NetBSD Problem Report #57304
From skrll@netbsd.org Tue Mar 28 05:51:40 2023
Return-Path: <skrll@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id BFCC21A9239
for <gnats-bugs@gnats.NetBSD.org>; Tue, 28 Mar 2023 05:51:40 +0000 (UTC)
Message-Id: <20230328055139.2E2721A923C@mollari.NetBSD.org>
Date: Tue, 28 Mar 2023 05:51:39 +0000 (UTC)
From: skrll@netbsd.org
Reply-To: skrll@netbsd.org
To: gnats-bugs@NetBSD.org
Subject: Recent updates to virtio trigger KASSERT with virtio_mmio on aarch64
X-Send-Pr-Version: 3.95
>Number: 57304
>Category: kern
>Synopsis: Recent updates to virtio trigger KASSERT with virtio_mmio on aarch64
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: yamaguchi
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Mar 28 05:55:00 +0000 2023
>Closed-Date: Sat Apr 01 06:20:31 +0000 2023
>Last-Modified: Sat May 13 11:00:01 +0000 2023
>Originator: Nick Hudson
>Release: NetBSD -current
>Organization:
N/A
>Environment:
NetBSD 10.99.2 (GENERIC64) #130: Mon Mar 27 18:13:45 BST 2023
>Description:
Using the qemu command line
/home/nick/qemu/build/aarch64-softmmu/qemu-system-aarch64 \
-M virt -machine gic-version=3 -cpu max -m 8192 \
-drive if=none,file=arm64.img,id=hd0 -device virtio-blk-device,drive=hd0 \
-netdev type=user,id=net0 -device virtio-net-device,netdev=net0,mac=00:11:22:33:44:55 \
-kernel netbsd.img \
-append "root=dk1a" \
-nographic
Results in
[ 1.0000000] NetBSD/evbarm (fdt) booting ...
[ 1.0000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003,
[ 1.0000000] 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013,
[ 1.0000000] 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023
[ 1.0000000] The NetBSD Foundation, Inc. All rights reserved.
[ 1.0000000] Copyright (c) 1982, 1986, 1989, 1991, 1993
[ 1.0000000] The Regents of the University of California. All rights reserved.
[ 1.0000000] NetBSD 10.99.2 (GENERIC64) #130: Mon Mar 27 18:13:45 BST 2023
[ 1.0000000] nick@thinkbook:/home/nick/netbsd/nbcvs/obj.evbarm64-el/sys/arch/evbarm/compile/GENERIC64
[ 1.0000000] total memory = 8172 MB
[ 1.0000000] avail memory = 7877 MB
[ 1.0000000] armfdt0 (root)
[ 1.0000000] simplebus0 at armfdt0: linux,dummy-virt
[ 1.0000000] cpus0 at simplebus0
[ 1.0000000] psci0 at simplebus0: PSCI 1.1
[ 1.0000000] simplebus1 at simplebus0
[ 1.0000000] simplebus2 at simplebus0
[ 1.0000000] cpu0 at cpus0: unknown CPU (ID = 0x000f0510), id 0x0
[ 1.0000000] cpu0: package 0, core 0, smt 0
[ 1.0000000] fclock0 at simplebus0: 24000000 Hz fixed clock (clk24mhz)
[ 1.0000000] gicvthree0 at simplebus0: GICv3
[ 1.0000000] gicvthree0: ITS [#0] Devices table @ 0x40030000/0x80000, Cacheable WA WB, Inner shareable
[ 1.0000000] gicvthree0: ITS [#1] Collections table @ 0x400b0000/0x10000, Cacheable WA WB, Inner shareable
[ 1.0000000] gtmr0 at simplebus0: Generic Timer
[ 1.0000000] gtmr0: interrupting on GICv3 irq 27
[ 1.0000000] armgtmr0 at gtmr0: Generic Timer (62500 kHz, virtual)
[ 1.0000040] plcom0 at simplebus0: ARM PL011 UART
[ 1.0000040] plcom0: txfifo 16 bytes
[ 1.0000040] plcom0: console
[ 1.0000040] plcom0: interrupting on GICv3 irq 33
[ 1.0000040] plgpio0 at simplebus0: GPIO
[ 1.0000040] gpio0 at plgpio0: 8 pins
[ 1.0000040] qemufwcfg0 at simplebus0
[ 1.0000040] virtio0 at simplebus0
[ 1.0000040] virtio1 at simplebus0
[ 1.0000040] virtio2 at simplebus0
[ 1.0000040] virtio3 at simplebus0
[ 1.0000040] virtio4 at simplebus0
[ 1.0000040] virtio5 at simplebus0
[ 1.0000040] virtio6 at simplebus0
[ 1.0000040] virtio7 at simplebus0
[ 1.0000040] virtio8 at simplebus0
[ 1.0000040] virtio9 at simplebus0
[ 1.0000040] virtio10 at simplebus0
[ 1.0000040] virtio11 at simplebus0
[ 1.0000040] virtio12 at simplebus0
[ 1.0000040] virtio13 at simplebus0
[ 1.0000040] virtio14 at simplebus0
[ 1.0000040] virtio15 at simplebus0
[ 1.0000040] virtio16 at simplebus0
[ 1.0000040] virtio17 at simplebus0
[ 1.0000040] virtio18 at simplebus0
[ 1.0000040] virtio19 at simplebus0
[ 1.0000040] virtio20 at simplebus0
[ 1.0000040] virtio21 at simplebus0
[ 1.0000040] virtio22 at simplebus0
[ 1.0000040] virtio23 at simplebus0
[ 1.0000040] virtio24 at simplebus0
[ 1.0000040] virtio25 at simplebus0
[ 1.0000040] virtio26 at simplebus0
[ 1.0000040] virtio27 at simplebus0
[ 1.0000040] virtio28 at simplebus0
[ 1.0000040] virtio29 at simplebus0
[ 1.0000040] virtio30 at simplebus0
[ 1.0000040] virtio30: network device (id 1, rev. 0x01)
[ 1.0000040] vioif0 at virtio30: features: 0x31870020<EVENT_IDX,INDIRECT_DESC,NOTIFY_ON_EMPTY,CTRL_MAC,CTRL_RX,CTRL_VQ,STATUS,MAC>
[ 1.0000040] vioif0: Ethernet address 00:11:22:33:44:55
[ 1.0000040] panic: kernel diagnostic assertion "len > 0 && offset + len <= map->dm_mapsize" failed: file "/home/nick/netbsd/nbcvs/src/sys/arch/arm/arm32/bus_dma.c", line 1112 len 8198 offset 20480 mapsize 24576
[ 1.0000040] cpu0: Begin traceback...
[ 1.0000040] trace fp ffffc00001208480
[ 1.0000040] fp ffffc000012084b0 vpanic() at ffffc00000590708 netbsd:vpanic+0x178
[ 1.0000040] fp ffffc00001208510 kern_assert() at ffffc00000826568 netbsd:kern_assert+0x58
[ 1.0000040] fp ffffc000012085a0 _bus_dmamap_sync() at ffffc000000abe74 netbsd:_bus_dmamap_sync+0x90
[ 1.0000040] fp ffffc00001208610 virtio_reset_vq() at ffffc000007b1970 netbsd:virtio_reset_vq+0x190
[ 1.0000040] fp ffffc00001208680 virtio_alloc_vq() at ffffc000007b2be0 netbsd:virtio_alloc_vq+0x1c0
[ 1.0000040] fp ffffc00001208740 vioif_attach() at ffffc000007b8e64 netbsd:vioif_attach+0xc24
[ 1.0000040] fp ffffc00001208860 config_attach_internal() at ffffc0000057004c netbsd:config_attach_internal+0x1b8
[ 1.0000040] fp ffffc000012088c0 config_found() at ffffc000005702a8 netbsd:config_found+0xd8
[ 1.0000040] fp ffffc00001208930 virtio_mmio_fdt_attach() at ffffc000006b4b74 netbsd:virtio_mmio_fdt_attach+0x134
[ 1.0000040] fp ffffc00001208980 config_attach_internal() at ffffc0000057004c netbsd:config_attach_internal+0x1b8
[ 1.0000040] fp ffffc000012089e0 config_found() at ffffc000005702a8 netbsd:config_found+0xd8
[ 1.0000040] fp ffffc00001208a50 fdt_scan() at ffffc000006a50b0 netbsd:fdt_scan+0x250
[ 1.0000040] fp ffffc00001208be0 fdt_rescan() at ffffc000006a54e0 netbsd:fdt_rescan+0x50
[ 1.0000040] fp ffffc00001208c10 config_attach_internal() at ffffc0000057004c netbsd:config_attach_internal+0x1b8
