From: Igor Mammedov <imammedo@redhat.com>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH] Fix race resulting in loosing event bit in GPE.1.sts
Date: Tue, 3 Apr 2012 13:52:52 +0200 [thread overview]
Message-ID: <1333453972-24695-1-git-send-email-imammedo@redhat.com> (raw)
After receiving hotplug gpe event, guest masks event in
GPE.1.en register, executes associated AML handler and then resets
event bit in GPE.1.sts. If another pci device was hot-plugged
after AML handler has been executed and before event bit is
reset in GPE.1.sts, then guest will loose GPE event and it will
not see all hotplugged devices.
Could be reproduced with:
./QMP/qmp device_add --driver=e1000 && sleep 0.X && ./QMP/qmp device_add --driver=e1000
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
---
hw/acpi.c | 23 ++++++++++++++++++++++-
hw/acpi.h | 1 +
hw/acpi_piix4.c | 7 +++++++
3 files changed, 30 insertions(+), 1 deletions(-)
diff --git a/hw/acpi.c b/hw/acpi.c
index 5d521e5..be6efab 100644
--- a/hw/acpi.c
+++ b/hw/acpi.c
@@ -412,6 +412,7 @@ void acpi_gpe_init(ACPIREGS *ar, uint8_t len)
ar->gpe.len = len;
ar->gpe.sts = g_malloc0(len / 2);
ar->gpe.en = g_malloc0(len / 2);
+ ar->gpe.pending_sts = g_malloc0(len / 2);
}
void acpi_gpe_blk(ACPIREGS *ar, uint32_t blk)
@@ -423,6 +424,7 @@ void acpi_gpe_reset(ACPIREGS *ar)
{
memset(ar->gpe.sts, 0, ar->gpe.len / 2);
memset(ar->gpe.en, 0, ar->gpe.len / 2);
+ memset(ar->gpe.pending_sts, 0, ar->gpe.len / 2);
}
static uint8_t *acpi_gpe_ioport_get_ptr(ACPIREGS *ar, uint32_t addr)
@@ -440,15 +442,34 @@ static uint8_t *acpi_gpe_ioport_get_ptr(ACPIREGS *ar, uint32_t addr)
return cur;
}
+static uint8_t *acpi_gpe_get_pend_sts_ptr(ACPIREGS *ar, uint32_t addr)
+{
+ uint8_t *cur = NULL;
+
+ if (addr < ar->gpe.len / 2) {
+ cur = ar->gpe.pending_sts + addr;
+ } else {
+ abort();
+ }
+
+ return cur;
+
+}
+
void acpi_gpe_ioport_writeb(ACPIREGS *ar, uint32_t addr, uint32_t val)
{
- uint8_t *cur;
+ uint8_t *cur, *psts;
addr -= ar->gpe.blk;
cur = acpi_gpe_ioport_get_ptr(ar, addr);
if (addr < ar->gpe.len / 2) {
/* GPE_STS */
*cur = (*cur) & ~val;
+ psts = acpi_gpe_get_pend_sts_ptr(ar, addr);
+ if (*cur != *psts) {
+ *cur |= *psts;
+ *psts = 0;
+ }
} else if (addr < ar->gpe.len) {
/* GPE_EN */
*cur = val;
diff --git a/hw/acpi.h b/hw/acpi.h
index fe8cdb4..6a6953d 100644
--- a/hw/acpi.h
+++ b/hw/acpi.h
@@ -104,6 +104,7 @@ struct ACPIGPE {
uint8_t *sts;
uint8_t *en;
+ uint8_t *pending_sts;
};
struct ACPIREGS {
diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
index 797ed24..ce50d85 100644
--- a/hw/acpi_piix4.c
+++ b/hw/acpi_piix4.c
@@ -66,6 +66,9 @@ typedef struct PIIX4PMState {
int kvm_enabled;
Notifier machine_ready;
+ /* for hotplug */
+ uint16_t pending_gpe_events;
+
/* for pci hotplug */
struct pci_status pci0_status;
uint32_t pci0_hotplug_enable;
@@ -575,6 +578,10 @@ static int piix4_device_hotplug(DeviceState *qdev, PCIDevice *dev,
disable_device(s, slot);
}
+ if (~s->ar.gpe.en[0] & PIIX4_PCI_HOTPLUG_STATUS) {
+ s->ar.gpe.pending_sts[0] |= PIIX4_PCI_HOTPLUG_STATUS;
+ }
+
pm_update_sci(s);
return 0;
--
1.7.7.6
next reply other threads:[~2012-04-03 11:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-03 11:52 Igor Mammedov [this message]
2012-04-03 21:00 ` [Qemu-devel] [PATCH] Fix race resulting in loosing event bit in GPE.1.sts Igor Mammedov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1333453972-24695-1-git-send-email-imammedo@redhat.com \
--to=imammedo@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).