diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2026-02-05 13:54:50 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2026-02-05 13:54:50 +0000 |
| commit | cd5a79dc98e3087e7658e643bdbbb0baec77ac8a (patch) | |
| tree | 09f72dd8001e3d53b4b7c90c64f1b8e854f74d25 /hw | |
| parent | 739ae3df7b564c14bb0674cdecb5077db9372da8 (diff) | |
| parent | 25465c0e1fd74d2118dfec03912f2595eeb497d7 (diff) | |
| download | qemu-master.zip qemu-master.tar.gz qemu-master.tar.bz2 | |
virtio,pci,pc: features, fixes
intel_iommu:
SVM support
vhost:
support for indirect descriptors in shadow virtqueue
vhost-user:
vhost-user-spi support
vhost-user-blk inflight migration support
vhost-user-blk inflight migration support
misc fixes in pci, vhost, virtio, acpi, cxl
cleanups in acpi/ghes
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCgAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmmEa9APHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRpqj8H/iBqAHZSTmAdBJgoLnmgoTLB01J9aUTrQU2H
# BHKyrd+G3m54pwjgUNN5ieZARtlXscigf6fr0Gq2wrc8/kV/O5G5jViw9+1Bo8nW
# OkLDW45nDzZGhap4oUedV+PJ3fCuW2fC8Jyb1n8OGlkadbhq0NU6GtqiEx6/7QIh
# hk5WUDE/3LH4cTp8qNtr0/nYfM4FZk2sjq7aRyg4cz/uC7rIAFRq7BCZ/dfRqMh/
# T+rLnizSSAg9PFMd8slWqoxOGF9NzT9LIoDSkAlso1L9lUekUSNoUblhlWDrRlLn
# DEEqqGCVounfBzA95WrTRmvWs6JodppjjAjI0M4isrMKGXXg8dg=
# =HdgY
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu Feb 5 10:07:12 2026 GMT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (38 commits)
hw/cxl: Take into account how many media operations are requested for param check
hw/cxl: Check for overflow on santize media as both base and offset 64bit.
vhost-user-blk: support inter-host inflight migration
vhost: add vmstate for inflight region with inner buffer
vmstate: introduce VMSTATE_VBUFFER_UINT64
vhost-user: introduce protocol feature for skip drain on GET_VRING_BASE
vhost-user.rst: specify vhost-user back-end action on GET_VRING_BASE
virtio-gpu: use consistent error checking for virtio_gpu_create_mapping_iov
virtio-gpu: fix error handling in virgl_cmd_resource_create_blob
virtio-pmem: ignore empty queue notifications
virtio-gpu-virgl: correct parent for blob memory region
MAINTAINERS: Update VIOT maintainer
cryptodev-builtin: Limit the maximum size
hw/virtio/virtio-crypto: verify asym request size
virtio-spi: Add vhost-user-spi device support
standard-headers: Update virtio_spi.h from Linux v6.18-rc3
q35: Fix migration of SMRAM state
pcie_sriov: Fix PCI_SRIOV_* accesses in pcie_sriov_pf_exit()
virtio: Fix crash when sriov-pf is set for non-PCI-Express device
virtio-dmabuf: Ensure UUID persistence for hash table insertion
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw')
41 files changed, 501 insertions, 161 deletions
diff --git a/hw/acpi/ghes-stub.c b/hw/acpi/ghes-stub.c index 40f660c..5f9313c 100644 --- a/hw/acpi/ghes-stub.c +++ b/hw/acpi/ghes-stub.c @@ -11,10 +11,10 @@ #include "qemu/osdep.h" #include "hw/acpi/ghes.h" -int acpi_ghes_memory_errors(AcpiGhesState *ags, uint16_t source_id, - uint64_t physical_address) +bool acpi_ghes_memory_errors(AcpiGhesState *ags, uint16_t source_id, + uint64_t physical_address, Error **errp) { - return -1; + g_assert_not_reached(); } AcpiGhesState *acpi_ghes_get_state(void) diff --git a/hw/acpi/ghes.c b/hw/acpi/ghes.c index 5445dc1..c42f172 100644 --- a/hw/acpi/ghes.c +++ b/hw/acpi/ghes.c @@ -444,7 +444,7 @@ static void get_hw_error_offsets(uint64_t ghes_addr, *read_ack_register_addr = ghes_addr + sizeof(uint64_t); } -static void get_ghes_source_offsets(uint16_t source_id, +static bool get_ghes_source_offsets(uint16_t source_id, uint64_t hest_addr, uint64_t *cper_addr, uint64_t *read_ack_start_addr, @@ -475,7 +475,7 @@ static void get_ghes_source_offsets(uint16_t source_id, /* For now, we only know the size of GHESv2 table */ if (type != ACPI_GHES_SOURCE_GENERIC_ERROR_V2) { error_setg(errp, "HEST: type %d not supported.", type); - return; + return false; } /* Compare CPER source ID at the GHESv2 structure */ @@ -489,7 +489,7 @@ static void get_ghes_source_offsets(uint16_t source_id, } if (i == num_sources) { error_setg(errp, "HEST: Source %d not found.", source_id); - return; + return false; } /* Navigate through table address pointers */ @@ -509,27 +509,30 @@ static void get_ghes_source_offsets(uint16_t source_id, cpu_physical_memory_read(hest_read_ack_addr, read_ack_start_addr, sizeof(*read_ack_start_addr)); *read_ack_start_addr = le64_to_cpu(*read_ack_start_addr); + + return true; } NotifierList acpi_generic_error_notifiers = NOTIFIER_LIST_INITIALIZER(acpi_generic_error_notifiers); -void ghes_record_cper_errors(AcpiGhesState *ags, const void *cper, size_t len, +bool ghes_record_cper_errors(AcpiGhesState *ags, const void *cper, size_t len, uint16_t source_id, Error **errp) { uint64_t cper_addr = 0, read_ack_register_addr = 0, read_ack_register; if (len > ACPI_GHES_MAX_RAW_DATA_LENGTH) { error_setg(errp, "GHES CPER record is too big: %zd", len); - return; + return false; } if (!ags->use_hest_addr) { get_hw_error_offsets(le64_to_cpu(ags->hw_error_le), &cper_addr, &read_ack_register_addr); - } else { - get_ghes_source_offsets(source_id, le64_to_cpu(ags->hest_addr_le), - &cper_addr, &read_ack_register_addr, errp); + } else if (!get_ghes_source_offsets(source_id, + le64_to_cpu(ags->hest_addr_le), + &cper_addr, &read_ack_register_addr, errp)) { + return false; } cpu_physical_memory_read(read_ack_register_addr, @@ -540,7 +543,7 @@ void ghes_record_cper_errors(AcpiGhesState *ags, const void *cper, size_t len, error_setg(errp, "OSPM does not acknowledge previous error," " so can not record CPER for current error anymore"); - return; + return false; } read_ack_register = cpu_to_le64(0); @@ -555,20 +558,19 @@ void ghes_record_cper_errors(AcpiGhesState *ags, const void *cper, size_t len, cpu_physical_memory_write(cper_addr, cper, len); notifier_list_notify(&acpi_generic_error_notifiers, &source_id); + + return true; } -int acpi_ghes_memory_errors(AcpiGhesState *ags, uint16_t source_id, - uint64_t physical_address) +bool acpi_ghes_memory_errors(AcpiGhesState *ags, uint16_t source_id, + uint64_t physical_address, Error **errp) { /* Memory Error Section Type */ const uint8_t guid[] = UUID_LE(0xA5BC1114, 0x6F64, 0x4EDE, 0xB8, 0x63, 0x3E, 0x83, \ 0xED, 0x7C, 0x83, 0xB1); - Error *err = NULL; int data_length; - GArray *block; - - block = g_array_new(false, true /* clear */, 1); + g_autoptr(GArray) block = g_array_new(false, true /* clear */, 1); data_length = ACPI_GHES_DATA_LENGTH + ACPI_GHES_MEM_CPER_LENGTH; /* @@ -583,17 +585,8 @@ int acpi_ghes_memory_errors(AcpiGhesState *ags, uint16_t source_id, /* Build the memory section CPER for above new generic error data entry */ acpi_ghes_build_append_mem_cper(block, physical_address); - /* Report the error */ - ghes_record_cper_errors(ags, block->data, block->len, source_id, &err); - - g_array_free(block, true); - - if (err) { - error_report_err(err); - return -1; - } - - return 0; + return ghes_record_cper_errors(ags, block->data, block->len, + source_id, errp); } AcpiGhesState *acpi_ghes_get_state(void) diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c index 4d81d2d..c151e83 100644 --- a/hw/block/vhost-user-blk.c +++ b/hw/block/vhost-user-blk.c @@ -353,6 +353,7 @@ static int vhost_user_blk_connect(DeviceState *dev, Error **errp) vhost_dev_set_config_notifier(&s->dev, &blk_ops); s->vhost_user.supports_config = true; + s->vhost_user.supports_inflight_migration = s->inflight_migration; ret = vhost_dev_init(&s->dev, &s->vhost_user, VHOST_BACKEND_TYPE_USER, 0, errp); if (ret < 0) { @@ -568,6 +569,26 @@ static struct vhost_dev *vhost_user_blk_get_vhost(VirtIODevice *vdev) return &s->dev; } +static bool vhost_user_blk_inflight_needed(void *opaque) +{ + struct VHostUserBlk *s = opaque; + + bool inflight_migration = virtio_has_feature(s->dev.protocol_features, + VHOST_USER_PROTOCOL_F_GET_VRING_BASE_INFLIGHT); + + return inflight_migration; +} + +static const VMStateDescription vmstate_vhost_user_blk_inflight = { + .name = "vhost-user-blk/inflight", + .version_id = 1, + .needed = vhost_user_blk_inflight_needed, + .fields = (const VMStateField[]) { + VMSTATE_VHOST_INFLIGHT_REGION(inflight, VHostUserBlk), + VMSTATE_END_OF_LIST() + }, +}; + static const VMStateDescription vmstate_vhost_user_blk = { .name = "vhost-user-blk", .minimum_version_id = 1, @@ -576,6 +597,10 @@ static const VMStateDescription vmstate_vhost_user_blk = { VMSTATE_VIRTIO_DEVICE, VMSTATE_END_OF_LIST() }, + .subsections = (const VMStateDescription * const []) { + &vmstate_vhost_user_blk_inflight, + NULL + } }; static const Property vhost_user_blk_properties[] = { @@ -591,6 +616,8 @@ static const Property vhost_user_blk_properties[] = { VIRTIO_BLK_F_WRITE_ZEROES, true), DEFINE_PROP_BOOL("skip-get-vring-base-on-force-shutdown", VHostUserBlk, skip_get_vring_base_on_force_shutdown, false), + DEFINE_PROP_BOOL("inflight-migration", VHostUserBlk, + inflight_migration, false), }; static void vhost_user_blk_class_init(ObjectClass *klass, const void *data) diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c index 6cfdd98..9b99d44 100644 --- a/hw/cxl/cxl-mailbox-utils.c +++ b/hw/cxl/cxl-mailbox-utils.c @@ -1875,7 +1875,7 @@ static uint64_t get_dc_size(CXLType3Dev *ct3d, MemoryRegion **dc_mr) static int validate_dpa_addr(CXLType3Dev *ct3d, uint64_t dpa_addr, size_t length) { - uint64_t vmr_size, pmr_size, dc_size; + uint64_t vmr_size, pmr_size, dc_size, dpa_end; if ((dpa_addr % CXL_CACHE_LINE_SIZE) || (length % CXL_CACHE_LINE_SIZE) || @@ -1887,7 +1887,12 @@ static int validate_dpa_addr(CXLType3Dev *ct3d, uint64_t dpa_addr, pmr_size = get_pmr_size(ct3d, NULL); dc_size = get_dc_size(ct3d, NULL); - if (dpa_addr + length > vmr_size + pmr_size + dc_size) { + /* sanitize 64 bit values coming from guest */ + if (uadd64_overflow(dpa_addr, length, &dpa_end)) { + return -EINVAL; + } + + if (dpa_end > vmr_size + pmr_size + dc_size) { return -EINVAL; } @@ -2006,7 +2011,7 @@ static CXLRetCode media_operations_discovery(uint8_t *payload_in, * sub class command. */ if (media_op_in_disc_pl->dpa_range_count || - start_index > ARRAY_SIZE(media_op_matrix)) { + start_index + num_ops > ARRAY_SIZE(media_op_matrix)) { return CXL_MBOX_INVALID_INPUT; } diff --git a/hw/display/virtio-dmabuf.c b/hw/display/virtio-dmabuf.c index 3dba457..5e0395b 100644 --- a/hw/display/virtio-dmabuf.c +++ b/hw/display/virtio-dmabuf.c @@ -35,11 +35,13 @@ static bool virtio_add_resource(QemuUUID *uuid, VirtioSharedObject *value) if (resource_uuids == NULL) { resource_uuids = g_hash_table_new_full(qemu_uuid_hash, uuid_equal_func, - NULL, + g_free, g_free); } if (g_hash_table_lookup(resource_uuids, uuid) == NULL) { - g_hash_table_insert(resource_uuids, uuid, value); + g_hash_table_insert(resource_uuids, + g_memdup2(uuid, sizeof(*uuid)), + value); } else { result = false; } diff --git a/hw/display/virtio-gpu-virgl.c b/hw/display/virtio-gpu-virgl.c index 07f6355..ecf8494 100644 --- a/hw/display/virtio-gpu-virgl.c +++ b/hw/display/virtio-gpu-virgl.c @@ -120,7 +120,7 @@ virtio_gpu_virgl_map_resource_blob(VirtIOGPU *g, vmr->g = g; mr = &vmr->mr; - memory_region_init_ram_ptr(mr, OBJECT(mr), "blob", size, data); + memory_region_init_ram_ptr(mr, OBJECT(mr), NULL, size, data); memory_region_add_subregion(&b->hostmem, offset, mr); memory_region_set_enabled(mr, true); @@ -186,7 +186,7 @@ virtio_gpu_virgl_unmap_resource_blob(VirtIOGPU *g, /* memory region owns self res->mr object and frees it by itself */ memory_region_set_enabled(mr, false); memory_region_del_subregion(&b->hostmem, mr); - object_unparent(OBJECT(mr)); + object_unref(OBJECT(mr)); } return 0; @@ -561,7 +561,7 @@ static void virgl_resource_attach_backing(VirtIOGPU *g, ret = virtio_gpu_create_mapping_iov(g, att_rb.nr_entries, sizeof(att_rb), cmd, NULL, &res_iovs, &res_niov); - if (ret != 0) { + if (ret < 0) { cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; return; } @@ -705,7 +705,7 @@ static void virgl_cmd_resource_create_blob(VirtIOGPU *g, ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob), cmd, &res->base.addrs, &res->base.iov, &res->base.iov_cnt); - if (!ret) { + if (ret < 0) { cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; return; } diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index f23eec6..643e91c 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -354,7 +354,7 @@ static void virtio_gpu_resource_create_blob(VirtIOGPU *g, ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob), cmd, &res->addrs, &res->iov, &res->iov_cnt); - if (ret != 0) { + if (ret < 0) { cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; g_free(res); return; @@ -933,7 +933,7 @@ virtio_gpu_resource_attach_backing(VirtIOGPU *g, ret = virtio_gpu_create_mapping_iov(g, ab.nr_entries, sizeof(ab), cmd, &res->addrs, &res->iov, &res->iov_cnt); - if (ret != 0) { + if (ret < 0) { cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; return; } diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index e8a6f50..dd00079 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -1998,7 +1998,7 @@ static int vtd_iova_to_fspte(IntelIOMMUState *s, VTDContextEntry *ce, uint64_t iova, bool is_write, uint64_t *fsptep, uint32_t *fspte_level, bool *reads, bool *writes, uint8_t aw_bits, - uint32_t pasid) + uint32_t pasid, int iommu_idx) { dma_addr_t addr = vtd_get_iova_pgtbl_base(s, ce, pasid); uint32_t offset; @@ -2039,7 +2039,8 @@ static int vtd_iova_to_fspte(IntelIOMMUState *s, VTDContextEntry *ce, *reads = true; *writes = (*writes) && (fspte & VTD_FS_RW); - if (is_write && !