From nobody Mon May 25 13:48:18 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1777033022; cv=none; d=zohomail.com; s=zohoarc; b=TQuH3Odl2MTT6RTcBdiyt31l4u+QsmCjr3NeUYI72lw45IUhkxTZ+WhEnaDJMTJLW+nFlzC36H3kyK84je3AXJ1TXDAV7rnKsW7FQyQhRVmNrtZBvQTP6bbMJlf8HK6LBc6BUzoFmAAM9Qe5fTBGEDXbobSDcSsISrtvNxfqsyE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777033022; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=O9vG77aHRbNCiAGIn8OV3Dx3sJo8zp7lBNrTYlvi41M=; b=bt/DdEyv7DMr4wpU/yp9CJrMTwgO+zj5CCE+oK3nesWLCkLTXagyfNWgg73pqMvfUOJCTgOsC5Q1b42dArPK8XjraquLVQR0bhUkhn0jIClFboWAffWcpoC2qYMqQR/ehJAZ5eP0HCYijeL9+h5woPVOggmKIRaRobNMuYMxknA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777033022263234.67550647797032; Fri, 24 Apr 2026 05:17:02 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wGFSH-0002YH-Ge; Fri, 24 Apr 2026 08:16:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wGFS2-0002WH-4I for qemu-devel@nongnu.org; Fri, 24 Apr 2026 08:16:08 -0400 Received: from mgamail.intel.com ([198.175.65.18]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wGFRz-0002Cx-6T for qemu-devel@nongnu.org; Fri, 24 Apr 2026 08:16:05 -0400 Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by orvoesa110.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2026 05:16:01 -0700 Received: from junjie-optiplex-micro-plus-7010.bj.intel.com ([10.238.152.98]) by fmviesa005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2026 05:15:59 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1777032963; x=1808568963; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=I2CalveJmINak9hL6z6R/gQ3HHeQaE7OTNeBaf8Pqdg=; b=WNz6ooTHhc4staxJTMtPxjBXyHypzJEolarGlg2/iWrswNcbhghdC8L0 xGyf2QOfuriT7fwgUggHvsouFAjVU5PWoPw8a9eD0ryueY5W3U/qNDk2p rxGbAhDHKfujqRdVxexpuza9EuWKGFGAzt6M5o2LyPx4wqe07wOKvF84z FC4/jFnlwvOvOu5KwSiW6x+U8hDfVQSxk2Ju95usmdb7Em5HLdy9hHxMP souBdEawQbHUA4D4wZ6uwBGhbC8+T946+aR70Jcg0FRGjZRTKhEJR7Gbx tcTRH7cjdMNM0wDFe6SQ3TpqmAFFTn/EEyoFNNcOABQF4dI7i5Pq18si4 w==; X-CSE-ConnectionGUID: ymxTPIy3R2u5yhWU/z6bvQ== X-CSE-MsgGUID: ZoWdkWlDQYmg0XZSD+EzWQ== X-IronPort-AV: E=McAfee;i="6800,10657,11765"; a="78029979" X-IronPort-AV: E=Sophos;i="6.23,196,1770624000"; d="scan'208";a="78029979" X-CSE-ConnectionGUID: bdy9EzsnTOOaBwPgITz7uw== X-CSE-MsgGUID: V8fKUnEjQAmvP3Nnrd4CFg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,196,1770624000"; d="scan'208";a="237935768" From: Junjie Cao To: qemu-devel@nongnu.org Cc: junjie.cao@intel.com, mst@redhat.com, jasowang@redhat.com, yi.l.liu@intel.com, clement.mathieu--drif@bull.com, philmd@linaro.org, zhenzhong.duan@intel.com Subject: [PATCH v2 1/2] intel_iommu: widen impl.min_access_size to 8 to fix MMIO abort Date: Sat, 25 Apr 2026 04:18:41 +0800 Message-ID: <20260424201842.176953-2-junjie.cao@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260424201842.176953-1-junjie.cao@intel.com> References: <20260424201842.176953-1-junjie.cao@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=198.175.65.18; envelope-from=junjie.cao@intel.com; helo=mgamail.intel.