On Fri, May 26, 2023 at 09:58:52AM +0800, zhangfei gao wrote:
> > I have found two missing pieces in the device detach routine.
> > Applying the following should fix the crash at hotplug path.
> >
> > ----------------------------------------------------------------------------
> > diff --git a/hw/vfio/container-base.c b/hw/vfio/container-base.c
> > index 89a256efa999..2344307523cb 100644
> > --- a/hw/vfio/container-base.c
> > +++ b/hw/vfio/container-base.c
> > @@ -151,8 +151,10 @@ void vfio_container_destroy(VFIOContainer *container)
> > }
> >
> > QLIST_FOREACH_SAFE(giommu, &container->giommu_list, giommu_next, tmp) {
> > - memory_region_unregister_iommu_notifier(
> > - MEMORY_REGION(giommu->iommu_mr), &giommu->n);
> > + if (giommu->n.notifier_flags) {
> > + memory_region_unregister_iommu_notifier(
> > + MEMORY_REGION(giommu->iommu_mr), &giommu->n);
> > + }
> > QLIST_REMOVE(giommu, giommu_next);
> > g_free(giommu);
> > }
> > diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
> > index 844c60892db2..35d31480390d 100644
> > --- a/hw/vfio/iommufd.c
> > +++ b/hw/vfio/iommufd.c
> > @@ -652,6 +652,9 @@ found:
> > */
> > if (QLIST_EMPTY(&container->hwpt_list)) {
> > vfio_as_del_container(space, bcontainer);
> > + if (bcontainer->nested) {
> > + memory_listener_unregister(& bcontainer->prereg_listener);
> > + }
> > }
> > __vfio_device_detach_container(vbasedev, container, &err);
> > if (err) {
> > ----------------------------------------------------------------------------
> >
> > Would you please try your case with it?
>
>
> Yes, this solve the hotplug segmentation fault
Nice. Thanks!
> Still report
>
> qemu-system-aarch64: IOMMU_IOAS_UNMAP failed: No such file or directory
> qemu-system-aarch64: vfio_container_dma_unmap(0xaaaae622e300,
> 0x8000000000, 0x10000) = -2 (No such file or directory)
> qemu-system-aarch64: Failed to unset data -1 (only the first time of
> device_del)
>
> Test with device_del and device_add
I found the "pci.1" has secondary bus number 0 when VM inits:
(qemu) info pci
[...]
Bus 0, device 2, function 0:
PCI bridge: PCI device 1b36:000c
IRQ 0, pin A
BUS 0.
secondary bus 0.
subordinate bus 0.
IO range [0xf000, 0x0fff]
memory range [0xfff00000, 0x000fffff]
prefetchable memory range [0xfff00000, 0x000fffff]
BAR0: 32 bit memory at 0xffffffffffffffff [0x00000ffe].
id "pci.1"
Then it changes later during the guest OS boots:
(qemu) info pci
[...]
Bus 0, device 2, function 0:
PCI bridge: PCI device 1b36:000c
IRQ 255, pin A
BUS 0.
secondary bus 1.
subordinate bus 1.
IO range [0x0000, 0x0fff]
memory range [0x10000000, 0x101fffff]
prefetchable memory range [0x8000000000, 0x80000fffff]
BAR0: 32 bit memory at 0x10240000 [0x10240fff].
id "pci.1"
This must be related the PCI bus init thing, since it doesn't
fully assign correct the bus numbers and ranges being listed
above, in the first dump.
I will try figuring out what's going on, because this doesn't
make too much sense for our ->set_iommu_device callback if a
PCIBus isn't fully ready.
Alternatively, I could move the set_dev_data ioctl out of the
->set_iommu_device callback to a later stage.
Overall, this should be fixed in the next version.
Thank you
Nicolin
