[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 44d691: spapr: fix core unplug crash
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] 44d691: spapr: fix core unplug crash |
Date: |
Mon, 18 Jul 2016 04:30:05 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 44d691f7d9b6ebab102a31aa87fe59da8f7feff9
https://github.com/qemu/qemu/commit/44d691f7d9b6ebab102a31aa87fe59da8f7feff9
Author: Greg Kurz <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M hw/ppc/spapr_cpu_core.c
Log Message:
-----------
spapr: fix core unplug crash
If the host has 8 threads/core and the guest is started with:
-smp cores=1,threads=4,maxcpus=12
It is possible to crash QEMU by doing:
(qemu) device_add host-spapr-cpu-core,core-id=16,id=foo
(qemu) device_del foo
Segmentation fault
This happens because spapr_core_unplug() assumes cpu_dt_id == core_id.
As long as cpu_dt_id is derived from the non-table cpu_index, this is
only true when you plug cores with contiguous ids.
It is safer to be consistent: the DR connector was created with an
index that is immediately written to cc->core_id, and spapr_core_plug()
also relies on cc->core_id.
Let's use it also in spapr_core_unplug().
Signed-off-by: Greg Kurz <address@hidden>
Reviewed-by: Bharata B Rao <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: ba0b17dd8f00bdc4d55d67046e4300d95ad5f3f2
https://github.com/qemu/qemu/commit/ba0b17dd8f00bdc4d55d67046e4300d95ad5f3f2
Author: Mark Cave-Ayland <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M hw/misc/macio/mac_dbdma.c
Log Message:
-----------
dbdma: always define DBDMA_DPRINTF and enable debug with DEBUG_DBDMA
Enabling DBDMA_DPRINTF unconditionally ensures that any errors in debug
statements are picked up immediately.
Signed-off-by: Mark Cave-Ayland <address@hidden>
Acked-by: Benjamin Herrenschmidt <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: 3e49c43940fa3e61911969dd7b60534d9ec7f00f
https://github.com/qemu/qemu/commit/3e49c43940fa3e61911969dd7b60534d9ec7f00f
Author: Mark Cave-Ayland <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M hw/misc/macio/mac_dbdma.c
Log Message:
-----------
dbdma: add per-channel debugging enabled via DEBUG_DBDMA_CHANMASK
By default large amounts of DBDMA debugging are produced when often it is just
1 or 2 channels that are of interest. Introduce DEBUG_DBDMA_CHANMASK to allow
the developer to select the channels of interest at compile time, and then
further add the extra channel information to each debug statement where
possible.
Also clearly mark the start/end of DBDMA_run_bh to allow tracking the bottom
half execution.
Signed-off-by: Mark Cave-Ayland <address@hidden>
Acked-by: Benjamin Herrenschmidt <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: 3f0d4128dc641f082c3631d610f843b0cdbb6e61
https://github.com/qemu/qemu/commit/3f0d4128dc641f082c3631d610f843b0cdbb6e61
Author: Mark Cave-Ayland <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M hw/misc/macio/mac_dbdma.c
Log Message:
-----------
dbdma: fix endian of DBDMA_CMDPTR_LO during branch
The current DBDMA command is stored in little-endian format, so make sure
we convert it to match our CPU when updating the DBDMA_CMDPTR_LO register.
Signed-off-by: Mark Cave-Ayland <address@hidden>
Acked-by: Benjamin Herrenschmidt <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: e12f50b900bcc2079954c40828dcc167e4ace5cb
https://github.com/qemu/qemu/commit/e12f50b900bcc2079954c40828dcc167e4ace5cb
Author: Mark Cave-Ayland <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M hw/misc/macio/mac_dbdma.c
Log Message:
-----------
dbdma: fix load_word/store_word value endianness
The values to read/write to/from physical memory are copied directly to the
physical address with no endian swapping required.
Also add some extra information to debugging output while we are here.
Signed-off-by: Mark Cave-Ayland <address@hidden>
Acked-by: Benjamin Herrenschmidt <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: 894993905daf9c56fee67e77d8f0f76889dc7b76
https://github.com/qemu/qemu/commit/894993905daf9c56fee67e77d8f0f76889dc7b76
Author: Mark Cave-Ayland <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M hw/misc/macio/mac_dbdma.c
Log Message:
-----------
dbdma: set FLUSH bit upon reception of flush command for unassigned DBDMA
channels
This fixes MacOS 9 whereby it continually flushes and polls the status bits
until they are set to indicate a successful flush.
