From nobody Tue Feb 10 11:15:41 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1763779814389302.5253737359152;
 Fri, 21 Nov 2025 18:50:14 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vMcux-0000OX-Si; Fri, 21 Nov 2025 21:00:04 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1vMbt0-0005Cc-7B; Fri, 21 Nov 2025 19:53:59 -0500
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1vMbso-00010K-EJ; Fri, 21 Nov 2025 19:53:53 -0500
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 6057416CA54;
 Fri, 21 Nov 2025 21:44:23 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 1DCFA321C90;
 Fri, 21 Nov 2025 21:44:32 +0300 (MSK)
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, peng guo <engguopeng@buaa.edu.cn>,
 "Michael S. Tsirkin" <mst@redhat.com>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-10.0.7 25/81] hw/i386/pc: Avoid overlap between CXL window
 and PCI 64bit BARs in QEMU 10.0.x
Date: Fri, 21 Nov 2025 21:43:24 +0300
Message-ID: <20251121184424.1137669-25-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-10.0.7-20251121170317@cover.tls.msk.ru>
References: <qemu-stable-10.0.7-20251121170317@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZM-MESSAGEID: 1763779815144018900
Content-Type: text/plain; charset="utf-8"

From: peng guo <engguopeng@buaa.edu.cn>

This is a backport of the fix from commit 8b1c560937467d0d9 to the QEMU
10.0.x LTS series.

When using a CXL Type 3 device together with a virtio 9p device in QEMU on a
physical server, the 9p device fails to initialize properly. The kernel rep=
orts
the following error:

    virtio: device uses modern interface but does not have VIRTIO_F_VERSION=
_1
    9pnet_virtio virtio0: probe with driver 9pnet_virtio failed with error =
-22

Further investigation revealed that the 64-bit BAR space assigned to the 9p=
net
device was overlapped by the memory window allocated for the CXL devices. A=
s a
result, the kernel could not correctly access the BAR region, causing the
virtio device to malfunction.

An excerpt from /proc/iomem shows:

    480010000-cffffffff : CXL Window 0
      480010000-4bfffffff : PCI Bus 0000:00
      4c0000000-4c01fffff : PCI Bus 0000:0c
        4c0000000-4c01fffff : PCI Bus 0000:0d
      4c0200000-cffffffff : PCI Bus 0000:00
        4c0200000-4c0203fff : 0000:00:03.0
          4c0200000-4c0203fff : virtio-pci-modern

To address this issue, this patch adds the reserved memory end calculation
for cxl devices to reserve sufficient address space and ensure that CXL mem=
ory
windows are allocated beyond all PCI 64-bit BARs. This prevents overlap with
64-bit BARs regions such as those used by virtio or other pcie devices,
resolving the conflict.

Tested on intel Granite Rapids(GNR) servers using QEMU 10.0 LTS,
resolving the issue without causing regressions.

QEMU Build Configuration:

    ./configure --prefix=3D/home/work/qemu_master/build/ \
                --target-list=3Dx86_64-softmmu \
                --enable-kvm \
                --enable-virtfs

QEMU Boot Command:

    sudo /home/work/qemu_master/qemu/build/qemu-system-x86_64 \
        -nographic -machine q35,cxl=3Don -enable-kvm -m 16G -smp 8 \
        -hda /home/work/gp_qemu/rootfs.img \
        -virtfs local,path=3D/home/work/gp_qemu/share,mount_tag=3Dhost0,sec=
urity_model=3Dpassthrough,id=3Dhost0 \
        -kernel /home/work/linux_output/arch/x86/boot/bzImage \
        --append "console=3DttyS0 crashkernel=3D256M root=3D/dev/sda rootfs=
type=3Dext4 rw loglevel=3D8" \
        -device pci-testdev,membar=3D2G \
        -object memory-backend-ram,id=3Dvmem0,share=3Don,size=3D4096M \
        -device pxb-cxl,bus_nr=3D12,bus=3Dpcie.0,id=3Dcxl.1 \
        -device cxl-rp,port=3D0,bus=3Dcxl.1,id=3Droot_port13,chassis=3D0,sl=
ot=3D2 \
        -device cxl-type3,bus=3Droot_port13,volatile-memdev=3Dvmem0,id=3Dcx=
l-vmem0,sn=3D0x123456789 \
        -M cxl-fmw.0.targets.0=3Dcxl.1,cxl-fmw.0.size=3D4G

Fixes: 03b39fcf64bc ("hw/cxl: Make the CXL fixed memory window setup a mach=
ine parameter")
Signed-off-by: peng guo <engguopeng@buaa.edu.cn>
Tested-by: peng guo <engguopeng@buaa.edu.cn>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-ID: <20250805142300.15226-1-engguopeng@buaa.edu.cn>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit d1193481dee63442fc41e47ca6ebc4cd34f1f69c)
(backport for missing-in-10.0.x v10.0.0-1264-g8b1c56093746
 "hw/i386/pc: Remove PCMachineClass::broken_reserved_end field"
 by peng quo)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 01d0581f62..502cf8a47d 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -840,6 +840,7 @@ void pc_memory_init(PCMachineState *pcms,
     hwaddr maxphysaddr, maxusedaddr;
     hwaddr cxl_base, cxl_resv_end =3D 0;
     X86CPU *cpu =3D X86_CPU(first_cpu);
+    uint64_t res_mem_end;
=20
     assert(machine->ram_size =3D=3D x86ms->below_4g_mem_size +
                                 x86ms->above_4g_mem_size);
@@ -993,17 +994,19 @@ void pc_memory_init(PCMachineState *pcms,
=20
     rom_set_fw(fw_cfg);
=20
-    if (machine->device_memory) {
-        uint64_t *val =3D g_malloc(sizeof(*val));
-        uint64_t res_mem_end =3D machine->device_memory->base;
-
+    if (pcms->cxl_devices_state.is_enabled) {
+        res_mem_end =3D cxl_resv_end;
+    } else if (machine->device_memory) {
+        res_mem_end =3D machine->device_memory->base;
         if (!pcmc->broken_reserved_end) {
             res_mem_end +=3D memory_region_size(&machine->device_memory->m=
r);
         }
+    } else {
+        res_mem_end =3D 0;
+    }
=20
-        if (pcms->cxl_devices_state.is_enabled) {
-            res_mem_end =3D cxl_resv_end;
-        }
+    if (res_mem_end) {
+        uint64_t *val =3D g_malloc(sizeof(*val));
         *val =3D cpu_to_le64(ROUND_UP(res_mem_end, 1 * GiB));
         fw_cfg_add_file(fw_cfg, "etc/reserved-memory-end", val, sizeof(*va=
l));
     }
--=20
2.47.3