When there are multiple VFIO containers, vioc->dma_map is restored
multiple times, this made only first container work and remaining
containers using vioc->dma_map restored by first container.
Fix it by save and restore vioc->dma_map locally. saved_dma_map in
VFIOContainerCPR becomes useless and is removed.
Fixes: 7e9f21411302 ("vfio/container: restore DMA vaddr")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
---
include/hw/vfio/vfio-cpr.h | 7 ++++---
hw/vfio/cpr-legacy.c | 23 +++++++++--------------
2 files changed, 13 insertions(+), 17 deletions(-)
diff --git a/include/hw/vfio/vfio-cpr.h b/include/hw/vfio/vfio-cpr.h
index 8bf85b9f4e..dbb2a16b7a 100644
--- a/include/hw/vfio/vfio-cpr.h
+++ b/include/hw/vfio/vfio-cpr.h
@@ -16,14 +16,15 @@ struct VFIOContainer;
struct VFIOContainerBase;
struct VFIOGroup;
+typedef int (*dma_map_fn)(const struct VFIOContainerBase *bcontainer,
+ hwaddr iova, ram_addr_t size, void *vaddr,
+ bool readonly, MemoryRegion *mr);
+
typedef struct VFIOContainerCPR {
Error *blocker;
bool vaddr_unmapped;
NotifierWithReturn transfer_notifier;
MemoryListener remap_listener;
- int (*saved_dma_map)(const struct VFIOContainerBase *bcontainer,
- hwaddr iova, ram_addr_t size,
- void *vaddr, bool readonly, MemoryRegion *mr);
} VFIOContainerCPR;
typedef struct VFIODeviceCPR {
diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c
index 0a5d1bd480..1216717546 100644
--- a/hw/vfio/cpr-legacy.c
+++ b/hw/vfio/cpr-legacy.c
@@ -99,20 +99,21 @@ static int vfio_container_post_load(void *opaque, int version_id)
{
VFIOContainer *container = opaque;
VFIOContainerBase *bcontainer = &container->bcontainer;
- VFIOGroup *group;
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+ dma_map_fn saved_dma_map = vioc->dma_map;
Error *local_err = NULL;
+ /* During incoming CPR, divert calls to dma_map. */
+ vioc->dma_map = vfio_legacy_cpr_dma_map;
+
if (!vfio_listener_register(bcontainer, &local_err)) {
error_report_err(local_err);
return -1;
}
- QLIST_FOREACH(group, &container->group_list, container_next) {
- VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+ /* Restore original dma_map function */
+ vioc->dma_map = saved_dma_map;
- /* Restore original dma_map function */
- vioc->dma_map = container->cpr.saved_dma_map;
- }
return 0;
}
@@ -148,6 +149,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier,
*/
VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+ dma_map_fn saved_dma_map = vioc->dma_map;
vioc->dma_map = vfio_legacy_cpr_dma_map;
container->cpr.remap_listener = (MemoryListener) {
@@ -158,7 +160,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier,
bcontainer->space->as);
memory_listener_unregister(&container->cpr.remap_listener);
container->cpr.vaddr_unmapped = false;
- vioc->dma_map = container->cpr.saved_dma_map;
+ vioc->dma_map = saved_dma_map;
}
return 0;
}
@@ -179,13 +181,6 @@ bool vfio_legacy_cpr_register_container(VFIOContainer *container, Error **errp)
vmstate_register(NULL, -1, &vfio_container_vmstate, container);
- /* During incoming CPR, divert calls to dma_map. */
- VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
- container->cpr.saved_dma_map = vioc->dma_map;
- if (cpr_is_incoming()) {
- vioc->dma_map = vfio_legacy_cpr_dma_map;
- }
-
migration_add_notifier_mode(&container->cpr.transfer_notifier,
vfio_cpr_fail_notifier,
MIG_MODE_CPR_TRANSFER);
--
2.34.1On 6/27/2025 2:33 AM, Zhenzhong Duan wrote:
> When there are multiple VFIO containers, vioc->dma_map is restored
> multiple times, this made only first container work and remaining
> containers using vioc->dma_map restored by first container.
