Xen project Mailing List

Re: [XEN][PATCH v4] xen/x86: guest_access: optimize raw_x_guest() for PV and HVM combinations

To: Grygorii Strashko <grygorii_strashko@xxxxxxxx>

Date: Thu, 20 Nov 2025 09:11:59 +0100

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>, Teddy Astie <teddy.astie@xxxxxxxxxx>, Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 20 Nov 2025 08:12:18 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 19.11.2025 20:36, Grygorii Strashko wrote: > Hi Jan > > On 18.11.25 15:45, Jan Beulich wrote: >> On 18.11.2025 14:08, Grygorii Strashko wrote: >>> On 17.11.25 18:43, Jan Beulich wrote: >>>> On 14.11.2025 15:01, Grygorii Strashko wrote: >>>>> --- a/xen/arch/x86/pv/Makefile >>>>> +++ b/xen/arch/x86/pv/Makefile >>>>> @@ -14,6 +14,10 @@ obj-y += ro-page-fault.o >>>>> obj-$(CONFIG_PV_SHIM) += shim.o >>>>> obj-$(CONFIG_TRACEBUFFER) += trace.o >>>>> obj-y += traps.o >>>>> +obj-$(CONFIG_PV) += usercopy.o >>>> >>>> Just obj-y with the movement. >>>> >>>> However, is the movement (and was the adding of $(CONFIG_PV) in the earlier >>>> version) actually correct? The file also produces >>>> copy_{from,to}_unsafe_ll(), >>>> which aren't PV-specific. This may be only a latent issue right now, as we >>>> have only a single use site of copy_from_unsafe(), but those functions need >>>> to remain available. (We may want to arrange for them to be removed when >>>> linking, as long as they're not referenced. But that's a separate topic.) >>> >>> It is confusing that none of build cfg combinations have failed >>> (HVM=y PV=n, HVM=n PV=n) :( >>> >>> copy_to_unsafe_ll() >>> - called from copy_to_unsafe() >>> - copy_to_unsafe() has no users (unreachable, MISRA 2.1?) >>> >>> copy_from_unsafe_ll() >>> - called from copy_from_unsafe() >>> - copy_from_unsafe() called from one place do_invalid_op() with >>> copy_from_unsafe(,, n = sizeof(bug_insn)). >>> Due to __builtin_constant_p(n) check the copy_from_unsafe() call >>> optimized by compiler to >>> get_unsafe_size(*(uint16_t *)to, from, 2, UA_DROP, ret, 2); >>> >>> as result copy_from_unsafe_ll() is unreachable also (?). >> >> Yes, these likely all want to become library-like, so they are linked in only >> when actually referenced. >> >>> If those function are not subject to be removed, the >>> usercopy.c can't be moved in "x86/pv", Right? >> >> That's my take, yes. >> >>> Making copy_{from,to}_unsafe_ll() available for !PV means >>> rewriting usercopy.c in some way, Right? >> >> "Re-writing" is probably too much, but some adjustments would be needed if >> you want to keep the "unsafe" functions but compile out the "guest" ones. >> It may be possible to compile the file twice, once from x86/pv/ and once >> from x86/, replacing the self-#include near the bottom of the file. The >> former would then produce the "guest" functions, the latter the "unsafe" >> ones. > > Below is the difference I came up with, will it work? That'll be on you to make sure, but ... > --- /dev/null > +++ b/xen/arch/x86/usercopy.c > @@ -0,0 +1,77 @@ > +/* > + * User address space access functions. > + * > + * Copyright 1997 Andi Kleen <ak@xxxxxx> > + * Copyright 1997 Linus Torvalds > + * Copyright 2002 Andi Kleen <ak@xxxxxxx> > + */ > + > +#include <xen/lib.h> > +#include <xen/sched.h> > +#include <asm/uaccess.h> > + > +# define GUARD UA_DROP > +# define copy_to_guest_ll copy_to_unsafe_ll > +# define copy_from_guest_ll copy_from_unsafe_ll > +# undef __user > +# define __user > + > +unsigned int copy_to_guest_ll(void __user *to, const void *from, unsigned > int n) > +{ > + GUARD(unsigned dummy); > + > + stac(); > + asm_inline volatile ( > + GUARD( > + " guest_access_mask_ptr %[to], %q[scratch1], %q[scratch2]\n" > + ) > + "1: rep movsb\n" > + "2:\n" > + _ASM_EXTABLE(1b, 2b) > + : [cnt] "+c" (n), [to] "+D" (to), [from] "+S" (from) > + GUARD(, [scratch1] "=&r" (dummy), [scratch2] "=&r" (dummy)) > + :: "memory" ); > + clac(); > + > + return n; > +} > + > +unsigned int copy_from_guest_ll(void *to, const void __user *from, unsigned > int n) > +{ > + unsigned dummy; > + > + stac(); > + asm_inline volatile ( > + GUARD( > + " guest_access_mask_ptr %[from], %q[scratch1], %q[scratch2]\n" > + ) > + "1: rep movsb\n" > + "2:\n" > + ".section .fixup,\"ax\"\n" > + "6: mov %[cnt], %k[from]\n" > + " xchg %%eax, %[aux]\n" > + " xor %%eax, %%eax\n" > + " rep stosb\n" > + " xchg %[aux], %%eax\n" > + " mov %k[from], %[cnt]\n" > + " jmp 2b\n" > + ".previous\n" > + _ASM_EXTABLE(1b, 6b) > + : [cnt] "+c" (n), [to] "+D" (to), [from] "+S" (from), > + [aux] "=&r" (dummy) > + GUARD(, [scratch1] "=&r" (dummy), [scratch2] "=&r" (dummy)) > + :: "memory" ); > + clac(); > + > + return n; > +} ... we don't want to have two instances of that code in the code base. One file should #include the other, after putting in place suitable #define-s. Which direction the #include should work I'm not entirely certain: - pv/usercopy.c including usercopy.c means usercopy.c then ends up misnamed, - usercopy.c including pv/usercopy.c means a "common" file includes a more specialized (PV-only) one. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.