From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Zhenzhong Duan <zhenzhong.duan@intel.com>,
Peter Xu <peterx@redhat.com>, Jason Wang <jasowang@redhat.com>,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
Eduardo Habkost <eduardo@habkost.net>
Subject: [PULL 49/53] intel_iommu: Fix a potential issue in VFIO dirty page sync
Date: Mon, 26 Jun 2023 08:30:14 -0400 [thread overview]
Message-ID: <d9acc3fa87f9e6cbedd6702f6d042ffe81a40b49.1687782442.git.mst@redhat.com> (raw)
In-Reply-To: <cover.1687782442.git.mst@redhat.com>
From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Peter Xu found a potential issue:
"The other thing is when I am looking at the new code I found that we
actually extended the replay() to be used also in dirty tracking of vfio,
in vfio_sync_dirty_bitmap(). For that maybe it's already broken if
unmap_all() because afaiu log_sync() can be called in migration thread
anytime during DMA so I think it means the device is prone to DMA with the
IOMMU pgtable quickly erased and rebuilt here, which means the DMA could
fail unexpectedly. Copy Alex, Kirti and Neo."
Fix it by replacing the unmap_all() to only evacuate the iova tree
(keeping all host mappings untouched, IOW, don't notify UNMAP), and
do a full resync in page walk which will notify all existing mappings
as MAP. This way we don't interrupt with any existing mapping if there
is (e.g. for the dirty sync case), meanwhile we keep sync too to latest
(for moving a vfio device into an existing iommu group).
Suggested-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Message-Id: <20230615032626.314476-2-zhenzhong.duan@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/i386/intel_iommu.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 94d52f4205..34af12f392 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3825,13 +3825,10 @@ static void vtd_iommu_replay(IOMMUMemoryRegion *iommu_mr, IOMMUNotifier *n)
IntelIOMMUState *s = vtd_as->iommu_state;
uint8_t bus_n = pci_bus_num(vtd_as->bus);
VTDContextEntry ce;
+ DMAMap map = { .iova = 0, .size = HWADDR_MAX };
- /*
- * The replay can be triggered by either a invalidation or a newly
- * created entry. No matter what, we release existing mappings
- * (it means flushing caches for UNMAP-only registers).
- */
- vtd_address_space_unmap(vtd_as, n);
+ /* replay is protected by BQL, page walk will re-setup it safely */
+ iova_tree_remove(vtd_as->iova_tree, map);
if (vtd_dev_to_context_entry(s, bus_n, vtd_as->devfn, &ce) == 0) {
trace_vtd_replay_ce_valid(s->root_scalable ? "scalable mode" :
--
MST
next prev parent reply other threads:[~2023-06-26 12:43 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-26 12:27 [PULL 00/53] virtio,pc,pci: fixes, features, cleanups Michael S. Tsirkin
2023-06-26 12:27 ` [PULL 01/53] bswap: Add the ability to store to an unaligned 24 bit field Michael S. Tsirkin
2023-06-26 12:27 ` [PULL 02/53] hw/cxl: QMP based poison injection support Michael S. Tsirkin
2023-06-26 12:27 ` [PULL 03/53] hw/cxl: Add poison injection via the mailbox Michael S. Tsirkin
2023-06-26 12:27 ` [PULL 04/53] hw/cxl: Add clear poison mailbox command support Michael S. Tsirkin
2024-05-03 12:45 ` Peter Maydell
2024-05-31 12:38 ` Peter Maydell
2024-05-31 16:23 ` Ira Weiny
2023-06-26 12:28 ` [PULL 05/53] hw/cxl/events: Add event status register Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 06/53] hw/cxl: Move CXLRetCode definition to cxl_device.h Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 07/53] hw/cxl/events: Wire up get/clear event mailbox commands Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 08/53] hw/cxl/events: Add event interrupt support Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 09/53] hw/cxl/events: Add injection of General Media Events Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 10/53] hw/cxl/events: Add injection of DRAM events Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 11/53] hw/cxl/events: Add injection of Memory Module Events Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 12/53] cryptodev-vhost-user: add asymmetric crypto support Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 13/53] softmmu: Introduce qemu_target_page_mask() helper Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 14/53] hw/scsi: Introduce VHOST_SCSI_COMMON symbol in Kconfig Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 15/53] hw/scsi: Rearrange meson.build Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 16/53] hw/scsi: Rename target-specific source set as 'specific_virtio_scsi_ss' Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 17/53] hw/virtio: Introduce VHOST_VSOCK_COMMON symbol in Kconfig Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 18/53] hw/virtio/virtio-mem: Use qemu_ram_get_fd() helper Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 19/53] hw/virtio/vhost-vsock: Include missing 'virtio/virtio-bus.h' header Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 20/53] hw/virtio/virtio-iommu: Use target-agnostic qemu_target_page_mask() Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 21/53] hw/virtio: Remove unnecessary 'virtio-access.h' header Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 22/53] hw/virtio: Build various target-agnostic objects just once Michael S. Tsirkin
