[Qemu-devel] [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical address space

[Qemu-devel] [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical address space

[Xudong Hao]

For 64 bit processor, emulate 40 bits physical address if the host physical
address space >= 40bits, else guest physical is same as host.

Signed-off-by: Xudong Hao <xudong.hao@intel.com>
---
 target-i386/cpu.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 423e009..3a78881 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1584,7 +1584,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
         if (env->cpuid_ext2_features & CPUID_EXT2_LM) {
             /* 64 bit processor */
 /* XXX: The physical address space is limited to 42 bits in exec.c. */
-            *eax = 0x00003028;	/* 48 bits virtual, 40 bits physical */
+/* XXX: 40 bits physical if host physical address space >= 40 bits */
+            uint32_t a, b, c, d;
+            host_cpuid(0x80000008, 0, &a, &b, &c, &d);
+            *eax = a < 0x00003028 ? a : 0x00003028;
         } else {
             if (env->cpuid_features & CPUID_PSE36)
                 *eax = 0x00000024; /* 36 bits physical */
-- 
1.5.5

[Qemu-devel] [PATCH 2/2] qemu-kvm/pci-assign: 64 bits bar emulation

[Xudong Hao]

Enable 64 bits bar emulation.

Signed-off-by: Xudong Hao <xudong.hao@intel.com>
---
 hw/kvm/pci-assign.c |   18 ++++++++++++------
 1 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/hw/kvm/pci-assign.c b/hw/kvm/pci-assign.c
index 05b93d9..f1f8d1e 100644
--- a/hw/kvm/pci-assign.c
+++ b/hw/kvm/pci-assign.c
@@ -46,6 +46,7 @@
 #define IORESOURCE_IRQ      0x00000400
 #define IORESOURCE_DMA      0x00000800
 #define IORESOURCE_PREFETCH 0x00002000  /* No side effects */
+#define IORESOURCE_MEM_64   0x00100000
 
 //#define DEVICE_ASSIGNMENT_DEBUG
 
@@ -442,9 +443,13 @@ static int assigned_dev_register_regions(PCIRegion *io_regions,
 
         /* handle memory io regions */
         if (cur_region->type & IORESOURCE_MEM) {
-            int t = cur_region->type & IORESOURCE_PREFETCH
-                ? PCI_BASE_ADDRESS_MEM_PREFETCH
-                : PCI_BASE_ADDRESS_SPACE_MEMORY;
+            int t = PCI_BASE_ADDRESS_SPACE_MEMORY;
+            if (cur_region->type & IORESOURCE_PREFETCH) {
+                t |= PCI_BASE_ADDRESS_MEM_PREFETCH;
+            }
+            if (cur_region->type & IORESOURCE_MEM_64) {
+                t |= PCI_BASE_ADDRESS_MEM_TYPE_64;
+            }
 
             /* map physical memory */
             pci_dev->v_addrs[i].u.r_virtbase = mmap(NULL, cur_region->size,
@@ -468,8 +473,8 @@ static int assigned_dev_register_regions(PCIRegion *io_regions,
                 (cur_region->base_addr & 0xFFF);
 
             if (cur_region->size & 0xFFF) {
-                error_report("PCI region %d at address 0x%" PRIx64 " has "
-                             "size 0x%" PRIx64 ", which is not a multiple of "
+                error_report("PCI region %d at address 0lx%" PRIx64 " has "
+                             "size 0lx%" PRIx64 ", which is not a multiple of "
                              "4K.  You might experience some performance hit "
                              "due to that.",
                              i, cur_region->base_addr, cur_region->size);
@@ -638,7 +643,8 @@ again:
         rp->valid = 0;
         rp->resource_fd = -1;
         size = end - start + 1;
-        flags &= IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH;
+        flags &= IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH
+                 | IORESOURCE_MEM_64;
         if (size == 0 || (flags & ~IORESOURCE_PREFETCH) == 0) {
             continue;
         }
-- 
1.5.5

