From c8721d35994fd3731e592f81ba2f9c08e7dc8c31 Mon Sep 17 00:00:00 2001
From: Bharata B Rao <bharata@linux.vnet.ibm.com>
Date: Wed, 3 Aug 2016 13:08:23 +1000
Subject: [PATCH 1/2] spapr: Error out when CPU hotplug is attempted on older
 pseries machines

CPU hotplug and coldplug aren't supported prior to pseries-2.7.  Further,
earlier machine types don't use CPU core objects at all.  These mean that
query-hotpluggable-cpus and coldplug on older pseries machines will crash
QEMU.  It also means that hotpluggable_cpus flag in query-machines will
be incorrectly set to true for pseries < 2.7, since it is based on the
presence of the query_hotpluggable_cpus hook.

- Don't assign the query_hotpluggable_cpus hook for pseries < 2.7
- query_hotpluggable_cpus should therefore never be called on pseries <
  2.7, so add an assert
- spapr_core_pre_plug() should fail hot/cold plug attempts for pseries <
  2.7, since core objects are never used there
- spapr_core_plug() should therefore never be called for pseries < 2.7, so
  add an assert.

Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
[dwg: Change from query_hotpluggable_cpus returning NULL for pseries < 2.7
 to not being called at all, reword commit message for accuracy]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/ppc/spapr.c          |  7 ++++++-
 hw/ppc/spapr_cpu_core.c | 19 ++++++-------------
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index fbbd0518ed..bce237189d 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2376,8 +2376,11 @@ static HotpluggableCPUList *spapr_query_hotpluggable_cpus(MachineState *machine)
     int i;
     HotpluggableCPUList *head = NULL;
     sPAPRMachineState *spapr = SPAPR_MACHINE(machine);
+    sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(machine);
     int spapr_max_cores = max_cpus / smp_threads;
 
+    g_assert(smc->dr_cpu_enabled);
+
     for (i = 0; i < spapr_max_cores; i++) {
         HotpluggableCPUList *list_item = g_new0(typeof(*list_item), 1);
         HotpluggableCPU *cpu_item = g_new0(typeof(*cpu_item), 1);
@@ -2432,7 +2435,9 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
     hc->plug = spapr_machine_device_plug;
     hc->unplug = spapr_machine_device_unplug;
     mc->cpu_index_to_socket_id = spapr_cpu_index_to_socket_id;
-    mc->query_hotpluggable_cpus = spapr_query_hotpluggable_cpus;
+    if (smc->dr_cpu_enabled) {
+        mc->query_hotpluggable_cpus = spapr_query_hotpluggable_cpus;
+    }
 
     smc->dr_lmb_enabled = true;
     smc->dr_cpu_enabled = true;
diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index ec81ee6088..170ed154a6 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -166,18 +166,11 @@ void spapr_core_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
     int index = cc->core_id / smp_threads;
     int smt = kvmppc_smt_threads();
 
+    g_assert(smc->dr_cpu_enabled);
+
     drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, index * smt);
     spapr->cores[index] = OBJECT(dev);
 
-    if (!smc->dr_cpu_enabled) {
-        /*
-         * This is a cold plugged CPU core but the machine doesn't support
-         * DR. So skip the hotplug path ensuring that the core is brought
-         * up online with out an associated DR connector.
-         */
-        return;
-    }
-
     g_assert(drc);
 
     /*
@@ -225,13 +218,13 @@ void spapr_core_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
     char *base_core_type = spapr_get_cpu_core_type(machine->cpu_model);
     const char *type = object_get_typename(OBJECT(dev));
 
-    if (strcmp(base_core_type, type)) {
-        error_setg(&local_err, "CPU core type should be %s", base_core_type);
+    if (!smc->dr_cpu_enabled) {
+        error_setg(&local_err, "CPU hotplug not supported for this machine");
         goto out;
     }
 
-    if (!smc->dr_cpu_enabled && dev->hotplugged) {
-        error_setg(&local_err, "CPU hotplug not supported for this machine");
+    if (strcmp(base_core_type, type)) {
+        error_setg(&local_err, "CPU core type should be %s", base_core_type);
         goto out;
     }
 

From 7005f7f81cef31bda895d3274c13854c143d3d8d Mon Sep 17 00:00:00 2001
From: Peter Xu <peterx@redhat.com>
Date: Wed, 3 Aug 2016 11:07:21 +0800
Subject: [PATCH 2/2] kvm-irqchip: only commit route when irqchip is used

Reported from Alexey Kardashevskiy:

3f1fea0fb5bf "kvm-irqchip: do explicit commit when update irq" produces
a crash on pseries guest running with VFIO on POWER8 machine as it does
not support KVM_CAP_IRQCHIP (KVM_CAP_IRQ_XICS is there instead). At the
result, KVMState::irq_routes is NULL when VFIO calls
kvm_irqchip_commit_routes.

This makes the routing update conditional.

Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 kvm-all.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/kvm-all.c b/kvm-all.c
index ef81ca532a..65608def36 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -1047,6 +1047,14 @@ void kvm_irqchip_commit_routes(KVMState *s)
 {
     int ret;
 
+    if (kvm_gsi_direct_mapping()) {
+        return;
+    }
+
+    if (!kvm_gsi_routing_enabled()) {
+        return;
+    }
+
     s->irq_routes->flags = 0;
     trace_kvm_irqchip_commit_routes();
     ret = kvm_vm_ioctl(s, KVM_SET_GSI_ROUTING, s->irq_routes);