[PULL,56/62] hw/xen: Support GSI mapping to PIRQ

Message ID	20230302123029.153265-57-pbonzini@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Paolo Bonzini <pbonzini@redhat.com> To: qemu-devel@nongnu.org Cc: David Woodhouse <dwmw@amazon.co.uk>, Paul Durrant <paul@xen.org> Subject: [PULL 56/62] hw/xen: Support GSI mapping to PIRQ Date: Thu, 2 Mar 2023 13:30:23 +0100 Message-Id: <20230302123029.153265-57-pbonzini@redhat.com> In-Reply-To: <20230302123029.153265-1-pbonzini@redhat.com> References: <20230302123029.153265-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Series	[PULL,01/62] include: import Xen public headers to hw/xen/interface \| expand [PULL,01/62] include: import Xen public headers to hw/xen/interface [PULL,02/62] xen: add CONFIG_XEN_BUS and CONFIG_XEN_EMU options for Xen emulation [PULL,03/62] xen: Add XEN_DISABLED mode and make it default [PULL,04/62] i386/kvm: Add xen-version KVM accelerator property and init KVM Xen support [PULL,05/62] i386/kvm: handle Xen HVM cpuid leaves [PULL,06/62] i386/kvm: Set Xen vCPU ID in KVM [PULL,07/62] xen-platform: exclude vfio-pci from the PCI platform unplug [PULL,08/62] xen-platform: allow its creation with XEN_EMULATE mode [PULL,09/62] i386/xen: handle guest hypercalls [PULL,10/62] i386/xen: implement HYPERVISOR_xen_version [PULL,11/62] i386/xen: implement HYPERVISOR_sched_op, SCHEDOP_shutdown [PULL,12/62] i386/xen: Implement SCHEDOP_poll and SCHEDOP_yield [PULL,13/62] hw/xen: Add xen_overlay device for emulating shared xenheap pages [PULL,14/62] xen: Permit --xen-domid argument when accel is KVM [PULL,15/62] i386/xen: add pc_machine_kvm_type to initialize XEN_EMULATE mode [PULL,16/62] i386/xen: manage and save/restore Xen guest long_mode setting [PULL,17/62] i386/xen: implement HYPERVISOR_memory_op [PULL,18/62] i386/xen: implement XENMEM_add_to_physmap_batch [PULL,19/62] i386/xen: implement HYPERVISOR_hvm_op [PULL,20/62] i386/xen: implement HYPERVISOR_vcpu_op [PULL,21/62] i386/xen: handle VCPUOP_register_vcpu_info [PULL,22/62] i386/xen: handle VCPUOP_register_vcpu_time_info [PULL,23/62] i386/xen: handle VCPUOP_register_runstate_memory_area [PULL,24/62] i386/xen: implement HYPERVISOR_event_channel_op [PULL,25/62] i386/xen: implement HVMOP_set_evtchn_upcall_vector [PULL,26/62] i386/xen: implement HVMOP_set_param [PULL,27/62] hw/xen: Add xen_evtchn device for event channel emulation [PULL,28/62] i386/xen: Add support for Xen event channel delivery to vCPU [PULL,29/62] hw/xen: Implement EVTCHNOP_status [PULL,30/62] hw/xen: Implement EVTCHNOP_close [PULL,31/62] hw/xen: Implement EVTCHNOP_unmask [PULL,32/62] hw/xen: Implement EVTCHNOP_bind_virq [PULL,33/62] hw/xen: Implement EVTCHNOP_bind_ipi [PULL,34/62] hw/xen: Implement EVTCHNOP_send [PULL,35/62] hw/xen: Implement EVTCHNOP_alloc_unbound [PULL,36/62] hw/xen: Implement EVTCHNOP_bind_interdomain [PULL,37/62] hw/xen: Implement EVTCHNOP_bind_vcpu [PULL,38/62] hw/xen: Implement EVTCHNOP_reset [PULL,39/62] i386/xen: add monitor commands to test event injection [PULL,40/62] hw/xen: Support HVM_PARAM_CALLBACK_TYPE_GSI callback [PULL,41/62] hw/xen: Support HVM_PARAM_CALLBACK_TYPE_PCI_INTX callback [PULL,42/62] kvm/i386: Add xen-gnttab-max-frames property [PULL,43/62] hw/xen: Add xen_gnttab device for grant table emulation [PULL,44/62] hw/xen: Support mapping grant frames [PULL,45/62] i386/xen: Implement HYPERVISOR_grant_table_op and GNTTABOP_[gs]et_verson [PULL,46/62] hw/xen: Implement GNTTABOP_query_size [PULL,47/62] i386/xen: handle PV timer hypercalls [PULL,48/62] i386/xen: Reserve Xen special pages for console, xenstore rings [PULL,49/62] i386/xen: handle HVMOP_get_param [PULL,50/62] hw/xen: Add backend implementation of interdomain event channel support [PULL,51/62] hw/xen: Add xen_xenstore device for xenstore emulation [PULL,52/62] hw/xen: Add basic ring handling to xenstore [PULL,53/62] hw/xen: Automatically add xen-platform PCI device for emulated Xen guests [PULL,54/62] i386/xen: Implement HYPERVISOR_physdev_op [PULL,55/62] hw/xen: Implement emulated PIRQ hypercall support [PULL,56/62] hw/xen: Support GSI mapping to PIRQ [PULL,57/62] hw/xen: Support MSI mapping to PIRQ [PULL,58/62] kvm/i386: Add xen-evtchn-max-pirq property [PULL,59/62] i386/xen: Document Xen HVM emulation [PULL,60/62] hw/xen: Subsume xen_be_register_common() into xen_be_init() [PULL,61/62] qapi: Add 'acpi' field to 'query-machines' output [PULL,62/62] Makefile: qemu-bundle is a directory