Re: [Qemu-devel] [PATCH 2/2] qemu-kvm/pci-assign: 64 bits bar emulation

[Blue Swirl]

On Fri, Nov 2, 2012 at 5:38 AM, Xudong Hao <xudong.hao@intel.com> wrote:
> Enable 64 bits bar emulation.
>
> Signed-off-by: Xudong Hao <xudong.hao@intel.com>
> ---
>  hw/kvm/pci-assign.c |   18 ++++++++++++------
>  1 files changed, 12 insertions(+), 6 deletions(-)
>
> diff --git a/hw/kvm/pci-assign.c b/hw/kvm/pci-assign.c
> index 05b93d9..f1f8d1e 100644
> --- a/hw/kvm/pci-assign.c
> +++ b/hw/kvm/pci-assign.c
> @@ -46,6 +46,7 @@
>  #define IORESOURCE_IRQ      0x00000400
>  #define IORESOURCE_DMA      0x00000800
>  #define IORESOURCE_PREFETCH 0x00002000  /* No side effects */
> +#define IORESOURCE_MEM_64   0x00100000
>
>  //#define DEVICE_ASSIGNMENT_DEBUG
>
> @@ -442,9 +443,13 @@ static int assigned_dev_register_regions(PCIRegion *io_regions,
>
>          /* handle memory io regions */
>          if (cur_region->type & IORESOURCE_MEM) {
> -            int t = cur_region->type & IORESOURCE_PREFETCH
> -                ? PCI_BASE_ADDRESS_MEM_PREFETCH
> -                : PCI_BASE_ADDRESS_SPACE_MEMORY;
> +            int t = PCI_BASE_ADDRESS_SPACE_MEMORY;
> +            if (cur_region->type & IORESOURCE_PREFETCH) {
> +                t |= PCI_BASE_ADDRESS_MEM_PREFETCH;
> +            }
> +            if (cur_region->type & IORESOURCE_MEM_64) {
> +                t |= PCI_BASE_ADDRESS_MEM_TYPE_64;
> +            }
>
>              /* map physical memory */
>              pci_dev->v_addrs[i].u.r_virtbase = mmap(NULL, cur_region->size,
> @@ -468,8 +473,8 @@ static int assigned_dev_register_regions(PCIRegion *io_regions,
>                  (cur_region->base_addr & 0xFFF);
>
>              if (cur_region->size & 0xFFF) {
> -                error_report("PCI region %d at address 0x%" PRIx64 " has "
> -                             "size 0x%" PRIx64 ", which is not a multiple of "
> +                error_report("PCI region %d at address 0lx%" PRIx64 " has "
> +                             "size 0lx%" PRIx64 ", which is not a multiple of "

Adding 'l' to '0x' prefix does not make sense.

>                               "4K.  You might experience some performance hit "
>                               "due to that.",
>                               i, cur_region->base_addr, cur_region->size);
> @@ -638,7 +643,8 @@ again:
>          rp->valid = 0;
>          rp->resource_fd = -1;
>          size = end - start + 1;
> -        flags &= IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH;
> +        flags &= IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH
> +                 | IORESOURCE_MEM_64;
>          if (size == 0 || (flags & ~IORESOURCE_PREFETCH) == 0) {
>              continue;
>          }
> --
> 1.5.5
>
>

Re: [Qemu-devel] [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical address space

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 1430 bytes --]

On 2012-11-02 06:38, Xudong Hao wrote:
> For 64 bit processor, emulate 40 bits physical address if the host physical
> address space >= 40bits, else guest physical is same as host.
> 
> Signed-off-by: Xudong Hao <xudong.hao@intel.com>
> ---
>  target-i386/cpu.c |    5 ++++-
>  1 files changed, 4 insertions(+), 1 deletions(-)
> 
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 423e009..3a78881 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -1584,7 +1584,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>          if (env->cpuid_ext2_features & CPUID_EXT2_LM) {
>              /* 64 bit processor */
>  /* XXX: The physical address space is limited to 42 bits in exec.c. */
> -            *eax = 0x00003028;	/* 48 bits virtual, 40 bits physical */
> +/* XXX: 40 bits physical if host physical address space >= 40 bits */
> +            uint32_t a, b, c, d;
> +            host_cpuid(0x80000008, 0, &a, &b, &c, &d);
> +            *eax = a < 0x00003028 ? a : 0x00003028;

