From patchwork Thu Nov 24 10:05:09 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: zanghongyong@huawei.com
X-Patchwork-Id: 127476
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [140.186.70.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 2BACE1007D7
	for <incoming@patchwork.ozlabs.org>;
	Thu, 24 Nov 2011 22:01:45 +1100 (EST)
Received: from localhost ([::1]:34317 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1RTX3l-0004pk-Te
	for incoming@patchwork.ozlabs.org; Thu, 24 Nov 2011 06:01:41 -0500
Received: from eggs.gnu.org ([140.186.70.92]:48641)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <zanghongyong@huawei.com>) id 1RTX3c-0004nk-G6
	for qemu-devel@nongnu.org; Thu, 24 Nov 2011 06:01:36 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <zanghongyong@huawei.com>) id 1RTX3b-00027Z-78
	for qemu-devel@nongnu.org; Thu, 24 Nov 2011 06:01:32 -0500
Received: from szxga01-in.huawei.com ([119.145.14.64]:48729)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <zanghongyong@huawei.com>) id 1RTX3a-000252-Rh
	for qemu-devel@nongnu.org; Thu, 24 Nov 2011 06:01:31 -0500
Received: from huawei.com (szxga05-in [172.24.2.49])
	by szxga05-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14
	(built Aug
	8 2006)) with ESMTP id <0LV5003KGVX71W@szxga05-in.huawei.com> for
	qemu-devel@nongnu.org; Thu, 24 Nov 2011 19:00:43 +0800 (CST)
Received: from szxrg01-dlp.huawei.com ([172.24.2.119])
	by szxga05-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14
	(built Aug
	8 2006)) with ESMTP id <0LV5001EWVW3C0@szxga05-in.huawei.com> for
	qemu-devel@nongnu.org; Thu, 24 Nov 2011 19:00:43 +0800 (CST)
Received: from szxeml205-edg.china.huawei.com ([172.24.2.119])
	by szxrg01-dlp.huawei.com (MOS 4.1.9-GA)	with ESMTP id AFH27985; Thu,
	24 Nov 2011 19:00:40 +0800
Received: from SZXEML407-HUB.china.huawei.com (10.82.67.94)
	by szxeml205-edg.china.huawei.com (172.24.2.57) with Microsoft SMTP
	Server (TLS) id 14.1.323.3; Thu, 24 Nov 2011 19:00:35 +0800
Received: from localhost.localdomain (10.166.29.45)
	by szxeml407-hub.china.huawei.com (10.82.67.94) with Microsoft SMTP
	Server id 14.1.323.3; Thu, 24 Nov 2011 19:00:16 +0800
Date: Thu, 24 Nov 2011 18:05:09 +0800
From: zanghongyong@huawei.com
X-Originating-IP: [10.166.29.45]
To: avi@redhat.com, anthony@codemonkey.ws
Message-id: <1322129109-18140-1-git-send-email-zanghongyong@huawei.com>
MIME-version: 1.0
X-Mailer: git-send-email 1.7.0.4
Content-type: text/plain
Content-transfer-encoding: 7BIT
X-CFilter-Loop: Reflected
X-detected-operating-system: by eggs.gnu.org: Solaris 9
X-Received-From: 119.145.14.64
Cc: kvm@vger.kernel.org, wusongwei@huawei.com, hanweidong@huawei.com,
	qemu-devel@nongnu.org, louzhengwei@huawei.com,
	xiaowei.yang@huawei.com, zanghongyong@huawei.com, cam@cs.ualberta.ca
Subject: [Qemu-devel] [PATCH] ivshmem: fix guest unable to start with
	ioeventfd
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

From: Hongyong Zang <zanghongyong@huawei.com>

When a guest boots with ioeventfd, an error (by gdb) occurs:
  Program received signal SIGSEGV, Segmentation fault.
  0x00000000006009cc in setup_ioeventfds (s=0x171dc40)
      at /home/louzhengwei/git_source/qemu-kvm/hw/ivshmem.c:363
  363             for (j = 0; j < s->peers[i].nb_eventfds; j++) {
The bug is due to accessing s->peers which is NULL.

This patch uses the memory region API to replace the old one kvm_set_ioeventfd_mmio_long().
And this patch makes memory_region_add_eventfd() called in ivshmem_read() when qemu receives
eventfd information from ivshmem_server.

Signed-off-by: Hongyong Zang <zanghongyong@huawei.com>
---
 hw/ivshmem.c |   41 ++++++++++++++---------------------------
 1 files changed, 14 insertions(+), 27 deletions(-)

diff --git a/hw/ivshmem.c b/hw/ivshmem.c
index 242fbea..be26f03 100644
--- a/hw/ivshmem.c
+++ b/hw/ivshmem.c
@@ -58,7 +58,6 @@ typedef struct IVShmemState {
     CharDriverState *server_chr;
     MemoryRegion ivshmem_mmio;
 
-    pcibus_t mmio_addr;
     /* We might need to register the BAR before we actually have the memory.
      * So prepare a container MemoryRegion for the BAR immediately and
      * add a subregion when we have the memory.
@@ -346,8 +345,14 @@ static void close_guest_eventfds(IVShmemState *s, int posn)
     guest_curr_max = s->peers[posn].nb_eventfds;
 
     for (i = 0; i < guest_curr_max; i++) {
-        kvm_set_ioeventfd_mmio_long(s->peers[posn].eventfds[i],
-                    s->mmio_addr + DOORBELL, (posn << 16) | i, 0);
+        if (ivshmem_has_feature(s, IVSHMEM_IOEVENTFD)) {
+            memory_region_del_eventfd(&s->ivshmem_mmio,
+                                     DOORBELL,
+                                     4,
+                                     true,
+                                     (posn << 16) | i,
+                                     s->peers[posn].eventfds[i]);
+        }
         close(s->peers[posn].eventfds[i]);
     }
 
@@ -355,22 +360,6 @@ static void close_guest_eventfds(IVShmemState *s, int posn)
     s->peers[posn].nb_eventfds = 0;
 }
 
-static void setup_ioeventfds(IVShmemState *s) {
-
-    int i, j;
-
-    for (i = 0; i <= s->max_peer; i++) {
-        for (j = 0; j < s->peers[i].nb_eventfds; j++) {
-            memory_region_add_eventfd(&s->ivshmem_mmio,
-                                      DOORBELL,
-                                      4,
-                                      true,
-                                      (i << 16) | j,
-                                      s->peers[i].eventfds[j]);
-        }
-    }
-}
-
 /* this function increase the dynamic storage need to store data about other
  * guests */
 static void increase_dynamic_storage(IVShmemState *s, int new_min_size) {
@@ -491,10 +480,12 @@ static void ivshmem_read(void *opaque, const uint8_t * buf, int flags)
     }
 
     if (ivshmem_has_feature(s, IVSHMEM_IOEVENTFD)) {
-        if (kvm_set_ioeventfd_mmio_long(incoming_fd, s->mmio_addr + DOORBELL,
-                        (incoming_posn << 16) | guest_max_eventfd, 1) < 0) {
-            fprintf(stderr, "ivshmem: ioeventfd not available\n");
-        }
+        memory_region_add_eventfd(&s->ivshmem_mmio,
+                                  DOORBELL,
+                                  4,
+                                  true,
+                                  (incoming_posn << 16) | guest_max_eventfd,
+                                  incoming_fd);
     }
 
     return;
@@ -659,10 +650,6 @@ static int pci_ivshmem_init(PCIDevice *dev)
     memory_region_init_io(&s->ivshmem_mmio, &ivshmem_mmio_ops, s,
                           "ivshmem-mmio", IVSHMEM_REG_BAR_SIZE);
 
-    if (ivshmem_has_feature(s, IVSHMEM_IOEVENTFD)) {
-        setup_ioeventfds(s);
-    }
-
     /* region for registers*/
     pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY,
                      &s->ivshmem_mmio);