Message ID

20230302123029.153265-57-pbonzini@redhat.com

State

New

Headers

From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: David Woodhouse <dwmw@amazon.co.uk>,
	Paul Durrant <paul@xen.org>
Subject: [PULL 56/62] hw/xen: Support GSI mapping to PIRQ
Date: Thu,  2 Mar 2023 13:30:23 +0100
Message-Id: <20230302123029.153265-57-pbonzini@redhat.com>
In-Reply-To: <20230302123029.153265-1-pbonzini@redhat.com>
References: <20230302123029.153265-1-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=170.10.129.124;
 envelope-from=pbonzini@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Series

[PULL,01/62] include: import Xen public headers to hw/xen/interface | expand

Commit Message

Paolo Bonzini March 2, 2023, 12:30 p.m. UTC

From: David Woodhouse <dwmw@amazon.co.uk>

If I advertise XENFEAT_hvm_pirqs then a guest now boots successfully as
long as I tell it 'pci=nomsi'.

[root@localhost ~]# cat /proc/interrupts
           CPU0
  0:         52   IO-APIC   2-edge      timer
  1:         16  xen-pirq   1-ioapic-edge  i8042
  4:       1534  xen-pirq   4-ioapic-edge  ttyS0
  8:          1  xen-pirq   8-ioapic-edge  rtc0
  9:          0  xen-pirq   9-ioapic-level  acpi
 11:       5648  xen-pirq  11-ioapic-level  ahci[0000:00:04.0]
 12:        257  xen-pirq  12-ioapic-edge  i8042
...

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
---
 hw/i386/kvm/xen_evtchn.c | 58 +++++++++++++++++++++++++++++++++++++++-
 hw/i386/kvm/xen_evtchn.h |  2 ++
 hw/i386/x86.c            | 16 +++++++++++
 3 files changed, 75 insertions(+), 1 deletion(-)

Comments

Peter Maydell June 23, 2023, 2:48 p.m. UTC | #1

On Thu, 2 Mar 2023 at 12:50, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> From: David Woodhouse <dwmw@amazon.co.uk>
>
> If I advertise XENFEAT_hvm_pirqs then a guest now boots successfully as
> long as I tell it 'pci=nomsi'.
>
> [root@localhost ~]# cat /proc/interrupts
>            CPU0
>   0:         52   IO-APIC   2-edge      timer
>   1:         16  xen-pirq   1-ioapic-edge  i8042
>   4:       1534  xen-pirq   4-ioapic-edge  ttyS0
>   8:          1  xen-pirq   8-ioapic-edge  rtc0
>   9:          0  xen-pirq   9-ioapic-level  acpi
>  11:       5648  xen-pirq  11-ioapic-level  ahci[0000:00:04.0]
>  12:        257  xen-pirq  12-ioapic-edge  i8042
> ...
>
> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
> Reviewed-by: Paul Durrant <paul@xen.org>

Hi; Coverity points out an off-by-one error in this code
(CID 1508128):

> @@ -148,6 +148,9 @@ struct XenEvtchnState {
>      /* GSI → PIRQ mapping (serialized) */
>      uint16_t gsi_pirq[IOAPIC_NUM_PINS];

The gsi_pirq[] array has IOAPIC_NUM_PINS elements...

