03ecfa81e7
Discovered we needed to augment a previous security patch with two additional patches to complete a clean fix. OBS-URL: https://build.opensuse.org/request/show/517094 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=353
162 lines
6.1 KiB
Diff
162 lines
6.1 KiB
Diff
From 96ce16c57f821b9f676de88f25d488d52fec68fe Mon Sep 17 00:00:00 2001
|
|
From: Stefano Stabellini <sstabellini@kernel.org>
|
|
Date: Wed, 3 May 2017 14:00:35 -0700
|
|
Subject: [PATCH] xen/mapcache: store dma information in revmapcache entries
|
|
for debugging
|
|
|
|
The Xen mapcache is able to create long term mappings, they are called
|
|
"locked" mappings. The third parameter of the xen_map_cache call
|
|
specifies if a mapping is a "locked" mapping.
|
|
|
|
>From the QEMU point of view there are two kinds of long term mappings:
|
|
|
|
[a] device memory mappings, such as option roms and video memory
|
|
[b] dma mappings, created by dma_memory_map & friends
|
|
|
|
After certain operations, ballooning a VM in particular, Xen asks QEMU
|
|
kindly to destroy all mappings. However, certainly [a] mappings are
|
|
present and cannot be removed. That's not a problem as they are not
|
|
affected by balloonning. The *real* problem is that if there are any
|
|
mappings of type [b], any outstanding dma operations could fail. This is
|
|
a known shortcoming. In other words, when Xen asks QEMU to destroy all
|
|
mappings, it is an error if any [b] mappings exist.
|
|
|
|
However today we have no way of distinguishing [a] from [b]. Because of
|
|
that, we cannot even print a decent warning.
|
|
|
|
This patch introduces a new "dma" bool field to MapCacheRev entires, to
|
|
remember if a given mapping is for dma or is a long term device memory
|
|
mapping. When xen_invalidate_map_cache is called, we print a warning if
|
|
any [b] mappings exist. We ignore [a] mappings.
|
|
|
|
Mappings created by qemu_map_ram_ptr are assumed to be [a], while
|
|
mappings created by address_space_map->qemu_ram_ptr_length are assumed
|
|
to be [b].
|
|
|
|
The goal of the patch is to make debugging and system understanding
|
|
easier.
|
|
|
|
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
|
|
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
|
|
(cherry picked from commit 1ff7c5986a515d2d936eba026ff19947bbc7cb92)
|
|
[BR: infrastructure (and otherwise useful) for BSC#1048902]
|
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
---
|
|
exec.c | 8 ++++----
|
|
include/sysemu/xen-mapcache.h | 5 +++--
|
|
xen-mapcache.c | 15 ++++++++++-----
|
|
3 files changed, 17 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/exec.c b/exec.c
|
|
index 1de9107b61..8f45b902e4 100644
|
|
--- a/exec.c
|
|
+++ b/exec.c
|
|
@@ -2012,10 +2012,10 @@ void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
|
|
* In that case just map until the end of the page.
|
|
*/
|
|
if (block->offset == 0) {
|
|
- return xen_map_cache(addr, 0, 0);
|
|
+ return xen_map_cache(addr, 0, 0, false);
|
|
}
|
|
|
|
- block->host = xen_map_cache(block->offset, block->max_length, 1);
|
|
+ block->host = xen_map_cache(block->offset, block->max_length, 1, false);
|
|
}
|
|
return ramblock_ptr(block, addr);
|
|
}
|
|
@@ -2045,10 +2045,10 @@ static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
|
|
* In that case just map the requested area.