[ 1.0000040] fp ffffc00001208c70 config_found() at ffffc000005702a8 netbsd:config_found+0xd8
[ 1.0000040] fp ffffc00001208ce0 arm_fdt_attach() at ffffc00000072de8 netbsd:arm_fdt_attach+0x94
[ 1.0000040] fp ffffc00001208d40 config_attach_internal() at ffffc0000057004c netbsd:config_attach_internal+0x1b8
[ 1.0000040] fp ffffc00001208da0 config_rootfound() at ffffc00000570474 netbsd:config_rootfound+0x64
[ 1.0000040] fp ffffc00001208e00 cpu_configure() at ffffc0000006e69c netbsd:cpu_configure+0x4c
[ 1.0000040] fp ffffc00001208e30 main() at ffffc00000826844 netbsd:main+0x2d4
[ 1.0000040] fp 0000000000000000 aarch64_start() at ffffc0000000189c netbsd:aarch64_start+0x109c
[ 1.0000040] cpu0: End traceback...
>How-To-Repeat:
See above
>Fix:
Unknown
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: kern-bug-people->yamaguchi
Responsible-Changed-By: skrll@NetBSD.org
Responsible-Changed-When: Tue, 28 Mar 2023 05:57:03 +0000
Responsible-Changed-Why:
Assign
From: Nick Hudson <nick.hudson@gmx.co.uk>
To: gnats-bugs@netbsd.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc:
Subject: Re: kern/57304: Recent updates to virtio trigger KASSERT with
virtio_mmio on aarch64
Date: Tue, 28 Mar 2023 07:00:21 +0100
Bisecting shows this change as the first bad commit
Author: yamaguchi <yamaguchi@NetBSD.org>
Date: Thu Mar 23 03:55:11 2023 +0000
Added functions to set interrupt handler and index into virtqueue
From: Shoichi Yamaguchi <yamaguchi@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: yamaguchi@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
skrll@netbsd.org
Subject: Re: kern/57304: Recent updates to virtio trigger KASSERT with
virtio_mmio on aarch64
Date: Wed, 29 Mar 2023 13:25:16 +0900
On Tue, Mar 28, 2023 at 3:10=E2=80=AFPM Nick Hudson <nick.hudson@gmx.co.uk>=
wrote:
>
> Bisecting shows this change as the first bad commit
>
> Author: yamaguchi <yamaguchi@NetBSD.org>
> Date: Thu Mar 23 03:55:11 2023 +0000
>
> Added functions to set interrupt handler and index into virtqueue
>
Thank you for your bisecting. It was very helpful for me.
Could you apply the following patch?
----- patch -----
diff --git a/sys/dev/pci/virtio.c b/sys/dev/pci/virtio.c
index bfe3b28d6a92..a4938a701024 100644
--- a/sys/dev/pci/virtio.c
+++ b/sys/dev/pci/virtio.c
@@ -765,7 +765,7 @@ int
virtio_alloc_vq(struct virtio_softc *sc, struct virtqueue *vq,
int maxsegsize, int maxnsegs, const char *name)
{
- bus_size_t size_desc, size_avail, size_used, size_indirect;
+ bus_size_t size_used, size_indirect;
bus_size_t allocsize =3D 0, size_desc_avail;
int rsegs, r, hdrlen;
unsigned int vq_num;
@@ -782,16 +782,17 @@ virtio_alloc_vq(struct virtio_softc *sc, struct
virtqueue *vq,
hdrlen =3D sc->sc_active_features & VIRTIO_F_RING_EVENT_IDX ? 3 : 2;
- size_desc =3D sizeof(vq->vq_desc[0]) * vq_num;
- size_avail =3D sizeof(uint16_t) * hdrlen
- + sizeof(vq->vq_avail[0].ring) * vq_num;
- size_used =3D sizeof(uint16_t) *hdrlen
- + sizeof(vq->vq_used[0].ring) * vq_num;
- size_indirect =3D (sc->sc_indirect && maxnsegs >=3D MINSEG_INDIRECT) ?
