From nobody Mon Feb 9 01:48:59 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623411974; cv=none; d=zohomail.com; s=zohoarc; b=Meee7LCqD95ACyawpj+0ghJ+myMJK5TiUez/nIcYwpWGmejAdLRVaDyxFOetvVwRM8toZPMPmJdSPGjaifAk6x+WE442bTDNR32ZGrPSkkNhbtpVGIRDuKBCe/l8NQU4kIJFS6SBq7JoicqohyYSQzIHRsocjmgYBkwckVlaJBI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623411974; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:MIME-Version:Message-ID:Subject:To; bh=3HxrRjXZtq/rDjq9L+Lr4ncdiBs2BGSu6eIpKuKzbR0=; b=cVGGrXZZfPSnNys4ahc9De/ev4w50TvOnS53b2hHuMJ8bJaY1Fw6cSnDJ0iZxM4Pup00/WNAVvYT3FiLzjOtnR9BhKMjkULVGUM2mzarPEqNdbG2dMTgzw3nUDtkKE5CUg5Pl5THuRNEafVDbszlKlfwMifmi7wpk0HdyeR6sh0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623411974599659.4877353680611; Fri, 11 Jun 2021 04:46:14 -0700 (PDT) Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-167-jOH9FvX3N6aWj0Np8dDOEw-1; Fri, 11 Jun 2021 07:46:10 -0400 Received: by mail-wm1-f69.google.com with SMTP id o82-20020a1ca5550000b029019ae053d508so4343855wme.6 for ; Fri, 11 Jun 2021 04:46:10 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.redhat.com (235.red-83-57-168.dynamicip.rima-tde.net. [83.57.168.235]) by smtp.gmail.com with ESMTPSA id k25sm15025413wmi.36.2021.06.11.04.46.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jun 2021 04:46:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623411973; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3HxrRjXZtq/rDjq9L+Lr4ncdiBs2BGSu6eIpKuKzbR0=; b=fIPTPccOw1+r3zZoFb5Flimr5j4GKJCd9BoURbsIbn0JI7zi/wbfQN7bdevj7+KBqf/cEo puwO6B3LDr1mxgsG2qb6iqx358a1L/4oo2psBqaRZiKK7l4154fHKrkTdMvJKOnL5vzqIx DRsMIB6X9YzFol4symQJ7LowtXTknc4= X-MC-Unique: jOH9FvX3N6aWj0Np8dDOEw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=3HxrRjXZtq/rDjq9L+Lr4ncdiBs2BGSu6eIpKuKzbR0=; b=PxNlQVCmS3EiMJWAwGif2TeToHJwdd1STAnVZktpUXmcksrgHXu53AbuJ/IaBzesnQ P43X+Ng/LBOafZ0fW/F26iuFa6vjULzh4isJDVexWc0PqFiL9F/u0DIrwbQxxWbYiw4O E/XLAYt2a+TpaEUUvufH9Noi99ayrsxZJWHLszqvnsXYyoDaCL/4eXwnuMCodj/bsjTt Knky6YDhSWCSEnGlgu5Op8JBz888JctpXNaJX+MSl4LqAJQ5QjNp4+D+bm+CZQzpTe5s mVAkMnPFu7UNJc3mfLLZvfGkbk/GLNqFUBQz63n5rtz+g7aSoq5no06eCz3aTb2Cb9vk RrHA== X-Gm-Message-State: AOAM531EXKM+S3nb/jFeNfqMr2h1U8dCruK/xJ2KbnJUIUUaIV/TsVFk zUhPd1HDeFfXS9FArg1oIgAj6EtxVa+vWqPIGk6ko7GPcNQ76mlWFYGCu52ev8zp/0A4xeT+Y3x mlweeuFiZn9Cw4A== X-Received: by 2002:a7b:c750:: with SMTP id w16mr3542328wmk.69.1623411969018; Fri, 11 Jun 2021 04:46:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwMTGVSuvmbRjNEtAuF1BplmTOkmuSiBIVyENFhhaM37o1SvH4Y/ktY1B6SNCq7clOTCT0H8Q== X-Received: by 2002:a7b:c750:: with SMTP id w16mr3542312wmk.69.1623411968779; Fri, 11 Jun 2021 04:46:08 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Eric Auger , Fam Zheng , qemu-block@nongnu.org, Alex Williamson , Kevin Wolf , Stefan Hajnoczi , Maxim Levitsky , Max Reitz , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org, =?UTF-8?q?Michal=20Pr=C3=ADvozn=C3=ADk?= Subject: [PATCH] block/nvme: Fix VFIO_MAP_DMA failed: No space left on device Date: Fri, 11 Jun 2021 13:46:06 +0200 Message-Id: <20210611114606.320008-1-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) When the NVMe block driver was introduced (see commit bdd6a90a9e5, January 2018), Linux VFIO_IOMMU_MAP_DMA ioctl was only returning -ENOMEM in case of error. The driver was correctly handling the error path to recycle its volatile IOVA mappings. To fix CVE-2019-3882, Linux commit 492855939bdb ("vfio/type1: Limit DMA mappings per container", April 2019) added the -ENOSPC error to signal the user exhausted the DMA mappings available for a container. The block driver started to mis-behave: qemu-system-x86_64: VFIO_MAP_DMA failed: No space left on device (qemu) (qemu) info status VM status: paused (io-error) (qemu) c VFIO_MAP_DMA failed: No space left on device qemu-system-x86_64: block/block-backend.c:1968: blk_get_aio_context: Asse= rtion `ctx =3D=3D blk->ctx' failed. Fix by handling the -ENOSPC error when DMA mappings are exhausted; other errors (such -ENOMEM) are still handled later in the same function. An easy way to reproduce this bug is to restrict the DMA mapping limit (65535 by default) when loading the VFIO IOMMU module: # modprobe vfio_iommu_type1 dma_entry_limit=3D666 Cc: qemu-stable@nongnu.org Reported-by: Michal Pr=C3=ADvozn=C3=ADk Fixes: bdd6a90a9e5 ("block: Add VFIO based NVMe driver") Buglink: https://bugs.launchpad.net/qemu/+bug/1863333 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/65 Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- Michal, is it still possible for you to test this (old bug)? A functional test using viommu & nested VM is planned (suggested by Stefan and Maxim). --- block/nvme.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/nvme.c b/block/nvme.c index 2b5421e7aa6..12f9dd5cce3 100644 --- a/block/nvme.c +++ b/block/nvme.c @@ -1030,7 +1030,7 @@ try_map: r =3D qemu_vfio_dma_map(s->vfio, qiov->iov[i].iov_base, len, true, &iova); - if (r =3D=3D -ENOMEM && retry) { + if (r =3D=3D -ENOSPC && retry) { retry =3D false; trace_nvme_dma_flush_queue_wait(s); if (s->dma_map_count) { --=20 2.31.1