This variation will not only affect -cpu host, right? That can create
problems when migrating between hosts with different address widths, and
then we will need some control knob to adjust what it reported to the guest.

Jan

>          } else {
>              if (env->cpuid_features & CPUID_PSE36)
>                  *eax = 0x00000024; /* 36 bits physical */
> 



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 259 bytes --]

Re: [Qemu-devel] [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical address space

[Hao, Xudong]

> -----Original Message-----
> From: Jan Kiszka [mailto:jan.kiszka@web.de]
> Sent: Saturday, November 03, 2012 6:55 PM
> To: Hao, Xudong
> Cc: qemu-devel@nongnu.org; avi@redhat.com; kvm@vger.kernel.org
> Subject: Re: [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical
> address space
> 
> On 2012-11-02 06:38, Xudong Hao wrote:
> > For 64 bit processor, emulate 40 bits physical address if the host physical
> > address space >= 40bits, else guest physical is same as host.
> >
> > Signed-off-by: Xudong Hao <xudong.hao@intel.com>
> > ---
> >  target-i386/cpu.c |    5 ++++-
> >  1 files changed, 4 insertions(+), 1 deletions(-)
> >
> > diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> > index 423e009..3a78881 100644
> > --- a/target-i386/cpu.c
> > +++ b/target-i386/cpu.c
> > @@ -1584,7 +1584,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t
> index, uint32_t count,
> >          if (env->cpuid_ext2_features & CPUID_EXT2_LM) {
> >              /* 64 bit processor */
> >  /* XXX: The physical address space is limited to 42 bits in exec.c. */
> > -            *eax = 0x00003028;	/* 48 bits virtual, 40 bits physical */
> > +/* XXX: 40 bits physical if host physical address space >= 40 bits */
> > +            uint32_t a, b, c, d;
> > +            host_cpuid(0x80000008, 0, &a, &b, &c, &d);
> > +            *eax = a < 0x00003028 ? a : 0x00003028;
> 
> This variation will not only affect -cpu host, right? That can create
> problems when migrating between hosts with different address widths, and
> then we will need some control knob to adjust what it reported to the guest.
> 

Oh, I did not consider migrating to different platform(addr widths).
But I think the fixed value 40 bits may cause problem: in VT-d case, when a host support GAW < 40 bits, and qemu emulate 40 bits guest physical address space, will bring bug on:

drivers/iommu/intel-iommu.c
static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain,
                      unsigned long pfn, int target_level)
{
    int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT;
...
    BUG_ON(!domain->pgd);
    BUG_ON(addr_width < BITS_PER_LONG && pfn >> addr_width);

> Jan
> 
> >          } else {
> >              if (env->cpuid_features & CPUID_PSE36)
> >                  *eax = 0x00000024; /* 36 bits physical */
> >
> 

Re: [Qemu-devel] [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical address space

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 2415 bytes --]

