| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Simplify the gpio walkthrough by using Mark Cave-Ayland's custom image
instead of an Ubuntu cloud image.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Update the instructions for using QEMU with SPDK for vNVMe. Now the
client is merged into QEMU upstream, suggest a minimum version; make
various other fixes here, including dropping the requirement for root.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
It seems github have removed all ubuntu-20.04 runners, so these jobs
were waiting forever.
Remove the ubuntu-20 test as it fails with some unrelated Python issue:
==5028== 43 bytes in 1 blocks are definitely lost in loss record 99 of 3,558
==5028== at 0x4846828: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5028== by 0x5AB054: PyUnicode_FromKindAndData (in /usr/bin/python3.12)
==5028== by 0x6022A4: ??? (in /usr/bin/python3.12)
==5028== by 0x60247E: ??? (in /usr/bin/python3.12)
==5028== by 0x6027C2: ??? (in /usr/bin/python3.12)
==5028== by 0x60240C: ??? (in /usr/bin/python3.12)
==5028== by 0x602792: ??? (in /usr/bin/python3.12)
==5028== by 0x602530: ??? (in /usr/bin/python3.12)
==5028== by 0x602792: ??? (in /usr/bin/python3.12)
==5028== by 0x604DD3: ??? (in /usr/bin/python3.12)
==5028== by 0x5D72DC: _PyEval_EvalFrameDefault (in /usr/bin/python3.12)
==5028== by 0x54A0C6: ??? (in /usr/bin/python3.12)
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
>>> CID 467267: Insecure data handling (INTEGER_OVERFLOW)
>>> The cast of "hdr->error_no" to a signed type could result in a negative number.
Indeed, if a client sends a very large ->error_no, this could end up
with a negative errno value. This doesn't seem like an issue, but
nonetheless tighten up our validation.
For some reason Coverity only complained about tran_pipe.c, but the same
problem exists in tran_sock.c.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
>>> CID 467268: (INTEGER_OVERFLOW)
>>> Expression "32UL + bitmap_size", which is equal to 31, where
"bitmap_size" is known to be equal to 18446744073709551615, overflows
the type that receives it, an unsigned integer 64 bits wide.
824 size_t size = sizeof(*res) + sizeof(*report) + bitmap_size;
It's correct, this could overflow, though as this is example code, it
doesn't matter. Nonetheless let's make this be a saturating add.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
Fixes issue #801.
Signed-off-by: Michal Berger <michal.berger@intel.com>
|
|
The centos:7 build no longer works on github due to this:
Run actions/checkout@v3
/usr/bin/docker exec 02e2cf2da72963d76b12a421e48bc0790138ee97bf567c8afcdf792dbc2093d8 sh -c "cat /etc/*release | grep ^ID"
/__e/node20/bin/node: /lib64/libm.so.6: version `GLIBC_2.27' not found (required by /__e/node20/bin/node)
/__e/node20/bin/node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by /__e/node20/bin/node)
/__e/node20/bin/node: /lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by /__e/node20/bin/node)
/__e/node20/bin/node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by /__e/node20/bin/node)
/__e/node20/bin/node: /lib64/libc.so.6: version `GLIBC_2.28' not found (required by /__e/node20/bin/node)
/__e/node20/bin/node: /lib64/libc.so.6: version `GLIBC_2.25' not found (required by /__e/node20/bin/node)
See https://github.com/actions/checkout/issues/1590
The workaround suggested there does not work, at least for centos:7.
Instead, we'll open-code the checkout operation instead of using the
github action.
For the other jobs, which still work for now, move to the non-deprecated
checkout@v4.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
Some perfectly reasonable VMs exceed 16 VMs; bump this up somewhat.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
Add the missing argument to link the backing memory with the guest's
memory; this results in two separate 2G allocations - harmless in this
case, but would break usage for SPDK.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
Pull out the qemu testing documentation into a separate file, and expand
it with step-by-step instructions on how to use the gpio example.
In addition switch to the jlevon/master.vfio-user branch, which is much
more up to date than the previous Oracle series.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
The syntax is [free text](https:/..).
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
This has never worked reliably, and now doesn't work at all; since
nobody appears to be interested, remove it altogether.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
This improves rendering on github quite a bit.
Signed-off-by: David Reiss <dreiss@meta.com>
|
|
We maintain an `spdk` branch for use by SPDK, until we have
implementation live migration v2 in both qemu and SPDK.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
* Support 64 bits and prefetchable BARs
Add two new flags for lib user to request 64bits and/or prefetchable
BARs.
Tested with a vfio-user client patched QEMU.
Signed-off-by: Jérémy Fanguède <jfanguede@kalrayinc.com>
|
|
Our previous fuzzing attempts missed this incorrect range check, but
SPDK's fuzzing did catch it. Make the check using a saturating add so
that we account for overflow.
