From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH qemu 2/2] update reentrancy patches to version in upstream git
Date: Tue, 6 Jun 2023 10:58:50 +0200 [thread overview]
Message-ID: <20230606085850.48577-2-f.ebner@proxmox.com> (raw)
In-Reply-To: <20230606085850.48577-1-f.ebner@proxmox.com>
The previous version was picked from the mailing list and still had
an object_dynamic_cast call in a hot path, which is avoided with the
version that landed in git.
Also adds a few more exceptions for devices that need reentrancy.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...-memory-prevent-dma-reentracy-issues.patch | 118 ----------------
...s-Internal-cdbs-have-16-byte-length.patch} | 0
...al-deadlock-when-draining-during-tr.patch} | 0
...en-getting-cursor-without-a-console.patch} | 0
...isabling-re-entrancy-checking-per-MR.patch | 38 -----
...-memory-prevent-dma-reentracy-issues.patch | 130 ++++++++++++++++++
...le-reentrancy-detection-for-script-R.patch | 8 +-
...-disable-reentrancy-detection-for-io.patch | 37 +++++
...sable-reentrancy-detection-for-iomem.patch | 35 +++++
...le-reentrancy-detection-for-apic-msi.patch | 36 +++++
debian/patches/series | 12 +-
11 files changed, 252 insertions(+), 162 deletions(-)
delete mode 100644 debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch
rename debian/patches/extra/{0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch => 0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch} (100%)
rename debian/patches/extra/{0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch => 0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch} (100%)
rename debian/patches/extra/{0007-ui-return-NULL-when-getting-cursor-without-a-console.patch => 0004-ui-return-NULL-when-getting-cursor-without-a-console.patch} (100%)
delete mode 100644 debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
create mode 100644 debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch
create mode 100644 debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
create mode 100644 debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
create mode 100644 debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
diff --git a/debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch b/debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch
deleted file mode 100644
index 5be13d6..0000000
--- a/debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alexander Bulekov <alxndr@bu.edu>
-Date: Sat, 4 Feb 2023 23:07:34 -0500
-Subject: [PATCH] memory: prevent dma-reentracy issues
-
-Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
-This flag is set/checked prior to calling a device's MemoryRegion
-handlers, and set when device code initiates DMA. The purpose of this
-flag is to prevent two types of DMA-based reentrancy issues:
-
-1.) mmio -> dma -> mmio case
-2.) bh -> dma write -> mmio case
-
-These issues have led to problems such as stack-exhaustion and
-use-after-frees.
-
-Summary of the problem from Peter Maydell:
-https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
-
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
-
-Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
-Acked-by: Peter Xu <peterx@redhat.com>
-(picked-up from https://lists.nongnu.org/archive/html/qemu-devel/2023-02/msg01142.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- include/hw/qdev-core.h | 7 +++++++
- softmmu/memory.c | 17 +++++++++++++++++
- softmmu/trace-events | 1 +
- 3 files changed, 25 insertions(+)
-
-diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
-index bd50ad5ee1..7623703943 100644
---- a/include/hw/qdev-core.h
-+++ b/include/hw/qdev-core.h
-@@ -162,6 +162,10 @@ struct NamedClockList {
- QLIST_ENTRY(NamedClockList) node;
- };
-
-+typedef struct {
-+ bool engaged_in_io;
-+} MemReentrancyGuard;
-+
- /**
- * DeviceState:
- * @realized: Indicates whether the device has been fully constructed.
