* [PATCH 1/3] cxl/type3: expose vmem mapping for fixed windows
2026-03-17 3:33 [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows Li Chen
@ 2026-03-17 3:33 ` Li Chen
2026-03-17 3:33 ` [PATCH 2/3] cxl: alias fixed memory windows to RAM under KVM Li Chen
` (2 subsequent siblings)
3 siblings, 0 replies; 9+ messages in thread
From: Li Chen @ 2026-03-17 3:33 UTC (permalink / raw)
To: Jonathan Cameron, Fan Ni; +Cc: qemu-devel, Li Chen
CXL fixed memory windows may map linearly to a Type-3 volatile memdev.
Add a helper that checks whether a host physical range is backed by the
volatile memory backend and returns the backing MemoryRegion and offset.
This is used by KVM to alias fixed windows to RAM when possible.
Signed-off-by: Li Chen <me@linux.beauty>
---
hw/mem/cxl_type3.c | 52 +++++++++++++++++++++++++++++++++++++
include/hw/cxl/cxl_device.h | 3 +++
2 files changed, 55 insertions(+)
diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
index 4739239da3..bf79db6082 100644
--- a/hw/mem/cxl_type3.c
+++ b/hw/mem/cxl_type3.c
@@ -1314,6 +1314,58 @@ MemTxResult cxl_type3_write(PCIDevice *d, hwaddr host_addr, uint64_t data,
return address_space_write(as, dpa_offset, attrs, &data, size);
}
+bool cxl_type3_get_window_vmem_mapping(CXLType3Dev *ct3d, hwaddr host_base,
+ hwaddr size, MemoryRegion **mr,
+ hwaddr *offset, Error **errp)
+{
+ MemoryRegion *vmr;
+ uint64_t dpa_start, dpa_end;
+ uint64_t vmr_size;
+ hwaddr host_end;
+
+ if (!size) {
+ error_setg(errp, "window size must be non-zero");
+ return false;
+ }
+
+ host_end = host_base + size - 1;
+ if (host_end < host_base) {
+ error_setg(errp, "window range overflows");
+ return false;
+ }
+
+ if (!ct3d->hostvmem) {
+ error_setg(errp, "no volatile-memdev configured");
+ return false;
+ }
+ vmr = host_memory_backend_get_memory(ct3d->hostvmem);
+ if (!vmr) {
+ error_setg(errp, "volatile-memdev has no backing memory region");
+ return false;
+ }
+
+ if (!cxl_type3_dpa(ct3d, host_base, &dpa_start) ||
+ !cxl_type3_dpa(ct3d, host_end, &dpa_end)) {
+ error_setg(errp, "failed to translate HPA to DPA");
+ return false;
+ }
+
+ if (dpa_end != dpa_start + size - 1) {
+ error_setg(errp, "window is not linearly mapped to DPA");
+ return false;
+ }
+
+ vmr_size = memory_region_size(vmr);
+ if (dpa_start >= vmr_size || size > vmr_size - dpa_start) {
+ error_setg(errp, "window maps outside volatile-memdev");
+ return false;
+ }
+
+ *mr = vmr;
+ *offset = dpa_start;
+ return true;
+}
+
static void ct3d_reset(DeviceState *dev)
{
CXLType3Dev *ct3d = CXL_TYPE3(dev);
diff --git a/include/hw/cxl/cxl_device.h b/include/hw/cxl/cxl_device.h
index 393f312217..5e3da17c10 100644
--- a/include/hw/cxl/cxl_device.h
+++ b/include/hw/cxl/cxl_device.h
@@ -827,6 +827,9 @@ MemTxResult cxl_type3_read(PCIDevice *d, hwaddr host_addr, uint64_t *data,
unsigned size, MemTxAttrs attrs);
MemTxResult cxl_type3_write(PCIDevice *d, hwaddr host_addr, uint64_t data,
unsigned size, MemTxAttrs attrs);
+bool cxl_type3_get_window_vmem_mapping(CXLType3Dev *ct3d, hwaddr host_base,
+ hwaddr size, MemoryRegion **mr,
+ hwaddr *offset, Error **errp);
uint64_t cxl_device_get_timestamp(CXLDeviceState *cxlds);
--
2.52.0
^ permalink raw reply related [flat|nested] 9+ messages in thread* [PATCH 2/3] cxl: alias fixed memory windows to RAM under KVM
2026-03-17 3:33 [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows Li Chen
2026-03-17 3:33 ` [PATCH 1/3] cxl/type3: expose vmem mapping for fixed windows Li Chen
@ 2026-03-17 3:33 ` Li Chen
2026-03-17 3:33 ` [PATCH 3/3] cxl: update fixed window mappings on decoder programming Li Chen
2026-03-17 16:57 ` [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows Jonathan Cameron via qemu development
3 siblings, 0 replies; 9+ messages in thread
From: Li Chen @ 2026-03-17 3:33 UTC (permalink / raw)
To: Jonathan Cameron, Fan Ni; +Cc: qemu-devel, Li Chen
CXL fixed memory windows are currently modeled as an I/O MemoryRegion, so
KVM treats the whole range as MMIO. After Linux onlines the window as
system RAM, normal CPU stores can land in the window and trigger KVM
instruction emulation. Instructions like XSAVEC are not supported by the
emulator and abort the VM with a KVM internal error.
Turn the fixed window into a container that always contains the existing
MMIO dispatcher, and add an optional RAM alias overlay when the window
maps linearly to a Type-3 volatile memdev.