(fspte & VTD_FS_RW)) { + /* ATS should not fail when the write permission is not set */ + if (is_write && !(fspte & VTD_FS_RW) && iommu_idx != VTD_IDX_ATS) { return -VTD_FR_SM_WRITE; } if (vtd_fspte_nonzero_rsvd(fspte, *fspte_level)) { @@ -2098,7 +2099,7 @@ static void vtd_report_fault(IntelIOMMUState *s, */ static bool vtd_do_iommu_translate(VTDAddressSpace *vtd_as, PCIBus *bus, uint8_t devfn, hwaddr addr, bool is_write, - IOMMUTLBEntry *entry) + IOMMUTLBEntry *entry, int iommu_idx) { IntelIOMMUState *s = vtd_as->iommu_state; VTDContextEntry ce; @@ -2204,7 +2205,8 @@ static bool vtd_do_iommu_translate(VTDAddressSpace *vtd_as, PCIBus *bus, if (s->fsts && s->root_scalable) { ret_fr = vtd_iova_to_fspte(s, &ce, addr, is_write, &pte, &level, - &reads, &writes, s->aw_bits, pasid); + &reads, &writes, s->aw_bits, pasid, + iommu_idx); pgtt = VTD_SM_PASID_ENTRY_FST; } else { ret_fr = vtd_iova_to_sspte(s, &ce, addr, is_write, &pte, &level, @@ -2860,8 +2862,10 @@ static bool vtd_inv_desc_reserved_check(IntelIOMMUState *s, static bool vtd_process_wait_desc(IntelIOMMUState *s, VTDInvDesc *inv_desc) { - uint64_t mask[4] = {VTD_INV_DESC_WAIT_RSVD_LO, VTD_INV_DESC_WAIT_RSVD_HI, - VTD_INV_DESC_ALL_ONE, VTD_INV_DESC_ALL_ONE}; + uint64_t mask[4] = { + VTD_INV_DESC_WAIT_RSVD_LO(s->ecap), VTD_INV_DESC_WAIT_RSVD_HI, + VTD_INV_DESC_ALL_ONE, VTD_INV_DESC_ALL_ONE + }; bool ret = true; if (!vtd_inv_desc_reserved_check(s, inv_desc, mask, false, @@ -3985,6 +3989,25 @@ static void vtd_mem_write(void *opaque, hwaddr addr, } } +static void vtd_prepare_identity_entry(hwaddr addr, IOMMUAccessFlags perm, + uint32_t pasid, IOMMUTLBEntry *iotlb) +{ + iotlb->iova = addr & VTD_PAGE_MASK_4K; + iotlb->translated_addr = addr & VTD_PAGE_MASK_4K; + iotlb->addr_mask = ~VTD_PAGE_MASK_4K; + iotlb->perm = perm; + iotlb->pasid = pasid; +} + +static inline void vtd_prepare_error_entry(IOMMUTLBEntry *entry) +{ + entry->iova = 0; + entry->translated_addr = 0; + entry->addr_mask = ~VTD_PAGE_MASK_4K; + entry->perm = IOMMU_NONE; + entry->pasid = PCI_NO_PASID; +} + static IOMMUTLBEntry vtd_iommu_translate(IOMMUMemoryRegion *iommu, hwaddr addr, IOMMUAccessFlags flag, int iommu_idx) { @@ -3996,16 +4019,29 @@ static IOMMUTLBEntry vtd_iommu_translate(IOMMUMemoryRegion *iommu, hwaddr addr, .pasid = vtd_as->pasid, }; bool success; + bool is_write = flag & IOMMU_WO; if (likely(s->dmar_enabled)) { - success = vtd_do_iommu_translate(vtd_as, vtd_as->bus, vtd_as->devfn, - addr, flag & IOMMU_WO, &iotlb); + /* Only support translated requests in scalable mode */ + if (iommu_idx == VTD_IDX_TRANSLATED && s->root_scalable) { + if (vtd_as->pasid == PCI_NO_PASID) { + vtd_prepare_identity_entry(addr, IOMMU_RW, PCI_NO_PASID, + &iotlb); + success = true; + } else { + vtd_prepare_error_entry(&iotlb); + error_report_once("%s: translated request with PASID not " + "allowed (pasid=0x%" PRIx32 ")", __func__, + vtd_as->pasid); + success = false; + } + } else { + success = vtd_do_iommu_translate(vtd_as, vtd_as->bus, vtd_as->devfn, + addr, is_write, &iotlb, iommu_idx); + } } else { /* DMAR disabled, passthrough, use 4k-page*/ - iotlb.iova = addr & VTD_PAGE_MASK_4K; - iotlb.translated_addr = addr & VTD_PAGE_MASK_4K; - iotlb.addr_mask = ~VTD_PAGE_MASK_4K; - iotlb.perm = IOMMU_RW; + vtd_prepare_identity_entry(addr, IOMMU_RW, vtd_as->pasid, &iotlb); success = true; } @@ -4152,6 +4188,7 @@ static const Property vtd_properties[] = { DEFINE_PROP_BOOL("x-flts", IntelIOMMUState, fsts, FALSE), DEFINE_PROP_BOOL("snoop-control", IntelIOMMUState, snoop_control, false), DEFINE_PROP_BOOL("x-pasid-mode", IntelIOMMUState, pasid, false), + DEFINE_PROP_BOOL("svm", IntelIOMMUState, svm, false), DEFINE_PROP_BOOL("dma-drain", IntelIOMMUState, dma_drain, true), DEFINE_PROP_BOOL("stale-tm", IntelIOMMUState, stale_tm, false), DEFINE_PROP_BOOL("fs1gp", IntelIOMMUState, fs1gp, true), @@ -4414,6 +4451,37 @@ static int vtd_int_remap(X86IOMMUState *iommu, MSIMessage *src, src, dst, sid, false); } +static void vtd_report_sid_ir_illegal_access(IntelIOMMUState *s, uint16_t sid, + uint32_t pasid, hwaddr addr, + bool is_write) +{ + uint8_t bus_n = VTD_SID_TO_BUS(sid); + uint8_t devfn = VTD_SID_TO_DEVFN(sid); + bool is_fpd_set = false; + VTDContextEntry ce; + + /* Try out best to fetch FPD, we can't do anything more */ + if (vtd_dev_to_context_entry(s, bus_n, devfn, &ce) == 0) { + is_fpd_set = ce.lo & VTD_CONTEXT_ENTRY_FPD; + if (!is_fpd_set && s->root_scalable) { + vtd_ce_get_pasid_fpd(s, &ce, &is_fpd_set, pasid); + } + } + + vtd_report_fault(s, VTD_FR_SM_INTERRUPT_ADDR, is_fpd_set, sid, addr, + is_write, pasid != PCI_NO_PASID, pasid); +} + +static void vtd_report_ir_illegal_access(VTDAddressSpace *vtd_as, + hwaddr addr, bool is_write) +{ + uint8_t bus_n = pci_bus_num(vtd_as->bus); + uint16_t sid = PCI_BUILD_BDF(bus_n, vtd_as->devfn); + + vtd_report_sid_ir_illegal_access(vtd_as->iommu_state, sid, vtd_as->pasid, + addr, is_write); +} + static MemTxResult vtd_mem_ir_read(void *opaque, hwaddr addr, uint64_t *data, unsigned size, MemTxAttrs attrs) @@ -4425,9 +4493,11 @@ static MemTxResult vtd_mem_ir_write(void *opaque, hwaddr addr, uint64_t value, unsigned size, MemTxAttrs attrs) { + IntelIOMMUState *s = opaque; int ret = 0; MSIMessage from = {}, to = {}; uint16_t sid = X86_IOMMU_SID_INVALID; + uint32_t pasid; from.address = (uint64_t) addr + VTD_INTERRUPT_ADDR_FIRST; from.data = (uint32_t) value; @@ -4435,9 +4505,16 @@ static MemTxResult vtd_mem_ir_write(void *opaque, hwaddr addr, if (!attrs.unspecified) { /* We have explicit Source ID */ sid = attrs.requester_id; + pasid = attrs.pid != 0 ? attrs.pid : PCI_NO_PASID; + + if (attrs.address_type == PCI_AT_TRANSLATED && + sid != X86_IOMMU_SID_INVALID) { + vtd_report_sid_ir_illegal_access(s, sid, pasid, from.address, true); + return