On 2012-11-04 13:15, Hao, Xudong wrote:
>> -----Original Message-----
>> From: Jan Kiszka [mailto:jan.kiszka@web.de]
>> Sent: Saturday, November 03, 2012 6:55 PM
>> To: Hao, Xudong
>> Cc: qemu-devel@nongnu.org; avi@redhat.com; kvm@vger.kernel.org
>> Subject: Re: [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical
>> address space
>>
>> On 2012-11-02 06:38, Xudong Hao wrote:
>>> For 64 bit processor, emulate 40 bits physical address if the host physical
>>> address space >= 40bits, else guest physical is same as host.
>>>
>>> Signed-off-by: Xudong Hao <xudong.hao@intel.com>
>>> ---
>>>  target-i386/cpu.c |    5 ++++-
>>>  1 files changed, 4 insertions(+), 1 deletions(-)
>>>
>>> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
>>> index 423e009..3a78881 100644
>>> --- a/target-i386/cpu.c
>>> +++ b/target-i386/cpu.c
>>> @@ -1584,7 +1584,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t
>> index, uint32_t count,
>>>          if (env->cpuid_ext2_features & CPUID_EXT2_LM) {
>>>              /* 64 bit processor */
>>>  /* XXX: The physical address space is limited to 42 bits in exec.c. */
>>> -            *eax = 0x00003028;	/* 48 bits virtual, 40 bits physical */
>>> +/* XXX: 40 bits physical if host physical address space >= 40 bits */
>>> +            uint32_t a, b, c, d;
>>> +            host_cpuid(0x80000008, 0, &a, &b, &c, &d);
>>> +            *eax = a < 0x00003028 ? a : 0x00003028;
>>
>> This variation will not only affect -cpu host, right? That can create
>> problems when migrating between hosts with different address widths, and
>> then we will need some control knob to adjust what it reported to the guest.
>>
> 
> Oh, I did not consider migrating to different platform(addr widths).
> But I think the fixed value 40 bits may cause problem: in VT-d case, when a host support GAW < 40 bits, and qemu emulate 40 bits guest physical address space, will bring bug on:
> 
> drivers/iommu/intel-iommu.c
> static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain,
>                       unsigned long pfn, int target_level)
> {
>     int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT;
> ...
>     BUG_ON(!domain->pgd);
>     BUG_ON(addr_width < BITS_PER_LONG && pfn >> addr_width);
> 

Does it mean that buggy or malicious user space can trigger a kernel
bug? Then this must be fixed of course.

Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 259 bytes --]

Re: [Qemu-devel] [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical address space

[Hao, Xudong]

> -----Original Message-----
> From: Jan Kiszka [mailto:jan.kiszka@web.de]
> Sent: Sunday, November 04, 2012 8:55 PM
> To: Hao, Xudong
> Cc: qemu-devel@nongnu.org; avi@redhat.com; kvm@vger.kernel.org
> Subject: Re: [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical
> address space
> 
> On 2012-11-04 13:15, Hao, Xudong wrote:
> >> -----Original Message-----
> >> From: Jan Kiszka [mailto:jan.kiszka@web.de]
> >> Sent: Saturday, November 03, 2012 6:55 PM
> >> To: Hao, Xudong
> >> Cc: qemu-devel@nongnu.org; avi@redhat.com; kvm@vger.kernel.org
> >> Subject: Re: [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical
> >> address space
> >>
> >> On 2012-11-02 06:38, Xudong Hao wrote:
> >>> For 64 bit processor, emulate 40 bits physical address if the host physical
> >>> address space >= 40bits, else guest physical is same as host.
> >>>
> >>> Signed-off-by: Xudong Hao <xudong.hao@intel.com>
> >>> ---
> >>>  target-i386/cpu.c |    5 ++++-
> >>>  1 files changed, 4 insertions(+), 1 deletions(-)
> >>>
> >>> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> >>> index 423e009..3a78881 100644
> >>> --- a/target-i386/cpu.c
> >>> +++ b/target-i386/cpu.c
> >>> @@ -1584,7 +1584,10 @@ void cpu_x86_cpuid(CPUX86State *env,
> uint32_t
> >> index, uint32_t count,
> >>>          if (env->cpuid_ext2_features & CPUID_EXT2_LM) {
> >>>              /* 64 bit processor */
> >>>  /* XXX: The physical address space is limited to 42 bits in exec.c. */
> >>> -            *eax = 0x00003028;	/* 48 bits virtual, 40 bits physical
> */
> >>> +/* XXX: 40 bits physical if host physical address space >= 40 bits */
> >>> +            uint32_t a, b, c, d;
> >>> +            host_cpuid(0x80000008, 0, &a, &b, &c, &d);
> >>> +            *eax = a < 0x00003028 ? a : 0x00003028;
> >>
> >> This variation will not only affect -cpu host, right? That can create
> >> problems when migrating between hosts with different address widths, and
> >> then we will need some control knob to adjust what it reported to the guest.
> >>
> >
> > Oh, I did not consider migrating to different platform(addr widths).
> > But I think the fixed value 40 bits may cause problem: in VT-d case, when a
> host support GAW < 40 bits, and qemu emulate 40 bits guest physical address
> space, will bring bug on:
> >
> > drivers/iommu/intel-iommu.c
> > static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain,
> >                       unsigned long pfn, int target_level)
> > {
> >     int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT;
> > ...
> >     BUG_ON(!domain->pgd);
> >     BUG_ON(addr_width < BITS_PER_LONG && pfn >> addr_width);
> >
> 
> Does it mean that buggy or malicious user space can trigger a kernel
> bug? Then this must be fixed of course.
> 
Probably yes, when guest RAM is large enough or allocate MMIO to very high address.

