From: "Michael S. Tsirkin" <mst@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, Eric Auger <eric.auger@redhat.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Zhenzhong Duan <zhenzhong.duan@intel.com>
Subject: Re: [PULL 46/66] virtio-iommu: Fix 64kB host page size VFIO device assignment
Date: Mon, 17 Jul 2023 07:51:51 -0400 [thread overview]
Message-ID: <20230717075137-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <CAFEAcA9JAZrxpcfjyEj8Hj1eYb+9PUxV2i05JTZwe0u+gVSBPg@mail.gmail.com>
On Mon, Jul 17, 2023 at 11:50:54AM +0100, Peter Maydell wrote:
> On Tue, 11 Jul 2023 at 00:04, Michael S. Tsirkin <mst@redhat.com> wrote:
> >
> > From: Eric Auger <eric.auger@redhat.com>
> >
> > When running on a 64kB page size host and protecting a VFIO device
> > with the virtio-iommu, qemu crashes with this kind of message:
> >
> > qemu-kvm: virtio-iommu page mask 0xfffffffffffff000 is incompatible
> > with mask 0x20010000
> > qemu: hardware error: vfio: DMA mapping failed, unable to continue
> >
> > This is due to the fact the IOMMU MR corresponding to the VFIO device
> > is enabled very late on domain attach, after the machine init.
> > The device reports a minimal 64kB page size but it is too late to be
> > applied. virtio_iommu_set_page_size_mask() fails and this causes
> > vfio_listener_region_add() to end up with hw_error();
> >
> > To work around this issue, we transiently enable the IOMMU MR on
> > machine init to collect the page size requirements and then restore
> > the bypass state.
> >
> > Fixes: 90519b9053 ("virtio-iommu: Add bypass mode support to assigned device")
> > Signed-off-by: Eric Auger <eric.auger@redhat.com>
>
> Hi; Coverity complains about this change (CID 1517772):
>
> > +static void virtio_iommu_freeze_granule(Notifier *notifier, void *data)
> > +{
> > + VirtIOIOMMU *s = container_of(notifier, VirtIOIOMMU, machine_done);
> > + int granule;
> > +
> > + if (likely(s->config.bypass)) {
> > + /*
> > + * Transient IOMMU MR enable to collect page_size_mask requirements
> > + * through memory_region_iommu_set_page_size_mask() called by
> > + * VFIO region_add() callback
> > + */
> > + s->config.bypass = false;
> > + virtio_iommu_switch_address_space_all(s);
> > + /* restore default */
> > + s->config.bypass = true;
> > + virtio_iommu_switch_address_space_all(s);
> > + }
> > + s->granule_frozen = true;
> > + granule = ctz64(s->config.page_size_mask);
> > + trace_virtio_iommu_freeze_granule(BIT(granule));
>
> Specifically, in this code, it thinks that ctz64() can
> return 64, in which case BIT(granule) is shifting off
> the end of the value, which is undefined behaviour.
> This can happen if s->config.page_size_mask is 0 -- are
> there assertions/checks that that can't happen elsewhere?
>
> Secondly, BIT() only works for values up to 32, since
> it works on type unsigned long, which might be a 32-bit
> type on some hosts. Since you used ctz64()
> you probably want BIT_ULL() which uses the ULL type
> which definitely has 64 bits.
>
> thanks
> -- PMM
Thanks! Eric can you fix pls?
--
MST
next prev parent reply other threads:[~2023-07-17 11:52 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-10 23:02 [PULL 00/66] pc,pci,virtio: cleanups, fixes, features Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 01/66] vdpa: Remove status in reset tracing Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 02/66] vhost: register and change IOMMU flag depending on Device-TLB state Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 03/66] virtio-net: pass Device-TLB enable/disable events to vhost Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 04/66] virtio-gpu: refactor generate_edid function to virtio_gpu_base Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 05/66] docs: vhost-user-gpu: add protocol changes for EDID Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 06/66] contrib/vhost-user-gpu: implement get_edid feature Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 07/66] vhost-user-gpu: implement get_edid frontend feature Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 08/66] hw/virtio: Add boilerplate for vhost-user-scmi device Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 09/66] hw/virtio: Add vhost-user-scmi-pci boilerplate Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 10/66] tests/qtest: enable tests for virtio-scmi Michael S. Tsirkin
2023-07-18 12:42 ` Thomas Huth
2023-07-18 12:55 ` Milan Zamazal
2023-07-19 13:02 ` Thomas Huth
2023-07-19 19:56 ` Milan Zamazal
2023-07-20 8:40 ` Thomas Huth
2023-07-20 9:25 ` Milan Zamazal
2023-07-19 20:51 ` Fabiano Rosas
2023-07-20 8:34 ` Milan Zamazal
2023-07-10 23:02 ` [PULL 11/66] machine: Add helpers to get cores/threads per socket Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 12/66] hw/smbios: Fix smbios_smp_sockets caculation Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 13/66] hw/smbios: Fix thread count in type4 Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 14/66] hw/smbios: Fix core " Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 15/66] vhost-user: Change one_time to per_device request Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 16/66] vhost-user: Make RESET_DEVICE a per device message Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 17/66] hw/i386/pc_q35: Resolve redundant q35_host variable Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 18/66] hw/pci-host/q35: Fix double, contradicting .endianness assignment Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 19/66] hw/pci-host/q35: Initialize PCMachineState::bus in board code Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 20/66] hw/pci/pci_host: Introduce PCI_HOST_BYPASS_IOMMU macro Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 21/66] hw/pci-host/q35: Initialize PCI_HOST_BYPASS_IOMMU property from board code Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 