From patchwork Tue Sep 8 23:44:55 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 515641 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 50F8D140345 for ; Wed, 9 Sep 2015 09:45:45 +1000 (AEST) Received: from localhost ([::1]:38563 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZZSa7-0006Ty-AI for incoming@patchwork.ozlabs.org; Tue, 08 Sep 2015 19:45:43 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34415) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZZSZb-0005yV-KP for qemu-devel@nongnu.org; Tue, 08 Sep 2015 19:45:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZZSZX-00079P-Jb for qemu-devel@nongnu.org; Tue, 08 Sep 2015 19:45:11 -0400 Received: from e19.ny.us.ibm.com ([129.33.205.209]:39618) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZZSZX-00074o-Gd for qemu-devel@nongnu.org; Tue, 08 Sep 2015 19:45:07 -0400 Received: from /spool/local by e19.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 8 Sep 2015 19:45:06 -0400 Received: from d01dlp02.pok.ibm.com (9.56.250.167) by e19.ny.us.ibm.com (146.89.104.206) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 8 Sep 2015 19:45:03 -0400 X-Helo: d01dlp02.pok.ibm.com X-MailFrom: mdroth@linux.vnet.ibm.com X-RcptTo: qemu-ppc@nongnu.org Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com [9.57.198.25]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 62C796E8040; Tue, 8 Sep 2015 19:36:47 -0400 (EDT) Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id t88Nj3np47317220; Tue, 8 Sep 2015 23:45:03 GMT Received: from d01av04.pok.ibm.com (localhost [127.0.0.1]) by d01av04.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id t88Nj2Tb032745; Tue, 8 Sep 2015 19:45:03 -0400 Received: from localhost ([9.41.105.109]) by d01av04.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id t88Nj1nA032473; Tue, 8 Sep 2015 19:45:01 -0400 From: Michael Roth To: qemu-devel@nongnu.org Date: Tue, 8 Sep 2015 18:44:55 -0500 Message-Id: <1441755895-8920-1-git-send-email-mdroth@linux.vnet.ibm.com> X-Mailer: git-send-email 1.9.1 X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 15090823-0057-0000-0000-0000015D6444 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 129.33.205.209 Cc: Bharata B Rao , qemu-ppc@nongnu.org, Michael Roth , David Gibson Subject: [Qemu-devel] [PATCH v2] spapr_drc: don't allow 'empty' DRCs to be unisolated X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Logical resources start with allocation-state:UNUSABLE / isolation-state:ISOLATED. During hotplug, guests will transition them to allocate-state:USABLE, and then to isolate-state:UNISOLATED. The former transition does not seem to have any failure path for cases where a DRC does not have any resources associated with it to allocate for guest, but instead relies on the subsequent isolation-state:UNISOLATED transition to indicate failure in this situation. Currently DRC code does not implement this logic, but instead tries to indicate failure by refusing the allocation-state:USABLE transition. Unfortunately, since that's not a documented failure path, guests continue undeterred, causing undefined behavior in QEMU and guest code. Fix this by handling things as PAPR defines (13.7 and 13.7.3.1). Cc: qemu-ppc@nongnu.org Cc: David Gibson Cc: Bharata B Rao Signed-off-by: Michael Roth Tested-by: Bharata B Rao --- v2: - actually include the full changeset in the patch --- hw/ppc/spapr_drc.c | 12 ++++++++++++ hw/ppc/spapr_rtas.c | 9 +++++++-- include/hw/ppc/spapr.h | 1 + include/hw/ppc/spapr_drc.h | 2 ++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c index 9ce844a..c1f664f 100644 --- a/hw/ppc/spapr_drc.c +++ b/hw/ppc/spapr_drc.c @@ -66,6 +66,18 @@ static int set_isolation_state(sPAPRDRConnector *drc, DPRINTFN("drc: %x, set_isolation_state: %x", get_index(drc), state); + if (state == SPAPR_DR_ISOLATION_STATE_UNISOLATED) { + /* cannot unisolate a non-existant resource. this generally + * happens for logical resources where transitions from + * allocation-state:UNUSABLE to allocation-state:USABLE are + * unguarded, but instead rely on a subsequent + * isolation-state:UNISOLATED transition to indicate failure + */ + if (!drc->dev) { + return -1; + } + } + drc->isolation_state = state; if (drc->isolation_state == SPAPR_DR_ISOLATION_STATE_ISOLATED) { diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c index 3b7b20b..0ddedca 100644 --- a/hw/ppc/spapr_rtas.c +++ b/hw/ppc/spapr_rtas.c @@ -372,6 +372,7 @@ static void rtas_set_indicator(PowerPCCPU *cpu, sPAPRMachineState *spapr, uint32_t sensor_type; uint32_t sensor_index; uint32_t sensor_state; + int drc_ret, ret = RTAS_OUT_SUCCESS; sPAPRDRConnector *drc; sPAPRDRConnectorClass *drck; @@ -413,7 +414,11 @@ static void rtas_set_indicator(PowerPCCPU *cpu, sPAPRMachineState *spapr, spapr_ccs_remove(spapr, ccs); } } - drck->set_isolation_state(drc, sensor_state); + drc_ret = drck->set_isolation_state(drc, sensor_state); + if (drc_ret != 0) { + ret = (drc_ret == -1) ? RTAS_OUT_NO_SUCH_INDICATOR + : RTAS_OUT_HW_ERROR; + } break; case RTAS_SENSOR_TYPE_DR: drck->set_indicator_state(drc, sensor_state); @@ -425,7 +430,7 @@ static void rtas_set_indicator(PowerPCCPU *cpu, sPAPRMachineState *spapr, goto out_unimplemented; } - rtas_st(rets, 0, RTAS_OUT_SUCCESS); + rtas_st(rets, 0, ret); return; out_unimplemented: diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h index c75cc5e..ffb108d 100644 --- a/include/hw/ppc/spapr.h +++ b/include/hw/ppc/spapr.h @@ -412,6 +412,7 @@ int spapr_allocate_irq_block(int num, bool lsi, bool msi); #define RTAS_OUT_BUSY -2 #define RTAS_OUT_PARAM_ERROR -3 #define RTAS_OUT_NOT_SUPPORTED -3 +#define RTAS_OUT_NO_SUCH_INDICATOR -3 #define RTAS_OUT_NOT_AUTHORIZED -9002 /* RTAS tokens */ diff --git a/include/hw/ppc/spapr_drc.h b/include/hw/ppc/spapr_drc.h index 28ffeae..b2c1209 100644 --- a/include/hw/ppc/spapr_drc.h +++ b/include/hw/ppc/spapr_drc.h @@ -165,6 +165,8 @@ typedef struct sPAPRDRConnectorClass { /*< public >*/ /* accessors for guest-visible (generally via RTAS) DR state */ + + /* returns -1 if DRC cannot be set to requested isolation state */ int (*set_isolation_state)(sPAPRDRConnector *drc, sPAPRDRIsolationState state); int (*set_indicator_state)(sPAPRDRConnector *drc,