kvm/apic: fix 2.2->2.1 migration

The wait_for_sipi field is set back to 1 after an INIT, so it was not
effective to reset it in kvm_apic_realize.  Introduce a reset callback
and reset wait_for_sipi there.

Reported-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i386/kvm/apic.c              | 10 +++++++---
 hw/intc/apic_common.c           |  5 +++++
 include/hw/i386/apic_internal.h |  1 +
 3 files changed, 13 insertions(+), 3 deletions(-)

* Paolo Bonzini (pbonzini@redhat.com) wrote:
> The wait_for_sipi field is set back to 1 after an INIT, so it was not
> effective to reset it in kvm_apic_realize.  Introduce a reset callback
> and reset wait_for_sipi there.


> Reported-by: Igor Mammedov <imammedo@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

OK, let me just check that I get this....

It gets reset to 0 already in kvm_apic_realize
then we do the common init that sets it to !bsp - so 1 for most CPUs
then you're adding this so that a specific APIC implementation (kvm)
can nobble it back to 0 again?

and on the load side it's forced to zero by apic_pre_load.


Dave

> ---
>  hw/i386/kvm/apic.c              | 10 +++++++---
>  hw/intc/apic_common.c           |  5 +++++
>  include/hw/i386/apic_internal.h |  1 +
>  3 files changed, 13 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
> index 271e97f..5b47056 100644
> --- a/hw/i386/kvm/apic.c
> +++ b/hw/i386/kvm/apic.c
> @@ -171,12 +171,15 @@ static const MemoryRegionOps kvm_apic_io_ops = {
>      .endianness = DEVICE_NATIVE_ENDIAN,
>  };
>  
> -static void kvm_apic_realize(DeviceState *dev, Error **errp)
> +static void kvm_apic_reset(APICCommonState *s)
>  {
> -    APICCommonState *s = APIC_COMMON(dev);
> -
>      /* Not used by KVM, which uses the CPU mp_state instead.  */
>      s->wait_for_sipi = 0;
> +}
> +
> +static void kvm_apic_realize(DeviceState *dev, Error **errp)
> +{
> +    APICCommonState *s = APIC_COMMON(dev);
>  
>      memory_region_init_io(&s->io_memory, NULL, &kvm_apic_io_ops, s, "kvm-apic-msi",
>                            APIC_SPACE_SIZE);
> @@ -191,6 +194,7 @@ static void kvm_apic_class_init(ObjectClass *klass, void *data)
>      APICCommonClass *k = APIC_COMMON_CLASS(klass);
>  
>      k->realize = kvm_apic_realize;
> +    k->reset = kvm_apic_reset;
>      k->set_base = kvm_apic_set_base;
>      k->set_tpr = kvm_apic_set_tpr;
>      k->get_tpr = kvm_apic_get_tpr;
> diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
> index 4e62f25..d9bb188 100644
> --- a/hw/intc/apic_common.c
> +++ b/hw/intc/apic_common.c
> @@ -178,6 +178,7 @@ bool apic_next_timer(APICCommonState *s, int64_t current_time)
>  void apic_init_reset(DeviceState *dev)
>  {
>      APICCommonState *s = APIC_COMMON(dev);
> +    APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
>      int i;
>  
>      if (!s) {
> @@ -206,6 +207,10 @@ void apic_init_reset(DeviceState *dev)
>          timer_del(s->timer);
>      }
>      s->timer_expiry = -1;
> +
> +    if (info->reset) {
> +        info->reset(s);
> +    }
>  }
>  
>  void apic_designate_bsp(DeviceState *dev)
> diff --git a/include/hw/i386/apic_internal.h b/include/hw/i386/apic_internal.h
> index 83e2a42..dc7a89d 100644
> --- a/include/hw/i386/apic_internal.h
> +++ b/include/hw/i386/apic_internal.h
> @@ -89,6 +89,7 @@ typedef struct APICCommonClass
>      void (*external_nmi)(APICCommonState *s);
>      void (*pre_save)(APICCommonState *s);
>      void (*post_load)(APICCommonState *s);
> +    void (*reset)(APICCommonState *s);
>  } APICCommonClass;
>  
>  struct APICCommonState {
> -- 
> 2.1.0
> 
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

On 12/12/2014 18:30, Dr. David Alan Gilbert wrote:
> OK, let me just check that I get this....
> 
> It gets reset to 0 already in kvm_apic_realize

(before this patch -- after this patch it's only done in reset)

> then we do the common init

Then as part of starting up auxiliary processors we send an INIT
interrupt, that resets the APIC and...

