From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:38084)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1aY9iK-00036W-Ro
	for qemu-devel@nongnu.org; Tue, 23 Feb 2016 04:57:05 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1aY9iH-0002zg-Fc
	for qemu-devel@nongnu.org; Tue, 23 Feb 2016 04:57:04 -0500
Received: from mail-wm0-x22b.google.com ([2a00:1450:400c:c09::22b]:36519)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1aY9iH-0002zV-8c
	for qemu-devel@nongnu.org; Tue, 23 Feb 2016 04:57:01 -0500
Received: by mail-wm0-x22b.google.com with SMTP id g62so213263401wme.1
	for <qemu-devel@nongnu.org>; Tue, 23 Feb 2016 01:57:01 -0800 (PST)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
References: <1456121379-13434-1-git-send-email-aik@ozlabs.ru>
	<20160222062631.GH2808@voom.fritz.box> <56CAF2B3.2030502@ozlabs.ru>
	<20160222121227.GN2808@voom.fritz.box> <56CBBFD7.3050806@ozlabs.ru>
	<20160223062056.GU2808@voom.fritz.box> <56CC1FA3.5020003@ozlabs.ru>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <56CC2CE9.6030605@redhat.com>
Date: Tue, 23 Feb 2016 10:56:57 +0100
MIME-Version: 1.0
In-Reply-To: <56CC1FA3.5020003@ozlabs.ru>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH qemu] memory: Fix IOMMU replay base address
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexey Kardashevskiy <aik@ozlabs.ru>, David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-devel@nongnu.org



On 23/02/2016 10:00, Alexey Kardashevskiy wrote:
>>>
>>>           tce = tcet->table[addr >> tcet->page_shift];
>>> -        ret.iova = addr & page_mask;
>>> +        ret.iova = (addr + iommu->addr) & page_mask;
>>>           ret.translated_addr = tce & page_mask;
>>
>> I wondered about that change, but I'd have to look closer to see if
>> the iova field here is expected to be relative to the MR as well.  It
>> would be oddly inconsistent if it wasn't.
> 
> It is relative and it does not make sense as there is no source MR/AS in
> iotlb (only target AS) so there is no use in such iova.

ret.iova should be relative to the source AS (i.e. even if a 32-bit
IOMMU region translates between 4GB and 8GB, ret.iova should have bits
32-63 set to 0).

So there is a problem in vfio_iommu_map_notify:

        ret = vfio_dma_map(container, iotlb->iova,
                           iotlb->addr_mask + 1, vaddr,
                           !(iotlb->perm & IOMMU_WO) || mr->readonly);

I think that, in vfio_listener_region_add, the iova variable should be
stored in VFIOGuestIOMMU for use in vfio_iommu_map_notify.

ret.translated_addr should be relative to the target AS, which VFIO
assumes to be address_space_memory.

Paolo