Fixes issue #790.
Reported-by: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
When performing DMA via VFIO-user commands over the socket,
vfu_dma_transfer breaks large requests into chunks according to the
client's maximum data transfer size negotiated at connection setup time.
This change fixes the calculation of the chunk size for the case where
the last chunk is less than the maximum transfer size.
Unfortunately, the existing test didn't catch this due to the request
size being a multiple of that maximum data transfer size. Adjust the
test to make the last chunk size a true remainder.
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
|
|
The arch github action seems to not work at all. For now, just remove it
from the required checks; later, if there's no progress, we can remove
it altogether.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
For some unclear reason, clang-tidy believes bcopy() is insecure.
Regardless, it is deprecated, so replace usages with memcpy().
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
clang-tidy static analysis identified a zero-sized allocation in the
case that no ioregionfds had been configured. Fix this issue and add a
test for it.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Add migration support to the test setup, and complete some additional
testing for the migration JSON capability.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
Fixes the following Coverity reports:
________________________________________________________________________________________________________
*** CID 417161: Memory - corruptions (ARRAY_VS_SINGLETON)
/samples/server.c: 438 in migration_write_data()
432 }
433
434 /* write to bar0, if any */
435 if (write_end > server_data->bar1_size) {
436 length_in_bar0 = write_end - write_start;
437 write_start -= server_data->bar1_size;
CID 417161: Memory - corruptions (ARRAY_VS_SINGLETON)
Using "&server_data->bar0" as an array. This might corrupt or misinterpret adjacent memory locations.
438 memcpy(&server_data->bar0 + write_start, buf + length_in_bar1,
439 length_in_bar0);
440 }
441
442 server_data->migration.bytes_transferred += bytes_written;
443
________________________________________________________________________________________________________
*** CID 417160: Memory - corruptions (ARRAY_VS_SINGLETON)
/samples/server.c: 394 in migration_read_data()
388 }
389
390 /* read bar0, if any */
391 if (read_end > server_data->bar1_size) {
392 length_in_bar0 = read_end - read_start;
393 read_start -= server_data->bar1_size;
CID 417160: Memory - corruptions (ARRAY_VS_SINGLETON)
Using "&server_data->bar0" as an array. This might corrupt or misinterpret adjacent memory locations.
394 memcpy(buf + length_in_bar1, &server_data->bar0 + read_start,
395 length_in_bar0);
396 }
397
398 server_data->migration.bytes_transferred += bytes_read;
399
________________________________________________________________________________________________________
*** CID 417159: Possible Control flow issues (DEADCODE)
/lib/libvfio-user.c: 121 in dev_get_caps()
115
116 header = (struct vfio_info_cap_header*)(vfio_reg + 1);
117
118 if (vfu_reg->mmap_areas != NULL) {
119 int i, nr_mmap_areas = vfu_reg->nr_mmap_areas;
120 if (type != NULL) {
CID 417159: Possible Control flow issues (DEADCODE)
Execution cannot reach this statement: "type->header.next = vfio_re...".
121 type->header.next = vfio_reg->cap_offset + sizeof(struct vfio_region_info_cap_type);
122 sparse = (struct vfio_region_info_cap_sparse_mmap*)(type + 1);
123 } else {
124 vfio_reg->cap_offset = sizeof(struct vfio_region_info);
125 sparse = (struct vfio_region_info_cap_sparse_mmap*)header;
126 }
Signed-off-by: William Henderson <william.henderson@nutanix.com>
|
|
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
This commit adapts the vfio-user protocol specification and the libvfio-user
implementation to v2 of the VFIO live migration interface, as used in the kernel
and QEMU.
The differences between v1 and v2 are discussed in this email thread [1], and we
slightly differ from upstream VFIO v2 in that instead of transferring data over
a new FD, we use the existing UNIX socket with new commands
VFIO_USER_MIG_DATA_READ/WRITE. We also don't yet use P2P states.
The updated spec was submitted to qemu-devel [2].
[1] https://lore.kernel.org/all/20220130160826.32449-9-yishaih@nvidia.com/
[2] https://lore.kernel.org/all/20230718094150.110183-1-william.henderson@nutanix.com/
Signed-off-by: William Henderson <william.henderson@nutanix.com>
|
|
Use separate socket for server->client commands
This change adds support for a separate socket to carry commands in the
server-to-client direction. It has proven problematic to send commands
in both directions over a single socket, since matching replies to
commands can become non-trivial when both sides send commands at the same
time and adds significant complexity. See issue #279 for details.
