Xen project Mailing List

Re: [PATCH v1 18/27] xen/riscv: add vaplic access check

To: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>

Date: Mon, 20 Apr 2026 14:03:54 +0200

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:In-Reply-To:Autocrypt:From:Content-Language:References:Cc:To:Subject:User-Agent:MIME-Version:Date:Message-ID"

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: Romain Caritey <Romain.Caritey@xxxxxxxxxxxxx>, Alistair Francis <alistair.francis@xxxxxxx>, Connor Davis <connojdavis@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 20 Apr 2026 12:04:02 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 20.04.2026 13:53, Oleksii Kurochko wrote: > > > On 4/16/26 3:01 PM, Jan Beulich wrote: >> On 14.04.2026 13:45, Oleksii Kurochko wrote: >>> On 4/2/26 3:10 PM, Jan Beulich wrote: >>>> On 10.03.2026 18:08, Oleksii Kurochko wrote: >>>>> --- a/xen/arch/riscv/aplic.c >>>>> +++ b/xen/arch/riscv/aplic.c >>>>> @@ -38,6 +38,7 @@ static struct aplic_priv aplic = { >>>>> >>>>> static struct intc_info __ro_after_init aplic_info = { >>>>> .hw_version = INTC_APLIC, >>>>> + .private = &aplic, >>>> >>>> Isn't this the host instance again? How can you ... >>>> >>>>> --- a/xen/arch/riscv/vaplic.c >>>>> +++ b/xen/arch/riscv/vaplic.c >>>>> @@ -127,6 +127,20 @@ int vaplic_map_device_irqs_to_domain(struct domain >>>>> *d, >>>>> return 0; >>>>> } >>>>> >>>>> +static int cf_check vaplic_is_access(const struct vcpu *vcpu, >>>>> + const unsigned long addr) >>>>> +{ >>>>> + const struct vaplic *vaplic = to_vaplic(vcpu->domain->arch.vintc); >>>>> + const struct aplic_priv *priv = vaplic->base.info->private; >>>>> + const paddr_t paddr_end = priv->paddr_start + priv->size; >>>>> + >>>>> + /* check if it is an APLIC access */ >>>>> + if ( priv->paddr_start <= addr && addr < paddr_end ) >>>> >>>> ... use that here? Or asked differently, again: Where's the virtualization, >>>> i.e. the abstraction away from host properties? >>> >>> With the current use case it was easier to choose such approach then >>> provide the full abstraction. >>> >>>> Furthermore, is it really sufficient to check just the starting address of >>>> an access? Shouldn't the last byte accessed also fall into the range in >>>> question? >>> >>> I think that it is okay, my understanding is that *paddr_end technically >>> is another range. >> >> Of course it is. But a multi-byte access crossing the paddr_end boundary >> isn't purely an APLIC one. You can reject such for simplicity, but I'm >> unconvinced that you can claim you will be able to correctly handle it >> without proper merging. > > Lets say guest has the following description of vAPLIC in its DTB: > aplic@d000000 { > phandle = <0x06>; > riscv,num-sources = <0x60>; > reg = <0x00 0xd000000 0x00 0x8000>; > ... > } > What means vAPLIC's MMIO range is [0xd000000, 0xD007FFF]. If some is > trying to access 0xd008000 it is not an MMIO address which belongs to > vAPLIC so vaplic_is_access() should return 0. > > IIUC, you concern is that if someone will try to access 0xD007FFF which > from this function point of view is legal. I think it is okay to return > here 1 what tells that this address is from our vAPLIC range as it will > be rejected that on vaplic_emulate_{load,store}() side as addr (more > accurate offset got from addr) should be properly aligned: > const unsigned int offset = addr & APLIC_REG_OFFSET_MASK; > ... > if ( offset & 3 ) > { > gdprintk(XENLOG_WARNING, "Misaligned APLIC access at offset %#x\n", > offset); > return -EINVAL; > } > > Is it okay? Actually I think we could add ( addr & 3 ) check in > vaplic_is_access() function too... Perhaps best. The load/store functions could then simply assert that property. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.