summaryrefslogtreecommitdiff
path: root/drivers/virtio
AgeCommit message (Collapse)Author
2016-02-15virtio_pci: fix use after free on releaseMichael S. Tsirkin
[ Upstream commit 2989be09a8a9d62a785137586ad941f916e08f83 ] KASan detected a use-after-free error in virtio-pci remove code. In virtio_pci_remove(), vp_dev is still used after being freed in unregister_virtio_device() (in virtio_pci_release_dev() more precisely). To fix, keep a reference until cleanup is done. Fixes: 63bd62a08ca4 ("virtio_pci: defer kfree until release callback") Reported-by: Jerome Marchand <jmarchan@redhat.com> Cc: stable@vger.kernel.org Cc: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Jerome Marchand <jmarchan@redhat.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
2016-02-03virtio_balloon: fix race by fill and leakMinchan Kim
[ Upstream commit f68b992bbb474641881932c61c92dcfa6f5b3689 ] During my compaction-related stuff, I encountered a bug with ballooning. With repeated inflating and deflating cycle, guest memory( ie, cat /proc/meminfo | grep MemTotal) is decreased and couldn't be recovered. The reason is balloon_lock doesn't cover release_pages_balloon so struct virtio_balloon fields could be overwritten by race of fill_balloon(e,g, vb->*pfns could be critical). This patch fixes it in my test. Cc: <stable@vger.kernel.org> Signed-off-by: Minchan Kim <minchan@kernel.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
2016-02-03virtio_ballon: change stub of release_pages_by_pfnDenis V. Lunev
[ Upstream commit b4d34037329f46ed818d3b0a6e1e23b9c8721f79 ] and rename it to release_pages_balloon. The function originally takes arrays of pfns and now it takes pointer to struct virtio_ballon. This change is necessary to conditionally call adjust_managed_page_count in the next patch. Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
2015-06-04virtio_pci: Clear stale cpumask when setting irq affinityJiang Liu
The cpumask vp_dev->msix_affinity_masks[info->msix_vector] may contain staled information when vp_set_vq_affinity() gets called, so clear it before setting the new cpu bit mask. Cc: stable@vger.kernel.org Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-04-15virtio: drop virtio_device_is_legacy_onlyMichael S. Tsirkin
virtio_device_is_legacy_only is now unused, drop it from core. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-04-15virtio_pci: support non-legacy balloon devicesMichael S. Tsirkin
virtio_device_is_legacy_only is always false now, drop the test from virtio pci. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-04-15virtio_mmio: support non-legacy balloon devicesMichael S. Tsirkin
virtio_device_is_legacy_only is always false now, drop the test from virtio mmio. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Pawel Moll <pawel.moll@arm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-04-15virtio: balloon might not be a legacy deviceMichael S. Tsirkin
We added transitional device support to balloon driver, so we don't need to black-list it in core anymore. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-04-15virtio_balloon: transitional interfaceMichael S. Tsirkin
Virtio 1.0 doesn't include a modern balloon device. But it's not a big change to support a transitional balloon device: this has the advantage of supporting existing drivers, transparently. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-04-01virtio_pci_modern: switch to type-safe io accessorsMichael S. Tsirkin
As Rusty noted, we were accessing queue_enable with an incorrect width. Switch to type-safe accessors so we don't make this mistake again in the future. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-04-01virtio_pci_modern: type-safe io accessorsMichael S. Tsirkin
The spec is very clear on this: 4.1.3.1 Driver Requirements: PCI Device Layout The driver MUST access each field using the “natural” access method, i.e. 32-bit accesses for 32-bit fields, 16-bit accesses for 16-bit fields and 8-bit accesses for 8-bit fields. Add type-safe wrappers to prevent access with incorrect width. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-03-29Add virtio-input driver.Gerd Hoffmann
virtio-input is basically evdev-events-over-virtio, so this driver isn't much more than reading configuration from config space and forwarding incoming events to the linux input layer. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-03-17virtio_mmio: fix access width for mmioMichael S. Tsirkin
Going over the virtio mmio code, I noticed that it doesn't correctly access modern device config values using "natural" accessors: it uses readb to get/set them byte by byte, while the virtio 1.0 spec explicitly states: 4.2.2.2 Driver Requirements: MMIO Device Register Layout ... The driver MUST only use 32 bit wide and aligned reads and writes to access the control registers described in table 4.1. For the device-specific configuration space, the driver MUST use 8 bit wide accesses for 8 bit wide fields, 16 bit wide and aligned accesses for 16 bit wide fields and 32 bit wide and aligned accesses for 32 and 64 bit wide fields. Borrow code from virtio_pci_modern to do this correctly. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-03-13virtio_mmio: generation supportMichael S. Tsirkin
