From 1d9a832b58be63e53ef0d2342c271a34ecb349db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Fri, 26 Sep 2025 10:54:23 +0200 Subject: [PATCH 1/5] vfio: Remove workaround for kernel DMA unmap overflow bug MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A kernel bug was introduced in Linux v4.15 via commit 71a7d3d78e3c ("vfio/type1: Check for address space wrap-around on unmap"), which added a test for address space wrap-around in the vfio DMA unmap path. Unfortunately, due to an integer overflow, the kernel would incorrectly detect an unmap of the last page in the 64-bit address space as a wrap-around, causing the unmap to fail with -EINVAL. A QEMU workaround was introduced in commit 567d7d3e6be5 ("vfio/common: Work around kernel overflow bug in DMA unmap") to retry the unmap, excluding the final page of the range. The kernel bug was then fixed in Linux v5.0 via commit 58fec830fc19 ("vfio/type1: Fix dma_unmap wrap-around check"). Since the oldest supported LTS kernel is now v5.4, kernels affected by this bug are considered deprecated, and the workaround is no longer necessary. This change reverts 567d7d3e6be5, removing the workaround. Link: https://bugzilla.redhat.com/show_bug.cgi?id=1662291 Reviewed-by: Alex Williamson Reviewed-by: Zhenzhong Duan Link: https://lore.kernel.org/qemu-devel/20250926085423.375547-1-clg@redhat.com Signed-off-by: Cédric Le Goater --- hw/vfio/container-legacy.c | 20 +------------------- hw/vfio/trace-events | 1 - 2 files changed, 1 insertion(+), 20 deletions(-) diff --git a/hw/vfio/container-legacy.c b/hw/vfio/container-legacy.c index c0f87f774a..25a15ea867 100644 --- a/hw/vfio/container-legacy.c +++ b/hw/vfio/container-legacy.c @@ -147,25 +147,7 @@ static int vfio_legacy_dma_unmap_one(const VFIOContainer *bcontainer, need_dirty_sync = true; } - while (ioctl(container->fd, VFIO_IOMMU_UNMAP_DMA, &unmap)) { - /* - * The type1 backend has an off-by-one bug in the kernel (71a7d3d78e3c - * v4.15) where an overflow in its wrap-around check prevents us from - * unmapping the last page of the address space. Test for the error - * condition and re-try the unmap excluding the last page. The - * expectation is that we've never mapped the last page anyway and this - * unmap request comes via vIOMMU support which also makes it unlikely - * that this page is used. This bug was introduced well after type1 v2 - * support was introduced, so we shouldn't need to test for v1. A fix - * is queued for kernel v5.0 so this workaround can be removed once - * affected kernels are sufficiently deprecated. - */ - if (errno == EINVAL && unmap.size && !(unmap.iova + unmap.size) && - container->iommu_type == VFIO_TYPE1v2_IOMMU) { - trace_vfio_legacy_dma_unmap_overflow_workaround(); - unmap.size -= 1ULL << ctz64(bcontainer->pgsizes); - continue; - } + if (ioctl(container->fd, VFIO_IOMMU_UNMAP_DMA, &unmap)) { return -errno; } diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events index e3d571f8c8..7496e1b64b 100644 --- a/hw/vfio/trace-events +++ b/hw/vfio/trace-events @@ -112,7 +112,6 @@ vfio_container_disconnect(int fd) "close container->fd=%d" vfio_group_put(int fd) "close group->fd=%d" vfio_device_get(const char * name, unsigned int flags, unsigned int num_regions, unsigned int num_irqs) "Device %s flags: %u, regions: %u, irqs: %u" vfio_device_put(int fd) "close vdev->fd=%d" -vfio_legacy_dma_unmap_overflow_workaround(void) "" # region.c vfio_region_write(const char *name, int index, uint64_t addr, uint64_t data, unsigned size) " (%s:region%d+0x%"PRIx64", 0x%"PRIx64 ", %d)" From 70a7e33ddb7f2ca7caacf286222bd80fd330c454 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 30 Sep 2025 14:35:25 +0200 Subject: [PATCH 2/5] system/iommufd: Use uint64_t type for IOVA mapping size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 'ram_addr_t' type is described as: a QEMU internal address space that maps guest RAM physical addresses into an intermediate address space that can map to host virtual address spaces. This doesn't represent well an IOVA mapping size. Simply use the uint64_t type. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Cédric Le Goater Link: https://lore.kernel.org/qemu-devel/20250930123528.42878-2-philmd@linaro.org Signed-off-by: Cédric Le Goater --- backends/iommufd.c | 6 +++--- include/system/iommufd.h | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/backends/iommufd.c b/backends/iommufd.c index 2a33c7ab0b..fdfb7c9d67 100644 --- a/backends/iommufd.c +++ b/backends/iommufd.c @@ -197,7 +197,7 @@ void iommufd_backend_free_id(IOMMUFDBackend *be, uint32_t id) } int iommufd_backend_map_dma(IOMMUFDBackend *be, uint32_t ioas_id, hwaddr iova, - ram_addr_t size, void *vaddr, bool readonly) + uint64_t size, void *vaddr, bool readonly) { int ret, fd = be->fd; struct iommu_ioas_map map = { @@ -230,7 +230,7 @@ int iommufd_backend_map_dma(IOMMUFDBackend *be, uint32_t ioas_id, hwaddr iova, } int iommufd_backend_map_file_dma(IOMMUFDBackend *be, uint32_t ioas_id, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, int mfd, unsigned long start, bool readonly) { int ret, fd = be->fd; @@ -268,7 +268,7 @@ int iommufd_backend_map_file_dma(IOMMUFDBackend *be, uint32_t ioas_id, } int iommufd_backend_unmap_dma(IOMMUFDBackend *be, uint32_t ioas_id, - hwaddr iova, ram_addr_t size) + hwaddr iova, uint64_t size) { int ret, fd = be->fd; struct iommu_ioas_unmap unmap = { diff --git a/include/system/iommufd.h b/include/system/iommufd.h index c9c72ffc45..a659f36a20 100644 --- a/include/system/iommufd.h +++ b/include/system/iommufd.h @@ -45,12 +45,12 @@ bool iommufd_backend_alloc_ioas(IOMMUFDBackend *be, uint32_t *ioas_id, Error **errp); void iommufd_backend_free_id(IOMMUFDBackend *be, uint32_t id); int iommufd_backend_map_file_dma(IOMMUFDBackend *be, uint32_t ioas_id, - hwaddr iova, ram_addr_t size, int fd, + hwaddr iova, uint64_t size, int fd, unsigned long start, bool readonly); int iommufd_backend_map_dma(IOMMUFDBackend *be, uint32_t ioas_id, hwaddr iova, - ram_addr_t size, void *vaddr, bool readonly); + uint64_t size, void *vaddr, bool readonly); int iommufd_backend_unmap_dma(IOMMUFDBackend *be, uint32_t ioas_id, - hwaddr iova, ram_addr_t size); + hwaddr iova, uint64_t size); bool iommufd_backend_get_device_info(IOMMUFDBackend *be, uint32_t devid, uint32_t *type, void *data, uint32_t len, uint64_t *caps, Error **errp); From 5764a715277afc4d6076fbf2bae1697dbd2fa182 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 30 Sep 2025 14:35:26 +0200 Subject: [PATCH 3/5] hw/vfio: Reorder vfio_container_query_dirty_bitmap() trace format MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update the trace-events comments after the changes from commit dcce51b1938 ("hw/vfio/container-base.c: rename file to container.c") and commit a3bcae62b6a ("hw/vfio/container.c: rename file to container-legacy.c"). Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Cédric Le Goater Link: https://lore.kernel.org/qemu-devel/20250930123528.42878-3-philmd@linaro.org Signed-off-by: Cédric Le Goater --- hw/vfio/trace-events | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events index 7496e1b64b..b1b470cc29 100644 --- a/hw/vfio/trace-events +++ b/hw/vfio/trace-events @@ -104,10 +104,10 @@ vfio_device_dirty_tracking_update(uint64_t start, uint64_t end, uint64_t min, ui vfio_device_dirty_tracking_start(int nr_ranges, uint64_t min32, uint64_t max32, uint64_t min64, uint64_t max64, uint64_t minpci, uint64_t maxpci) "nr_ranges %d 32:[0x%"PRIx64" - 0x%"PRIx64"], 64:[0x%"PRIx64" - 0x%"PRIx64"], pci64:[0x%"PRIx64" - 0x%"PRIx64"]" vfio_iommu_map_dirty_notify(uint64_t iova_start, uint64_t iova_end) "iommu dirty @ 0x%"PRIx64" - 0x%"PRIx64 -# container-base.c +# container.c vfio_container_query_dirty_bitmap(uint64_t iova, uint64_t size, uint64_t bitmap_size, uint64_t start, uint64_t dirty_pages) "iova=0x%"PRIx64" size= 0x%"PRIx64" bitmap_size=0x%"PRIx64" start=0x%"PRIx64" dirty_pages=%"PRIu64 -# container.c +# container-legacy.c vfio_container_disconnect(int fd) "close container->fd=%d" vfio_group_put(int fd) "close group->fd=%d" vfio_device_get(const char * name, unsigned int flags, unsigned int num_regions, unsigned int num_irqs) "Device %s flags: %u, regions: %u, irqs: %u" From 0ca70d3bf722a94c53f254670e6a642e77aa077c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 30 Sep 2025 14:35:27 +0200 Subject: [PATCH 4/5] hw/vfio: Avoid ram_addr_t in vfio_container_query_dirty_bitmap() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 'ram_addr_t' type is described as: a QEMU internal address space that maps guest RAM physical addresses into an intermediate address space that can map to host virtual address spaces. vfio_container_query_dirty_bitmap() doesn't expect such QEMU intermediate address, but a guest physical addresses. Use the appropriate 'hwaddr' type, rename as @translated_addr for clarity. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Cédric Le Goater Link: https://lore.kernel.org/qemu-devel/20250930123528.42878-4-philmd@linaro.org Signed-off-by: Cédric Le Goater --- hw/vfio/container.c | 11 ++++++----- hw/vfio/listener.c | 18 +++++++++--------- hw/vfio/trace-events | 2 +- include/hw/vfio/vfio-container.h | 3 ++- 4 files changed, 18 insertions(+), 16 deletions(-) diff --git a/hw/vfio/container.c b/hw/vfio/container.c index 250b20f424..9d69439371 100644 --- a/hw/vfio/container.c +++ b/hw/vfio/container.c @@ -246,7 +246,7 @@ static int vfio_container_devices_query_dirty_bitmap( int vfio_container_query_dirty_bitmap(const VFIOContainer *bcontainer, uint64_t iova, uint64_t size, - ram_addr_t ram_addr, Error **errp) + hwaddr translated_addr, Error **errp) { bool all_device_dirty_tracking = vfio_container_devices_dirty_tracking_is_supported(bcontainer); @@ -255,7 +255,7 @@ int vfio_container_query_dirty_bitmap(const VFIOContainer *bcontainer, int ret; if (!bcontainer->dirty_pages_supported && !all_device_dirty_tracking) { - cpu_physical_memory_set_dirty_range(ram_addr, size, + cpu_physical_memory_set_dirty_range(translated_addr, size, tcg_enabled() ? DIRTY_CLIENTS_ALL : DIRTY_CLIENTS_NOCODE); return 0; @@ -280,11 +280,12 @@ int vfio_container_query_dirty_bitmap(const VFIOContainer *bcontainer, goto out; } - dirty_pages = cpu_physical_memory_set_dirty_lebitmap(vbmap.bitmap, ram_addr, + dirty_pages = cpu_physical_memory_set_dirty_lebitmap(vbmap.bitmap, + translated_addr, vbmap.pages); - trace_vfio_container_query_dirty_bitmap(iova, size, vbmap.size, ram_addr, - dirty_pages); + trace_vfio_container_query_dirty_bitmap(iova, size, vbmap.size, + translated_addr, dirty_pages); out: g_free(vbmap.bitmap); diff --git a/hw/vfio/listener.c b/hw/vfio/listener.c index 3b6f17f0c3..a2c19a3cec 100644 --- a/hw/vfio/listener.c +++ b/hw/vfio/listener.c @@ -1059,7 +1059,7 @@ static void vfio_iommu_map_dirty_notify(IOMMUNotifier *n, IOMMUTLBEntry *iotlb) VFIOGuestIOMMU *giommu = gdn->giommu; VFIOContainer *bcontainer = giommu->bcontainer; hwaddr iova = iotlb->iova + giommu->iommu_offset; - ram_addr_t translated_addr; + hwaddr translated_addr; Error *local_err = NULL; int ret = -EINVAL; MemoryRegion *mr; @@ -1108,8 +1108,8 @@ static int vfio_ram_discard_query_dirty_bitmap(MemoryRegionSection *section, { const hwaddr size = int128_get64(section->size); const hwaddr iova = section->offset_within_address_space; - const ram_addr_t ram_addr = memory_region_get_ram_addr(section->mr) + - section->offset_within_region; + const hwaddr translated_addr = memory_region_get_ram_addr(section->mr) + + section->offset_within_region; VFIORamDiscardListener *vrdl = opaque; Error *local_err = NULL; int ret; @@ -1118,8 +1118,8 @@ static int vfio_ram_discard_query_dirty_bitmap(MemoryRegionSection *section, * Sync the whole mapped region (spanning multiple individual mappings) * in one go. */ - ret = vfio_container_query_dirty_bitmap(vrdl->bcontainer, iova, size, ram_addr, - &local_err); + ret = vfio_container_query_dirty_bitmap(vrdl->bcontainer, iova, size, + translated_addr, &local_err); if (ret) { error_report_err(local_err); } @@ -1183,7 +1183,7 @@ static int vfio_sync_iommu_dirty_bitmap(VFIOContainer *bcontainer, static int vfio_sync_dirty_bitmap(VFIOContainer *bcontainer, MemoryRegionSection *section, Error **errp) { - ram_addr_t ram_addr; + hwaddr translated_addr; if (memory_region_is_iommu(section->mr)) { return vfio_sync_iommu_dirty_bitmap(bcontainer, section); @@ -1198,12 +1198,12 @@ static int vfio_sync_dirty_bitmap(VFIOContainer *bcontainer, return ret; } - ram_addr = memory_region_get_ram_addr(section->mr) + - section->offset_within_region; + translated_addr = memory_region_get_ram_addr(section->mr) + + section->offset_within_region; return vfio_container_query_dirty_bitmap(bcontainer, REAL_HOST_PAGE_ALIGN(section->offset_within_address_space), - int128_get64(section->size), ram_addr, errp); + int128_get64(section->size), translated_addr, errp); } static void vfio_listener_log_sync(MemoryListener *listener, diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events index b1b470cc29..1e895448cd 100644 --- a/hw/vfio/trace-events +++ b/hw/vfio/trace-events @@ -105,7 +105,7 @@ vfio_device_dirty_tracking_start(int nr_ranges, uint64_t min32, uint64_t max32, vfio_iommu_map_dirty_notify(uint64_t iova_start, uint64_t iova_end) "iommu dirty @ 0x%"PRIx64" - 0x%"PRIx64 # container.c -vfio_container_query_dirty_bitmap(uint64_t iova, uint64_t size, uint64_t bitmap_size, uint64_t start, uint64_t dirty_pages) "iova=0x%"PRIx64" size= 0x%"PRIx64" bitmap_size=0x%"PRIx64" start=0x%"PRIx64" dirty_pages=%"PRIu64 +vfio_container_query_dirty_bitmap(uint64_t iova, uint64_t size, uint64_t bitmap_size, uint64_t translated_addr, uint64_t dirty_pages) "iova=0x%"PRIx64" size= 0x%"PRIx64" bitmap_size=0x%"PRIx64" gpa=0x%"PRIx64" dirty_pages=%"PRIu64 # container-legacy.c vfio_container_disconnect(int fd) "close container->fd=%d" diff --git a/include/hw/vfio/vfio-container.h b/include/hw/vfio/vfio-container.h index b8fb2b8b5d..093c360f0e 100644 --- a/include/hw/vfio/vfio-container.h +++ b/include/hw/vfio/vfio-container.h @@ -98,7 +98,8 @@ bool vfio_container_dirty_tracking_is_started( bool vfio_container_devices_dirty_tracking_is_supported( const VFIOContainer *bcontainer); int vfio_container_query_dirty_bitmap(const VFIOContainer *bcontainer, - uint64_t iova, uint64_t size, ram_addr_t ram_addr, Error **errp); + uint64_t iova, uint64_t size, + hwaddr translated_addr, Error **errp); GList *vfio_container_get_iova_ranges(const