----- Original Message ----- > As of commit 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications"), > QEMU crashes with: > > kvm_irqchip_commit_routes: Assertion `ret == 0' failed. > > if the ivshmem device is configured with more vectors than what the server > supports. This is caused by the ivshmem_vector_unmask() being called on > vectors that have not been initialized by ivshmem_add_kvm_msi_virq(). > > This commit fixes it by adding a simple check to the mask and unmask > callbacks. > > Note that the opposite mismatch, if the server supplies more vectors than > what the device is configured for, is already handled and leads to output > like: > > Too many eventfd received, device has 1 vectors > > Fixes: 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications") > Signed-off-by: Ladi Prosek <lpro...@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com> > --- > hw/misc/ivshmem.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c > index a5a46827fe..6e46669744 100644 > --- a/hw/misc/ivshmem.c > +++ b/hw/misc/ivshmem.c > @@ -317,6 +317,10 @@ static int ivshmem_vector_unmask(PCIDevice *dev, > unsigned vector, > int ret; > > IVSHMEM_DPRINTF("vector unmask %p %d\n", dev, vector); > + if (!v->pdev) { > + error_report("ivshmem: vector %d route does not exist", vector); > + return -EINVAL; > + } > > ret = kvm_irqchip_update_msi_route(kvm_state, v->virq, msg, dev); > if (ret < 0) { > @@ -331,12 +335,16 @@ static void ivshmem_vector_mask(PCIDevice *dev, > unsigned vector) > { > IVShmemState *s = IVSHMEM_COMMON(dev); > EventNotifier *n = &s->peers[s->vm_id].eventfds[vector]; > + MSIVector *v = &s->msi_vectors[vector]; > int ret; > > IVSHMEM_DPRINTF("vector mask %p %d\n", dev, vector); > + if (!v->pdev) { > + error_report("ivshmem: vector %d route does not exist", vector); > + return; > + } > > - ret = kvm_irqchip_remove_irqfd_notifier_gsi(kvm_state, n, > - > s->msi_vectors[vector].virq); > + ret = kvm_irqchip_remove_irqfd_notifier_gsi(kvm_state, n, v->virq); > if (ret != 0) { > error_report("remove_irqfd_notifier_gsi failed"); > } > -- > 2.13.5 > >