From nobody Tue Feb 10 08:28:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1512719272400452.95327402495707; Thu, 7 Dec 2017 23:47:52 -0800 (PST) Received: from localhost ([::1]:35895 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eNDNp-0003LQ-VQ for importer@patchew.org; Fri, 08 Dec 2017 02:47:46 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58492) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eNDLg-00024x-5S for qemu-devel@nongnu.org; Fri, 08 Dec 2017 02:45:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eNDLe-0005jI-Ba for qemu-devel@nongnu.org; Fri, 08 Dec 2017 02:45:32 -0500 Received: from mx1.redhat.com ([209.132.183.28]:58784) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eNDLe-0005gs-4Z for qemu-devel@nongnu.org; Fri, 08 Dec 2017 02:45:30 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 41DE94A6F3; Fri, 8 Dec 2017 07:45:29 +0000 (UTC) Received: from dhcp-1-107.brq.redhat.com (ovpn-204-198.brq.redhat.com [10.40.204.198]) by smtp.corp.redhat.com (Postfix) with ESMTP id A97EB1964B; Fri, 8 Dec 2017 07:45:27 +0000 (UTC) From: Ladi Prosek To: qemu-devel@nongnu.org Date: Fri, 8 Dec 2017 08:45:12 +0100 Message-Id: <20171208074515.1553-2-lprosek@redhat.com> In-Reply-To: <20171208074515.1553-1-lprosek@redhat.com> References: <20171208074515.1553-1-lprosek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Fri, 08 Dec 2017 07:45:29 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 1/4] ivshmem: Don't update non-existent MSI routes X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: geoff@hostfission.com, pbonzini@redhat.com, armbru@redhat.com, marcandre.lureau@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" As of commit 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications"), QEMU crashes with: kvm_irqchip_commit_routes: Assertion `ret =3D=3D 0' failed. if the ivshmem device is configured with more vectors than what the server supports. This is caused by the ivshmem_vector_unmask() being called on vectors that have not been initialized by ivshmem_add_kvm_msi_virq(). This commit fixes it by adding a simple check to the mask and unmask callbacks. Note that the opposite mismatch, if the server supplies more vectors than what the device is configured for, is already handled and leads to output like: Too many eventfd received, device has 1 vectors To reproduce the assert, run: ivshmem-server -n 0 and QEMU with: -device ivshmem-doorbell,chardev=3Div -chardev socket,path=3D/tmp/ivshmem_socket,id=3Div then load the Windows driver, at the time of writing available at: https://github.com/virtio-win/kvm-guest-drivers-windows/tree/master/ivshmem The issue is believed to have been masked by other guest drivers, notably Linux ones, not enabling MSI-X on the device. Fixes: 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications") Signed-off-by: Ladi Prosek Reviewed-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Markus Armbruster --- hw/misc/ivshmem.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c index a5a46827fe..6e46669744 100644 --- a/hw/misc/ivshmem.c +++ b/hw/misc/ivshmem.c @@ -317,6 +317,10 @@ static int ivshmem_vector_unmask(PCIDevice *dev, unsig= ned vector, int ret; =20 IVSHMEM_DPRINTF("vector unmask %p %d\n", dev, vector); + if (!v->pdev) { + error_report("ivshmem: vector %d route does not exist", vector); + return -EINVAL; + } =20 ret =3D kvm_irqchip_update_msi_route(kvm_state, v->virq, msg, dev); if (ret < 0) { @@ -331,12 +335,16 @@ static void ivshmem_vector_mask(PCIDevice *dev, unsig= ned vector) { IVShmemState *s =3D IVSHMEM_COMMON(dev); EventNotifier *n =3D &s->peers[s->vm_id].eventfds[vector]; + MSIVector *v =3D &s->msi_vectors[vector]; int ret; =20 IVSHMEM_DPRINTF("vector mask %p %d\n", dev, vector); + if (!v->pdev) { + error_report("ivshmem: vector %d route does not exist", vector); + return; + } =20 - ret =3D kvm_irqchip_remove_irqfd_notifier_gsi(kvm_state, n, - s->msi_vectors[vector].vir= q); + ret =3D kvm_irqchip_remove_irqfd_notifier_gsi(kvm_state, n, v->virq); if (ret !=3D 0) { error_report("remove_irqfd_notifier_gsi failed"); } --=20 2.13.6