From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Jiqian Chen <Jiqian.Chen@amd.com>
Cc: xen-devel@lists.xenproject.org, Huang Rui <ray.huang@amd.com>
Subject: Re: [PATCH v7 3/8] vpci: Hide legacy capability when it fails to initialize
Date: Mon, 21 Jul 2025 17:48:32 +0200 [thread overview]
Message-ID: <aH5hUC1JBYLyF0h6@macbook.local> (raw)
In-Reply-To: <20250704070803.314366-4-Jiqian.Chen@amd.com>
On Fri, Jul 04, 2025 at 03:07:58PM +0800, Jiqian Chen wrote:
> When vpci fails to initialize a legacy capability of device, it just
> returns an error and vPCI gets disabled for the whole device. That
> most likely renders the device unusable, plus possibly causing issues
> to Xen itself if guest attempts to program the native MSI or MSI-X
> capabilities if present.
>
> So, add new function to hide legacy capability when initialization
> fails. And remove the failed legacy capability from the vpci emulated
> legacy capability list.
>
> Signed-off-by: Jiqian Chen <Jiqian.Chen@amd.com>
> ---
> cc: "Roger Pau Monné" <roger.pau@citrix.com>
> ---
> v6->v7 changes:
> * Change the pointer parameter of vpci_get_register(),
> vpci_get_previous_cap_register() and vpci_capability_hide() to be const.
>
> v5->v6 changes:
> * Rename parameter rm to r in vpci_get_register().
> * Use for loop to compact the code of vpci_get_previous_cap_register().
> * Rename prev_next_r to prev_r in vpci_capability_hide(().
> * Add printing when cap init, cleanup and hide fail.
>
> v4->v5 changes:
> * Modify vpci_get_register() to delete some unnecessary check, so that
> I don't need to move function vpci_register_cmp().
> * Rename vpci_capability_mask() to vpci_capability_hide().
>
> v3->v4 changes:
> * Modify the commit message.
> * In function vpci_get_previous_cap_register(), add an ASSERT_UNREACHABLE() if offset below 0x40.
> * Modify vpci_capability_mask() to return error instead of using ASSERT.
> * Use vpci_remove_register to remove PCI_CAP_LIST_ID register instead of open code.
> * Add check "if ( !offset )" in vpci_capability_mask().
>
> v2->v3 changes:
> * Separated from the last version patch "vpci: Hide capability when it fails to initialize"
> * Whole implementation changed because last version is wrong.
> This version adds a new helper function vpci_get_register() and uses it to get
> target handler and previous handler from vpci->handlers, then remove the target.
>
> v1->v2 changes:
> * Removed the "priorities" of initializing capabilities since it isn't used anymore.
> * Added new function vpci_capability_mask() and vpci_ext_capability_mask() to
> remove failed capability from list.
> * Called vpci_make_msix_hole() in the end of init_msix().
>
> Best regards,
> Jiqian Chen.
> ---
> xen/drivers/vpci/vpci.c | 109 +++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 108 insertions(+), 1 deletion(-)
>
> diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c
> index e7e5b64f1be4..a91c3d4a1415 100644
> --- a/xen/drivers/vpci/vpci.c
> +++ b/xen/drivers/vpci/vpci.c
> @@ -83,6 +83,88 @@ static int assign_virtual_sbdf(struct pci_dev *pdev)
>
> #endif /* CONFIG_HAS_VPCI_GUEST_SUPPORT */
>
> +static struct vpci_register *vpci_get_register(const struct vpci *vpci,
> + unsigned int offset,
> + unsigned int size)
> +{
> + struct vpci_register *r;
> +
> + ASSERT(spin_is_locked(&vpci->lock));
> +
> + list_for_each_entry ( r, &vpci->handlers, node )
> + {
> + if ( r->offset == offset && r->size == size )
> + return r;
> +
> + if ( offset <= r->offset )
> + break;
> + }
> +
> + return NULL;
> +}
> +
> +static struct vpci_register *vpci_get_previous_cap_register(
> + const struct vpci *vpci, unsigned int offset)
> +{
> + uint32_t next;
> + struct vpci_register *r;
> +
> + if ( offset < 0x40 )
> + {
> + ASSERT_UNREACHABLE();
> + return NULL;
> + }
> +
> + for ( r = vpci_get_register(vpci, PCI_CAPABILITY_LIST, 1); r;
> + r = next >= 0x40 ? vpci_get_register(vpci,
> + next + PCI_CAP_LIST_NEXT, 1)
> + : NULL )
> + {
> + next = (uint32_t)(uintptr_t)r->private;
Both 'next' type and the explicit truncation done here would better
use "unsigned int" to match the type of the input offset parameter?