-@@ -194,6 +198,9 @@ struct DeviceState {
- int alias_required_for_version;
- ResettableState reset;
- GSList *unplug_blockers;
-+
-+ /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */
-+ MemReentrancyGuard mem_reentrancy_guard;
- };
-
- struct DeviceListener {
-diff --git a/softmmu/memory.c b/softmmu/memory.c
-index b1a6cae6f5..e4d2268d32 100644
---- a/softmmu/memory.c
-+++ b/softmmu/memory.c
-@@ -533,6 +533,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- uint64_t access_mask;
- unsigned access_size;
- unsigned i;
-+ DeviceState *dev = NULL;
- MemTxResult r = MEMTX_OK;
-
- if (!access_size_min) {
-@@ -542,6 +543,19 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- access_size_max = 4;
- }
-
-+ /* Do not allow more than one simultanous access to a device's IO Regions */
-+ if (mr->owner &&
-+ !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) {
-+ dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE);
-+ if (dev) {
-+ if (dev->mem_reentrancy_guard.engaged_in_io) {
-+ trace_memory_region_reentrant_io(get_cpu_index(), mr, addr, size);
-+ return MEMTX_ERROR;
-+ }
-+ dev->mem_reentrancy_guard.engaged_in_io = true;
-+ }
-+ }
-+
- /* FIXME: support unaligned access? */
- access_size = MAX(MIN(size, access_size_max), access_size_min);
- access_mask = MAKE_64BIT_MASK(0, access_size * 8);
-@@ -556,6 +570,9 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- access_mask, attrs);
- }
- }
-+ if (dev) {
-+ dev->mem_reentrancy_guard.engaged_in_io = false;
-+ }
- return r;
- }
-
-diff --git a/softmmu/trace-events b/softmmu/trace-events
-index 22606dc27b..62d04ea9a7 100644
---- a/softmmu/trace-events
-+++ b/softmmu/trace-events
-@@ -13,6 +13,7 @@ memory_region_ops_read(int cpu_index, void *mr, uint64_t addr, uint64_t value, u
- memory_region_ops_write(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size, const char *name) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u name '%s'"
- memory_region_subpage_read(int cpu_index, void *mr, uint64_t offset, uint64_t value, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" value 0x%"PRIx64" size %u"
- memory_region_subpage_write(int cpu_index, void *mr, uint64_t offset, uint64_t value, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" value 0x%"PRIx64" size %u"
-+memory_region_reentrant_io(int cpu_index, void *mr, uint64_t offset, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" size %u"
- memory_region_ram_device_read(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u"
- memory_region_ram_device_write(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u"
- memory_region_sync_dirty(const char *mr, const char *listener, int global) "mr '%s' listener '%s' synced (global=%d)"
diff --git a/debian/patches/extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch b/debian/patches/extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
similarity index 100%
rename from debian/patches/extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
rename to debian/patches/extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
diff --git a/debian/patches/extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
similarity index 100%
rename from debian/patches/extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch
rename to debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
diff --git a/debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch b/debian/patches/extra/0004-ui-return-NULL-when-getting-cursor-without-a-console.patch
similarity index 100%
rename from debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
rename to debian/patches/extra/0004-ui-return-NULL-when-getting-cursor-without-a-console.patch
diff --git a/debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch b/debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
deleted file mode 100644
index 47c0b80..0000000
--- a/debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alexander Bulekov <alxndr@bu.edu>
-Date: Mon, 13 Mar 2023 04:24:16 -0400
-Subject: [PATCH] memory: Allow disabling re-entrancy checking per-MR
-
-Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
----
- include/exec/memory.h | 3 +++
- softmmu/memory.c | 2 +-
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/include/exec/memory.h b/include/exec/memory.h
-index 15ade918ba..e6819e3c39 100644
---- a/include/exec/memory.h
-+++ b/include/exec/memory.h
-@@ -791,6 +791,9 @@ struct MemoryRegion {
- unsigned ioeventfd_nb;
- MemoryRegionIoeventfd *ioeventfds;
- RamDiscardManager *rdm; /* Only for RAM */
-+
-+ /* For devices designed to perform re-entrant IO into their own IO MRs */
-+ bool disable_reentrancy_guard;
- };
-
- struct IOMMUMemoryRegion {
-diff --git a/softmmu/memory.c b/softmmu/memory.c
-index e4d2268d32..d88acb204b 100644
---- a/softmmu/memory.c
-+++ b/softmmu/memory.c
-@@ -544,7 +544,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- }
-
- /* Do not allow more than one simultanous access to a device's IO Regions */
-- if (mr->owner &&
-+ if (mr->owner && !mr->disable_reentrancy_guard &&
- !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) {
- dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE);
- if (dev) {
diff --git a/debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch b/debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch
new file mode 100644
index 0000000..c9d0cd5
--- /dev/null
+++ b/debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch
@@ -0,0 +1,130 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:06 -0400
+Subject: [PATCH] memory: prevent dma-reentracy issues
+
+Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
+This flag is set/checked prior to calling a device's MemoryRegion
+handlers, and set when device code initiates DMA. The purpose of this
+flag is to prevent two types of DMA-based reentrancy issues:
+
+1.) mmio -> dma -> mmio case
+2.) bh -> dma write -> mmio case
+
+These issues have led to problems such as stack-exhaustion and
+use-after-frees.
