From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Stefano Garzarella <sgarzare@redhat.com>,
Laurent Vivier <laurent@vivier.eu>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: [PULL v2 04/16] virtio-mmio: fix guest kernel crash with SHM regions
Date: Fri, 5 Feb 2021 10:03:41 -0500 [thread overview]
Message-ID: <20210205150135.94643-5-mst@redhat.com> (raw)
In-Reply-To: <20210205150135.94643-1-mst@redhat.com>
From: Laurent Vivier <laurent@vivier.eu>
In the kernel, virtio_gpu_init() uses virtio_get_shm_region()
since
commit 6076a9711dc5 ("drm/virtio: implement blob resources: probe for host visible region")
but vm_get_shm_region() unconditionally uses VIRTIO_MMIO_SHM_SEL to
get the address and the length of the region.
commit 38e895487afc ("virtio: Implement get_shm_region for MMIO transport"
As this is not implemented in QEMU, address and length are 0 and passed
as is to devm_request_mem_region() that triggers a crash:
[drm:virtio_gpu_init] *ERROR* Could not reserve host visible region
Unable to handle kernel NULL pointer dereference at virtual address (ptrval)
According to the comments in the kernel, a non existent shared region
has a length of (u64)-1.
This is what we return now with this patch to disable the region.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20201220163539.2255963-1-laurent@vivier.eu>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/virtio/virtio-mmio.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c
index e1b5c3b81e..610661d6a5 100644
--- a/hw/virtio/virtio-mmio.c
+++ b/hw/virtio/virtio-mmio.c
@@ -191,6 +191,14 @@ static uint64_t virtio_mmio_read(void *opaque, hwaddr offset, unsigned size)
return 0;
}
return vdev->generation;
+ case VIRTIO_MMIO_SHM_LEN_LOW:
+ case VIRTIO_MMIO_SHM_LEN_HIGH:
+ /*
+ * VIRTIO_MMIO_SHM_SEL is unimplemented
+ * according to the linux driver, if region length is -1
+ * the shared memory doesn't exist
+ */
+ return -1;
case VIRTIO_MMIO_DEVICE_FEATURES_SEL:
case VIRTIO_MMIO_DRIVER_FEATURES:
case VIRTIO_MMIO_DRIVER_FEATURES_SEL:
--
MST
next prev parent reply other threads:[~2021-02-05 15:10 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-05 15:03 [PULL v2 00/16] pc,virtio,pci: fixes, features,code removal Michael S. Tsirkin
2021-02-05 15:03 ` [PULL v2 01/16] pci: reject too large ROMs Michael S. Tsirkin
2021-02-05 15:03 ` [PULL v2 02/16] pci: add romsize property Michael S. Tsirkin
2021-02-05 15:03 ` Michael S. Tsirkin
2021-02-05 15:03 ` [PULL v2 03/16] virtio: move 'use-disabled-flag' property to hw_compat_4_2 Michael S. Tsirkin
2021-02-05 15:03 ` Michael S. Tsirkin [this message]
2021-02-05 15:03 ` [PULL v2 05/16] virtio: Add corresponding memory_listener_unregister to unrealize Michael S. Tsirkin
2021-02-05 15:03 ` [PULL v2 06/16] virtio-pmem: add trace events Michael S. Tsirkin
2021-02-05 15:03 ` [PULL v2 07/16] vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support Michael S. Tsirkin
2021-02-05 15:03 ` [PULL v2 08/16] hw/i386: Remove the deprecated pc-1.x machine types Michael S. Tsirkin
2021-02-05 15:03 ` [PULL v2 09/16] hw/virtio/virtio-balloon: Remove the "class" property Michael S. Tsirkin
2021-02-05 15:03 ` [PULL v2 10/16] vhost: Check for valid vdev in vhost_backend_handle_iotlb_msg Michael S. Tsirkin
2021-02-05 15:04 ` [PULL v2 11/16] tests/acpi: allow updates for expected data files Michael S. Tsirkin
2021-02-05 15:04 ` [PULL v2 12/16] acpi: Permit OEM ID and OEM table ID fields to be changed Michael S. Tsirkin
2021-02-05 15:04 ` [PULL v2 13/16] acpi: use constants as strncpy limit Michael S. Tsirkin
2021-02-05 15:04 ` [PULL v2 14/16] tests/acpi: add OEM ID and OEM TABLE ID test Michael S. Tsirkin
2021-02-05 15:04 ` [PULL v2 15/16] tests/acpi: update expected data files Michael S. Tsirkin
2021-02-05 15:04 ` [PULL v2 16/16] tests/acpi: disallow updates for " Michael S. Tsirkin
2021-02-05 16:46 ` [PULL v2 00/16] pc,virtio,pci: fixes, features,code removal Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210205150135.94643-5-mst@redhat.com \
--to=mst@redhat.com \
--cc=kraxel@redhat.com \
--cc=laurent@vivier.eu \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=sgarzare@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.