From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52442)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1W3hmT-0001uY-N1
	for qemu-devel@nongnu.org; Thu, 16 Jan 2014 02:54:31 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1W3hmN-0006Qb-NU
	for qemu-devel@nongnu.org; Thu, 16 Jan 2014 02:54:25 -0500
Received: from mx1.redhat.com ([209.132.183.28]:41689)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1W3hmN-0006QX-FN
	for qemu-devel@nongnu.org; Thu, 16 Jan 2014 02:54:19 -0500
Date: Thu, 16 Jan 2014 09:54:08 +0200
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20140116075408.GA21539@redhat.com>
References: <20140116044321.23067.79229.stgit@bling.home>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20140116044321.23067.79229.stgit@bling.home>
Subject: Re: [Qemu-devel] [PATCH v2] vfio: Filter out bogus mappings
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alex Williamson <alex.williamson@redhat.com>
Cc: aik@ozlabs.ru, bsd@redhat.com, qemu-devel@nongnu.org

On Wed, Jan 15, 2014 at 09:44:14PM -0700, Alex Williamson wrote:
> Since 57271d63 we now see spurious mappings with the upper bits set
> if 64bit PCI BARs are sized while enabled.  The guest writes a mask
> of 0xffffffff to the lower BAR to size it, then restores it, then
> writes the same mask to the upper BAR resulting in a spurious BAR
> mapping into the last 4G of the 64bit address space.  Most
> architectures do not support or make use of the full 64bits address
> space for PCI BARs, so we filter out mappings with the high bit set.
> Long term, we probably need to think about vfio telling us the
> address width limitations of the IOMMU.
> 
> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>

Did you say something similar is needed for legacy
assigned devices as well?

> ---
>  hw/misc/vfio.c |    9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
> index 30b1a78..d304213 100644
> --- a/hw/misc/vfio.c
> +++ b/hw/misc/vfio.c
> @@ -2156,7 +2156,14 @@ static int vfio_dma_map(VFIOContainer *container, hwaddr iova,
>  
>  static bool vfio_listener_skipped_section(MemoryRegionSection *section)
>  {
> -    return !memory_region_is_ram(section->mr);
> +    return !memory_region_is_ram(section->mr) ||
> +           /*
> +            * Sizing an enabled 64-bit BAR can cause spurious mappings to
> +            * addresses in the upper part of the 64-bit address space.  These
> +            * are never accessed by the CPU and beyond the address width of
> +            * some IOMMU hardware.  TODO: VFIO should tell us the IOMMU width.
> +            */
> +           section->offset_within_address_space & (1ULL << 63);
>  }
>  
>  static void vfio_listener_region_add(MemoryListener *listener,