- sizeof(struct vring_desc) * maxnsegs * vq_num : 0;
-
- size_desc_avail =3D VIRTQUEUE_ALIGN(size_desc + size_avail);
- size_used =3D VIRTQUEUE_ALIGN(size_used);
+ size_desc_avail =3D VIRTQUEUE_ALIGN(
+ sizeof(struct vring_desc) * vq_num
+ + sizeof(uint16_t) * (hdrlen + vq_num));
+ size_used =3D VIRTQUEUE_ALIGN(
+ sizeof(uint16_t) * hdrlen
+ + sizeof(struct vring_used_elem) * vq_num);
+ if (sc->sc_indirect && maxnsegs >=3D MINSEG_INDIRECT) {
+ size_indirect =3D sizeof(struct vring_desc) * maxnsegs * vq_num;
+ } else {
+ size_indirect =3D 0;
+ }
allocsize =3D size_desc_avail + size_used + size_indirect;
@@ -836,24 +837,22 @@ virtio_alloc_vq(struct virtio_softc *sc, struct
virtqueue *vq,
vq->vq_maxsegsize =3D maxsegsize;
vq->vq_maxnsegs =3D maxnsegs;
-#define VIRTIO_PTR(base, offset) (void *)((intptr_t)(base) + (offset))
- /* initialize vring pointers */
- vq->vq_desc =3D VIRTIO_PTR(vq->vq_vaddr, 0);
- vq->vq_availoffset =3D size_desc;
- vq->vq_avail =3D VIRTIO_PTR(vq->vq_vaddr, vq->vq_availoffset);
- vq->vq_used_event =3D VIRTIO_PTR(vq->vq_avail,
- offsetof(struct vring_avail, ring[vq_num]));
+ vq->vq_availoffset =3D sizeof(struct vring_desc) * vq_num;
vq->vq_usedoffset =3D size_desc_avail;
- vq->vq_used =3D VIRTIO_PTR(vq->vq_vaddr, vq->vq_usedoffset);
- vq->vq_avail_event =3D VIRTIO_PTR(vq->vq_used,
- offsetof(struct vring_used, ring[vq_num]));
+
+ vq->vq_desc =3D vq->vq_vaddr;
+ vq->vq_avail =3D (void *)(((char *)vq->vq_desc) + vq->vq_availoffset);
+ vq->vq_used_event =3D (uint16_t *)((char *)vq->vq_avail +
+ offsetof(struct vring_avail, ring[vq->vq_num]));
+ vq->vq_used =3D (void *)(((char *)vq->vq_desc) + vq->vq_usedoffset);
+ vq->vq_avail_event =3D (uint16_t *)((char *)vq->vq_used +
+ offsetof(struct vring_used, ring[vq->vq_num]));
if (size_indirect > 0) {
vq->vq_indirectoffset =3D size_desc_avail + size_used;
- vq->vq_indirect =3D VIRTIO_PTR(vq->vq_vaddr,
- vq->vq_indirectoffset);
+ vq->vq_indirect =3D (void *)(((char *)vq->vq_desc)
+ + vq->vq_indirectoffset);
}
-#undef VIRTIO_PTR
/* free slot management */
vq->vq_entries =3D kmem_zalloc(sizeof(struct vq_entry) * vq_num,
From: Taylor R Campbell <riastradh@NetBSD.org>
To: Nick Hudson <skrll@NetBSD.org>
Cc: yamaguchi@NetBSD.org, gnats-bugs@NetBSD.org
Subject: Re: kern/57304: Recent updates to virtio trigger KASSERT with virtio_mmio on aarch64
Date: Wed, 29 Mar 2023 04:37:02 +0000
This is a multi-part message in MIME format.
