v2.12.0-2321-gb34181056c: vcpu hotplug crashes qemu-kvm with segfault

Bug #1780928 reported by Satheesh Rajendran on 2018-07-10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Greg Kurz

Bug Description

vcpu hotplug crashes upstream qemu(v2.12.0-2321-gb34181056c), vcpu hotplug works fine in v2.12.0-rc4.

Host: Power8, kernel: 4.18.0-rc2-00037-g6f0d349d922b
Guest: Power8, kernel: 4.18.0-rc3-00183-gc42c12a90545 (base image: fedora27 ppc64le)

/usr/share/avocado-plugins-vt/build/qemu/ppc64-softmmu/qemu-system-ppc64 -M pseries,accel=kvm,max-cpu-compat=power8 -m 8192 -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x2 -drive file=/var/lib/avocado/data/avocado-vt/images/jeos-27-ppc64le.qcow2,format=qcow2,if=none,id=drive1 -device scsi-hd,drive=drive1,bus=scsi0.0 -smp 1,cores=1,threads=1,sockets=1,maxcpus=8 -serial /dev/pts/0 -monitor stdio -vga none -nographic -kernel /home/kvmci/linux/vmlinux -append 'root=/dev/sda2 rw console=tty0 console=ttyS0,115200 init=/sbin/init initcall_debug' -nic user,model=virtio-net-pci
QEMU 2.12.50 monitor - type 'help' for more information
(qemu) device_add host-spapr-cpu-core,id=core1,core-id=1
Segmentation fault (core dumped)

Guest initial cpu:
# lscpu
Architecture: ppc64le
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 1
Model: 2.1 (pvr 004b 0201)
Model name: POWER8 (architected), altivec supported
Hypervisor vendor: KVM
Virtualization type: para
L1d cache: 64K
L1i cache: 32K
NUMA node0 CPU(s): 0

Bharata B Rao (bharata-rao) wrote :

Reverting the below comment makes CPU hotplug work again:

commit a028dd423ee6dfd091a8c63028240832bf10f671

    ppc/xics: introduce ICP DeviceRealize and DeviceReset handlers

    This changes the ICP realize and reset handlers in DeviceRealize and
    DeviceReset handlers. parent handlers are now called from the
    inheriting classes which is a cleaner object pattern.

Changed in qemu:
status: New → Confirmed
Greg Kurz (gkurz) on 2018-07-10
Changed in qemu:
assignee: nobody → Greg Kurz (gkurz)
Greg Kurz (gkurz) wrote :

The parent class (ie, TYPE_ICP) doesn't implement DeviceClass::reset(). It directly registers a reset handler with qemu_register_reset() instead. This is needed for cold plugged ICPs to be reset during machine reset since they're not SysBus devices.

Cedric's patch missed that, but rather than reverting it, I'd rather go forward and:
- introduce an abstract TYPE_ICP_BASE class that implements DeviceClass::reset()
- have the current TYPE_ICP and all other specialized ICP types to derive from TYPE_ICP_BASE
- have all specialized ICP types to register reset handlers with qemu_register_reset()

This would match what was recently done with the ICS types.

Greg Kurz (gkurz) wrote :
Changed in qemu:
status: Confirmed → Fix Committed
Thomas Huth (th-huth) on 2018-08-21
Changed in qemu:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers