[Qemu-ppc] [PULL 10/36] spapr_rtas: Prevent QEMU crash during hotplug wi

qemu-ppc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-ppc] [PULL 10/36] spapr_rtas: Prevent QEMU crash during hotplug wi

From:	David Gibson
Subject:	[Qemu-ppc] [PULL 10/36] spapr_rtas: Prevent QEMU crash during hotplug without a prior device_add
Date:	Wed, 23 Sep 2015 11:55:12 +1000

From: Bharata B Rao <address@hidden>

If drmgr is used in the guest to hotplug a device before a device_add
has been issued via the QEMU monitor, QEMU segfaults in configure_connector
call. This occurs due to accessing of NULL FDT which otherwise would have
been created and associated with the DRC during device_add command.

Check for NULL FDT and return failure from configure_connector call.
As per PAPR+, an error value of -9003 seems appropriate for this failure.

Signed-off-by: Bharata B Rao <address@hidden>
Cc: Michael Roth <address@hidden>
Reviewed-by: David Gibson <address@hidden>
Signed-off-by: David Gibson <address@hidden>
---
 hw/ppc/spapr_rtas.c        |  6 ++++++
 include/hw/ppc/spapr_drc.h | 15 ++++++++-------
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 5cbf9a0..2f8e25c 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -522,6 +522,12 @@ static void rtas_ibm_configure_connector(PowerPCCPU *cpu,
 
     drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
     fdt = drck->get_fdt(drc, NULL);
+    if (!fdt) {
+        DPRINTF("rtas_ibm_configure_connector: Missing FDT for DRC index: 
%xh\n",
+                drc_index);
+        rc = SPAPR_DR_CC_RESPONSE_NOT_CONFIGURABLE;
+        goto out;
+    }
 
     ccs = spapr_ccs_find(spapr, drc_index);
     if (!ccs) {
diff --git a/include/hw/ppc/spapr_drc.h b/include/hw/ppc/spapr_drc.h
index 60cda35..28ffeae 100644
--- a/include/hw/ppc/spapr_drc.h
+++ b/include/hw/ppc/spapr_drc.h
@@ -119,13 +119,14 @@ typedef enum {
 } sPAPRDREntitySense;
 
 typedef enum {
-    SPAPR_DR_CC_RESPONSE_NEXT_SIB       = 1, /* currently unused */
-    SPAPR_DR_CC_RESPONSE_NEXT_CHILD     = 2,
-    SPAPR_DR_CC_RESPONSE_NEXT_PROPERTY  = 3,
-    SPAPR_DR_CC_RESPONSE_PREV_PARENT    = 4,
-    SPAPR_DR_CC_RESPONSE_SUCCESS        = 0,
-    SPAPR_DR_CC_RESPONSE_ERROR          = -1,
-    SPAPR_DR_CC_RESPONSE_CONTINUE       = -2,
+    SPAPR_DR_CC_RESPONSE_NEXT_SIB         = 1, /* currently unused */
+    SPAPR_DR_CC_RESPONSE_NEXT_CHILD       = 2,
+    SPAPR_DR_CC_RESPONSE_NEXT_PROPERTY    = 3,
+    SPAPR_DR_CC_RESPONSE_PREV_PARENT      = 4,
+    SPAPR_DR_CC_RESPONSE_SUCCESS          = 0,
+    SPAPR_DR_CC_RESPONSE_ERROR            = -1,
+    SPAPR_DR_CC_RESPONSE_CONTINUE         = -2,
+    SPAPR_DR_CC_RESPONSE_NOT_CONFIGURABLE = -9003,
 } sPAPRDRCCResponse;
 
 typedef void (spapr_drc_detach_cb)(DeviceState *d, void *opaque);
-- 
2.4.3

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-ppc] [PULL 05/36] spapr: Make ibm, change-msi respect 3 return values, (continued)
- [Qemu-ppc] [PULL 05/36] spapr: Make ibm, change-msi respect 3 return values, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 06/36] spapr: SPLPAR Characteristics, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 24/36] spapr: Make hash table size a factor of maxram_size, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 20/36] spapr: Don't use QOM [*] syntax for DR connectors., David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 08/36] spapr_drc: Fix potential undefined behaviour, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 27/36] spapr: Provide better error message when slots exceed max allowed, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 21/36] spapr: Use QEMU limit for maximum CPUs number, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 26/36] spapr: Don't allow memory hotplug to memory less nodes, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 35/36] sPAPR: Revert don't enable EEH on emulated PCI devices, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 19/36] spapr_drc: use RTAS return codes for methods called by RTAS, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 10/36] spapr_rtas: Prevent QEMU crash during hotplug without a prior device_add, David Gibson <=
- [Qemu-ppc] [PULL 14/36] pseries: Fix incorrect calculation of threads per socket for chip-id, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 15/36] spapr: Enable in-kernel H_SET_MODE handling, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 16/36] spapr_pci: fix device tree props for MSI/MSI-X, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 17/36] spapr_drc: don't allow 'empty' DRCs to be unisolated or allocated, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 22/36] spapr: Add LMB DR connectors, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 07/36] spapr: add dumpdtb support, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 33/36] ppc/spapr: Fix buffer overflow in spapr_populate_drconf_memory(), David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 30/36] spapr: Support hotplug by specifying DRC count, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 36/36] sPAPR: Enable EEH on VFIO PCI device only, David Gibson, 2015/09/22
- [Qemu-ppc] [PULL 29/36] spapr: Revert to address@hidden representation for non-hotplugged memory, David Gibson, 2015/09/22

Prev by Date: [Qemu-ppc] [PULL 19/36] spapr_drc: use RTAS return codes for methods called by RTAS
Next by Date: [Qemu-ppc] [PULL 14/36] pseries: Fix incorrect calculation of threads per socket for chip-id
Previous by thread: [Qemu-ppc] [PULL 19/36] spapr_drc: use RTAS return codes for methods called by RTAS
Next by thread: [Qemu-ppc] [PULL 14/36] pseries: Fix incorrect calculation of threads per socket for chip-id
Index(es):
- Date
- Thread