From 44d691f7d9b6ebab102a31aa87fe59da8f7feff9 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Fri, 8 Jul 2016 15:12:07 +0200 Subject: spapr: fix core unplug crash If the host has 8 threads/core and the guest is started with: -smp cores=1,threads=4,maxcpus=12 It is possible to crash QEMU by doing: (qemu) device_add host-spapr-cpu-core,core-id=16,id=foo (qemu) device_del foo Segmentation fault This happens because spapr_core_unplug() assumes cpu_dt_id == core_id. As long as cpu_dt_id is derived from the non-table cpu_index, this is only true when you plug cores with contiguous ids. It is safer to be consistent: the DR connector was created with an index that is immediately written to cc->core_id, and spapr_core_plug() also relies on cc->core_id. Let's use it also in spapr_core_unplug(). Signed-off-by: Greg Kurz Reviewed-by: Bharata B Rao Signed-off-by: David Gibson --- hw/ppc/spapr_cpu_core.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'hw') diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c index 9347f0741e..bc52b3c289 100644 --- a/hw/ppc/spapr_cpu_core.c +++ b/hw/ppc/spapr_cpu_core.c @@ -126,11 +126,9 @@ static void spapr_core_release(DeviceState *dev, void *opaque) void spapr_core_unplug(HotplugHandler *hotplug_dev, DeviceState *dev, Error **errp) { - sPAPRCPUCore *core = SPAPR_CPU_CORE(OBJECT(dev)); - PowerPCCPU *cpu = POWERPC_CPU(core->threads); - int id = ppc_get_vcpu_dt_id(cpu); + CPUCore *cc = CPU_CORE(dev); sPAPRDRConnector *drc = - spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, id); + spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, cc->core_id); sPAPRDRConnectorClass *drck; Error *local_err = NULL; -- cgit v1.2.3-55-g7522 From ba0b17dd8f00bdc4d55d67046e4300d95ad5f3f2 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Sun, 10 Jul 2016 19:08:53 +0100 Subject: dbdma: always define DBDMA_DPRINTF and enable debug with DEBUG_DBDMA Enabling DBDMA_DPRINTF unconditionally ensures that any errors in debug statements are picked up immediately. Signed-off-by: Mark Cave-Ayland Acked-by: Benjamin Herrenschmidt Signed-off-by: David Gibson --- hw/misc/macio/mac_dbdma.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'hw') diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c index f116f9c36d..b6639f4f95 100644 --- a/hw/misc/macio/mac_dbdma.c +++ b/hw/misc/macio/mac_dbdma.c @@ -45,14 +45,13 @@ #include "sysemu/dma.h" /* debug DBDMA */ -//#define DEBUG_DBDMA +#define DEBUG_DBDMA 0 -#ifdef DEBUG_DBDMA -#define DBDMA_DPRINTF(fmt, ...) \ - do { printf("DBDMA: " fmt , ## __VA_ARGS__); } while (0) -#else -#define DBDMA_DPRINTF(fmt, ...) -#endif +#define DBDMA_DPRINTF(fmt, ...) do { \ + if (DEBUG_DBDMA) { \ + printf("DBDMA: " fmt , ## __VA_ARGS__); \ + } \ +} while (0); /* */ @@ -62,7 +61,7 @@ static DBDMAState *dbdma_from_ch(DBDMA_channel *ch) return container_of(ch, DBDMAState, channels[ch->channel]); } -#ifdef DEBUG_DBDMA +#if DEBUG_DBDMA static void dump_dbdma_cmd(dbdma_cmd *cmd) { printf("dbdma_cmd %p\n", cmd); -- cgit v1.2.3-55-g7522 From 3e49c43940fa3e61911969dd7b60534d9ec7f00f Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Sun, 10 Jul 2016 19:08:54 +0100 Subject: dbdma: add per-channel debugging enabled via DEBUG_DBDMA_CHANMASK By default large amounts of DBDMA debugging are produced when often it is