|
|
*/
|
|
if (block->offset == 0) {
|
|
- return xen_map_cache(addr, *size, 1);
|
|
+ return xen_map_cache(addr, *size, 1, true);
|
|
}
|
|
|
|
- block->host = xen_map_cache(block->offset, block->max_length, 1);
|
|
+ block->host = xen_map_cache(block->offset, block->max_length, 1, true);
|
|
}
|
|
|
|
return ramblock_ptr(block, addr);
|
|
diff --git a/include/sysemu/xen-mapcache.h b/include/sysemu/xen-mapcache.h
|
|
index b8c93b9bce..01daaad00c 100644
|
|
--- a/include/sysemu/xen-mapcache.h
|
|
+++ b/include/sysemu/xen-mapcache.h
|
|
@@ -17,7 +17,7 @@ typedef hwaddr (*phys_offset_to_gaddr_t)(hwaddr start_addr,
|
|
void xen_map_cache_init(phys_offset_to_gaddr_t f,
|
|
void *opaque);
|
|
uint8_t *xen_map_cache(hwaddr phys_addr, hwaddr size,
|
|
- uint8_t lock);
|
|
+ uint8_t lock, bool dma);
|
|
ram_addr_t xen_ram_addr_from_mapcache(void *ptr);
|
|
void xen_invalidate_map_cache_entry(uint8_t *buffer);
|
|
void xen_invalidate_map_cache(void);
|
|
@@ -31,7 +31,8 @@ static inline void xen_map_cache_init(phys_offset_to_gaddr_t f,
|
|
|
|
static inline uint8_t *xen_map_cache(hwaddr phys_addr,
|
|
hwaddr size,
|
|
- uint8_t lock)
|
|
+ uint8_t lock,
|
|
+ bool dma)
|
|
{
|
|
abort();
|
|
}
|
|
diff --git a/xen-mapcache.c b/xen-mapcache.c
|
|
index 1a96d2e5db..8335266698 100644
|
|
--- a/xen-mapcache.c
|
|
+++ b/xen-mapcache.c
|
|
@@ -62,6 +62,7 @@ typedef struct MapCacheRev {
|
|
hwaddr paddr_index;
|
|
hwaddr size;
|
|
QTAILQ_ENTRY(MapCacheRev) next;
|
|
+ bool dma;
|
|
} MapCacheRev;
|
|
|
|
typedef struct MapCache {
|
|
@@ -202,7 +203,7 @@ static void xen_remap_bucket(MapCacheEntry *entry,
|
|
}
|
|
|
|
static uint8_t *xen_map_cache_unlocked(hwaddr phys_addr, hwaddr size,
|
|
- uint8_t lock)
|
|
+ uint8_t lock, bool dma)
|
|
{
|
|
MapCacheEntry *entry, *pentry = NULL;
|
|
hwaddr address_index;
|
|
@@ -289,6 +290,7 @@ tryagain:
|
|
if (lock) {
|
|
MapCacheRev *reventry = g_malloc0(sizeof(MapCacheRev));
|
|
entry->lock++;
|
|
+ reventry->dma = dma;
|
|
reventry->vaddr_req = mapcache->last_entry->vaddr_base + address_offset;
|
|
reventry->paddr_index = mapcache->last_entry->paddr_index;
|
|
reventry->size = entry->size;
|
|
@@ -300,12 +302,12 @@ tryagain:
|
|
}
|
|
|
|
uint8_t *xen_map_cache(hwaddr phys_addr, hwaddr size,
|
|
- uint8_t lock)
|
|
+ uint8_t lock, bool dma)
|
|
{
|
|
uint8_t *p;
|
|
|
|
mapcache_lock();
|
|
- p = xen_map_cache_unlocked(phys_addr, size, lock);
|
|
+ p = xen_map_cache_unlocked(phys_addr, size, lock, dma);
|
|
mapcache_unlock();
|
|
return p;
|
|
}
|
|
@@ -426,8 +428,11 @@ void xen_invalidate_map_cache(void)
|
|
mapcache_lock();
|
|
|
|
QTAILQ_FOREACH(reventry, &mapcache->locked_entries, next) {
|
|
- DPRINTF("There should be no locked mappings at this time, "
|
|
- "but "TARGET_FMT_plx" -> %p is present\n",
|
|
+ if (!reventry->dma) {
|
|
+ continue;
|
|
+ }
|
|
+ fprintf(stderr, "Locked DMA mapping while invalidating mapcache!"
|
|
+ " "TARGET_FMT_plx" -> %p is present\n",
|
|
reventry->paddr_index, reventry->vaddr_req);
|
|
}
|
|
|