22/66] hw/pci-host/q35: Make some property name macros reusable by i440fx Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 23/66] hw/i386/pc_piix: Turn some local variables into initializers Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 24/66] hw/pci-host/i440fx: Add "i440fx" child property in board code Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 25/66] hw/pci-host/i440fx: Replace magic values by existing constants Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 26/66] hw/pci-host/i440fx: Have common names for some local variables Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 27/66] hw/pci-host/i440fx: Move i440fx_realize() into PCII440FXState section Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 28/66] hw/pci-host/i440fx: Make MemoryRegion pointers accessible as properties Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 29/66] hw/pci-host/i440fx: Add PCI_HOST_PROP_IO_MEM property Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 30/66] hw/pci-host/i440fx: Add PCI_HOST_{ABOVE, BELOW}_4G_MEM_SIZE properties Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 31/66] hw/pci-host/i440fx: Add I440FX_HOST_PROP_PCI_TYPE property Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 32/66] hw/pci-host/i440fx: Resolve i440fx_init() Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 33/66] hw/i386/pc_piix: Move i440fx' realize near its qdev_new() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 34/66] hw/pci/pci: Remove multifunction parameter from pci_create_simple_multifunction() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 35/66] hw/pci/pci: Remove multifunction parameter from pci_new_multifunction() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 36/66] pcie: Release references of virtual functions Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 37/66] vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_mac() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 38/66] vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_mq() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 39/66] vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_offloads() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 40/66] vhost-vdpa: mute unaligned memory error report Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 41/66] tests/acpi: allow changes in DSDT.noacpihp table blob Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 42/66] tests/acpi/bios-tables-test: use the correct slot on the pcie-root-port Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 43/66] tests/acpi/bios-tables-test: update acpi blob q35/DSDT.noacpihp Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 44/66] tests/qtest/hd-geo-test: fix incorrect pcie-root-port usage and simplify test Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 45/66] hw/pci: warn when PCIe device is plugged into non-zero slot of downstream port Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 46/66] virtio-iommu: Fix 64kB host page size VFIO device assignment Michael S. Tsirkin
2023-07-17 10:50 ` Peter Maydell
2023-07-17 11:51 ` Michael S. Tsirkin [this message]
2023-07-17 16:57 ` Eric Auger
2023-07-17 16:56 ` Eric Auger
2023-07-17 17:07 ` Peter Maydell
2023-07-17 17:20 ` Eric Auger
2023-07-10 23:04 ` [PULL 47/66] virtio-iommu: Rework the traces in virtio_iommu_set_page_size_mask() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 48/66] pcie: Add hotplug detect state register to cmask Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 49/66] vdpa: Fix possible use-after-free for VirtQueueElement Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 50/66] include: attempt to document device_class_set_props Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 51/66] include/hw: document the device_class_set_parent_* fns Michael S. Tsirkin
2023-07-10 23:04 ` [Virtio-fs] [PULL 52/66] hw/virtio: fix typo in VIRTIO_CONFIG_IRQ_IDX comments Michael S. Tsirkin
2023-07-10 23:04 ` Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 53/66] include/hw/virtio: document virtio_notify_config Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 54/66] include/hw/virtio: add kerneldoc for virtio_init Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 55/66] include/hw/virtio: document some more usage of notifiers Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 56/66] pcie: Use common ARI next function number Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 57/66] pcie: Specify 0 for ARI next function numbers Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 58/66] vdpa: Use iovec for vhost_vdpa_net_load_cmd() Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 59/66] vdpa: Restore MAC address filtering state Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 60/66] vdpa: Restore packet receive filtering state relative with _F_CTRL_RX feature Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 61/66] vhost: Fix false positive out-of-bounds Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 62/66] vdpa: Accessing CVQ header through its structure Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 63/66] vdpa: Avoid forwarding large CVQ command failures Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 64/66] vdpa: Allow VIRTIO_NET_F_CTRL_RX in SVQ Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 65/66] vdpa: Restore packet receive filtering state relative with _F_CTRL_RX_EXTRA feature Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 66/66] vdpa: Allow VIRTIO_NET_F_CTRL_RX_EXTRA in SVQ Michael S. Tsirkin
2023-07-11 10:07 ` [PULL 00/66] pc,pci,virtio: cleanups, fixes, features Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230717075137-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=eric.auger@redhat.com \
--cc=jean-philippe@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=zhenzhong.duan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.