> +bool xen_evtchn_set_gsi(int gsi, int level)
> +{
> +    XenEvtchnState *s = xen_evtchn_singleton;
> +    int pirq;
> +
> +    assert(qemu_mutex_iothread_locked());
> +
> +    if (!s || gsi < 0 || gsi > IOAPIC_NUM_PINS) {

...but here our guard on gsi is off-by-one, and
allows gsi == IOAPIC_NUM_PINS through...

> +        return false;
> +    }
> +
> +    /*
> +     * Check that that it *isn't* the event channel GSI, and thus
> +     * that we are not recursing and it's safe to take s->port_lock.
> +     *
> +     * Locking aside, it's perfectly sane to bail out early for that
> +     * special case, as it would make no sense for the event channel
> +     * GSI to be routed back to event channels, when the delivery
> +     * method is to raise the GSI... that recursion wouldn't *just*
> +     * be a locking issue.
> +     */
> +    if (gsi && gsi == s->callback_gsi) {
> +        return false;
> +    }
> +
> +    QEMU_LOCK_GUARD(&s->port_lock);
> +
> +    pirq = s->gsi_pirq[gsi];

...and we will reference off the end of the gsi_pirq[] array here.

> +    if (!pirq) {
> +        return false;
> +    }

Presumably the guard should be 'gsi >= IOAPIC_NUM_PINS' ?

thanks
-- PMM

Peter Maydell July 17, 2023, 5:51 p.m. UTC | #2

On Tue, 4 Jul 2023 at 16:13, Woodhouse, David <dwmw@amazon.co.uk> wrote:
>
> Coverity points out (CID 1508128) a bounds checking error. We need to check
> for gsi >= IOAPIC_NUM_PINS, not just greater-than.
>
> Also fix up an assert() that has the same problem, that Coverity didn't see.
>
> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
> ---
>  hw/i386/kvm/xen_evtchn.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/i386/kvm/xen_evtchn.c b/hw/i386/kvm/xen_evtchn.c
> index 3d810dbd59..0e9c108614 100644
> --- a/hw/i386/kvm/xen_evtchn.c
> +++ b/hw/i386/kvm/xen_evtchn.c
> @@ -1587,7 +1587,7 @@ static int allocate_pirq(XenEvtchnState *s, int type, int gsi)
>   found:
>      pirq_inuse_word(s, pirq) |= pirq_inuse_bit(pirq);
>      if (gsi >= 0) {
> -        assert(gsi <= IOAPIC_NUM_PINS);
> +        assert(gsi < IOAPIC_NUM_PINS);
>          s->gsi_pirq[gsi] = pirq;
>      }
>      s->pirq[pirq].gsi = gsi;
> @@ -1601,7 +1601,7 @@ bool xen_evtchn_set_gsi(int gsi, int level)
>
>      assert(qemu_mutex_iothread_locked());
>
> -    if (!s || gsi < 0 || gsi > IOAPIC_NUM_PINS) {
> +    if (!s || gsi < 0 || gsi >= IOAPIC_NUM_PINS) {
>          return false;
>      }

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM

Philippe Mathieu-Daudé July 17, 2023, 9:39 p.m. UTC | #3

Hi David,

On 4/7/23 17:12, Woodhouse, David via wrote:
> Coverity points out (CID 1508128) a bounds checking error. We need to check
> for gsi >= IOAPIC_NUM_PINS, not just greater-than.
> 
> Also fix up an assert() that has the same problem, that Coverity didn't see.
> 
> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
> ---
>   hw/i386/kvm/xen_evtchn.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Better to post new patches as new thread:

   Patches are easier to find if they start a new top-level thread,
   rather than being buried in-reply-to another existing thread.

(Per 
https://www.qemu.org/docs/master/devel/submitting-a-patch.html#use-git-format-patch)

Regards,

Phil.

diff --git a/hw/i386/kvm/xen_evtchn.c b/hw/i386/kvm/xen_evtchn.c
index 59eea63272d0..f2c4b4387194 100644
--- a/hw/i386/kvm/xen_evtchn.c
+++ b/hw/i386/kvm/xen_evtchn.c
@@ -148,6 +148,9 @@  struct XenEvtchnState {
     /* GSI → PIRQ mapping (serialized) */
     uint16_t gsi_pirq[IOAPIC_NUM_PINS];
 
