| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fixes the following Coverity reports:
________________________________________________________________________________________________________
*** CID 417161: Memory - corruptions (ARRAY_VS_SINGLETON)
/samples/server.c: 438 in migration_write_data()
432 }
433
434 /* write to bar0, if any */
435 if (write_end > server_data->bar1_size) {
436 length_in_bar0 = write_end - write_start;
437 write_start -= server_data->bar1_size;
CID 417161: Memory - corruptions (ARRAY_VS_SINGLETON)
Using "&server_data->bar0" as an array. This might corrupt or misinterpret adjacent memory locations.
438 memcpy(&server_data->bar0 + write_start, buf + length_in_bar1,
439 length_in_bar0);
440 }
441
442 server_data->migration.bytes_transferred += bytes_written;
443
________________________________________________________________________________________________________
*** CID 417160: Memory - corruptions (ARRAY_VS_SINGLETON)
/samples/server.c: 394 in migration_read_data()
388 }
389
390 /* read bar0, if any */
391 if (read_end > server_data->bar1_size) {
392 length_in_bar0 = read_end - read_start;
393 read_start -= server_data->bar1_size;
CID 417160: Memory - corruptions (ARRAY_VS_SINGLETON)
Using "&server_data->bar0" as an array. This might corrupt or misinterpret adjacent memory locations.
394 memcpy(buf + length_in_bar1, &server_data->bar0 + read_start,
395 length_in_bar0);
396 }
397
398 server_data->migration.bytes_transferred += bytes_read;
399
________________________________________________________________________________________________________
*** CID 417159: Possible Control flow issues (DEADCODE)
/lib/libvfio-user.c: 121 in dev_get_caps()
115
116 header = (struct vfio_info_cap_header*)(vfio_reg + 1);
117
118 if (vfu_reg->mmap_areas != NULL) {
119 int i, nr_mmap_areas = vfu_reg->nr_mmap_areas;
120 if (type != NULL) {
CID 417159: Possible Control flow issues (DEADCODE)
Execution cannot reach this statement: "type->header.next = vfio_re...".
121 type->header.next = vfio_reg->cap_offset + sizeof(struct vfio_region_info_cap_type);
122 sparse = (struct vfio_region_info_cap_sparse_mmap*)(type + 1);
123 } else {
124 vfio_reg->cap_offset = sizeof(struct vfio_region_info);
125 sparse = (struct vfio_region_info_cap_sparse_mmap*)header;
126 }
Signed-off-by: William Henderson <william.henderson@nutanix.com>
|
|
This commit adapts the vfio-user protocol specification and the libvfio-user
implementation to v2 of the VFIO live migration interface, as used in the kernel
and QEMU.
The differences between v1 and v2 are discussed in this email thread [1], and we
slightly differ from upstream VFIO v2 in that instead of transferring data over
a new FD, we use the existing UNIX socket with new commands
VFIO_USER_MIG_DATA_READ/WRITE. We also don't yet use P2P states.
The updated spec was submitted to qemu-devel [2].
[1] https://lore.kernel.org/all/20220130160826.32449-9-yishaih@nvidia.com/
[2] https://lore.kernel.org/all/20230718094150.110183-1-william.henderson@nutanix.com/
Signed-off-by: William Henderson <william.henderson@nutanix.com>
|
|
Use separate socket for server->client commands
This change adds support for a separate socket to carry commands in the
server-to-client direction. It has proven problematic to send commands
in both directions over a single socket, since matching replies to
commands can become non-trivial when both sides send commands at the same
time and adds significant complexity. See issue #279 for details.
To set up the reverse communication channel, the client indicates
support for it via a new capability flag in the version message. The
server will then create a fresh pair of sockets and pass one end to the
client in its version reply. When the server wishes to send commands to
the client at a later point, it now uses its end of the new socket pair
rather than the main socket. Corresponding replies are also passed back
over the new socket pair.
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
|
|
The server sample is supposed to demonstrate dirty page logging, but it was not marking dirty pages. This commit both adds client-side dirty page tracking for pages dirtied with `vfu_sgl_write` and server-side dirty page tracking for pages directly dirtied by the server using `vfu_sgl_get/put`.
Signed-off-by: William Henderson <william.henderson@nutanix.com>
|
|
Signed-off-by: William Henderson <william.henderson@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Signed-off-by: William Henderson <william.henderson@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
The correct DMA address is formed by adding base and offset - the latter
was accidentally missing. Change the server example to read and write
blocks at non-zero offsets, such that `test-client-server.sh` exercises
offset handling.
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
|
|
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
Use misspell-fixer if available, and correct the small number of errors
it found. Rather than trying to install into the CI, run it directly from a
github action.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
Reported-by: Eduardo Lima <eblima@gmail.com>
|
|
fixes #660
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
|
|
Harmonize and rename the vfu_*sg() APIs to better reflect their functionality:
in our case, there is no mapping happening as part of these calls, they are
merely housekeeping for range splitting, dirty tracking, and so on.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Rename VFIO_DEVICE_STATE_XXXX defines as VFIO_DEVICE_STATE_V1_XXXX.
Upstream renamed these variable to be of the XXXX_V1_XXXX format and
switched an enum for VFIO_DEVICE_STATE_XXXX.