Signed-off-by: Li Chen <me@linux.beauty>
---
hw/cxl/cxl-host-stubs.c | 1 +
hw/cxl/cxl-host.c | 189 +++++++++++++++++++++++++++++++++++++-
include/hw/cxl/cxl.h | 5 +
include/hw/cxl/cxl_host.h | 1 +
4 files changed, 194 insertions(+), 2 deletions(-)
diff --git a/hw/cxl/cxl-host-stubs.c b/hw/cxl/cxl-host-stubs.c
index c015baac81..e7e955121f 100644
--- a/hw/cxl/cxl-host-stubs.c
+++ b/hw/cxl/cxl-host-stubs.c
@@ -16,5 +16,6 @@ hwaddr cxl_fmws_set_memmap(hwaddr base, hwaddr max_addr)
return base;
};
void cxl_fmws_update_mmio(void) {};
+void cxl_fmws_update_mappings(void) {};
const MemoryRegionOps cfmws_ops;
diff --git a/hw/cxl/cxl-host.c b/hw/cxl/cxl-host.c
index f3479b1991..7f6974626e 100644
--- a/hw/cxl/cxl-host.c
+++ b/hw/cxl/cxl-host.c
@@ -10,6 +10,7 @@
#include "qemu/bitmap.h"
#include "qemu/error-report.h"
#include "qapi/error.h"
+#include "system/kvm.h"
#include "system/qtest.h"
#include "hw/core/boards.h"
@@ -22,6 +23,164 @@
#include "hw/pci/pcie_port.h"
#include "hw/pci-bridge/pci_expander_bridge.h"
+static void cxl_fmw_disable_direct(CXLFixedWindow *fw)
+{
+ if (!fw->direct_target_mr) {
+ return;
+ }
+
+ memory_region_transaction_begin();
+ if (fw->direct_mapped) {
+ memory_region_del_subregion(&fw->mr, &fw->direct_mr);
+ }
+ object_unparent(OBJECT(&fw->direct_mr));
+ memory_region_transaction_commit();
+
+ fw->direct_mapped = false;
+ fw->direct_target_mr = NULL;
+ fw->direct_target_offset = 0;
+}
+
+static bool cxl_hdm_decoder_simple_target(uint32_t *cache_mem, hwaddr base,
+ hwaddr size, uint8_t *target)
+{
+ int hdm_inc = R_CXL_HDM_DECODER1_BASE_LO - R_CXL_HDM_DECODER0_BASE_LO;
+ unsigned int hdm_count;
+ uint32_t cap, global_ctrl;
+ int i;
+
+ global_ctrl = ldl_le_p(cache_mem + R_CXL_HDM_DECODER_GLOBAL_CONTROL);
+ if (!FIELD_EX32(global_ctrl, CXL_HDM_DECODER_GLOBAL_CONTROL,
+ HDM_DECODER_ENABLE)) {
+ return false;
+ }
+
+ cap = ldl_le_p(cache_mem + R_CXL_HDM_DECODER_CAPABILITY);
+ hdm_count = cxl_decoder_count_dec(FIELD_EX32(cap,
+ CXL_HDM_DECODER_CAPABILITY,
+ DECODER_COUNT));
+ for (i = 0; i < hdm_count; i++) {
+ uint32_t low, high, ctrl;
+ uint64_t decoder_base, decoder_size;
+ uint32_t tlo;
+ uint8_t iw;
+
+ low = ldl_le_p(cache_mem + R_CXL_HDM_DECODER0_BASE_LO + i * hdm_inc);
+ high = ldl_le_p(cache_mem + R_CXL_HDM_DECODER0_BASE_HI + i * hdm_inc);
+ decoder_base = (low & 0xf0000000) | ((uint64_t)high << 32);
+
+ low = ldl_le_p(cache_mem + R_CXL_HDM_DECODER0_SIZE_LO + i * hdm_inc);
+ high = ldl_le_p(cache_mem + R_CXL_HDM_DECODER0_SIZE_HI + i * hdm_inc);
+ decoder_size = (low & 0xf0000000) | ((uint64_t)high << 32);
+
+ if (decoder_base != base || decoder_size != size) {
+ continue;
+ }
+
+ ctrl = ldl_le_p(cache_mem + R_CXL_HDM_DECODER0_CTRL + i * hdm_inc);
+ if (!FIELD_EX32(ctrl, CXL_HDM_DECODER0_CTRL, COMMITTED)) {
+ continue;
+ }
+
+ iw = FIELD_EX32(ctrl, CXL_HDM_DECODER0_CTRL, IW);
+ if (iw != 0) {
+ return false;
+ }
+
+ tlo = ldl_le_p(cache_mem + R_CXL_HDM_DECODER0_TARGET_LIST_LO +
+ i * hdm_inc);
+ *target = extract32(tlo, 0, 8);
+ return true;
+ }
+
+ return false;
+}
+
+static bool cxl_fmw_enable_direct(CXLFixedWindow *fw)
+{
+ CXLComponentState *hb_cstate;
+ PCIHostState *hb;
+ PCIDevice *rp, *d;
+ CXLType3Dev *ct3d;
+ MemoryRegion *target_mr = NULL;
+ hwaddr target_offset = 0;
+ uint32_t *cache_mem;
+ uint8_t target;
+ Error *local_err = NULL;
+
+ if (!kvm_enabled()) {
+ return false;
+ }
+
+ if (fw->num_targets != 1) {
+ return false;
+ }
+
+ if (!fw->base || !fw->target_hbs[0] ||
+ !fw->target_hbs[0]->cxl_host_bridge) {
+ return false;
+ }
+
+ hb = PCI_HOST_BRIDGE(fw->target_hbs[0]->cxl_host_bridge);
+ if (!hb || !hb->bus || !pci_bus_is_cxl(hb->bus)) {
+ return false;
+ }
+
+ hb_cstate = cxl_get_hb_cstate(hb);
+ if (!hb_cstate) {
+ return false;
+ }
+
+ cache_mem = hb_cstate->crb.cache_mem_registers;
+ if (!cxl_hdm_decoder_simple_target(cache_mem, fw->base, fw->size,
+ &target)) {
+ return false;
+ }
+
+ rp = pcie_find_port_by_pn(hb->bus, target);
+ if (!rp) {
+ return false;
+ }
+
+ d = pci_bridge_get_sec_bus(PCI_BRIDGE(rp))->devices[0];
+ if (!d) {
+ return false;
+ }
+
+ if (!object_dynamic_cast(OBJECT(d), TYPE_CXL_TYPE3)) {
+ return false;
+ }
+ ct3d = CXL_TYPE3(d);
+
+ if (!cxl_type3_get_window_vmem_mapping(ct3d, fw->base, fw->size,
+ &target_mr, &target_offset,
+ &local_err)) {
+ error_free(local_err);
+ return false;
+ }
+ error_free(local_err);
+
+ if (fw->direct_mapped && fw->direct_target_mr == target_mr &&
+ fw->direct_target_offset == target_offset) {
+ return true;
+ }
+
+ cxl_fmw_disable_direct(fw);
+
+ memory_region_init_alias(&fw->direct_mr, OBJECT(fw),
+ "cxl-fixed-memory-region.direct", target_mr,
+ target_offset, fw->size);
+ memory_region_transaction_begin();
+ memory_region_add_subregion_overlap(&fw->mr, 0, &fw->direct_mr, 1);
+ memory_region_transaction_commit();
+
+ fw->direct_mapped = true;
+ fw->direct_target_mr = target_mr;
+ fw->direct_target_offset = target_offset;
+
+ return true;
+}
+
static void cxl_fixed_memory_window_config(CXLFixedMemoryWindowOptions *object,