--=_aD0stfJJ+WVg8+9bTfy4bTTT5i9m1xYu
Content-Transfer-Encoding: quoted-printable
Looks like syzkaller hit this too:
https://syzkaller.appspot.com/bug?id=3Db5dca2969f8f18418beda74c5f7998a5c38b=
a7ef
I'm testing the attached change as a candidate fix for this.
--=_aD0stfJJ+WVg8+9bTfy4bTTT5i9m1xYu
Content-Type: text/plain; charset="ISO-8859-1"; name="allocvq"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="allocvq.patch"
--=_aD0stfJJ+WVg8+9bTfy4bTTT5i9m1xYu--
From: Shoichi Yamaguchi <yamaguchi@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: yamaguchi@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
skrll@netbsd.org
Subject: Re: kern/57304: Recent updates to virtio trigger KASSERT with
virtio_mmio on aarch64
Date: Wed, 29 Mar 2023 13:45:46 +0900
On Wed, Mar 29, 2023 at 1:30=E2=80=AFPM Shoichi Yamaguchi <yamaguchi@netbsd=
.org> wrote:
>
> The following reply was made to PR kern/57304; it has been noted by GNATS=
.
>
> From: Shoichi Yamaguchi <yamaguchi@netbsd.org>
> To: gnats-bugs@netbsd.org
> Cc: yamaguchi@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
> skrll@netbsd.org
> Subject: Re: kern/57304: Recent updates to virtio trigger KASSERT with
> virtio_mmio on aarch64
> Date: Wed, 29 Mar 2023 13:25:16 +0900
>
> On Tue, Mar 28, 2023 at 3:10=3DE2=3D80=3DAFPM Nick Hudson <nick.hudson@g=
mx.co.uk>=3D
> wrote:
> >
> > Bisecting shows this change as the first bad commit
> >
> > Author: yamaguchi <yamaguchi@NetBSD.org>
> > Date: Thu Mar 23 03:55:11 2023 +0000
> >
> > Added functions to set interrupt handler and index into virtqueu=
e
> >
>
> Thank you for your bisecting. It was very helpful for me.
> Could you apply the following patch?
I'm sorry. The patch was broken.
I uploaded the same patch here:
https://www.netbsd.org/~yamaguchi/kern-57304.patch
From: Taylor R Campbell <riastradh@NetBSD.org>
To: Nick Hudson <skrll@NetBSD.org>
Cc: yamaguchi@NetBSD.org, gnats-bugs@NetBSD.org
Subject: Re: kern/57304: Recent updates to virtio trigger KASSERT with virtio_mmio on aarch64
Date: Wed, 29 Mar 2023 04:38:35 +0000
This is a multi-part message in MIME format.
--=_tVq9BOFzAnpXS9N5Qy8XBZQoi+hFOgDk
Content-Transfer-Encoding: quoted-printable
> Date: Wed, 29 Mar 2023 04:37:02 +0000
> From: Taylor R Campbell <riastradh@NetBSD.org>
>=20
> Looks like syzkaller hit this too:
>=20
> https://syzkaller.appspot.com/bug?id=3Db5dca2969f8f18418beda74c5f7998a5c3=
8ba7ef
>=20
> I'm testing the attached change as a candidate fix for this.
Not that change, which is empty, oops -- this change!
--=_tVq9BOFzAnpXS9N5Qy8XBZQoi+hFOgDk
Content-Type: text/plain; charset="ISO-8859-1"; name="allocvq"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="allocvq.patch"
From 41606c9357700373b7d4f3e3c22e58322d1a5a79 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh@NetBSD.org>
Date: Wed, 29 Mar 2023 04:27:31 +0000
Subject: [PATCH] virtio(4): Fix sizing of virtqueue allocation.
vq->vq_avail[0].ring is a zero-length array, and thus sizeof is zero;
likewise vq->vq_used[0].ring.
Use vq->vq_avail[0].ring[0] and vq->vq_used[0].ring[0] to fix this
and restore the previous allocation sizing logic.
XXX We shouldn't use zero-length arrays here -- they are asking for
trouble like this, and C99 has a standard way to express what we're
actually trying to get at it, flexible array members.
