[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 0ddcb3: hw/vfio/pci-quirks: Sanitize capabili
|
From: |
Richard Henderson |
|
Subject: |
[Qemu-commits] [qemu/qemu] 0ddcb3: hw/vfio/pci-quirks: Sanitize capability pointer |
|
Date: |
Mon, 10 Jul 2023 01:17:44 -0700 |
Branch: refs/heads/staging
Home: https://github.com/qemu/qemu
Commit: 0ddcb39c93571da4fdcc39fc770500d2d275376d
https://github.com/qemu/qemu/commit/0ddcb39c93571da4fdcc39fc770500d2d275376d
Author: Alex Williamson <alex.williamson@redhat.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M hw/vfio/pci-quirks.c
Log Message:
-----------
hw/vfio/pci-quirks: Sanitize capability pointer
Coverity reports a tained scalar when traversing the capabilities
chain (CID 1516589). In practice I've never seen a device with a
chain so broken as to cause an issue, but it's also pretty easy to
sanitize.
Fixes: f6b30c1984f7 ("hw/vfio/pci-quirks: Support alternate offset for
GPUDirect Cliques")
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Commit: adee0da0368f50b3ee934cdeeb6076466dabb268
https://github.com/qemu/qemu/commit/adee0da0368f50b3ee934cdeeb6076466dabb268
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M hw/vfio/pci.c
Log Message:
-----------
vfio/pci: Disable INTx in vfio_realize error path
When vfio realize fails, INTx isn't disabled if it has been enabled.
This may confuse host side with unhandled interrupt report.
Fixes: c5478fea27ac ("vfio/pci: Respond to KVM irqchip change notifier")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Commit: 3c26c80a0a269ce7870d1475e756607e939226cd
https://github.com/qemu/qemu/commit/3c26c80a0a269ce7870d1475e756607e939226cd
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M hw/vfio/common.c
M hw/vfio/migration.c
M hw/vfio/pci.c
M include/hw/vfio/vfio-common.h
Log Message:
-----------
vfio/migration: Change vIOMMU blocker from global to per device
Contrary to multiple device blocker which needs to consider already-attached
devices to unblock/block dynamically, the vIOMMU migration blocker is a device
specific config. Meaning it only needs to know whether the device is bypassing
or not the vIOMMU (via machine property, or per pxb-pcie::bypass_iommu), and
does not need the state of currently present devices. For this reason, the
vIOMMU global migration blocker can be consolidated into the per-device
migration blocker, allowing us to remove some unnecessary code.
This change also makes vfio_mig_active() more accurate as it doesn't check for
global blocker.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Commit: 2b43b2995b02e73b70d10b5be2f2b29b68c7e2fa
https://github.com/qemu/qemu/commit/2b43b2995b02e73b70d10b5be2f2b29b68c7e2fa
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M hw/vfio/migration.c
M hw/vfio/pci.c
Log Message:
-----------
vfio/migration: Free resources when vfio_migration_realize fails
When vfio_realize() succeeds, hot unplug will call vfio_exitfn()
to free resources allocated in vfio_realize(); when vfio_realize()
fails, vfio_exitfn() is never called and we need to free resources
in vfio_realize().
In the case that vfio_migration_realize() fails,
e.g: with -only-migratable & enable-migration=off, we see below:
(qemu) device_add vfio-pci,host=81:11.1,id=vfio1,bus=root1,enable-migration=off
0000:81:11.1: Migration disabled
Error: disallowing migration blocker (--only-migratable) for: 0000:81:11.1:
Migration is disabled for VFIO device
If we hotplug again we should see same log as above, but we see:
(qemu) device_add vfio-pci,host=81:11.1,id=vfio1,bus=root1,enable-migration=off
Error: vfio 0000:81:11.1: device is already attached
That's because some references to VFIO device isn't released.
For resources allocated in vfio_migration_realize(), free them by
jumping to out_deinit path with calling a new function
vfio_migration_deinit(). For resources allocated in vfio_realize(),
free them by jumping to de-register path in vfio_realize().