int index, Error **errp)
{
@@ -432,6 +591,25 @@ void cxl_fmws_update_mmio(void)
object_child_foreach_recursive(object_get_root(), cxl_fmws_mmio_map, NULL);
}
+void cxl_fmws_update_mappings(void)
+{
+ GSList *cfmws_list, *iter;
+ CXLFixedWindow *fw;
+
+ if (!kvm_enabled()) {
+ return;
+ }
+
+ cfmws_list = cxl_fmws_get_all_sorted();
+ for (iter = cfmws_list; iter; iter = iter->next) {
+ fw = CXL_FMW(iter->data);
+ if (!cxl_fmw_enable_direct(fw)) {
+ cxl_fmw_disable_direct(fw);
+ }
+ }
+ g_slist_free(cfmws_list);
+}
+
hwaddr cxl_fmws_set_memmap(hwaddr base, hwaddr max_addr)
{
GSList *cfmws_list, *iter;
@@ -454,8 +632,15 @@ static void cxl_fmw_realize(DeviceState *dev, Error **errp)
{
CXLFixedWindow *fw = CXL_FMW(dev);
- memory_region_init_io(&fw->mr, OBJECT(dev), &cfmws_ops, fw,
- "cxl-fixed-memory-region", fw->size);
+ memory_region_init(&fw->mr, OBJECT(dev), "cxl-fixed-memory-region",
+ fw->size);
+ memory_region_init_io(&fw->io_mr, OBJECT(dev), &cfmws_ops, fw,
+ "cxl-fixed-memory-region.io", fw->size);
+ memory_region_add_subregion(&fw->mr, 0, &fw->io_mr);
+
+ fw->direct_mapped = false;
+ fw->direct_target_mr = NULL;
+ fw->direct_target_offset = 0;
sysbus_init_mmio(SYS_BUS_DEVICE(dev), &fw->mr);
}
diff --git a/include/hw/cxl/cxl.h b/include/hw/cxl/cxl.h
index 998f495a98..1ccd0f7e5f 100644
--- a/include/hw/cxl/cxl.h
+++ b/include/hw/cxl/cxl.h
@@ -38,6 +38,11 @@ typedef struct CXLFixedWindow {
uint8_t enc_int_gran;
/* Todo: XOR based interleaving */
MemoryRegion mr;
+ MemoryRegion io_mr;
+ MemoryRegion direct_mr;
+ MemoryRegion *direct_target_mr;
+ hwaddr direct_target_offset;
+ bool direct_mapped;
hwaddr base;
} CXLFixedWindow;
#define TYPE_CXL_FMW "cxl-fmw"
diff --git a/include/hw/cxl/cxl_host.h b/include/hw/cxl/cxl_host.h
index 21619bb748..7d5a384838 100644
--- a/include/hw/cxl/cxl_host.h
+++ b/include/hw/cxl/cxl_host.h
@@ -18,6 +18,7 @@ void cxl_fmws_link_targets(Error **errp);
void cxl_hook_up_pxb_registers(PCIBus *bus, CXLState *state, Error **errp);
hwaddr cxl_fmws_set_memmap(hwaddr base, hwaddr max_addr);
void cxl_fmws_update_mmio(void);
+void cxl_fmws_update_mappings(void);
GSList *cxl_fmws_get_all_sorted(void);
extern const MemoryRegionOps cfmws_ops;
--
2.52.0
^ permalink raw reply related [flat|nested] 9+ messages in thread* [PATCH 3/3] cxl: update fixed window mappings on decoder programming
2026-03-17 3:33 [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows Li Chen
2026-03-17 3:33 ` [PATCH 1/3] cxl/type3: expose vmem mapping for fixed windows Li Chen
2026-03-17 3:33 ` [PATCH 2/3] cxl: alias fixed memory windows to RAM under KVM Li Chen
@ 2026-03-17 3:33 ` Li Chen
2026-03-17 16:57 ` [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows Jonathan Cameron via qemu development
3 siblings, 0 replies; 9+ messages in thread
From: Li Chen @ 2026-03-17 3:33 UTC (permalink / raw)
To: Jonathan Cameron, Fan Ni; +Cc: qemu-devel, Li Chen
Invoke cxl_fmws_update_mappings() when HDM decoder registers are updated
on host components and Type-3 devices, so fixed memory windows can
switch between the MMIO dispatcher and the RAM alias overlay as the guest
commits/uncommits decoder state.
Signed-off-by: Li Chen <me@linux.beauty>
---
hw/cxl/cxl-component-utils.c | 2 ++
hw/mem/cxl_type3.c | 7 +++++++
2 files changed, 9 insertions(+)
diff --git a/hw/cxl/cxl-component-utils.c b/hw/cxl/cxl-component-utils.c
index 07aabe331c..8a36a62db0 100644
--- a/hw/cxl/cxl-component-utils.c
+++ b/hw/cxl/cxl-component-utils.c
@@ -12,6 +12,7 @@
#include "qapi/error.h"
#include "hw/pci/pci.h"
#include "hw/cxl/cxl.h"
+#include "hw/cxl/cxl_host.h"
/* CXL r3.1 Section 8.2.4.20.1 CXL HDM Decoder Capability Register */
int cxl_decoder_count_enc(int count)
@@ -209,6 +210,7 @@ static void cxl_cache_mem_write_reg(void *opaque, hwaddr offset, uint64_t value,
if (offset >= A_CXL_HDM_DECODER_CAPABILITY &&
offset <= A_CXL_HDM_DECODER3_TARGET_LIST_HI) {
dumb_hdm_handler(cxl_cstate, offset, value);
+ cxl_fmws_update_mappings();
} else if (offset == A_CXL_BI_RT_CTRL ||
offset == A_CXL_BI_DECODER_CTRL) {
bi_handler(cxl_cstate, offset, value);
diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
index bf79db6082..8ad36e6f53 100644
--- a/hw/mem/cxl_type3.c
+++ b/hw/mem/cxl_type3.c
@@ -29,6 +29,7 @@
#include "system/hostmem.h"
#include "system/numa.h"
#include "hw/cxl/cxl.h"
+#include "hw/cxl/cxl_host.h"
#include "hw/pci/msix.h"
/* type3 device private */
@@ -628,6 +629,11 @@ static void ct3d_reg_write(void *opaque, hwaddr offset, uint64_t value,
} else if (should_uncommit) {
hdm_decoder_uncommit(ct3d, which_hdm);
}
+
+ if (offset >= A_CXL_HDM_DECODER_CAPABILITY &&
+ offset <= A_CXL_HDM_DECODER3_TARGET_LIST_HI) {
+ cxl_fmws_update_mappings();
+ }
}
/*
@@ -1377,6 +1383,7 @@ static void ct3d_reset(DeviceState *dev)
cxl_component_register_init_common(reg_state, write_msk,
CXL2_TYPE3_DEVICE, ct3d->hdmdb);
cxl_device_register_init_t3(ct3d, CXL_T3_MSIX_MBOX);
+ cxl_fmws_update_mappings();
/*
* Bring up an endpoint to target with MCTP over VDM.
