From 34002f54d2bd8e8ac04f0da0847f71a8a06a5d38 Mon Sep 17 00:00:00 2001 From: Alex Williamson Date: Wed, 10 Oct 2012 09:10:31 -0600 Subject: [PATCH 1/3] vfio: Fix PCI mmap after b3b9c293 Our mmap path mistakely relied on vma->vm_pgoff to get set in remap_pfn_range. After b3b9c293, that path only applies to copy-on-write mappings. Set it in our own code. Signed-off-by: Alex Williamson --- drivers/vfio/pci/vfio_pci.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c index 6d369fe9d30..6c119944bbb 100644 --- a/drivers/vfio/pci/vfio_pci.c +++ b/drivers/vfio/pci/vfio_pci.c @@ -408,7 +408,7 @@ static int vfio_pci_mmap(void *device_data, struct vm_area_struct *vma) struct vfio_pci_device *vdev = device_data; struct pci_dev *pdev = vdev->pdev; unsigned int index; - u64 phys_len, req_len, pgoff, req_start, phys; + u64 phys_len, req_len, pgoff, req_start; int ret; index = vma->vm_pgoff >> (VFIO_PCI_OFFSET_SHIFT - PAGE_SHIFT); @@ -463,10 +463,9 @@ static int vfio_pci_mmap(void *device_data, struct vm_area_struct *vma) vma->vm_private_data = vdev; vma->vm_flags |= VM_IO | VM_DONTEXPAND | VM_DONTDUMP; vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); + vma->vm_pgoff = (pci_resource_start(pdev, index) >> PAGE_SHIFT) + pgoff; - phys = (pci_resource_start(pdev, index) >> PAGE_SHIFT) + pgoff; - - return remap_pfn_range(vma, vma->vm_start, phys, + return remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff, req_len, vma->vm_page_prot); } From 9dbdfd23b7638d054f3b0e70c64dfb9f297f2a9f Mon Sep 17 00:00:00 2001 From: Alex Williamson Date: Wed, 10 Oct 2012 09:10:32 -0600 Subject: [PATCH 2/3] vfio: Move PCI INTx eventfd setting earlier We need to be ready to recieve an interrupt as soon as we call request_irq, so our eventfd context setting needs to be moved earlier. Without this, an interrupt from our device or one sharing the interrupt line can pass a NULL into eventfd_signal and oops. Cc: stable@vger.kernel.org Signed-off-by: Alex Williamson --- drivers/vfio/pci/vfio_pci_intrs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c index d8dedc7d391..c8139a598f8 100644 --- a/drivers/vfio/pci/vfio_pci_intrs.c +++ b/drivers/vfio/pci/vfio_pci_intrs.c @@ -400,19 +400,20 @@ static int vfio_intx_set_signal(struct vfio_pci_device *vdev, int fd) return PTR_ERR(trigger); } + vdev->ctx[0].trigger = trigger; + if (!vdev->pci_2_3) irqflags = 0; ret = request_irq(pdev->irq, vfio_intx_handler, irqflags, vdev->ctx[0].name, vdev); if (ret) { + vdev->ctx[0].trigger = NULL; kfree(vdev->ctx[0].name); eventfd_ctx_put(trigger); return ret; } - vdev->ctx[0].trigger = trigger; - /* * INTx disable will stick across the new irq setup, * disable_irq won't. From 899649b7d4ead76c19e39251ca886eebe3f811a8 Mon Sep 17 00:00:00 2001 From: Alex Williamson Date: Wed, 10 Oct 2012 09:10:32 -0600 Subject: [PATCH 3/3] vfio: Fix PCI INTx disable consistency The virq_disabled flag tracks the userspace view of INTx masking across interrupt mode changes, but we're not consistently applying this to the interrupt and masking handler notion of the device. Currently if the user sets DisINTx while in MSI or MSIX mode, then returns to INTx mode (ex. rebooting a qemu guest), the hardware has DisINTx+, but the management of INTx thinks it's enabled, making it impossible to actually clear DisINTx. Fix this by updating the handler state when INTx is re-enabled. Cc: stable@vger.kernel.org Signed-off-by: Alex Williamson --- drivers/vfio/pci/vfio_pci_intrs.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c index c8139a598f8..3639371fa69 100644 --- a/drivers/vfio/pci/vfio_pci_intrs.c +++ b/drivers/vfio/pci/vfio_pci_intrs.c @@ -366,6 +366,17 @@ static int vfio_intx_enable(struct vfio_pci_device *vdev) return -ENOMEM; vdev->num_ctx = 1; + + /* + * If the virtual interrupt is masked, restore it. Devices + * supporting DisINTx can be masked at the hardware level + * here, non-PCI-2.3 devices will have to wait until the + * interrupt is enabled. + */ + vdev->ctx[0].masked = vdev->virq_disabled; + if (vdev->pci_2_3) + pci_intx(vdev->pdev, !vdev->ctx[0].masked); + vdev->irq_type = VFIO_PCI_INTX_IRQ_INDEX; return 0; @@ -419,7 +430,7 @@ static int vfio_intx_set_signal(struct vfio_pci_device *vdev, int fd) * disable_irq won't. */ spin_lock_irqsave(&vdev->irqlock, flags); - if (!vdev->pci_2_3 && (vdev->ctx[0].masked || vdev->virq_disabled)) + if (!vdev->pci_2_3 && vdev->ctx[0].masked) disable_irq_nosync(pdev->irq); spin_unlock_irqrestore(&vdev->irqlock, flags);