qemu/include/hw
Cédric Le Goater 13df93244e spapr/xive: fix EQ page addresses above 64GB
The high order bits of the address of the OS event queue is stored in
bits [4-31] of word2 of the XIVE END internal structures and the low
order bits in word3. This structure is using Big Endian ordering and
computing the value requires some simple arithmetic which happens to
be wrong. The mask removing bits [0-3] of word2 is applied to the
wrong value and the resulting address is bogus when above 64GB.

Guests with more than 64GB of RAM will allocate pages for the OS event
queues which will reside above the 64GB limit. In this case, the XIVE
device model will wake up the CPUs in case of a notification, such as
IPIs, but the update of the event queue will be written at the wrong
place in memory. The result is uncertain as the guest memory is
trashed and IPI are not delivered.

Introduce a helper xive_end_qaddr() to compute this value correctly in
all places where it is used.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20190508171946.657-3-clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-05-29 11:39:44 +10:00
..
acpi hw/arm/virt-acpi-build: pass AcpiMcfgInfo to build_mcfg() 2019-05-20 18:40:02 -04:00
adc STM32F2xx: Add the ADC device 2016-10-04 13:28:07 +01:00
arm hw/arm/bcm2835: Use object_initialize() on PL011State 2019-05-24 15:29:02 -03:00
audio Clean up header guards that don't match their file name 2019-05-13 08:58:55 +02:00
block pflash_cfi01: New pflash_cfi01_legacy_drive() 2019-05-07 12:55:02 +01:00
char hw/char/pl011: Support all interrupt lines 2019-02-21 18:17:46 +00:00
core hw/core/split-irq: Device that splits IRQ lines 2018-03-02 11:03:45 +00:00
cpu Clean up includes 2019-05-13 08:58:55 +02:00
cris char: rename CharDriverState Chardev 2017-01-27 18:07:59 +01:00
display hw/display/ramfb: initialize fw-config space with xres/ yres 2019-05-24 09:10:29 +02:00
dma hw/dma/pl080: Don't use CPU address space for DMA accesses 2018-08-20 11:24:33 +01:00
firmware hw/smbios: fix offset of type 3 sku field 2019-02-22 10:51:31 -05:00
gpio hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral 2019-01-07 15:23:47 +00:00
hyperv hyperv: process POST_MESSAGE hypercall 2018-10-19 13:44:14 +02:00
i2c i2c-ddc: move it to hw/display 2019-05-07 09:56:10 +02:00
i386 ioapic: allow buggy guests mishandling level-triggered interrupts to make progress 2019-05-17 15:19:39 +02:00
ide hw/ide: drop iov field from IDEDMA 2019-02-22 09:42:13 +00:00
input hw/devices: Move TI touchscreen declarations into a new header 2019-04-29 17:57:21 +01:00
intc Clean up header guards that don't match their file name 2019-05-13 08:58:55 +02:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi qom: make interface types abstract 2018-12-11 15:45:22 -02:00
isa qom: make interface types abstract 2018-12-11 15:45:22 -02:00
kvm
lm32 intc: make HMP 'info irq' and 'info pic' commands use InterruptStatsProvider interface 2016-10-04 10:00:25 +02:00
m68k hw/char/mcf_uart: QOMify the ColdFire UART 2017-02-16 14:06:56 +01:00
mem nvdimm: Rename AcpiNVDIMMState into NVDIMMState 2019-03-11 10:44:21 -03:00
mips hw/mips: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
misc leon3: introduce the plug and play mechanism 2019-05-17 09:17:11 +01:00
net Clean up header guards that don't match their file name 2019-05-13 08:58:55 +02:00
nvram hw/nvram/fw_cfg: Add fw_cfg_arch_key_name() 2019-05-23 14:10:31 +02:00
pci pci: msix: move 'MSIX_CAP_LENGTH' to header file 2019-05-22 17:35:27 +02:00
pci-bridge Clean up includes 2018-02-09 05:05:11 +01:00
