From: Alex Williamson <alex.williamson@redhat.com>
To: Akihiko Odaki <akihiko.odaki@daynix.com>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org,
qemu-arm@nongnu.org, "Michael S . Tsirkin" <mst@redhat.com>,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
Eduardo Habkost <eduardo@habkost.net>,
John Snow <jsnow@redhat.com>,
Dmitry Fleytman <dmitry.fleytman@gmail.com>,
Jason Wang <jasowang@redhat.com>, Stefan Weil <sw@weilnetz.de>,
Keith Busch <kbusch@kernel.org>, Klaus Jensen <its@irrelevant.dk>,
Peter Maydell <peter.maydell@linaro.org>,
Andrey Smirnov <andrew.smirnov@gmail.com>,
Paul Burton <paulburton@kernel.org>,
Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>,
Yan Vugenfirer <yan@daynix.com>,
Yuri Benditovich <yuri.benditovich@daynix.com>
Subject: Re: [PATCH v5 01/17] hw/vfio/pci: Ensure MSI and MSI-X do not overlap
Date: Fri, 28 Oct 2022 08:16:27 -0600 [thread overview]
Message-ID: <20221028081627.50c9bf61.alex.williamson@redhat.com> (raw)
In-Reply-To: <20221028122629.3269-2-akihiko.odaki@daynix.com>
On Fri, 28 Oct 2022 21:26:13 +0900
Akihiko Odaki <akihiko.odaki@daynix.com> wrote:
> vfio_add_std_cap() is designed to ensure that capabilities do not
> overlap, but it failed to do so for MSI and MSI-X capabilities.
>
> Ensure MSI and MSI-X capabilities do not overlap with others by omitting
> other overlapping capabilities.
>
> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
> ---
> hw/vfio/pci.c | 63 +++++++++++++++++++++++++++++++++++++++++++--------
> hw/vfio/pci.h | 3 +++
> 2 files changed, 56 insertions(+), 10 deletions(-)
>
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index 939dcc3d4a..36c8f3dc85 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
> @@ -1278,23 +1278,42 @@ static void vfio_disable_interrupts(VFIOPCIDevice *vdev)
> }
> }
>
> -static int vfio_msi_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
> +static void vfio_msi_early_setup(VFIOPCIDevice *vdev, Error **errp)
> {
> uint16_t ctrl;
> - bool msi_64bit, msi_maskbit;
> - int ret, entries;
> - Error *err = NULL;
> + uint8_t pos;
> +
> + pos = pci_find_capability(&vdev->pdev, PCI_CAP_ID_MSI);
> + if (!pos) {
> + return;
> + }
>
> if (pread(vdev->vbasedev.fd, &ctrl, sizeof(ctrl),
> vdev->config_offset + pos + PCI_CAP_FLAGS) != sizeof(ctrl)) {
> error_setg_errno(errp, errno, "failed reading MSI PCI_CAP_FLAGS");
> - return -errno;
> + return;
> }
> - ctrl = le16_to_cpu(ctrl);
> + vdev->msi_pos = pos;
> + vdev->msi_ctrl = le16_to_cpu(ctrl);
>
> - msi_64bit = !!(ctrl & PCI_MSI_FLAGS_64BIT);
> - msi_maskbit = !!(ctrl & PCI_MSI_FLAGS_MASKBIT);
