| Message ID | 20201218103400.689660-5-groug@kaod.org |
|---|---|
| State | New |
| Headers | show |
| Series | spapr: Fix visibility and traversal of DR connectors | expand |
On 12/18/20 7:33 AM, Greg Kurz wrote: > Documentation of object_child_foreach_recursive() clearly stipulates > that "it is forbidden to add or remove children from @obj from the @fn > callback". But this is exactly what we do during machine reset. The call > to spapr_drc_reset() can finalize the hot-unplug sequence of a PHB or a > PCI bridge, both of which will then in turn destroy their PCI DRCs. This > could potentially invalidate the iterator used by do_object_child_foreach(). > It is pure luck that this haven't caused any issues so far. > > Use spapr_drc_reset_all() since it can cope with DRC removal. > > Signed-off-by: Greg Kurz <groug@kaod.org> > --- Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> > hw/ppc/spapr.c | 15 +-------------- > 1 file changed, 1 insertion(+), 14 deletions(-) > > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c > index 43dded87f498..8528bc90fec4 100644 > --- a/hw/ppc/spapr.c > +++ b/hw/ppc/spapr.c > @@ -1566,19 +1566,6 @@ void spapr_setup_hpt(SpaprMachineState *spapr) > } > } > > -static int spapr_reset_drcs(Object *child, void *opaque) > -{ > - SpaprDrc *drc = > - (SpaprDrc *) object_dynamic_cast(child, > - TYPE_SPAPR_DR_CONNECTOR); > - > - if (drc) { > - spapr_drc_reset(drc); > - } > - > - return 0; > -} > - > static void spapr_machine_reset(MachineState *machine) > { > SpaprMachineState *spapr = SPAPR_MACHINE(machine); > @@ -1633,7 +1620,7 @@ static void spapr_machine_reset(MachineState *machine) > * will crash QEMU if the DIMM holding the vring goes away). To avoid such > * situations, we reset DRCs after all devices have been reset. > */ > - object_child_foreach_recursive(object_get_root(), spapr_reset_drcs, NULL); > + spapr_drc_reset_all(spapr); > > spapr_clear_pending_events(spapr); > >
On Fri, Dec 18, 2020 at 11:33:58AM +0100, Greg Kurz wrote: > Documentation of object_child_foreach_recursive() clearly stipulates > that "it is forbidden to add or remove children from @obj from the @fn > callback". But this is exactly what we do during machine reset. The call > to spapr_drc_reset() can finalize the hot-unplug sequence of a PHB or a > PCI bridge, both of which will then in turn destroy their PCI DRCs. This > could potentially invalidate the iterator used by do_object_child_foreach(). > It is pure luck that this haven't caused any issues so far. > > Use spapr_drc_reset_all() since it can cope with DRC removal. > > Signed-off-by: Greg Kurz <groug@kaod.org> Applied, thanks. > --- > hw/ppc/spapr.c | 15 +-------------- > 1 file changed, 1 insertion(+), 14 deletions(-) > > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c > index 43dded87f498..8528bc90fec4 100644 > --- a/hw/ppc/spapr.c > +++ b/hw/ppc/spapr.c > @@ -1566,19 +1566,6 @@ void spapr_setup_hpt(SpaprMachineState *spapr) > } > } > > -static int spapr_reset_drcs(Object *child, void *opaque) > -{ > - SpaprDrc *drc = > - (SpaprDrc *) object_dynamic_cast(child, > - TYPE_SPAPR_DR_CONNECTOR); > - > - if (drc) { > - spapr_drc_reset(drc); > - } > - > - return 0; > -} > - > static void spapr_machine_reset(MachineState *machine) > { > SpaprMachineState *spapr = SPAPR_MACHINE(machine); > @@ -1633,7 +1620,7 @@ static void spapr_machine_reset(MachineState *machine) > * will crash QEMU if the DIMM holding the vring goes away). To avoid such > * situations, we reset DRCs after all devices have been reset. > */ > - object_child_foreach_recursive(object_get_root(), spapr_reset_drcs, NULL); > + spapr_drc_reset_all(spapr); > > spapr_clear_pending_events(spapr); >
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 43dded87f498..8528bc90fec4 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -1566,19 +1566,6 @@ void spapr_setup_hpt(SpaprMachineState *spapr) } } -static int spapr_reset_drcs(Object *child, void *opaque) -{ - SpaprDrc *drc = - (SpaprDrc *) object_dynamic_cast(child, - TYPE_SPAPR_DR_CONNECTOR); - - if (drc) { - spapr_drc_reset(drc); - } - - return 0; -} - static void spapr_machine_reset(MachineState *machine) { SpaprMachineState *spapr = SPAPR_MACHINE(machine); @@ -1633,7 +1620,7 @@ static void spapr_machine_reset(MachineState *machine) * will crash QEMU if the DIMM holding the vring goes away). To avoid such * situations, we reset DRCs after all devices have been reset. */ - object_child_foreach_recursive(object_get_root(), spapr_reset_drcs, NULL); + spapr_drc_reset_all(spapr); spapr_clear_pending_events(spapr);
Documentation of object_child_foreach_recursive() clearly stipulates that "it is forbidden to add or remove children from @obj from the @fn callback". But this is exactly what we do during machine reset. The call to spapr_drc_reset() can finalize the hot-unplug sequence of a PHB or a PCI bridge, both of which will then in turn destroy their PCI DRCs. This could potentially invalidate the iterator used by do_object_child_foreach(). It is pure luck that this haven't caused any issues so far. Use spapr_drc_reset_all() since it can cope with DRC removal. Signed-off-by: Greg Kurz <groug@kaod.org> --- hw/ppc/spapr.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-)