From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Eric Auger <eric.auger@redhat.com>
Subject: [Qemu-devel] [PULL 01/60] exec: Fix MAP_RAM for cached access
Date: Thu, 28 Jun 2018 22:04:11 +0200 [thread overview]
Message-ID: <1530216310-52873-2-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1530216310-52873-1-git-send-email-pbonzini@redhat.com>
From: Eric Auger <eric.auger@redhat.com>
When an IOMMUMemoryRegion is in front of a virtio device,
address_space_cache_init does not set cache->ptr as the memory
region is not RAM. However when the device performs an access,
we end up in glue() which performs the translation and then uses
MAP_RAM. This latter uses the unset ptr and returns a wrong value
which leads to a SIGSEV in address_space_lduw_internal_cached_slow,
for instance.
In slow path cache->ptr is NULL and MAP_RAM must redirect to
qemu_map_ram_ptr((mr)->ram_block, ofs).
As MAP_RAM, IS_DIRECT and INVALIDATE are the same in _cached_slow
and non cached mode, let's remove those macros.
This fixes the use cases featuring vIOMMU (Intel and ARM SMMU)
which lead to a SIGSEV.
Fixes: 48564041a73a (exec: reintroduce MemoryRegion caching)
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-Id: <1528895946-28677-1-git-send-email-eric.auger@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
exec.c | 6 ------
memory_ldst.inc.c | 47 ++++++++++++++++++++++-------------------------
2 files changed, 22 insertions(+), 31 deletions(-)
diff --git a/exec.c b/exec.c
index 1e37f75..9f35e34 100644
--- a/exec.c
+++ b/exec.c
@@ -3702,9 +3702,6 @@ void cpu_physical_memory_unmap(void *buffer, hwaddr len,
#define ARG1 as
#define SUFFIX
#define TRANSLATE(...) address_space_translate(as, __VA_ARGS__)
-#define IS_DIRECT(mr, is_write) memory_access_is_direct(mr, is_write)
-#define MAP_RAM(mr, ofs) qemu_map_ram_ptr((mr)->ram_block, ofs)
-#define INVALIDATE(mr, ofs, len) invalidate_and_set_dirty(mr, ofs, len)
#define RCU_READ_LOCK(...) rcu_read_lock()
#define RCU_READ_UNLOCK(...) rcu_read_unlock()
#include "memory_ldst.inc.c"
@@ -3841,9 +3838,6 @@ address_space_write_cached_slow(MemoryRegionCache *cache, hwaddr addr,
#define ARG1 cache
#define SUFFIX _cached_slow
#define TRANSLATE(...) address_space_translate_cached(cache, __VA_ARGS__)
-#define IS_DIRECT(mr, is_write) memory_access_is_direct(mr, is_write)
-#define MAP_RAM(mr, ofs) (cache->ptr + (ofs - cache->xlat))
-#define INVALIDATE(mr, ofs, len) invalidate_and_set_dirty(mr, ofs, len)
#define RCU_READ_LOCK() ((void)0)
#define RCU_READ_UNLOCK() ((void)0)
#include "memory_ldst.inc.c"
diff --git a/memory_ldst.inc.c b/memory_ldst.inc.c
index 1548398..acf865b 100644
--- a/memory_ldst.inc.c
+++ b/memory_ldst.inc.c
@@ -34,7 +34,7 @@ static inline uint32_t glue(address_space_ldl_internal, SUFFIX)(ARG1_DECL,
RCU_READ_LOCK();
mr = TRANSLATE(addr, &addr1, &l, false, attrs);
- if (l < 4 || !IS_DIRECT(mr, false)) {
+ if (l < 4 || !memory_access_is_direct(mr, false)) {
release_lock |= prepare_mmio_access(mr);
/* I/O case */
@@ -50,7 +50,7 @@ static inline uint32_t glue(address_space_ldl_internal, SUFFIX)(ARG1_DECL,
#endif
} else {
/* RAM case */
- ptr = MAP_RAM(mr, addr1);
+ ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
switch (endian) {
case DEVICE_LITTLE_ENDIAN:
val = ldl_le_p(ptr);
@@ -110,7 +110,7 @@ static inline uint64_t glue(address_space_ldq_internal, SUFFIX)(ARG1_DECL,
RCU_READ_LOCK();
mr = TRANSLATE(addr, &addr1, &l, false, attrs);
- if (l < 8 || !IS_DIRECT(mr, false)) {
+ if (l < 8 || !memory_access_is_direct(mr, false)) {
release_lock |= prepare_mmio_access(mr);
/* I/O case */
@@ -126,7 +126,7 @@ static inline uint64_t glue(address_space_ldq_internal, SUFFIX)(ARG1_DECL,
#endif
} else {
/* RAM case */
- ptr = MAP_RAM(mr, addr1);
+ ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
switch (endian) {
case DEVICE_LITTLE_ENDIAN:
val = ldq_le_p(ptr);
@@ -184,14 +184,14 @@ uint32_t glue(address_space_ldub, SUFFIX)(ARG1_DECL,
