[Qemu-devel] [PATCH v4 0/3] x86_iommu: Fix segfault when starting on non-PCI machines

[Qemu-devel] [PATCH v4 0/3] x86_iommu: Fix segfault when starting on non-PCI machines

[Mohammed Gamal]

Starting qemu with
qemu-system-x86_64 -S -M isapc -device {amd|intel}-iommu
leads to a segfault. The code assume PCI bus is present and
tries to access the bus structure without checking.

The patch series moves the error checks from vtd_realize()
and amdvi_realize() to the generic x86_iommu_realize() and
adds a check for PCI bus presence.

v3 --> v4:
  * Restore correct object_dynamic_cast() in x86_iommu_realize()
  * Remove redundant casting in callee functions. Implemented in
    a new patch

Mohammed Gamal (3):
  x86_iommu: Move machine check to x86_iommu_realize()
  intel_iommu, amd_iommu: Remove redundant object_dynamic_cast calls
  x86_iommu: check if machine has PCI bus

 hw/i386/amd_iommu.c   | 13 ++-----------
 hw/i386/intel_iommu.c | 13 ++-----------
 hw/i386/x86-iommu.c   | 13 +++++++++++++
 3 files changed, 17 insertions(+), 22 deletions(-)

-- 
1.8.3.1

[Qemu-devel] [PATCH v4 1/3] x86_iommu: Move machine check to x86_iommu_realize()

[Mohammed Gamal]

Instead of having the same error checks in vtd_realize()
and amdvi_realize(), move that over to the generic
x86_iommu_realize().

Signed-off-by: Mohammed Gamal <mgamal@redhat.com>
---
 hw/i386/amd_iommu.c   | 10 +---------
 hw/i386/intel_iommu.c | 10 +---------
 hw/i386/x86-iommu.c   | 13 +++++++++++++
 3 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 334938a..839f01f 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -1141,18 +1141,10 @@ static void amdvi_realize(DeviceState *dev, Error **err)
     AMDVIState *s = AMD_IOMMU_DEVICE(dev);
     X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(dev);
     MachineState *ms = MACHINE(qdev_get_machine());
-    MachineClass *mc = MACHINE_GET_CLASS(ms);
     PCMachineState *pcms =
         PC_MACHINE(object_dynamic_cast(OBJECT(ms), TYPE_PC_MACHINE));
-    PCIBus *bus;
+    PCIBus *bus = pcms->bus;
 
-    if (!pcms) {
-        error_setg(err, "Machine-type '%s' not supported by amd-iommu",
-                   mc->name);
-        return;
-    }
-
-    bus = pcms->bus;
     s->iotlb = g_hash_table_new_full(amdvi_uint64_hash,
                                      amdvi_uint64_equal, g_free, g_free);
 
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 3a5bb0b..aa01812 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3027,20 +3027,12 @@ static bool vtd_decide_config(IntelIOMMUState *s, Error **errp)
 static void vtd_realize(DeviceState *dev, Error **errp)
 {
     MachineState *ms = MACHINE(qdev_get_machine());
-    MachineClass *mc = MACHINE_GET_CLASS(ms);
     PCMachineState *pcms =
         PC_MACHINE(object_dynamic_cast(OBJECT(ms), TYPE_PC_MACHINE));
-    PCIBus *bus;
+    PCIBus *bus = pcms->bus;
     IntelIOMMUState *s = INTEL_IOMMU_DEVICE(dev);
     X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(dev);
 
-    if (!pcms) {
-        error_setg(errp, "Machine-type '%s' not supported by intel-iommu",
-                   mc->name);
-        return;
-    }
-
-    bus = pcms->bus;
     x86_iommu->type = TYPE_INTEL;
 
     if (!vtd_decide_config(s, errp)) {
diff --git a/hw/i386/x86-iommu.c b/hw/i386/x86-iommu.c
index 293caf8..51de519 100644
--- a/hw/i386/x86-iommu.c
+++ b/hw/i386/x86-iommu.c
@@ -21,6 +21,8 @@
 #include "hw/sysbus.h"
 #include "hw/boards.h"
 #include "hw/i386/x86-iommu.h"
+#include "hw/i386/pc.h"
+#include "qapi/error.h"
 #include "qemu/error-report.h"
 #include "trace.h"
 