just 1 or 2 channels that are of interest. Introduce DEBUG_DBDMA_CHANMASK to allow the developer to select the channels of interest at compile time, and then further add the extra channel information to each debug statement where possible. Also clearly mark the start/end of DBDMA_run_bh to allow tracking the bottom half execution. Signed-off-by: Mark Cave-Ayland Acked-by: Benjamin Herrenschmidt Signed-off-by: David Gibson --- hw/misc/macio/mac_dbdma.c | 75 ++++++++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 33 deletions(-) (limited to 'hw') diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c index b6639f4f95..e692312dcc 100644 --- a/hw/misc/macio/mac_dbdma.c +++ b/hw/misc/macio/mac_dbdma.c @@ -46,6 +46,7 @@ /* debug DBDMA */ #define DEBUG_DBDMA 0 +#define DEBUG_DBDMA_CHANMASK ((1ull << DBDMA_CHANNELS) - 1) #define DBDMA_DPRINTF(fmt, ...) do { \ if (DEBUG_DBDMA) { \ @@ -53,6 +54,14 @@ } \ } while (0); +#define DBDMA_DPRINTFCH(ch, fmt, ...) do { \ + if (DEBUG_DBDMA) { \ + if ((1ul << (ch)->channel) & DEBUG_DBDMA_CHANMASK) { \ + printf("DBDMA[%02x]: " fmt , (ch)->channel, ## __VA_ARGS__); \ + } \ + } \ +} while (0); + /* */ @@ -79,26 +88,26 @@ static void dump_dbdma_cmd(dbdma_cmd *cmd) #endif static void dbdma_cmdptr_load(DBDMA_channel *ch) { - DBDMA_DPRINTF("dbdma_cmdptr_load 0x%08x\n", - ch->regs[DBDMA_CMDPTR_LO]); + DBDMA_DPRINTFCH(ch, "dbdma_cmdptr_load 0x%08x\n", + ch->regs[DBDMA_CMDPTR_LO]); dma_memory_read(&address_space_memory, ch->regs[DBDMA_CMDPTR_LO], &ch->current, sizeof(dbdma_cmd)); } static void dbdma_cmdptr_save(DBDMA_channel *ch) { - DBDMA_DPRINTF("dbdma_cmdptr_save 0x%08x\n", - ch->regs[DBDMA_CMDPTR_LO]); - DBDMA_DPRINTF("xfer_status 0x%08x res_count 0x%04x\n", - le16_to_cpu(ch->current.xfer_status), - le16_to_cpu(ch->current.res_count)); + DBDMA_DPRINTFCH(ch, "dbdma_cmdptr_save 0x%08x\n", + ch->regs[DBDMA_CMDPTR_LO]); + DBDMA_DPRINTFCH(ch, "xfer_status 0x%08x res_count 0x%04x\n", + le16_to_cpu(ch->current.xfer_status), + le16_to_cpu(ch->current.res_count)); dma_memory_write(&address_space_memory, ch->regs[DBDMA_CMDPTR_LO], &ch->current, sizeof(dbdma_cmd)); } static void kill_channel(DBDMA_channel *ch) { - DBDMA_DPRINTF("kill_channel\n"); + DBDMA_DPRINTFCH(ch, "kill_channel\n"); ch->regs[DBDMA_STATUS] |= DEAD; ch->regs[DBDMA_STATUS] &= ~ACTIVE; @@ -114,7 +123,7 @@ static void conditional_interrupt(DBDMA_channel *ch) uint32_t status; int cond; - DBDMA_DPRINTF("%s\n", __func__); + DBDMA_DPRINTFCH(ch, "%s\n", __func__); intr = le16_to_cpu(current->command) & INTR_MASK; @@ -123,7 +132,7 @@ static void conditional_interrupt(DBDMA_channel *ch) return; case INTR_ALWAYS: /* always interrupt */ qemu_irq_raise(ch->irq); - DBDMA_DPRINTF("%s: raise\n", __func__); + DBDMA_DPRINTFCH(ch, "%s: raise\n", __func__); return; } @@ -138,13 +147,13 @@ static void conditional_interrupt(DBDMA_channel *ch) case INTR_IFSET: /* intr if condition bit is 1 */ if (cond) { qemu_irq_raise(ch->irq); - DBDMA_DPRINTF("%s: raise\n", __func__); + DBDMA_DPRINTFCH(ch, "%s: raise\n", __func__); } return; case INTR_IFCLR: /* intr if condition bit is 0 */ if (!cond) { qemu_irq_raise(ch->irq); - DBDMA_DPRINTF("%s: raise\n", __func__); + DBDMA_DPRINTFCH(ch, "%s: raise\n", __func__); } return; } @@ -158,7 +167,7 @@ static int conditional_wait(DBDMA_channel *ch) uint32_t status; int cond; - DBDMA_DPRINTF("conditional_wait\n"); + DBDMA_DPRINTFCH(ch, "conditional_wait\n"); wait = le16_to_cpu(current->command) & WAIT_MASK; @@ -217,7 +226,7 @@ static void conditional_branch(DBDMA_channel *ch) uint32_t status; int cond; - DBDMA_DPRINTF("conditional_branch\n"); + DBDMA_DPRINTFCH(ch, "conditional_branch\n"); /* check if we must branch */ @@ -262,7 +271,7 @@ static void dbdma_end(DBDMA_io *io) DBDMA_channel *ch = io->channel; dbdma_cmd *current = &ch->current; - DBDMA_DPRINTF("%s\n", __func__); + DBDMA_DPRINTFCH(ch, "%s\n", __func__); if (conditional_wait(ch)) goto wait; @@ -288,13 +297,13 @@ wait: static void start_output(DBDMA_channel *ch, int key, uint32_t addr, uint16_t req_count, int is_last) { - DBDMA_DPRINTF("start_output\n"); + DBDMA_DPRINTFCH(ch, "start_output\n"); /* KEY_REGS, KEY_DEVICE and KEY_STREAM * are not implemented in the mac-io chip */ - DBDMA_DPRINTF("addr 0x%x key 0x%x\n", addr, key); + DBDMA_DPRINTFCH(ch, "addr 0x%x key 0x%x\n", addr, key); if (!addr || key > KEY_STREAM3) { kill_channel(ch); return; @@ -314,13 +323,13 @@ static void start_output(DBDMA_channel *ch, int key, uint32_t addr, static void start_input(DBDMA_channel *ch, int key, uint32_t addr, uint16_t req_count, int is_last) { - DBDMA_DPRINTF("start_input\n"); + DBDMA_DPRINTFCH(ch, "start_input\n"); /* KEY_REGS, KEY_DEVICE and KEY_STREAM * are not implemented in the mac-io chip */ - DBDMA_DPRINTF("addr 0x%x key 0x%x\n", addr, key); + DBDMA_DPRINTFCH(ch, "addr 0x%x key 0x%x\n", addr, key); if (!addr || key > KEY_STREAM3) { kill_channel(ch); return; @@ -343,7 +352,7 @@ static void load_word(DBDMA_channel *ch, int key, uint32_t addr, dbdma_cmd *current = &ch->current; uint32_t val; - DBDMA_DPRINTF("load_word\n"); + DBDMA_DPRINTFCH(ch, "load_word\n"); /* only implements KEY_SYSTEM */ @@ -382,7 +391,7 @@ static void store_word(DBDMA_channel *ch, int key, uint32_t addr, dbdma_cmd *current = &ch->current; uint32_t val; - DBDMA_DPRINTF("store_word\n"); + DBDMA_DPRINTFCH(ch, "store_word\n"); /* only implements KEY_SYSTEM */ @@ -445,7 +454,7 @@ static void channel_run(DBDMA_channel *ch) uint16_t req_count; uint32_t phy_addr; - DBDMA_DPRINTF("channel_run\n"); + DBDMA_DPRINTFCH(ch, "channel_run\n"); dump_dbdma_cmd(current); /* clear WAKE flag at command fetch */ @@ -539,9 +548,9 @@ static void DBDMA_run_bh(void *opaque) { DBDMAState *s = opaque; - DBDMA_DPRINTF("DBDMA_run_bh\n"); - + DBDMA_DPRINTF("-> DBDMA_run_bh\n"); DBDMA_run(s); + DBDMA_DPRINTF("<- DBDMA_run_bh\n"); } void DBDMA_kick(DBDMAState *dbdma) @@ -556,7 +565,7 @@ void DBDMA_register_channel(void *dbdma, int nchan, qemu_irq irq, DBDMAState *s = dbdma; DBDMA_channel *ch = &s->channels[nchan]; - DBDMA_DPRINTF("DBDMA_register_channel 0x%x\n", nchan); + DBDMA_DPRINTFCH(ch, "DBDMA_register_channel 0x%x\n", nchan); assert(rw); assert(flush); @@ -600,7 +609,7 @@ dbdma_control_write(DBDMA_channel *ch) status &= ~FLUSH; } - DBDMA_DPRINTF(" status 0x%08x\n", status); + DBDMA_DPRINTFCH(ch, " status 0x%08x\n", status); ch->regs[DBDMA_STATUS] = status; @@ -617,10 +626,10 @@ static void dbdma_write(void *opaque, hwaddr addr, DBDMA_channel *ch = &s->channels[channel]; int reg = (addr - (channel << DBDMA_CHANNEL_SHIFT)) >> 2; - DBDMA_DPRINTF("writel 0x" TARGET_FMT_plx " <= 