From ee11f7a8227bcd9cb8d8141fa8f6a0352f7c0c68 Mon Sep 17 00:00:00 2001 From: Gonglei Date: Thu, 3 Apr 2014 13:18:23 +0800 Subject: pci-assign: Fix a bug when map MSI-X table memory failed When mmapping memory for the MSI-X table failsthe dev->msix_table is not set to NULL and assigned_dev_unregister_msix_mmio() will cause a segfault when trying to munmap it. Signed-off-by: Gonglei Arei Reviewed-by: Michael S. Tsirkin Signed-off-by: Paolo Bonzini Signed-off-by: Gonglei --- hw/i386/kvm/pci-assign.c | 1 + 1 file changed, 1 insertion(+) (limited to 'hw/i386/kvm/pci-assign.c') diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c index e55421adcd..0572821f21 100644 --- a/hw/i386/kvm/pci-assign.c +++ b/hw/i386/kvm/pci-assign.c @@ -1664,6 +1664,7 @@ static void assigned_dev_register_msix_mmio(AssignedDevice *dev, Error **errp) MAP_ANONYMOUS|MAP_PRIVATE, 0, 0); if (dev->msix_table == MAP_FAILED) { error_setg_errno(errp, errno, "failed to allocate msix_table"); + dev->msix_table = NULL; return; } -- cgit 1.4.1 From 639973a4740f38789057744b550df3a175bc49ad Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 28 Apr 2014 17:02:21 +0300 Subject: pci-assign: limit # of msix vectors KVM only supports MSIX table size up to 256 vectors, but some assigned devices support more vectors, at the moment attempts to assign them fail with EINVAL. Tweak the MSIX capability exposed to guest to limit table size to a supported value. Signed-off-by: Michael S. Tsirkin Tested-by: Gonglei Cc: qemu-stable@nongnu.org Acked-by: Alex Williamson Signed-off-by: Paolo Bonzini --- hw/i386/kvm/pci-assign.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'hw/i386/kvm/pci-assign.c') diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c index 0572821f21..de33657563 100644 --- a/hw/i386/kvm/pci-assign.c +++ b/hw/i386/kvm/pci-assign.c @@ -1300,6 +1300,7 @@ static int assigned_device_pci_cap_init(PCIDevice *pci_dev, Error **errp) if (pos != 0 && kvm_device_msix_supported(kvm_state)) { int bar_nr; uint32_t msix_table_entry; + uint16_t msix_max; verify_irqchip_in_kernel(&local_err); if (local_err) { @@ -1315,9 +1316,10 @@ static int assigned_device_pci_cap_init(PCIDevice *pci_dev, Error **errp) } pci_dev->msix_cap = pos; - pci_set_word(pci_dev->config + pos + PCI_MSIX_FLAGS, - pci_get_word(pci_dev->config + pos + PCI_MSIX_FLAGS) & - PCI_MSIX_FLAGS_QSIZE); + msix_max = (pci_get_word(pci_dev->config + pos + PCI_MSIX_FLAGS) & + PCI_MSIX_FLAGS_QSIZE) + 1; + msix_max = MIN(msix_max, KVM_MAX_MSIX_PER_DEV); + pci_set_word(pci_dev->config + pos + PCI_MSIX_FLAGS, msix_max - 1); /* Only enable and function mask bits are writable */ pci_set_word(pci_dev->wmask + pos + PCI_MSIX_FLAGS, @@ -1327,9 +1329,7 @@ static int assigned_device_pci_cap_init(PCIDevice *pci_dev, Error **errp) bar_nr = msix_table_entry & PCI_MSIX_FLAGS_BIRMASK; msix_table_entry &= ~PCI_MSIX_FLAGS_BIRMASK; dev->msix_table_addr = pci_region[bar_nr].base_addr + msix_table_entry; - dev->msix_max = pci_get_word(pci_dev->config + pos + PCI_MSIX_FLAGS); - dev->msix_max &= PCI_MSIX_FLAGS_QSIZE; - dev->msix_max += 1; + dev->msix_max = msix_max; } /* Minimal PM support, nothing writable, device appears to NAK changes */ -- cgit 1.4.1