MEMTX_ERROR; + } } - ret = vtd_interrupt_remap_msi(opaque, &from, &to, sid, true); + ret = vtd_interrupt_remap_msi(s, &from, &to, sid, true); if (ret) { /* Drop this interrupt */ return MEMTX_ERROR; @@ -4462,30 +4539,6 @@ static const MemoryRegionOps vtd_mem_ir_ops = { }, }; -static void vtd_report_ir_illegal_access(VTDAddressSpace *vtd_as, - hwaddr addr, bool is_write) -{ - IntelIOMMUState *s = vtd_as->iommu_state; - uint8_t bus_n = pci_bus_num(vtd_as->bus); - uint16_t sid = PCI_BUILD_BDF(bus_n, vtd_as->devfn); - bool is_fpd_set = false; - VTDContextEntry ce; - - assert(vtd_as->pasid != PCI_NO_PASID); - - /* Try out best to fetch FPD, we can't do anything more */ - if (vtd_dev_to_context_entry(s, bus_n, vtd_as->devfn, &ce) == 0) { - is_fpd_set = ce.lo & VTD_CONTEXT_ENTRY_FPD; - if (!is_fpd_set && s->root_scalable) { - vtd_ce_get_pasid_fpd(s, &ce, &is_fpd_set, vtd_as->pasid); - } - } - - vtd_report_fault(s, VTD_FR_SM_INTERRUPT_ADDR, - is_fpd_set, sid, addr, is_write, - true, vtd_as->pasid); -} - static MemTxResult vtd_mem_ir_fault_read(void *opaque, hwaddr addr, uint64_t *data, unsigned size, MemTxAttrs attrs) @@ -5046,6 +5099,10 @@ static void vtd_init(IntelIOMMUState *s) vtd_spte_rsvd_large[3] &= ~VTD_SPTE_SNP; } + if (s->svm) { + s->ecap |= VTD_ECAP_PRS | VTD_ECAP_PDS | VTD_ECAP_NWFS; + } + vtd_reset_caches(s); /* Define registers with default values and bit semantics */ @@ -5140,19 +5197,29 @@ static IOMMUTLBEntry vtd_iommu_ats_do_translate(IOMMUMemoryRegion *iommu, hwaddr addr, IOMMUAccessFlags flags) { - IOMMUTLBEntry entry; + IOMMUTLBEntry entry = { .target_as = &address_space_memory }; VTDAddressSpace *vtd_as = container_of(iommu, VTDAddressSpace, iommu); + IntelIOMMUState *s = vtd_as->iommu_state; + + /* Guard that makes sure we avoid weird behaviors */ + if ((flags & IOMMU_PRIV) && (s->ecap & VTD_ECAP_SRS)) { + error_report_once("Privileged ATS not supported"); + abort(); + } if (vtd_is_interrupt_addr(addr)) { + vtd_prepare_error_entry(&entry); vtd_report_ir_illegal_access(vtd_as, addr, flags & IOMMU_WO); - entry.target_as = &address_space_memory; - entry.iova = 0; - entry.translated_addr = 0; - entry.addr_mask = ~VTD_PAGE_MASK_4K; - entry.perm = IOMMU_NONE; - entry.pasid = PCI_NO_PASID; + } else if ((flags & IOMMU_PRIV) && !(s->ecap & VTD_ECAP_SRS)) { + /* + * For translation-request-with-PASID with PR=1, remapping hardware + * not supporting supervisor requests (SRS=0 in the Extended + * Capability Register) forces R=W=E=0 in addition to setting PRIV=1. + */ + vtd_prepare_error_entry(&entry); + entry.perm = IOMMU_PRIV; } else { - entry = vtd_iommu_translate(iommu, addr, flags, 0); + entry = vtd_iommu_translate(iommu, addr, flags, VTD_IDX_ATS); } return entry; @@ -5513,6 +5580,29 @@ static bool vtd_decide_config(IntelIOMMUState *s, Error **errp) return false; } + if (s->svm) { + if (!x86_iommu->dt_supported) { + error_setg(errp, "Need to set device IOTLB for svm"); + return false; + } + + if (!s->fsts) { + error_setg(errp, "Need to set flts for svm"); + return false; + } + + if (!x86_iommu->dma_translation) { + error_setg(errp, "Need to set dma-translation for svm"); + return false; + } + + if (!s->pasid) { + error_setg(errp, "Need to set PASID support for svm"); + return false; + } + } + + return true; } @@ -5523,17 +5613,6 @@ static void vtd_realize(DeviceState *dev, Error **errp) X86MachineState *x86ms = X86_MACHINE(ms); PCIBus *bus = pcms->pcibus; IntelIOMMUState *s = INTEL_IOMMU_DEVICE(dev); - X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(s); - - if (s->pasid && x86_iommu->dt_supported) { - /* - * PASID-based-Device-TLB Invalidate Descriptor is not - * implemented and it requires support from vhost layer which - * needs to be implemented in the future. - */ - error_setg(errp, "PASID based device IOTLB is not supported"); - return; - } if (!vtd_decide_config(s, errp)) { return; @@ -5601,6 +5680,17 @@ static const TypeInfo vtd_info = { .class_init = vtd_class_init, }; +static int vtd_attrs_to_index(IOMMUMemoryRegion *iommu_mr, MemTxAttrs attrs) +{ + return attrs.address_type == PCI_AT_TRANSLATED ? + VTD_IDX_TRANSLATED : VTD_IDX_UNTRANSLATED; +} + +static int vtd_num_indexes(IOMMUMemoryRegion *iommu) +{ + return VTD_IDX_COUNT; +} + static void vtd_iommu_memory_region_class_init(ObjectClass *klass, const void *data) { @@ -5609,6 +5699,8 @@ static void vtd_iommu_memory_region_class_init(ObjectClass *klass, imrc->translate = vtd_iommu_translate; imrc->notify_flag_changed = vtd_iommu_notify_flag_changed; imrc->replay = vtd_iommu_replay; + imrc->attrs_to_index = vtd_attrs_to_index; + imrc->num_indexes = vtd_num_indexes; } static const TypeInfo vtd_iommu_memory_region_info = { diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h index a2ca79f..11a53aa 100644 --- a/hw/i386/intel_iommu_internal.h +++ b/hw/i386/intel_iommu_internal.h @@ -194,8 +194,10 @@ #define VTD_ECAP_PRS (1ULL << 29) #define VTD_ECAP_MHMV (15ULL << 20) #define VTD_ECAP_SRS (1ULL << 31) +#define VTD_ECAP_NWFS (1ULL << 33) #define VTD_ECAP_PSS (7ULL << 35) /* limit: MemTxAttrs::pid */ #define VTD_ECAP_PASID (1ULL << 40) +#define VTD_ECAP_PDS (1ULL << 42) #define VTD_ECAP_SMTS (1ULL << 43) #define VTD_ECAP_SSTS (1ULL << 46) #define VTD_ECAP_FSTS (1ULL << 47) @@ -417,7 +419,9 @@ typedef union VTDPRDesc VTDPRDesc; #define VTD_INV_DESC_WAIT_IF (1ULL << 4) #define VTD_INV_DESC_WAIT_FN (1ULL << 6) #define VTD_INV_DESC_WAIT_DATA_SHIFT 32 -#define VTD_INV_DESC_WAIT_RSVD_LO 0Xfffff180ULL +#define VTD_INV_DESC_WAIT_RSVD_LO(ecap) (0Xfffff100ULL | \ + (((ecap) & VTD_ECAP_PDS) \ + ? 