--
2.52.0
^ permalink raw reply related [flat|nested] 9+ messages in thread* Re: [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows
2026-03-17 3:33 [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows Li Chen
` (2 preceding siblings ...)
2026-03-17 3:33 ` [PATCH 3/3] cxl: update fixed window mappings on decoder programming Li Chen
@ 2026-03-17 16:57 ` Jonathan Cameron via qemu development
2026-03-18 15:01 ` Alireza Sanaee via qemu development
2026-03-22 5:49 ` Li Chen
3 siblings, 2 replies; 9+ messages in thread
From: Jonathan Cameron via qemu development @ 2026-03-17 16:57 UTC (permalink / raw)
To: Li Chen; +Cc: Fan Ni, qemu-devel, alireza.sanaee, linux-cxl
On Tue, 17 Mar 2026 11:33:00 +0800
Li Chen <me@linux.beauty> wrote:
> CXL fixed memory windows are currently modeled as an I/O MemoryRegion.
> When running under KVM, this makes the entire window look like MMIO.
> If Linux onlines the window as system RAM (e.g. for a CXL Type-3
> volatile memdev), normal CPU stores into the window trigger KVM
> instruction emulation. Instructions like XSAVEC are not supported by
> the emulator and abort the VM with a KVM internal error.
>
> Repro:
> - Boot a guest with a CXL Type-3 volatile memdev and a fixed memory window.
> - In the guest, create a RAM region and online it as system RAM:
> cxl create-region -m -t ram -d decoder0.0 -w 1 -g 4096 mem0
> - QEMU exits with a KVM internal error.
Hi Li Chen,
At least at first look this looks very like:
https://lore.kernel.org/qemu-devel/20260306121151.883-1-alireza.sanaee@huawei.com/
Which was ready for merge as far as I was concerned, but missed getting queued for
11.0 (as last PCI pull request had gone) and is currently ready to go in next cycle.
Please see if that works for your case. If there are improvements I'd prefer
to see them applied on top of that series than reinventing what I think
is the same thing.
It's not KVM specific as linear mappings (when valid) bring huge performance
benefits on TCG as well as correctness for KVM.
Jonathan
+CC linux-cxl which is where CXL folk tend to hang out in larger numbers
than on the qemu list.
>
> Serial output excerpt:
> KVM internal error. Suberror: 1
> extra data[0]: 0x0000000000000001
> extra data[1]: 0xc0314061c70f480f
> extra data[2]: 0x024080f610478b48
> extra data[3]: 0x0000000000000400
> extra data[4]: 0x000000010000000f
> extra data[5]: 0x00000004a0003140
> extra data[6]: 0x0000000000000000
> extra data[7]: 0x0000000000000000
> emulation failure
> RAX=0000000000000007 RBX=ffff8eace0001a40 RCX=ffff8eace0003100 RDX=0000000000000000
> RSI=0000000000000007 RDI=ffff8eace00030c0 RBP=ffffd48ac1747c08 RSP=ffffd48ac1747bc8
> R8 =0000000000000007 R9 =0000000000000007 R10=000000000000000d R11=0000000000000000
> R12=ffff8ea945b51a40 R13=ffffd48ac166c000 R14=0000000000000000 R15=0000000001200000
> RIP=ffffffffaf77a14d RFL=00000256 [---ZAP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0000 0000000000000000 00000000 00000000
> CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
> SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
> DS =0000 0000000000000000 00000000 00000000
> FS =0000 00007f997da3fec0 00000000 00000000
> GS =0000 ffff8eab0535d000 00000000 00000000
> LDT=0000 fffffe7600000000 00000000 00000000
> TR =0040 fffffe767cf8f000 00004087 00008b00 DPL=0 TSS64-busy
> GDT= fffffe767cf8d000 0000007f
> IDT= fffffe0000000000 00000fff
> CR0=80050033 CR2=000055fd193a6468 CR3=000000010930c000 CR4=00350ef0
> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
> DR6=00000000ffff0ff0 DR7=0000000000000400
> EFER=0000000000001d01
> Code=0f 1f 44 00 00 48 8b 4f 10 48 8b 41 08 48 89 c2 48 c1 ea 20 <48> 0f c7 61 40 31 c0 48 8b 47 10 f6 80 40 02 00 00 c0 74 1e 48 8b 05 98 f8 e8 01 48 89 47
>
> This series keeps the existing MMIO dispatcher, but turns the fixed
> window into a container and (when the window maps linearly to a Type-3
> volatile memdev) overlays a RAM alias so KVM can create a memslot for
> the range. The mapping is updated when HDM decoders are
> committed/uncommitted by the guest.
>
> This patchset is based on master branch 559919ce54927d59b215a4665eda7ab6118a48aa
>
> Local validation on this base confirmed that the issue reproduces
> without the series and is fixed with the 3 patches below.
