Peter Xu [Mon, 9 Jan 2017 08:55:53 +0000 (16:55 +0800)]
x86: ioapic: fix fail migration when irqchip=split
Split irqchip works based on the fact that we kept the first 24 gsi
routing entries inside KVM for userspace ioapic's use. When system
boot, we'll reserve these MSI routing entries before hand. However,
after migration, we forgot to re-configure it up in the destination
side. The result is, we'll get invalid gsi routing entries after
migration (all empty), and we get interrupts with vector=0, then
strange things happen, like keyboard hang.
The solution is simple - we update them after migration, which is a
one line fix.
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1483952153-7221-4-git-send-email-peterx@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Xu [Mon, 9 Jan 2017 08:55:52 +0000 (16:55 +0800)]
x86: ioapic: dump version for "info ioapic"
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1483952153-7221-3-git-send-email-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Xu [Mon, 9 Jan 2017 08:55:51 +0000 (16:55 +0800)]
x86: ioapic: add traces for ioapic
From time to time, there are issues with ioapic, either on guest side or
on hypervisor side. Good to have some persistent traces for better
triaging and debugging.
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1483952153-7221-2-git-send-email-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 4 Jan 2017 12:50:37 +0000 (13:50 +0100)]
hxtool: emit Texinfo headings as @subsection
Remove the colon, and add it in qemu-options-wrapper.h instead.
The introduction of @subsection also found a case where the table
was not closed and reopened around a heading, so fix it.
Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Caoxinhua [Wed, 4 Jan 2017 01:32:01 +0000 (09:32 +0800)]
qemu-thread: fix qemu_thread_set_name() race in qemu_thread_create()
QEMU will crash with the follow backtrace if the new created thread exited before
we call qemu_thread_set_name() for it.
(gdb) bt
#0 0x00007f9a68b095d7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007f9a68b0acc8 in __GI_abort () at abort.c:90
#2 0x00007f9a69cda389 in PAT_abort () from /usr/lib64/libuvpuserhotfix.so
#3 0x00007f9a69cdda0d in patchIllInsHandler () from /usr/lib64/libuvpuserhotfix.so
#4 <signal handler called>
#5 pthread_setname_np (th=140298470549248, name=name@entry=0x8cc74a "io-task-worker") at ../nptl/sysdeps/unix/sysv/linux/pthread_setname.c:49
#6 0x00000000007f5f20 in qemu_thread_set_name (thread=thread@entry=0x7ffd2ac09680, name=name@entry=0x8cc74a "io-task-worker") at util/qemu_thread_posix.c:459
#7 0x00000000007f679e in qemu_thread_create (thread=thread@entry=0x7ffd2ac09680, name=name@entry=0x8cc74a "io-task-worker",start_routine=start_routine@entry=0x7c1300 <qio_task_thread_worker>, arg=arg@entry=0x7f99b8001720, mode=mode@entry=1) at util/qemu_thread_posix.c:498
#8 0x00000000007c15b6 in qio_task_run_in_thread (task=task@entry=0x7f99b80033d0, worker=worker@entry=0x7bd920 <qio_channel_socket_connect_worker>, opaque=0x7f99b8003370, destroy=0x7c6220 <qapi_free_SocketAddress>) at io/task.c:133
#9 0x00000000007bda04 in qio_channel_socket_connect_async (ioc=0x7f99b80014c0, addr=0x37235d0, callback=callback@entry=0x54ad00 <qemu_chr_socket_connected>, opaque=opaque@entry=0x38118b0, destroy=destroy@entry=0x0) at io/channel_socket.c:191
#10 0x00000000005487f6 in socket_reconnect_timeout (opaque=0x38118b0) at qemu_char.c:4402
#11 0x00007f9a6a1533b3 in g_timeout_dispatch () from /usr/lib64/libglib-2.0.so.0
#12 0x00007f9a6a15299a in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#13 0x0000000000747386 in glib_pollfds_poll () at main_loop.c:227
#14 0x0000000000747424 in os_host_main_loop_wait (timeout=404000000) at main_loop.c:272
#15 0x0000000000747575 in main_loop_wait (nonblocking=nonblocking@entry=0) at main_loop.c:520
#16 0x0000000000557d31 in main_loop () at vl.c:2170
#17 0x000000000041c8b7 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:5083
Let's detach the new thread after calling qemu_thread_set_name().
Li Qiang [Wed, 4 Jan 2017 08:43:16 +0000 (00:43 -0800)]
serial: fix memory leak in serial exit
The serial_exit_core function doesn't free some resources.
