* [PATCH v2 0/2] Some trivial live update fixes
@ 2025-06-27 6:33 Zhenzhong Duan
2025-06-27 6:33 ` [PATCH v2 1/2] vfio/container: Fix potential SIGSEGV when recover from unmap-all-vaddr failure Zhenzhong Duan
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Zhenzhong Duan @ 2025-06-27 6:33 UTC (permalink / raw)
To: qemu-devel
Cc: alex.williamson, clg, eric.auger, steven.sistare, chao.p.peng,
Zhenzhong Duan, Michael Tokarev, Laurent Vivier,
open list:Trivial patches
Hi
These are trivial VFIO live update fixes in corner cases.
1) potential SIGSEGV when unmap-all-vaddr failed
2) potential vfio_container_post_load failure
Thanks
Zhenzhong
Changelog:
v2:
- drop patch1,2 in v1 as they are merged
- squashed "local save" parts of patch3 into patch4 (Steve)
- s/DMA_MAP_FUNC/dma_map_fn (Steve)
Zhenzhong Duan (2):
vfio/container: Fix potential SIGSEGV when recover from
unmap-all-vaddr failure
vfio/container: Fix vfio_container_post_load()
include/hw/vfio/vfio-cpr.h | 7 ++++---
hw/vfio/cpr-legacy.c | 23 +++++++++--------------
2 files changed, 13 insertions(+), 17 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 6+ messages in thread* [PATCH v2 1/2] vfio/container: Fix potential SIGSEGV when recover from unmap-all-vaddr failure 2025-06-27 6:33 [PATCH v2 0/2] Some trivial live update fixes Zhenzhong Duan @ 2025-06-27 6:33 ` Zhenzhong Duan 2025-06-27 13:11 ` Steven Sistare 2025-06-27 6:33 ` [PATCH v2 2/2] vfio/container: Fix vfio_container_post_load() Zhenzhong Duan 2025-06-28 8:44 ` [PATCH v2 0/2] Some trivial live update fixes Cédric Le Goater 2 siblings, 1 reply; 6+ messages in thread From: Zhenzhong Duan @ 2025-06-27 6:33 UTC (permalink / raw) To: qemu-devel Cc: alex.williamson, clg, eric.auger, steven.sistare, chao.p.peng, Zhenzhong Duan CPR overrides then restores dma_map in both outgoing and incoming QEMU, for different reasons. But it only sets saved_dma_map in the target. Fix it by always setting saved_dma_map. Fixes: eba1f657cbb1 ("vfio/container: recover from unmap-all-vaddr failure") Suggested-by: Steven Sistare <steven.sistare@oracle.com> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> --- hw/vfio/cpr-legacy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c index a84c3247b7..0a5d1bd480 100644 --- a/hw/vfio/cpr-legacy.c +++ b/hw/vfio/cpr-legacy.c @@ -180,9 +180,9 @@ bool vfio_legacy_cpr_register_container(VFIOContainer *container, Error **errp) vmstate_register(NULL, -1, &vfio_container_vmstate, container); /* During incoming CPR, divert calls to dma_map. */ + VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); + container->cpr.saved_dma_map = vioc->dma_map; if (cpr_is_incoming()) { - VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); - container->cpr.saved_dma_map = vioc->dma_map; vioc->dma_map = vfio_legacy_cpr_dma_map; } -- 2.34.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2 1/2] vfio/container: Fix potential SIGSEGV when recover from unmap-all-vaddr failure 2025-06-27 6:33 ` [PATCH v2 1/2] vfio/container: Fix potential SIGSEGV when recover from unmap-all-vaddr failure Zhenzhong Duan @ 2025-06-27 13:11 ` Steven Sistare 0 siblings, 0 replies; 6+ messages in thread From: Steven Sistare @ 2025-06-27 13:11 UTC (permalink / raw) To: Zhenzhong Duan, qemu-devel; +Cc: alex.williamson, clg, eric.auger, chao.p.peng On 6/27/2025 2:33 AM, Zhenzhong Duan wrote: > CPR overrides then restores dma_map in both outgoing and incoming QEMU, for > different reasons. But it only sets saved_dma_map in the target. > > Fix it by always setting saved_dma_map. > > Fixes: eba1f657cbb1 ("vfio/container: recover from unmap-all-vaddr failure") > Suggested-by: Steven Sistare <steven.sistare@oracle.com> > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> > --- > hw/vfio/cpr-legacy.