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DATE_IN_FUTURE_06_12=1.947, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1777033026642154100 Raise .impl.min_access_size from 4 to 8 in vtd_mem_ops so the memory subsystem always widens guest accesses to 8 bytes before calling the handler. This eliminates all 25 assert(size =3D=3D 4) sites that crashed QEMU on an 8-byte access to a 32-bit-only register. With size always 8, the if/else branches for 64-bit register pairs collapse. A zero-extended 4-byte write to the low half is safe: wmask protects read-only upper bits, and trigger functions re-read the register file and guard on their action bits. The entry bounds check is relaxed to `addr >=3D DMAR_REG_SIZE` since the widened size no longer reflects the guest access width; the framework guarantees addr stays within the MemoryRegion. Default branches fall back to vtd_get/set_long() when addr + 8 would exceed the register file. Suggested-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Junjie Cao --- hw/i386/intel_iommu.c | 121 ++++++++---------------------------------- 1 file changed, 23 insertions(+), 98 deletions(-) diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index f395fa248c..4b25907778 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -3697,7 +3697,7 @@ static uint64_t vtd_mem_read(void *opaque, hwaddr add= r, unsigned size) =20 trace_vtd_reg_read(addr, size); =20 - if (addr + size > DMAR_REG_SIZE) { + if (addr >=3D DMAR_REG_SIZE) { error_report_once("%s: MMIO over range: addr=3D0x%" PRIx64 " size=3D0x%x", __func__, addr, size); return (uint64_t)-1; @@ -3707,13 +3707,9 @@ static uint64_t vtd_mem_read(void *opaque, hwaddr ad= dr, unsigned size) /* Root Table Address Register, 64-bit */ case DMAR_RTADDR_REG: val =3D vtd_get_quad_raw(s, DMAR_RTADDR_REG); - if (size =3D=3D 4) { - val =3D val & ((1ULL << 32) - 1); - } break; =20 case DMAR_RTADDR_REG_HI: - assert(size =3D=3D 4); val =3D vtd_get_quad_raw(s, DMAR_RTADDR_REG) >> 32; break; =20 @@ -3722,26 +3718,21 @@ static uint64_t vtd_mem_read(void *opaque, hwaddr a= ddr, unsigned size) val =3D s->iq | (vtd_get_quad(s, DMAR_IQA_REG) & (VTD_IQA_QS | VTD_IQA_DW_MASK)); - if (size =3D=3D 4) { - val =3D val & ((1ULL << 32) - 1); - } break; =20 case DMAR_IQA_REG_HI: - assert(size =3D=3D 4); val =3D s->iq >> 32; break; =20 case DMAR_PEUADDR_REG: - assert(size =3D=3D 4); val =3D vtd_get_long_raw(s, DMAR_PEUADDR_REG); break; =20 default: - if (size =3D=3D 4) { - val =3D vtd_get_long(s, addr); - } else { + if (addr + 8 <=3D DMAR_REG_SIZE) { val =3D vtd_get_quad(s, addr); + } else { + val =3D vtd_get_long(s, addr); } } =20 @@ -3755,7 +3746,7 @@ static void vtd_mem_write(void *opaque, hwaddr addr, =20 trace_vtd_reg_write(addr, size, val); =20 - if (addr + size > DMAR_REG_SIZE) { + if (addr >=3D DMAR_REG_SIZE) { error_report_once("%s: MMIO over range: addr=3D0x%" PRIx64 " size=3D0x%x", __func__, addr, size); return; @@ -3770,238 +3761,172 @@ static void vtd_mem_write(void *opaque, hwaddr ad= dr, =20 /* Context Command Register, 64-bit */ case DMAR_CCMD_REG: - if (size =3D=3D 4) { - vtd_set_long(s, addr, val); - } else { - vtd_set_quad(s, addr, val); - vtd_handle_ccmd_write(s); - } + vtd_set_quad(s, addr, val); + vtd_handle_ccmd_write(s); break; =20 case DMAR_CCMD_REG_HI: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); vtd_handle_ccmd_write(s); break; =20 /* IOTLB Invalidation Register, 64-bit */ case DMAR_IOTLB_REG: - if (size =3D=3D 4) { - vtd_set_long(s, addr, val); - } else { - vtd_set_quad(s, addr, val); - vtd_handle_iotlb_write(s); - } + vtd_set_quad(s, addr, val); + vtd_handle_iotlb_write(s); break; =20 case DMAR_IOTLB_REG_HI: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); vtd_handle_iotlb_write(s); break; =20 case DMAR_PEUADDR_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 /* Invalidate Address Register, 64-bit */ case DMAR_IVA_REG: - if (size =3D=3D 4) { - vtd_set_long(s, addr, val); - } else { - vtd_set_quad(s, addr, val); - } + vtd_set_quad(s, addr, val); break; =20 case DMAR_IVA_REG_HI: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 /* Fault Status Register, 32-bit */ case DMAR_FSTS_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); vtd_handle_fsts_write(s); break; =20 /* Fault Event Control Register, 32-bit */ case DMAR_FECTL_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); vtd_handle_fectl_write(s); break; =20 /* Fault Event Data Register, 32-bit */ case DMAR_FEDATA_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 /* Fault Event Address Register, 32-bit */ case DMAR_FEADDR_REG: - if (size =3D=3D 4) { - vtd_set_long(s, addr, val); - } else { - /* - * While the register is 32-bit only, some guests (Xen...) wri= te to - * it with 64-bit. - */ - vtd_set_quad(s, addr, val); - } + vtd_set_quad(s, addr, val); break; =20 /* Fault Event Upper Address Register, 32-bit */ case DMAR_FEUADDR_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 /* Protected Memory Enable Register, 32-bit */ case DMAR_PMEN_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 /* Root Table Address Register, 64-bit */ case DMAR_RTADDR_REG: - if (size =3D=3D 4) { - vtd_set_long(s, addr, val); - } else { - vtd_set_quad(s, addr, val); - } + vtd_set_quad(s, addr, val); break; =20 case DMAR_RTADDR_REG_HI: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 /* Invalidation Queue Tail Register, 64-bit */ case DMAR_IQT_REG: - if (size =3D=3D 4) { - vtd_set_long(s, addr, val); - } else { - vtd_set_quad(s, addr, val); - } + vtd_set_quad(s, addr, val); vtd_handle_iqt_write(s); break; =20 case DMAR_IQT_REG_HI: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); /* 19:63 of IQT_REG is RsvdZ, do nothing here */ break; =20 /* Invalidation Queue Address Register, 64-bit */ case DMAR_IQA_REG: - if (size =3D=3D 4) { - vtd_set_long(s, addr, val); - } else { - vtd_set_quad(s, addr, val); - } + vtd_set_quad(s, addr, val); vtd_update_iq_dw(s); break; =20 case DMAR_IQA_REG_HI: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 /* Invalidation Completion Status Register, 32-bit */ case DMAR_ICS_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); vtd_handle_ics_write(s); break; =20 /* Invalidation Event Control Register, 32-bit */ case DMAR_IECTL_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); vtd_handle_iectl_write(s); break; =20 /* Invalidation Event Data Register, 32-bit */ case DMAR_IEDATA_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 /* Invalidation Event Address Register, 32-bit */ case DMAR_IEADDR_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 /* Invalidation Event Upper Address Register, 32-bit */ case DMAR_IEUADDR_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 /* Fault Recording Registers, 128-bit */ case DMAR_FRCD_REG_0_0: - if (size =3D=3D 