From: "Michael S. Tsirkin" <mst@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, Eric Auger <eric.auger@redhat.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Zhenzhong Duan <zhenzhong.duan@intel.com>
Subject: Re: [PULL 46/66] virtio-iommu: Fix 64kB host page size VFIO device assignment
Date: Mon, 17 Jul 2023 07:51:51 -0400 [thread overview]
Message-ID: <20230717075137-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <CAFEAcA9JAZrxpcfjyEj8Hj1eYb+9PUxV2i05JTZwe0u+gVSBPg@mail.gmail.com>
On Mon, Jul 17, 2023 at 11:50:54AM +0100, Peter Maydell wrote:
> On Tue, 11 Jul 2023 at 00:04, Michael S. Tsirkin <mst@redhat.com> wrote:
> >
> > From: Eric Auger <eric.auger@redhat.com>
> >
> > When running on a 64kB page size host and protecting a VFIO device
> > with the virtio-iommu, qemu crashes with this kind of message:
> >
> > qemu-kvm: virtio-iommu page mask 0xfffffffffffff000 is incompatible
> > with mask 0x20010000
> > qemu: hardware error: vfio: DMA mapping failed, unable to continue
> >
> > This is due to the fact the IOMMU MR corresponding to the VFIO device
> > is enabled very late on domain attach, after the machine init.
> > The device reports a minimal 64kB page size but it is too late to be
> > applied. virtio_iommu_set_page_size_mask() fails and this causes
> > vfio_listener_region_add() to end up with hw_error();
> >
> > To work around this issue, we transiently enable the IOMMU MR on
> > machine init to collect the page size requirements and then restore
> > the bypass state.
> >
> > Fixes: 90519b9053 ("virtio-iommu: Add bypass mode support to assigned device")
> > Signed-off-by: Eric Auger <eric.auger@redhat.com>
>
> Hi; Coverity complains about this change (CID 1517772):
>
> > +static void virtio_iommu_freeze_granule(Notifier *notifier, void *data)
> > +{
> > + VirtIOIOMMU *s = container_of(notifier, VirtIOIOMMU, machine_done);
> > + int granule;
> > +
> > + if (likely(s->config.bypass)) {
> > + /*
> > + * Transient IOMMU MR enable to collect page_size_mask requirements
> > + * through memory_region_iommu_set_page_size_mask() called by
> > + * VFIO region_add() callback
> > + */
> > + s->config.bypass = false;
> > + virtio_iommu_switch_address_space_all(s);
> > + /* restore default */
> > + s->config.bypass = true;
> > + virtio_iommu_switch_address_space_all(s);
> > + }
> > + s->granule_frozen = true;
> > + granule = ctz64(s->config.page_size_mask);
> > + trace_virtio_iommu_freeze_granule(BIT(granule));
>
> Specifically, in this code, it thinks that ctz64() can
> return 64, in which case BIT(granule) is shifting off
> the end of the value, which is undefined behaviour.
> This can happen if s->config.page_size_mask is 0 -- are
> there assertions/checks that that can't happen elsewhere?
>
> Secondly, BIT() only works for values up to 32, since
> it works on type unsigned long, which might be a 32-bit
> type on some hosts. Since you used ctz64()
> you probably want BIT_ULL() which uses the ULL type
> which definitely has 64 bits.
>
> thanks
> -- PMM
Thanks! Eric can you fix pls?
--
MST
next prev parent reply other threads:[~2023-07-17 11:52 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-10 23:02 [PULL 00/66] pc,pci,virtio: cleanups, fixes, features Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 01/66] vdpa: Remove status in reset tracing Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 02/66] vhost: register and change IOMMU flag depending on Device-TLB state Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 03/66] virtio-net: pass Device-TLB enable/disable events to vhost Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 04/66] virtio-gpu: refactor generate_edid function to virtio_gpu_base Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 05/66] docs: vhost-user-gpu: add protocol changes for EDID Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 06/66] contrib/vhost-user-gpu: implement get_edid feature Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 07/66] vhost-user-gpu: implement get_edid frontend feature Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 08/66] hw/virtio: Add boilerplate for vhost-user-scmi device Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 09/66] hw/virtio: Add vhost-user-scmi-pci boilerplate Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 10/66] tests/qtest: enable tests for virtio-scmi Michael S. Tsirkin
2023-07-18 12:42 ` Thomas Huth
2023-07-18 12:55 ` Milan Zamazal
2023-07-19 13:02 ` Thomas Huth
2023-07-19 19:56 ` Milan Zamazal
2023-07-20 8:40 ` Thomas Huth
2023-07-20 9:25 ` Milan Zamazal
2023-07-19 20:51 ` Fabiano Rosas
2023-07-20 8:34 ` Milan Zamazal
2023-07-10 23:02 ` [PULL 11/66] machine: Add helpers to get cores/threads per socket Michael S. Tsirkin
2023-07-10 23:02 ` [PULL 12/66] hw/smbios: Fix smbios_smp_sockets caculation Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 13/66] hw/smbios: Fix thread count in type4 Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 14/66] hw/smbios: Fix core " Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 15/66] vhost-user: Change one_time to per_device request Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 16/66] vhost-user: Make RESET_DEVICE a per device message Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 17/66] hw/i386/pc_q35: Resolve redundant q35_host variable Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 18/66] hw/pci-host/q35: Fix double, contradicting .endianness assignment Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 19/66] hw/pci-host/q35: Initialize PCMachineState::bus in board code Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 20/66] hw/pci/pci_host: Introduce PCI_HOST_BYPASS_IOMMU macro Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 21/66] hw/pci-host/q35: Initialize PCI_HOST_BYPASS_IOMMU property from board code Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 