On Fri, 18 Mar 2022 20:18:19 +0100 Lukasz Maniak <lukasz.man...@linux.intel.com> wrote:
> From: Łukasz Gieryk <lukasz.gie...@linux.intel.com> > > PCI device capable of SR-IOV support is a new, still-experimental > feature with only a single working example of the Nvme device. > > This patch in an attempt to fix a double-free problem when a > SR-IOV-capable Nvme device is hot-unplugged. The problem and the > reproduction steps can be found in this thread: > > https://patchew.org/QEMU/20220217174504.1051716-1-lukasz.man...@linux.intel.com/20220217174504.1051716-14-lukasz.man...@linux.intel.com/ pls include that in patch description. > Details of the proposed solution are, for convenience, included below. > > 1) The current SR-IOV implementation assumes it’s the PhysicalFunction > that creates and deletes VirtualFunctions. > 2) It’s a design decision (the Nvme device at least) for the VFs to be > of the same class as PF. Effectively, they share the dc->hotpluggable > value. > 3) When a VF is created, it’s added as a child node to PF’s PCI bus > slot. > 4) Monitor/device_del triggers the ACPI mechanism. The implementation is > not aware of SR/IOV and ejects PF’s PCI slot, directly unrealizing all > hot-pluggable (!acpi_pcihp_pc_no_hotplug) children nodes. > 5) VFs are unrealized directly, and it doesn’t work well with (1). > SR/IOV structures are not updated, so when it’s PF’s turn to be > unrealized, it works on stale pointers to already-deleted VFs. it's unclear what's bing hotpluged and unplugged, it would be better if you included QEMU CLI and relevan qmp/monito commands to reproduce it. > > Signed-off-by: Łukasz Gieryk <lukasz.gie...@linux.intel.com> > --- > hw/acpi/pcihp.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c > index 6351bd3424d..248839e1110 100644 > --- a/hw/acpi/pcihp.c > +++ b/hw/acpi/pcihp.c > @@ -192,8 +192,12 @@ static bool acpi_pcihp_pc_no_hotplug(AcpiPciHpState *s, > PCIDevice *dev) > * ACPI doesn't allow hotplug of bridge devices. Don't allow > * hot-unplug of bridge devices unless they were added by hotplug > * (and so, not described by acpi). > + * > + * Don't allow hot-unplug of SR-IOV Virtual Functions, as they > + * will be removed implicitly, when Physical Function is unplugged. > */ > - return (pc->is_bridge && !dev->qdev.hotplugged) || !dc->hotpluggable; > + return (pc->is_bridge && !dev->qdev.hotplugged) || !dc->hotpluggable || > + pci_is_vf(dev); > } > > static void acpi_pcihp_eject_slot(AcpiPciHpState *s, unsigned bsel, unsigned > slots)