> - entries = 1 << ((ctrl & PCI_MSI_FLAGS_QMASK) >> 1);
> + vdev->msi_cap_size = 0xa;
> + if ((vdev->msi_ctrl & PCI_MSI_FLAGS_MASKBIT)) {
> + vdev->msi_cap_size += 0xa;
> + }
> + if ((vdev->msi_ctrl & PCI_MSI_FLAGS_64BIT)) {
> + vdev->msi_cap_size += 0x4;
> + }
> +}
> +
> +static int vfio_msi_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
> +{
> + bool msi_64bit, msi_maskbit;
> + int ret, entries;
> + Error *err = NULL;
> +
> + msi_64bit = !!(vdev->msi_ctrl & PCI_MSI_FLAGS_64BIT);
> + msi_maskbit = !!(vdev->msi_ctrl & PCI_MSI_FLAGS_MASKBIT);
> + entries = 1 << ((vdev->msi_ctrl & PCI_MSI_FLAGS_QMASK) >> 1);
>
> trace_vfio_msi_setup(vdev->vbasedev.name, pos);
>
> @@ -1306,7 +1325,6 @@ static int vfio_msi_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
> error_propagate_prepend(errp, err, "msi_init failed: ");
> return ret;
> }
> - vdev->msi_cap_size = 0xa + (msi_maskbit ? 0xa : 0) + (msi_64bit ? 0x4 : 0);
>
> return 0;
> }
> @@ -1524,6 +1542,7 @@ static void vfio_msix_early_setup(VFIOPCIDevice *vdev, Error **errp)
> pba = le32_to_cpu(pba);
>
> msix = g_malloc0(sizeof(*msix));
> + msix->pos = pos;
> msix->table_bar = table & PCI_MSIX_FLAGS_BIRMASK;
> msix->table_offset = table & ~PCI_MSIX_FLAGS_BIRMASK;
> msix->pba_bar = pba & PCI_MSIX_FLAGS_BIRMASK;
> @@ -2025,6 +2044,24 @@ static int vfio_add_std_cap(VFIOPCIDevice *vdev, uint8_t pos, Error **errp)
> }
> }
>
> + if (cap_id != PCI_CAP_ID_MSI &&
> + range_covers_byte(vdev->msi_pos, vdev->msi_cap_size, pos)) {
> + warn_report(VFIO_MSG_PREFIX
> + "A capability overlaps with MSI, ignoring (%" PRIu8 " @ %" PRIu8 " in [%" PRIu8 ", %" PRIu8 "))",
> + vdev->vbasedev.name, cap_id, pos,
> + vdev->msi_pos, vdev->msi_pos + vdev->msi_cap_size);
> + return 0;
> + }
> +
> + if (cap_id != PCI_CAP_ID_MSIX && vdev->msix &&
> + range_covers_byte(vdev->msix->pos, MSIX_CAP_LENGTH, pos)) {
> + warn_report(VFIO_MSG_PREFIX
> + "A capability overlaps with MSI-X, ignoring (%" PRIu8 " @ %" PRIu8 " in [%" PRIu8 ", %" PRIu8 "))",
> + vdev->vbasedev.name, cap_id, pos,
> + vdev->msix->pos, vdev->msix->pos + MSIX_CAP_LENGTH);
> + return 0;
> + }
Capabilities are not a single byte, the fact that it doesn't start
within the MSI or MSI-X capability is not a sufficient test. We're
also choosing to prioritize MSI and MSI-X capabilities by protecting
that range rather than the existing behavior where we'd drop those
capabilities if they overlap with another capability that has already
been placed. There are merits to both approaches, but I don't see any
justification here to change the current behavior.
