File ioemu-9877-MSI-X-device-cleanup.patch of Package xen

Overview Repositories Revisions Requests Users Attributes Meta

File ioemu-9877-MSI-X-device-cleanup.patch of Package xen

# HG changeset patch
# User Jan Beulich <JBeulich@suse.com>
# Date 1333384536 -3600
# Node ID c39da254d7b9a029080e970508a6aebac4e01220
# Parent  40274e03bcbf22d9456f8526d488bc47b1917246
qemu-traditional/passthrough: adjust MSI-X device cleanup (bug 1809)

To address http://bugzilla.xen.org/bugzilla/show_bug.cgi?id=1809,
pt_unregister_regions() also needs to use the newly introduced
_pt_iomem_helper() instead of calling xc_domain_memory_mapping()
directly, to take into consideration the hole created for the MSI-X
table.

For this to work, two calls in unregister_real_device() need to be
swapped, since otherwise we'd have

unregister_real_device()
  -> pt_config_delete()
    -> pt_msix_delete() (frees [and fails to clear] ->msix)
  -> pt_unregister_regions()
    -> _pt_iomem_helper() (with the patch below)
      -> has_msix_mapping() (uses ->msix)

And to be certain to prevent (catch) further/future use-after-free
instances, let's also clear dev->msix in pt_msix_delete().

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Yongjie Ren <yongjie.ren@intel.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

committer: Ian Jackson <Ian.Jackson@eu.citrix.com>

--- a/tools/ioemu-qemu-xen/hw/pass-through.c
+++ b/tools/ioemu-qemu-xen/hw/pass-through.c
@@ -1988,11 +1988,9 @@ static void pt_unregister_regions(struct
         if ( type == PCI_ADDRESS_SPACE_MEM ||
              type == PCI_ADDRESS_SPACE_MEM_PREFETCH )
         {
-            ret = xc_domain_memory_mapping(xc_handle, domid,
-                    assigned_device->bases[i].e_physbase >> XC_PAGE_SHIFT,
-                    assigned_device->bases[i].access.maddr >> XC_PAGE_SHIFT,
-                    (e_size+XC_PAGE_SIZE-1) >> XC_PAGE_SHIFT,
-                    DPCI_REMOVE_MAPPING);
+            ret = _pt_iomem_helper(assigned_device, i,
+                                   assigned_device->bases[i].e_physbase,
+                                   e_size, DPCI_REMOVE_MAPPING);
             if ( ret != 0 )
             {
                 PT_LOG("Error: remove old mem mapping failed!\n");
@@ -4425,12 +4423,12 @@ static int unregister_real_device(int de
         }
     }
 
-    /* delete all emulated config registers */
-    pt_config_delete(assigned_device);
-
     /* unregister real device's MMIO/PIO BARs */
     pt_unregister_regions(assigned_device);
 
+    /* delete all emulated config registers */
+    pt_config_delete(assigned_device);
+
     pt_iomul_free(assigned_device);
 
     /* mark this devfn as free */
--- a/tools/ioemu-qemu-xen/hw/pt-msi.c
+++ b/tools/ioemu-qemu-xen/hw/pt-msi.c
@@ -621,4 +621,5 @@ void pt_msix_delete(struct pt_dev *dev)
 
 
     free(dev->msix);
+    dev->msix = NULL;
 }

Places

File ioemu-9877-MSI-X-device-cleanup.patch of Package xen

Places