This can lead memory leak when hotplug and unplug. This
patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-Id: <586cb5ab.f31d9d0a.38ac3.acf2@mx.google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Igor Mammedov [Fri, 30 Dec 2016 14:33:11 +0000 (15:33 +0100)]
pc: fix crash in rtc_set_memory() if initial cpu is marked as hotplugged
'hotplugged' propperty is meant to be used on migration side when migrating
source with hotplugged devices.
However though it not exacly correct usage of 'hotplugged' property
it's possible to set generic hotplugged property for CPU using
-cpu foo,hotplugged=on
or
-global foo.hotplugged=on
in this case qemu crashes with following backtrace:
...
because pc_cpu_plug() assumes that hotplugged CPU could appear only after
rtc/fw_cfg are initialized.
Fix crash by replacing assumption with explicit checks of rtc/fw_cfg
and updating them only if they were initialized.
Cc: qemu-stable@nongnu.org Reported-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1483108391-199542-1-git-send-email-imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 10 Jan 2017 10:54:52 +0000 (11:54 +0100)]
event_notifier: cleanups around event_notifier_set_handler
Remove the useless is_external argument. Since the iohandler
AioContext is never used for block devices, aio_disable_external
is never called on it. This lets us remove stubs/iohandler.c.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eduardo Habkost [Mon, 12 Dec 2016 18:31:01 +0000 (16:31 -0200)]
qom: Make all interface types abstract
"qom-list-types abstract=false" currently returns all interface
types, as if they were not abstract. Fix this by making sure all
interface types are abstract.
All interface types have instance_size == 0, so we can use
it to set abstract=true on type_initialize().
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <1481567461-2341-1-git-send-email-ehabkost@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 2 Jan 2017 10:03:33 +0000 (11:03 +0100)]
megasas: fix guest-triggered memory leak
If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
Avoid this by returning only the status from map_dcmd, and loading
cmd->iov_size in the caller.
Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
hangaohuai [Mon, 19 Dec 2016 06:03:36 +0000 (14:03 +0800)]
bugfix: vm halt when in reset looping
reset mc146818rtc device when RESET event happens.
Fix the problem:
1. Guest boot the second cpu, set CMOS_RESET_CODE 0x0a to protect selfboot;
2. VM being reset by others, hmp_system_reset;
3. seabios resume check the CMOS_RESET_CODE, if 0x0a, jump to the BDA
resume execution by jump via 40h:0067h;
4. Guest halt;
Signed-off-by: hangaohuai <hangaohuai@huawei.com>
Message-Id: <20161219060336.10176-1-hangaohuai@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Mon, 16 Jan 2017 12:41:35 +0000 (12:41 +0000)]
Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-2.9-pull-request' into staging
# gpg: Signature made Sat 14 Jan 2017 09:06:31 GMT
# gpg: using RSA key 0xF30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg: aka "Laurent Vivier <laurent@vivier.eu>"
# gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C
* remotes/vivier/tags/m68k-for-2.9-pull-request:
target-m68k: increment/decrement with SP
target-m68k: CAS doesn't need aligned access
target-m68k: manage pre-dec et post-inc in CAS
target-m68k: fix gen_flush_flags()
target-m68k: fix bit operation with immediate value
m68k: Remove PCI and USB from config file
target-m68k: Implement bfffo
target-m68k: Implement bitfield ops for memory
target-m68k: Implement bitfield ops for registers
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 16 Jan 2017 11:17:38 +0000 (11:17 +0000)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20170113' into staging
Fixes and more queued patches
# gpg: Signature made Fri 13 Jan 2017 20:00:53 GMT
# gpg: using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg: aka "Richard Henderson <rth@redhat.com>"
# gpg: aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC 16A4 AD12 70CC 4DD0 279B
* remotes/rth/tags/pull-tcg-20170113:
tcg/aarch64: Fix tcg_out_movi
tcg/aarch64: Fix addsub2 for 0+C
target/arm: Fix ubfx et al for aarch64
tcg/s390: Fix merge error with facilities
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Laurent Vivier [Fri, 13 Jan 2017 18:36:30 +0000 (19:36 +0100)]
target-m68k: fix gen_flush_flags()
gen_flush_flags() is setting unconditionally cc_op_synced to 1
and s->cc_op to CC_OP_FLAGS, whereas env->cc_op can be set
to something else by a previous tcg fragment.
We fix that by not setting cc_op_synced to 1
(except for gen_helper_flush_flags() that updates env->cc_op)
Thomas Huth [Fri, 6 Jan 2017 07:39:56 +0000 (08:39 +0100)]
m68k: Remove PCI and USB from config file
None of the ColdFire boards that we currently support has a PCI or
USB bus (and AFAIK the upcoming q800 machine does not support PCI
and USB either), so we do not need these settings the config file.
