From: Alexander Graf <agraf@suse.de>
To: Gavin Shan <gwshan@linux.vnet.ibm.com>, qemu-devel@nongnu.org
Cc: aik@ozlabs.ru, qiudayu@linux.vnet.ibm.com
Subject: Re: [Qemu-devel] [PATCH v1 1/3] sPAPR: Implement PCI error injection RTAS calls
Date: Mon, 23 Jun 2014 18:18:37 +0200 [thread overview]
Message-ID: <53A8535D.1080209@suse.de> (raw)
In-Reply-To: <1403490123-15969-2-git-send-email-gwshan@linux.vnet.ibm.com>
On 23.06.14 04:22, Gavin Shan wrote:
> The patch implements PCI error injection RTAS calls for sPAPR
> platform, which are defined PAPR spec as follows. Those RTAS
> calls are expected to be invoked in strict sequence of
> "ibm,open-errinjct", "ibm,errinjct", "ibm,close-errinjct".
>
> - "ibm,open-errinjct": Apply for token to do error injection
> - "ibm,close-errinjct": Free the token assigned previously
> - "ibm,errinjct": Do error injection
>
> The patch defines constants used by error injection RTAS calls
> and adds callback sPAPRPHBClass::format_errinjct_cmd, which is
> going to be used like this way:
>
> - Error injection RTAS calls are received in spapr_rtas.c. If that's
> "ibm,open-errinjct" or "ibm,close-errinjct", we handle it there
> with the help of static counter "sPAPREnvironment::errinjct_token_cnt".
> If the RTAS call is "ibm,errinjct", sanity check is done there and
> just returns failure if the error type isn't PCI related. Otherwise,
> the input parameters are figured out and route the request to
> sPAPRPHBClass::format_errinjct_cmd.
> - sPAPRPHBClass::format_errinjct_cmd translates the address (BUID, PE
> number) to IOMMU group ID and then return the formated string back to
> spapr_rtas.c where the string is writen to firmware sysfs file
> "/sys/firmware/opal/errinjct" to do error injection.
>
> Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
> ---
> hw/ppc/spapr_rtas.c | 198 ++++++++++++++++++++++++++++++++++++++++++++
> include/hw/pci-host/spapr.h | 11 +++
> include/hw/ppc/spapr.h | 35 ++++++++
> 3 files changed, 244 insertions(+)
>
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index a7233e4..94fb866 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -32,6 +32,7 @@
>
> #include "hw/ppc/spapr.h"
> #include "hw/ppc/spapr_vio.h"
> +#include "hw/pci-host/spapr.h"
>
> #include <libfdt.h>
>
> @@ -268,6 +269,196 @@ static void rtas_ibm_set_system_parameter(PowerPCCPU *cpu,
> rtas_st(rets, 0, ret);
> }
>
> +static sPAPRErrInjct *rtas_find_errinjct_token(sPAPREnvironment *spapr,
> + uint32_t token_num)
> +{
> + sPAPRErrInjct *open_token;
> +
> + QLIST_FOREACH(open_token, &spapr->errinjct_open_tokens, list) {
> + if (open_token->token == token_num) {
> + return open_token;
> + }
> + }
> +
> + return NULL;
> +}
> +
> +static void rtas_ibm_open_errinjct(PowerPCCPU *cpu,
> + sPAPREnvironment *spapr,
> + uint32_t token, uint32_t nargs,
> + target_ulong args, uint32_t nret,
> + target_ulong rets)
> +{
> + sPAPRErrInjct *open_token;
> + int32_t ret = RTAS_OUT_HW_ERROR;
> +
> + /* Sanity check on number of arguments */
> + if ((nargs != 0) || (nret != 2)) {
> + goto out;
> + }
> +
> + /* Allocate token */
> + open_token = g_malloc(sizeof(*open_token));
With this hypercall the guest can OOM us by simply allocating useless
tokens.
