[PULL 0/2] Xen queue

[PULL 0/2] Xen queue

[Anthony PERARD via]

The following changes since commit 48302d4eb628ff0bea4d7e92cbf6b726410eb4c3:

  Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20220126' into staging (2022-01-26 10:59:50 +0000)

are available in the Git repository at:

  https://xenbits.xen.org/git-http/people/aperard/qemu-dm.git tags/pull-xen-20220127

for you to fetch changes up to a021a2dd8b790437d27db95774969349632f856a:

  xen-mapcache: Avoid entry->lock overflow (2022-01-27 15:14:21 +0000)

----------------------------------------------------------------
Xen patches

- bug fixes for mapcache and ioreq handling

----------------------------------------------------------------
Jason Andryuk (1):
      xen-hvm: Allow disabling buffer_io_timer

Ross Lagerwall (1):
      xen-mapcache: Avoid entry->lock overflow

 hw/i386/xen/xen-hvm.c      | 6 ++++--
 hw/i386/xen/xen-mapcache.c | 8 +++++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

[PULL 1/2] xen-hvm: Allow disabling buffer_io_timer

[Anthony PERARD via]

From: Jason Andryuk <jandryuk@gmail.com>

commit f37f29d31488 "xen: slightly simplify bufioreq handling" hard
coded setting req.count = 1 during initial field setup before the main
loop.  This missed a subtlety that an early exit from the loop when
there are no ioreqs to process, would have req.count == 0 for the return
value.  handle_buffered_io() would then remove state->buffered_io_timer.
Instead handle_buffered_iopage() is basically always returning true and
handle_buffered_io() always re-setting the timer.

Restore the disabling of the timer by introducing a new handled_ioreq
boolean and use as the return value.  The named variable will more
clearly show the intent of the code.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <20211210193434.75566-1-jandryuk@gmail.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
---
 hw/i386/xen/xen-hvm.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c
index 482be95415..cf8e500514 100644
--- a/hw/i386/xen/xen-hvm.c
+++ b/hw/i386/xen/xen-hvm.c
@@ -1087,10 +1087,11 @@ static void handle_ioreq(XenIOState *state, ioreq_t *req)
     }
 }
 
-static int handle_buffered_iopage(XenIOState *state)
+static bool handle_buffered_iopage(XenIOState *state)
 {
     buffered_iopage_t *buf_page = state->buffered_io_page;
     buf_ioreq_t *buf_req = NULL;
+    bool handled_ioreq = false;
     ioreq_t req;
     int qw;
 
@@ -1144,9 +1145,10 @@ static int handle_buffered_iopage(XenIOState *state)
         assert(!req.data_is_ptr);
 
         qatomic_add(&buf_page->read_pointer, qw + 1);
+        handled_ioreq = true;
     }
 
-    return req.count;
+    return handled_ioreq;
 }
 
 static void handle_buffered_io(void *opaque)
-- 
Anthony PERARD

[PULL 2/2] xen-mapcache: Avoid entry->lock overflow

[Anthony PERARD via]

From: Ross Lagerwall <ross.lagerwall@citrix.com>

In some cases, a particular mapcache entry may be mapped 256 times
causing the lock field to wrap to 0. For example, this may happen when
using emulated NVME and the guest submits a large scatter-gather write.
At this point, the entry map be remapped causing QEMU to write the wrong
data or crash (since remap is not atomic).

Avoid this overflow by increasing the lock field to a uint32_t and also
detect it and abort rather than continuing regardless.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Message-Id: <20220124104450.152481-1-ross.lagerwall@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
---
 hw/i386/xen/xen-mapcache.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/i386/xen/xen-mapcache.c b/hw/i386/xen/xen-mapcache.c
index bd47c3d672..f2ef977963 100644
--- a/hw/i386/xen/xen-mapcache.c
+++ b/hw/i386/xen/xen-mapcache.c
@@ -52,7 +52,7 @@ typedef struct MapCacheEntry {
     hwaddr paddr_index;
     uint8_t *vaddr_base;
     unsigned long *valid_mapping;
-    uint8_t lock;
+    uint32_t lock;
 #define XEN_MAPCACHE_ENTRY_DUMMY (1 << 0)
     uint8_t flags;
     hwaddr size;
@@ -355,6 +355,12 @@ static uint8_t *xen_map_cache_unlocked(hwaddr phys_addr, hwaddr size,
     if (lock) {
         MapCacheRev *reventry = g_malloc0(sizeof(MapCacheRev));
         entry->lock++;
+        if (entry->lock == 0) {
+            fprintf(stderr,
+                    "mapcache entry lock overflow: "TARGET_FMT_plx" -> %p\n",
+                    entry->paddr_index, entry->vaddr_base);
+            abort();
+        }
         reventry->dma = dma;
         reventry->vaddr_req = mapcache->last_entry->vaddr_base + address_offset;
         reventry->paddr_index = mapcache->last_entry->paddr_index;
-- 
Anthony PERARD