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
Message-Id: <20170106083956.53d08923@thl530> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
There were some patterns, like 0x0000_ffff_ffff_00ff, for which we
would select to begin a multi-insn sequence with MOVN, but would
fail to set the 0x0000 lane back from 0xffff.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Message-Id: <20161207180727.6286-3-rth@twiddle.net>
Peter Maydell [Fri, 13 Jan 2017 14:38:21 +0000 (14:38 +0000)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-and-machine-pull-request' into staging
x86 and machine queue, 2017-01-17
Includes i386, CPU, NUMA, and memory backends changes.
i386:
target/i386: Fix bad patch application to translate.c
CPU:
qmp: Report QOM type name on query-cpu-definitions
NUMA:
numa: make -numa parser dynamically allocate CPUs masks
Memory backends:
qom: remove unused header
monitor: reuse user_creatable_add_opts() instead of user_creatable_add()
monitor: fix qmp/hmp query-memdev not reporting IDs of memory backends
# gpg: Signature made Thu 12 Jan 2017 17:53:11 GMT
# gpg: using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-and-machine-pull-request:
qmp: Report QOM type name on query-cpu-definitions
numa: make -numa parser dynamically allocate CPUs masks
target/i386: Fix bad patch application to translate.c
monitor: fix qmp/hmp query-memdev not reporting IDs of memory backends
monitor: reuse user_creatable_add_opts() instead of user_creatable_add()
qom: remove unused header
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gerd Hoffmann [Fri, 13 Jan 2017 08:14:45 +0000 (09:14 +0100)]
sdl2: fix build failure on windows
Cc: Stefan Weil <sw@weilnetz.de> Cc: Samuel Thibault <samuel.thibault@gnu.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1484295285-8809-1-git-send-email-kraxel@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/kraxel/tags/pull-vga-20170111-1:
virtio-gpu: tag as not hotpluggable
virtio-gpu: Fix memory leak in virtio_gpu_load()
virtio-gpu: Recalculate VirtIOGPU::hostmem on VM load
display: cirrus: ignore source pitch value as needed in blit_is_unsafe
virtio-gpu: fix information leak in capset get dispatch
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eduardo Habkost [Wed, 16 Nov 2016 18:21:39 +0000 (16:21 -0200)]
qmp: Report QOM type name on query-cpu-definitions
The new typename attribute on query-cpu-definitions will be used
to help management software use device-list-properties to check
which properties can be set using -cpu or -global for the CPU
model.
Igor Mammedov [Tue, 10 Jan 2017 12:53:15 +0000 (13:53 +0100)]
monitor: fix qmp/hmp query-memdev not reporting IDs of memory backends
Considering 'id' is mandatory for user_creatable objects/backends
and user_creatable_add_type() always has it as an argument
regardless of where from it is called CLI/monitor or QMP,
Fix issue by adding 'id' property to hostmem backends and
set it in user_creatable_add_type() for every object that
implements 'id' property. Then later at query-memdev time
get 'id' from object directly.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <1484052795-158195-4-git-send-email-imammedo@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Igor Mammedov [Tue, 10 Jan 2017 12:53:14 +0000 (13:53 +0100)]
monitor: reuse user_creatable_add_opts() instead of user_creatable_add()
Simplify code by dropping ~57LOC by merging user_creatable_add()
into user_creatable_add_opts() and using the later from monitor.
Along with it allocate opts_visitor_new() once in user_creatable_add_opts().
As result we have one less API func and a more readable/simple
user_creatable_add_opts() vs user_creatable_add().
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <1484052795-158195-3-git-send-email-imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Peter Maydell [Thu, 12 Jan 2017 13:21:32 +0000 (13:21 +0000)]
Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20170110' into staging
TCG opcodes for extract, clz, ctz, ctpop
# gpg: Signature made Wed 11 Jan 2017 02:12:41 GMT
# gpg: using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg: aka "Richard Henderson <rth@redhat.com>"
# gpg: aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC 16A4 AD12 70CC 4DD0 279B
* remotes/rth/tags/pull-tcg-20170110: (65 commits)
tcg/i386: Handle ctpop opcode
tcg/ppc: Handle ctpop opcode
tcg: Use ctpop to generate ctz if needed
tests: New test-bitcnt
qemu/host-utils.h: Reduce the operation count in the fallback ctpop
target-i386: Use ctpop helper
target-tilegx: Use ctpop helper
target-sparc: Use ctpop helper
target-s390x: Avoid a loop for popcnt
target-ppc: Use ctpop helper
target-alpha: Use ctpop helper
tcg: Add opcode for ctpop
target-xtensa: Use clrsb helper
target-tricore: Use clrsb helper
target-arm: Use clrsb helper
tcg: Add helpers for clrsb
tcg/i386: Rely on undefined/undocumented behaviour of BSF/BSR
tcg/i386: Handle ctz and clz opcodes
tcg/i386: Allow bmi2 shiftx to have non-matching operands
tcg/i386: Hoist common arguments in tcg_out_op
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Greg Kurz [Wed, 11 Jan 2017 08:49:32 +0000 (09:49 +0100)]
libqtest: handle zero length memwrite/memread
Some recently added tests pass a zero length to qtest_memwrite().
