From: "Alex Bennée" <alex.bennee@linaro.org>
To: Lucas Amaral <lucaaamaral@gmail.com>
Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, agraf@csgraf.de,
peter.maydell@linaro.org, mohamed@unpredictable.fr
Subject: Re: [PATCH v4 1/3] virtio-gpu: validate host page alignment for MAP_FIXED blobs
Date: Thu, 23 Apr 2026 19:00:46 +0100 [thread overview]
Message-ID: <87mrytwo8h.fsf@draig.linaro.org> (raw)
In-Reply-To: <20260317175744.32469-2-lucaaamaral@gmail.com> (Lucas Amaral's message of "Tue, 17 Mar 2026 14:57:42 -0300")
Lucas Amaral <lucaaamaral@gmail.com> writes:
> Commit 4eb0aace ("virtio-gpu: Support mapping hostmem blobs with
> map_fixed") uses mmap(MAP_FIXED) to map blob resources into a
> pre-allocated hostmem region. Both the offset and size passed to
> mmap must be aligned to the host page size, but the code does not
> validate this.
>
> On hosts where qemu_real_host_page_size() exceeds the guest's page
> size (e.g. ARM64 with 16KB or 64KB pages, macOS ARM64), the guest
> may provide blob offsets aligned to its own page size (4KB) but not
> to the host's.
What was your test case? Is it possible to publish some images for a
functional test?
> This causes mmap(MAP_FIXED) to fail with EINVAL,
> and the subsequent unmap (which also uses mmap MAP_FIXED) fails the
> same way, producing:
>
> virtio_gpu_virgl_unmap_resource_blob: failed to unmap(fixed)
> virgl resource: Invalid argument
>
> Add an alignment check before attempting MAP_FIXED. When the offset
> or blob size is not host-page-aligned, skip the MAP_FIXED path and
> fall through to the existing subregion method, which handles any
> alignment.
>
> Fixes: 4eb0aace ("virtio-gpu: Support mapping hostmem blobs with map_fixed")
> Signed-off-by: Lucas Amaral <lucaaamaral@gmail.com>
> ---
> hw/display/virtio-gpu-virgl.c | 45 +++++++++++++++++++++--------------
> 1 file changed, 27 insertions(+), 18 deletions(-)
>
> diff --git a/hw/display/virtio-gpu-virgl.c b/hw/display/virtio-gpu-virgl.c
> index b7a2d160..f6583b48 100644
> --- a/hw/display/virtio-gpu-virgl.c
> +++ b/hw/display/virtio-gpu-virgl.c
> @@ -185,25 +185,34 @@ virtio_gpu_virgl_map_resource_blob(VirtIOGPU *g,
> return -EBUSY;
> }
>
> - ret = virgl_renderer_resource_map_fixed(res->base.resource_id,
> - gl->hostmem_mmap + offset);
> - switch (ret) {
> - case 0:
> - res->map_fixed = gl->hostmem_mmap + offset;
> - return 0;
> -
> - case -EOPNOTSUPP:
> - /*
> - * MAP_FIXED is unsupported by this resource.
> - * Mapping falls back to a blob subregion method in that case.
> - */
> - break;
> + /*
> + * MAP_FIXED requires host-page-aligned offset and size. Hosts with
> + * page sizes larger than the guest's (e.g. 16KB on ARM64) may receive
> + * non-aligned blob offsets. Fall through to the subregion method when
> + * alignment requirements are not met.
> + */
> + if (QEMU_IS_ALIGNED(offset, qemu_real_host_page_size()) &&
> + QEMU_IS_ALIGNED(res->base.blob_size, qemu_real_host_page_size())) {
> + ret = virgl_renderer_resource_map_fixed(res->base.resource_id,
> + gl->hostmem_mmap + offset);
> + switch (ret) {
> + case 0:
> + res->map_fixed = gl->hostmem_mmap + offset;
> + return 0;
> +
> + case -EOPNOTSUPP:
> + /*
> + * MAP_FIXED is unsupported by this resource.
> + * Mapping falls back to a blob subregion method in that case.
> + */
> + break;
>
> - default:
> - qemu_log_mask(LOG_GUEST_ERROR,
> - "%s: failed to map(fixed) virgl resource: %s\n",
> - __func__, strerror(-ret));
> - return ret;
> + default:
> + qemu_log_mask(LOG_GUEST_ERROR,
> + "%s: failed to map(fixed) virgl resource: %s\n",
> + __func__, strerror(-ret));
> + return ret;
> + }
> }
> #endif
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
next prev parent reply other threads:[~2026-04-23 18:01 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-17 17:57 [PATCH v4 0/3] hvf: map granule abstraction, configurable IPA, and MAP_FIXED alignment fix Lucas Amaral
2026-03-17 17:57 ` [PATCH v4 1/3] virtio-gpu: validate host page alignment for MAP_FIXED blobs Lucas Amaral
2026-04-23 18:00 ` Alex Bennée [this message]
2026-04-23 23:44 ` Lucas Amaral
2026-04-24 10:09 ` Alex Bennée
2026-04-24 21:37 ` Lucas Amaral
2026-03-17 17:57 ` [PATCH v4 2/3] accel/hvf: introduce map granule abstraction and IPA property Lucas Amaral
2026-04-23 18:05 ` Alex Bennée
2026-04-23 23:44 ` Lucas Amaral
2026-03-17 17:57 ` [PATCH v4 3/3] target/arm/hvf: configure IPA granule on macOS 26 Lucas Amaral
2026-04-09 17:52 ` [PATCH v4 0/3] hvf: map granule abstraction, configurable IPA, and MAP_FIXED alignment fix Lucas Amaral
2026-04-09 19:06 ` Peter Maydell
2026-04-10 14:13 ` Peter Maydell
2026-04-23 17:22 ` Lucas Amaral
2026-04-24 7:08 ` Philippe Mathieu-Daudé
2026-04-24 21:38 ` Lucas Amaral
-- strict thread matches above, loose matches on Subject: below --
2026-03-17 17:48 Lucas Amaral
2026-03-17 17:48 ` [PATCH v4 1/3] virtio-gpu: validate host page alignment for MAP_FIXED blobs Lucas Amaral
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mrytwo8h.fsf@draig.linaro.org \
--to=alex.bennee@linaro.org \
--cc=agraf@csgraf.de \
--cc=lucaaamaral@gmail.com \
--cc=mohamed@unpredictable.fr \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.