4) { - vtd_set_long(s, addr, val); - } else { - vtd_set_quad(s, addr, val); - } + vtd_set_quad(s, addr, val); break; =20 case DMAR_FRCD_REG_0_1: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 case DMAR_FRCD_REG_0_2: - if (size =3D=3D 4) { - vtd_set_long(s, addr, val); - } else { - vtd_set_quad(s, addr, val); - /* May clear bit 127 (Fault), update PPF */ - vtd_update_fsts_ppf(s); - } + vtd_set_quad(s, addr, val); + /* May clear bit 127 (Fault), update PPF */ + vtd_update_fsts_ppf(s); break; =20 case DMAR_FRCD_REG_0_3: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); /* May clear bit 127 (Fault), update PPF */ vtd_update_fsts_ppf(s); break; =20 case DMAR_IRTA_REG: - if (size =3D=3D 4) { - vtd_set_long(s, addr, val); - } else { - vtd_set_quad(s, addr, val); - } + vtd_set_quad(s, addr, val); break; =20 case DMAR_IRTA_REG_HI: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); break; =20 case DMAR_PRS_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); vtd_handle_prs_write(s); break; =20 case DMAR_PECTL_REG: - assert(size =3D=3D 4); vtd_set_long(s, addr, val); vtd_handle_pectl_write(s); break; =20 default: - if (size =3D=3D 4) { - vtd_set_long(s, addr, val); - } else { + if (addr + 8 <=3D DMAR_REG_SIZE) { vtd_set_quad(s, addr, val); + } else { + vtd_set_long(s, addr, val); } } } @@ -4184,7 +4109,7 @@ static const MemoryRegionOps vtd_mem_ops =3D { .write =3D vtd_mem_write, .endianness =3D DEVICE_LITTLE_ENDIAN, .impl =3D { - .min_access_size =3D 4, + .min_access_size =3D 8, .max_access_size =3D 8, }, .valid =3D { --=20 2.43.0 From nobody Mon May 25 13:48:18 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1777033033; cv=none; d=zohomail.com; s=zohoarc; b=UsmW0F3YnWpfCfnfLaqpG5AQ/8fvyjeOYnv3s+Id5E+PWU9wEeKyS50eJ7f97VUZ75kJRAzY8mDEvXsy/1Ce53ax9bA3dvqbiRW/bvrKxcRCCdhHfwFF7joouC/BSGmlZGE1V6DSbY+M98A5ZM5YRslKzctOSmFaF7+kX5WW+CM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1777033033; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5U9cAjE9UtgAfaCGgczSjqv0JPGib9P+jIfbqpNluUc=; b=XdZ3XDk4iufJ8L+AM40WHjKwRndX3UJtOhbCS3YVBBfk20mCYeggVRMNxZSkDY9zDPWlReFJAqXrqoEeB40h2UJVRFBIQyYJ+iFHnOiXpeX7ajkNSFkQBZUK89xl604W+Pwz1DApMesA7xKSnGp8v7XOkWTPaF6CdEIF5ENvFvI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1777033033664496.0683784217018; Fri, 24 Apr 2026 05:17:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wGFSc-0002eb-Sz; Fri, 24 Apr 2026 08:16:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wGFS6-0002Wv-Nb for qemu-devel@nongnu.org; Fri, 24 Apr 2026 08:16:14 -0400 Received: from mgamail.intel.com ([198.175.65.18]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wGFS4-0002Dv-Jt for qemu-devel@nongnu.org; Fri, 24 Apr 2026 08:16:10 -0400 Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by orvoesa110.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2026 05:16:06 -0700 Received: from junjie-optiplex-micro-plus-7010.bj.intel.com ([10.238.152.98]) by fmviesa005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2026 05:16:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1777032968; x=1808568968; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=wItBfHW6v9wsyjtAKVgJYEePhRBXmoutUyn+sJKbZ/w=; b=azATtsdKuYiJZWivOECgvE7F4zRfkijCyTa2q+BThLfNQmAiSTr9AKe4 BhKcretq0IWMoBuh32ET8a+XlAD0ENHfUHPlpk+JwxAFDdgRCkj+nIt/S 