target/arm/kvm: check get_msi_direct_gpa before &address_space_memory guard#22
Closed
mmhonap wants to merge 1 commit into
Closed
target/arm/kvm: check get_msi_direct_gpa before &address_space_memory guard#22mmhonap wants to merge 1 commit into
mmhonap wants to merge 1 commit into
Conversation
… guard For vfio-pci endpoints behind an accelerated SMMUv3, smmuv3_accel_find_add_as() returns &address_space_memory from get_address_space(). This is by design: the host S2 mappings handle DMA without an IOMMU address space on the QEMU side. pci_device_iommu_address_space() uses the same path, so it also returns &address_space_memory for these devices. kvm_arch_fixup_msi_route() then hits the early-exit guard and returns before calling pci_device_iommu_msi_direct_gpa(). The MSI route goes unfixed, the guest sees no MSI domain, and the NVIDIA driver fails to load. The bug was introduced by commit a509f10, which reverted the SAUCE pci_device_iommu_msi_address_space() helper and switched kvm.c back to pci_device_iommu_address_space(). That revert is correct: the upstream get_msi_direct_gpa mechanism replaces the SAUCE approach. The problem is that pci_device_iommu_msi_direct_gpa() was left after the early-exit guard rather than before it. Move pci_device_iommu_msi_direct_gpa() above the &address_space_memory guard. If the callback is implemented (accelerated SMMUv3 + vfio-pci), the doorbell GPA is obtained directly and the function jumps to set_doorbell. Otherwise the existing early-exit and translation paths run unchanged. Fixes: a509f10 ("Revert 'NVIDIA: SAUCE: hw/pci/pci: Introduce optional get_msi_address_space() callback'") Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
Author
|
Dropping this over shamiali2008/qemu-master@a3c05f9 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For vfio-pci endpoints behind an accelerated SMMUv3, smmuv3_accel_find_add_as() returns &address_space_memory from get_address_space(). This is by design: the host S2 mappings handle DMA without an IOMMU address space on the QEMU side.
pci_device_iommu_address_space() uses the same path, so it also returns &address_space_memory for these devices. kvm_arch_fixup_msi_route() then hits the early-exit guard and returns before calling pci_device_iommu_msi_direct_gpa(). The MSI route goes unfixed, the guest sees no MSI domain, and the NVIDIA driver fails to load.
The bug was introduced by commit a509f10, which reverted the SAUCE pci_device_iommu_msi_address_space() helper and switched kvm.c back to pci_device_iommu_address_space(). That revert is correct: the upstream get_msi_direct_gpa mechanism replaces the SAUCE approach. The problem is that pci_device_iommu_msi_direct_gpa() was left after the early-exit guard rather than before it.
Move pci_device_iommu_msi_direct_gpa() above the &address_space_memory guard. If the callback is implemented (accelerated SMMUv3 + vfio-pci), the doorbell GPA is obtained directly and the function jumps to set_doorbell. Otherwise the existing early-exit and translation paths run unchanged.
Fixes: a509f10 ("Revert 'NVIDIA: SAUCE: hw/pci/pci: Introduce optional get_msi_address_space() callback'")