From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Cc: Bharata B Rao <bharata@linux.vnet.ibm.com>,
qemu-ppc@nongnu.org, Michael Roth <mdroth@linux.vnet.ibm.com>,
David Gibson <david@gibson.dropbear.id.au>
Subject: [Qemu-devel] [PATCH v2] spapr_drc: don't allow 'empty' DRCs to be unisolated
Date: Tue, 8 Sep 2015 18:44:55 -0500 [thread overview]
Message-ID: <1441755895-8920-1-git-send-email-mdroth@linux.vnet.ibm.com> (raw)
Logical resources start with allocation-state:UNUSABLE /
isolation-state:ISOLATED. During hotplug, guests will transition
them to allocate-state:USABLE, and then to isolate-state:UNISOLATED.
The former transition does not seem to have any failure path for
cases where a DRC does not have any resources associated with it to
allocate for guest, but instead relies on the subsequent
isolation-state:UNISOLATED transition to indicate failure in this
situation.
Currently DRC code does not implement this logic, but instead
tries to indicate failure by refusing the allocation-state:USABLE
transition. Unfortunately, since that's not a documented failure
path, guests continue undeterred, causing undefined behavior in
QEMU and guest code.
Fix this by handling things as PAPR defines (13.7 and 13.7.3.1).
Cc: qemu-ppc@nongnu.org
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
v2:
- actually include the full changeset in the patch
---
hw/ppc/spapr_drc.c | 12 ++++++++++++
hw/ppc/spapr_rtas.c | 9 +++++++--
include/hw/ppc/spapr.h | 1 +
include/hw/ppc/spapr_drc.h | 2 ++
4 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index 9ce844a..c1f664f 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -66,6 +66,18 @@ static int set_isolation_state(sPAPRDRConnector *drc,
DPRINTFN("drc: %x, set_isolation_state: %x", get_index(drc), state);
+ if (state == SPAPR_DR_ISOLATION_STATE_UNISOLATED) {
+ /* cannot unisolate a non-existant resource. this generally
+ * happens for logical resources where transitions from
+ * allocation-state:UNUSABLE to allocation-state:USABLE are
+ * unguarded, but instead rely on a subsequent
+ * isolation-state:UNISOLATED transition to indicate failure
+ */
+ if (!drc->dev) {
+ return -1;
+ }
+ }
+
drc->isolation_state = state;
if (drc->isolation_state == SPAPR_DR_ISOLATION_STATE_ISOLATED) {
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 3b7b20b..0ddedca 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -372,6 +372,7 @@ static void rtas_set_indicator(PowerPCCPU *cpu, sPAPRMachineState *spapr,
uint32_t sensor_type;
uint32_t sensor_index;
uint32_t sensor_state;
+ int drc_ret, ret = RTAS_OUT_SUCCESS;
sPAPRDRConnector *drc;
sPAPRDRConnectorClass *drck;
@@ -413,7 +414,11 @@ static void rtas_set_indicator(PowerPCCPU *cpu, sPAPRMachineState *spapr,
spapr_ccs_remove(spapr, ccs);
}
}
- drck->set_isolation_state(drc, sensor_state);
+ drc_ret = drck->set_isolation_state(drc, sensor_state);
+ if (drc_ret != 0) {
+ ret = (drc_ret == -1) ? RTAS_OUT_NO_SUCH_INDICATOR
+ : RTAS_OUT_HW_ERROR;
+ }
break;
case RTAS_SENSOR_TYPE_DR:
drck->set_indicator_state(drc, sensor_state);
@@ -425,7 +430,7 @@ static void rtas_set_indicator(PowerPCCPU *cpu, sPAPRMachineState *spapr,
goto out_unimplemented;
}
- rtas_st(rets, 0, RTAS_OUT_SUCCESS);
+ rtas_st(rets, 0, ret);
return;
out_unimplemented:
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index c75cc5e..ffb108d 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -412,6 +412,7 @@ int spapr_allocate_irq_block(int num, bool lsi, bool msi);
#define RTAS_OUT_BUSY -2
#define RTAS_OUT_PARAM_ERROR -3
#define RTAS_OUT_NOT_SUPPORTED -3
+#define RTAS_OUT_NO_SUCH_INDICATOR -3
#define RTAS_OUT_NOT_AUTHORIZED -9002
/* RTAS tokens */
diff --git a/include/hw/ppc/spapr_drc.h b/include/hw/ppc/spapr_drc.h
index 28ffeae..b2c1209 100644
--- a/include/hw/ppc/spapr_drc.h
+++ b/include/hw/ppc/spapr_drc.h
@@ -165,6 +165,8 @@ typedef struct sPAPRDRConnectorClass {
/*< public >*/
/* accessors for guest-visible (generally via RTAS) DR state */
+
+ /* returns -1 if DRC cannot be set to requested isolation state */
int (*set_isolation_state)(sPAPRDRConnector *drc,
sPAPRDRIsolationState state);
int (*set_indicator_state)(sPAPRDRConnector *drc,
--
1.9.1
next reply other threads:[~2015-09-08 23:45 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-08 23:44 Michael Roth [this message]
2015-09-09 4:03 ` [Qemu-devel] [PATCH v2] spapr_drc: don't allow 'empty' DRCs to be unisolated Bharata B Rao
2015-09-09 4:10 ` David Gibson
2015-09-09 17:19 ` Michael Roth
2015-09-10 1:18 ` David Gibson
2015-09-10 2:50 ` Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1441755895-8920-1-git-send-email-mdroth@linux.vnet.ibm.com \
--to=mdroth@linux.vnet.ibm.com \
--cc=bharata@linux.vnet.ibm.com \
--cc=david@gibson.dropbear.id.au \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).