+
+Summary of the problem from Peter Maydell:
+https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
+Resolves: CVE-2023-0330
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Message-Id: <20230427211013.2994127-2-alxndr@bu.edu>
+[thuth: Replace warn_report() with warn_report_once()]
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit a2e1753b8054344f32cf94f31c6399a58794a380)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ include/exec/memory.h | 5 +++++
+ include/hw/qdev-core.h | 7 +++++++
+ softmmu/memory.c | 16 ++++++++++++++++
+ 3 files changed, 28 insertions(+)
+
+diff --git a/include/exec/memory.h b/include/exec/memory.h
+index 15ade918ba..e45ce6061f 100644
+--- a/include/exec/memory.h
++++ b/include/exec/memory.h
+@@ -767,6 +767,8 @@ struct MemoryRegion {
+ bool is_iommu;
+ RAMBlock *ram_block;
+ Object *owner;
++ /* owner as TYPE_DEVICE. Used for re-entrancy checks in MR access hotpath */
++ DeviceState *dev;
+
+ const MemoryRegionOps *ops;
+ void *opaque;
+@@ -791,6 +793,9 @@ struct MemoryRegion {
+ unsigned ioeventfd_nb;
+ MemoryRegionIoeventfd *ioeventfds;
+ RamDiscardManager *rdm; /* Only for RAM */
++
++ /* For devices designed to perform re-entrant IO into their own IO MRs */
++ bool disable_reentrancy_guard;
+ };
+
+ struct IOMMUMemoryRegion {
+diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
+index bd50ad5ee1..7623703943 100644
+--- a/include/hw/qdev-core.h
++++ b/include/hw/qdev-core.h
+@@ -162,6 +162,10 @@ struct NamedClockList {
+ QLIST_ENTRY(NamedClockList) node;
+ };
+
++typedef struct {
++ bool engaged_in_io;
++} MemReentrancyGuard;
++
+ /**
+ * DeviceState:
+ * @realized: Indicates whether the device has been fully constructed.
+@@ -194,6 +198,9 @@ struct DeviceState {
+ int alias_required_for_version;
+ ResettableState reset;
+ GSList *unplug_blockers;
++
++ /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */
++ MemReentrancyGuard mem_reentrancy_guard;
+ };
+
+ struct DeviceListener {
+diff --git a/softmmu/memory.c b/softmmu/memory.c
+index b1a6cae6f5..b7b3386e9d 100644
+--- a/softmmu/memory.c
++++ b/softmmu/memory.c
+@@ -542,6 +542,18 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
+ access_size_max = 4;
+ }
+
++ /* Do not allow more than one simultaneous access to a device's IO Regions */
++ if (mr->dev && !mr->disable_reentrancy_guard &&
++ !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) {
++ if (mr->dev->mem_reentrancy_guard.engaged_in_io) {
++ warn_report_once("Blocked re-entrant IO on MemoryRegion: "
++ "%s at addr: 0x%" HWADDR_PRIX,
++ memory_region_name(mr), addr);
++ return MEMTX_ACCESS_ERROR;
++ }
++ mr->dev->mem_reentrancy_guard.engaged_in_io = true;
++ }
++
+ /* FIXME: support unaligned access? */
+ access_size = MAX(MIN(size, access_size_max), access_size_min);
+ access_mask = MAKE_64BIT_MASK(0, access_size * 8);
+@@ -556,6 +568,9 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
+ access_mask, attrs);
+ }
+ }
++ if (mr->dev) {
++ mr->dev->mem_reentrancy_guard.engaged_in_io = false;
++ }
+ return r;
+ }
+
+@@ -1170,6 +1185,7 @@ static void memory_region_do_init(MemoryRegion *mr,
+ }
+ mr->name = g_strdup(name);
+ mr->owner = owner;
++ mr->dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE);
+ mr->ram_block = NULL;
+
+ if (name) {
diff --git a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
index 8f488dc..96d254c 100644
--- a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
+++ b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
@@ -1,6 +1,6 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alexander Bulekov <alxndr@bu.edu>
-Date: Mon, 13 Mar 2023 04:24:17 -0400
+Date: Thu, 27 Apr 2023 17:10:10 -0400
Subject: [PATCH] lsi53c895a: disable reentrancy detection for script RAM
As the code is designed to use the memory APIs to access the script ram,
@@ -10,6 +10,12 @@ In the future, ram_io may be converted from an IO to a proper RAM MemoryRegion.
Reported-by: Fiona Ebner <f.ebner@proxmox.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
+Message-Id: <20230427211013.2994127-6-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit bfd6e7ae6a72b84e2eb9574f56e6ec037f05182c)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
hw/scsi/lsi53c895a.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch b/debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
new file mode 100644
index 0000000..6ec9d03
--- /dev/null
+++ b/debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
@@ -0,0 +1,37 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:11 -0400
+Subject: [PATCH] bcm2835_property: disable reentrancy detection for iomem
+
+As the code is designed for re-entrant calls from bcm2835_property to
+bcm2835_mbox and back into bcm2835_property, mark iomem as
+reentrancy-safe.