0 : (1 << 7))) #define VTD_INV_DESC_WAIT_RSVD_HI 3ULL /* Masks for Context-cache Invalidation Descriptor */ @@ -688,6 +692,14 @@ typedef struct VTDPIOTLBInvInfo { /* Bits to decide the offset for each level */ #define VTD_LEVEL_BITS 9 +/* IOMMU Index */ +typedef enum VTDIOMMUIndex { + VTD_IDX_UNTRANSLATED = 0, /* Default */ + VTD_IDX_TRANSLATED = 1, + VTD_IDX_ATS = 2, + VTD_IDX_COUNT = 3, /* Number of supported indexes */ +} VTDIOMMUIndex; + typedef struct VTDHostIOMMUDevice { IntelIOMMUState *iommu_state; PCIBus *bus; diff --git a/hw/pci-host/articia.c b/hw/pci-host/articia.c index 1881e03..04623df 100644 --- a/hw/pci-host/articia.c +++ b/hw/pci-host/articia.c @@ -200,7 +200,6 @@ static void articia_class_init(ObjectClass *klass, const void *data) DeviceClass *dc = DEVICE_CLASS(klass); dc->realize = articia_realize; - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); } /* TYPE_ARTICIA_PCI_HOST */ diff --git a/hw/pci-host/aspeed_pcie.c b/hw/pci-host/aspeed_pcie.c index 4f896f8..c150496 100644 --- a/hw/pci-host/aspeed_pcie.c +++ b/hw/pci-host/aspeed_pcie.c @@ -298,7 +298,6 @@ static void aspeed_pcie_rc_class_init(ObjectClass *klass, const void *data) dc->desc = "ASPEED PCIe RC"; dc->realize = aspeed_pcie_rc_realize; dc->fw_name = "pci"; - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); hc->root_bus_path = aspeed_pcie_rc_root_bus_path; device_class_set_props(dc, aspeed_pcie_rc_props); diff --git a/hw/pci-host/designware.c b/hw/pci-host/designware.c index 019e025..00c9449 100644 --- a/hw/pci-host/designware.c +++ b/hw/pci-host/designware.c @@ -593,8 +593,6 @@ static void designware_pcie_root_class_init(ObjectClass *klass, PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); DeviceClass *dc = DEVICE_CLASS(klass); - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); - k->vendor_id = PCI_VENDOR_ID_SYNOPSYS; k->device_id = 0xABCD; k->revision = 0; @@ -736,7 +734,6 @@ static void designware_pcie_host_class_init(ObjectClass *klass, hc->root_bus_path = designware_pcie_host_root_bus_path; dc->realize = designware_pcie_host_realize; - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->fw_name = "pci"; dc->vmsd = &vmstate_designware_pcie_host; } diff --git a/hw/pci-host/gpex.c b/hw/pci-host/gpex.c index b5074c0..e66784c 100644 --- a/hw/pci-host/gpex.c +++ b/hw/pci-host/gpex.c @@ -200,7 +200,6 @@ static void gpex_host_class_init(ObjectClass *klass, const void *data) hc->root_bus_path = gpex_host_root_bus_path; dc->realize = gpex_host_realize; dc->unrealize = gpex_host_unrealize; - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->fw_name = "pci"; device_class_set_props(dc, gpex_host_properties); } @@ -242,7 +241,6 @@ static void gpex_root_class_init(ObjectClass *klass, const void *data) PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); DeviceClass *dc = DEVICE_CLASS(klass); - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->desc = "QEMU generic PCIe host bridge"; dc->vmsd = &vmstate_gpex_root; k->vendor_id = PCI_VENDOR_ID_REDHAT; diff --git a/hw/pci-host/grackle.c b/hw/pci-host/grackle.c index 9a58f0e..b0db787 100644 --- a/hw/pci-host/grackle.c +++ b/hw/pci-host/grackle.c @@ -140,7 +140,6 @@ static void grackle_class_init(ObjectClass *klass, const void *data) dc->realize = grackle_realize; device_class_set_props(dc, grackle_properties); - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->fw_name = "pci"; sbc->explicit_ofw_unit_address = grackle_ofw_unit_address; } diff --git a/hw/pci-host/gt64120.c b/hw/pci-host/gt64120.c index d361c45..566f928 100644 --- a/hw/pci-host/gt64120.c +++ b/hw/pci-host/gt64120.c @@ -1298,7 +1298,6 @@ static void gt64120_class_init(ObjectClass *klass, const void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); device_class_set_props(dc, gt64120_properties); dc->realize = gt64120_realize; device_class_set_legacy_reset(dc, gt64120_reset); diff --git a/hw/pci-host/mv64361.c b/hw/pci-host/mv64361.c index ef1c775..495a82b 100644 --- a/hw/pci-host/mv64361.c +++ b/hw/pci-host/mv64361.c @@ -108,7 +108,6 @@ static void mv64361_pcihost_class_init(ObjectClass *klass, const void *data) dc->realize = mv64361_pcihost_realize; device_class_set_props(dc, mv64361_pcihost_props); - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); } static const TypeInfo mv64361_pcihost_info = { diff --git a/hw/pci-host/pnv_phb.c b/hw/pci-host/pnv_phb.c index 85fcc3b..0b556d1 100644 --- a/hw/pci-host/pnv_phb.c +++ b/hw/pci-host/pnv_phb.c @@ -202,7 +202,6 @@ static void pnv_phb_class_init(ObjectClass *klass, const void *data) hc->root_bus_path = pnv_phb_root_bus_path; dc->realize = pnv_phb_realize; device_class_set_props(dc, pnv_phb_properties); - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->user_creatable = true; } diff --git a/hw/pci-host/ppce500.c b/hw/pci-host/ppce500.c index 76623f7..67180ba 100644 --- a/hw/pci-host/ppce500.c +++ b/hw/pci-host/ppce500.c @@ -516,7 +516,6 @@ static void e500_pcihost_class_init(ObjectClass *klass, const void *data) DeviceClass *dc = DEVICE_CLASS(klass); dc->realize = e500_pcihost_realize; - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); device_class_set_props(dc, pcihost_properties); dc->vmsd = &vmstate_ppce500_pci; } diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c index bf56229..e85e422 100644 --- a/hw/pci-host/q35.c +++ b/hw/pci-host/q35.c @@ -194,7 +194,6 @@ static void q35_host_class_init(ObjectClass *klass, const void *data) device_class_set_props(dc, q35_host_props); /* Reason: needs to be wired up by pc_q35_init */ dc->user_creatable = false; - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->fw_name = "pci"; } @@ -432,30 +431,27 @@ static void mch_update_smbase_smram(MCHPCIState *mch) } if (*reg == MCH_HOST_BRIDGE_F_SMBASE_QUERY) { - pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] = - MCH_HOST_BRIDGE_F_SMBASE_LCK; + pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] = MCH_HOST_BRIDGE_F_SMBASE_LCK; *reg = MCH_HOST_BRIDGE_F_SMBASE_IN_RAM; return; } /* - * default/reset state, discard written value - * which will disable SMRAM balackhole at SMBASE + * reg value can come from register write/reset/migration source, + * update wmask to be in sync with it regardless of source */ - if (pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] == 0xff) { - *reg = 0x00; + if (*reg == MCH_HOST_BRIDGE_F_SMBASE_IN_RAM) { + pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] = MCH_HOST_BRIDGE_F_SMBASE_LCK; + return; } - - memory_region_transaction_begin(); if (*reg & MCH_HOST_BRIDGE_F_SMBASE_LCK) { - /* disable all writes */ - pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] &= - ~MCH_HOST_BRIDGE_F_SMBASE_LCK; + /* lock register at 0x2 and disable all writes */ + pd->wmask[MCH_HOST_BRIDGE_F_SMBASE] = 0; *reg = MCH_HOST_BRIDGE_F_SMBASE_LCK; - lck = true; - } else { - lck = false; } + + lck = *reg & MCH_HOST_BRIDGE_F_SMBASE_LCK; + memory_region_transaction_begin(); memory_region_set_enabled(&mch->smbase_blackhole, lck); memory_region_set_enabled(&mch->smbase_window, lck); memory_region_transaction_commit(); diff --git a/hw/pci-host/raven.c b/hw/pci-host/raven.c index c500619..b3c2678 100644 --- a/hw/pci-host/raven.c +++ b/hw/pci-host/raven.c @@ -296,7 +296,6 @@ static void raven_pcihost_class_init(ObjectClass *klass, const void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->realize = raven_pcihost_realizefn; dc->fw_name = "pci"; } diff --git a/hw/pci-host/remote.c b/hw/pci-host/remote.c index feaaa9a..9ea95fa 100644 --- a/hw/pci-host/remote.c +++ b/hw/pci-host/remote.c @@ -55,7 +55,6 @@ static void remote_pcihost_class_init(ObjectClass *klass, const void *data) dc->realize = remote_pcihost_realize; dc->user_creatable = false; - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->fw_name = "pci"; } diff --git a/hw/pci-host/sabre.c b/hw/pci-host/sabre.c index b3f57dc..cd2328a 100644 --- a/hw/pci-host/sabre.c +++ b/hw/pci-host/sabre.c @@ -505,7 +505,6 @@ static void sabre_class_init(ObjectClass *klass, const void *data) dc->realize = sabre_realize; device_class_set_legacy_reset(dc, sabre_reset); device_class_set_props(dc, sabre_properties); - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->fw_name = "pci"; sbc->explicit_ofw_unit_address = sabre_ofw_unit_address; } diff --git a/hw/pci-host/uninorth.c b/hw/pci-host/uninorth.c index d39546b..10972de 100644 --- a/hw/pci-host/uninorth.c +++ b/hw/pci-host/uninorth.c @@ -435,7 +435,6 @@ static void pci_unin_main_class_init(ObjectClass *klass, const void *data) dc->realize = pci_unin_main_realize; device_class_set_props(dc, pci_unin_main_pci_host_props); - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->fw_name = "pci"; sbc->explicit_ofw_unit_address = pci_unin_main_ofw_unit_address; } @@ -453,7 +452,6 @@ static void pci_u3_agp_class_init(ObjectClass *klass, const void *data) DeviceClass *dc = DEVICE_CLASS(klass); dc->realize = pci_u3_agp_realize; - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); } static const TypeInfo pci_u3_agp_info = { @@ -469,7 +467,6 @@ static void pci_unin_agp_class_init(ObjectClass *klass, const void *data) DeviceClass *dc = DEVICE_CLASS(klass); dc->realize = pci_unin_agp_realize; - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); } static const TypeInfo pci_unin_agp_info = { @@ -485,7 +482,6 @@ static void pci_unin_internal_class_init(ObjectClass *klass, const void *data) DeviceClass *dc = DEVICE_CLASS(klass); dc->realize = pci_unin_internal_realize; - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); } static const TypeInfo pci_unin_internal_info = { diff --git a/hw/pci-host/xilinx-pcie.c b/hw/pci-host/xilinx-pcie.c index 86c2037..40f625b 100644 --- a/hw/pci-host/xilinx-pcie.c +++ b/hw/pci-host/xilinx-pcie.c @@ -172,7 +172,6 @@ static void xilinx_pcie_host_class_init(ObjectClass *klass, const void *data) hc->root_bus_path = xilinx_pcie_host_root_bus_path; dc->realize = xilinx_pcie_host_realize; - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->fw_name = "pci"; device_class_set_props(dc, xilinx_pcie_host_props); } @@ -291,7 +290,6 @@ static void xilinx_pcie_root_class_init(ObjectClass *klass, const void *data) PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); DeviceClass *dc = DEVICE_CLASS(klass); - set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->desc = "Xilinx AXI-PCIe Host Bridge"; k->vendor_id = PCI_VENDOR_ID_XILINX; k->device_id = 0x7021; diff --git a/hw/pci/pci.c b/hw/pci/pci.c index 9035cac..90d6d71 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -3171,6 +3171,10 @@ ssize_t pci_ats_request_translation(PCIDevice *dev, uint32_t pasid, return -EPERM; } + if (priv_req && !pcie_pasid_priv_enabled(dev)) { + return -EPERM; + } + pci_device_get_iommu_bus_devfn(dev, &iommu_bus, &bus, &devfn); if (iommu_bus && iommu_bus->iommu_ops->ats_request_translation) { return iommu_bus->iommu_ops->ats_request_translation(bus, diff --git a/hw/pci/pci_host.c b/hw/pci/pci_host.c index 05f1475..91e3885 100644 --- a/hw/pci/pci_host.c +++ b/hw/pci/pci_host.c @@ -245,6 +245,7 @@ static void pci_host_class_init(ObjectClass *klass, const void *data) DeviceClass *dc = DEVICE_CLASS(klass); device_class_set_props(dc, pci_host_properties_common); dc->vmsd = &vmstate_pcihost; + set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); } static const TypeInfo pci_host_type_info = { diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c index c481c16..50fc4aa 100644 --- a/hw/pci/pcie.c +++ b/hw/pci/pcie.c @@ -1340,6 +1340,16 @@ void pcie_pri_init(PCIDevice *dev, uint16_t offset, uint32_t outstanding_pr_cap, dev->exp.pri_cap = offset; } +static inline bool pcie_pasid_check_ctrl_bit_enabled(const PCIDevice *dev, + uint16_t mask) +{ + if (!pci_is_express(dev) || !dev->exp.pasid_cap) { + return false; + } + return (pci_get_word(dev->config + dev->exp.pasid_cap + PCI_PASID_CTRL) & + mask) != 0; +} + uint32_t pcie_pri_get_req_alloc(const PCIDevice *dev) { if (!pcie_pri_enabled(dev)) { @@ -1359,11 +1369,12 @@ bool pcie_pri_enabled(const PCIDevice *dev) bool pcie_pasid_enabled(const PCIDevice *dev) { - if (!pci_is_express(dev) || !dev->exp.pasid_cap) { - return false; - } - return (pci_get_word(dev->config + dev->exp.pasid_cap + PCI_PASID_CTRL) & - PCI_PASID_CTRL_ENABLE) != 0; + return pcie_pasid_check_ctrl_bit_enabled(dev, PCI_PASID_CTRL_ENABLE); +} + +bool pcie_pasid_priv_enabled(PCIDevice *dev) +{ + return pcie_pasid_check_ctrl_bit_enabled(dev, PCI_PASID_CTRL_PRIV); } bool pcie_ats_enabled(const PCIDevice *dev) diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c index 34e0875..c41ac95 100644 --- a/hw/pci/pcie_sriov.c +++ b/hw/pci/pcie_sriov.c @@ -195,14 +195,17 @@ bool pcie_sriov_pf_init(PCIDevice *dev, uint16_t offset, void pcie_sriov_pf_exit(PCIDevice *dev) { + uint8_t *cfg; + if (dev->exp.sriov_cap == 0) { return; } + cfg = dev->config + dev->exp.sriov_cap; if (dev->exp.sriov_pf.vf_user_created) { uint16_t ven_id = pci_get_word(dev->config + PCI_VENDOR_ID); - uint16_t total_vfs = pci_get_word(dev->config + PCI_SRIOV_TOTAL_VF); - uint16_t vf_dev_id = pci_get_word(dev->config + PCI_SRIOV_VF_DID); + uint16_t total_vfs = pci_get_word(cfg + PCI_SRIOV_TOTAL_VF); + uint16_t vf_dev_id = pci_get_word(cfg + PCI_SRIOV_VF_DID); unregister_vfs(dev); @@ -213,8 +216,6 @@ void pcie_sriov_pf_exit(PCIDevice *dev) pci_config_set_device_id(dev->exp.sriov_pf.vf[i]->config, vf_dev_id); } } else { - uint8_t *cfg = dev->config + dev->exp.sriov_cap; - unparent_vfs(dev, pci_get_word(cfg + PCI_SRIOV_TOTAL_VF)); } } diff --git a/hw/pci/shpc.c b/hw/pci/shpc.c index aac6f2d..9386028 100644 --- a/hw/pci/shpc.c +++ b/hw/pci/shpc.c @@ -735,7 +735,6 @@ void shpc_free(PCIDevice *d) if (!shpc) { return; } - object_unparent(OBJECT(&shpc->mmio)); g_free(shpc->config); g_free(shpc->cmask); g_free(shpc->wmask); diff --git a/hw/virtio/Kconfig b/hw/virtio/Kconfig index 10f5c53..8895682 100644 --- a/hw/virtio/Kconfig +++ b/hw/virtio/Kconfig @@ -127,6 +127,11 @@ config VHOST_USER_SCMI default y depends on VIRTIO && VHOST_USER && ARM +config VHOST_USER_SPI + bool + default y + depends on VIRTIO && VHOST_USER + config VHOST_USER_TEST bool default y diff --git a/hw/virtio/meson.build b/hw/virtio/meson.build index affd668..6675b63 100644 --- a/hw/virtio/meson.build +++ b/hw/virtio/meson.build @@ -28,6 +28,7 @@ if have_vhost system_virtio_ss.add(when: 'CONFIG_VHOST_USER_RNG', if_true: files('vhost-user-rng.c')) system_virtio_ss.add(when: 'CONFIG_VHOST_USER_SND', if_true: files('vhost-user-snd.c')) system_virtio_ss.add(when: 'CONFIG_VHOST_USER_INPUT', if_true: files('vhost-user-input.c')) + system_virtio_ss.add(when: 'CONFIG_VHOST_USER_SPI', if_true: files('vhost-user-spi.c')) # PCI Stubs system_virtio_ss.add(when: ['CONFIG_VIRTIO_PCI', 'CONFIG_VHOST_USER_TEST'], @@ -42,6 +43,8 @@ if have_vhost if_true: files('vhost-user-snd-pci.c')) system_virtio_ss.add(when: ['CONFIG_VIRTIO_PCI', 'CONFIG_VHOST_USER_INPUT'], if_true: files('vhost-user-input-pci.c')) + system_virtio_ss.add(when: ['CONFIG_VIRTIO_PCI', 'CONFIG_VHOST_USER_SPI'], + if_true: files('vhost-user-spi-pci.c')) endif if have_vhost_vdpa system_virtio_ss.add(files('vhost-vdpa.c')) diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c index 2481d49..6242aeb 100644 --- a/hw/virtio/vhost-shadow-virtqueue.c +++ b/hw/virtio/vhost-shadow-virtqueue.c @@ -34,6 +34,7 @@ bool vhost_svq_valid_features(uint64_t features, Error **errp) switch (b) { case VIRTIO_F_ANY_LAYOUT: case VIRTIO_RING_F_EVENT_IDX: + case VIRTIO_RING_F_INDIRECT_DESC: continue; case VIRTIO_F_ACCESS_PLATFORM: diff --git a/hw/virtio/vhost-user-spi-pci.c b/hw/virtio/vhost-user-spi-pci.c new file mode 100644 index 0000000..f813b82 --- /dev/null +++ b/hw/virtio/vhost-user-spi-pci.c @@ -0,0 +1,69 @@ +/* + * Vhost-user spi virtio device PCI glue + * + * Copyright (C) 2025 Qualcomm Innovation Center, Inc. All Rights Reserved. + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "qemu/osdep.h" +#include "hw/core/qdev-properties.h" +#include "hw/virtio/vhost-user-spi.h" +#include "hw/virtio/virtio-pci.h" + +struct VHostUserSPIPCI { + VirtIOPCIProxy parent_obj; + VHostUserSPI vdev; +}; + +typedef struct VHostUserSPIPCI VHostUserSPIPCI; + +#define TYPE_VHOST_USER_SPI_PCI "vhost-user-spi-pci-base" + +DECLARE_INSTANCE_CHECKER(VHostUserSPIPCI, VHOST_USER_SPI_PCI, + TYPE_VHOST_USER_SPI_PCI) + +static void vhost_user_spi_pci_realize(VirtIOPCIProxy *vpci_dev, Error **errp) +{ + VHostUserSPIPCI *dev = VHOST_USER_SPI_PCI(vpci_dev); + DeviceState *vdev = DEVICE(&dev->vdev); + + vpci_dev->nvectors = 1; + qdev_realize(vdev, BUS(&vpci_dev->bus), errp); +} + +static void vhost_user_spi_pci_class_init(ObjectClass *klass, const void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass); + PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass); + k->realize = vhost_user_spi_pci_realize; + set_bit(DEVICE_CATEGORY_INPUT, dc->categories); + pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET; + pcidev_k->device_id = 0; /* Set by virtio-pci based on virtio id */ + pcidev_k->revision = 0x00; + pcidev_k->class_id = PCI_CLASS_COMMUNICATION_OTHER; +} + +static void vhost_user_spi_pci_instance_init(Object *obj) +{ + VHostUserSPIPCI *dev = VHOST_USER_SPI_PCI(obj); + + virtio_instance_init_common(obj, &dev->vdev, sizeof(dev->vdev), + TYPE_VHOST_USER_SPI); +} + +static const VirtioPCIDeviceTypeInfo vhost_user_spi_pci_info = { + .base_name = TYPE_VHOST_USER_SPI_PCI, + .non_transitional_name = "vhost-user-spi-pci", + .instance_size = sizeof(VHostUserSPIPCI), + .instance_init = vhost_user_spi_pci_instance_init, + .class_init = vhost_user_spi_pci_class_init, +}; + +static void vhost_user_spi_pci_register(void) +{ + virtio_pci_types_register(&vhost_user_spi_pci_info); +} + +type_init(vhost_user_spi_pci_register); diff --git a/hw/virtio/vhost-user-spi.c b/hw/virtio/vhost-user-spi.c new file mode 100644 index 0000000..707f96c --- /dev/null +++ b/hw/virtio/vhost-user-spi.c @@ -0,0 +1,65 @@ +/* + * Vhost-user spi virtio device + * + * Copyright (C) 2025 Qualcomm Innovation Center, Inc. All Rights Reserved. + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "hw/core/qdev-properties.h" +#include "hw/virtio/virtio-bus.h" +#include "hw/virtio/vhost-user-spi.h" +#include "qemu/error-report.h" +#include "standard-headers/linux/virtio_ids.h" +#include "standard-headers/linux/virtio_spi.h" + +static const Property vspi_properties[] = { + DEFINE_PROP_CHR("chardev", VHostUserBase, chardev), +}; + +static void vspi_realize(DeviceState *dev, Error **errp) +{ + VHostUserBase *vub = VHOST_USER_BASE(dev); + VHostUserBaseClass *vubc = VHOST_USER_BASE_GET_CLASS(dev); + + /* Fixed for SPI */ + vub->virtio_id = VIRTIO_ID_SPI; + vub->num_vqs = 1; + vub->vq_size = 4; + vub->config_size = sizeof(struct virtio_spi_config); + + vubc->parent_realize(dev, errp); +} + +static const VMStateDescription vu_spi_vmstate = { + .name = "vhost-user-spi", + .unmigratable = 1, +}; + +static void vu_spi_class_init(ObjectClass *klass, const void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + VHostUserBaseClass *vubc = VHOST_USER_BASE_CLASS(klass); + + dc->vmsd = &vu_spi_vmstate; + device_class_set_props(dc, vspi_properties); + device_class_set_parent_realize(dc, vspi_realize, + &vubc->parent_realize); + set_bit(DEVICE_CATEGORY_INPUT, dc->categories); +} + +static const TypeInfo vu_spi_info = { + .name = TYPE_VHOST_USER_SPI, + .parent = TYPE_VHOST_USER_BASE, + .instance_size = sizeof(VHostUserSPI), + .class_init = vu_spi_class_init, +}; + +static void vu_spi_register_types(void) +{ + type_register_static(&vu_spi_info); +} + +type_init(vu_spi_register_types) diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 63fa9a1..bb8f8ea 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -2225,6 +2225,13 @@ static int vhost_user_backend_init(struct vhost_dev *dev, void *opaque, } } + if (!u->user->supports_inflight_migration || + !virtio_has_feature(protocol_features, + VHOST_USER_PROTOCOL_F_INFLIGHT_SHMFD)) { + protocol_features &= ~(1ULL << + VHOST_USER_PROTOCOL_F_GET_VRING_BASE_INFLIGHT); + } + /* final set of protocol features */ dev->protocol_features = protocol_features; err = vhost_user_set_protocol_features(dev, dev->protocol_features); diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c index 7061b6e..2f8f11d 100644 --- a/hw/virtio/vhost-vdpa.c +++ b/hw/virtio/vhost-vdpa.c @@ -905,7 +905,7 @@ static int vhost_vdpa_reset_device(struct vhost_dev *dev) memory_listener_unregister(&v->shared->listener); v->shared->listener_registered = false; - v->suspended = false; + v->shared->suspended = false; return 0; } @@ -1354,7 +1354,7 @@ static void vhost_vdpa_suspend(struct vhost_dev *dev) if (unlikely(r)) { error_report("Cannot suspend: %s(%d)", g_strerror(errno), errno); } else { - v->suspended = true; + v->shared->suspended = true; return; } } @@ -1481,7 +1481,7 @@ static int vhost_vdpa_get_vring_base(struct vhost_dev *dev, return 0; } - if (!v->suspended) { + if (!v->shared->suspended) { /* * Cannot trust in value returned by device, let vhost recover used * idx from guest. diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c index 31e9704..52801c1 100644 --- a/hw/virtio/vhost.c +++ b/hw/virtio/vhost.c @@ -592,11 +592,13 @@ static bool vhost_section(struct vhost_dev *dev, MemoryRegionSection *section) /* * Some backends (like vhost-user) can only handle memory regions * that have an fd (can be mapped into a different process). Filter - * the ones without an fd out, if requested. - * - * TODO: we might have to limit to MAP_SHARED as well. + * the ones without an fd out, if requested. Also make sure that + * this region is mapped as shared so that the vhost backend can + * observe modifications to this region, otherwise we consider it + * private. */ - if (memory_region_get_fd(section->mr) < 0 && + if ((memory_region_get_fd(section->mr) < 0 || + !qemu_ram_is_shared(section->mr->ram_block)) && dev->vhost_ops->vhost_backend_no_private_memslots && dev->vhost_ops->vhost_backend_no_private_memslots(dev)) { trace_vhost_reject_section(mr->name, 2); @@ -1916,6 +1918,62 @@ void vhost_get_features_ex(struct vhost_dev *hdev, } } +static bool vhost_inflight_buffer_pre_load(void *opaque, Error **errp) +{ + struct vhost_inflight *inflight = opaque; + + int fd = -1; + void *addr = qemu_memfd_alloc("vhost-inflight", inflight->size, + F_SEAL_GROW | F_SEAL_SHRINK | F_SEAL_SEAL, + &fd, errp); + if (*errp) { + return -ENOMEM; + } + + inflight->offset = 0; + inflight->addr = addr; + inflight->fd = fd; + + return true; +} + +const VMStateDescription vmstate_vhost_inflight_region_buffer = { + .name = "vhost-inflight-region/buffer", + .pre_load_errp = vhost_inflight_buffer_pre_load, + .fields = (const VMStateField[]) { + VMSTATE_VBUFFER_UINT64(addr, struct vhost_inflight, 0, NULL, size), + VMSTATE_END_OF_LIST() + } +}; + +static bool vhost_inflight_region_post_load(void *opaque, + int version_id, + Error **errp) +{ + struct vhost_inflight *inflight = opaque; + + if (inflight->addr == NULL) { + error_setg(errp, "inflight buffer subsection has not been loaded"); + return false; + } + + return true; +} + +const VMStateDescription vmstate_vhost_inflight_region = { + .name = "vhost-inflight-region", + .post_load_errp = vhost_inflight_region_post_load, + .fields = (const VMStateField[]) { + VMSTATE_UINT64(size, struct vhost_inflight), + VMSTATE_UINT16(queue_size, struct vhost_inflight), + VMSTATE_END_OF_LIST() + }, + .subsections = (const VMStateDescription * const []) { + &vmstate_vhost_inflight_region_buffer, + NULL + } +}; + void vhost_ack_features_ex(struct vhost_dev *hdev, const int *feature_bits, const uint64_t *features) { diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index cbd1810..6fceb39 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -767,11 +767,18 @@ virtio_crypto_handle_asym_req(VirtIOCrypto *vcrypto, uint32_t len; uint8_t *src = NULL; uint8_t *dst = NULL; + uint64_t max_len; asym_op_info = g_new0(CryptoDevBackendAsymOpInfo, 1); src_len = ldl_le_p(&req->para.src_data_len); dst_len = ldl_le_p(&req->para.dst_data_len); + max_len = (uint64_t)src_len + dst_len; + if (unlikely(max_len > vcrypto->conf.max_size)) { + virtio_error(vdev, "virtio-crypto asym request is too large"); + goto err; + } + if (src_len > 0) { src = g_malloc0(src_len); len = iov_to_buf(iov, out_num, 0, src, src_len); diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index b273eb2..1e8f90d 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -2183,15 +2183,17 @@ static void virtio_pci_device_plugged(DeviceState *d, Error **errp) PCI_BASE_ADDRESS_SPACE_IO, &proxy->bar); } - if (pci_is_vf(&proxy->pci_dev)) { - pcie_ari_init(&proxy->pci_dev, proxy->last_pcie_cap_offset); - proxy->last_pcie_cap_offset += PCI_ARI_SIZEOF; - } else { - res = pcie_sriov_pf_init_from_user_created_vfs( - &proxy->pci_dev, proxy->last_pcie_cap_offset, errp); - if (res > 0) { - proxy->last_pcie_cap_offset += res; - virtio_add_feature(&vdev->host_features, VIRTIO_F_SR_IOV); + if (pci_is_express(&proxy->pci_dev)) { + if (pci_is_vf(&proxy->pci_dev)) { + pcie_ari_init(&proxy->pci_dev, proxy->last_pcie_cap_offset); + proxy->last_pcie_cap_offset += PCI_ARI_SIZEOF; + } else { + res = pcie_sriov_pf_init_from_user_created_vfs( + &proxy->pci_dev, proxy->last_pcie_cap_offset, errp); + if (res > 0) { + proxy->last_pcie_cap_offset += res; + virtio_add_feature(&vdev->host_features, VIRTIO_F_SR_IOV); + } } } } diff --git a/hw/virtio/virtio-pmem.c b/hw/virtio/virtio-pmem.c index 5381d59..c3b3299 100644 --- a/hw/virtio/virtio-pmem.c +++ b/hw/virtio/virtio-pmem.c @@ -73,7 +73,6 @@ static void virtio_pmem_flush(VirtIODevice *vdev, VirtQueue *vq) trace_virtio_pmem_flush_request(); req_data = virtqueue_pop(vq, sizeof(VirtIODeviceRequest)); if (!req_data) { - virtio_error(vdev, "virtio-pmem missing request data"); return; } diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 3dc9423..77ca54e 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -48,6 +48,7 @@ #include "standard-headers/linux/virtio_iommu.h" #include "standard-headers/linux/virtio_mem.h" #include "standard-headers/linux/virtio_vsock.h" +#include "standard-headers/linux/virtio_spi.h" /* * Maximum size of virtio device config space @@ -196,7 +197,8 @@ const char *virtio_device_names[] = { [VIRTIO_ID_PARAM_SERV] = "virtio-param-serv", [VIRTIO_ID_AUDIO_POLICY] = "virtio-audio-pol", [VIRTIO_ID_BT] = "virtio-bluetooth", - [VIRTIO_ID_GPIO] = "virtio-gpio" + [VIRTIO_ID_GPIO] = "virtio-gpio", + [VIRTIO_ID_SPI] = "virtio-spi" }; static const char *virtio_id_to_name(uint16_t device_id) |