
Oups sorry.
Anyway if we agree on naming scheme and bool return type I think all
your comments here are covered ?
Cheers
Bertrand
>
> Jan
>