> + if (!open_token) {
> + goto out;
> + }
> + open_token->token = spapr->errinjct_open_token_cnt++;
> + QLIST_INSERT_HEAD(&spapr->errinjct_open_tokens, open_token, list);
> +
> + /* Success */
> + rtas_st(rets, 0, open_token->token);
> + ret = RTAS_OUT_SUCCESS;
> +out:
> + rtas_st(rets, 1, ret);
> +}
> +
> +static char *rtas_do_errinjct_ioa(sPAPREnvironment *spapr,
> + sPAPRErrInjctIOA *ioa)
> +{
> + sPAPRPHBState *sphb;
> + sPAPRPHBClass *info;
> +
> + /* Sanity check on argument */
> + if (!spapr || !ioa) {
> + return NULL;
> + }
> +
> + /* Invalid option ? */
> + if (ioa->func > RTAS_ERRINJCT_IOA_DMA_WR_MEM_TARGET) {
> + return NULL;
> + }
> +
> + /* Find PHB */
> + sphb = spapr_find_phb(spapr, ioa->buid);
> + if (!sphb) {
> + return NULL;
> + }
> +
> + /* PHB doesn't support error injection ? */
> + info = SPAPR_PCI_HOST_BRIDGE_GET_CLASS(sphb);
> + if (!info->format_errinjct_cmd) {
> + return NULL;
> + }
> +
> + return info->format_errinjct_cmd(sphb, ioa);
> +}
> +
> +static void rtas_ibm_errinjct(PowerPCCPU *cpu,
> + sPAPREnvironment *spapr,
> + uint32_t token, uint32_t nargs,
> + target_ulong args, uint32_t nret,
> + target_ulong rets)
> +{
> + sPAPRErrInjctIOA ioa;
> + sPAPRErrInjct *open_token;
> + uint32_t token_num, ei_token;
> + target_ulong param_buf;
> + char *pbuf;
> + int fd;
> + int32_t ret = RTAS_OUT_PARAM_ERROR;
> +
> + /* Sanity check on number of arguments */
> + if ((nargs != 3) || (nret != 1)) {
> + goto out;
> + }
> +
> + /* Check if we have opened token */
> + token_num = rtas_ld(args, 1);
> + open_token = rtas_find_errinjct_token(spapr, token_num);
> + if (!open_token) {
> + goto out;
> + }
> +
> + /* Argument buffer should be aligned with 1KB */
> + param_buf = rtas_ld(args, 2);
> + if (param_buf & 0x3ff) {
> + goto out;
> + }
> +
> + /* We only support IOA error for now */
> + ei_token = rtas_ld(args, 0);
> + switch (ei_token) {
> + case RTAS_ERRINJCT_TYPE_IOA_BUS_ERROR:
> + ioa.ei_token = RTAS_ERRINJCT_TYPE_IOA_BUS_ERROR;
> + ioa.addr = rtas_ld(param_buf, 0);
> + ioa.mask = rtas_ld(param_buf, 1);
> + ioa.cfg_addr = rtas_ld(param_buf, 2);
> + ioa.buid = ((uint64_t)rtas_ld(param_buf, 3) << 32) | rtas_ld(param_buf, 4);
> + ioa.func = rtas_ld(param_buf, 5);
> +
> + break;
> + case RTAS_ERRINJCT_TYPE_IOA_BUS_ERROR64:
> + ioa.ei_token = RTAS_ERRINJCT_TYPE_IOA_BUS_ERROR64;
> + ioa.addr = ((uint64_t)rtas_ld(param_buf, 0) << 32) | rtas_ld(param_buf, 1);
> + ioa.mask = ((uint64_t)rtas_ld(param_buf, 2) << 32) | rtas_ld(param_buf, 3);
> + ioa.cfg_addr = rtas_ld(param_buf, 4);
> + ioa.buid = ((uint64_t)rtas_ld(param_buf, 5) << 32) | rtas_ld(param_buf, 6);
> + ioa.func = rtas_ld(param_buf, 7);
> +
> + break;
> + default:
> + goto out;
> + }
> +
> + /* We have nothing written to sysfs */
> + pbuf = rtas_do_errinjct_ioa(spapr, &ioa);
> + if (!pbuf) {
> + goto out;
> + }
> +
> + /* Open firmware sysfs file */
> + fd = qemu_open("/sys/firmware/opal/errinjct", O_WRONLY);
Device emulation code shouldn't even remotely have an idea what host
it's running on. Also semantically there are a few issues with this approach
1) QEMU is usually running with user privileges, so it doesn't have
access to the file above
2) QEMU's channel to hardware devices is via normal kernel API. For
physical devices that's VFIO. No side channels please.
3) Ownership of the question whether a PE is in error mode is
responsibility of the PHB. In the emulated case, the PHB would have to
set itself into a mode where it behaves as if it's blocked.
Alex
next prev parent reply other threads:[~2014-06-23 16:18 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-23 2:22 [Qemu-devel] [PATCH v1 0/3] Support PCI Error Injection Gavin Shan
2014-06-23 2:22 ` [Qemu-devel] [PATCH v1 1/3] sPAPR: Implement PCI error injection RTAS calls Gavin Shan
2014-06-23 16:18 ` Alexander Graf [this message]
2014-06-23 21:03 ` Benjamin Herrenschmidt
2014-06-23 21:13 ` Alexander Graf
2014-06-24 0:14 ` Gavin Shan
2014-06-24 0:58 ` Gavin Shan
2014-06-23 2:22 ` [Qemu-devel] [PATCH v1 2/3] sPAPR: Implement sPAPRPHBClass::format_errinjct_cmd Gavin Shan
2014-06-23 2:22 ` [Qemu-devel] [PATCH v1 3/3] sPAPR: Export RTAS property <ibm, errinjct-tokens> Gavin Shan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53A8535D.1080209@suse.de \
--to=agraf@suse.de \
--cc=aik@ozlabs.ru \
--cc=gwshan@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qiudayu@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).