0x%08"PRIx64"\n", - addr, value); - DBDMA_DPRINTF("channel 0x%x reg 0x%x\n", - (uint32_t)addr >> DBDMA_CHANNEL_SHIFT, reg); + DBDMA_DPRINTFCH(ch, "writel 0x" TARGET_FMT_plx " <= 0x%08"PRIx64"\n", + addr, value); + DBDMA_DPRINTFCH(ch, "channel 0x%x reg 0x%x\n", + (uint32_t)addr >> DBDMA_CHANNEL_SHIFT, reg); /* cmdptr cannot be modified if channel is ACTIVE */ @@ -671,9 +680,9 @@ static uint64_t dbdma_read(void *opaque, hwaddr addr, value = ch->regs[reg]; - DBDMA_DPRINTF("readl 0x" TARGET_FMT_plx " => 0x%08x\n", addr, value); - DBDMA_DPRINTF("channel 0x%x reg 0x%x\n", - (uint32_t)addr >> DBDMA_CHANNEL_SHIFT, reg); + DBDMA_DPRINTFCH(ch, "readl 0x" TARGET_FMT_plx " => 0x%08x\n", addr, value); + DBDMA_DPRINTFCH(ch, "channel 0x%x reg 0x%x\n", + (uint32_t)addr >> DBDMA_CHANNEL_SHIFT, reg); switch(reg) { case DBDMA_CONTROL: -- cgit v1.2.3-55-g7522 From 3f0d4128dc641f082c3631d610f843b0cdbb6e61 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Sun, 10 Jul 2016 19:08:55 +0100 Subject: dbdma: fix endian of DBDMA_CMDPTR_LO during branch The current DBDMA command is stored in little-endian format, so make sure we convert it to match our CPU when updating the DBDMA_CMDPTR_LO register. Signed-off-by: Mark Cave-Ayland Acked-by: Benjamin Herrenschmidt Signed-off-by: David Gibson --- hw/misc/macio/mac_dbdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hw') diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c index e692312dcc..c4ee38109d 100644 --- a/hw/misc/macio/mac_dbdma.c +++ b/hw/misc/macio/mac_dbdma.c @@ -213,7 +213,7 @@ static void branch(DBDMA_channel *ch) { dbdma_cmd *current = &ch->current; - ch->regs[DBDMA_CMDPTR_LO] = current->cmd_dep; + ch->regs[DBDMA_CMDPTR_LO] = le32_to_cpu(current->cmd_dep); ch->regs[DBDMA_STATUS] |= BT; dbdma_cmdptr_load(ch); } -- cgit v1.2.3-55-g7522 From e12f50b900bcc2079954c40828dcc167e4ace5cb Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Sun, 10 Jul 2016 19:08:56 +0100 Subject: dbdma: fix load_word/store_word value endianness The values to read/write to/from physical memory are copied directly to the physical address with no endian swapping required. Also add some extra information to debugging output while we are here. Signed-off-by: Mark Cave-Ayland Acked-by: Benjamin Herrenschmidt Signed-off-by: David Gibson --- hw/misc/macio/mac_dbdma.c | 24 +++++------------------- 1 file changed, 5 insertions(+), 19 deletions(-) (limited to 'hw') diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c index c4ee38109d..c5dd0ac16b 100644 --- a/hw/misc/macio/mac_dbdma.c +++ b/hw/misc/macio/mac_dbdma.c @@ -350,9 +350,8 @@ static void load_word(DBDMA_channel *ch, int key, uint32_t addr, uint16_t len) { dbdma_cmd *current = &ch->current; - uint32_t val; - DBDMA_DPRINTFCH(ch, "load_word\n"); + DBDMA_DPRINTFCH(ch, "load_word %d bytes, addr=%08x\n", len, addr); /* only implements KEY_SYSTEM */ @@ -362,14 +361,7 @@ static void load_word(DBDMA_channel *ch, int key, uint32_t addr, return; } - dma_memory_read(&address_space_memory, addr, &val, len); - - if (len == 2) - val = (val << 16) | (current->cmd_dep & 0x0000ffff); - else if (len == 1) - val = (val << 24) | (current->cmd_dep & 0x00ffffff); - - current->cmd_dep = val; + dma_memory_read(&address_space_memory, addr, ¤t->cmd_dep, len); if (conditional_wait(ch)) goto wait; @@ -389,9 +381,9 @@ static void store_word(DBDMA_channel *ch, int key, uint32_t addr, uint16_t len) { dbdma_cmd *current = &ch->current; - uint32_t val; - DBDMA_DPRINTFCH(ch, "store_word\n"); + DBDMA_DPRINTFCH(ch, "store_word %d bytes, addr=%08x pa=%x\n", + len, addr, le32_to_cpu(current->cmd_dep)); /* only implements KEY_SYSTEM */ @@ -401,13 +393,7 @@ static void store_word(DBDMA_channel *ch, int key, uint32_t addr, return; } - val = current->cmd_dep; - if (len == 2) - val >>= 16; - else if (len == 1) - val >>= 24; - - dma_memory_write(&address_space_memory, addr, &val, len); + dma_memory_write(&address_space_memory, addr, ¤t->cmd_dep, len); if (conditional_wait(ch)) goto wait; -- cgit v1.2.3-55-g7522 From 894993905daf9c56fee67e77d8f0f76889dc7b76 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Sun, 10 Jul 2016 19:08:57 +0100 Subject: dbdma: set FLUSH bit upon reception of flush command for unassigned DBDMA channels This fixes MacOS 9 whereby it continually flushes and polls the status bits until they are set to indicate a successful flush. Signed-off-by: Mark Cave-Ayland Acked-by: Benjamin Herrenschmidt Signed-off-by: David Gibson --- hw/misc/macio/mac_dbdma.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'hw') diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c index c5dd0ac16b..ef5b0a51ca 100644 --- a/hw/misc/macio/mac_dbdma.c +++ b/hw/misc/macio/mac_dbdma.c @@ -783,8 +783,18 @@ static void dbdma_unassigned_rw(DBDMA_io *io) static void dbdma_unassigned_flush(DBDMA_io *io) { DBDMA_channel *ch = io->channel; + dbdma_cmd *current = &ch->current; + uint16_t cmd; qemu_log_mask(LOG_GUEST_ERROR, "%s: use of unassigned channel %d\n", __func__, ch->channel); + + cmd = le16_to_cpu(current->command) & COMMAND_MASK; + if (cmd == OUTPUT_MORE || cmd == OUTPUT_LAST || + cmd == INPUT_MORE || cmd == INPUT_LAST) { + current->xfer_status = cpu_to_le16(ch->regs[DBDMA_STATUS] | FLUSH); + current->res_count = cpu_to_le16(io->len); + dbdma_cmdptr_save(ch); + } } void* DBDMA_init (MemoryRegion **dbdma_mem) -- cgit v1.2.3-55-g7522 From 2df778967b5d27c361c8f1389525d6c7e2dc9d10 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Sun, 10 Jul 2016 19:08:58 +0100 Subject: dbdma: reset io->processing flag for unassigned DBDMA channel rw accesses Otherwise MacOS 9 hangs upon shutdown. Signed-off-by: Mark Cave-Ayland Acked-by: Benjamin Herrenschmidt Signed-off-by: David Gibson --- hw/misc/macio/mac_dbdma.c | 1 + 1 file changed, 1 insertion(+) (limited to 'hw') diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c index ef5b0a51ca..15452b9a28 100644 --- a/hw/misc/macio/mac_dbdma.c +++ b/hw/misc/macio/mac_dbdma.c @@ -778,6 +778,7 @@ static void dbdma_unassigned_rw(DBDMA_io *io) DBDMA_channel *ch = io->channel; qemu_log_mask(LOG_GUEST_ERROR, "%s: use of unassigned channel %d\n", __func__, ch->channel); + ch->io.processing = false; } static void dbdma_unassigned_flush(DBDMA_io *io) -- cgit v1.2.3-55-g7522 From 21bb3093e6accd2d7d60531a472a34e40911acd9 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Tue, 12 Jul 2016 16:54:03 +1000 Subject: vfio/spapr: Remove stale ioctl() call This ioctl() call to VFIO_IOMMU_SPAPR_TCE_REMOVE was left over from an earlier version of the code and has since been folded into vfio_spapr_remove_window(). It wasn't caught because although the