RCU_READ_LOCK();
mr = TRANSLATE(addr, &addr1, &l, false, attrs);
- if (!IS_DIRECT(mr, false)) {
+ if (!memory_access_is_direct(mr, false)) {
release_lock |= prepare_mmio_access(mr);
/* I/O case */
r = memory_region_dispatch_read(mr, addr1, &val, 1, attrs);
} else {
/* RAM case */
- ptr = MAP_RAM(mr, addr1);
+ ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
val = ldub_p(ptr);
r = MEMTX_OK;
}
@@ -220,7 +220,7 @@ static inline uint32_t glue(address_space_lduw_internal, SUFFIX)(ARG1_DECL,
RCU_READ_LOCK();
mr = TRANSLATE(addr, &addr1, &l, false, attrs);
- if (l < 2 || !IS_DIRECT(mr, false)) {
+ if (l < 2 || !memory_access_is_direct(mr, false)) {
release_lock |= prepare_mmio_access(mr);
/* I/O case */
@@ -236,7 +236,7 @@ static inline uint32_t glue(address_space_lduw_internal, SUFFIX)(ARG1_DECL,
#endif
} else {
/* RAM case */
- ptr = MAP_RAM(mr, addr1);
+ ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
switch (endian) {
case DEVICE_LITTLE_ENDIAN:
val = lduw_le_p(ptr);
@@ -297,12 +297,12 @@ void glue(address_space_stl_notdirty, SUFFIX)(ARG1_DECL,
RCU_READ_LOCK();
mr = TRANSLATE(addr, &addr1, &l, true, attrs);
- if (l < 4 || !IS_DIRECT(mr, true)) {
+ if (l < 4 || !memory_access_is_direct(mr, true)) {
release_lock |= prepare_mmio_access(mr);
r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
} else {
- ptr = MAP_RAM(mr, addr1);
+ ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
stl_p(ptr, val);
dirty_log_mask = memory_region_get_dirty_log_mask(mr);
@@ -334,7 +334,7 @@ static inline void glue(address_space_stl_internal, SUFFIX)(ARG1_DECL,
RCU_READ_LOCK();
mr = TRANSLATE(addr, &addr1, &l, true, attrs);
- if (l < 4 || !IS_DIRECT(mr, true)) {
+ if (l < 4 || !memory_access_is_direct(mr, true)) {
release_lock |= prepare_mmio_access(mr);
#if defined(TARGET_WORDS_BIGENDIAN)
@@ -349,7 +349,7 @@ static inline void glue(address_space_stl_internal, SUFFIX)(ARG1_DECL,
r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
} else {
/* RAM case */
- ptr = MAP_RAM(mr, addr1);
+ ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
switch (endian) {
case DEVICE_LITTLE_ENDIAN:
stl_le_p(ptr, val);
@@ -361,7 +361,7 @@ static inline void glue(address_space_stl_internal, SUFFIX)(ARG1_DECL,
stl_p(ptr, val);
break;
}
- INVALIDATE(mr, addr1, 4);
+ invalidate_and_set_dirty(mr, addr1, 4);
r = MEMTX_OK;
}
if (result) {
@@ -406,14 +406,14 @@ void glue(address_space_stb, SUFFIX)(ARG1_DECL,
RCU_READ_LOCK();
mr = TRANSLATE(addr, &addr1, &l, true, attrs);
- if (!IS_DIRECT(mr, true)) {
+ if (!memory_access_is_direct(mr, true)) {
release_lock |= prepare_mmio_access(mr);
r = memory_region_dispatch_write(mr, addr1, val, 1, attrs);
} else {
/* RAM case */
- ptr = MAP_RAM(mr, addr1);
+ ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
stb_p(ptr, val);
- INVALIDATE(mr, addr1, 1);
+ invalidate_and_set_dirty(mr, addr1, 1);
r = MEMTX_OK;
}
if (result) {
@@ -439,7 +439,7 @@ static inline void glue(address_space_stw_internal, SUFFIX)(ARG1_DECL,
RCU_READ_LOCK();
mr = TRANSLATE(addr, &addr1, &l, true, attrs);
- if (l < 2 || !IS_DIRECT(mr, true)) {
+ if (l < 2 || !memory_access_is_direct(mr, true)) {
release_lock |= prepare_mmio_access(mr);
#if defined(TARGET_WORDS_BIGENDIAN)
@@ -454,7 +454,7 @@ static inline void glue(address_space_stw_internal, SUFFIX)(ARG1_DECL,
r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
} else {
/* RAM case */
- ptr = MAP_RAM(mr, addr1);
+ ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
switch (endian) {
case DEVICE_LITTLE_ENDIAN:
stw_le_p(ptr, val);
@@ -466,7 +466,7 @@ static inline void glue(address_space_stw_internal, SUFFIX)(ARG1_DECL,
stw_p(ptr, val);
break;
}
- INVALIDATE(mr, addr1, 2);
+ invalidate_and_set_dirty(mr, addr1, 2);
r = MEMTX_OK;
}
if (result) {
@@ -512,7 +512,7 @@ static void glue(address_space_stq_internal, SUFFIX)(ARG1_DECL,
RCU_READ_LOCK();
mr = TRANSLATE(addr, &addr1, &l, true, attrs);