pci-host Clean up decorations and whitespace around header guards 2019-05-13 08:58:55 +02:00
ppc spapr/xive: fix EQ page addresses above 64GB 2019-05-29 11:39:44 +10:00
rdma {hmp, hw/pvrdma}: Expose device internals via monitor interface 2019-03-16 15:52:44 +02:00
riscv target/riscv: Add a base 32 and 64 bit CPU 2019-05-24 12:09:23 -07:00
s390x s390/css: handle CCW_FLAG_SKIP 2019-05-17 08:16:02 +02:00
scsi Normalize header guard symbol definition. 2019-05-13 08:58:55 +02:00
sd sdcard: Reflect when the Spec v3 is supported in the Config Register (SCR) 2018-06-08 13:15:34 +01:00
semihosting semihosting: enable chardev backed output for console 2019-05-28 10:28:50 +01:00
sh4 avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
sparc grlib, apbuart: get rid of the old-style create function 2019-05-17 09:17:11 +01:00
ssi aspeed/smc: snoop SPI transfers to fake dummy cycles 2019-01-29 11:46:05 +00:00
timer arm: Move system_clock_scale to armv7m_systick.h 2019-05-23 14:47:43 +01:00
tricore Clean up header guards that don't match their file name 2016-07-12 16:19:16 +02:00
unicore32 hw/unicore32: restrict hw addr defines to source file 2017-12-18 17:07:02 +03:00
usb usb: Add basic code to emulate Chipidea USB IP 2018-02-09 10:40:30 +00:00
vfio VFIO updates 2019-03-11 2019-03-12 13:37:29 +00:00
virtio vhost-user-blk: Add support to reconnect backend 2019-05-20 18:40:02 -04:00
watchdog Clean up header guards that don't match their file name 2019-05-13 08:58:55 +02:00
xen Clean up ill-advised or unusual header guards 2019-05-13 08:58:55 +02:00
xtensa Clean up ill-advised or unusual header guards 2019-05-13 08:58:55 +02:00
boards.h vl.c: make find_default_machine() local 2019-04-25 14:16:41 -03:00
bt.h char: rename CharDriverState Chardev 2017-01-27 18:07:59 +01:00
elf_ops.h elf-ops.h: Add get_elf_note_type() 2019-02-05 16:50:16 +01:00
empty_slot.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
fw-path-provider.h qom: make interface types abstract 2018-12-11 15:45:22 -02:00
hotplug.h qom: make interface types abstract 2018-12-11 15:45:22 -02:00
hw.h migration: Split qemu-file.h 2017-06-01 18:49:22 +02:00
ide.h ide/via: Rename functions to match device name 2019-01-25 14:52:12 -05:00
irq.h hw/core/split-irq: Device that splits IRQ lines 2018-03-02 11:03:45 +00:00
loader-fit.h Use #include "..." for our own headers, <...> for others 2018-02-09 05:05:11 +01:00
loader.h elf: Add optional function ptr to load_elf() to parse ELF notes 2019-02-05 16:50:16 +01:00
nmi.h qom: make interface types abstract 2018-12-11 15:45:22 -02:00
or-irq.h hw/core/or-irq: Support more than 16 inputs to an OR gate 2018-06-15 15:23:34 +01:00
pcmcia.h hw/pcmcia: Remove PCMCIACardState from "qemu/typedefs.h" 2019-01-22 05:14:32 +01:00
platform-bus.h platform-bus-device: use device plug callback instead of machine_done notifier 2018-05-10 18:10:56 +01:00
ptimer.h ptimer: Add TRIGGER_ONLY_ON_DECREMENT policy option 2018-07-09 14:51:34 +01:00
qdev-core.h Revert "globals: Allow global properties to be optional" 2019-05-20 18:40:02 -04:00
qdev-dma.h
qdev-properties.h qapi: Define PCIe link speed and width properties 2018-12-19 16:48:16 -05:00
qdev.h
register.h hw: register: Run post_write hook on reset 2018-03-01 11:05:43 +00:00
registerfields.h Use #include "..." for our own headers, <...> for others 2018-02-09 05:05:11 +01:00
stream.h qom: make interface types abstract 2018-12-11 15:45:22 -02:00
sysbus.h core/sysbus: remove the SysBusDeviceClass::init path 2018-12-13 13:48:03 +00:00
usb.h qemu/queue.h: simplify reverse access to QTAILQ 2019-01-11 15:46:55 +01:00