Fix issues in accel/mshv ioeventfd handling

[PATCH 1/2] accel/mshv: fix ioeventfd deassignment to forward correct datamatch value

Posted by Aastha Rawat 2 days, 5 hours ago

unregister_ioevent() is not forwarding the datamatch (queue index) to
the mshv driver, causing only the first VirtIO-MMIO queue to be
deassigned correctly. Subsequent queues fail with `-ENOENT`, triggering
a fatal abort().

This failure was discovered while booting arm64 EDK2 firmware with mshv
accel.

Signed-off-by: Aastha Rawat <aastharawat@linux.microsoft.com>
---
 accel/mshv/mshv-all.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/accel/mshv/mshv-all.c b/accel/mshv/mshv-all.c
index d4cc7f5371..e1a8d62f8d 100644
--- a/accel/mshv/mshv-all.c
+++ b/accel/mshv/mshv-all.c
@@ -278,13 +278,22 @@ static int ioeventfd(int vm_fd, int event_fd, uint64_t addr, Datamatch dm,
     return ioctl(vm_fd, MSHV_IOEVENTFD, &args);
 }
 
-static int unregister_ioevent(int vm_fd, int event_fd, uint64_t mmio_addr)
+static int unregister_ioevent(int vm_fd, int event_fd, uint64_t mmio_addr,
+                              uint64_t data, uint32_t len, bool data_match)
 {
     uint32_t flags = 0;
     Datamatch dm = {0};
 
     flags |= BIT(MSHV_IOEVENTFD_BIT_DEASSIGN);
-    dm.tag = DATAMATCH_NONE;
+    if (!data_match) {
+        dm.tag = DATAMATCH_NONE;
+    } else if (len == sizeof(uint64_t)) {
+        dm.tag = DATAMATCH_U64;
+        dm.value.u64 = data;
+    } else {
+        dm.tag = DATAMATCH_U32;
+        dm.value.u32 = data;
+    }
 
     return ioeventfd(vm_fd, event_fd, mmio_addr, dm, flags);
 }
@@ -337,11 +346,12 @@ static void mem_ioeventfd_del(MemoryListener *listener,
     int fd = event_notifier_get_fd(e);
     int ret;
     uint64_t addr = section->offset_within_address_space;
+    uint64_t len = int128_get64(section->size);
 
     trace_mshv_mem_ioeventfd_del(section->offset_within_address_space,
                                  int128_get64(section->size), data);
 
-    ret = unregister_ioevent(mshv_state->vm, fd, addr);
+    ret = unregister_ioevent(mshv_state->vm, fd, addr, data, len, match_data);
     if (ret < 0) {
         error_report("Failed to unregister ioeventfd: %s (%d)", strerror(-ret),
                      -ret);

-- 
2.45.4

Re: [PATCH 1/2] accel/mshv: fix ioeventfd deassignment to forward correct datamatch value

Posted by Magnus Kulke 1 day, 1 hour ago

On Thu, Apr 09, 2026 at 11:53:06AM +0000, Aastha Rawat wrote:
> unregister_ioevent() is not forwarding the datamatch (queue index) to
> the mshv driver, causing only the first VirtIO-MMIO queue to be
> deassigned correctly. Subsequent queues fail with `-ENOENT`, triggering
> a fatal abort().
> 
> This failure was discovered while booting arm64 EDK2 firmware with mshv
> accel.
> 

Looks good, I tested the patch on x86 w/ virtio queues.

Reviewed-by: Magnus Kulke <magnuskulke@linux.microsoft.com>

[PATCH 1/2] accel/mshv: fix ioeventfd deassignment to forward correct datamatch value
[PATCH 2/2] accel/mshv: return correct errno value from ioeventfd failure