+    /* Per-GSI assertion state (serialized) */
+    uint32_t pirq_gsi_set;
+
     /* Per-PIRQ information (rebuilt on migration) */
     struct pirq_info *pirq;
 };
@@ -246,6 +249,7 @@  static const VMStateDescription xen_evtchn_vmstate = {
         VMSTATE_VARRAY_UINT16_ALLOC(pirq_inuse_bitmap, XenEvtchnState,
                                     nr_pirq_inuse_words, 0,
                                     vmstate_info_uint64, uint64_t),
+        VMSTATE_UINT32(pirq_gsi_set, XenEvtchnState),
         VMSTATE_END_OF_LIST()
     }
 };
@@ -1510,6 +1514,51 @@  static int allocate_pirq(XenEvtchnState *s, int type, int gsi)
     return pirq;
 }
 
+bool xen_evtchn_set_gsi(int gsi, int level)
+{
+    XenEvtchnState *s = xen_evtchn_singleton;
+    int pirq;
+
+    assert(qemu_mutex_iothread_locked());
+
+    if (!s || gsi < 0 || gsi > IOAPIC_NUM_PINS) {
+        return false;
+    }
+
+    /*
+     * Check that that it *isn't* the event channel GSI, and thus
+     * that we are not recursing and it's safe to take s->port_lock.
+     *
+     * Locking aside, it's perfectly sane to bail out early for that
+     * special case, as it would make no sense for the event channel
+     * GSI to be routed back to event channels, when the delivery
+     * method is to raise the GSI... that recursion wouldn't *just*
+     * be a locking issue.
+     */
+    if (gsi && gsi == s->callback_gsi) {
+        return false;
+    }
+
+    QEMU_LOCK_GUARD(&s->port_lock);
+
+    pirq = s->gsi_pirq[gsi];
+    if (!pirq) {
+        return false;
+    }
+
+    if (level) {
+        int port = s->pirq[pirq].port;
+
+        s->pirq_gsi_set |= (1U << gsi);
+        if (port) {
+            set_port_pending(s, port);
+        }
+    } else {
+        s->pirq_gsi_set &= ~(1U << gsi);
+    }
+    return true;
+}
+
 int xen_physdev_map_pirq(struct physdev_map_pirq *map)
 {
     XenEvtchnState *s = xen_evtchn_singleton;
@@ -1621,7 +1670,14 @@  int xen_physdev_eoi_pirq(struct physdev_eoi *eoi)
         return -EINVAL;
     }
 
-    /* XX: Reassert a level IRQ if needed */
+    /* Reassert a level IRQ if needed */
+    if (s->pirq_gsi_set & (1U << gsi)) {
+        int port = s->pirq[pirq].port;
+        if (port) {
+            set_port_pending(s, port);
+        }
+    }
+
     return 0;
 }
 
diff --git a/hw/i386/kvm/xen_evtchn.h b/hw/i386/kvm/xen_evtchn.h
index a7383f760ce2..95400b7fbf7d 100644
--- a/hw/i386/kvm/xen_evtchn.h
+++ b/hw/i386/kvm/xen_evtchn.h
@@ -24,6 +24,8 @@  void xen_evtchn_set_callback_level(int level);
 
 int xen_evtchn_set_port(uint16_t port);
 
+bool xen_evtchn_set_gsi(int gsi, int level);
+
 /*
  * These functions mirror the libxenevtchn library API, providing the QEMU
  * backend side of "interdomain" event channels.
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index c44846f47b5f..a56b10b2fb1c 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -61,6 +61,11 @@ 
 #include CONFIG_DEVICES
 #include "kvm/kvm_i386.h"
 
+#ifdef CONFIG_XEN_EMU
+#include "hw/xen/xen.h"
+#include "hw/i386/kvm/xen_evtchn.h"
+#endif
+
 /* Physical Address of PVH entry point read from kernel ELF NOTE */
 static size_t pvh_start_addr;
 
@@ -610,6 +615,17 @@  void gsi_handler(void *opaque, int n, int level)
         }
         /* fall through */
     case ISA_NUM_IRQS ... IOAPIC_NUM_PINS - 1:
+#ifdef CONFIG_XEN_EMU
+        /*
+         * Xen delivers the GSI to the Legacy PIC (not that Legacy PIC
+         * routing actually works properly under Xen). And then to
+         * *either* the PIRQ handling or the I/OAPIC depending on
+         * whether the former wants it.
+         */
+        if (xen_mode == XEN_EMULATE && xen_evtchn_set_gsi(n, level)) {
+            break;
+        }
+#endif
         qemu_set_irq(s->ioapic_irq[n], level);
         break;
     case IO_APIC_SECONDARY_IRQBASE