virtio_mmio currently lacks generation support which makes multi-byte field access racy. Fix by getting the value at offset 0xfc for version 2 devices. Nothing we can do for version 1, so return generation id 0. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-03-10virtio-balloon: do not call blocking ops when !TASK_RUNNINGMichael S. Tsirkin
virtio balloon has this code: wait_event_interruptible(vb->config_change, (diff = towards_target(vb)) != 0 || vb->need_stats_update || kthread_should_stop() || freezing(current)); Which is a problem because towards_target() call might block after wait_event_interruptible sets task state to TAST_INTERRUPTIBLE, causing the task_struct::state collision typical of nesting of sleeping primitives See also http://lwn.net/Articles/628628/ or Thomas's bug report http://article.gmane.org/gmane.linux.kernel.virtualization/24846 for a fuller explanation. To fix, rewrite using wait_woken. Cc: stable@vger.kernel.org Reported-by: Thomas Huth <thuth@linux.vnet.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Thomas Huth <thuth@linux.vnet.ibm.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-03-10virtio_balloon: set DRIVER_OK before using deviceMichael S. Tsirkin
virtio spec requires that all drivers set DRIVER_OK before using devices. While balloon isn't yet included in the virtio 1 spec, previous spec versions also required this. virtio balloon might violate this rule: probe calls kthread_run before setting DRIVER_OK, which might run immediately and cause balloon to inflate/deflate. To fix, call virtio_device_ready before running the kthread. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Cc: stable@kernel.org
2015-02-17virtio: don't set VIRTIO_CONFIG_S_DRIVER_OK twice.Rusty Russell
I noticed this with the console device. It's not *wrong*, just a bit weird. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-02-11virtio_pci: use 16-bit accessor for queue_enable.Rusty Russell
Since PCI is little endian, 8-bit access might work, but the spec section is very clear on this: 4.1.3.1 Driver Requirements: PCI Device Layout The driver MUST access each field using the “natural” access method, i.e. 32-bit accesses for 32-bit fields, 16-bit accesses for 16-bit fields and 8-bit accesses for 8-bit fields. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Acked-by: Michael S. Tsirkin <mst@redhat.com>
2015-02-11virtio: Avoid possible kernel panic if DEBUG is enabled.Tetsuo Handa
The virtqueue_add() calls START_USE() upon entry. The virtqueue_kick() is called if vq->num_added == (1 << 16) - 1 before calling END_USE(). The virtqueue_kick_prepare() called via virtqueue_kick() calls START_USE() upon entry, and will call panic() if DEBUG is enabled. Move this virtqueue_kick() call to after END_USE() call. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-23virtio-mmio: Update the device to OASIS spec versionPawel Moll
This patch add a support for second version of the virtio-mmio device, which follows OASIS "Virtual I/O Device (VIRTIO) Version 1.0" specification. Main changes: 1. The control register symbolic names use the new device/driver nomenclature rather than the old guest/host one. 2. The driver detect the device version (version 1 is the pre-OASIS spec, version 2 is compatible with fist revision of the OASIS spec) and drives the device accordingly. 3. New version uses direct addressing (64 bit address split into two low/high register) instead of the guest page size based one, and addresses each part of the queue (descriptors, available, used) separately. 4. The device activity is now explicitly triggered by writing to the "queue ready" register. 5. Whole 64 bit features are properly handled now (both ways). Signed-off-by: Pawel Moll <pawel.moll@arm.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-21virtio_pci_modern: drop an unused functionMichael S. Tsirkin
release function in modern driver is unused: it's a left-over from when each driver had to have its own release. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-01-21virtio_pci: add module param to force legacy modeMichael S. Tsirkin
If set, try legacy interface first, modern one if that fails. Useful to work around device/driver bugs, and for compatibility testing. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-21virtio_pci: add an option to disable legacy driverMichael S. Tsirkin
Useful for testing device virtio 1 compatibility. Based on patch by Rusty - couldn't resist putting that flying car joke in there! Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-21virtio_pci: drop Kconfig warningsMichael S. Tsirkin
The ABI *is* stable, and has been for a while now. Drop Kconfig warning saying that it's not guaranteed to work. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-21virtio_pci: Kconfig grammar fixMichael S. Tsirkin