Jan, I'm not familiar the migration, do you have interest to add the migration part fixing?

Re: [Qemu-devel] [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical address space

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 3574 bytes --]

On 2012-11-05 03:42, Hao, Xudong wrote:
>> -----Original Message-----
>> From: Jan Kiszka [mailto:jan.kiszka@web.de]
>> Sent: Sunday, November 04, 2012 8:55 PM
>> To: Hao, Xudong
>> Cc: qemu-devel@nongnu.org; avi@redhat.com; kvm@vger.kernel.org
>> Subject: Re: [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical
>> address space
>>
>> On 2012-11-04 13:15, Hao, Xudong wrote:
>>>> -----Original Message-----
>>>> From: Jan Kiszka [mailto:jan.kiszka@web.de]
>>>> Sent: Saturday, November 03, 2012 6:55 PM
>>>> To: Hao, Xudong
>>>> Cc: qemu-devel@nongnu.org; avi@redhat.com; kvm@vger.kernel.org
>>>> Subject: Re: [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical
>>>> address space
>>>>
>>>> On 2012-11-02 06:38, Xudong Hao wrote:
>>>>> For 64 bit processor, emulate 40 bits physical address if the host physical
>>>>> address space >= 40bits, else guest physical is same as host.
>>>>>
>>>>> Signed-off-by: Xudong Hao <xudong.hao@intel.com>
>>>>> ---
>>>>>  target-i386/cpu.c |    5 ++++-
>>>>>  1 files changed, 4 insertions(+), 1 deletions(-)
>>>>>
>>>>> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
>>>>> index 423e009..3a78881 100644
>>>>> --- a/target-i386/cpu.c
>>>>> +++ b/target-i386/cpu.c
>>>>> @@ -1584,7 +1584,10 @@ void cpu_x86_cpuid(CPUX86State *env,
>> uint32_t
>>>> index, uint32_t count,
>>>>>          if (env->cpuid_ext2_features & CPUID_EXT2_LM) {
>>>>>              /* 64 bit processor */
>>>>>  /* XXX: The physical address space is limited to 42 bits in exec.c. */
>>>>> -            *eax = 0x00003028;	/* 48 bits virtual, 40 bits physical
>> */
>>>>> +/* XXX: 40 bits physical if host physical address space >= 40 bits */
>>>>> +            uint32_t a, b, c, d;
>>>>> +            host_cpuid(0x80000008, 0, &a, &b, &c, &d);
>>>>> +            *eax = a < 0x00003028 ? a : 0x00003028;
>>>>
>>>> This variation will not only affect -cpu host, right? That can create
>>>> problems when migrating between hosts with different address widths, and
>>>> then we will need some control knob to adjust what it reported to the guest.
>>>>
>>>
>>> Oh, I did not consider migrating to different platform(addr widths).
>>> But I think the fixed value 40 bits may cause problem: in VT-d case, when a
>> host support GAW < 40 bits, and qemu emulate 40 bits guest physical address
>> space, will bring bug on:
>>>
>>> drivers/iommu/intel-iommu.c
>>> static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain,
>>>                       unsigned long pfn, int target_level)
>>> {
>>>     int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT;
>>> ...
>>>     BUG_ON(!domain->pgd);
>>>     BUG_ON(addr_width < BITS_PER_LONG && pfn >> addr_width);
>>>
>>
>> Does it mean that buggy or malicious user space can trigger a kernel
>> bug? Then this must be fixed of course.
>>
> Probably yes, when guest RAM is large enough or allocate MMIO to very high address.