- if (l < 8 || !IS_DIRECT(mr, true)) {
+ if (l < 8 || !memory_access_is_direct(mr, true)) {
release_lock |= prepare_mmio_access(mr);
#if defined(TARGET_WORDS_BIGENDIAN)
@@ -527,7 +527,7 @@ static void glue(address_space_stq_internal, SUFFIX)(ARG1_DECL,
r = memory_region_dispatch_write(mr, addr1, val, 8, attrs);
} else {
/* RAM case */
- ptr = MAP_RAM(mr, addr1);
+ ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
switch (endian) {
case DEVICE_LITTLE_ENDIAN:
stq_le_p(ptr, val);
@@ -539,7 +539,7 @@ static void glue(address_space_stq_internal, SUFFIX)(ARG1_DECL,
stq_p(ptr, val);
break;
}
- INVALIDATE(mr, addr1, 8);
+ invalidate_and_set_dirty(mr, addr1, 8);
r = MEMTX_OK;
}
if (result) {
@@ -576,8 +576,5 @@ void glue(address_space_stq_be, SUFFIX)(ARG1_DECL,
#undef ARG1
#undef SUFFIX
#undef TRANSLATE
-#undef IS_DIRECT
-#undef MAP_RAM
-#undef INVALIDATE
#undef RCU_READ_LOCK
#undef RCU_READ_UNLOCK
--
1.8.3.1
next prev parent reply other threads:[~2018-06-28 20:05 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-28 20:04 [Qemu-devel] [PULL 00/60] Misc patches for soft freeze Paolo Bonzini
2018-06-28 20:04 ` Paolo Bonzini [this message]
2018-06-28 20:04 ` [Qemu-devel] [PULL 02/60] move public invalidate APIs out of translate-all.{c, h}, clean up Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 03/60] chardev: don't splatter terminal settings on exit if not previously set Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 04/60] main-loop: document IOCanReadHandler Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 05/60] hw/char/serial: Only retry if qemu_chr_fe_write returns 0 Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 06/60] target/i386: Fix BLSR and BLSI Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 07/60] whpx: commit missing file Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 08/60] memory-device: turn alignment assert into check Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 09/60] exec: check that alignment is a power of two Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 10/60] kvm: Delete the slot if and only if the KVM_MEM_READONLY flag is changed Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 11/60] tests/atomic_add-bench: add -m option to use mutexes Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 12/60] qemu-thread: introduce qemu-thread-common.h Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 13/60] QemuMutex: support --enable-debug-mutex Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 14/60] configure: enable debug-mutex if debug enabled Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 15/60] Replace '-enable-kvm' with '-accel kvm' in docs and help texts Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 16/60] qemu-options: Add missing newline to -accel help text Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 17/60] pc-dimm: remove leftover "struct pc_dimms_capacity" Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 18/60] pc: rename pc_dimm_(plug|unplug|...)* into pc_memory_(plug|unplug|...)* Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 19/60] pc-dimm: rename pc_dimm_memory_* to pc_dimm_* Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 20/60] pc-dimm: remove pc_dimm_get_free_slot() from header Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 21/60] pc: factor out pc specific dimm checks into pc_memory_pre_plug() Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 22/60] nvdimm: no need to overwrite get_vmstate_memory_region() Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 23/60] hostmem: drop error variable from host_memory_backend_get_memory() Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 24/60] pc-dimm: merge get_(vmstate_)memory_region() Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 25/60] nvdimm: convert "unarmed" into a static property Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 26/60] nvdimm: convert nvdimm_mr into a pointer Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 27/60] nvdimm: make get_memory_region() perform checks and initialization Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 28/60] pc-dimm: get_memory_region() will not fail after realize Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 29/60] numa: report all DIMM/NVDIMMs as plugged memory Paolo Bonzini
