From nobody Mon Nov 25 09:26:54 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1715282113; cv=none; d=zohomail.com; s=zohoarc; b=UPyN+nH2utnuZH3x0lO6MoEP/PmL5q07v8dwbptkgVlKGqlawa9p/B+rD6kAw2emFQ60flTqcnT9A2IGehtyFju/xxqj12qCBe+ooFmL/CWO/RGqC2/vlwOCGVPGsmtWep+fvUXNTs8yK83fWV+WAZSL0/G6b5KodBOradi5O2Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1715282113; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=qzCEGxxoE4Gk0vI6CCISnG8LnPo3AA24mRp9PWFkId8=; b=V3k1MkTcNPYnyT1n+GhkanKjsPV+9DOup+RkgDiGzC6pkd6cWVZlmPDHusxg/9gNgUlW2JVeGqbGhMjTnMmAyj+Utu/VToL1bth6FRRKwC7v7AP19XOp9U7qnuyTG7dnubSwkVuuan3gsVVRWk/u8xN9cqbw6MU7AfZ2KvZ4slE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1715282113447294.50820551586844; Thu, 9 May 2024 12:15:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s59E2-0008AX-DD; Thu, 09 May 2024 15:14:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s59Dr-00087l-Lw; Thu, 09 May 2024 15:14:33 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s59Do-0003lD-Qj; Thu, 09 May 2024 15:14:30 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 449J29t1001876; Thu, 9 May 2024 19:14:13 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3y13qar3ee-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 09 May 2024 19:14:12 +0000 Received: from m0353725.ppops.net (m0353725.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 449JECZm020391; Thu, 9 May 2024 19:14:12 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3y13qar3e9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 09 May 2024 19:14:12 +0000 Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 449IRIjE017553; Thu, 9 May 2024 19:14:11 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 3xysht4n48-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 09 May 2024 19:14:11 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 449JE5A732571978 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 9 May 2024 19:14:07 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AEC302004D; Thu, 9 May 2024 19:14:05 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 39ADB2004E; Thu, 9 May 2024 19:14:04 +0000 (GMT) Received: from ltcd48-lp2.aus.stglabs.ibm.com (unknown [9.3.101.175]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Thu, 9 May 2024 19:14:04 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=subject : from : to : cc : date : message-id : mime-version : content-type : content-transfer-encoding; s=pp1; bh=qzCEGxxoE4Gk0vI6CCISnG8LnPo3AA24mRp9PWFkId8=; b=lcXfa1j0f80xKzPF4XpK6lRto9B3DwzOKZBLGDXFosHZdL9mK0jTNKqQY1LjMUXWpePf hECB3IrcrVbLZgPodouW7gT2p8O4lsFIhSGkpqvpVvPOU0Dh01qHU3yWAZW2udYu1tpF W9eUqWPYaXdl49cnHS2W4GU2EqOLisOvdAj0ZaKJvwnV75T5OoVeCQ28jVGIJX3mU62e U1Un8UJr+umO3477z0l58uo81SZtdFU67ZzS/7/XB1Bsf1zoQ5aWFaIJm9aulHamwNpE heZw/4ceyiQdVqHh7TRI7TijyAIW9yDcBYKFiKgTMxX390Rnfe0lJUOa2zlwcEZ3Nt7y 4A== Subject: [PATCH] vfio: container: Fix missing allocation of VFIOSpaprContainer From: Shivaprasad G Bhat To: harshpb@linux.ibm.com, clg@kaod.org, npiggin@gmail.com Cc: danielhb413@gmail.com, david@gibson.dropbear.id.au, sbhat@linux.ibm.com, alex.williamson@redhat.com, qemu-ppc@nongnu.org, zhenzhong.duan@intel.com, qemu-devel@nongnu.org Date: Thu, 09 May 2024 14:14:03 -0500 Message-ID: <171528203026.8420.10620440513237875837.stgit@ltcd48-lp2.aus.stglabs.ibm.com> User-Agent: StGit/1.5 