From mboxrd@z Thu Jan 1 00:00:00 1970 From: Wei Wang2 Subject: [PATCH] passthru: Fix pci bar remapping for passthru devices Date: Mon, 20 Jul 2009 16:03:56 +0200 Message-ID: <200907201603.56725.wei.wang2@amd.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Boundary-00=_MlHZKMsss5wwFvh" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org --Boundary-00=_MlHZKMsss5wwFvh Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi,=20 When guest code tries to get the block size of mmio, it will write all "1"s= =20 into pci bar register and then qemu will return all "0"s to the don't care= =20 bits in the emulated bar register to indicate the block size to guest code.= =20 In this case, we should not create p2m mapping in pt_bar_reg_write() and pt_exp_rom_bar_reg_write(). Attached patch fixes this issue, additional=20 comment can be found in the patch. Thanks, Wei Signed-off-by: Wei Wang =2D- AMD GmbH, Germany Operating System Research Center =20 Legal Information: Advanced Micro Devices GmbH Karl-Hammerschmidt-Str. 34 85609 Dornach b. M=FCnchen =20 Gesch=E4ftsf=FChrer: Jochen Polster, Thomas M. McCoy, Giuliano Meroni Sitz: Dornach, Gemeinde Aschheim, Landkreis M=FCnchen Registergericht M=FCnchen, HRB Nr. 43632 --Boundary-00=_MlHZKMsss5wwFvh Content-Type: text/x-diff; charset="iso-8859-1"; name="mmio.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="mmio.patch" diff --git a/hw/pass-through.c b/hw/pass-through.c index 51a39db..009b902 100644 --- a/hw/pass-through.c +++ b/hw/pass-through.c @@ -3177,7 +3177,16 @@ static int pt_bar_reg_write(struct pt_dev *ptdev, } /* update the corresponding virtual region address */ - r->addr = cfg_entry->data; + /* + * When guest code tries to get block size of mmio, it will write all "1"s + * into pci bar register. In this case, cfg_entry->data == writable_mask. + * Especially for devices with large mmio, the value of writable_mask + * is likely to be a guest physical address that has been mapped to ram + * rather than mmio. Remapping this value to mmio should be prevented. + */ + + if ( cfg_entry->data != writable_mask ) + r->addr = cfg_entry->data; exit: /* create value for writing to I/O device register */ @@ -3229,7 +3238,16 @@ static int pt_exp_rom_bar_reg_write(struct pt_dev *ptdev, cfg_entry->data = PT_MERGE_VALUE(*value, cfg_entry->data, writable_mask); /* update the corresponding virtual region address */ - r->addr = cfg_entry->data; + /* + * When guest code tries to get block size of mmio, it will write all "1"s + * into pci bar register. In this case, cfg_entry->data == writable_mask. + * Especially for devices with large mmio, the value of writable_mask + * is likely to be a guest physical address that has been mapped to ram + * rather than mmio. Remapping this value to mmio should be prevented. + */ + + if ( cfg_entry->data != writable_mask ) + r->addr = cfg_entry->data; /* create value for writing to I/O device register */ throughable_mask = ~bar_emu_mask & valid_mask; --Boundary-00=_MlHZKMsss5wwFvh Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --Boundary-00=_MlHZKMsss5wwFvh--