[Qemu-devel] [PULL 26/47] ivshmem: Don't update non-existent MSI routes

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 26/47] ivshmem: Don't update non-existent MSI routes

From:	Paolo Bonzini
Subject:	[Qemu-devel] [PULL 26/47] ivshmem: Don't update non-existent MSI routes
Date:	Mon, 5 Feb 2018 20:28:40 +0100

From: Ladi Prosek <address@hidden>

As of commit 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications"),
QEMU crashes with:

  kvm_irqchip_commit_routes: Assertion `ret == 0' failed.

if the ivshmem device is configured with more vectors than what the server
supports. This is caused by the ivshmem_vector_unmask() being called on
vectors that have not been initialized by ivshmem_add_kvm_msi_virq().

This commit fixes it by adding a simple check to the mask and unmask
callbacks.

Note that the opposite mismatch, if the server supplies more vectors than
what the device is configured for, is already handled and leads to output
like:

  Too many eventfd received, device has 1 vectors

To reproduce the assert, run:

  ivshmem-server -n 0

and QEMU with:

  -device ivshmem-doorbell,chardev=iv
  -chardev socket,path=/tmp/ivshmem_socket,id=iv

then load the Windows driver, at the time of writing available at:

https://github.com/virtio-win/kvm-guest-drivers-windows/tree/master/ivshmem

The issue is believed to have been masked by other guest drivers, notably
Linux ones, not enabling MSI-X on the device.

Fixes: 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications")
Signed-off-by: Ladi Prosek <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
 hw/misc/ivshmem.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index 4919011..0b471d9 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -316,6 +316,10 @@ static int ivshmem_vector_unmask(PCIDevice *dev, unsigned 
vector,
     int ret;
 
     IVSHMEM_DPRINTF("vector unmask %p %d\n", dev, vector);
+    if (!v->pdev) {
+        error_report("ivshmem: vector %d route does not exist", vector);
+        return -EINVAL;
+    }
 
     ret = kvm_irqchip_update_msi_route(kvm_state, v->virq, msg, dev);
     if (ret < 0) {
@@ -330,12 +334,16 @@ static void ivshmem_vector_mask(PCIDevice *dev, unsigned 
vector)
 {
     IVShmemState *s = IVSHMEM_COMMON(dev);
     EventNotifier *n = &s->peers[s->vm_id].eventfds[vector];
+    MSIVector *v = &s->msi_vectors[vector];
     int ret;
 
     IVSHMEM_DPRINTF("vector mask %p %d\n", dev, vector);
+    if (!v->pdev) {
+        error_report("ivshmem: vector %d route does not exist", vector);
+        return;
+    }
 
-    ret = kvm_irqchip_remove_irqfd_notifier_gsi(kvm_state, n,
-                                                s->msi_vectors[vector].virq);
+    ret = kvm_irqchip_remove_irqfd_notifier_gsi(kvm_state, n, v->virq);
     if (ret != 0) {
         error_report("remove_irqfd_notifier_gsi failed");
     }
-- 
1.8.3.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PULL 23/47] vfio: listener unregister before unset container, (continued)
- [Qemu-devel] [PULL 23/47] vfio: listener unregister before unset container, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 22/47] arm: postpone device listener unregister, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 25/47] chardev/char-socket: add POLLHUP handler, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 24/47] memory: do explicit cleanup when remove listeners, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 28/47] ivshmem: Improve MSI irqfd error handling, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 29/47] ivshmem: Disable irqfd on device reset, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 27/47] ivshmem: Always remove irqfd notifiers, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 32/47] cpus: dummy: unregister thread with RCU, exit loop on unplug, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 30/47] cpus: hax: register/unregister thread with RCU, exit loop on unplug, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 31/47] cpus: kvm: unregister thread with RCU, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 26/47] ivshmem: Don't update non-existent MSI routes, Paolo Bonzini <=
- [Qemu-devel] [PULL 35/47] cpus: join thread when removing a vCPU, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 34/47] cpus: hvf: unregister thread with RCU, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 33/47] cpus: tcg: unregister thread with RCU, fix exiting of loop on unplug, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 36/47] memfd: add error argument, instead of perror(), Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 38/47] memfd: add hugetlbsize argument, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 37/47] memfd: add hugetlb support, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 40/47] tests: keep compiling failing vhost-user tests, Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 44/47] Add the Windows Hypervisor Platform accelerator., Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 43/47] tests/test-filter-redirector: move close(), Paolo Bonzini, 2018/02/05
- [Qemu-devel] [PULL 39/47] Add memfd based hostmem, Paolo Bonzini, 2018/02/05

Prev by Date: [Qemu-devel] [PULL 31/47] cpus: kvm: unregister thread with RCU
Next by Date: [Qemu-devel] [PULL 35/47] cpus: join thread when removing a vCPU
Previous by thread: [Qemu-devel] [PULL 31/47] cpus: kvm: unregister thread with RCU
Next by thread: [Qemu-devel] [PULL 35/47] cpus: join thread when removing a vCPU
Index(es):
- Date
- Thread