To set up the reverse communication channel, the client indicates
support for it via a new capability flag in the version message. The
server will then create a fresh pair of sockets and pass one end to the
client in its version reply. When the server wishes to send commands to
the client at a later point, it now uses its end of the new socket pair
rather than the main socket. Corresponding replies are also passed back
over the new socket pair.
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
|
|
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
|
|
The SPDK and QEMU versions were too old.
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
Thus far, the client end of the socket is the only piece of client state
tracked in tests, for which a global `socket` variable has been used. In
preparation to add more state, replace the `socket` global with a
`client` global object that groups all client state.
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Thus far, the python test code has only ever sent messages of type
commands to the server and processed the corresponding replies. For the
twin-socket feature, the tests will exercise flows where DMA access
commands must be received, processed, and replied to by the client.
This change refactors the message handling python test code to provide
functions to handle server-to-client commands, reusing existing code as
appropriate.
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
String formatting is hitting its limits: Adding another field is
difficult given that we already branch on whether migration is enabled.
This change constructs a JSON-C object instead so we can add what we
need and serialize to a string afterwards.
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
It turns out that the bit field will not yield the desired / specified
bit layout on big-endian systems, see issue #768 for details. Thus,
replace the bit field with constants for the individual fields and use
bit masking when accessing the flags field.
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
The `log_dirty_bitmap` function in `dma.c` would output the wrong number of
dirty pages due to the `char` of the bitmap being sign-extended when implicitly
being converted to `unsigned int` for `__builtin_popcount`. By adding an
intermediate cast to `uint8_t` we avoid this incorrect behaviour.
See https://github.com/nutanix/libvfio-user/pull/746#discussion_r1297173318.
Signed-off-by: William Henderson <william.henderson@nutanix.com>
|
|
Signed-off-by: Sandro-Alessio Gierens <sandro@gierens.de>
|
|
The newer flake8 version in the arch linux job of the pull request
workflow fails due to:
E721 do not compare types, for exact checks use `is` / `is not`, for instance checks use `isinstance()`
Both `__eq__` functions now use `is not` instead of `!=` for the type
initial check.
Signed-off-by: Sandro-Alessio Gierens <sandro@gierens.de>
|
|
This adds jobs to `.github/workflows/pull_request.yml` for Debian 11
bullseye, Debian 12 bookworm and Arch Linux base 20230723.0.166908.
Signed-off-by: Sandro-Alessio Gierens <sandro@gierens.de>
|
|
Node12 and as a result Github Actions v2 will apparently soon be
deprecated, see: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
Thus this changes all workflow jobs to use `actions/checkout@v3`.
Signed-off-by: Sandro-Alessio Gierens <sandro@gierens.de>
|
|
The helper function centralizes some extra checks and diligence desired
by many/most current code paths but currently inconsistently applied.
This includes bypassing the close call when the file descriptor is -1
already, resetting the file descriptor variable to -1 after closing, and
preserving errno.
All calls to close are replaced by close_safely. Some warning log output
is lost over this, but it doesn't seem like this was very useful anyways
given that Linux always closes the file descriptor anyways.
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
|
|
Signed-off-by: Florian Freudiger <25648113+FlorianFreudiger@users.noreply.github.com>
|
|
This adds the expected output to the lspci test I get on my Arch with kernel
version 6.1.44-lts and pciutils version 3.10.0.
Signed-off-by: Sandro-Alessio Gierens <sandro@gierens.de>
|
|
Signed-off-by: Florian Freudiger <25648113+FlorianFreudiger@users.noreply.github.com>
|
|
The server sample is supposed to demonstrate dirty page logging, but it was not marking dirty pages. This commit both adds client-side dirty page tracking for pages dirtied with `vfu_sgl_write` and server-side dirty page tracking for pages directly dirtied by the server using `vfu_sgl_get/put`.
Signed-off-by: William Henderson <william.henderson@nutanix.com>
|
|
Signed-off-by: William Henderson <william.henderson@nutanix.com>
|
|
Document that on vfu_sgl_write(), it's the client's responsibility to
track any dirty pages.
Signed-off-by: John Levon <john.levon@nutanix.com>
|
|
Signed-off-by: William Henderson <william.henderson@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Signed-off-by: William Henderson <william.henderson@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
The correct DMA address is formed by adding base and offset - the latter
was accidentally missing. Change the server example to read and write
blocks at non-zero offsets, such that `test-client-server.sh` exercises
offset handling.
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
|
|
Signed-off-by: William Henderson <william.henderson@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
When handle_device_set_irqs set err irq/req irq, fd will be filled
in vfu_ctx->irqs->efds[] rather than vfu_ctx->irqs->err_efd or
vfu_ctx->irqs->req_efd. This patch adds irq index judgment before
filling in fd to make sure fd is filled in the correct place.
Signed-off-by: Miao Li <miao.li@intel.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