PR kern/57304
Reported-by: syzbot+7fb1047f5dfa33b26331@syzkaller.appspotmail.com
---
sys/dev/pci/virtio.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys/dev/pci/virtio.c b/sys/dev/pci/virtio.c
index 70209f164a86..1ffd6c62fe35 100644
--- a/sys/dev/pci/virtio.c
+++ b/sys/dev/pci/virtio.c
@@ -784,9 +784,9 @@ virtio_alloc_vq(struct virtio_softc *sc, struct virtque=
ue *vq,
=20
size_desc =3D sizeof(vq->vq_desc[0]) * vq_num;
size_avail =3D sizeof(uint16_t) * hdrlen
- + sizeof(vq->vq_avail[0].ring) * vq_num;
+ + sizeof(vq->vq_avail[0].ring[0]) * vq_num;
size_used =3D sizeof(uint16_t) *hdrlen
- + sizeof(vq->vq_used[0].ring) * vq_num;
+ + sizeof(vq->vq_used[0].ring[0]) * vq_num;
size_indirect =3D (sc->sc_indirect && maxnsegs >=3D MINSEG_INDIRECT) ?
sizeof(struct vring_desc) * maxnsegs * vq_num : 0;
=20
--=_tVq9BOFzAnpXS9N5Qy8XBZQoi+hFOgDk--
From: Nick Hudson <nick.hudson@gmx.co.uk>
To: gnats-bugs@netbsd.org, yamaguchi@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Cc:
Subject: Re: kern/57304: Recent updates to virtio trigger KASSERT with
virtio_mmio on aarch64
Date: Wed, 29 Mar 2023 06:48:32 +0100
On 29/03/2023 05:50, Shoichi Yamaguchi wrote:
> The following reply was made to PR kern/57304; it has been noted by GNATS.
>
> From: Shoichi Yamaguchi <yamaguchi@netbsd.org>
[snip]
> > Thank you for your bisecting. It was very helpful for me.
> > Could you apply the following patch?
>
> I'm sorry. The patch was broken.
>
> I uploaded the same patch here:
> https://www.netbsd.org/~yamaguchi/kern-57304.patch
With this patch I can boot NetBSD/aarch64 in qemu again.
Thanks,
Nick
From: s ymgch <s.ymgch228@gmail.com>
To: gnats-bugs@netbsd.org
Cc: yamaguchi@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
skrll@netbsd.org
Subject: Re: kern/57304: Recent updates to virtio trigger KASSERT with
virtio_mmio on aarch64
Date: Wed, 29 Mar 2023 16:10:53 +0900
On Wed, Mar 29, 2023 at 2:50=E2=80=AFPM Nick Hudson <nick.hudson@gmx.co.uk>=
wrote:
>
> The following reply was made to PR kern/57304; it has been noted by GNATS=
.
>
> From: Nick Hudson <nick.hudson@gmx.co.uk>
> To: gnats-bugs@netbsd.org, yamaguchi@netbsd.org, gnats-admin@netbsd.org,
> netbsd-bugs@netbsd.org
> Cc:
> Subject: Re: kern/57304: Recent updates to virtio trigger KASSERT with
> virtio_mmio on aarch64
> Date: Wed, 29 Mar 2023 06:48:32 +0100
>
> On 29/03/2023 05:50, Shoichi Yamaguchi wrote:
> > The following reply was made to PR kern/57304; it has been noted by GN=
ATS.
> >
> > From: Shoichi Yamaguchi <yamaguchi@netbsd.org>
> [snip]
>
> > > Thank you for your bisecting. It was very helpful for me.
> > > Could you apply the following patch?
> >
> > I'm sorry. The patch was broken.
> >
> > I uploaded the same patch here:
> > https://www.netbsd.org/~yamaguchi/kern-57304.patch
>
> With this patch I can boot NetBSD/aarch64 in qemu again.
I'm glad to hear that.
