From: David Gibson <david@gibson.dropbear.id.au>
To: peter.maydell@linaro.org, groug@kaod.org
Cc: Daniel Henrique Barboza <danielhb413@gmail.com>,
qemu-ppc@nongnu.org, qemu-devel@nongnu.org,
David Gibson <david@gibson.dropbear.id.au>
Subject: [PULL 11/22] spapr: Fix reset of transient DR connectors
Date: Wed, 6 Jan 2021 14:38:05 +1100 [thread overview]
Message-ID: <20210106033816.232598-12-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20210106033816.232598-1-david@gibson.dropbear.id.au>
From: Greg Kurz <groug@kaod.org>
Documentation of object_property_iter_init() clearly stipulates that
"it is forbidden to modify the property list while iterating". But this
is exactly what we do when resetting transient DR connectors during CAS.
The call to spapr_drc_reset() can finalize the hot-unplug sequence of a
PHB or a PCI bridge, both of which will then in turn destroy their PCI
DRCs. This could potentially invalidate the iterator. It is pure luck
that this haven't caused any issues so far.
Change spapr_drc_reset() to return true if it caused a device to be
removed. Restart from scratch in this case. This can potentially
increase the overall DRC reset time, especially with a high maxmem
which generates a lot of LMB DRCs. But this kind of setup is rare,
and so is the use case of rebooting a guest while doing hot-unplug.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20201218103400.689660-3-groug@kaod.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
hw/ppc/spapr_drc.c | 6 +++++-
hw/ppc/spapr_hcall.c | 8 +++++++-
include/hw/ppc/spapr_drc.h | 3 ++-
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index 8d62f55066..5b5e2ac58a 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -417,9 +417,10 @@ void spapr_drc_detach(SpaprDrc *drc)
spapr_drc_release(drc);
}
-void spapr_drc_reset(SpaprDrc *drc)
+bool spapr_drc_reset(SpaprDrc *drc)
{
SpaprDrcClass *drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+ bool unplug_completed = false;
trace_spapr_drc_reset(spapr_drc_index(drc));
@@ -428,6 +429,7 @@ void spapr_drc_reset(SpaprDrc *drc)
*/
if (drc->unplug_requested) {
spapr_drc_release(drc);
+ unplug_completed = true;
}
if (drc->dev) {
@@ -444,6 +446,8 @@ void spapr_drc_reset(SpaprDrc *drc)
drc->ccs_offset = -1;
drc->ccs_depth = -1;
}
+
+ return unplug_completed;
}
static bool spapr_drc_unplug_requested_needed(void *opaque)
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 4e9d50c254..aa22830ac4 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1639,6 +1639,7 @@ static void spapr_handle_transient_dev_before_cas(SpaprMachineState *spapr)
ObjectPropertyIterator iter;
drc_container = container_get(object_get_root(), "/dr-connector");
+restart:
object_property_iter_init(&iter, drc_container);
while ((prop = object_property_iter_next(&iter))) {
SpaprDrc *drc;
@@ -1652,8 +1653,13 @@ static void spapr_handle_transient_dev_before_cas(SpaprMachineState *spapr)
/*
* This will complete any pending plug/unplug requests.
+ * In case of a unplugged PHB or PCI bridge, this will
+ * cause some DRCs to be destroyed and thus potentially
+ * invalidate the iterator.
*/
- spapr_drc_reset(drc);
+ if (spapr_drc_reset(drc)) {
+ goto restart;
+ }
}
spapr_clear_pending_hotplug_events(spapr);
diff --git a/include/hw/ppc/spapr_drc.h b/include/hw/ppc/spapr_drc.h
index cff5e707d0..5d80019f82 100644
--- a/include/hw/ppc/spapr_drc.h
+++ b/include/hw/ppc/spapr_drc.h
@@ -224,7 +224,8 @@ static inline bool spapr_drc_hotplugged(DeviceState *dev)
return dev->hotplugged && !runstate_check(RUN_STATE_INMIGRATE);
}
-void spapr_drc_reset(SpaprDrc *drc);
+/* Returns true if an unplug request completed */
+bool spapr_drc_reset(SpaprDrc *drc);
uint32_t spapr_drc_index(SpaprDrc *drc);
SpaprDrcType spapr_drc_type(SpaprDrc *drc);
--
2.29.2
next prev parent reply other threads:[~2021-01-06 3:50 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-06 3:37 [PULL 00/22] ppc-for-6.0 queue 20210106 David Gibson
2021-01-06 3:37 ` [PULL 01/22] hw/ppc/ppc4xx_devs: Make code style fixes to UIC code David Gibson
2021-01-06 3:37 ` [PULL 02/22] ppc: Convert PPC UIC to a QOM device David Gibson
2021-01-06 3:37 ` [PULL 03/22] hw/ppc/virtex_ml507: Drop use of ppcuic_init() David Gibson
2021-01-06 3:37 ` [PULL 04/22] hw/ppc/ppc440_bamboo: " David Gibson
2021-01-06 3:37 ` [PULL 05/22] spapr: DRC lookup cannot fail David Gibson
2021-01-06 3:38 ` [PULL 06/22] spapr/xive: Make spapr_xive_pic_print_info() static David Gibson
2021-01-06 3:38 ` [PULL 07/22] spapr: Fix DR properties of the root node David Gibson
2021-01-06 3:38 ` [PULL 08/22] spapr: Allow memory unplug to always succeed David Gibson
2021-01-06 3:38 ` [PULL 09/22] spapr: Fix buffer overflow in spapr_numa_associativity_init() David Gibson
2021-01-06 3:38 ` [PULL 10/22] spapr: Call spapr_drc_reset() for all DRCs at CAS David Gibson
2021-01-06 3:38 ` David Gibson [this message]
2021-01-06 3:38 ` [PULL 12/22] spapr: Introduce spapr_drc_reset_all() David Gibson
2021-01-06 3:38 ` [PULL 13/22] spapr: Use spapr_drc_reset_all() at machine reset David Gibson
2021-01-06 3:38 ` [PULL 14/22] spapr: Add drc_ prefix to the DRC realize and unrealize functions David Gibson
2021-01-06 3:38 ` [PULL 15/22] ppc: Fix build with --without-default-devices David Gibson
2021-01-06 3:38 ` [PULL 16/22] ppc: Simplify reverse dependencies of POWERNV and PSERIES on XICS and XIVE David Gibson
2021-01-06 3:38 ` [PULL 17/22] pnv: Fix reverse dependency on PCI express root ports David Gibson
2021-01-06 3:38 ` [PULL 18/22] ppc4xx: Move common dependency on serial to common option David Gibson
2021-01-06 3:38 ` [PULL 19/22] sam460ex: Remove FDT_PPC dependency from KConfig David Gibson
2021-01-06 3:38 ` [PULL 20/22] ppc440_pcix: Improve comment for IRQ mapping David Gibson
2021-01-06 3:38 ` [PULL 21/22] ppc440_pcix: Fix register write trace event David Gibson
2021-01-06 3:38 ` [PULL 22/22] ppc440_pcix: Fix up pci config access David Gibson
2021-01-06 6:12 ` [PULL 00/22] ppc-for-6.0 queue 20210106 BALATON Zoltan via
2021-01-06 13:30 ` Peter Maydell
2021-01-06 15:29 ` BALATON Zoltan via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210106033816.232598-12-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=danielhb413@gmail.com \
--cc=groug@kaod.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.