[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 45/53] vfio/pci: Fix RTL8168 NIC quirks
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 45/53] vfio/pci: Fix RTL8168 NIC quirks |
Date: |
Thu, 30 Jul 2015 06:33:00 -0500 |
From: Alex Williamson <address@hidden>
The RTL8168 quirk correctly describes using bit 31 as a signal to
mark a latch/completion, but the code mistakenly uses bit 28. This
causes the Realtek driver to spin on this register for quite a while,
20k cycles on Windows 7 v7.092 driver. Then it gets frustrated and
tries to set the bit itself and spins for another 20k cycles. For
some this still results in a working driver, for others not. About
the only thing the code really does in its current form is protect
the guest from sneaking in writes to the real hardware MSI-X table.
The fix is obviously to use bit 31 as we document that we should.
The other problem doesn't seem to affect current drivers as nobody
seems to use these window registers for writes to the MSI-X table, but
we need to use the stored data when a write is triggered, not the
value of the current write, which only provides the offset.
Note that only the Windows drivers from Realtek seem to use these
registers, the Microsoft drivers provided with Windows 8.1 do not
access them, nor do Linux in-kernel drivers.
Link: https://bugs.launchpad.net/qemu/+bug/1384892
Signed-off-by: Alex Williamson <address@hidden>
Cc: address@hidden # v2.1+
(cherry picked from commit 69970fcef937bddd7f745efe39501c7716fdfe56)
Conflicts:
hw/vfio/pci.c
* removed dependency on 3b643495
Signed-off-by: Michael Roth <address@hidden>
---
hw/vfio/pci.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 6b80539..73fd89e 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -1516,7 +1516,7 @@ static uint64_t vfio_rtl8168_window_quirk_read(void
*opaque,
memory_region_name(&quirk->mem),
vdev->vbasedev.name);
- return quirk->data.address_match ^ 0x10000000U;
+ return quirk->data.address_match ^ 0x80000000U;
}
break;
case 0: /* data */
@@ -1554,7 +1554,7 @@ static void vfio_rtl8168_window_quirk_write(void *opaque,
hwaddr addr,
switch (addr) {
case 4: /* address */
if ((data & 0x7fff0000) == 0x10000) {
- if (data & 0x10000000U &&
+ if (data & 0x80000000U &&
vdev->pdev.cap_present & QEMU_PCI_CAP_MSIX) {
trace_vfio_rtl8168_window_quirk_write_table(
@@ -1562,8 +1562,9 @@ static void vfio_rtl8168_window_quirk_write(void *opaque,
hwaddr addr,
vdev->vbasedev.name);
io_mem_write(&vdev->pdev.msix_table_mmio,
- (hwaddr)(quirk->data.address_match & 0xfff),
- data, size);
+ (hwaddr)(data & 0xfff),
+ (uint64_t)quirk->data.address_mask,
+ size);
}
quirk->data.flags = 1;
--
1.9.1
- [Qemu-devel] [PATCH 30/53] qmp: Add optional bool "unmap" to drive-mirror, (continued)
- [Qemu-devel] [PATCH 30/53] qmp: Add optional bool "unmap" to drive-mirror, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 36/53] iotests: add QMP event waiting queue, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 35/53] iotests: Use event_wait in wait_ready, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 37/53] block/nfs: limit maximum readahead size to 1MB, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 38/53] s390x/ipl: Fix boot if no bootindex was specified, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 03/53] Strip brackets from vnc host, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 39/53] spapr_vty: lookup should only return valid VTY objects, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 42/53] block: Initialize local_err in bdrv_append_temp_snapshot, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 43/53] mips/kvm: Fix Big endian 32-bit register access, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 02/53] block/iscsi: do not forget to logout from target, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 45/53] vfio/pci: Fix RTL8168 NIC quirks,
Michael Roth <=
- [Qemu-devel] [PATCH 46/53] virtio-net: unbreak any layout, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 44/53] mips/kvm: Sign extend registers written to KVM, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 40/53] target-ppc: fix hugepage support when using memory-backend-file, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 48/53] scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158), Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 47/53] vfio/pci: Fix bootindex, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 49/53] block: vpc - prevent overflow if max_table_entries >= 0x40000000, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 50/53] block: qemu-iotests - add check for multiplication overflow in vpc, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 41/53] Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 04/53] nbd/trivial: fix type cast for ioctl, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 51/53] ide: Check array bounds before writing to io_buffer (CVE-2015-5154), Michael Roth, 2015/07/30