>
> Fix it by save and restore vioc->dma_map locally. saved_dma_map in
> VFIOContainerCPR becomes useless and is removed.
>
> Fixes: 7e9f21411302 ("vfio/container: restore DMA vaddr")
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
> ---
> include/hw/vfio/vfio-cpr.h | 7 ++++---
> hw/vfio/cpr-legacy.c | 23 +++++++++--------------
> 2 files changed, 13 insertions(+), 17 deletions(-)
>
> diff --git a/include/hw/vfio/vfio-cpr.h b/include/hw/vfio/vfio-cpr.h
> index 8bf85b9f4e..dbb2a16b7a 100644
> --- a/include/hw/vfio/vfio-cpr.h
> +++ b/include/hw/vfio/vfio-cpr.h
> @@ -16,14 +16,15 @@ struct VFIOContainer;
> struct VFIOContainerBase;
> struct VFIOGroup;
>
> +typedef int (*dma_map_fn)(const struct VFIOContainerBase *bcontainer,
> + hwaddr iova, ram_addr_t size, void *vaddr,
> + bool readonly, MemoryRegion *mr);
> +
> typedef struct VFIOContainerCPR {
> Error *blocker;
> bool vaddr_unmapped;
> NotifierWithReturn transfer_notifier;
> MemoryListener remap_listener;
> - int (*saved_dma_map)(const struct VFIOContainerBase *bcontainer,
> - hwaddr iova, ram_addr_t size,
> - void *vaddr, bool readonly, MemoryRegion *mr);
> } VFIOContainerCPR;
>
> typedef struct VFIODeviceCPR {
> diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c
> index 0a5d1bd480..1216717546 100644
> --- a/hw/vfio/cpr-legacy.c
> +++ b/hw/vfio/cpr-legacy.c
> @@ -99,20 +99,21 @@ static int vfio_container_post_load(void *opaque, int version_id)
> {
> VFIOContainer *container = opaque;
> VFIOContainerBase *bcontainer = &container->bcontainer;
> - VFIOGroup *group;
> + VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
> + dma_map_fn saved_dma_map = vioc->dma_map;
> Error *local_err = NULL;
>
> + /* During incoming CPR, divert calls to dma_map. */
> + vioc->dma_map = vfio_legacy_cpr_dma_map;
> +
> if (!vfio_listener_register(bcontainer, &local_err)) {
> error_report_err(local_err);
> return -1;
> }
>
> - QLIST_FOREACH(group, &container->group_list, container_next) {
> - VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
> + /* Restore original dma_map function */
> + vioc->dma_map = saved_dma_map;
>
> - /* Restore original dma_map function */
> - vioc->dma_map = container->cpr.saved_dma_map;
> - }
> return 0;
> }
>
> @@ -148,6 +149,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier,
> */
>
> VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
> + dma_map_fn saved_dma_map = vioc->dma_map;
> vioc->dma_map = vfio_legacy_cpr_dma_map;
>
> container->cpr.remap_listener = (MemoryListener) {
> @@ -158,7 +160,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier,
> bcontainer->space->as);
> memory_listener_unregister(&container->cpr.remap_listener);
> container->cpr.vaddr_unmapped = false;
> - vioc->dma_map = container->cpr.saved_dma_map;
> + vioc->dma_map = saved_dma_map;
> }
> return 0;
> }
> @@ -179,13 +181,6 @@ bool vfio_legacy_cpr_register_container(VFIOContainer *container, Error **errp)
>
> vmstate_register(NULL, -1, &vfio_container_vmstate, container);
>
> - /* During incoming CPR, divert calls to dma_map. */
> - VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
> - container->cpr.saved_dma_map = vioc->dma_map;
> - if (cpr_is_incoming()) {
> - vioc->dma_map = vfio_legacy_cpr_dma_map;
> - }
> -
> migration_add_notifier_mode(&container->cpr.transfer_notifier,
> vfio_cpr_fail_notifier,
> MIG_MODE_CPR_TRANSFER);
Reviewed-by: Steve Sistare <steven.sistare@oracle.com>
© 2016 - 2025 Red Hat, Inc.