Could you test the patch written by riastradh@n.o.? (It is better than mine=
)
https://mail-index.netbsd.org/netbsd-bugs/2023/03/29/msg077673.html
Thanks in advance,
Yamaguchi
From: Nick Hudson <nick.hudson@gmx.co.uk>
To: s ymgch <s.ymgch228@gmail.com>, gnats-bugs@netbsd.org
Cc: yamaguchi@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: kern/57304: Recent updates to virtio trigger KASSERT with
virtio_mmio on aarch64
Date: Wed, 29 Mar 2023 09:31:51 +0100
On 29/03/2023 08:10, s ymgch wrote:
[snip]
> I'm glad to hear that.
> Could you test the patch written by riastradh@n.o.? (It is better than mine)
> https://mail-index.netbsd.org/netbsd-bugs/2023/03/29/msg077673.html
Taylor's patch also works.
Thanks,
Nick
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57304 CVS commit: src/sys/dev/pci
Date: Wed, 29 Mar 2023 09:44:26 +0000
Module Name: src
Committed By: riastradh
Date: Wed Mar 29 09:44:26 UTC 2023
Modified Files:
src/sys/dev/pci: virtio.c
Log Message:
virtio(4): Fix sizing of virtqueue allocation.
vq->vq_avail[0].ring is a zero-length array, and thus sizeof is zero;
likewise vq->vq_used[0].ring.
Use vq->vq_avail[0].ring[0] and vq->vq_used[0].ring[0] to fix this
and restore the previous allocation sizing logic.
XXX We shouldn't use zero-length arrays here -- they are asking for
trouble like this, and C99 has a standard way to express what we're
actually trying to get at it, flexible array members.
PR kern/57304
Reported-by: syzbot+7fb1047f5dfa33b26331@syzkaller.appspotmail.com
To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 src/sys/dev/pci/virtio.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57304 CVS commit: src/sys/dev/pci
Date: Wed, 29 Mar 2023 09:45:05 +0000
Module Name: src
Committed By: riastradh
Date: Wed Mar 29 09:45:05 UTC 2023
Modified Files:
src/sys/dev/pci: virtioreg.h
Log Message:
virtio(4): Use flexible array members, not zero-length arrays.
This enables the compiler to detect sizeof mistakes like
PR kern/57304.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/sys/dev/pci/virtioreg.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: skrll@NetBSD.org
State-Changed-When: Sat, 01 Apr 2023 06:20:31 +0000
State-Changed-Why:
Fixed. Thanks.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57304 CVS commit: [netbsd-10] src/sys/dev
Date: Sat, 13 May 2023 10:56:11 +0000
Module Name: src
Committed By: martin
Date: Sat May 13 10:56:10 UTC 2023
Modified Files:
src/sys/dev/pci [netbsd-10]: if_vioif.c ld_virtio.c vio9p.c viomb.c
viornd.c vioscsi.c virtio.c virtio_pci.c virtioreg.h virtiovar.h
src/sys/dev/virtio [netbsd-10]: viocon.c virtio_mmio.c
Log Message:
Pull up following revision(s) (requested by yamaguchi in ticket #139):
sys/dev/pci/vioscsi.c: revision 1.31
sys/dev/pci/vio9p.c: revision 1.10
sys/dev/pci/vioscsi.c: revision 1.32
sys/dev/pci/vio9p.c: revision 1.11
sys/dev/pci/vioscsi.c: revision 1.33
sys/dev/pci/ld_virtio.c: revision 1.31
sys/dev/virtio/viocon.c: revision 1.6
sys/dev/pci/vioscsi.c: revision 1.34
sys/dev/pci/ld_virtio.c: revision 1.32
sys/dev/virtio/viocon.c: revision 1.7
sys/dev/virtio/viocon.c: revision 1.8
sys/dev/pci/vioscsi.c: revision 1.36
sys/dev/pci/virtioreg.h: revision 1.12
sys/dev/pci/viornd.c: revision 1.19
sys/dev/pci/virtio.c: revision 1.66
sys/dev/pci/virtio.c: revision 1.67
sys/dev/pci/virtio.c: revision 1.68
sys/dev/pci/if_vioif.c: revision 1.103
sys/dev/pci/virtio.c: revision 1.69
sys/dev/pci/if_vioif.c: revision 1.104
sys/dev/pci/virtio_pci.c: revision 1.40
sys/dev/virtio/virtio_mmio.c: revision 1.8
sys/dev/virtio/virtio_mmio.c: revision 1.9
sys/dev/pci/viomb.c: revision 1.14
sys/dev/pci/viomb.c: revision 1.15
sys/dev/pci/viomb.c: revision 1.17
sys/dev/pci/viornd.c: revision 1.20
sys/dev/pci/viornd.c: revision 1.21
sys/dev/pci/virtiovar.h: revision 1.25
sys/dev/pci/virtiovar.h: revision 1.26
sys/dev/pci/virtiovar.h: revision 1.27
sys/dev/pci/virtiovar.h: revision 1.28
sys/dev/pci/virtio.c: revision 1.70
sys/dev/pci/virtio.c: revision 1.71
sys/dev/pci/virtio.c: revision 1.72
sys/dev/pci/virtio.c: revision 1.73
sys/dev/pci/virtio.c: revision 1.74
sys/dev/pci/virtio_pci.c: revision 1.39
Set virtqueues in virtio_child_attach_finish
The number of virtqueue maybe change in a part of VirtIO devices
(e.g. vioif(4)). And it is fixed after negotiation of features.