This drivers -> this driver. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-21virtio_ring: coding style fixMichael S. Tsirkin
Most of our code has struct foo { } Fix one instances where ring is inconsistent. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-21virtio_balloon: coding style fixesMichael S. Tsirkin
Most of our code has struct foo { } Fix two instances where balloon is inconsistent. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-21virtio_pci_modern: support devices with no configMichael S. Tsirkin
Virtio 1.0 spec lists device config as optional. Set get/set callbacks to NULL. Drivers can check that and fail gracefully. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-21virtio_pci_modern: reduce number of mappingsMichael S. Tsirkin
We don't know the # of VQs that drivers are going to use so it's hard to predict how much memory we'll need to map. However, the relevant capability does give us an upper limit. If that's below a page, we can reduce the number of required mappings by mapping it all once ahead of the time. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-21virtio_pci: macros for PCI layout offsetsRusty Russell
QEMU wants it, so why not? Trust, but verify. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-01-21virtio_pci: modern driverMichael S. Tsirkin
Lightly tested against qemu. One thing *not* implemented here is separate mappings for descriptor/avail/used rings. That's nice to have, will be done later after we have core support. This also exposes the PCI layout to userspace, and adds macros for PCI layout offsets: QEMU wants it, so why not? Trust, but verify. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-01-21virtio_pci: move probe/remove code to commonMichael S. Tsirkin
Most of initialization is device-independent. Let's move it to common. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-21virtio_pci: drop useless del_vqs callSasha Levin
Device VQs were getting freed twice: once in every device's removal functions, and then again in virtio_pci_legacy_remove(). The ones in devices are called first, so drop the useless second call. Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-21virtio/balloon: verify device has config spaceMichael S. Tsirkin
Some devices might not implement config space access (e.g. remoteproc used not to - before 3.9). virtio/balloon needs config space access so make it fail gracefully if not there. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-01-06virtio_pci: document why we defer kfreeMichael S. Tsirkin
The reason we defer kfree until release function is because it's a general rule for kobjects: kfree of the reference counter itself is only legal in the release function. Previous patch didn't make this clear, document this in code. Cc: stable@vger.kernel.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-01-06virtio_pci: defer kfree until release callbackSasha Levin
A struct device which has just been unregistered can live on past the point at which a driver decides to drop it's initial reference to the kobject gained on allocation. This implies that when releasing a virtio device, we can't free a struct virtio_device until the underlying struct device has been released, which might not happen immediately on device_unregister(). Unfortunately, this is exactly what virtio pci does: it has an empty release callback, and frees memory immediately after unregistering the device. This causes an easy to reproduce crash if CONFIG_DEBUG_KOBJECT_RELEASE it enabled. To fix, free the memory only once we know the device is gone in the release callback. Cc: stable@vger.kernel.org Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-01-06virtio_pci: device-specific release callbackMichael S. Tsirkin
It turns out we need to add device-specific code in release callback. Move it to virtio_pci_legacy.c. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-01-06virtio: make del_vqs idempotentMichael S. Tsirkin
Our code calls del_vqs multiple times, assuming it's idempotent. commit 3ec7a77bb3089bb01032fdbd958eb5c29da58b49 virtio_pci: free up vq->priv broke this assumption, by adding kfree there, so multiple calls cause double free. Fix it up. Fixes: 3ec7a77bb3089bb01032fdbd958eb5c29da58b49 Reported-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-12-18Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhostLinus Torvalds
Pull virtio fixes from Michael S Tsirkin: "virtio 1.0 related fixes Most importantly, this fixes using virtio_pci as a module. Further, the big virtio 1.0 conversion missed a couple of places. This fixes them up. This isn't 100% sparse-clean yet because on many architectures get_user triggers sparse warnings when used with __bitwise tag (when same tag is on both pointer and value read). I posted a patchset to fix it up by adding __force on all arches that don't already have it (many do), when that's merged these warnings will go away" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: virtio_pci: restore module attributes mic/host: fix up virtio 1.0 APIs vringh: update for virtio 1.0 APIs vringh: 64 bit features tools/virtio: add virtio 1.0 in vringh_test tools/virtio: add virtio 1.0 in virtio_test tools/virtio: enable -Werror tools/virtio: 64 bit features tools/virtio: fix vringh test tools/virtio: more stubs virtio: core support for config generation virtio_pci: add VIRTIO_PCI_NO_LEGACY virtio_pci: move probe to common file virtio_pci_common.h: drop VIRTIO_PCI_NO_LEGACY virtio_config: fix virtio_cread_bytes virtio: set VIRTIO_CONFIG_S_FEATURES_OK on restore
