On Sun, May 08, 2022 at 05:32:22PM +0200, Arnout Engelen wrote: > The 'active' bit passes control over a qTD between the guest and the > controller: set to 1 by guest to enable execution by the controller, > and the controller sets it to '0' to hand back control to the guest. > > ehci_state_writeback write two dwords to main memory using DMA: > the third dword of the qTD (containing dt, total bytes to transfer, > cpage, cerr and status) and the fourth dword of the qTD (containing > the offset). > > This commit makes sure the fourth dword is written before the third, > avoiding a race condition where a new offset written into the qTD > by the guest after it observed the status going to go to '0' gets > overwritten by a 'late' DMA writeback of the previous offset. > > This race condition could lead to 'cpage out of range (5)' errors, > and reproduced by: > > ./qemu-system-x86_64 -enable-kvm -bios $SEABIOS/bios.bin -m 4096 -device > usb-ehci -blockdev > driver=file,read-only=on,filename=/home/aengelen/Downloads/openSUSE-Tumbleweed-DVD-i586-Snapshot20220428-Media.iso,node-name=iso > -device usb-storage,drive=iso,bootindex=0 -chardev > pipe,id=shell,path=/tmp/pipe -device virtio-serial -device > virtconsole,chardev=shell -device virtio-rng-pci -serial mon:stdio -nographic > > (press a key, select 'Installation' (2), and accept the default > values. On my machine the 'cpage out of range' is reproduced while > loading the Linux Kernel about once per 7 attempts. With the fix in > this commit it no longer fails) > > This problem was previously reported as a seabios problem in > https://mail.coreboot.org/hyperkitty/list/[email protected]/thread/OUTHT5ISSQJGXPNTUPY3O5E5EPZJCHM3/ > and as a nixos CI build failure in > https://github.com/NixOS/nixpkgs/issues/170803 > > Signed-off-by: Arnout Engelen <[email protected]>
Patch queued up. thanks, Gerd