VFIOContainer *bcontainer); From f0b52aa08ab0868c18d881381a8fda4b59b37517 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 30 Sep 2025 14:35:28 +0200 Subject: [PATCH 5/5] hw/vfio: Use uint64_t for IOVA mapping size in vfio_container_dma_*map MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 'ram_addr_t' type is described as: a QEMU internal address space that maps guest RAM physical addresses into an intermediate address space that can map to host virtual address spaces. This doesn't represent well an IOVA mapping size. Simply use the uint64_t type. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Cédric Le Goater Link: https://lore.kernel.org/qemu-devel/20250930123528.42878-5-philmd@linaro.org Signed-off-by: Cédric Le Goater --- hw/vfio-user/container.c | 4 ++-- hw/vfio/container-legacy.c | 8 ++++---- hw/vfio/container.c | 4 ++-- hw/vfio/cpr-legacy.c | 2 +- hw/vfio/iommufd.c | 6 +++--- include/hw/vfio/vfio-container.h | 10 +++++----- include/hw/vfio/vfio-cpr.h | 2 +- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/hw/vfio-user/container.c b/hw/vfio-user/container.c index 411eb7b28b..e45192fef6 100644 --- a/hw/vfio-user/container.c +++ b/hw/vfio-user/container.c @@ -39,7 +39,7 @@ static void vfio_user_listener_commit(VFIOContainer *bcontainer) } static int vfio_user_dma_unmap(const VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, IOMMUTLBEntry *iotlb, bool unmap_all) { VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer); @@ -81,7 +81,7 @@ static int vfio_user_dma_unmap(const VFIOContainer *bcontainer, } static int vfio_user_dma_map(const VFIOContainer *bcontainer, hwaddr iova, - ram_addr_t size, void *vaddr, bool readonly, + uint64_t size, void *vaddr, bool readonly, MemoryRegion *mrp) { VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer); diff --git a/hw/vfio/container-legacy.c b/hw/vfio/container-legacy.c index 25a15ea867..34352dd31f 100644 --- a/hw/vfio/container-legacy.c +++ b/hw/vfio/container-legacy.c @@ -69,7 +69,7 @@ static int vfio_ram_block_discard_disable(VFIOLegacyContainer *container, } static int vfio_dma_unmap_bitmap(const VFIOLegacyContainer *container, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, IOMMUTLBEntry *iotlb) { const VFIOContainer *bcontainer = VFIO_IOMMU(container); @@ -122,7 +122,7 @@ unmap_exit: } static int vfio_legacy_dma_unmap_one(const VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, IOMMUTLBEntry *iotlb) { const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer); @@ -167,7 +167,7 @@ static int vfio_legacy_dma_unmap_one(const VFIOContainer *bcontainer, * DMA - Mapping and unmapping for the "type1" IOMMU interface used on x86 */ static int vfio_legacy_dma_unmap(const VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, IOMMUTLBEntry *iotlb, bool unmap_all) { int ret; @@ -192,7 +192,7 @@ static int vfio_legacy_dma_unmap(const VFIOContainer *bcontainer, } static int vfio_legacy_dma_map(const VFIOContainer *bcontainer, hwaddr iova, - ram_addr_t size, void *vaddr, bool readonly, + uint64_t size, void *vaddr, bool readonly, MemoryRegion *mr) { const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer); diff --git a/hw/vfio/container.c b/hw/vfio/container.c index 9d69439371..41de343924 100644 --- a/hw/vfio/container.c +++ b/hw/vfio/container.c @@ -74,7 +74,7 @@ void vfio_address_space_insert(VFIOAddressSpace *space, } int vfio_container_dma_map(VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, void *vaddr, bool readonly, MemoryRegion *mr) { VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); @@ -93,7 +93,7 @@ int vfio_container_dma_map(VFIOContainer *bcontainer, } int vfio_container_dma_unmap(VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, IOMMUTLBEntry *iotlb, bool unmap_all) { VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer); diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c index bbf7a0d35f..3a1d126556 100644 --- a/hw/vfio/cpr-legacy.c +++ b/hw/vfio/cpr-legacy.c @@ -39,7 +39,7 @@ static bool vfio_dma_unmap_vaddr_all(VFIOLegacyContainer *container, * The incoming state is cleared thereafter. */ static int vfio_legacy_cpr_dma_map(const VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, void *vaddr, + hwaddr iova, uint64_t size, void *vaddr, bool readonly, MemoryRegion *mr) { const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer); diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c index f0ffe23591..68470d552e 100644 --- a/hw/vfio/iommufd.c +++ b/hw/vfio/iommufd.c @@ -35,7 +35,7 @@ TYPE_HOST_IOMMU_DEVICE_IOMMUFD "-vfio" static int iommufd_cdev_map(const VFIOContainer *bcontainer, hwaddr iova, - ram_addr_t size, void *vaddr, bool readonly, + uint64_t size, void *vaddr, bool readonly, MemoryRegion *mr) { const VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer); @@ -46,7 +46,7 @@ static int iommufd_cdev_map(const VFIOContainer *bcontainer, hwaddr iova, } static int iommufd_cdev_map_file(const VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, int fd, unsigned long start, bool readonly) { const VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer); @@ -57,7 +57,7 @@ static int iommufd_cdev_map_file(const VFIOContainer *bcontainer, } static int iommufd_cdev_unmap(const VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, IOMMUTLBEntry *iotlb, bool unmap_all) { const VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer); diff --git a/include/hw/vfio/vfio-container.h b/include/hw/vfio/vfio-container.h index 093c360f0e..c4b58d664b 100644 --- a/include/hw/vfio/vfio-container.h +++ b/include/hw/vfio/vfio-container.h @@ -81,10 +81,10 @@ void vfio_address_space_insert(VFIOAddressSpace *space, VFIOContainer *bcontainer); int vfio_container_dma_map(VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, void *vaddr, bool readonly, MemoryRegion *mr); int vfio_container_dma_unmap(VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, IOMMUTLBEntry *iotlb, bool unmap_all); bool vfio_container_add_section_window(VFIOContainer *bcontainer, MemoryRegionSection *section, @@ -167,7 +167,7 @@ struct VFIOIOMMUClass { * Returns 0 to indicate success and -errno otherwise. */ int (*dma_map)(const VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, void *vaddr, bool readonly, MemoryRegion *mr); /** * @dma_map_file @@ -182,7 +182,7 @@ struct VFIOIOMMUClass { * @readonly: map read only if true */ int (*dma_map_file)(const VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, int fd, unsigned long start, bool readonly); /** * @dma_unmap @@ -198,7 +198,7 @@ struct VFIOIOMMUClass { * Returns 0 to indicate success and -errno otherwise. */ int (*dma_unmap)(const VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, + hwaddr iova, uint64_t size, IOMMUTLBEntry *iotlb, bool unmap_all); diff --git a/include/hw/vfio/vfio-cpr.h b/include/hw/vfio/vfio-cpr.h index 26ee0c4fe1..81f4e24e22 100644 --- a/include/hw/vfio/vfio-cpr.h +++ b/include/hw/vfio/vfio-cpr.h @@ -21,7 +21,7 @@ struct VFIOIOMMUFDContainer; struct IOMMUFDBackend; typedef int (*dma_map_fn)(const struct VFIOContainer *bcontainer, - hwaddr iova, ram_addr_t size, void *vaddr, + hwaddr iova, uint64_t size, void *vaddr, bool readonly, MemoryRegion *mr); typedef struct VFIOContainerCPR {