>
> Li Chen (3):
> cxl/type3: expose vmem mapping for fixed windows
> cxl: alias fixed memory windows to RAM under KVM
> cxl: update fixed window mappings on decoder programming
>
> hw/cxl/cxl-component-utils.c | 2 +
> hw/cxl/cxl-host-stubs.c | 1 +
> hw/cxl/cxl-host.c | 189 ++++++++++++++++++++++++++++++++++-
> hw/mem/cxl_type3.c | 59 +++++++++++
> include/hw/cxl/cxl.h | 5 +
> include/hw/cxl/cxl_device.h | 3 +
> include/hw/cxl/cxl_host.h | 1 +
> 7 files changed, 258 insertions(+), 2 deletions(-)
>
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows
2026-03-17 16:57 ` [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows Jonathan Cameron via qemu development
@ 2026-03-18 15:01 ` Alireza Sanaee via qemu development
2026-03-22 5:46 ` Li Chen
2026-03-22 5:49 ` Li Chen
1 sibling, 1 reply; 9+ messages in thread
From: Alireza Sanaee via qemu development @ 2026-03-18 15:01 UTC (permalink / raw)
To: Li Chen; +Cc: Jonathan Cameron, Fan Ni, qemu-devel, linux-cxl
On Tue, 17 Mar 2026 16:57:02 +0000
Jonathan Cameron <jonathan.cameron@huawei.com> wrote:
Hi Li,
It looks like what you achieved is quite similar to what I have done in the patchset Jonathan shared earlier.
You have used memory_region_begin_transaction and memory_region_transaction_commit calls that I believe they are useful to be there given other examples I checked in the qemu code base.
I will be using those calls and will send another version. Also, please let me know if that patchset actually addresses your usecase and fix the bug you have in the cover letter.
Thanks,
Ali
> On Tue, 17 Mar 2026 11:33:00 +0800
> Li Chen <me@linux.beauty> wrote:
>
> > CXL fixed memory windows are currently modeled as an I/O MemoryRegion.
> > When running under KVM, this makes the entire window look like MMIO.
> > If Linux onlines the window as system RAM (e.g. for a CXL Type-3
> > volatile memdev), normal CPU stores into the window trigger KVM
> > instruction emulation. Instructions like XSAVEC are not supported by
> > the emulator and abort the VM with a KVM internal error.
> >
> > Repro:
> > - Boot a guest with a CXL Type-3 volatile memdev and a fixed memory window.
> > - In the guest, create a RAM region and online it as system RAM:
> > cxl create-region -m -t ram -d decoder0.0 -w 1 -g 4096 mem0
> > - QEMU exits with a KVM internal error.
>
> Hi Li Chen,
>
> At least at first look this looks very like:
>
> https://lore.kernel.org/qemu-devel/20260306121151.883-1-alireza.sanaee@huawei.com/
>
> Which was ready for merge as far as I was concerned, but missed getting queued for
> 11.0 (as last PCI pull request had gone) and is currently ready to go in next cycle.
>
> Please see if that works for your case. If there are improvements I'd prefer
> to see them applied on top of that series than reinventing what I think
> is the same thing.
>
> It's not KVM specific as linear mappings (when valid) bring huge performance
> benefits on TCG as well as correctness for KVM.
>
> Jonathan
>
> +CC linux-cxl which is where CXL folk tend to hang out in larger numbers
> than on the qemu list.
>
>
>
> >
> > Serial output excerpt:
> > KVM internal error. Suberror: 1
> > extra data[0]: 0x0000000000000001
> > extra data[1]: 0xc0314061c70f480f
> > extra data[2]: 0x024080f610478b48
> > extra data[3]: 0x0000000000000400
> > extra data[4]: 0x000000010000000f
> > extra data[5]: 0x00000004a0003140
> > extra data[6]: 0x0000000000000000
> > extra data[7]: 0x0000000000000000
> > emulation failure
> > RAX=0000000000000007 RBX=ffff8eace0001a40 RCX=ffff8eace0003100 RDX=0000000000000000
> > RSI=0000000000000007 RDI=ffff8eace00030c0 RBP=ffffd48ac1747c08 RSP=ffffd48ac1747bc8
> > R8 =0000000000000007 R9 =0000000000000007 R10=000000000000000d R11=0000000000000000
> > R12=ffff8ea945b51a40 R13=ffffd48ac166c000 R14=0000000000000000 R15=0000000001200000
> > RIP=ffffffffaf77a14d RFL=00000256 [---ZAP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> > ES =0000 0000000000000000 00000000 00000000
> > CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
> > SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
> > DS =0000 0000000000000000 00000000 00000000
> > FS =0000 00007f997da3fec0 00000000 00000000
> > GS =0000 ffff8eab0535d000 00000000 00000000
> > LDT=0000 fffffe7600000000 00000000 00000000
> > TR =0040 fffffe767cf8f000 00004087 00008b00 DPL=0 TSS64-busy
> > GDT= fffffe767cf8d000 0000007f
> > IDT= fffffe0000000000 00000fff
> > CR0=80050033 CR2=000055fd193a6468 CR3=000000010930c000 CR4=00350ef0
> > DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
> > DR6=00000000ffff0ff0 DR7=0000000000000400
> > EFER=0000000000001d01
> > Code=0f 1f 44 00 00 48 8b 4f 10 48 8b 41 08 48 89 c2 48 c1 ea 20 <48> 0f c7 61 40 31 c0 48 8b 47 10 f6 80 40 02 00 00 c0 74 1e 48 8b 05 98 f8 e8 01 48 89 47
> >
> > This series keeps the existing MMIO dispatcher, but turns the fixed
> > window into a container and (when the window maps linearly to a Type-3
> > volatile memdev) overlays a RAM alias so KVM can create a memslot for
> > the range. The mapping is updated when HDM decoders are
> > committed/uncommitted by the guest.
> >
> > This patchset is based on master branch 559919ce54927d59b215a4665eda7ab6118a48aa
> >
> > Local validation on this base confirmed that the issue reproduces
> > without the series and is fixed with the 3 patches below.
> >
> > Li Chen (3):
> > cxl/type3: expose vmem mapping for fixed windows
> > cxl: alias fixed memory windows to RAM under KVM
> > cxl: update fixed window mappings on decoder programming
> >
> > hw/cxl/cxl-component-utils.c | 2 +
> > hw/cxl/cxl-host-stubs.c | 1 +
> > hw/cxl/cxl-host.c | 189 ++++++++++++++++++++++++++++++++++-
> > hw/mem/cxl_type3.c | 59 +++++++++++
> > include/hw/cxl/cxl.h | 5 +
> > include/hw/cxl/cxl_device.h | 3 +
> > include/hw/cxl/cxl_host.h | 1 +
> > 7 files changed, 258 insertions(+), 2 deletions(-)
> >
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows
2026-03-18 15:01 ` Alireza Sanaee via qemu development
@ 2026-03-22 5:46 ` Li Chen
2026-03-23 9:51 ` Alireza Sanaee via qemu development
0 siblings, 1 reply; 9+ messages in thread
From: Li Chen @ 2026-03-22 5:46 UTC (permalink / raw)
To: Alireza Sanaee; +Cc: Jonathan Cameron, Fan Ni, qemu-devel, linux-cxl
Hi Alireza,
---- On Wed, 18 Mar 2026 23:01:08 +0800 Alireza Sanaee <alireza.sanaee@huawei.com> wrote ---
> On Tue, 17 Mar 2026 16:57:02 +0000
> Jonathan Cameron <jonathan.cameron@huawei.com> wrote:
>
> Hi Li,
>
> It looks like what you achieved is quite similar to what I have done in the patchset Jonathan shared earlier.
