qemu-e2k/docs
Stefan Hajnoczi 3009edff81 vhost-user: fix VHOST_USER_ADD/REM_MEM_REG truncation
QEMU currently truncates the mmap_offset field when sending
VHOST_USER_ADD_MEM_REG and VHOST_USER_REM_MEM_REG messages. The struct
layout looks like this:

  typedef struct VhostUserMemoryRegion {
      uint64_t guest_phys_addr;
      uint64_t memory_size;
      uint64_t userspace_addr;
      uint64_t mmap_offset;
  } VhostUserMemoryRegion;

  typedef struct VhostUserMemRegMsg {
      uint32_t padding;
      /* WARNING: there is a 32-bit hole here! */
      VhostUserMemoryRegion region;
  } VhostUserMemRegMsg;

The payload size is calculated as follows when sending the message in
hw/virtio/vhost-user.c:

  msg->hdr.size = sizeof(msg->payload.mem_reg.padding) +
      sizeof(VhostUserMemoryRegion);

This calculation produces an incorrect result of only 36 bytes.
sizeof(VhostUserMemRegMsg) is actually 40 bytes.

The consequence of this is that the final field, mmap_offset, is
truncated. This breaks x86_64 TCG guests on s390 hosts. Other guest/host
combinations may get lucky if either of the following holds:
1. The guest memory layout does not need mmap_offset != 0.
2. The host is little-endian and mmap_offset <= 0xffffffff so the
   truncation has no effect.

Fix this by extending the existing 32-bit padding field to 64-bit. Now
the padding reflects the actual compiler padding. This can be verified
using pahole(1).

Also document the layout properly in the vhost-user specification.  The
vhost-user spec did not document the exact layout. It would be
impossible to implement the spec without looking at the QEMU source
code.

Existing vhost-user frontends and device backends continue to work after
this fix has been applied. The only change in the wire protocol is that
QEMU now sets hdr.size to 40 instead of 36. If a vhost-user
implementation has a hardcoded size check for 36 bytes, then it will
fail with new QEMUs. Both QEMU and DPDK/SPDK don't check the exact
payload size, so they continue to work.

Fixes: f1aeb14b08 ("Transmit vhost-user memory regions individually")
Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20201109174355.1069147-1-stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: f1aeb14b08 ("Transmit vhost-user memory regions individually")
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
2020-11-12 09:19:40 -05:00
..
_templates docs: add "page source" link to sphinx documentation 2020-11-10 08:51:30 +01:00
config
devel docs: add "page source" link to sphinx documentation 2020-11-10 08:51:30 +01:00
interop vhost-user: fix VHOST_USER_ADD/REM_MEM_REG truncation 2020-11-12 09:19:40 -05:00
specs docs: add "page source" link to sphinx documentation 2020-11-10 08:51:30 +01:00
sphinx docs: Fix Sphinx configuration for msys2/mingw 2020-10-17 10:45:52 -04:00
spin
system target-arm queue: 2020-11-10 14:59:20 +00:00
tools docs: add "page source" link to sphinx documentation 2020-11-10 08:51:30 +01:00
user docs: add "page source" link to sphinx documentation 2020-11-10 08:51:30 +01:00
amd-memory-encryption.txt docs: Fix broken links 2020-09-01 09:31:33 +02:00
barrier.txt
block-replication.txt
bootindex.txt
can.txt hw/net/can: Documentation for CTU CAN FD IP open hardware core emulation. 2020-09-30 19:11:37 +02:00
ccid.txt
COLO-FT.txt docs/: fix some comment spelling errors 2020-09-17 20:37:13 +02:00
colo-proxy.txt
conf.py docs: add "page source" link to sphinx documentation 2020-11-10 08:51:30 +01:00
cpu-hotplug.rst
defs.rst.inc
generic-loader.txt
hyperv.txt i386/kvm: correct the meaning of '0xffffffff' value for hv-spinlocks 2020-09-18 13:49:54 -04:00
igd-assign.txt
image-fuzzer.txt
index.html.in docs/interop: Convert qemu-qmp-ref to rST 2020-09-29 17:55:39 +02:00
index.rst
memory-hotplug.txt
meson.build meson: fix warning for bad sphinx-build 2020-11-03 09:42:54 -05:00
microvm.rst
multi-thread-compression.txt
multiseat.txt
nvdimm.txt docs/nvdimm: add description of alignment requirement of device dax 2020-06-26 09:39:36 -04:00
pci_expander_bridge.txt
pcie_pci_bridge.txt
pcie.txt
pr-manager.rst
pvrdma.txt docs: Fix broken links 2020-09-01 09:31:33 +02:00
qcow2-cache.txt qcow2: Document the Extended L2 Entries feature 2020-08-25 08:33:20 +02:00
qdev-device-use.txt docs/qdev-device-use: Don't suggest -drive and -net can do USB 2020-09-03 09:58:39 +02:00
qemu_logo.pdf
qemu-option-trace.rst.inc qemu-option-trace.rst.inc: Don't use option:: markup 2020-11-02 16:52:18 +00:00
qemupciserial.inf
rdma.txt docs/: fix some comment spelling errors 2020-09-17 20:37:13 +02:00
replay.txt replay: describe reverse debugging in docs/replay.txt 2020-10-06 08:34:49 +02:00
spice-port-fqdn.txt
throttle.txt docs: Document the throttle block filter 2020-10-02 15:46:40 +02:00
u2f.txt hw/usb: Add U2F device autoscan to passthru mode 2020-08-31 08:23:39 +02:00
usb2.txt
usb-storage.txt
virtio-balloon-stats.txt
virtio-net-failover.rst
virtio-pmem.rst
xbzrle.txt
xen-save-devices-state.txt