All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH] usb: Fix (another) bug in usb_packet_map() for IOMMU handling
@ 2012-11-14  5:23 David Gibson
  2012-11-14  8:33 ` Gerd Hoffmann
  0 siblings, 1 reply; 2+ messages in thread
From: David Gibson @ 2012-11-14  5:23 UTC (permalink / raw)
  To: kraxel; +Cc: qemu-devel, David Gibson

Elements in qemu SGLists can cross IOMMU page boundaries.  So, in commit
39c138c8420f51a7da7b35233a8d7400a0b589ac "usb: Fix usb_packet_map() in the
presence of IOMMUs", I changed usb_packet_map() to split up each SGList
element on IOMMU page boundaries and each resulting piece of qemu's memory
space separately to the iovec the usb code uses internally.

That was correct in concept, but the patch has a bug.  The 'base' variable
correctly steps through the dma address of each piece, but then we call
the dma_memory_map() function on the base address of the whole SGList
element every time.

This patch fixes at least one problem using XHCI on the pseries guest
machine.  It didn't affect OHCI because that doesn't use usb_packet_map().
In theory it also affects EHCI, but we haven't observed that in practice.
I think the transfers were small enough on EHCI that they never crossed an
IOMMU page boundary in practice.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/usb/libhw.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/usb/libhw.c b/hw/usb/libhw.c
index 703e2d2..24d3cad 100644
--- a/hw/usb/libhw.c
+++ b/hw/usb/libhw.c
@@ -37,7 +37,7 @@ int usb_packet_map(USBPacket *p, QEMUSGList *sgl)
 
         while (len) {
             dma_addr_t xlen = len;
-            mem = dma_memory_map(sgl->dma, sgl->sg[i].base, &xlen, dir);
+            mem = dma_memory_map(sgl->dma, base, &xlen, dir);
             if (!mem) {
                 goto err;
             }
-- 
1.7.10.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH] usb: Fix (another) bug in usb_packet_map() for IOMMU handling
  2012-11-14  5:23 [Qemu-devel] [PATCH] usb: Fix (another) bug in usb_packet_map() for IOMMU handling David Gibson
@ 2012-11-14  8:33 ` Gerd Hoffmann
  0 siblings, 0 replies; 2+ messages in thread
From: Gerd Hoffmann @ 2012-11-14  8:33 UTC (permalink / raw)
  To: David Gibson; +Cc: qemu-devel

On 11/14/12 06:23, David Gibson wrote:
> Elements in qemu SGLists can cross IOMMU page boundaries.  So, in commit
> 39c138c8420f51a7da7b35233a8d7400a0b589ac "usb: Fix usb_packet_map() in the
> presence of IOMMUs", I changed usb_packet_map() to split up each SGList
> element on IOMMU page boundaries and each resulting piece of qemu's memory
> space separately to the iovec the usb code uses internally.
> 
> That was correct in concept, but the patch has a bug.  The 'base' variable
> correctly steps through the dma address of each piece, but then we call
> the dma_memory_map() function on the base address of the whole SGList
> element every time.
> 
> This patch fixes at least one problem using XHCI on the pseries guest
> machine.  It didn't affect OHCI because that doesn't use usb_packet_map().
> In theory it also affects EHCI, but we haven't observed that in practice.
> I think the transfers were small enough on EHCI that they never crossed an
> IOMMU page boundary in practice.

Patch added to usb patch queue.

thanks,
  Gerd

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-11-14  8:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-14  5:23 [Qemu-devel] [PATCH] usb: Fix (another) bug in usb_packet_map() for IOMMU handling David Gibson
2012-11-14  8:33 ` Gerd Hoffmann

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.