Re: [PULL 0/2] Xen queue

[Peter Maydell]

On Thu, 27 Jan 2022 at 15:43, Anthony PERARD <anthony.perard@citrix.com> wrote:
>
> The following changes since commit 48302d4eb628ff0bea4d7e92cbf6b726410eb4c3:
>
>   Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20220126' into staging (2022-01-26 10:59:50 +0000)
>
> are available in the Git repository at:
>
>   https://xenbits.xen.org/git-http/people/aperard/qemu-dm.git tags/pull-xen-20220127
>
> for you to fetch changes up to a021a2dd8b790437d27db95774969349632f856a:
>
>   xen-mapcache: Avoid entry->lock overflow (2022-01-27 15:14:21 +0000)
>
> ----------------------------------------------------------------
> Xen patches
>
> - bug fixes for mapcache and ioreq handling
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.

-- PMM

[PULL 0/2] xen queue

[Anthony PERARD via]

The following changes since commit 19361471b59441cd6f2aa22d4fbee7a6e9e76586:

  Merge tag 'pull-la-20220705' of https://gitlab.com/rth7680/qemu into staging (2022-07-05 16:30:52 +0530)

are available in the Git repository at:

  https://xenbits.xen.org/git-http/people/aperard/qemu-dm.git tags/pull-xen-20220705

for you to fetch changes up to c0e86b7624cb9d6db03e0d48cf82659e5b89a6a6:

  xen/pass-through: don't create needless register group (2022-07-05 14:19:48 +0100)

----------------------------------------------------------------
Xen patches

- Xen PCI passthrough fixes

----------------------------------------------------------------
Chuck Zmudzinski (2):
      xen/pass-through: merge emulated bits correctly
      xen/pass-through: don't create needless register group

 hw/xen/xen_pt_config_init.c | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

Re: [PULL 0/2] xen queue

[Richard Henderson]

On 7/5/22 19:15, Anthony PERARD via wrote:
> The following changes since commit 19361471b59441cd6f2aa22d4fbee7a6e9e76586:
> 
>    Merge tag 'pull-la-20220705' of https://gitlab.com/rth7680/qemu into staging (2022-07-05 16:30:52 +0530)
> 
> are available in the Git repository at:
> 
>    https://xenbits.xen.org/git-http/people/aperard/qemu-dm.git tags/pull-xen-20220705
> 
> for you to fetch changes up to c0e86b7624cb9d6db03e0d48cf82659e5b89a6a6:
> 
>    xen/pass-through: don't create needless register group (2022-07-05 14:19:48 +0100)
> 
> ----------------------------------------------------------------
> Xen patches
> 
> - Xen PCI passthrough fixes

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate.


r~


> 
> ----------------------------------------------------------------
> Chuck Zmudzinski (2):
>        xen/pass-through: merge emulated bits correctly
>        xen/pass-through: don't create needless register group
> 
>   hw/xen/xen_pt_config_init.c | 25 +++++++++++++++----------
>   1 file changed, 15 insertions(+), 10 deletions(-)
> 

[PULL 0/2] xen queue

[Anthony PERARD via]

The following changes since commit 2946e1af2704bf6584f57d4e3aec49d1d5f3ecc0:

  configure: Disable thread-safety warnings on macOS (2023-03-04 14:03:46 +0000)

are available in the Git repository at:

  https://xenbits.xen.org/git-http/people/aperard/qemu-dm.git tags/pull-xen-20230306

for you to fetch changes up to 3856734d80fbf46683e4080117ed961f5ab1300b:

  hw/xen/xen_pt: fix uninitialized variable (2023-03-06 11:27:37 +0000)