22/66] hw/pci-host/q35: Make some property name macros reusable by i440fx Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 23/66] hw/i386/pc_piix: Turn some local variables into initializers Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 24/66] hw/pci-host/i440fx: Add "i440fx" child property in board code Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 25/66] hw/pci-host/i440fx: Replace magic values by existing constants Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 26/66] hw/pci-host/i440fx: Have common names for some local variables Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 27/66] hw/pci-host/i440fx: Move i440fx_realize() into PCII440FXState section Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 28/66] hw/pci-host/i440fx: Make MemoryRegion pointers accessible as properties Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 29/66] hw/pci-host/i440fx: Add PCI_HOST_PROP_IO_MEM property Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 30/66] hw/pci-host/i440fx: Add PCI_HOST_{ABOVE, BELOW}_4G_MEM_SIZE properties Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 31/66] hw/pci-host/i440fx: Add I440FX_HOST_PROP_PCI_TYPE property Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 32/66] hw/pci-host/i440fx: Resolve i440fx_init() Michael S. Tsirkin
2023-07-10 23:03 ` [PULL 33/66] hw/i386/pc_piix: Move i440fx' realize near its qdev_new() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 34/66] hw/pci/pci: Remove multifunction parameter from pci_create_simple_multifunction() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 35/66] hw/pci/pci: Remove multifunction parameter from pci_new_multifunction() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 36/66] pcie: Release references of virtual functions Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 37/66] vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_mac() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 38/66] vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_mq() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 39/66] vdpa: Return -EIO if device ack is VIRTIO_NET_ERR in _load_offloads() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 40/66] vhost-vdpa: mute unaligned memory error report Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 41/66] tests/acpi: allow changes in DSDT.noacpihp table blob Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 42/66] tests/acpi/bios-tables-test: use the correct slot on the pcie-root-port Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 43/66] tests/acpi/bios-tables-test: update acpi blob q35/DSDT.noacpihp Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 44/66] tests/qtest/hd-geo-test: fix incorrect pcie-root-port usage and simplify test Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 45/66] hw/pci: warn when PCIe device is plugged into non-zero slot of downstream port Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 46/66] virtio-iommu: Fix 64kB host page size VFIO device assignment Michael S. Tsirkin
2023-07-17 10:50 ` Peter Maydell
2023-07-17 11:51 ` Michael S. Tsirkin [this message]
2023-07-17 16:57 ` Eric Auger
2023-07-17 16:56 ` Eric Auger
2023-07-17 17:07 ` Peter Maydell
2023-07-17 17:20 ` Eric Auger
2023-07-10 23:04 ` [PULL 47/66] virtio-iommu: Rework the traces in virtio_iommu_set_page_size_mask() Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 48/66] pcie: Add hotplug detect state register to cmask Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 49/66] vdpa: Fix possible use-after-free for VirtQueueElement Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 50/66] include: attempt to document device_class_set_props Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 51/66] include/hw: document the device_class_set_parent_* fns Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 52/66] hw/virtio: fix typo in VIRTIO_CONFIG_IRQ_IDX comments Michael S. Tsirkin
2023-07-10 23:04 ` [PULL 53/66] include/hw/virtio: document virtio_notify_config Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 54/66] include/hw/virtio: add kerneldoc for virtio_init Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 55/66] include/hw/virtio: document some more usage of notifiers Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 56/66] pcie: Use common ARI next function number Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 57/66] pcie: Specify 0 for ARI next function numbers Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 58/66] vdpa: Use iovec for vhost_vdpa_net_load_cmd() Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 59/66] vdpa: Restore MAC address filtering state Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 60/66] vdpa: Restore packet receive filtering state relative with _F_CTRL_RX feature Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 61/66] vhost: Fix false positive out-of-bounds Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 62/66] vdpa: Accessing CVQ header through its structure Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 63/66] vdpa: Avoid forwarding large CVQ command failures Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 64/66] vdpa: Allow VIRTIO_NET_F_CTRL_RX in SVQ Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 65/66] vdpa: Restore packet receive filtering state relative with _F_CTRL_RX_EXTRA feature Michael S. Tsirkin
2023-07-10 23:05 ` [PULL 66/66] vdpa: Allow VIRTIO_NET_F_CTRL_RX_EXTRA in SVQ Michael S. Tsirkin
2023-07-11 10:07 ` [PULL 00/66] pc,pci,virtio: cleanups, fixes, features Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230717075137-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=eric.auger@redhat.com \
--cc=jean-philippe@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=zhenzhong.duan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).