argument structure has been removed, the libc function remove() means this didn't trigger a compile failure. The ioctl() was also almost certain to fail silently and harmlessly with the bogus argument, so this wasn't caught in testing. Suggested-by: Paolo Bonzini Signed-off-by: David Gibson Reviewed-by: Alexey Kardashevskiy --- hw/vfio/spapr.c | 1 - 1 file changed, 1 deletion(-) (limited to 'hw') diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c index 0af342332c..7443d348d9 100644 --- a/hw/vfio/spapr.c +++ b/hw/vfio/spapr.c @@ -177,7 +177,6 @@ int vfio_spapr_create_window(VFIOContainer *container, error_report("Host doesn't support DMA window at %"HWADDR_PRIx", must be %"PRIx64, section->offset_within_address_space, (uint64_t)create.start_addr); - ioctl(container->fd, VFIO_IOMMU_SPAPR_TCE_REMOVE, &remove); return -EINVAL; } trace_vfio_spapr_create_window(create.page_shift, -- cgit v1.2.3-55-g7522 From 5cbc64de25973e9129c5a7897734a06ac64b9aff Mon Sep 17 00:00:00 2001 From: Bharata B Rao Date: Wed, 13 Jul 2016 12:20:20 +0530 Subject: spapr: Ensure CPU cores are added contiguously and removed in LIFO order If CPU core addition or removal is allowed in random order leading to holes in the core id range (and hence in the cpu_index range), migration can fail as migration with holes in cpu_index range isn't yet handled correctly. Prevent this situation by enforcing the addition in contiguous order and removal in LIFO order so that we never end up with holes in cpu_index range. Signed-off-by: Bharata B Rao Signed-off-by: David Gibson --- hw/ppc/spapr_cpu_core.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'hw') diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c index bc52b3c289..4bfc96bd5a 100644 --- a/hw/ppc/spapr_cpu_core.c +++ b/hw/ppc/spapr_cpu_core.c @@ -126,12 +126,23 @@ static void spapr_core_release(DeviceState *dev, void *opaque) void spapr_core_unplug(HotplugHandler *hotplug_dev, DeviceState *dev, Error **errp) { + sPAPRMachineState *spapr = SPAPR_MACHINE(OBJECT(hotplug_dev)); CPUCore *cc = CPU_CORE(dev); sPAPRDRConnector *drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, cc->core_id); sPAPRDRConnectorClass *drck; Error *local_err = NULL; + int smt = kvmppc_smt_threads(); + int index = cc->core_id / smt; + int spapr_max_cores = max_cpus / smp_threads; + int i; + for (i = spapr_max_cores - 1; i > index; i--) { + if (spapr->cores[i]) { + error_setg(errp, "core-id %d should be removed first", i * smt); + return; + } + } g_assert(drc); drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc); @@ -214,7 +225,7 @@ void spapr_core_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev, sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(OBJECT(hotplug_dev)); sPAPRMachineState *spapr = SPAPR_MACHINE(OBJECT(hotplug_dev)); int spapr_max_cores = max_cpus / smp_threads; - int index; + int index, i; int smt = kvmppc_smt_threads(); Error *local_err = NULL; CPUCore *cc = CPU_CORE(dev); @@ -252,6 +263,14 @@ void spapr_core_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev, goto out; } + for (i = 0; i < index; i++) { + if (!spapr->cores[i]) { + error_setg(&local_err, "core-id %d should be added first", + i * smt); + goto out; + } + } + out: g_free(base_core_type); error_propagate(errp, local_err); -- cgit v1.2.3-55-g7522