qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/4] s390x/pci: fixup trap_msix()


From: Yi Min Zhao
Subject: Re: [Qemu-devel] [PATCH 1/4] s390x/pci: fixup trap_msix()
Date: Tue, 29 Aug 2017 16:05:34 +0800
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0



在 2017/8/29 下午4:00, Cornelia Huck 写道:
On Tue, 29 Aug 2017 12:32:17 +0800
Yi Min Zhao <address@hidden> wrote:

在 2017/8/28 下午10:51, Cornelia Huck 写道:
On Mon, 28 Aug 2017 10:04:44 +0200
Yi Min Zhao <address@hidden> wrote:
The function trap_msix() is to check if pcistg instruction would access
msix table entries. The correct boundary condition should be
[table_offset, table_offset+entries*entry_size). But the current
condition calculated misses the last entry. So let's fixup it.

Acked-by: Dong Jia Shi <address@hidden>
Reviewed-by: Pierre Morel <address@hidden>
Signed-off-by: Yi Min Zhao <address@hidden>
---
   hw/s390x/s390-pci-inst.c | 4 ++--
   1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
index b7beb8c36a..eba9ffb5f2 100644
--- a/hw/s390x/s390-pci-inst.c
+++ b/hw/s390x/s390-pci-inst.c
@@ -440,8 +440,8 @@ static int trap_msix(S390PCIBusDevice *pbdev, uint64_t 
offset, uint8_t pcias)
   {
       if (pbdev->msix.available && pbdev->msix.table_bar == pcias &&
           offset >= pbdev->msix.table_offset &&
-        offset <= pbdev->msix.table_offset +
-                  (pbdev->msix.entries - 1) * PCI_MSIX_ENTRY_SIZE) {
+        offset < (pbdev->msix.table_offset +
+                  pbdev->msix.entries * PCI_MSIX_ENTRY_SIZE)) {
           return 1;
       } else {
           return 0;
What happened before due to the miscalculation? Write to wrong memory
region?

We tried to plug virtio-net pci device but failed. After inspected, we
found that the device uses two msix entries but the last one was
missed. Then we cannot register interrupt successfully because we
should call trap_msixi() in order to save some useful and arch
information into msix message. But what about wrong memory region
didn't happen.
So, the guest just was not able to use the second msix entry, but did
not get any exception?


Yes, didn't get any exception. The guest just kept waiting for something
(I guess that might be the response for interrupt register) and then the
system had no response. What I can do is only destroy the guest.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]