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
samples/client.c implicitly casts const char * to char * in a couple of
places - as such discards the const qualifier. QEMU complains about this
as it builds with -Werror=discarded-qualifiers
This patch declares irq_to_str as an array of const char pointers. It also
casts a "migrate_to() -> _argv" member explicitly
Also adds '-Wwrite-strings' build flag to catch similar issues in the
future
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
Yet another static analyzer pass, this one is used by SPDK, and as it
did detect some minor issues, it's worth running.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Now that Meson is functional, support for building with CMake is
removed so that there is only one build system to maintain.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
The Meson build system used by many other virt projects (QEMU, libvirt
and others) is easier to understand & maintain rules for than cmake,
guiding towards best practice.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
These functions from openssl are deprecated, and hence break builds with
openssl 3.0, which now has a compiler warning for them. We only use them
to check buffer contents; replace them with CRC code from DPDK instead,
and entirely drop use of openssl.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
To support fuzzing with AFL++, add a "pipe" transport that reads from stdin and
outputs to stdout: this is the most convenient way of doing fuzzing.
Add some docs on how to run a fuzzing session.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Fix three remaining low priority coverity issues; they do not represent bugs.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
|
|
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: John Leon <john.levon@nutanix.com>
|
|
These extra options make tracking uninitilized values easier. They make
Valgrind run slower so we need to increase the timeouts in the CI.
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
Fix a few coverity-identified issues.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
|
|
* Add support for VFIO_DMA_UNMAP_FLAG_ALL flag
Signed-off-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
dirty (#551)
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
The flags field belongs to VFIO and it's not a good idea to reuse as new
VFIO flags can break things. Instead, we derive whether or not a region
is mappable if a file descriptor is passed.
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
The previously specified max_msg_size had one major issue: it implied a (way too
small) limit on the size of dirty bitmaps that could be requested by a client,
and as a result a hard limit on memory region size. It seemed awkward to attempt
to split up an unmap request instead.
Instead, let most requests and replies be limited by their "natural" limits; for
example, the number of booleans in VFIO_USER_SET_IRQS is limited by MSI-X count.
For the requests that solicit or provide data - that is, VFIO_USER_DMA_READ/WRITE
and VFIO_USER_REGION_READ/WRITE - we negotiate a new max_data_xfer_size value.
These are much easier to split up into separate requests at the client side
so should not present an implementation problem. For our server, chunking is
implemented in vfu_dma_read/vfu_dma_write().
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
We should explicitly define the expected migration register contents for API
users who aren't using the callbacks. Clean up some related lint.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
With recent spec updates, we are now returning the cmd value in the reply
header, so the client can verify it.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
- we should only accept one range, not multiple ones
- clearly define and implement argsz behaviour
- we need to check if migration is configured
- add proper test coverage; move existing testing to python
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
use DMA map/unmap format similar to VFIO's
Using a DMA map/unmap format similar to VFIO's (vfio_iommu_type1_dma_map / vfio_iommu_type1_dma_unmap) makes it easier to adapt to future changes. Consequently we also honor the passed argsz.
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanitx.com>
|
|
This helps debugging.
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
* Added missing reserved bits and renamed per to rer nameing as the
nvme specs
* Add pxcap capability in lspci test
Signed-off-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
We're dropping this behavior from the spec.
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
The specification states that the region offset given in the region info should
be used as the "offset" when mmap()ing the region from the client side. However,
the library instead implemented a fixed offset scheme similar to that of vfio -
and no clients actually set up the file like that.
Instead, let servers define their own offsets, and pass them through to clients
as is. It's up to the server to decide how its backing file or files is
organized.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Default the gpio device server sample such that it stays running, so that we can
do basic sanity testing of client re-connect.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
|
|
- document how to use a vfio-user device with libvirt
- document how to use SPDK's nvmf/vfio-user target with libvirt
- replace vfio_bitmap with vfio_user_bitmap and vfio_iommu_type1_dirty_bitmap_get with vfio_user_bitmap_range
- fix bug for calculating number of pages needed for dirty page bitmap
- align number of bytes for dirty page bitmap to QWORD
- add debug messages around dirty page tracking
- only support flags=0 when doing DMA unmap
- set device state to running after reset
- allow region read/write even if device is in stopped state
- allow transitioning from stopped/stop-and-copy state to running state
- fix unit tests
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
Make a few specification updates after review by Stefan Hajnoczi.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
We were accidentally mapping bar0 twice.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
This struct from vfio.h has grown larger in newer Linux versions; this breaks
older clients, as now the server would require the larger size. Replace with our
own definition.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Capture message handling inside a new vfu_msg_t private structure and pass that
around to the handlers. This provides no functional change, but greatly
simplifies and cleans up that path, especially around fd and iovec handling.
As part of fixing up the unit tests, start using global variables to reduce the
amount of boiler-plate.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Now we are confident we are OK with a hard-coded VFU_PCI_DEV_MIGR_REGION_IDX
value, there's no need for us to track .migr_reg any more, either in the client
or internally.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
As we are now pure userspace, there is no need for us to use non-standard
integer types. This leaves the copied defines from Linux's vfio.h alone,
however.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
The first in a series excising the use of the "return -errno" idiom. This is a
non-standard usage, and in userspace, we have "errno" for delivering side-band
error values. As there have been multiple bugs from not using standard error
return methods like -1+errno or NULL+errno, let's do that.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Changed variable type for getopt() to fix compiler warning when
compiling on arm
Signed-off-by: mpiszczek <mpiszczek@ddn.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
|
|
vfu_log() and err() should not take newlines.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
|
Give API users an opportunity to clean up when a client disconnects from the
vfio-user socket.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Thanos Makatos <thanos.makatos@nutanix.com>
|