2023-06-26 12:28 ` [PULL 23/53] vhost: release memory_listener object in error path Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 24/53] vhost: release virtqueue objects " Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 25/53] pci: ROM preallocation for incoming migration Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 26/53] virtio-mem: Simplify bitmap handling and virtio_mem_set_block_state() Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 27/53] vdpa: return errno in vhost_vdpa_get_vring_group error Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 28/53] vdpa: move CVQ isolation check to net_init_vhost_vdpa Michael S. Tsirkin
2023-06-27 11:30 ` Peter Maydell
2023-09-15 14:52 ` Peter Maydell
2023-09-15 15:56 ` Eugenio Perez Martin
2023-06-26 12:29 ` [PULL 29/53] cryptodev: fix memory leak during stats query Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 30/53] hw/acpi: Fix PM control register access Michael S. Tsirkin
2023-06-26 13:20 ` Igor Mammedov
2023-06-26 13:49 ` Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 31/53] hw/i386/pc: Default to use SMBIOS 3.0 for newer machine models Michael S. Tsirkin
2023-11-28 13:57 ` Fiona Ebner
2023-11-28 14:13 ` Daniel P. Berrangé
2023-11-28 14:53 ` Fiona Ebner
2023-11-28 16:00 ` Michael S. Tsirkin
2023-11-28 16:04 ` Daniel P. Berrangé
2023-11-29 10:01 ` Igor Mammedov
2023-11-30 11:22 ` Igor Mammedov
2023-11-30 11:47 ` Gerd Hoffmann
2023-11-30 12:45 ` Fiona Ebner
2023-12-29 15:35 ` Igor Mammedov
2023-12-29 15:45 ` Michael S. Tsirkin
2024-01-03 8:51 ` Igor Mammedov
2023-06-26 12:29 ` [PULL 32/53] tests/data/acpi: update after SMBIOS 2.0 change Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 33/53] pc: q35: Bump max_cpus to 1024 Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 34/53] vdpa: do not block migration if device has cvq and x-svq=on Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 35/53] vdpa: reorder vhost_vdpa_net_cvq_cmd_page_len function Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 36/53] vdpa: map shadow vrings with MAP_SHARED Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 37/53] include/hw/virtio: make some VirtIODevice const Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 38/53] vdpa: reuse virtio_vdev_has_feature() Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 39/53] hw/net/virtio-net: make some VirtIONet const Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 40/53] virtio-net: expose virtio_net_supported_guest_offloads() Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 41/53] vdpa: Add vhost_vdpa_net_load_offloads() Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 42/53] vdpa: Allow VIRTIO_NET_F_CTRL_GUEST_OFFLOADS in SVQ Michael S. Tsirkin
2023-06-26 12:29 ` [PULL 43/53] vhost: fix vhost_dev_enable_notifiers() error case Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 44/53] vdpa: mask _F_CTRL_GUEST_OFFLOADS for vhost vdpa devices Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 45/53] vdpa: fix not using CVQ buffer in case of error Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 46/53] hw/i386/pc: Clean up pc_machine_initfn Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 47/53] virtio-scsi: avoid dangling host notifier in ->ioeventfd_stop() Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 48/53] vhost-user: fully use new backend/frontend naming Michael S. Tsirkin
2023-06-26 12:30 ` Michael S. Tsirkin [this message]
2023-06-26 12:30 ` [PULL 50/53] intel_iommu: Fix flag check in replay Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 51/53] intel_iommu: Fix address space unmap Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 52/53] vhost_net: add an assertion for TAP client backends Michael S. Tsirkin
2023-06-28 6:28 ` Cédric Le Goater
2023-06-28 6:45 ` Ani Sinha
2023-06-28 7:30 ` Cédric Le Goater
2023-06-28 10:33 ` Ani Sinha
2023-06-28 10:50 ` Michael S. Tsirkin
2023-06-26 12:30 ` [PULL 53/53] vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present Michael S. Tsirkin
2023-06-26 15:53 ` Michael Tokarev
2023-06-27 4:35 ` Ani Sinha
2023-06-26 13:51 ` [PULL 00/53] virtio,pc,pci: fixes, features, cleanups Michael S. Tsirkin
2023-06-26 15:32 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d9acc3fa87f9e6cbedd6702f6d042ffe81a40b49.1687782442.git.mst@redhat.com \
--to=mst@redhat.com \
--cc=eduardo@habkost.net \
--cc=jasowang@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=zhenzhong.duan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).