@@ -80,7 +82,18 @@ static void x86_iommu_realize(DeviceState *dev, Error **errp)
 {
     X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(dev);
     X86IOMMUClass *x86_class = X86_IOMMU_GET_CLASS(dev);
+    MachineState *ms = MACHINE(qdev_get_machine());
+    MachineClass *mc = MACHINE_GET_CLASS(ms);
+    PCMachineState *pcms =
+        PC_MACHINE(object_dynamic_cast(OBJECT(ms), TYPE_PC_MACHINE));
     QLIST_INIT(&x86_iommu->iec_notifiers);
+
+    if (!pcms) {
+        error_setg(errp, "Machine-type '%s' not supported by IOMMU",
+                   mc->name);
+        return;
+    }
+
     if (x86_class->realize) {
         x86_class->realize(dev, errp);
     }
-- 
1.8.3.1

[Qemu-devel] [PATCH v4 2/3] intel_iommu, amd_iommu: Remove redundant object_dynamic_cast calls

[Mohammed Gamal]

Now that the calling x86_iommu_realize() calls object_dynamic_cast(),
doing the cast in amdvi_realize() and vtd_realize() is not needed.

Use PC_MACHINE macro directly.

Signed-off-by: Mohammed Gamal <mgamal@redhat.com>
---
 hw/i386/amd_iommu.c   | 3 +--
 hw/i386/intel_iommu.c | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 839f01f..f2e1868 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -1141,8 +1141,7 @@ static void amdvi_realize(DeviceState *dev, Error **err)
     AMDVIState *s = AMD_IOMMU_DEVICE(dev);
     X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(dev);
     MachineState *ms = MACHINE(qdev_get_machine());
-    PCMachineState *pcms =
-        PC_MACHINE(object_dynamic_cast(OBJECT(ms), TYPE_PC_MACHINE));
+    PCMachineState *pcms = PC_MACHINE(ms);
     PCIBus *bus = pcms->bus;
 
     s->iotlb = g_hash_table_new_full(amdvi_uint64_hash,
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index aa01812..0138b3b 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3027,8 +3027,7 @@ static bool vtd_decide_config(IntelIOMMUState *s, Error **errp)
 static void vtd_realize(DeviceState *dev, Error **errp)
 {
     MachineState *ms = MACHINE(qdev_get_machine());
-    PCMachineState *pcms =
-        PC_MACHINE(object_dynamic_cast(OBJECT(ms), TYPE_PC_MACHINE));
+    PCMachineState *pcms = PC_MACHINE(ms);
     PCIBus *bus = pcms->bus;
     IntelIOMMUState *s = INTEL_IOMMU_DEVICE(dev);
     X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(dev);
-- 
1.8.3.1

[Qemu-devel] [PATCH v4 3/3] x86_iommu: check if machine has PCI bus

[Mohammed Gamal]

Starting qemu with
qemu-system-x86_64 -S -M isapc -device {amd|intel}-iommu
leads to a segfault. The code assume PCI bus is present and
tries to access the bus structure without checking.

Since Intel VT-d and AMDVI should only work with PCI, add a
check for PCI bus and return error if not present.