> + ASSERT(next == (uintptr_t)r->private);
> + if ( next == offset )
> + break;
> + }
> +
> + return r;
> +}
> +
> +static int vpci_capability_hide(const struct pci_dev *pdev, unsigned int cap)
> +{
> + const unsigned int offset = pci_find_cap_offset(pdev->sbdf, cap);
> + struct vpci_register *prev_r, *next_r;
> + struct vpci *vpci = pdev->vpci;
> +
> + if ( !offset )
> + {
> + ASSERT_UNREACHABLE();
> + return 0;
> + }
> +
> + spin_lock(&vpci->lock);
> + prev_r = vpci_get_previous_cap_register(vpci, offset);
> + next_r = vpci_get_register(vpci, offset + PCI_CAP_LIST_NEXT, 1);
> + if ( !prev_r || !next_r )
> + {
> + spin_unlock(&vpci->lock);
> + return -ENODEV;
> + }
> +
> + prev_r->private = next_r->private;
> + /*
> + * Not calling vpci_remove_register() here is to avoid redoing
> + * the register search
> + */
> + list_del(&next_r->node);
> + spin_unlock(&vpci->lock);
> + xfree(next_r);
> +
> + if ( !is_hardware_domain(pdev->domain) )
> + return vpci_remove_register(vpci, offset + PCI_CAP_LIST_ID, 1);
> +
> + return 0;
> +}
> +
> static int vpci_init_capabilities(struct pci_dev *pdev)
> {
> for ( unsigned int i = 0; i < NUM_VPCI_INIT; i++ )
> @@ -103,7 +185,32 @@ static int vpci_init_capabilities(struct pci_dev *pdev)
>
> rc = capability->init(pdev);
> if ( rc )
> - return rc;
> + {
> + const char *type = is_ext ? "extended" : "legacy";
> +
> + printk(XENLOG_WARNING "%pd %pp: init %s cap %u fail rc=%d, mask it\n",
Nit: in order to avoid the strictly speaking overly long line here you
could split it like:
printk(XENLOG_WARNING
"%pd %pp: init %s cap %u fail rc=%d, mask it\n",
pdev->domain, ...
> + pdev->domain, &pdev->sbdf, type, cap, rc);
> +
> + if ( capability->cleanup )
> + {
> + rc = capability->cleanup(pdev);
> + if ( rc )
> + {
> + printk(XENLOG_ERR "%pd %pp: clean %s cap %u fail rc=%d\n",
> + pdev->domain, &pdev->sbdf, type, cap, rc);
I think it would be fine to not return error here for the hardware
domain, and try to mask the capability even if cleanup() has failed?
For the hardware domain it's likely better to not fail and attempt to
mask, rather than fail and then end up exposing the device without any
kind of vPCI mediation. For domU the proposed behavior is fine.
Thanks, Roger.
next prev parent reply other threads:[~2025-07-21 15:49 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-04 7:07 [PATCH v7 0/8] Support hiding capability when its initialization fails Jiqian Chen
2025-07-04 7:07 ` [PATCH v7 1/8] vpci/header: Emulate extended capability list for dom0 Jiqian Chen
2025-07-08 14:10 ` Jan Beulich
2025-07-09 5:29 ` Chen, Jiqian
2025-07-09 5:32 ` Jan Beulich
2025-07-09 5:34 ` Chen, Jiqian
2025-07-21 14:16 ` Roger Pau Monné
2025-07-23 6:45 ` Chen, Jiqian
2025-07-04 7:07 ` [PATCH v7 2/8] vpci: Refactor REGISTER_VPCI_INIT Jiqian Chen
2025-07-08 14:52 ` Jan Beulich
2025-07-21 14:37 ` Roger Pau Monné
2025-07-23 7:20 ` Chen, Jiqian
2025-07-23 8:19 ` Roger Pau Monné
2025-07-04 7:07 ` [PATCH v7 3/8] vpci: Hide legacy capability when it fails to initialize Jiqian Chen
2025-07-21 15:48 ` Roger Pau Monné [this message]
2025-07-23 7:33 ` Chen, Jiqian
2025-07-23 8:15 ` Roger Pau Monné
2025-07-04 7:07 ` [PATCH v7 4/8] vpci: Hide extended " Jiqian Chen
2025-07-21 16:04 ` Roger Pau Monné
2025-07-04 7:08 ` [PATCH v7 5/8] vpci: Refactor vpci_remove_register to remove matched registers Jiqian Chen
2025-07-04 7:08 ` [PATCH v7 6/8] vpci/rebar: Free Rebar resources when init_rebar() fails Jiqian Chen
2025-07-21 16:08 ` Roger Pau Monné
2025-07-04 7:08 ` [PATCH v7 7/8] vpci/msi: Free MSI resources when init_msi() fails Jiqian Chen
2025-07-08 15:13 ` Jan Beulich
2025-07-09 6:10 ` Chen, Jiqian
2025-07-09 6:49 ` Jan Beulich
2025-07-21 16:21 ` Roger Pau Monné
2025-07-23 7:54 ` Chen, Jiqian
2025-07-23 9:39 ` Jan Beulich
2025-07-04 7:08 ` [PATCH v7 8/8] vpci/msix: Free MSIX resources when init_msix() fails Jiqian Chen
2025-07-21 16:24 ` Roger Pau Monné
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aH5hUC1JBYLyF0h6@macbook.local \
--to=roger.pau@citrix.com \
--cc=Jiqian.Chen@amd.com \
--cc=ray.huang@amd.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.