----------------------------------------------------------------
Xen queue:

- fix for graphic passthrough with 'xenfv' machine
- fix uninitialized variable

----------------------------------------------------------------
Chuck Zmudzinski (1):
      xen/pt: reserve PCI slot 2 for Intel igd-passthru

Marek Marczykowski-Górecki (1):
      hw/xen/xen_pt: fix uninitialized variable

 hw/i386/pc_piix.c           |  1 +
 hw/xen/xen_pt.c             | 64 +++++++++++++++++++++++++++++++++++++--------
 hw/xen/xen_pt.h             | 20 ++++++++++++++
 hw/xen/xen_pt_config_init.c |  2 +-
 hw/xen/xen_pt_stub.c        |  4 +++
 5 files changed, 79 insertions(+), 12 deletions(-)

Re: [PULL 0/2] xen queue

[Peter Maydell]

On Mon, 6 Mar 2023 at 14:03, Anthony PERARD via <qemu-devel@nongnu.org> wrote:
>
> The following changes since commit 2946e1af2704bf6584f57d4e3aec49d1d5f3ecc0:
>
>   configure: Disable thread-safety warnings on macOS (2023-03-04 14:03:46 +0000)
>
> are available in the Git repository at:
>
>   https://xenbits.xen.org/git-http/people/aperard/qemu-dm.git tags/pull-xen-20230306
>
> for you to fetch changes up to 3856734d80fbf46683e4080117ed961f5ab1300b:
>
>   hw/xen/xen_pt: fix uninitialized variable (2023-03-06 11:27:37 +0000)
>
> ----------------------------------------------------------------
> Xen queue:
>
> - fix for graphic passthrough with 'xenfv' machine
> - fix uninitialized variable
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/8.0
for any user-visible changes.

-- PMM

[PULL 0/2] xen queue

[Anthony PERARD via]

The following changes since commit 60ca584b8af0de525656f959991a440f8c191f12:

  Merge tag 'pull-for-8.0-220323-1' of https://gitlab.com/stsquad/qemu into staging (2023-03-22 17:58:12 +0000)

are available in the Git repository at:

  https://xenbits.xen.org/git-http/people/aperard/qemu-dm.git tags/pull-xen-20230324

for you to fetch changes up to 670d8c6ebf7a2c425575bbd6fbaeb27d21edd6c6:

  hw/xenpv: Initialize Xen backend operations (2023-03-24 14:52:14 +0000)

----------------------------------------------------------------
Xen queue

- fix guest creation when -xen-domid-restrict is used.
- fix Xen PV guest creation.

----------------------------------------------------------------
David Woodhouse (2):
      accel/xen: Fix DM state change notification in dm_restrict mode
      hw/xenpv: Initialize Xen backend operations

 accel/xen/xen-all.c       | 27 ++++++++++-----------------
 hw/xenpv/xen_machine_pv.c |  2 ++
 2 files changed, 12 insertions(+), 17 deletions(-)

Re: [PULL 0/2] xen queue

[Peter Maydell]

On Fri, 24 Mar 2023 at 14:56, Anthony PERARD <anthony.perard@citrix.com> wrote:
>
> The following changes since commit 60ca584b8af0de525656f959991a440f8c191f12:
>
>   Merge tag 'pull-for-8.0-220323-1' of https://gitlab.com/stsquad/qemu into staging (2023-03-22 17:58:12 +0000)
>
> are available in the Git repository at:
>
>   https://xenbits.xen.org/git-http/people/aperard/qemu-dm.git tags/pull-xen-20230324
>
> for you to fetch changes up to 670d8c6ebf7a2c425575bbd6fbaeb27d21edd6c6:
>
>   hw/xenpv: Initialize Xen backend operations (2023-03-24 14:52:14 +0000)
>
> ----------------------------------------------------------------
> Xen queue
>
> - fix guest creation when -xen-domid-restrict is used.
> - fix Xen PV guest creation.
>
> ----------------------------------------------------------------


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/8.0
for any user-visible changes.

-- PMM