qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 567d7d: vfio/common: Work around kernel overf


From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 567d7d: vfio/common: Work around kernel overflow bug in DM...
Date: Fri, 22 Feb 2019 17:31:24 +0000 (UTC)

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 567d7d3e6be5e84741655729aebf78c7257ed043
      
https://github.com/qemu/qemu/commit/567d7d3e6be5e84741655729aebf78c7257ed043
  Author: Alex Williamson <address@hidden>
  Date:   2019-02-21 (Thu, 21 Feb 2019)

  Changed paths:
    M hw/vfio/common.c
    M hw/vfio/trace-events

  Log Message:
  -----------
  vfio/common: Work around kernel overflow bug in DMA unmap

A kernel bug was introduced in v4.15 via commit 71a7d3d78e3c which
adds a test for address space wrap-around in the vfio DMA unmap path.
Unfortunately due to overflow, the kernel detects an unmap of the last
page in the 64-bit address space as a wrap-around.  In QEMU, a Q35
guest with VT-d emulation and guest IOMMU enabled will attempt to make
such an unmap request during VM system reset, triggering an error:

  qemu-kvm: VFIO_UNMAP_DMA: -22
  qemu-kvm: vfio_dma_unmap(0x561f059948f0, 0xfef00000, 0xffffffff01100000) = 
-22 (Invalid argument)

Here the IOVA start address (0xfef00000) and the size parameter
(0xffffffff01100000) add to exactly 2^64, triggering the bug.  A
kernel fix is queued for the Linux v5.0 release to address this.

This patch implements a workaround to retry the unmap, excluding the
final page of the range when we detect an unmap failing which matches
the requirements for this issue.  This is expected to be a safe and
complete workaround as the VT-d address space does not extend to the
full 64-bit space and therefore the last page should never be mapped.

This workaround can be removed once all kernels with this bug are
sufficiently deprecated.

Link: https://bugzilla.redhat.com/show_bug.cgi?id=1662291
Reported-by: Pei Zhang <address@hidden>
Debugged-by: Peter Xu <address@hidden>
Reviewed-by: Peter Xu <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
Signed-off-by: Alex Williamson <address@hidden>


  Commit: 2b6326c0bf2c686ae83d6904899cb80e9ad7a6fb
      
https://github.com/qemu/qemu/commit/2b6326c0bf2c686ae83d6904899cb80e9ad7a6fb
  Author: Eric Auger <address@hidden>
  Date:   2019-02-21 (Thu, 21 Feb 2019)

  Changed paths:
    M hw/vfio/common.c

  Log Message:
  -----------
  hw/vfio/common: Refactor container initialization

We introduce the vfio_init_container_type() helper.
It computes the highest usable iommu type and then
set the container and the iommu type.

Its usage in vfio_connect_container() makes the code
ready for addition of new iommu types.

Signed-off-by: Eric Auger <address@hidden>
Reviewed-by: Greg Kurz <address@hidden>
Signed-off-by: Alex Williamson <address@hidden>


  Commit: 8eb29f1bf5a974dc4c11d2d1f5e7c7f7a62be116
      
https://github.com/qemu/qemu/commit/8eb29f1bf5a974dc4c11d2d1f5e7c7f7a62be116
  Author: Peter Maydell <address@hidden>
  Date:   2019-02-22 (Fri, 22 Feb 2019)

  Changed paths:
    M hw/vfio/common.c
    M hw/vfio/trace-events

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20190221.0' 
into staging

VFIO updates 2019-02-21

 - Workaround kernel overflow bug in vfio type1 DMA unmap
   (Alex Williamson)

 - Refactor vfio container initialization (Eric Auger)

# gpg: Signature made Fri 22 Feb 2019 05:21:07 GMT
# gpg:                using RSA key 239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <address@hidden>" [full]
# gpg:                 aka "Alex Williamson <address@hidden>" [full]
# gpg:                 aka "Alex Williamson <address@hidden>" [full]
# gpg:                 aka "Alex Williamson <address@hidden>" [full]
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* remotes/awilliam/tags/vfio-updates-20190221.0:
  hw/vfio/common: Refactor container initialization
  vfio/common: Work around kernel overflow bug in DMA unmap

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/a05838cb2ac1...8eb29f1bf5a9



reply via email to

[Prev in Thread] Current Thread [Next in Thread]