Unfortunately, the qtest protocol doesn't implement an on-the-wire
syntax for zero-length writes and the current code happily sends
garbage to QEMU. This causes intermittent failures.
It isn't worth the pain to enhance the protocol, so this patch
simply fixes the issue by "just return, doing nothing". The same
fix is applied to qtest_memread() since the issue also exists in
the QEMU part of the "memread" command.
Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 148412457273.22750.983275587432075569.stgit@bahia Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Mon, 7 Nov 2016 14:41:09 +0000 (14:41 +0000)]
travis: add Trusty with clang stable build
Although we've reduced the matrix to avoid repeating clang builds we can
still add an additional clang build to use the latest stable version of
clang which will typically be available on current distros.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
We test with both gcc and clang in order to detect cases
where clang issues warnings that gcc misses. To achieve
this though we don't need to build QEMU in multiple
different configurations. Just a single clang-on-linux
build will be sufficient, if we have an "all enabled"
config.
This cuts the number of build jobs from 21 to 16,
reducing the load imposed on shared Travis CI infra.
This will make it practical to enable jobs for other
interesting & useful configurations without DOS'ing
Travis to much.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Peter Maydell [Mon, 9 Jan 2017 13:38:43 +0000 (13:38 +0000)]
virtio-gpu: Fix memory leak in virtio_gpu_load()
Coverity points out that if we fail in the "creating resources"
loop in virtio_gpu_load() we will leak various resources (CID 1356431).
Failing a VM load is going to leave the simulation in a complete mess,
but we can tidy up to the point that a full system reset should
get us back to sanity.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1483969123-14839-3-git-send-email-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Peter Maydell [Mon, 9 Jan 2017 13:38:42 +0000 (13:38 +0000)]
virtio-gpu: Recalculate VirtIOGPU::hostmem on VM load
The 'hostmem' field in VirtIOGPU is used to track the total memory
used in pixmaps so that we can impose a maximum limit on it.
However this field is neither migrated nor recalculated on
VM load, which means that after a migration it will be incorrectly
too low, which can allow the guest to use more pixmap memory
than it should. The per-resource hostmem fields are not filled
in either as we reallocate them in the load function.
Recalculate the memory used for each pixmap and the total memory
used as we reallocate the pixmaps in virtio_gpu_load().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1483969123-14839-2-git-send-email-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Bruce Rogers [Mon, 9 Jan 2017 20:35:20 +0000 (13:35 -0700)]
display: cirrus: ignore source pitch value as needed in blit_is_unsafe
Commit 4299b90 added a check which is too broad, given that the source
pitch value is not required to be initialized for solid fill operations.
This patch refines the blit_is_unsafe() check to ignore source pitch in
that case. After applying the above commit as a security patch, we
noticed the SLES 11 SP4 guest gui failed to initialize properly.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Message-id: 20170109203520.5619-1-brogers@suse.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Li Qiang [Tue, 1 Nov 2016 12:37:57 +0000 (05:37 -0700)]
virtio-gpu: fix information leak in capset get dispatch
In virgl_cmd_get_capset function, it uses g_malloc to allocate
a response struct to the guest. As the 'resp'struct hasn't been full
initialized it will lead the 'resp->padding' field to the guest.
Use g_malloc0 to avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 58188cae.4a6ec20a.3d2d1.aff2@mx.google.com
Alex Bennée [Fri, 9 Dec 2016 14:36:00 +0000 (14:36 +0000)]
tests: New test-bitcnt
Add some unit tests for bit count functions (currently only ctpop). As
the routines are based on the Hackers Delight optimisations I based
the test patterns on their tests.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
The number of actual invocations of ctpop itself does not warrent
an opcode, but it is very helpful for POWER7 to use in generating
an expansion for ctz.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
tcg/i386: Rely on undefined/undocumented behaviour of BSF/BSR
The ISA manual documents the output is undefined if the input was zero.
However, we document in target-i386 that the behavior of real silicon
is to preserve the contents of the output register. We also mention
that there are real applications that depend on this. That this is
baked into silicon is mentioned as a potential cause for some false
sharing behaviour wrt lzcnt/tzcnt.
Taking advantage of this allows us to save 2 insns in the normal case,
and 4 insns for i686 emulating a 64-bit clz.
Signed-off-by: Richard Henderson <rth@twiddle.net>
projects / mirror_qemu.git / log