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Fixes: a22651053b59 ("vfio: Make vfio-pci device migration capable")
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Commit: 0520d63c7701b76560eca7d4a484f3e3f57ccb00
https://github.com/qemu/qemu/commit/0520d63c7701b76560eca7d4a484f3e3f57ccb00
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M hw/vfio/pci.c
Log Message:
-----------
vfio/migration: Remove print of "Migration disabled"
Property enable_migration supports [on/off/auto].
In ON mode, error pointer is passed to errp and logged.
In OFF mode, we doesn't need to log "Migration disabled" as it's intentional.
In AUTO mode, we should only ever see errors or warnings if the device
supports migration and an error or incompatibility occurs while further
probing or configuring it. Lack of support for migration shoundn't
generate an error or warning.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Commit: d4a2af747d5a4b58c685a14d0bde7c4f65679bb5
https://github.com/qemu/qemu/commit/d4a2af747d5a4b58c685a14d0bde7c4f65679bb5
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M hw/vfio/migration.c
M hw/vfio/pci.c
M include/hw/vfio/vfio-common.h
Log Message:
-----------
vfio/migration: Return bool type for vfio_migration_realize()
Make vfio_migration_realize() adhere to the convention of other realize()
callbacks(like qdev_realize) by returning bool instead of int.
Suggested-by: Cédric Le Goater <clg@redhat.com>
Suggested-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Commit: 8af87a3ec7e42ff1b9cf75ceee0451c31e34d153
https://github.com/qemu/qemu/commit/8af87a3ec7e42ff1b9cf75ceee0451c31e34d153
Author: Avihai Horon <avihaih@nvidia.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M hw/vfio/pci.c
Log Message:
-----------
vfio: Fix null pointer dereference bug in vfio_bars_finalize()
vfio_realize() has the following flow:
1. vfio_bars_prepare() -- sets VFIOBAR->size.
2. msix_early_setup().
3. vfio_bars_register() -- allocates VFIOBAR->mr.
After vfio_bars_prepare() is called msix_early_setup() can fail. If it
does fail, vfio_bars_register() is never called and VFIOBAR->mr is not
allocated.
In this case, vfio_bars_finalize() is called as part of the error flow
to free the bars' resources. However, vfio_bars_finalize() calls
object_unparent() for VFIOBAR->mr after checking only VFIOBAR->size, and
thus we get a null pointer dereference.
Fix it by checking VFIOBAR->mr in vfio_bars_finalize().
Fixes: 89d5202edc50 ("vfio/pci: Allow relocating MSI-X MMIO")
Signed-off-by: Avihai Horon <avihaih@nvidia.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Commit: d0bf492f3877d4187d2f7d0c0abb3a2bf3104392
https://github.com/qemu/qemu/commit/d0bf492f3877d4187d2f7d0c0abb3a2bf3104392
Author: Cédric Le Goater <clg@redhat.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M include/standard-headers/drm/drm_fourcc.h
M include/standard-headers/linux/const.h
M include/standard-headers/linux/pci_regs.h
M include/standard-headers/linux/vhost_types.h
M include/standard-headers/linux/virtio_blk.h
M include/standard-headers/linux/virtio_config.h
M include/standard-headers/linux/virtio_net.h
M linux-headers/asm-arm64/bitsperlong.h
M linux-headers/asm-arm64/kvm.h
M linux-headers/asm-generic/bitsperlong.h
M linux-headers/asm-generic/unistd.h
M linux-headers/asm-mips/unistd_n32.h
M linux-headers/asm-mips/unistd_n64.h
M linux-headers/asm-mips/unistd_o32.h
M linux-headers/asm-powerpc/unistd_32.h
M linux-headers/asm-powerpc/unistd_64.h
M linux-headers/asm-riscv/bitsperlong.h
M linux-headers/asm-riscv/kvm.h
M linux-headers/asm-riscv/unistd.h
M linux-headers/asm-s390/unistd_32.h
M linux-headers/asm-s390/unistd_64.h
M linux-headers/asm-x86/kvm.h
M linux-headers/asm-x86/unistd_32.h
M linux-headers/asm-x86/unistd_64.h
M linux-headers/asm-x86/unistd_x32.h
M linux-headers/linux/const.h
M linux-headers/linux/kvm.h
M linux-headers/linux/mman.h
M linux-headers/linux/psp-sev.h
M linux-headers/linux/userfaultfd.h
M linux-headers/linux/vfio.h
M linux-headers/linux/vhost.h
Log Message:
-----------
linux-headers: update to v6.5-rc1
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Commit: 1360b2ad1f673d32a09de5826cd71ecd0510164a
https://github.com/qemu/qemu/commit/1360b2ad1f673d32a09de5826cd71ecd0510164a
Author: Tony Krowiak <akrowiak@linux.ibm.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M hw/vfio/ap.c
Log Message:
-----------
s390x/ap: Wire up the device request notifier interface
Let's wire up the device request notifier interface to handle device unplug
requests for AP.
Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
Link:
https://lore.kernel.org/qemu-devel/20230530225544.280031-1-akrowiak@linux.ibm.com/
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Commit: cf2916f6a1c3e4e9d9907f4c65f8a4634039de40
https://github.com/qemu/qemu/commit/cf2916f6a1c3e4e9d9907f4c65f8a4634039de40
Author: Alex Williamson <alex.williamson@redhat.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M hw/pci/pcie.c
M include/hw/pci/pcie.h
Log Message:
-----------
pcie: Add a PCIe capability version helper
Report the PCIe capability version for a device
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Robin Voetter <robin@streamhpc.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Commit: c00aac6f1428d40a4ca2ab9b89070afc2a5bf979
https://github.com/qemu/qemu/commit/c00aac6f1428d40a4ca2ab9b89070afc2a5bf979
Author: Alex Williamson <alex.williamson@redhat.com>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M hw/vfio/pci.c
M hw/vfio/pci.h
Log Message:
-----------
vfio/pci: Enable AtomicOps completers on root ports
Dynamically enable Atomic Ops completer support around realize/exit of
vfio-pci devices reporting host support for these accesses and adhering
to a minimal configuration standard. While the Atomic Ops completer
bits in the root port device capabilities2 register are read-only, the
PCIe spec does allow RO bits to change to reflect hardware state. We
take advantage of that here around the realize and exit functions of
the vfio-pci device.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Robin Voetter <robin@streamhpc.com>
Tested-by: Robin Voetter <robin@streamhpc.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Commit: fcb237e64f9d026c03d635579c7b288d0008a6e5
https://github.com/qemu/qemu/commit/fcb237e64f9d026c03d635579c7b288d0008a6e5
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-07-10 (Mon, 10 Jul 2023)
Changed paths:
M hw/pci/pcie.c
M hw/vfio/ap.c
M hw/vfio/common.c
M hw/vfio/migration.c
M hw/vfio/pci-quirks.c
M hw/vfio/pci.c
M hw/vfio/pci.h
M include/hw/pci/pcie.h
M include/hw/vfio/vfio-common.h
M include/standard-headers/drm/drm_fourcc.h
M include/standard-headers/linux/const.h
M include/standard-headers/linux/pci_regs.h
M include/standard-headers/linux/vhost_types.h
M include/standard-headers/linux/virtio_blk.h
M include/standard-headers/linux/virtio_config.h
M include/standard-headers/linux/virtio_net.h
M linux-headers/asm-arm64/bitsperlong.h
M linux-headers/asm-arm64/kvm.h
M linux-headers/asm-generic/bitsperlong.h
M linux-headers/asm-generic/unistd.h
M linux-headers/asm-mips/unistd_n32.h
M linux-headers/asm-mips/unistd_n64.h
M linux-headers/asm-mips/unistd_o32.h
M linux-headers/asm-powerpc/unistd_32.h