>
> You have used memory_region_begin_transaction and memory_region_transaction_commit calls that I believe they are useful to be there given other examples I checked in the qemu code base.
>
> I will be using those calls and will send another version. Also, please let me know if that patchset actually addresses your usecase and fix the bug you have in the cover letter.
Yes, exactly! Your patchset addresses my use case issue perfectly. Thank you very much for your effort!
Regards,
Li
> Thanks,
> Ali
>
> > On Tue, 17 Mar 2026 11:33:00 +0800
> > Li Chen <me@linux.beauty> wrote:
> >
> > > CXL fixed memory windows are currently modeled as an I/O MemoryRegion.
> > > When running under KVM, this makes the entire window look like MMIO.
> > > If Linux onlines the window as system RAM (e.g. for a CXL Type-3
> > > volatile memdev), normal CPU stores into the window trigger KVM
> > > instruction emulation. Instructions like XSAVEC are not supported by
> > > the emulator and abort the VM with a KVM internal error.
> > >
> > > Repro:
> > > - Boot a guest with a CXL Type-3 volatile memdev and a fixed memory window.
> > > - In the guest, create a RAM region and online it as system RAM:
> > > cxl create-region -m -t ram -d decoder0.0 -w 1 -g 4096 mem0
> > > - QEMU exits with a KVM internal error.
> >
> > Hi Li Chen,
> >
> > At least at first look this looks very like:
> >
> > https://lore.kernel.org/qemu-devel/20260306121151.883-1-alireza.sanaee@huawei.com/
> >
> > Which was ready for merge as far as I was concerned, but missed getting queued for
> > 11.0 (as last PCI pull request had gone) and is currently ready to go in next cycle.
> >
> > Please see if that works for your case. If there are improvements I'd prefer
> > to see them applied on top of that series than reinventing what I think
> > is the same thing.
> >
> > It's not KVM specific as linear mappings (when valid) bring huge performance
> > benefits on TCG as well as correctness for KVM.
> >
> > Jonathan
> >
> > +CC linux-cxl which is where CXL folk tend to hang out in larger numbers
> > than on the qemu list.
> >
> >
> >
> > >
> > > Serial output excerpt:
> > > KVM internal error. Suberror: 1
> > > extra data[0]: 0x0000000000000001
> > > extra data[1]: 0xc0314061c70f480f
> > > extra data[2]: 0x024080f610478b48
> > > extra data[3]: 0x0000000000000400
> > > extra data[4]: 0x000000010000000f
> > > extra data[5]: 0x00000004a0003140
> > > extra data[6]: 0x0000000000000000
> > > extra data[7]: 0x0000000000000000
> > > emulation failure
> > > RAX=0000000000000007 RBX=ffff8eace0001a40 RCX=ffff8eace0003100 RDX=0000000000000000
> > > RSI=0000000000000007 RDI=ffff8eace00030c0 RBP=ffffd48ac1747c08 RSP=ffffd48ac1747bc8
> > > R8 =0000000000000007 R9 =0000000000000007 R10=000000000000000d R11=0000000000000000
> > > R12=ffff8ea945b51a40 R13=ffffd48ac166c000 R14=0000000000000000 R15=0000000001200000
> > > RIP=ffffffffaf77a14d RFL=00000256 [---ZAP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> > > ES =0000 0000000000000000 00000000 00000000
> > > CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
> > > SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
> > > DS =0000 0000000000000000 00000000 00000000
> > > FS =0000 00007f997da3fec0 00000000 00000000
> > > GS =0000 ffff8eab0535d000 00000000 00000000
> > > LDT=0000 fffffe7600000000 00000000 00000000
> > > TR =0040 fffffe767cf8f000 00004087 00008b00 DPL=0 TSS64-busy
> > > GDT= fffffe767cf8d000 0000007f
> > > IDT= fffffe0000000000 00000fff
> > > CR0=80050033 CR2=000055fd193a6468 CR3=000000010930c000 CR4=00350ef0
> > > DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
> > > DR6=00000000ffff0ff0 DR7=0000000000000400
> > > EFER=0000000000001d01
> > > Code=0f 1f 44 00 00 48 8b 4f 10 48 8b 41 08 48 89 c2 48 c1 ea 20 <48> 0f c7 61 40 31 c0 48 8b 47 10 f6 80 40 02 00 00 c0 74 1e 48 8b 05 98 f8 e8 01 48 89 47
> > >
> > > This series keeps the existing MMIO dispatcher, but turns the fixed
> > > window into a container and (when the window maps linearly to a Type-3
> > > volatile memdev) overlays a RAM alias so KVM can create a memslot for
> > > the range. The mapping is updated when HDM decoders are
> > > committed/uncommitted by the guest.
> > >
> > > This patchset is based on master branch 559919ce54927d59b215a4665eda7ab6118a48aa
> > >
> > > Local validation on this base confirmed that the issue reproduces
> > > without the series and is fixed with the 3 patches below.
> > >
> > > Li Chen (3):
> > > cxl/type3: expose vmem mapping for fixed windows
> > > cxl: alias fixed memory windows to RAM under KVM
> > > cxl: update fixed window mappings on decoder programming
> > >
> > > hw/cxl/cxl-component-utils.c | 2 +
> > > hw/cxl/cxl-host-stubs.c | 1 +
> > > hw/cxl/cxl-host.c | 189 ++++++++++++++++++++++++++++++++++-
> > > hw/mem/cxl_type3.c | 59 +++++++++++
> > > include/hw/cxl/cxl.h | 5 +
> > > include/hw/cxl/cxl_device.h | 3 +
> > > include/hw/cxl/cxl_host.h | 1 +
> > > 7 files changed, 258 insertions(+), 2 deletions(-)
> > >
> >
>
>
Regards,
Li
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows
2026-03-22 5:46 ` Li Chen
@ 2026-03-23 9:51 ` Alireza Sanaee via qemu development
0 siblings, 0 replies; 9+ messages in thread
From: Alireza Sanaee via qemu development @ 2026-03-23 9:51 UTC (permalink / raw)
To: Li Chen; +Cc: Jonathan Cameron, Fan Ni, qemu-devel, linux-cxl
On Sun, 22 Mar 2026 13:46:44 +0800
Li Chen <me@linux.beauty> wrote:
Super!
