1. Patchew
  2. QEMU
  3. [PATCH v2 0/6] VFIO: cpr-transfer fixes
  4. View patch

[PATCH v2 5/6] accel/kvm: Fix an erroneous check on coalesced_mmio_ring

Zhenzhong Duan posted 6 patches 4 months, 2 weeks ago
Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Steve Sistare <steven.sistare@oracle.com>, Alex Williamson <alex.williamson@redhat.com>, "Cédric Le Goater" <clg@redhat.com>
[PATCH v2 5/6] accel/kvm: Fix an erroneous check on coalesced_mmio_ring
Posted by Zhenzhong Duan 4 months, 2 weeks ago 
According to KVM uAPI, coalesced mmio page is KVM_COALESCED_MMIO_PAGE_OFFSET
offset from kvm_run pages. For x86 it's 2 pages offset, for arm it's 1 page
offset currently. We shouldn't presume it's hardcoded 1 page or else
coalesced_mmio_ring will not be cleared in do_kvm_destroy_vcpu() in x86.

Fixes: 7ed0919119b0 ("migration: close kvm after cpr")
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
---
 accel/kvm/kvm-all.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 9060599cd7..23fd491441 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -523,7 +523,8 @@ static int do_kvm_destroy_vcpu(CPUState *cpu)
     }
 
     /* If I am the CPU that created coalesced_mmio_ring, then discard it */
-    if (s->coalesced_mmio_ring == (void *)cpu->kvm_run + PAGE_SIZE) {
+    if (s->coalesced_mmio_ring ==
+           (void *)cpu->kvm_run + s->coalesced_mmio * PAGE_SIZE) {
         s->coalesced_mmio_ring = NULL;
     }
 
-- 
2.47.1
Re: [PATCH v2 5/6] accel/kvm: Fix an erroneous check on coalesced_mmio_ring
Posted by Steven Sistare 4 months, 1 week ago 
On 9/28/2025 4:54 AM, Zhenzhong Duan wrote:
> According to KVM uAPI, coalesced mmio page is KVM_COALESCED_MMIO_PAGE_OFFSET
> offset from kvm_run pages. For x86 it's 2 pages offset, for arm it's 1 page
> offset currently. We shouldn't presume it's hardcoded 1 page or else
> coalesced_mmio_ring will not be cleared in do_kvm_destroy_vcpu() in x86.
> 
> Fixes: 7ed0919119b0 ("migration: close kvm after cpr")
> Cc: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>

Reviewed-by: Steve Sistare <steven.sistare@oracle.com>

> ---
>   accel/kvm/kvm-all.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
> index 9060599cd7..23fd491441 100644
> --- a/accel/kvm/kvm-all.c
> +++ b/accel/kvm/kvm-all.c
> @@ -523,7 +523,8 @@ static int do_kvm_destroy_vcpu(CPUState *cpu)
>       }
>   
>       /* If I am the CPU that created coalesced_mmio_ring, then discard it */
> -    if (s->coalesced_mmio_ring == (void *)cpu->kvm_run + PAGE_SIZE) {
> +    if (s->coalesced_mmio_ring ==
> +           (void *)cpu->kvm_run + s->coalesced_mmio * PAGE_SIZE) {
>           s->coalesced_mmio_ring = NULL;
>       }
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.