Signed-off-by: Mohammed Gamal <mgamal@redhat.com>
---
 hw/i386/x86-iommu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i386/x86-iommu.c b/hw/i386/x86-iommu.c
index 51de519..8a01a2d 100644
--- a/hw/i386/x86-iommu.c
+++ b/hw/i386/x86-iommu.c
@@ -88,7 +88,7 @@ static void x86_iommu_realize(DeviceState *dev, Error **errp)
         PC_MACHINE(object_dynamic_cast(OBJECT(ms), TYPE_PC_MACHINE));
     QLIST_INIT(&x86_iommu->iec_notifiers);
 
-    if (!pcms) {
+    if (!pcms || !pcms->bus) {
         error_setg(errp, "Machine-type '%s' not supported by IOMMU",
                    mc->name);
         return;
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v4 1/3] x86_iommu: Move machine check to x86_iommu_realize()

[Eduardo Habkost]

On Mon, Sep 18, 2017 at 04:37:48PM +0200, Mohammed Gamal wrote:
> Instead of having the same error checks in vtd_realize()
> and amdvi_realize(), move that over to the generic
> x86_iommu_realize().
> 
> Signed-off-by: Mohammed Gamal <mgamal@redhat.com>

If patch 2/3 is squashed into this one:

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

-- 
Eduardo

Re: [Qemu-devel] [PATCH v4 2/3] intel_iommu, amd_iommu: Remove redundant object_dynamic_cast calls

[Eduardo Habkost]

On Mon, Sep 18, 2017 at 04:37:49PM +0200, Mohammed Gamal wrote:
> Now that the calling x86_iommu_realize() calls object_dynamic_cast(),
> doing the cast in amdvi_realize() and vtd_realize() is not needed.
> 
> Use PC_MACHINE macro directly.
> 
> Signed-off-by: Mohammed Gamal <mgamal@redhat.com>

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

I suggest squashing this into patch 1/3.  It doesn't need to be a
separate patch.

-- 
Eduardo

Re: [Qemu-devel] [PATCH v4 3/3] x86_iommu: check if machine has PCI bus

[Eduardo Habkost]

On Mon, Sep 18, 2017 at 04:37:50PM +0200, Mohammed Gamal wrote:
> Starting qemu with
> qemu-system-x86_64 -S -M isapc -device {amd|intel}-iommu
> leads to a segfault. The code assume PCI bus is present and
> tries to access the bus structure without checking.
> 
> Since Intel VT-d and AMDVI should only work with PCI, add a
> check for PCI bus and return error if not present.
> 
> Signed-off-by: Mohammed Gamal <mgamal@redhat.com>

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>

-- 
Eduardo

Re: [Qemu-devel] [PATCH v4 0/3] x86_iommu: Fix segfault when starting on non-PCI machines

[Peter Xu]

On Mon, Sep 18, 2017 at 04:37:47PM +0200, Mohammed Gamal wrote:
> Starting qemu with
> qemu-system-x86_64 -S -M isapc -device {amd|intel}-iommu
> leads to a segfault. The code assume PCI bus is present and
> tries to access the bus structure without checking.
> 
> The patch series moves the error checks from vtd_realize()
> and amdvi_realize() to the generic x86_iommu_realize() and
> adds a check for PCI bus presence.
> 
> v3 --> v4:
>   * Restore correct object_dynamic_cast() in x86_iommu_realize()
>   * Remove redundant casting in callee functions. Implemented in
>     a new patch
> 
> Mohammed Gamal (3):
>   x86_iommu: Move machine check to x86_iommu_realize()
>   intel_iommu, amd_iommu: Remove redundant object_dynamic_cast calls
>   x86_iommu: check if machine has PCI bus

After patch 2 squashed to patch 1 (patch 2 itself is not valid; the
problem only appears after patch 1):

Reviewed-by: Peter Xu <peterx@redhat.com>

> 
>  hw/i386/amd_iommu.c   | 13 ++-----------
>  hw/i386/intel_iommu.c | 13 ++-----------
>  hw/i386/x86-iommu.c   | 13 +++++++++++++
>  3 files changed, 17 insertions(+), 22 deletions(-)
> 
> -- 
> 1.8.3.1
> 

-- 
Peter Xu