2014-12-17Merge tag 'virtio-next-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux Pull virtio updates from Rusty Russell: "A balloon enhancement, and a minor race-on-module-unload theoretical bug which doesn't merit cc: stable. All the exciting stuff went via MST this cycle" * tag 'virtio-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: virtio_balloon: free some memory from balloon on OOM virtio_balloon: return the amount of freed memory from leak_balloon() virtio_blk: fix race at module removal virtio: Fix comment typo 'CONFIG_S_FAILED'
2014-12-17virtio_pci: restore module attributesHerbert Xu
When the virtio_pci driver was moved into virtio_pci_legacy.c the module licence and other attributes went AWOL. This patch restores them. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-12-14Merge tag 'driver-core-3.19-rc1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core update from Greg KH: "Here's the set of driver core patches for 3.19-rc1. They are dominated by the removal of the .owner field in platform drivers. They touch a lot of files, but they are "simple" changes, just removing a line in a structure. Other than that, a few minor driver core and debugfs changes. There are some ath9k patches coming in through this tree that have been acked by the wireless maintainers as they relied on the debugfs changes. Everything has been in linux-next for a while" * tag 'driver-core-3.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (324 commits) Revert "ath: ath9k: use debugfs_create_devm_seqfile() helper for seq_file entries" fs: debugfs: add forward declaration for struct device type firmware class: Deletion of an unnecessary check before the function call "vunmap" firmware loader: fix hung task warning dump devcoredump: provide a one-way disable function device: Add dev_<level>_once variants ath: ath9k: use debugfs_create_devm_seqfile() helper for seq_file entries ath: use seq_file api for ath9k debugfs files debugfs: add helper function to create device related seq_file drivers/base: cacheinfo: remove noisy error boot message Revert "core: platform: add warning if driver has no owner" drivers: base: support cpu cache information interface to userspace via sysfs drivers: base: add cpu_device_create to support per-cpu devices topology: replace custom attribute macros with standard DEVICE_ATTR* cpumask: factor out show_cpumap into separate helper function driver core: Fix unbalanced device reference in drivers_probe driver core: fix race with userland in device_add() sysfs/kernfs: make read requests on pre-alloc files use the buffer. sysfs/kernfs: allow attributes to request write buffer be pre-allocated. fs: sysfs: return EGBIG on write if offset is larger than file size ...
2014-12-14virtio_pci: move probe to common fileMichael S. Tsirkin
It turns out this make everything easier. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-12-11virtio_pci_common.h: drop VIRTIO_PCI_NO_LEGACYMichael S. Tsirkin
Legacy drivers use virtio_pci_common.h too, we should not define VIRTIO_PCI_NO_LEGACY there. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-12-11virtio: set VIRTIO_CONFIG_S_FEATURES_OK on restoreMichael S. Tsirkin
virtio 1.0 devices require that drivers set VIRTIO_CONFIG_S_FEATURES_OK after finalizing features. virtio core missed doing this on restore, fix it up. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2014-12-09virtio_pci: rename virtio_pci -> virtio_pci_commonMichael S. Tsirkin
kbuild does not seem to like it when we name source files same as the module. Let's rename virtio_pci -> virtio_pci_common, and get rid of #include-ing c files. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-12-09virtio_pci: update file descriptions and copyrightMichael S. Tsirkin
There's been a lot of changes since 2007. List main authors, add Red Hat copyright. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-12-09virtio_pci: split out legacy device supportMichael S. Tsirkin
Move everything dealing with legacy devices out to virtio_pci_legacy.c. Expose common code APIs in virtio_pci.h Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-12-09virtio_pci: setup config vector indirectlyMichael S. Tsirkin
config vector setup is version specific, do it indirectly. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-12-09virtio_pci: setup vqs indirectlyMichael S. Tsirkin
VQ setup is mostly version-specific, add another level of indirection to split the version-independent code out. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>