So the configuration is moved into the function.
viocon(4): fix not to allocate unused virtqueue
viocon(4) allocates 4 virtqueues but it only uses 2 (0 and 1) queues.
Added functions to set interrupt handler and index into virtqueue
Added check of pointer for allocated memory before release of resource
Setup virtqueues after registering them to virtio_softc
restore fetch of qsize.
Mark as MPSAFE.
virtio(4): Avoid name collision with global intrhand on sparc64.
Pacifies -Werror=shadow.
No functional change intended.
Use PRIuBUSSIZE to print bus_size_t variables.
virtio(4): Fix sizing of virtqueue allocation.
vq->vq_avail[0].ring is a zero-length array, and thus sizeof is zero;
likewise vq->vq_used[0].ring.
Use vq->vq_avail[0].ring[0] and vq->vq_used[0].ring[0] to fix this
and restore the previous allocation sizing logic.
XXX We shouldn't use zero-length arrays here -- they are asking for
trouble like this, and C99 has a standard way to express what we're
actually trying to get at it, flexible array members.
PR kern/57304
virtio(4): Use flexible array members, not zero-length arrays.
This enables the compiler to detect sizeof mistakes like
PR kern/57304.
Use descriptor chain for free slots instead of vq_entry list
Descriptors can be chained by themself. And descriptors added to
avail ring or used ring are already chained. But it was not used
for unused descriptors and another linked list structure named
vq_entry was used.
The chain is also used for unused descriptors to make virtio(4)
simpler.
Added flags to store status of attaching a virtio device
This prevents a panic on reboot after a virtio device had called
virtio_child_attach_failed().
Fix wrong variable names
This fixes build errors in virtio_mmio.c
To generate a diff of this commit:
cvs rdiff -u -r1.82.4.2 -r1.82.4.3 src/sys/dev/pci/if_vioif.c
cvs rdiff -u -r1.30 -r1.30.4.1 src/sys/dev/pci/ld_virtio.c
cvs rdiff -u -r1.9 -r1.9.4.1 src/sys/dev/pci/vio9p.c
cvs rdiff -u -r1.13 -r1.13.4.1 src/sys/dev/pci/viomb.c
cvs rdiff -u -r1.18 -r1.18.4.1 src/sys/dev/pci/viornd.c
cvs rdiff -u -r1.30 -r1.30.2.1 src/sys/dev/pci/vioscsi.c
cvs rdiff -u -r1.63.2.3 -r1.63.2.4 src/sys/dev/pci/virtio.c
cvs rdiff -u -r1.38 -r1.38.4.1 src/sys/dev/pci/virtio_pci.c
cvs rdiff -u -r1.11 -r1.11.2.1 src/sys/dev/pci/virtioreg.h
cvs rdiff -u -r1.24 -r1.24.4.1 src/sys/dev/pci/virtiovar.h
cvs rdiff -u -r1.5 -r1.5.4.1 src/sys/dev/virtio/viocon.c
cvs rdiff -u -r1.7 -r1.7.4.1 src/sys/dev/virtio/virtio_mmio.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home