Commit aab99135 authored by Bharata B Rao's avatar Bharata B Rao Committed by David Gibson
Browse files

spapr_drc: Prevent detach racing against attach for CPU DR 



If a CPU is hot removed while hotplug of the same is still in progress,
the guest crashes. Prevent this by ensuring that detach is done only
after attach has completed.

The existing code already prevents such race for PCI hotplug. However
given that CPU is a logical DR unlike PCI and starts with ISOLATED
state, we need a logic that works for CPU too.

Signed-off-by: default avatarBharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: default avatarMichael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: default avatarMichael Roth <mdroth@linux.vnet.ibm.com>
               [Don't set awaiting_attach for PCI devices]
Signed-off-by: default avatarDavid Gibson <david@gibson.dropbear.id.au>
parent 4a4b344c

hw/ppc/spapr_drc.c

+12 −0
Original line number Diff line number Diff line
@@ -140,6 +140,8 @@ static uint32_t set_allocation_state(sPAPRDRConnector *drc, 
            DPRINTFN("finalizing device removal");

            drck->detach(drc, DEVICE(drc->dev), drc->detach_cb,

                         drc->detach_cb_opaque, NULL);

        } else if (drc->allocation_state == SPAPR_DR_ALLOCATION_STATE_USABLE) {

            drc->awaiting_allocation = false;

        }

    }

    return RTAS_OUT_SUCCESS;
@@ -373,6 +375,10 @@ static void attach(sPAPRDRConnector *drc, DeviceState *d, void *fdt, 
    drc->signalled = (drc->type != SPAPR_DR_CONNECTOR_TYPE_PCI)

                     ? true : coldplug;



    if (drc->type != SPAPR_DR_CONNECTOR_TYPE_PCI) {

        drc->awaiting_allocation = true;

    }



    object_property_add_link(OBJECT(drc), "device",

                             object_get_typename(OBJECT(drc->dev)),

                             (Object **)(&drc->dev),
@@ -421,6 +427,12 @@ static void detach(sPAPRDRConnector *drc, DeviceState *d, 
        return;

    }



    if (drc->awaiting_allocation) {

        drc->awaiting_release = true;

        DPRINTFN("awaiting allocation to complete before removal");

        return;

    }



    drc->indicator_state = SPAPR_DR_INDICATOR_STATE_INACTIVE;



    if (drc->detach_cb) {

include/hw/ppc/spapr_drc.h

+1 −0
Original line number Diff line number Diff line
@@ -152,6 +152,7 @@ typedef struct sPAPRDRConnector { 


    bool awaiting_release;

    bool signalled;

    bool awaiting_allocation;



    /* device pointer, via link property */

    DeviceState *dev;