|
 |
6a2d3c |
From 395b6a18728feca247bad3adea3b7c6884eb30fd Mon Sep 17 00:00:00 2001
|
|
|
6a2d3c |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
6a2d3c |
Date: Fri, 17 Jan 2014 19:15:23 -0500
|
|
|
6a2d3c |
Subject: [PATCH 1/6] init_virtio_scsi(): reset the HBA before freeing its
|
|
|
6a2d3c |
virtio ring
|
|
|
6a2d3c |
|
|
|
6a2d3c |
Message-id: <1389986123-16290-1-git-send-email-lersek@redhat.com>
|
|
|
6a2d3c |
Patchwork-id: 56797
|
|
|
6a2d3c |
O-Subject: [RHEL-7.0 seabios PATCH] init_virtio_scsi(): reset the HBA before freeing its virtio ring
|
|
|
6a2d3c |
Bugzilla: 1013418
|
|
|
6a2d3c |
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
|
|
|
6a2d3c |
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
|
|
|
6a2d3c |
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
6a2d3c |
|
|
|
6a2d3c |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1013418
|
|
|
6a2d3c |
Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=6893168
|
|
|
6a2d3c |
|
|
|
6a2d3c |
When init_virtio_scsi() finds no SCSI targets connected to the HBA, it
|
|
|
6a2d3c |
frees the virtio ring. Other code in SeaBIOS proceeds to overwrite the
|
|
|
6a2d3c |
area. However, the ring is in use by qemu at that point -- not only did we
|
|
|
6a2d3c |
report the (ACK|DRIVER|DRIVER_OK) status earlier, we even communicated
|
|
|
6a2d3c |
over the ring.
|
|
|
6a2d3c |
|
|
|
6a2d3c |
Of course SeaBIOS doesn't "kick" the HBA ever again, hence qemu has no
|
|
|
6a2d3c |
reason to look at the ring. However, when qemu uses KVM acceleration, and
|
|
|
6a2d3c |
ioeventfd is enabled for the HBA, then a vmstate change to "running"
|
|
|
6a2d3c |
(including stop->cont monitor commands and incoming migration) "forces" a
|
|
|
6a2d3c |
kick (see qemu commit 25db9ebe). Qemu then tries to interpret whatever
|
|
|
6a2d3c |
unrelated guest data is in the HBA's original ring area, as virtio
|
|
|
6a2d3c |
protocol. Qemu exits upon seeing the garbage.
|
|
|
6a2d3c |
|
|
|
6a2d3c |
init_virtio_scsi() should reset the HBA before allowing the virtio ring
|
|
|
6a2d3c |
memory to be reused. Device reset causes the hypervisor to drop its
|
|
|
6a2d3c |
references.
|
|
|
6a2d3c |
|
|
|
6a2d3c |
This change is justified / underpinned by pure virtio-spec compliance as
|
|
|
6a2d3c |
well.
|
|
|
6a2d3c |
|
|
|
6a2d3c |
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1013418
|
|
|
6a2d3c |
|
|
|
6a2d3c |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
6a2d3c |
(cherry picked from commit 5f2d17d35b2339526f3b3d580b279ea78e406a25)
|
|
|
6a2d3c |
---
|
|
|
6a2d3c |
src/virtio-scsi.c | 4 +++-
|
|
|
6a2d3c |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
6a2d3c |
|
|
|
6a2d3c |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
6a2d3c |
---
|
|
|
6a2d3c |
src/virtio-scsi.c | 4 +++-
|
|
|
6a2d3c |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
6a2d3c |
|
|
|
6a2d3c |
diff --git a/src/virtio-scsi.c b/src/virtio-scsi.c
|
|
|
6a2d3c |
index bf6c68b..7caf405 100644
|
|
|
6a2d3c |
--- a/src/virtio-scsi.c
|
|
|
6a2d3c |
+++ b/src/virtio-scsi.c
|
|
|
6a2d3c |
@@ -154,8 +154,10 @@ init_virtio_scsi(struct pci_device *pci)
|
|
|
6a2d3c |
for (tot = 0, i = 0; i < 256; i++)
|
|
|
6a2d3c |
tot += virtio_scsi_scan_target(pci, ioaddr, vq, i);
|
|
|
6a2d3c |
|
|
|
6a2d3c |
- if (!tot)
|
|
|
6a2d3c |
+ if (!tot) {
|
|
|
6a2d3c |
+ vp_reset(ioaddr);
|
|
|
6a2d3c |
goto fail;
|
|
|
6a2d3c |
+ }
|
|
|
6a2d3c |
|
|
|
6a2d3c |
return;
|
|
|
6a2d3c |
|
|
|
6a2d3c |
--
|
|
|
6a2d3c |
1.8.3.1
|
|
|
6a2d3c |
|