From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chris Lalancette <clalance-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: Re: [PATCH]: Fix memory corruption in-kernel
	IOAPIC	emulation
Date: Wed, 30 Jan 2008 16:03:15 -0500
Message-ID: <47A0E613.7080408@redhat.com>
References: <479FB5C6.6060204@redhat.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------070200040707040704030101"
To: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Return-path: <kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
In-Reply-To: <479FB5C6.6060204-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=kvm-devel>
List-Post: <mailto:kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
List-Help: <mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=subscribe>
Sender: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Errors-To: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
List-Id: kvm.vger.kernel.org

This is a multi-part message in MIME format.
--------------070200040707040704030101
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Another version of the patch, done by changing the on-the-wire protocol
as Avi suggested.  I've tested this with:

old -> old - Migration works, but runs into the bug I'm trying to fix
old -> new - Migration works, but runs into the bug I'm trying to fix
new -> old - Migration fails gracefully with ioapic version mismatch
new -> new - Migration works, and doesn't run into this particular bug

Signed-off-by: Chris Lalancette <clalance-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

--------------070200040707040704030101
Content-Type: text/x-patch;
 name="kvm-60-qemu-fix-ioapic-migration3.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="kvm-60-qemu-fix-ioapic-migration3.patch"

diff --git a/qemu/hw/apic.c b/qemu/hw/apic.c
index c26a18d..7f18e38 100644
--- a/qemu/hw/apic.c
+++ b/qemu/hw/apic.c
@@ -94,6 +94,7 @@ typedef struct APICState {
 struct IOAPICState {
     uint8_t id;
     uint8_t ioregsel;
+    uint64_t base_address;
 
     uint32_t irr;
     uint64_t ioredtbl[IOAPIC_NUM_PINS];
@@ -1125,24 +1126,36 @@ static void kvm_kernel_ioapic_save_to_user(IOAPICState *s)
     kvm_get_irqchip(kvm_context, &chip);
     kioapic = &chip.chip.ioapic;
 
-    s->id = kioapic->id;
+    s->base_address = kioapic->base_address;
     s->ioregsel = kioapic->ioregsel;
+    s->id = kioapic->id;
+    s->irr = kioapic->irr;
     for (i = 0; i < IOAPIC_NUM_PINS; i++) {
         s->ioredtbl[i] = kioapic->redirtbl[i].bits;
     }
 #endif
 }
 
-static void kvm_kernel_ioapic_load_from_user(IOAPICState *s)
+static int kvm_kernel_ioapic_load_from_user(IOAPICState *s, int version_id)
 {
 #if defined(KVM_CAP_IRQCHIP) && defined(TARGET_I386)
     struct kvm_irqchip chip;
     struct kvm_ioapic_state *kioapic;
     int i;
 
+    if (version_id > 2) {
+        return -EINVAL;
+    }
+
     chip.chip_id = KVM_IRQCHIP_IOAPIC;
     kioapic = &chip.chip.ioapic;
 
+    if (version_id == 2) {
+        kioapic->base_address = s->base_address;
+        kioapic->irr = s->irr;
+    }
+
+    /* fields saved since version 1 */
     kioapic->id = s->id;
     kioapic->ioregsel = s->ioregsel;
     for (i = 0; i < IOAPIC_NUM_PINS; i++) {
@@ -1151,6 +1164,8 @@ static void kvm_kernel_ioapic_load_from_user(IOAPICState *s)
 
     kvm_set_irqchip(kvm_context, &chip);
 #endif
+
+    return 0;
 }
 
 static void ioapic_save(QEMUFile *f, void *opaque)
@@ -1173,8 +1188,9 @@ static int ioapic_load(QEMUFile *f, void *opaque, int version_id)
 {
     IOAPICState *s = opaque;
     int i;
+    int ret;
 
-    if (version_id != 1)
+    if (version_id > 2)
         return -EINVAL;
 
     qemu_get_8s(f, &s->id);
@@ -1184,7 +1200,9 @@ static int ioapic_load(QEMUFile *f, void *opaque, int version_id)
     }
 
     if (kvm_enabled() && qemu_kvm_irqchip_in_kernel()) {
-        kvm_kernel_ioapic_load_from_user(s);
+        ret = kvm_kernel_ioapic_load_from_user(s, version_id);
+        if (ret < 0)
+	    return ret;
     }
 
     return 0;
@@ -1227,7 +1245,7 @@ IOAPICState *ioapic_init(void)
                                        ioapic_mem_write, s);
     cpu_register_physical_memory(0xfec00000, 0x1000, io_memory);
 
-    register_savevm("ioapic", 0, 1, ioapic_save, ioapic_load, s);
+    register_savevm("ioapic", 0, 2, ioapic_save, ioapic_load, s);
     qemu_register_reset(ioapic_reset, s);
 
     return s;

--------------070200040707040704030101
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
--------------070200040707040704030101
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
kvm-devel mailing list
kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/kvm-devel

--------------070200040707040704030101--