Signed-off-by: Mark Cave-Ayland <address@hidden>
Acked-by: Benjamin Herrenschmidt <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: 2df778967b5d27c361c8f1389525d6c7e2dc9d10
https://github.com/qemu/qemu/commit/2df778967b5d27c361c8f1389525d6c7e2dc9d10
Author: Mark Cave-Ayland <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M hw/misc/macio/mac_dbdma.c
Log Message:
-----------
dbdma: reset io->processing flag for unassigned DBDMA channel rw accesses
Otherwise MacOS 9 hangs upon shutdown.
Signed-off-by: Mark Cave-Ayland <address@hidden>
Acked-by: Benjamin Herrenschmidt <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: 36a24df84a4728b1cd7425af24c0d30cd65a51b5
https://github.com/qemu/qemu/commit/36a24df84a4728b1cd7425af24c0d30cd65a51b5
Author: Benjamin Herrenschmidt <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M target-ppc/helper_regs.h
Log Message:
-----------
ppc: Fix support for odd MSR combinations
MacOS uses an architecturally illegal MSR combination that
seems nonetheless supported by 32-bit processors, which is
to have MSR[PR]=1 and one or more of MSR[DR/IR/EE]=0.
This adds support for it. To work properly we need to also
properly include support for PR=1,{I,D}R=0 to the MMU index
used by the qemu TLB.
Signed-off-by: Benjamin Herrenschmidt <address@hidden>
Tested-by: Mark Cave-Ayland <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: 21bb3093e6accd2d7d60531a472a34e40911acd9
https://github.com/qemu/qemu/commit/21bb3093e6accd2d7d60531a472a34e40911acd9
Author: David Gibson <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M hw/vfio/spapr.c
Log Message:
-----------
vfio/spapr: Remove stale ioctl() call
This ioctl() call to VFIO_IOMMU_SPAPR_TCE_REMOVE was left over from an
earlier version of the code and has since been folded into
vfio_spapr_remove_window().
It wasn't caught because although the argument structure has been removed,
the libc function remove() means this didn't trigger a compile failure.
The ioctl() was also almost certain to fail silently and harmlessly with
the bogus argument, so this wasn't caught in testing.
Suggested-by: Paolo Bonzini <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Reviewed-by: Alexey Kardashevskiy <address@hidden>
Commit: 5cbc64de25973e9129c5a7897734a06ac64b9aff
https://github.com/qemu/qemu/commit/5cbc64de25973e9129c5a7897734a06ac64b9aff
Author: Bharata B Rao <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M hw/ppc/spapr_cpu_core.c
Log Message:
-----------
spapr: Ensure CPU cores are added contiguously and removed in LIFO order
If CPU core addition or removal is allowed in random order leading to
holes in the core id range (and hence in the cpu_index range), migration
can fail as migration with holes in cpu_index range isn't yet handled
correctly.
Prevent this situation by enforcing the addition in contiguous order
and removal in LIFO order so that we never end up with holes in
cpu_index range.
Signed-off-by: Bharata B Rao <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: c4dfc14b5573d7a2c9731dd3d0cfc20f331f3c87
https://github.com/qemu/qemu/commit/c4dfc14b5573d7a2c9731dd3d0cfc20f331f3c87
Author: Greg Kurz <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M target-ppc/translate_init.c
Log Message:
-----------
ppc: abort if compat property contains an unknown value
It is not possible to set the compat property to an unknown value with
powerpc_set_compat(). Something must have gone terribly wrong in QEMU,
if we detect an "Internal error" in powerpc_get_compat(). Let's abort then.
This patch also drops the "max_compat ? *max_compat : -1" construct. It is
useless since max_compat is dereferenced a few lines above.
Signed-off-by: Greg Kurz <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: 28f3331887f9ae1fc19d2b9d7914047483442270
https://github.com/qemu/qemu/commit/28f3331887f9ae1fc19d2b9d7914047483442270
Author: Thomas Huth <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M target-ppc/mmu-hash64.c
Log Message:
-----------
ppc/mmu-hash64: Remove duplicated #include statement
No need to include error-report.h twice here.
