|
 |
586cba |
From b212edc97a471c75f8b8b44ee2a3a2cf82ef14d9 Mon Sep 17 00:00:00 2001
|
|
|
586cba |
From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
|
|
|
586cba |
Date: Fri, 22 Jul 2022 10:26:30 +0200
|
|
|
586cba |
Subject: [PATCH 10/11] vdpa: Fix memory listener deletions of iova tree
|
|
|
586cba |
MIME-Version: 1.0
|
|
|
586cba |
Content-Type: text/plain; charset=UTF-8
|
|
|
586cba |
Content-Transfer-Encoding: 8bit
|
|
|
586cba |
|
|
|
586cba |
RH-Author: Eugenio Pérez <eperezma@redhat.com>
|
|
|
586cba |
RH-MergeRequest: 114: vdpa: Fix memory listener deletions of iova tree
|
|
|
586cba |
RH-Commit: [3/4] ad71f098b3fa8654962ac7872b5393c37c9825f2 (eperezmartin/qemu-kvm)
|
|
|
586cba |
RH-Bugzilla: 2116876
|
|
|
586cba |
RH-Acked-by: Jason Wang <jasowang@redhat.com>
|
|
|
586cba |
RH-Acked-by: Cindy Lu <lulu@redhat.com>
|
|
|
586cba |
RH-Acked-by: Laurent Vivier <lvivier@redhat.com>
|
|
|
586cba |
|
|
|
586cba |
vhost_vdpa_listener_region_del is always deleting the first iova entry
|
|
|
586cba |
of the tree, since it's using the needle iova instead of the result's
|
|
|
586cba |
one.
|
|
|
586cba |
|
|
|
586cba |
This was detected using a vga virtual device in the VM using vdpa SVQ.
|
|
|
586cba |
It makes some extra memory adding and deleting, so the wrong one was
|
|
|
586cba |
mapped / unmapped. This was undetected before since all the memory was
|
|
|
586cba |
mappend and unmapped totally without that device, but other conditions
|
|
|
586cba |
could trigger it too:
|
|
|
586cba |
|
|
|
586cba |
* mem_region was with .iova = 0, .translated_addr = (correct GPA).
|
|
|
586cba |
* iova_tree_find_iova returned right result, but does not update
|
|
|
586cba |
mem_region.
|
|
|
586cba |
* iova_tree_remove always removed region with .iova = 0. Right iova were
|
|
|
586cba |
sent to the device.
|
|
|
586cba |
* Next map will fill the first region with .iova = 0, causing a mapping
|
|
|
586cba |
with the same iova and device complains, if the next action is a map.
|
|
|
586cba |
* Next unmap will cause to try to unmap again iova = 0, causing the
|
|
|
586cba |
device to complain that no region was mapped at iova = 0.
|
|
|
586cba |
|
|
|
586cba |
Fixes: 34e3c94edaef ("vdpa: Add custom IOTLB translations to SVQ")
|
|
|
586cba |
Reported-by: Lei Yang <leiyang@redhat.com>
|
|
|
586cba |
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
|
|
|
586cba |
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
|
|
586cba |
(cherry picked from commit 75a8ce64f6e37513698857fb4284170da163ed06)
|
|
|
586cba |
---
|
|
|
586cba |
hw/virtio/vhost-vdpa.c | 2 +-
|
|
|
586cba |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
586cba |
|
|
|
586cba |
diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
|
|
|
586cba |
index f877b354fa..03dc6014b0 100644
|
|
|
586cba |
--- a/hw/virtio/vhost-vdpa.c
|
|
|
586cba |
+++ b/hw/virtio/vhost-vdpa.c
|
|
|
586cba |
@@ -288,7 +288,7 @@ static void vhost_vdpa_listener_region_del(MemoryListener *listener,
|
|
|
586cba |
|
|
|
586cba |
result = vhost_iova_tree_find_iova(v->iova_tree, &mem_region);
|
|
|
586cba |
iova = result->iova;
|
|
|
586cba |
- vhost_iova_tree_remove(v->iova_tree, &mem_region);
|
|
|
586cba |
+ vhost_iova_tree_remove(v->iova_tree, result);
|
|
|
586cba |
}
|
|
|
586cba |
vhost_vdpa_iotlb_batch_begin_once(v);
|
|
|
586cba |
ret = vhost_vdpa_dma_unmap(v, iova, int128_get64(llsize));
|
|
|
586cba |
--
|
|
|
586cba |
2.31.1
|
|
|
586cba |
|