M linux-headers/asm-powerpc/unistd_64.h
M linux-headers/asm-riscv/bitsperlong.h
M linux-headers/asm-riscv/kvm.h
M linux-headers/asm-riscv/unistd.h
M linux-headers/asm-s390/unistd_32.h
M linux-headers/asm-s390/unistd_64.h
M linux-headers/asm-x86/kvm.h
M linux-headers/asm-x86/unistd_32.h
M linux-headers/asm-x86/unistd_64.h
M linux-headers/asm-x86/unistd_x32.h
M linux-headers/linux/const.h
M linux-headers/linux/kvm.h
M linux-headers/linux/mman.h
M linux-headers/linux/psp-sev.h
M linux-headers/linux/userfaultfd.h
M linux-headers/linux/vfio.h
M linux-headers/linux/vhost.h
Log Message:
-----------
Merge tag 'pull-vfio-20230710' of https://github.com/legoater/qemu into
staging
vfio queue:
* Fixes in error handling paths of VFIO PCI devices
* Improvements of reported errors for VFIO migration
* Linux header update
* Enablement of AtomicOps completers on root ports
* Fix for unplug of passthrough AP devices
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmSrug0ACgkQUaNDx8/7
# 7KHYCRAAt6UeZi8nKPlN+cs6guOagCcAJOu13nm7XN0bFxjYf/Q2t618cpM7PLSk
# h+4VGsMUVJ1dumcCkBmv7LAn0G6CpVR3VDi5QuGfMODRhpWfSoaypPIizRgrbarL
# lSyaVaPIaddlDZ4AIfFA9Ebnytvm5/ecsyTr0cv7OejVKWI/jN6bC/v36AmNQKKQ
# J5RCDpQ6fOsdqf0Dzvn7xjuHRE4DYtsWkVoslDoBQMgPWHLF8UwRu/OPD6cBQYAR
# /fmgoOkkNDMdN3laqwAyfAUjKfOFpLuZzJ5KNFjtkBiktm66dw4Y8/lWoChVR+S6
# PRZ3nk0HxyzB96zCytfggBX905PBD54LIuockRaYKTlTxT19C3fDjDz5tsjKNhLR
# aFec4KiJaUJj0fa/Vw8DB/WUbCgbOXGHiWhY8vNdpVoc9AZe8xj9z4nB3hmzx1i/
# lZhsM/s3kTNHpVGlW7vTfbToFBmt1eoglu+ILe/HeHLi8LjzCsHy+wR5c0n0/HVI
# fLUuUS1AGQvi8+HCCUi7gwzpJkl4rPJsPx51wfXJk+q/3GQ8g9Mg9qotHNHm4N60
# zq/I5VqqEkJzdaMjup04ZqsMAWqGrnU2f4aNPvBhgaeO9CQE/buIsA34buQRwiG4
# wTodqm0jrkx0Z59jliZ0mFU/LxMvhMaQCEh+OdyZ9vRtfLBjF4c=
# =U2Hc
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 10 Jul 2023 08:58:05 AM BST
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* tag 'pull-vfio-20230710' of https://github.com/legoater/qemu:
vfio/pci: Enable AtomicOps completers on root ports
pcie: Add a PCIe capability version helper
s390x/ap: Wire up the device request notifier interface
linux-headers: update to v6.5-rc1
vfio: Fix null pointer dereference bug in vfio_bars_finalize()
vfio/migration: Return bool type for vfio_migration_realize()
vfio/migration: Remove print of "Migration disabled"
vfio/migration: Free resources when vfio_migration_realize fails
vfio/migration: Change vIOMMU blocker from global to per device
vfio/pci: Disable INTx in vfio_realize error path
hw/vfio/pci-quirks: Sanitize capability pointer
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Compare: https://github.com/qemu/qemu/compare/2ff49e96accc...fcb237e64f9d
- [Qemu-commits] [qemu/qemu] 0ddcb3: hw/vfio/pci-quirks: Sanitize capability pointer,
Richard Henderson <=