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Message-Id: <20230427211013.2994127-7-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit 985c4a4e547afb9573b6bd6843d20eb2c3d1d1cd)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/misc/bcm2835_property.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
+index 890ae7bae5..de056ea2df 100644
+--- a/hw/misc/bcm2835_property.c
++++ b/hw/misc/bcm2835_property.c
+@@ -382,6 +382,13 @@ static void bcm2835_property_init(Object *obj)
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &bcm2835_property_ops, s,
+ TYPE_BCM2835_PROPERTY, 0x10);
++
++ /*
++ * bcm2835_property_ops call into bcm2835_mbox, which in-turn reads from
++ * iomem. As such, mark iomem as re-entracy safe.
++ */
++ s->iomem.disable_reentrancy_guard = true;
++
+ sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
+ sysbus_init_irq(SYS_BUS_DEVICE(s), &s->mbox_irq);
+ }
diff --git a/debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch b/debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
new file mode 100644
index 0000000..bea68d4
--- /dev/null
+++ b/debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:12 -0400
+Subject: [PATCH] raven: disable reentrancy detection for iomem
+
+As the code is designed for re-entrant calls from raven_io_ops to
+pci-conf, mark raven_io_ops as reentrancy-safe.
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Message-Id: <20230427211013.2994127-8-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit 6dad5a6810d9c60ca320d01276f6133bbcfa1fc7)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/pci-host/raven.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/pci-host/raven.c b/hw/pci-host/raven.c
+index 072ffe3c5e..9a11ac4b2b 100644
+--- a/hw/pci-host/raven.c
++++ b/hw/pci-host/raven.c
+@@ -294,6 +294,13 @@ static void raven_pcihost_initfn(Object *obj)
+ memory_region_init(&s->pci_memory, obj, "pci-memory", 0x3f000000);
+ address_space_init(&s->pci_io_as, &s->pci_io, "raven-io");
+
++ /*
++ * Raven's raven_io_ops use the address-space API to access pci-conf-idx
++ * (which is also owned by the raven device). As such, mark the
++ * pci_io_non_contiguous as re-entrancy safe.
++ */
++ s->pci_io_non_contiguous.disable_reentrancy_guard = true;
++
+ /* CPU address space */
+ memory_region_add_subregion(address_space_mem, PCI_IO_BASE_ADDR,
+ &s->pci_io);
diff --git a/debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch b/debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
new file mode 100644
index 0000000..154cc36
--- /dev/null
+++ b/debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:13 -0400
+Subject: [PATCH] apic: disable reentrancy detection for apic-msi
+
+As the code is designed for re-entrant calls to apic-msi, mark apic-msi
+as reentrancy-safe.
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
+Message-Id: <20230427211013.2994127-9-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit 50795ee051a342c681a9b45671c552fbd6274db8)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/intc/apic.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/intc/apic.c b/hw/intc/apic.c
+index 20b5a94073..ac3d47d231 100644
+--- a/hw/intc/apic.c
++++ b/hw/intc/apic.c
+@@ -885,6 +885,13 @@ static void apic_realize(DeviceState *dev, Error **errp)
+ memory_region_init_io(&s->io_memory, OBJECT(s), &apic_io_ops, s, "apic-msi",
+ APIC_SPACE_SIZE);
+
++ /*
++ * apic-msi's apic_mem_write can call into ioapic_eoi_broadcast, which can
++ * write back to apic-msi. As such mark the apic-msi region re-entrancy
++ * safe.
++ */
++ s->io_memory.disable_reentrancy_guard = true;
++
+ s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, apic_timer, s);
+ local_apics[s->id] = s;
+
diff --git a/debian/patches/series b/debian/patches/series
index 7b45528..32c51a1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,10 +1,12 @@
extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
-extra/0002-memory-prevent-dma-reentracy-issues.patch
-extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
-extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch
-extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
+extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
+extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
+extra/0004-ui-return-NULL-when-getting-cursor-without-a-console.patch
+extra/0005-memory-prevent-dma-reentracy-issues.patch
extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
-extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
+extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
+extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
+extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.39.2
next prev parent reply other threads:[~2023-06-06 8:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-06 8:58 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Fiona Ebner
2023-06-06 8:58 ` Fiona Ebner [this message]
2023-06-06 16:03 ` [pve-devel] applied: [PATCH qemu 2/2] update reentrancy patches to version in upstream git Thomas Lamprecht
2023-06-06 16:03 ` [pve-devel] applied: [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230606085850.48577-2-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.