> Hi Alireza,
>
> ---- On Wed, 18 Mar 2026 23:01:08 +0800 Alireza Sanaee <alireza.sanaee@huawei.com> wrote ---
> > On Tue, 17 Mar 2026 16:57:02 +0000
> > Jonathan Cameron <jonathan.cameron@huawei.com> wrote:
> >
> > Hi Li,
> >
> > It looks like what you achieved is quite similar to what I have done in the patchset Jonathan shared earlier.
> >
> > You have used memory_region_begin_transaction and memory_region_transaction_commit calls that I believe they are useful to be there given other examples I checked in the qemu code base.
> >
> > I will be using those calls and will send another version. Also, please let me know if that patchset actually addresses your usecase and fix the bug you have in the cover letter.
>
> Yes, exactly! Your patchset addresses my use case issue perfectly. Thank you very much for your effort!
>
> Regards,
> Li
>
> > Thanks,
> > Ali
> >
> > > On Tue, 17 Mar 2026 11:33:00 +0800
> > > Li Chen <me@linux.beauty> wrote:
> > >
> > > > CXL fixed memory windows are currently modeled as an I/O MemoryRegion.
> > > > When running under KVM, this makes the entire window look like MMIO.
> > > > If Linux onlines the window as system RAM (e.g. for a CXL Type-3
> > > > volatile memdev), normal CPU stores into the window trigger KVM
> > > > instruction emulation. Instructions like XSAVEC are not supported by
> > > > the emulator and abort the VM with a KVM internal error.
> > > >
> > > > Repro:
> > > > - Boot a guest with a CXL Type-3 volatile memdev and a fixed memory window.
> > > > - In the guest, create a RAM region and online it as system RAM:
> > > > cxl create-region -m -t ram -d decoder0.0 -w 1 -g 4096 mem0
> > > > - QEMU exits with a KVM internal error.
> > >
> > > Hi Li Chen,
> > >
> > > At least at first look this looks very like:
> > >
> > > https://lore.kernel.org/qemu-devel/20260306121151.883-1-alireza.sanaee@huawei.com/
> > >
> > > Which was ready for merge as far as I was concerned, but missed getting queued for
> > > 11.0 (as last PCI pull request had gone) and is currently ready to go in next cycle.
> > >
> > > Please see if that works for your case. If there are improvements I'd prefer
> > > to see them applied on top of that series than reinventing what I think
> > > is the same thing.
> > >
> > > It's not KVM specific as linear mappings (when valid) bring huge performance
> > > benefits on TCG as well as correctness for KVM.
> > >
> > > Jonathan
> > >
> > > +CC linux-cxl which is where CXL folk tend to hang out in larger numbers
> > > than on the qemu list.
> > >
> > >
> > >
> > > >
> > > > Serial output excerpt:
> > > > KVM internal error. Suberror: 1
> > > > extra data[0]: 0x0000000000000001
> > > > extra data[1]: 0xc0314061c70f480f
> > > > extra data[2]: 0x024080f610478b48
> > > > extra data[3]: 0x0000000000000400
> > > > extra data[4]: 0x000000010000000f
> > > > extra data[5]: 0x00000004a0003140
> > > > extra data[6]: 0x0000000000000000
> > > > extra data[7]: 0x0000000000000000
> > > > emulation failure
> > > > RAX=0000000000000007 RBX=ffff8eace0001a40 RCX=ffff8eace0003100 RDX=0000000000000000
> > > > RSI=0000000000000007 RDI=ffff8eace00030c0 RBP=ffffd48ac1747c08 RSP=ffffd48ac1747bc8
> > > > R8 =0000000000000007 R9 =0000000000000007 R10=000000000000000d R11=0000000000000000
> > > > R12=ffff8ea945b51a40 R13=ffffd48ac166c000 R14=0000000000000000 R15=0000000001200000
> > > > RIP=ffffffffaf77a14d RFL=00000256 [---ZAP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> > > > ES =0000 0000000000000000 00000000 00000000
> > > > CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
> > > > SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
> > > > DS =0000 0000000000000000 00000000 00000000
> > > > FS =0000 00007f997da3fec0 00000000 00000000
> > > > GS =0000 ffff8eab0535d000 00000000 00000000
> > > > LDT=0000 fffffe7600000000 00000000 00000000
> > > > TR =0040 fffffe767cf8f000 00004087 00008b00 DPL=0 TSS64-busy
> > > > GDT= fffffe767cf8d000 0000007f
> > > > IDT= fffffe0000000000 00000fff
> > > > CR0=80050033 CR2=000055fd193a6468 CR3=000000010930c000 CR4=00350ef0
> > > > DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
> > > > DR6=00000000ffff0ff0 DR7=0000000000000400
> > > > EFER=0000000000001d01
> > > > Code=0f 1f 44 00 00 48 8b 4f 10 48 8b 41 08 48 89 c2 48 c1 ea 20 <48> 0f c7 61 40 31 c0 48 8b 47 10 f6 80 40 02 00 00 c0 74 1e 48 8b 05 98 f8 e8 01 48 89 47
> > > >
> > > > This series keeps the existing MMIO dispatcher, but turns the fixed
> > > > window into a container and (when the window maps linearly to a Type-3
> > > > volatile memdev) overlays a RAM alias so KVM can create a memslot for
> > > > the range. The mapping is updated when HDM decoders are
> > > > committed/uncommitted by the guest.
> > > >
> > > > This patchset is based on master branch 559919ce54927d59b215a4665eda7ab6118a48aa
> > > >
> > > > Local validation on this base confirmed that the issue reproduces
> > > > without the series and is fixed with the 3 patches below.