1gJAQ/Z5GknQcT3rt1lliZ+bGio46QDc5VyY0zFefcGdEaH49P1dg2zwk ZQROnbVugheAwBlX+/iMyHe2OyTe/AaOMPnVHkhLgGs4SlPdWncFTj308 AKF7exLyULTXrQNYhk4/uECvABF6VkBTGEEL9KbvSOFTsLjLpGpruelcc j0P2ezVRz8E/pJIJvSnlGrjHY2Pg5if8T0DA8h1n19jX2tSAczQLC1oKI A==; X-CSE-ConnectionGUID: Ah9P1AqlQEGSPWesXHzfoA== X-CSE-MsgGUID: fvY4diYrRXyj7jgWum4xvQ== X-IronPort-AV: E=McAfee;i="6800,10657,11765"; a="78029988" X-IronPort-AV: E=Sophos;i="6.23,196,1770624000"; d="scan'208";a="78029988" X-CSE-ConnectionGUID: Vm0cL1mES/yLh9mK6j55gA== X-CSE-MsgGUID: UBNpuumnSU+kBVEf/8Wc1Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,196,1770624000"; d="scan'208";a="237935796" From: Junjie Cao To: qemu-devel@nongnu.org Cc: junjie.cao@intel.com, mst@redhat.com, jasowang@redhat.com, yi.l.liu@intel.com, clement.mathieu--drif@bull.com, philmd@linaro.org, zhenzhong.duan@intel.com Subject: [PATCH v2 2/2] tests/qtest: add 8-byte MMIO access sweep for intel-iommu Date: Sat, 25 Apr 2026 04:18:42 +0800 Message-ID: <20260424201842.176953-3-junjie.cao@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260424201842.176953-1-junjie.cao@intel.com> References: <20260424201842.176953-1-junjie.cao@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=198.175.65.18; envelope-from=junjie.cao@intel.com; helo=mgamail.intel.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DATE_IN_FUTURE_06_12=1.947, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1777033036069158500 Sweep every 4-byte-aligned offset in the VT-d MMIO register space with 8-byte reads and writes to verify that no register handler aborts on an oversized access. Reviewed-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Junjie Cao --- tests/qtest/intel-iommu-test.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/tests/qtest/intel-iommu-test.c b/tests/qtest/intel-iommu-test.c index e5cc6acaf0..b1763ed294 100644 --- a/tests/qtest/intel-iommu-test.c +++ b/tests/qtest/intel-iommu-test.c @@ -17,11 +17,39 @@ #define ECAP_STAGE_1_FIXED1 (VTD_ECAP_QI | VTD_ECAP_IR | VTD_ECAP_IRO |= \ VTD_ECAP_MHMV | VTD_ECAP_SMTS | VTD_ECAP_FST= S) =20 +static inline uint32_t vtd_reg_readl(QTestState *s, uint64_t offset) +{ + return qtest_readl(s, Q35_HOST_BRIDGE_IOMMU_ADDR + offset); +} + static inline uint64_t vtd_reg_readq(QTestState *s, uint64_t offset) { return qtest_readq(s, Q35_HOST_BRIDGE_IOMMU_ADDR + offset); } =20 +static inline void vtd_reg_writeq(QTestState *s, uint64_t offset, + uint64_t value) +{ + qtest_writeq(s, Q35_HOST_BRIDGE_IOMMU_ADDR + offset, value); +} + +static void test_intel_iommu_8byte_access(void) +{ + QTestState *s; + uint64_t off; + + s =3D qtest_init("-M q35 -device intel-iommu"); + + for (off =3D 0; off < DMAR_REG_SIZE; off +=3D 4) { + vtd_reg_readq(s, off); + vtd_reg_writeq(s, off, 0); + } + + g_assert_cmpuint(vtd_reg_readl(s, DMAR_VER_REG), !=3D, 0); + + qtest_quit(s); +} + static void test_intel_iommu_stage_1(void) { uint8_t init_csr[DMAR_REG_SIZE]; /* register values */ @@ -58,6 +86,8 @@ static void test_intel_iommu_stage_1(void) int main(int argc, char **argv) { g_test_init(&argc, &argv, NULL); + qtest_add_func("/q35/intel-iommu/8byte-access", + test_intel_iommu_8byte_access); qtest_add_func("/q35/intel-iommu/stage-1", test_intel_iommu_stage_1); =20 return g_test_run(); --=20 2.43.0