From: Halil Pasic <pasic@linux.ibm.com>
To: Thomas Huth <thuth@redhat.com>
Cc: qemu-s390x@nongnu.org,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Eric Farman" <farman@linux.ibm.com>,
"Matthew Rosato" <mjrosato@linux.ibm.com>,
qemu-devel@nongnu.org, "David Hildenbrand" <david@redhat.com>,
"Cédric Le Goater" <clg@kaod.org>,
"Cornelia Huck" <cohuck@redhat.com>,
"Halil Pasic" <pasic@linux.ibm.com>
Subject: Re: [PATCH v2] hw/s390x: Fix a possible crash with passed-through virtio devices
Date: Tue, 18 Nov 2025 15:24:11 +0100 [thread overview]
Message-ID: <20251118152411.37a06f7a.pasic@linux.ibm.com> (raw)
In-Reply-To: <50f79156-dd93-40c4-831e-66e558531be8@redhat.com>
On Tue, 18 Nov 2025 13:28:19 +0100
Thomas Huth <thuth@redhat.com> wrote:
> > But I would argue that the L3 guest didn't do anything wrong.
>
> That's the point - the L3 guest just sees a virtio device, so we should not
> punish it with program exceptions just because it tried to send a
> notification for the device.
I understand. But if from the L3 guests perspective it looks like the
notification happened just fine, it isn't exactly good either.
>
> > Pass-through of virtio-ccw devices is simply not implemented yet
> > properly. And even if we were to swallow that notification silently,
> > it would be effectively loss of initiative I guess.
>
> I think the current patch does the right thing: It returns an error value to
> the guest (just like we're doing it in other spots in this function
> already), so the guest sees that error value and then can finally give up on
> using the device.
Hm, the -EINVAL is put into GPR2 which is 'Host Cookie' according to the
virtio specification:
https://docs.oasis-open.org/virtio/virtio/v1.3/csd01/virtio-v1.3-csd01.html#x1-2260002
Unfortunately, I did not find any words in the spec according to which
GPR2 can be used to indicate errors. There does seem to be handling in
the linux driver for that. It basically says negative is bad, but I can't
see that in the spec. It just says "For each notification, the driver
SHOULD use GPR4 to pass the host cookie received in GPR2 from the previous
notification."
Maybe we want to update the spec to reflect what is in the filed.
But I agree it won't get any nicer than L3 guest giving up on the device
and resetting it. Which is an impact as well.
>
> > So I think it would really make sense to prevent passing through
> > virtio-ccw devices with vfio-ccw.
>
> That could be a nice addition on top (in another patch), but we have to fix
> handle_virtio_ccw_notify() anyway to avoid that the L3 guest can crash QEMU,
> so it's certainly not a replacement for this patch, I think.
I agree, it should be a different patch.
I think adding some detail on the error handling via GPR2 to the
commit message could benefit the cause. But I don't insist. As I have
said I'm on board with the patch.
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Regards,
Halil
next prev parent reply other threads:[~2025-11-18 14:25 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-18 9:39 [PATCH v2] hw/s390x: Fix a possible crash with passed-through virtio devices Thomas Huth
2025-11-18 11:52 ` Cornelia Huck
2025-11-18 12:09 ` Thomas Huth
2025-11-18 12:15 ` Cornelia Huck
2025-11-18 12:02 ` Halil Pasic
2025-11-18 12:28 ` Thomas Huth
2025-11-18 14:24 ` Halil Pasic [this message]
2025-11-18 14:53 ` Cornelia Huck
2025-11-18 14:25 ` Cornelia Huck
2025-11-18 14:48 ` Thomas Huth
2025-11-18 15:19 ` Eric Farman
2025-11-18 22:56 ` Halil Pasic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251118152411.37a06f7a.pasic@linux.ibm.com \
--to=pasic@linux.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=clg@kaod.org \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=farman@linux.ibm.com \
--cc=mjrosato@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).