On Mon, Nov 13, 2017 at 3:22 PM, Markus Armbruster <arm...@redhat.com> wrote:
> Ladi Prosek <lpro...@redhat.com> writes:
>
>> As of commit 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications"),
>> QEMU crashes with:
>>
>> kvm_irqchip_commit_routes: Assertion `ret == 0' failed.
>>
>> if the ivshmem device is configured with more vectors than what the server
>> supports. This is caused by the ivshmem_vector_unmask() being called on
>> vectors that have not been initialized by ivshmem_add_kvm_msi_virq().
>>
>> This commit fixes it by adding a simple check to the mask and unmask
>> callbacks.
>>
>> Note that the opposite mismatch, if the server supplies more vectors than
>> what the device is configured for, is already handled and leads to output
>> like:
>>
>> Too many eventfd received, device has 1 vectors
>>
>> Fixes: 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications")
>> Signed-off-by: Ladi Prosek <lpro...@redhat.com>
>
> I think I understand your description of what's wrong. Not obvious to
> me is how it can happen. The cover letter mentions a Windows ivshmem
> driver. Is this a device bug a driver can trigger? If yes, how?
I don't have a Linux guest handy but this code has existed for quite a
long time so yes, I think it's safe to assume that it can't be
(easily) triggered by the Linux driver.
The reproducer is as simple as:
ivshmem-server -n 0
qemu ... -device ivshmem-doorbell,chardev=iv -chardev
socket,path=/tmp/ivshmem_socket,id=iv
and load the Windows driver in the guest.
Maybe Linux won't enable MSI-X on the device?
Thanks!
Ladi