Isn't the most similar behavior to existing to pass the available size
to vfio_msi[x]_setup() and return an errno if the size would be
exceeded? Something like below (untested, and requires exporting
msi_cap_sizeof()). Thanks,
Alex
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 939dcc3d4a9e..485f9bc5102d 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -1278,11 +1278,13 @@ static void vfio_disable_interrupts(VFIOPCIDevice *vdev)
}
}
-static int vfio_msi_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
+static int vfio_msi_setup(VFIOPCIDevice *vdev, int pos,
+ uint8_t size, Error **errp)
{
uint16_t ctrl;
bool msi_64bit, msi_maskbit;
int ret, entries;
+ uint8_t msi_cap_size;
Error *err = NULL;
if (pread(vdev->vbasedev.fd, &ctrl, sizeof(ctrl),
@@ -1295,6 +1297,10 @@ static int vfio_msi_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
msi_64bit = !!(ctrl & PCI_MSI_FLAGS_64BIT);
msi_maskbit = !!(ctrl & PCI_MSI_FLAGS_MASKBIT);
entries = 1 << ((ctrl & PCI_MSI_FLAGS_QMASK) >> 1);
+ msi_cap_size = msi_cap_sizeof(ctrl);
+
+ if (msi_cap_size > size)
+ return -ENOSPC;
trace_vfio_msi_setup(vdev->vbasedev.name, pos);
@@ -1306,7 +1312,7 @@ static int vfio_msi_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
error_propagate_prepend(errp, err, "msi_init failed: ");
return ret;
}
- vdev->msi_cap_size = 0xa + (msi_maskbit ? 0xa : 0) + (msi_64bit ? 0x4 : 0);
+ vdev->msi_cap_size = msi_cap_size;
return 0;
}
@@ -1570,11 +1576,15 @@ static void vfio_msix_early_setup(VFIOPCIDevice *vdev, Error **errp)
vfio_pci_relocate_msix(vdev, errp);
}
-static int vfio_msix_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
+static int vfio_msix_setup(VFIOPCIDevice *vdev, int pos,
+ uint8_t size, Error **errp)
{
int ret;
Error *err = NULL;
+ if (MSIX_CAP_LENGTH > size)
+ return -ENOSPC;
+
vdev->msix->pending = g_new0(unsigned long,
BITS_TO_LONGS(vdev->msix->entries));
ret = msix_init(&vdev->pdev, vdev->msix->entries,
@@ -2033,14 +2043,14 @@ static int vfio_add_std_cap(VFIOPCIDevice *vdev, uint8_t pos, Error **errp)
switch (cap_id) {
case PCI_CAP_ID_MSI:
- ret = vfio_msi_setup(vdev, pos, errp);
+ ret = vfio_msi_setup(vdev, pos, size, errp);
break;
case PCI_CAP_ID_EXP:
vfio_check_pcie_flr(vdev, pos);
ret = vfio_setup_pcie_cap(vdev, pos, size, errp);
break;
case PCI_CAP_ID_MSIX:
- ret = vfio_msix_setup(vdev, pos, errp);
+ ret = vfio_msix_setup(vdev, pos, size, errp);
break;
case PCI_CAP_ID_PM:
vfio_check_pm_reset(vdev, pos);
next prev parent reply other threads:[~2022-10-28 14:18 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-28 12:26 [PATCH v5 00/17] pci: Abort if pci_add_capability fails Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 01/17] hw/vfio/pci: Ensure MSI and MSI-X do not overlap Akihiko Odaki
2022-10-28 14:16 ` Alex Williamson [this message]
2022-10-28 16:12 ` Akihiko Odaki
2022-10-28 19:23 ` Alex Williamson
2022-10-31 12:37 ` Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 02/17] pci: Allow to omit errp for pci_add_capability Akihiko Odaki
2022-10-28 22:35 ` Philippe Mathieu-Daudé
2022-10-31 12:39 ` Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 03/17] hw/i386/amd_iommu: Omit " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 04/17] ahci: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 05/17] e1000e: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 06/17] eepro100: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 07/17] hw/nvme: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 08/17] msi: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 09/17] hw/pci/pci_bridge: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 10/17] pcie: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 11/17] pci/shpc: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 12/17] msix: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 13/17] pci/slotid: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 14/17] hw/pci-bridge/pcie_pci_bridge: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 15/17] hw/vfio/pci: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 16/17] virtio-pci: " Akihiko Odaki
2022-10-28 12:26 ` [PATCH v5 17/17] pci: Remove legacy errp from pci_add_capability Akihiko Odaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221028081627.50c9bf61.alex.williamson@redhat.com \
--to=alex.williamson@redhat.com \
--cc=akihiko.odaki@daynix.com \
--cc=aleksandar.rikalo@syrmia.com \
--cc=andrew.smirnov@gmail.com \
--cc=dmitry.fleytman@gmail.com \
--cc=eduardo@habkost.net \
--cc=its@irrelevant.dk \
--cc=jasowang@redhat.com \
--cc=jsnow@redhat.com \
--cc=kbusch@kernel.org \
--cc=kraxel@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=paulburton@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=sw@weilnetz.de \
--cc=yan@daynix.com \
--cc=yuri.benditovich@daynix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).