> that sets it to !bsp - so 1 for most CPUs
> then you're adding this so that a specific APIC implementation (kvm)
> can nobble it back to 0 again?

Yes.  That's needed because this APIC implementation does not use the
field at all.

> and on the load side it's forced to zero by apic_pre_load.

Yes.  That's the common case for the !APIC implementation because it
gets to zero as soon as te OS starts.

Paolo

* Paolo Bonzini (pbonzini@redhat.com) wrote:
> 
> 
> On 12/12/2014 18:30, Dr. David Alan Gilbert wrote:
> > OK, let me just check that I get this....
> > 
> > It gets reset to 0 already in kvm_apic_realize
> 
> (before this patch -- after this patch it's only done in reset)
> 
> > then we do the common init
> 
> Then as part of starting up auxiliary processors we send an INIT
> interrupt, that resets the APIC and...
> 
> > that sets it to !bsp - so 1 for most CPUs
> > then you're adding this so that a specific APIC implementation (kvm)
> > can nobble it back to 0 again?
> 
> Yes.  That's needed because this APIC implementation does not use the
> field at all.
> 
> > and on the load side it's forced to zero by apic_pre_load.
> 
> Yes.  That's the common case for the !APIC implementation because it
> gets to zero as soon as te OS starts.

OK; yep, that's OK.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

> 
> Paolo
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Paolo Bonzini <pbonzini@redhat.com> writes:

> The wait_for_sipi field is set back to 1 after an INIT, so it was not
> effective to reset it in kvm_apic_realize.  Introduce a reset callback
> and reset wait_for_sipi there.
>
> Reported-by: Igor Mammedov <imammedo@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  hw/i386/kvm/apic.c              | 10 +++++++---
>  hw/intc/apic_common.c           |  5 +++++
>  include/hw/i386/apic_internal.h |  1 +
>  3 files changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
> index 271e97f..5b47056 100644
> --- a/hw/i386/kvm/apic.c
> +++ b/hw/i386/kvm/apic.c
> @@ -171,12 +171,15 @@ static const MemoryRegionOps kvm_apic_io_ops = {
>      .endianness = DEVICE_NATIVE_ENDIAN,
>  };
>  
> -static void kvm_apic_realize(DeviceState *dev, Error **errp)
> +static void kvm_apic_reset(APICCommonState *s)
>  {
> -    APICCommonState *s = APIC_COMMON(dev);
> -
>      /* Not used by KVM, which uses the CPU mp_state instead.  */
>      s->wait_for_sipi = 0;
> +}
> +
> +static void kvm_apic_realize(DeviceState *dev, Error **errp)
> +{
> +    APICCommonState *s = APIC_COMMON(dev);
>  
>      memory_region_init_io(&s->io_memory, NULL, &kvm_apic_io_ops, s, "kvm-apic-msi",
>                            APIC_SPACE_SIZE);
> @@ -191,6 +194,7 @@ static void kvm_apic_class_init(ObjectClass *klass, void *data)
>      APICCommonClass *k = APIC_COMMON_CLASS(klass);
>  
>      k->realize = kvm_apic_realize;
> +    k->reset = kvm_apic_reset;
>      k->set_base = kvm_apic_set_base;
>      k->set_tpr = kvm_apic_set_tpr;
>      k->get_tpr = kvm_apic_get_tpr;
> diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
> index 4e62f25..d9bb188 100644
> --- a/hw/intc/apic_common.c
> +++ b/hw/intc/apic_common.c
> @@ -178,6 +178,7 @@ bool apic_next_timer(APICCommonState *s, int64_t current_time)
>  void apic_init_reset(DeviceState *dev)
>  {
>      APICCommonState *s = APIC_COMMON(dev);
> +    APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
>      int i;
>  
>      if (!s) {

*** CID 1264327:  Dereference before null check  (REVERSE_INULL)
/hw/intc/apic_common.c: 184 in apic_init_reset()
178     void apic_init_reset(DeviceState *dev)
179     {
180         APICCommonState *s = APIC_COMMON(dev);
181         APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
182         int i;
183     
>>>     CID 1264327:  Dereference before null check  (REVERSE_INULL)
>>>     Null-checking "s" suggests that it may be null, but it has
>>> already been dereferenced on all paths leading to the check.
184         if (!s) {
185             return;
186         }
187         s->tpr = 0;
188         s->spurious_vec = 0xff;
189         s->log_dest = 0;

[...]