From: Ladi Prosek
Subject: Re: [Qemu-devel] [PATCH 1/3] ivshmem: Don't update non-existent MSI routes
Date: Mon, 13 Nov 2017 15:38:30 +0100

On Mon, Nov 13, 2017 at 3:22 PM, Markus Armbruster <address@hidden> wrote:
> Ladi Prosek <address@hidden> writes:
>> As of commit 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications"),
>> QEMU crashes with:
>>   kvm_irqchip_commit_routes: Assertion `ret == 0' failed.
>> if the ivshmem device is configured with more vectors than what the server
>> supports. This is caused by the ivshmem_vector_unmask() being called on
>> vectors that have not been initialized by ivshmem_add_kvm_msi_virq().
>> This commit fixes it by adding a simple check to the mask and unmask
>> callbacks.
>> Note that the opposite mismatch, if the server supplies more vectors than
>> what the device is configured for, is already handled and leads to output
>> like:
>>   Too many eventfd received, device has 1 vectors
>> Fixes: 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications")
>> Signed-off-by: Ladi Prosek <address@hidden>
> I think I understand your description of what's wrong.  Not obvious to
> me is how it can happen.  The cover letter mentions a Windows ivshmem
> driver.  Is this a device bug a driver can trigger?  If yes, how?

I don't have a Linux guest handy but this code has existed for quite a
long time so yes, I think it's safe to assume that it can't be
(easily) triggered by the Linux driver.

The reproducer is as simple as:

ivshmem-server -n 0
qemu ... -device ivshmem-doorbell,chardev=iv -chardev

and load the Windows driver in the guest.

Maybe Linux won't enable MSI-X on the device?