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: fgSpq5bt5fkOMJaPnKs284KTsghczeOQ X-Proofpoint-ORIG-GUID: hgEqH-KO2_KD-IgDvAsKAaAG6jMYEohE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.650,FMLib:17.11.176.26 definitions=2024-05-09_10,2024-05-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 clxscore=1011 spamscore=0 lowpriorityscore=0 impostorscore=0 mlxlogscore=999 malwarescore=0 suspectscore=0 priorityscore=1501 bulkscore=0 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2405010000 definitions=main-2405090135 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=sbhat@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1715282114570100003 The commit 6ad359ec29 "(vfio/spapr: Move prereg_listener into spapr container)" began to use the newly introduced VFIOSpaprContainer structure. After several refactors, today the container_of(container, VFIOSpaprContainer, ABC) is used when VFIOSpaprContainer is actually not allocated. On PPC64 systems, this dereference is leading to corruption showing up as glibc malloc assertion during guest start when using vfio. Patch adds the missing allocation while also making the structure movement to vfio common header file. Fixes: 6ad359ec29 "(vfio/spapr: Move prereg_listener into spapr container)" Signed-off-by: Shivaprasad G Bhat Reviewed-by: Zhenzhong Duan --- hw/vfio/container.c | 6 ++++-- hw/vfio/spapr.c | 6 ------ include/hw/vfio/vfio-common.h | 6 ++++++ 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/hw/vfio/container.c b/hw/vfio/container.c index 77bdec276e..ecaf5786d9 100644 --- a/hw/vfio/container.c +++ b/hw/vfio/container.c @@ -539,6 +539,7 @@ static int vfio_connect_container(VFIOGroup *group, Add= ressSpace *as, { VFIOContainer *container; VFIOContainerBase *bcontainer; + VFIOSpaprContainer *scontainer; int ret, fd; VFIOAddressSpace *space; @@ -611,7 +612,8 @@ static int vfio_connect_container(VFIOGroup *group, Add= ressSpace *as, goto close_fd_exit; } - container =3D g_malloc0(sizeof(*container)); + scontainer =3D g_malloc0(sizeof(*scontainer)); + container =3D &scontainer->container; container->fd =3D fd; bcontainer =3D &container->bcontainer; @@ -675,7 +677,7 @@ unregister_container_exit: vfio_cpr_unregister_container(bcontainer); free_container_exit: - g_free(container); + g_free(scontainer); close_fd_exit: close(fd); diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c index 0d949bb728..78d218b7e7 100644 --- a/hw/vfio/spapr.c +++ b/hw/vfio/spapr.c @@ -24,12 +24,6 @@ #include "qapi/error.h" #include "trace.h" -typedef struct VFIOSpaprContainer { - VFIOContainer container; - MemoryListener prereg_listener; - QLIST_HEAD(, VFIOHostDMAWindow) hostwin_list; -} VFIOSpaprContainer; - static bool vfio_prereg_listener_skipped_section(MemoryRegionSection *sect= ion) { if (memory_region_is_iommu(section->mr)) { diff --git a/include/hw/vfio/vfio-common.h b/include/hw/vfio/vfio-common.h index b9da6c08ef..010fa68ac6 100644 --- a/include/hw/vfio/vfio-common.h +++ b/include/hw/vfio/vfio-common.h @@ -82,6 +82,12 @@ typedef struct VFIOContainer { QLIST_HEAD(, VFIOGroup) group_list; } VFIOContainer; +typedef struct VFIOSpaprContainer { + VFIOContainer container; + MemoryListener prereg_listener; + QLIST_HEAD(, VFIOHostDMAWindow) hostwin_list; +} VFIOSpaprContainer; + typedef struct VFIOHostDMAWindow { hwaddr min_iova; hwaddr max_iova;