Signed-off-by: Thomas Huth <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: b56d417b8d7548e913d928809ce6bb1d6c2563e2
https://github.com/qemu/qemu/commit/b56d417b8d7548e913d928809ce6bb1d6c2563e2
Author: Paolo Bonzini <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M target-ppc/mmu-hash64.c
Log Message:
-----------
target-ppc: fix left shift overflow in hpte_page_shift
ps->pte_enc is a 32-bit value, which is shifted left and then compared
to a 64-bit value. It needs a cast before the shift.
Reported by Coverity.
Signed-off-by: Paolo Bonzini <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: 159d2e39a8602c369542a92573a52acb5f5f58f2
https://github.com/qemu/qemu/commit/159d2e39a8602c369542a92573a52acb5f5f58f2
Author: Thomas Huth <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M target-ppc/kvm.c
Log Message:
-----------
ppc: Yet another fix for the huge page support detection mechanism
Commit 86b50f2e1bef ("Disable huge page support if it is not available
for main RAM") already made sure that huge page support is not announced
to the guest if the normal RAM of non-NUMA configurations is not backed
by a huge page filesystem. However, there is one more case that can go
wrong: NUMA is enabled, but the RAM of the NUMA nodes are not configured
with huge page support (and only the memory of a DIMM is configured with
it). When QEMU is started with the following command line for example,
the Linux guest currently crashes because it is trying to use huge pages
on a memory region that does not support huge pages:
qemu-system-ppc64 -enable-kvm ... -m 1G,slots=4,maxmem=32G -object \
memory-backend-file,policy=default,mem-path=/hugepages,size=1G,id=mem-mem1 \
-device pc-dimm,id=dimm-mem1,memdev=mem-mem1 -smp 2 \
-numa node,nodeid=0 -numa node,nodeid=1
To fix this issue, we've got to make sure to disable huge page support,
too, when there is a NUMA node that is not using a memory backend with
huge page support.
Fixes: 86b50f2e1befc33407bdfeb6f45f7b0d2439a740
Signed-off-by: Thomas Huth <address@hidden>
Signed-off-by: David Gibson <address@hidden>
Commit: 3913d3707e3debfbf0d2d014a1a793394993b088
https://github.com/qemu/qemu/commit/3913d3707e3debfbf0d2d014a1a793394993b088
Author: Peter Maydell <address@hidden>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M hw/misc/macio/mac_dbdma.c
M hw/ppc/spapr_cpu_core.c
M hw/vfio/spapr.c
M target-ppc/helper_regs.h
M target-ppc/kvm.c
M target-ppc/mmu-hash64.c
M target-ppc/translate_init.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160718' into
staging
ppc patch queue 2016-07-18
Here's what ought to be the final ppc pull request before the 2.7 hard
freeze. This set contains a rework of the DBDMA device for Mac
platforms, and some assorted cleanups and bugfixes.
# gpg: Signature made Mon 18 Jul 2016 05:35:27 BST
# gpg: using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <address@hidden>"
# gpg: aka "David Gibson (Red Hat) <address@hidden>"
# gpg: aka "David Gibson (ozlabs.org) <address@hidden>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392
* remotes/dgibson/tags/ppc-for-2.7-20160718:
ppc: Yet another fix for the huge page support detection mechanism
target-ppc: fix left shift overflow in hpte_page_shift
ppc/mmu-hash64: Remove duplicated #include statement
ppc: abort if compat property contains an unknown value
spapr: Ensure CPU cores are added contiguously and removed in LIFO order
vfio/spapr: Remove stale ioctl() call
ppc: Fix support for odd MSR combinations
dbdma: reset io->processing flag for unassigned DBDMA channel rw accesses
dbdma: set FLUSH bit upon reception of flush command for unassigned DBDMA
channels
dbdma: fix load_word/store_word value endianness
dbdma: fix endian of DBDMA_CMDPTR_LO during branch
dbdma: add per-channel debugging enabled via DEBUG_DBDMA_CHANMASK
dbdma: always define DBDMA_DPRINTF and enable debug with DEBUG_DBDMA
spapr: fix core unplug crash
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/6b92bbfe8127...3913d3707e3d
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 44d691: spapr: fix core unplug crash,
GitHub <=