From patchwork Fri Jul 21 04:51:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bharata B Rao X-Patchwork-Id: 9856149 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id DE1F0600F5 for ; Fri, 21 Jul 2017 04:53:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BBD4528733 for ; Fri, 21 Jul 2017 04:53:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AE0D028759; Fri, 21 Jul 2017 04:53:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 2EB5828733 for ; Fri, 21 Jul 2017 04:53:16 +0000 (UTC) Received: from localhost ([::1]:41031 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dYPwB-0008Mu-N8 for patchwork-qemu-devel@patchwork.kernel.org; Fri, 21 Jul 2017 00:53:15 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56230) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dYPvc-0008MW-16 for qemu-devel@nongnu.org; Fri, 21 Jul 2017 00:52:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dYPvY-0003Db-VL for qemu-devel@nongnu.org; Fri, 21 Jul 2017 00:52:40 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:36775) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dYPvY-0003Cx-LX for qemu-devel@nongnu.org; Fri, 21 Jul 2017 00:52:36 -0400 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v6L4pVUB070098 for ; Fri, 21 Jul 2017 00:52:34 -0400 Received: from e23smtp06.au.ibm.com (e23smtp06.au.ibm.com [202.81.31.148]) by mx0a-001b2d01.pphosted.com with ESMTP id 2bu50tuntb-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Fri, 21 Jul 2017 00:52:33 -0400 Received: from localhost by e23smtp06.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 21 Jul 2017 14:52:31 +1000 Received: from d23relay08.au.ibm.com (202.81.31.227) by e23smtp06.au.ibm.com (202.81.31.212) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 21 Jul 2017 14:52:29 +1000 Received: from d23av06.au.ibm.com (d23av06.au.ibm.com [9.190.235.151]) by d23relay08.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v6L4pDS922544572; Fri, 21 Jul 2017 14:51:13 +1000 Received: from d23av06.au.ibm.com (localhost [127.0.0.1]) by d23av06.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id v6L4pDQK031988; Fri, 21 Jul 2017 14:51:13 +1000 Received: from bharata.in.ibm.com ([9.79.193.106]) by d23av06.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id v6L4pBBV031944; Fri, 21 Jul 2017 14:51:12 +1000 From: Bharata B Rao To: qemu-devel@nongnu.org Date: Fri, 21 Jul 2017 10:21:06 +0530 X-Mailer: git-send-email 2.7.4 X-TM-AS-MML: disable x-cbid: 17072104-0040-0000-0000-00000349DE79 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17072104-0041-0000-0000-00000CC5CC47 Message-Id: <1500612666-19521-1-git-send-email-bharata@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-21_01:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707210076 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.156.1 Subject: [Qemu-devel] [FIX PATCH v2] spapr: Fix QEMU abort during memory unplug X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: danielhb@linux.vnet.ibm.com, Bharata B Rao , qemu-ppc@nongnu.org, david@gibson.dropbear.id.au Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Commit 0cffce56 (hw/ppc/spapr.c: adding pending_dimm_unplugs to sPAPRMachineState) introduced a new way to track pending LMBs of DIMM device that is marked for removal. Since this commit we can hit the assert in spapr_pending_dimm_unplugs_add() in the following situation: - DIMM device removal fails as the guest doesn't allow the removal. - Subsequent attempt to remove the same DIMM would hit the assert as the corresponding sPAPRDIMMState is still part of the pending_dimm_unplugs list. Fix this by removing the assert and conditionally adding the sPAPRDIMMState to pending_dimm_unplugs list only when it is not already present. Fixes: 0cffce56ae3501c5783d779f97993ce478acf856 Signed-off-by: Bharata B Rao Reviewed-by: Daniel Barboza --- Changes in v2: - sPAPRDIMMState is now allocated within spapr_pending_dimm_unplugs_add() itself (David Gibson) - spapr_recover_pending_dimm_state() should never return a NULL sPAPRDIMMState, added an assert for the same. hw/ppc/spapr.c | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 1cb09e7..2465b27 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -2850,11 +2850,25 @@ static sPAPRDIMMState *spapr_pending_dimm_unplugs_find(sPAPRMachineState *s, return dimm_state; } -static void spapr_pending_dimm_unplugs_add(sPAPRMachineState *spapr, - sPAPRDIMMState *dimm_state) +static sPAPRDIMMState *spapr_pending_dimm_unplugs_add(sPAPRMachineState *spapr, + uint32_t nr_lmbs, + PCDIMMDevice *dimm) { - g_assert(!spapr_pending_dimm_unplugs_find(spapr, dimm_state->dimm)); - QTAILQ_INSERT_HEAD(&spapr->pending_dimm_unplugs, dimm_state, next); + sPAPRDIMMState *ds = NULL; + + /* + * If this request is for a DIMM whose removal had failed earlier + * (due to guest's refusal to remove the LMBs), we would have this + * dimm already in the pending_dimm_unplugs list. In that + * case don't add again. + */ + if (!spapr_pending_dimm_unplugs_find(spapr, dimm)) { + ds = g_malloc0(sizeof(sPAPRDIMMState)); + ds->nr_lmbs = nr_lmbs; + ds->dimm = dimm; + QTAILQ_INSERT_HEAD(&spapr->pending_dimm_unplugs, ds, next); + } + return ds; } static void spapr_pending_dimm_unplugs_remove(sPAPRMachineState *spapr, @@ -2875,7 +2889,6 @@ static sPAPRDIMMState *spapr_recover_pending_dimm_state(sPAPRMachineState *ms, uint32_t avail_lmbs = 0; uint64_t addr_start, addr; int i; - sPAPRDIMMState *ds; addr_start = object_property_get_int(OBJECT(dimm), PC_DIMM_ADDR_PROP, &error_abort); @@ -2891,11 +2904,7 @@ static sPAPRDIMMState *spapr_recover_pending_dimm_state(sPAPRMachineState *ms, addr += SPAPR_MEMORY_BLOCK_SIZE; } - ds = g_malloc0(sizeof(sPAPRDIMMState)); - ds->nr_lmbs = avail_lmbs; - ds->dimm = dimm; - spapr_pending_dimm_unplugs_add(ms, ds); - return ds; + return spapr_pending_dimm_unplugs_add(ms, avail_lmbs, dimm); } /* Callback to be called during DRC release. */ @@ -2911,6 +2920,7 @@ void spapr_lmb_release(DeviceState *dev) * during the unplug process. In this case recover it. */ if (ds == NULL) { ds = spapr_recover_pending_dimm_state(spapr, PC_DIMM(dev)); + g_assert(ds); /* The DRC being examined by the caller at least must be counted */ g_assert(ds->nr_lmbs); } @@ -2942,18 +2952,13 @@ static void spapr_memory_unplug_request(HotplugHandler *hotplug_dev, uint64_t addr_start, addr; int i; sPAPRDRConnector *drc; - sPAPRDIMMState *ds; - addr_start = object_property_get_uint(OBJECT(dimm), PC_DIMM_ADDR_PROP, &local_err); if (local_err) { goto out; } - ds = g_malloc0(sizeof(sPAPRDIMMState)); - ds->nr_lmbs = nr_lmbs; - ds->dimm = dimm; - spapr_pending_dimm_unplugs_add(spapr, ds); + spapr_pending_dimm_unplugs_add(spapr, nr_lmbs, dimm); addr = addr_start; for (i = 0; i < nr_lmbs; i++) {