5200007510
25098-x86-emul-lock-UD.patch 25101-x86-hpet-disable.patch ioemu-9877-MSI-X-device-cleanup.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=181
74 lines
2.7 KiB
Diff
74 lines
2.7 KiB
Diff
# HG changeset patch
|
|
# User Jan Beulich <JBeulich@suse.com>
|
|
# Date 1333384536 -3600
|
|
# Node ID c39da254d7b9a029080e970508a6aebac4e01220
|
|
# Parent 40274e03bcbf22d9456f8526d488bc47b1917246
|
|
qemu-traditional/passthrough: adjust MSI-X device cleanup (bug 1809)
|
|
|
|
To address http://bugzilla.xen.org/bugzilla/show_bug.cgi?id=1809,
|
|
pt_unregister_regions() also needs to use the newly introduced
|
|
_pt_iomem_helper() instead of calling xc_domain_memory_mapping()
|
|
directly, to take into consideration the hole created for the MSI-X
|
|
table.
|
|
|
|
For this to work, two calls in unregister_real_device() need to be
|
|
swapped, since otherwise we'd have
|
|
|
|
unregister_real_device()
|
|
-> pt_config_delete()
|
|
-> pt_msix_delete() (frees [and fails to clear] ->msix)
|
|
-> pt_unregister_regions()
|
|
-> _pt_iomem_helper() (with the patch below)
|
|
-> has_msix_mapping() (uses ->msix)
|
|
|
|
And to be certain to prevent (catch) further/future use-after-free
|
|
instances, let's also clear dev->msix in pt_msix_delete().
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Tested-by: Yongjie Ren <yongjie.ren@intel.com>
|
|
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
|
|
|
committer: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
--- a/tools/ioemu-qemu-xen/hw/pass-through.c
|
|
+++ b/tools/ioemu-qemu-xen/hw/pass-through.c
|
|
@@ -1988,11 +1988,9 @@ static void pt_unregister_regions(struct
|
|
if ( type == PCI_ADDRESS_SPACE_MEM ||
|
|
type == PCI_ADDRESS_SPACE_MEM_PREFETCH )
|
|
{
|
|
- ret = xc_domain_memory_mapping(xc_handle, domid,
|
|
- assigned_device->bases[i].e_physbase >> XC_PAGE_SHIFT,
|
|
- assigned_device->bases[i].access.maddr >> XC_PAGE_SHIFT,
|
|
- (e_size+XC_PAGE_SIZE-1) >> XC_PAGE_SHIFT,
|
|
- DPCI_REMOVE_MAPPING);
|
|
+ ret = _pt_iomem_helper(assigned_device, i,
|
|
+ assigned_device->bases[i].e_physbase,
|
|
+ e_size, DPCI_REMOVE_MAPPING);
|
|
if ( ret != 0 )
|
|
{
|
|
PT_LOG("Error: remove old mem mapping failed!\n");
|
|
@@ -4425,12 +4423,12 @@ static int unregister_real_device(int de
|
|
}
|
|
}
|
|
|
|
- /* delete all emulated config registers */
|
|
- pt_config_delete(assigned_device);
|
|
-
|
|
/* unregister real device's MMIO/PIO BARs */
|
|
pt_unregister_regions(assigned_device);
|
|
|
|
+ /* delete all emulated config registers */
|
|
+ pt_config_delete(assigned_device);
|
|
+
|
|
pt_iomul_free(assigned_device);
|
|
|
|
/* mark this devfn as free */
|
|
--- a/tools/ioemu-qemu-xen/hw/pt-msi.c
|
|
+++ b/tools/ioemu-qemu-xen/hw/pt-msi.c
|
|
@@ -621,4 +621,5 @@ void pt_msix_delete(struct pt_dev *dev)
|
|
|
|
|
|
free(dev->msix);
|
|
+ dev->msix = NULL;
|
|
}
|