init_virtio_scsi(): reset the HBA before freeing its virtio ring
When init_virtio_scsi() finds no SCSI targets connected to the HBA, it
frees the virtio ring. Other code in SeaBIOS proceeds to overwrite the
area. However, the ring is in use by qemu at that point -- not only did we
report the (ACK|DRIVER|DRIVER_OK) status earlier, we even communicated
over the ring.
Of course SeaBIOS doesn't "kick" the HBA ever again, hence qemu has no
reason to look at the ring. However, when qemu uses KVM acceleration, and
ioeventfd is enabled for the HBA, then a vmstate change to "running"
(including stop->cont monitor commands and incoming migration) "forces" a
kick (see qemu commit
25db9ebe). Qemu then tries to interpret whatever
unrelated guest data is in the HBA's original ring area, as virtio
protocol. Qemu exits upon seeing the garbage.
init_virtio_scsi() should reset the HBA before allowing the virtio ring
memory to be reused. Device reset causes the hypervisor to drop its
references.
This change is justified / underpinned by pure virtio-spec compliance as
well.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=
1013418
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
projects / seabios.git / commit