> > > >
> > > > Li Chen (3):
> > > > cxl/type3: expose vmem mapping for fixed windows
> > > > cxl: alias fixed memory windows to RAM under KVM
> > > > cxl: update fixed window mappings on decoder programming
> > > >
> > > > hw/cxl/cxl-component-utils.c | 2 +
> > > > hw/cxl/cxl-host-stubs.c | 1 +
> > > > hw/cxl/cxl-host.c | 189 ++++++++++++++++++++++++++++++++++-
> > > > hw/mem/cxl_type3.c | 59 +++++++++++
> > > > include/hw/cxl/cxl.h | 5 +
> > > > include/hw/cxl/cxl_device.h | 3 +
> > > > include/hw/cxl/cxl_host.h | 1 +
> > > > 7 files changed, 258 insertions(+), 2 deletions(-)
> > > >
> > >
> >
> >
> Regards,
>
> Li
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows
2026-03-17 16:57 ` [PATCH 0/3] cxl: avoid KVM internal error for fixed memory windows Jonathan Cameron via qemu development
2026-03-18 15:01 ` Alireza Sanaee via qemu development
@ 2026-03-22 5:49 ` Li Chen
1 sibling, 0 replies; 9+ messages in thread
From: Li Chen @ 2026-03-22 5:49 UTC (permalink / raw)
To: Jonathan Cameron; +Cc: Fan Ni, qemu-devel, alireza.sanaee, linux-cxl
Hi Jonathan,
---- On Wed, 18 Mar 2026 00:57:02 +0800 Jonathan Cameron <jonathan.cameron@huawei.com> wrote ---
> On Tue, 17 Mar 2026 11:33:00 +0800
> Li Chen <me@linux.beauty> wrote:
>
> > CXL fixed memory windows are currently modeled as an I/O MemoryRegion.
> > When running under KVM, this makes the entire window look like MMIO.
> > If Linux onlines the window as system RAM (e.g. for a CXL Type-3
> > volatile memdev), normal CPU stores into the window trigger KVM
> > instruction emulation. Instructions like XSAVEC are not supported by
> > the emulator and abort the VM with a KVM internal error.
> >
> > Repro:
> > - Boot a guest with a CXL Type-3 volatile memdev and a fixed memory window.
> > - In the guest, create a RAM region and online it as system RAM:
> > cxl create-region -m -t ram -d decoder0.0 -w 1 -g 4096 mem0
> > - QEMU exits with a KVM internal error.
>
> Hi Li Chen,
>
> At least at first look this looks very like:
>
> https://lore.kernel.org/qemu-devel/20260306121151.883-1-alireza.sanaee@huawei.com/
Yes, I have tested the patchset, and it can addresses my issue.
Thank you very much for the information!
Regards,
Li
> Which was ready for merge as far as I was concerned, but missed getting queued for
> 11.0 (as last PCI pull request had gone) and is currently ready to go in next cycle.
>
> Please see if that works for your case. If there are improvements I'd prefer
> to see them applied on top of that series than reinventing what I think
> is the same thing.
>
> It's not KVM specific as linear mappings (when valid) bring huge performance
> benefits on TCG as well as correctness for KVM.
>
> Jonathan
>
> +CC linux-cxl which is where CXL folk tend to hang out in larger numbers
> than on the qemu list.
>
>
>
> >
> > Serial output excerpt:
> > KVM internal error. Suberror: 1
> > extra data[0]: 0x0000000000000001
> > extra data[1]: 0xc0314061c70f480f
> > extra data[2]: 0x024080f610478b48
> > extra data[3]: 0x0000000000000400
> > extra data[4]: 0x000000010000000f
> > extra data[5]: 0x00000004a0003140
> > extra data[6]: 0x0000000000000000
> > extra data[7]: 0x0000000000000000
> > emulation failure
> > RAX=0000000000000007 RBX=ffff8eace0001a40 RCX=ffff8eace0003100 RDX=0000000000000000
> > RSI=0000000000000007 RDI=ffff8eace00030c0 RBP=ffffd48ac1747c08 RSP=ffffd48ac1747bc8
> > R8 =0000000000000007 R9 =0000000000000007 R10=000000000000000d R11=0000000000000000
> > R12=ffff8ea945b51a40 R13=ffffd48ac166c000 R14=0000000000000000 R15=0000000001200000
> > RIP=ffffffffaf77a14d RFL=00000256 [---ZAP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> > ES =0000 0000000000000000 00000000 00000000
> > CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
> > SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
> > DS =0000 0000000000000000 00000000 00000000
> > FS =0000 00007f997da3fec0 00000000 00000000
> > GS =0000 ffff8eab0535d000 00000000 00000000
> > LDT=0000 fffffe7600000000 00000000 00000000
> > TR =0040 fffffe767cf8f000 00004087 00008b00 DPL=0 TSS64-busy
> > GDT= fffffe767cf8d000 0000007f
> > IDT= fffffe0000000000 00000fff
> > CR0=80050033 CR2=000055fd193a6468 CR3=000000010930c000 CR4=00350ef0
> > DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
> > DR6=00000000ffff0ff0 DR7=0000000000000400
> > EFER=0000000000001d01
> > Code=0f 1f 44 00 00 48 8b 4f 10 48 8b 41 08 48 89 c2 48 c1 ea 20 <48> 0f c7 61 40 31 c0 48 8b 47 10 f6 80 40 02 00 00 c0 74 1e 48 8b 05 98 f8 e8 01 48 89 47
> >
> > This series keeps the existing MMIO dispatcher, but turns the fixed
> > window into a container and (when the window maps linearly to a Type-3
> > volatile memdev) overlays a RAM alias so KVM can create a memslot for
> > the range. The mapping is updated when HDM decoders are
> > committed/uncommitted by the guest.
> >
> > This patchset is based on master branch 559919ce54927d59b215a4665eda7ab6118a48aa
> >
> > Local validation on this base confirmed that the issue reproduces
> > without the series and is fixed with the 3 patches below.
> >
> > Li Chen (3):
> > cxl/type3: expose vmem mapping for fixed windows
> > cxl: alias fixed memory windows to RAM under KVM
> > cxl: update fixed window mappings on decoder programming
> >
> > hw/cxl/cxl-component-utils.c | 2 +
> > hw/cxl/cxl-host-stubs.c | 1 +
> > hw/cxl/cxl-host.c | 189 ++++++++++++++++++++++++++++++++++-
> > hw/mem/cxl_type3.c | 59 +++++++++++
> > include/hw/cxl/cxl.h | 5 +
> > include/hw/cxl/cxl_device.h | 3 +
> > include/hw/cxl/cxl_host.h | 1 +
> > 7 files changed, 258 insertions(+), 2 deletions(-)
> >
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread