usb: Fix (another) bug in usb_packet_map() for IOMMU handling

Submitted by David Gibson on Nov. 14, 2012, 5:23 a.m.

Details

Message ID 1352870630-18311-1-git-send-email-david@gibson.dropbear.id.au
State New
Headers show

Commit Message

David Gibson Nov. 14, 2012, 5:23 a.m.
Elements in qemu SGLists can cross IOMMU page boundaries.  So, in commit
39c138c8420f51a7da7b35233a8d7400a0b589ac "usb: Fix usb_packet_map() in the
presence of IOMMUs", I changed usb_packet_map() to split up each SGList
element on IOMMU page boundaries and each resulting piece of qemu's memory
space separately to the iovec the usb code uses internally.

That was correct in concept, but the patch has a bug.  The 'base' variable
correctly steps through the dma address of each piece, but then we call
the dma_memory_map() function on the base address of the whole SGList
element every time.

This patch fixes at least one problem using XHCI on the pseries guest
machine.  It didn't affect OHCI because that doesn't use usb_packet_map().
In theory it also affects EHCI, but we haven't observed that in practice.
I think the transfers were small enough on EHCI that they never crossed an
IOMMU page boundary in practice.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/usb/libhw.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Gerd Hoffmann Nov. 14, 2012, 8:33 a.m.
On 11/14/12 06:23, David Gibson wrote:
> Elements in qemu SGLists can cross IOMMU page boundaries.  So, in commit
> 39c138c8420f51a7da7b35233a8d7400a0b589ac "usb: Fix usb_packet_map() in the
> presence of IOMMUs", I changed usb_packet_map() to split up each SGList
> element on IOMMU page boundaries and each resulting piece of qemu's memory
> space separately to the iovec the usb code uses internally.
> 
> That was correct in concept, but the patch has a bug.  The 'base' variable
> correctly steps through the dma address of each piece, but then we call
> the dma_memory_map() function on the base address of the whole SGList
> element every time.
> 
> This patch fixes at least one problem using XHCI on the pseries guest
> machine.  It didn't affect OHCI because that doesn't use usb_packet_map().
> In theory it also affects EHCI, but we haven't observed that in practice.
> I think the transfers were small enough on EHCI that they never crossed an
> IOMMU page boundary in practice.

Patch added to usb patch queue.

thanks,
  Gerd

Patch hide | download patch | download mbox

diff --git a/hw/usb/libhw.c b/hw/usb/libhw.c
index 703e2d2..24d3cad 100644
--- a/hw/usb/libhw.c
+++ b/hw/usb/libhw.c
@@ -37,7 +37,7 @@  int usb_packet_map(USBPacket *p, QEMUSGList *sgl)
 
         while (len) {
             dma_addr_t xlen = len;
-            mem = dma_memory_map(sgl->dma, sgl->sg[i].base, &xlen, dir);
+            mem = dma_memory_map(sgl->dma, base, &xlen, dir);
             if (!mem) {
                 goto err;
             }