...and those things are under user space control. If you have an idea
how to trigger this, please give it a try. This is an availability issue
as untrusted user space could bring down the whole system.

> 
> Jan, I'm not familiar the migration, do you have interest to add the migration part fixing?
> 

I'm not up to date with what is going on in the context of CPU feature
configuration, CC'ing folks who reworked this recently.

In any case, the general pattern is: make this configurable (=> CPU
feature flag) and then possibly also adjust it for compat QEMU machine
types.

Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 259 bytes --]

Re: [Qemu-devel] [PATCH 2/2] qemu-kvm/pci-assign: 64 bits bar emulation

[Hao, Xudong]

> -----Original Message-----
> From: Blue Swirl [mailto:blauwirbel@gmail.com]
> Sent: Saturday, November 03, 2012 6:44 PM
> To: Hao, Xudong
> Cc: qemu-devel@nongnu.org; avi@redhat.com; kvm@vger.kernel.org
> Subject: Re: [Qemu-devel] [PATCH 2/2] qemu-kvm/pci-assign: 64 bits bar
> emulation
> 
> On Fri, Nov 2, 2012 at 5:38 AM, Xudong Hao <xudong.hao@intel.com> wrote:
> > Enable 64 bits bar emulation.
> >
> > Signed-off-by: Xudong Hao <xudong.hao@intel.com>
> > ---
> >  hw/kvm/pci-assign.c |   18 ++++++++++++------
> >  1 files changed, 12 insertions(+), 6 deletions(-)
> >
> > diff --git a/hw/kvm/pci-assign.c b/hw/kvm/pci-assign.c
> > index 05b93d9..f1f8d1e 100644
> > --- a/hw/kvm/pci-assign.c
> > +++ b/hw/kvm/pci-assign.c
> > @@ -46,6 +46,7 @@
> >  #define IORESOURCE_IRQ      0x00000400
> >  #define IORESOURCE_DMA      0x00000800
> >  #define IORESOURCE_PREFETCH 0x00002000  /* No side effects */
> > +#define IORESOURCE_MEM_64   0x00100000
> >
> >  //#define DEVICE_ASSIGNMENT_DEBUG
> >
> > @@ -442,9 +443,13 @@ static int assigned_dev_register_regions(PCIRegion
> *io_regions,
> >
> >          /* handle memory io regions */
> >          if (cur_region->type & IORESOURCE_MEM) {
> > -            int t = cur_region->type & IORESOURCE_PREFETCH
> > -                ? PCI_BASE_ADDRESS_MEM_PREFETCH
> > -                : PCI_BASE_ADDRESS_SPACE_MEMORY;
> > +            int t = PCI_BASE_ADDRESS_SPACE_MEMORY;
> > +            if (cur_region->type & IORESOURCE_PREFETCH) {
> > +                t |= PCI_BASE_ADDRESS_MEM_PREFETCH;
> > +            }
> > +            if (cur_region->type & IORESOURCE_MEM_64) {
> > +                t |= PCI_BASE_ADDRESS_MEM_TYPE_64;
> > +            }
> >
> >              /* map physical memory */
> >              pci_dev->v_addrs[i].u.r_virtbase = mmap(NULL,
> cur_region->size,
> > @@ -468,8 +473,8 @@ static int assigned_dev_register_regions(PCIRegion
> *io_regions,
> >                  (cur_region->base_addr & 0xFFF);
> >
> >              if (cur_region->size & 0xFFF) {
> > -                error_report("PCI region %d at address 0x%" PRIx64 "
> has "
> > -                             "size 0x%" PRIx64 ", which is not a
> multiple of "
> > +                error_report("PCI region %d at address 0lx%" PRIx64 "
> has "
> > +                             "size 0lx%" PRIx64 ", which is not a
> multiple of "
> 
> Adding 'l' to '0x' prefix does not make sense.
> 

