From 15126cba8618ac6cf4dde320ff9cd96ad0640d5d Mon Sep 17 00:00:00 2001 From: Jose Ricardo Ziviani Date: Wed, 3 May 2017 14:52:34 -0600 Subject: [PATCH 1/3] vfio: Set MemoryRegionOps:max_access_size and min_access_size Sets valid.max_access_size and valid.min_access_size to ensure safe 8-byte accesses to vfio. Today, 8-byte accesses are broken into pairs of 4-byte calls that goes unprotected: qemu_mutex_lock locked mutex 0x10905ad8 vfio_region_write (0001:03:00.0:region1+0xc0, 0x2020c, 4) qemu_mutex_unlock unlocked mutex 0x10905ad8 qemu_mutex_lock locked mutex 0x10905ad8 vfio_region_write (0001:03:00.0:region1+0xc4, 0xa0000, 4) qemu_mutex_unlock unlocked mutex 0x10905ad8 which occasionally leads to: qemu_mutex_lock locked mutex 0x10905ad8 vfio_region_write (0001:03:00.0:region1+0xc0, 0x2030c, 4) qemu_mutex_unlock unlocked mutex 0x10905ad8 qemu_mutex_lock locked mutex 0x10905ad8 vfio_region_write (0001:03:00.0:region1+0xc0, 0x1000c, 4) qemu_mutex_unlock unlocked mutex 0x10905ad8 qemu_mutex_lock locked mutex 0x10905ad8 vfio_region_write (0001:03:00.0:region1+0xc4, 0xb0000, 4) qemu_mutex_unlock unlocked mutex 0x10905ad8 qemu_mutex_lock locked mutex 0x10905ad8 vfio_region_write (0001:03:00.0:region1+0xc4, 0xa0000, 4) qemu_mutex_unlock unlocked mutex 0x10905ad8 causing strange errors in guest OS. With this patch, such accesses are protected by the same lock guard: qemu_mutex_lock locked mutex 0x10905ad8 vfio_region_write (0001:03:00.0:region1+0xc0, 0x2000c, 4) vfio_region_write (0001:03:00.0:region1+0xc4, 0xb0000, 4) qemu_mutex_unlock unlocked mutex 0x10905ad8 This happens because the 8-byte write should be broken into 4-byte writes by memory.c:access_with_adjusted_size() in order to be under the same lock. Today, it's done in exec.c:address_space_write_continue() which was able to handle only 4 bytes due to a zero'ed valid.max_access_size (see exec.c:memory_access_size()). Signed-off-by: Jose Ricardo Ziviani Signed-off-by: Alex Williamson --- hw/vfio/common.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/vfio/common.c b/hw/vfio/common.c index 6b33b9f55d..6572c0744c 100644 --- a/hw/vfio/common.c +++ b/hw/vfio/common.c @@ -190,6 +190,10 @@ const MemoryRegionOps vfio_region_ops = { .read = vfio_region_read, .write = vfio_region_write, .endianness = DEVICE_LITTLE_ENDIAN, + .valid = { + .min_access_size = 1, + .max_access_size = 8, + }, }; /* From 38d49e8c1523d97d2191190d3f7b4ce7a0ab5aa3 Mon Sep 17 00:00:00 2001 From: Jose Ricardo Ziviani Date: Wed, 3 May 2017 14:52:34 -0600 Subject: [PATCH 2/3] vfio: enable 8-byte reads/writes to vfio This patch enables 8-byte writes and reads to VFIO. Such implemention is already done but it's missing the 'case' to handle such accesses in both vfio_region_write and vfio_region_read and the MemoryRegionOps: impl.max_access_size and impl.min_access_size. After this patch, 8-byte writes such as: qemu_mutex_lock locked mutex 0x10905ad8 vfio_region_write (0001:03:00.0:region1+0xc0, 0x4140c, 4) vfio_region_write (0001:03:00.0:region1+0xc4, 0xa0000, 4) qemu_mutex_unlock unlocked mutex 0x10905ad8 goes like this: qemu_mutex_lock locked mutex 0x10905ad8 vfio_region_write (0001:03:00.0:region1+0xc0, 0xbfd0008, 8) qemu_mutex_unlock unlocked mutex 0x10905ad8 Signed-off-by: Jose Ricardo Ziviani Signed-off-by: Alex Williamson --- hw/vfio/common.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hw/vfio/common.c b/hw/vfio/common.c index 6572c0744c..a8f12eeb35 100644 --- a/hw/vfio/common.c +++ b/hw/vfio/common.c @@ -119,6 +119,9 @@ void vfio_region_write(void *opaque, hwaddr addr, case 4: buf.dword = cpu_to_le32(data); break; + case 8: + buf.qword = cpu_to_le64(data); + break; default: hw_error("vfio: unsupported write size, %d bytes", size); break; @@ -173,6 +176,9 @@ uint64_t vfio_region_read(void *opaque, case 4: data = le32_to_cpu(buf.dword); break; + case 8: + data = le64_to_cpu(buf.qword); + break; default: hw_error("vfio: unsupported read size, %d bytes", size); break; @@ -194,6 +200,10 @@ const MemoryRegionOps vfio_region_ops = { .min_access_size = 1, .max_access_size = 8, }, + .impl = { + .min_access_size = 1, + .max_access_size = 8, + }, }; /* From 6e4e6f0d403b1fb25f9dfdbe17754c643997753d Mon Sep 17 00:00:00 2001 From: Dong Jia Shi Date: Wed, 3 May 2017 14:52:35 -0600 Subject: [PATCH 3/3] vfio/pci: Fix incorrect error message When the "No host device provided" error occurs, the hint message that starts with "Use -vfio-pci," makes no sense, since "-vfio-pci" is not a valid command line parameter. Correct this by replacing "-vfio-pci" with "-device vfio-pci". Signed-off-by: Dong Jia Shi Reviewed-by: Eric Auger Signed-off-by: Alex Williamson --- hw/vfio/pci.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index 03a3d01549..32aca77701 100644 --- a/hw/vfio/pci.c +++ b/hw/vfio/pci.c @@ -2625,8 +2625,8 @@ static void vfio_realize(PCIDevice *pdev, Error **errp) if (!(~vdev->host.domain || ~vdev->host.bus || ~vdev->host.slot || ~vdev->host.function)) { error_setg(errp, "No provided host device"); - error_append_hint(errp, "Use -vfio-pci,host=DDDD:BB:DD.F " - "or -vfio-pci,sysfsdev=PATH_TO_DEVICE\n"); + error_append_hint(errp, "Use -device vfio-pci,host=DDDD:BB:DD.F " + "or -device vfio-pci,sysfsdev=PATH_TO_DEVICE\n"); return; } vdev->vbasedev.sysfsdev =