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c > index a84c3247b7..0a5d1bd480 100644 > --- a/hw/vfio/cpr-legacy.c > +++ b/hw/vfio/cpr-legacy.c > @@ -180,9 +180,9 @@ bool vfio_legacy_cpr_register_container(VFIOContainer *container, Error **errp) > vmstate_register(NULL, -1, &vfio_container_vmstate, container); > > /* During incoming CPR, divert calls to dma_map. */ > + VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); > + container->cpr.saved_dma_map = vioc->dma_map; > if (cpr_is_incoming()) { > - VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); > - container->cpr.saved_dma_map = vioc->dma_map; > vioc->dma_map = vfio_legacy_cpr_dma_map; > } Reviewed-by: Steve Sistare <steven.sistare@oracle.com> ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2 2/2] vfio/container: Fix vfio_container_post_load() 2025-06-27 6:33 [PATCH v2 0/2] Some trivial live update fixes Zhenzhong Duan 2025-06-27 6:33 ` [PATCH v2 1/2] vfio/container: Fix potential SIGSEGV when recover from unmap-all-vaddr failure Zhenzhong Duan @ 2025-06-27 6:33 ` Zhenzhong Duan 2025-06-27 13:11 ` Steven Sistare 2025-06-28 8:44 ` [PATCH v2 0/2] Some trivial live update fixes Cédric Le Goater 2 siblings, 1 reply; 6+ messages in thread From: Zhenzhong Duan @ 2025-06-27 6:33 UTC (permalink / raw) To: qemu-devel Cc: alex.williamson, clg, eric.auger, steven.sistare, chao.p.peng, Zhenzhong Duan When there are multiple VFIO containers, vioc->dma_map is restored multiple times, this made only first container work and remaining containers using vioc->dma_map restored by first container. Fix it by save and restore vioc->dma_map locally. saved_dma_map in VFIOContainerCPR becomes useless and is removed. Fixes: 7e9f21411302 ("vfio/container: restore DMA vaddr") Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> --- include/hw/vfio/vfio-cpr.h | 7 ++++--- hw/vfio/cpr-legacy.c | 23 +++++++++-------------- 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/include/hw/vfio/vfio-cpr.h b/include/hw/vfio/vfio-cpr.h index 8bf85b9f4e..dbb2a16b7a 100644 --- a/include/hw/vfio/vfio-cpr.h +++ b/include/hw/vfio/vfio-cpr.h @@ -16,14 +16,15 @@ struct VFIOContainer; struct VFIOContainerBase; struct VFIOGroup; +typedef int (*dma_map_fn)(const struct VFIOContainerBase *bcontainer, + hwaddr iova, ram_addr_t size, void *vaddr, + bool readonly, MemoryRegion *mr); + typedef struct VFIOContainerCPR { Error *blocker; bool vaddr_unmapped; NotifierWithReturn transfer_notifier; MemoryListener remap_listener; - int (*saved_dma_map)(const struct VFIOContainerBase *bcontainer, - hwaddr iova, ram_addr_t size, - void *vaddr, bool readonly, MemoryRegion *mr); } VFIOContainerCPR; typedef struct VFIODeviceCPR { diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c index 0a5d1bd480..1216717546 100644 --- a/hw/vfio/cpr-legacy.c +++ b/hw/vfio/cpr-legacy.c @@ -99,20 +99,21 @@ static int vfio_container_post_load(void *opaque, int version_id) { VFIOContainer *container = opaque; VFIOContainerBase *bcontainer = &container->bcontainer; - VFIOGroup *group; + VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); + dma_map_fn saved_dma_map = vioc->dma_map; Error *local_err = NULL; + /* During incoming CPR, divert calls to dma_map. */ + vioc->dma_map = vfio_legacy_cpr_dma_map; + if (!vfio_listener_register(bcontainer, &local_err)) { error_report_err(local_err); return -1; } - QLIST_FOREACH(group, &container->group_list, container_next) { - VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); + /* Restore original dma_map function */ + vioc->dma_map = saved_dma_map; - /* Restore original dma_map function */ - vioc->dma_map = container->cpr.saved_dma_map; - } return 0; } @@ -148,6 +149,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier, */ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); + dma_map_fn saved_dma_map = vioc->dma_map; vioc->dma_map = vfio_legacy_cpr_dma_map; container->cpr.remap_listener = (MemoryListener) { @@ -158,7 +160,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier, bcontainer->space->as); memory_listener_unregister(&container->cpr.remap_listener); container->cpr.vaddr_unmapped = false; - vioc->dma_map = container->cpr.saved_dma_map; + vioc->dma_map = saved_dma_map; } return 0; } @@ -179,13 +181,6 @@ bool vfio_legacy_cpr_register_container(VFIOContainer *container, Error **errp) vmstate_register(NULL, -1, &vfio_container_vmstate, container); - /* During incoming CPR, divert calls to dma_map. */ - VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); - container->cpr.saved_dma_map = vioc->dma_map; - if (cpr_is_incoming()) { - vioc->dma_map = vfio_legacy_cpr_dma_map; - } - migration_add_notifier_mode(&container->cpr.transfer_notifier, vfio_cpr_fail_notifier, MIG_MODE_CPR_TRANSFER); -- 2.34.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2 2/2] vfio/container: Fix vfio_container_post_load() 2025-06-27 6:33 ` [PATCH v2 2/2] vfio/container: Fix vfio_container_post_load() Zhenzhong Duan @ 2025-06-27 13:11 ` Steven Sistare 0 siblings, 0 replies; 6+ messages in thread From: Steven Sistare @ 2025-06-27 13:11 UTC (permalink / raw) To: Zhenzhong Duan, qemu-devel; +Cc: alex.williamson, clg, eric.auger, chao.p.peng On 6/27/2025 2:33 AM, Zhenzhong Duan wrote: > When there are multiple VFIO containers, vioc->dma_map is restored > multiple times, this made only first container work and remaining > containers using vioc->dma_map restored by first container. > > Fix it by save and restore vioc->dma_map locally. saved_dma_map in > VFIOContainerCPR becomes useless and is removed. > > Fixes: 7e9f21411302 ("vfio/container: restore DMA vaddr") > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> > --- > include/hw/vfio/vfio-cpr.h | 7 ++++--- > hw/vfio/cpr-legacy.c | 23 +++++++++-------------- > 2 files changed, 13 insertions(+), 17 deletions(-) > > diff --git a/include/hw/vfio/vfio-cpr.h b/include/hw/vfio/vfio-cpr.h > index 8bf85b9f4e..dbb2a16b7a 100644 > --- a/include/hw/vfio/vfio-cpr.h > +++ b/include/hw/vfio/vfio-cpr.h > @@ -16,14 +16,15 @@ struct VFIOContainer; > struct VFIOContainerBase; > struct VFIOGroup; > > +typedef int (*dma_map_fn)(const struct VFIOContainerBase *bcontainer, > + hwaddr iova, ram_addr_t size, void *vaddr, > + bool readonly, MemoryRegion *mr); > + > typedef struct VFIOContainerCPR { > Error *blocker; > bool vaddr_unmapped; > NotifierWithReturn transfer_notifier; > MemoryListener remap_listener; > - int (*saved_dma_map)(const struct VFIOContainerBase *bcontainer, > - hwaddr iova, ram_addr_t size, > - void *vaddr, bool readonly, MemoryRegion *mr); > } VFIOContainerCPR; > > typedef struct VFIODeviceCPR { > diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c > index 0a5d1bd480..1216717546 100644 > --- a/hw/vfio/cpr-legacy.c > +++ b/hw/vfio/cpr-legacy.c > @@ -99,20 +99,21 @@ static int vfio_container_post_load(void *opaque, int version_id) > { > VFIOContainer *container = opaque; > VFIOContainerBase *bcontainer = &container->bcontainer; > - VFIOGroup *group; > + VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); > + dma_map_fn saved_dma_map = vioc->dma_map; > Error *local_err = NULL; > > + /* During incoming CPR, divert calls to dma_map. */ > + vioc->dma_map = vfio_legacy_cpr_dma_map; > + > if (!vfio_listener_register(bcontainer, &local_err)) { > error_report_err(local_err); > return -1; > } > > - QLIST_FOREACH(group, &container->group_list, container_next) { > - VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); > + /* Restore original dma_map function */ > + vioc->dma_map = saved_dma_map; > > - /* Restore original dma_map function */ > - vioc->dma_map = container->cpr.saved_dma_map; > - } > return 0; > } > > @@ -148,6 +149,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier, > */ > > VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); > + dma_map_fn saved_dma_map = vioc->dma_map; > vioc->dma_map = vfio_legacy_cpr_dma_map; > > container->cpr.remap_listener = (MemoryListener) { > @@ -158,7 +160,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier, > bcontainer->space->as); > memory_listener_unregister(&container->cpr.remap_listener); > container->cpr.vaddr_unmapped = false; > - vioc->dma_map = container->cpr.saved_dma_map; > + vioc->dma_map = saved_dma_map; > } > return 0; > } > @@ -179,13 +181,6 @@ bool vfio_legacy_cpr_register_container(VFIOContainer *container, Error **errp) > > vmstate_register(NULL, -1, &vfio_container_vmstate, container); > > - /* During incoming CPR, divert calls to dma_map. */ > - VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); > - container->cpr.saved_dma_map = vioc->dma_map; > - if (cpr_is_incoming()) { > - vioc->dma_map = vfio_legacy_cpr_dma_map; > - } > - > migration_add_notifier_mode(&container->cpr.transfer_notifier, > vfio_cpr_fail_notifier, > MIG_MODE_CPR_TRANSFER); Reviewed-by: Steve Sistare <steven.sistare@oracle.com> ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2 0/2] Some trivial live update fixes 2025-06-27 6:33 [PATCH v2 0/2] Some trivial live update fixes Zhenzhong Duan 2025-06-27 6:33 ` [PATCH v2 1/2] vfio/container: Fix potential SIGSEGV when recover from unmap-all-vaddr failure Zhenzhong Duan 2025-06-27 6:33 ` [PATCH v2 2/2] vfio/container: Fix vfio_container_post_load() Zhenzhong Duan @ 2025-06-28 8:44 ` Cédric Le Goater 2 siblings, 0 replies; 6+ messages in thread From: Cédric Le Goater @ 2025-06-28 8:44 UTC (permalink / raw) To: Zhenzhong Duan, qemu-devel Cc: alex.williamson, eric.auger, steven.sistare, chao.p.peng, Michael Tokarev, Laurent Vivier, open list:Trivial patches On 6/27/25 08:33, Zhenzhong Duan wrote: > Hi > > These are trivial VFIO live update fixes in corner cases. > > 1) potential SIGSEGV when unmap-all-vaddr failed > 2) potential vfio_container_post_load failure > > Thanks > Zhenzhong > > Changelog: > v2: > - drop patch1,2 in v1 as they are merged > - squashed "local save" parts of patch3 into patch4 (Steve) > - s/DMA_MAP_FUNC/dma_map_fn (Steve) > > Zhenzhong Duan (2): > vfio/container: Fix potential SIGSEGV when recover from > unmap-all-vaddr failure > vfio/container: Fix vfio_container_post_load() > > include/hw/vfio/vfio-cpr.h | 7 ++++--- > hw/vfio/cpr-legacy.c | 23 +++++++++-------------- > 2 files changed, 13 insertions(+), 17 deletions(-) > Applied to vfio-next. Thanks, C. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-06-28 8:45 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-06-27 6:33 [PATCH v2 0/2] Some trivial live update fixes Zhenzhong Duan 2025-06-27 6:33 ` [PATCH v2 1/2] vfio/container: Fix potential SIGSEGV when recover from unmap-all-vaddr failure Zhenzhong Duan 2025-06-27 13:11 ` Steven Sistare 2025-06-27 6:33 ` [PATCH v2 2/2] vfio/container: Fix vfio_container_post_load() Zhenzhong Duan 2025-06-27 13:11 ` Steven Sistare 2025-06-28 8:44 ` [PATCH v2 0/2] Some trivial live update fixes Cédric Le Goater
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).