Thanks review it, changes to: 
+                error_report("PCI region %d at address 0x%016" PRIx64 " has "
+                             "size 0x%016" PRIx64 ", which is not a multiple of "

Re: [Qemu-devel] [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical address space

[Eduardo Habkost]

On Mon, Nov 05, 2012 at 07:22:55AM +0100, Jan Kiszka wrote:
> On 2012-11-05 03:42, Hao, Xudong wrote:
> >> -----Original Message-----
> >> From: Jan Kiszka [mailto:jan.kiszka@web.de]
> >> Sent: Sunday, November 04, 2012 8:55 PM
> >> To: Hao, Xudong
> >> Cc: qemu-devel@nongnu.org; avi@redhat.com; kvm@vger.kernel.org
> >> Subject: Re: [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical
> >> address space
> >>
> >> On 2012-11-04 13:15, Hao, Xudong wrote:
> >>>> -----Original Message-----
> >>>> From: Jan Kiszka [mailto:jan.kiszka@web.de]
> >>>> Sent: Saturday, November 03, 2012 6:55 PM
> >>>> To: Hao, Xudong
> >>>> Cc: qemu-devel@nongnu.org; avi@redhat.com; kvm@vger.kernel.org
> >>>> Subject: Re: [PATCH 1/2] qemu-kvm/cpuid: fix a emulation of guest physical
> >>>> address space
> >>>>
> >>>> On 2012-11-02 06:38, Xudong Hao wrote:
> >>>>> For 64 bit processor, emulate 40 bits physical address if the host physical
> >>>>> address space >= 40bits, else guest physical is same as host.
> >>>>>
> >>>>> Signed-off-by: Xudong Hao <xudong.hao@intel.com>
> >>>>> ---
> >>>>>  target-i386/cpu.c |    5 ++++-
> >>>>>  1 files changed, 4 insertions(+), 1 deletions(-)
> >>>>>
> >>>>> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> >>>>> index 423e009..3a78881 100644
> >>>>> --- a/target-i386/cpu.c
> >>>>> +++ b/target-i386/cpu.c
> >>>>> @@ -1584,7 +1584,10 @@ void cpu_x86_cpuid(CPUX86State *env,
> >> uint32_t
> >>>> index, uint32_t count,
> >>>>>          if (env->cpuid_ext2_features & CPUID_EXT2_LM) {
> >>>>>              /* 64 bit processor */
> >>>>>  /* XXX: The physical address space is limited to 42 bits in exec.c. */
> >>>>> -            *eax = 0x00003028;	/* 48 bits virtual, 40 bits physical
> >> */
> >>>>> +/* XXX: 40 bits physical if host physical address space >= 40 bits */
> >>>>> +            uint32_t a, b, c, d;
> >>>>> +            host_cpuid(0x80000008, 0, &a, &b, &c, &d);
> >>>>> +            *eax = a < 0x00003028 ? a : 0x00003028;
> >>>>
> >>>> This variation will not only affect -cpu host, right? That can create
> >>>> problems when migrating between hosts with different address widths, and
> >>>> then we will need some control knob to adjust what it reported to the guest.
> >>>>
> >>>
> >>> Oh, I did not consider migrating to different platform(addr widths).
> >>> But I think the fixed value 40 bits may cause problem: in VT-d case, when a
> >> host support GAW < 40 bits, and qemu emulate 40 bits guest physical address
> >> space, will bring bug on:
> >>>
> >>> drivers/iommu/intel-iommu.c
> >>> static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain,
> >>>                       unsigned long pfn, int target_level)
> >>> {
> >>>     int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT;
> >>> ...
> >>>     BUG_ON(!domain->pgd);
> >>>     BUG_ON(addr_width < BITS_PER_LONG && pfn >> addr_width);
> >>>
> >>
> >> Does it mean that buggy or malicious user space can trigger a kernel
> >> bug? Then this must be fixed of course.
> >>
> > Probably yes, when guest RAM is large enough or allocate MMIO to very high address.
> 
> ...and those things are under user space control. If you have an idea
> how to trigger this, please give it a try. This is an availability issue
> as untrusted user space could bring down the whole system.
> 
> > 
> > Jan, I'm not familiar the migration, do you have interest to add the migration part fixing?
> > 
> 
> I'm not up to date with what is going on in the context of CPU feature
> configuration, CC'ing folks who reworked this recently.
> 
> In any case, the general pattern is: make this configurable (=> CPU
> feature flag) and then possibly also adjust it for compat QEMU machine
> types.