2018-06-28 20:12 ` David Hildenbrand
2018-06-28 20:04 ` [Qemu-devel] [PULL 30/60] osdep: work around Coverity parsing errors Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 31/60] Deprecate the -enable-hax option Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 32/60] pr-helper: fix --socket-path default in help Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 33/60] pr-helper: fix assertion failure on failed multipath PERSISTENT RESERVE IN Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 34/60] pr-manager-helper: avoid SIGSEGV when writing to the socket fail Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 35/60] pr-manager: put stubs in .c file Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 36/60] pr-manager: add query-pr-managers QMP command Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 37/60] pr-manager-helper: report event on connection/disconnection Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 38/60] hw/mips/jazz: create ESP device directly via qdev Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 39/60] esp: remove legacy esp_init() function Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 40/60] WHPX workaround bug in OSVW handling Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 41/60] WHPX: register for unrecognized MSR exits Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 42/60] memory/hmp: Print owners/parents in "info mtree" Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 43/60] target-i386: Add NMI interception to SVM Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 44/60] target-i386: Allow interrupt injection after STGI Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 45/60] target-i386: Mark cpu_vmexit noreturn Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 46/60] doc: another fix to "info pic" Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 47/60] ioapic: support " Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 48/60] ioapic: some proper indents when dump info Paolo Bonzini
2018-06-28 20:04 ` [Qemu-devel] [PULL 49/60] ioapic: support "info irq" Paolo Bonzini
2018-06-28 20:05 ` [Qemu-devel] [PULL 50/60] hmp: obsolete "info ioapic" Paolo Bonzini
2018-06-28 20:05 ` [Qemu-devel] [PULL 51/60] kvm: support -overcommit cpu-pm=on|off Paolo Bonzini
2018-06-28 20:05 ` [Qemu-devel] [PULL 52/60] i386/cpu: make -cpu host support monitor/mwait Paolo Bonzini
2018-06-28 20:05 ` [Qemu-devel] [PULL 53/60] dump: add Windows dump format to dump-guest-memory Paolo Bonzini
2018-06-28 20:05 ` [Qemu-devel] [PULL 54/60] dump: use system context in Windows dump Paolo Bonzini
2018-06-28 20:05 ` [Qemu-devel] [PULL 55/60] dump: add fallback KDBG using " Paolo Bonzini
2018-06-28 20:05 ` [Qemu-devel] [PULL 56/60] dump: add Windows live system dump Paolo Bonzini
2018-06-28 20:05 ` [Qemu-devel] [PULL 57/60] hw/scsi: cleanups before VPD BL emulation Paolo Bonzini
2018-06-28 20:05 ` [Qemu-devel] [PULL 58/60] hw/scsi: centralize SG_IO calls into single function Paolo Bonzini
2018-06-28 20:05 ` [Qemu-devel] [PULL 59/60] hw/scsi: add VPD Block Limits emulation Paolo Bonzini
2018-06-28 20:05 ` [Qemu-devel] [PULL 60/60] tests/boot-serial: Do not delete the output file in case of errors Paolo Bonzini
2018-06-29 9:25 ` [Qemu-devel] [PULL 00/60] Misc patches for soft freeze Peter Maydell
2018-06-29 9:44 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1530216310-52873-2-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=eric.auger@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).