We can't automatically expose data derived from host capabilities to the
guest automatically, as this breaks live migration. This is probably
better handled by adding a new property to the X86CPU class.

If you really want to, you can add a "host" or "auto" mode, too, for
users that don't care about live migration. But that mode can't be
enabled by default (but it could be enabled by -cpu host).

-- 
Eduardo

[Qemu-devel] [PATCH 2/2] qemu-kvm/pci-assign: 64 bits bar emulation

[Gleb Natapov]

From: Xudong Hao <xudong.hao@intel.com>

Enable 64 bits bar emulation.

Test pass with the current seabios which already support 64bit pci bars.

Signed-off-by: Xudong Hao <xudong.hao@intel.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
---
 hw/kvm/pci-assign.c |   14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/hw/kvm/pci-assign.c b/hw/kvm/pci-assign.c
index e80dad0..addc205 100644
--- a/hw/kvm/pci-assign.c
+++ b/hw/kvm/pci-assign.c
@@ -46,6 +46,7 @@
 #define IORESOURCE_IRQ      0x00000400
 #define IORESOURCE_DMA      0x00000800
 #define IORESOURCE_PREFETCH 0x00002000  /* No side effects */
+#define IORESOURCE_MEM_64   0x00100000
 
 //#define DEVICE_ASSIGNMENT_DEBUG
 
@@ -442,9 +443,13 @@ static int assigned_dev_register_regions(PCIRegion *io_regions,
 
         /* handle memory io regions */
         if (cur_region->type & IORESOURCE_MEM) {
-            int t = cur_region->type & IORESOURCE_PREFETCH
-                ? PCI_BASE_ADDRESS_MEM_PREFETCH
-                : PCI_BASE_ADDRESS_SPACE_MEMORY;
+            int t = PCI_BASE_ADDRESS_SPACE_MEMORY;
+            if (cur_region->type & IORESOURCE_PREFETCH) {
+                t |= PCI_BASE_ADDRESS_MEM_PREFETCH;
+            }
+            if (cur_region->type & IORESOURCE_MEM_64) {
+                t |= PCI_BASE_ADDRESS_MEM_TYPE_64;
+            }
 
             /* map physical memory */
             pci_dev->v_addrs[i].u.r_virtbase = mmap(NULL, cur_region->size,
@@ -632,7 +637,8 @@ again:
         rp->valid = 0;
         rp->resource_fd = -1;
         size = end - start + 1;
-        flags &= IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH;
+        flags &= IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH
+                 | IORESOURCE_MEM_64;
         if (size == 0 || (flags & ~IORESOURCE_PREFETCH) == 0) {
             continue;
         }
-- 
1.7.10.4