Peter Maydell [Thu, 22 Aug 2019 13:15:34 +0000 (14:15 +0100)]
target/arm: Don't abort on M-profile exception return in linux-user mode
An attempt to do an exception-return (branch to one of the magic
addresses) in linux-user mode for M-profile should behave like
a normal branch, because linux-user mode is always going to be
in 'handler' mode. This used to work, but we broke it when we added
support for the M-profile security extension in commit d02a8698d7ae2bfed.
In that commit we allowed even handler-mode calls to magic return
values to be checked for and dealt with by causing an
EXCP_EXCEPTION_EXIT exception to be taken, because this is
needed for the FNC_RETURN return-from-non-secure-function-call
handling. For system mode we added a check in do_v7m_exception_exit()
to make any spurious calls from Handler mode behave correctly, but
forgot that linux-user mode would also be affected.
How an attempted return-from-non-secure-function-call in linux-user
mode should be handled is not clear -- on real hardware it would
result in return to secure code (not to the Linux kernel) which
could then handle the error in any way it chose. For QEMU we take
the simple approach of treating this erroneous return the same way
it would be handled on a CPU without the security extensions --
treat it as a normal branch.
The upshot of all this is that for linux-user mode we should never
do any of the bx_excret magic, so the code change is simple.
This ought to be a weird corner case that only affects broken guest
code (because Linux user processes should never be attempting to do
exception returns or NS function returns), except that the code that
assigns addresses in RAM for the process and stack in our linux-user
code does not attempt to avoid this magic address range, so
legitimate code attempting to return to a trampoline routine on the
stack can fall into this case. This change fixes those programs,
but we should also look at restricting the range of memory we
use for M-profile linux-user guests to the area that would be
real RAM in hardware.
Cc: qemu-stable@nongnu.org Reported-by: Christophe Lyon <christophe.lyon@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190822131534.16602-1-peter.maydell@linaro.org Fixes: https://bugs.launchpad.net/qemu/+bug/1840922 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 27 Aug 2019 12:19:31 +0000 (13:19 +0100)]
target/arm: Free TCG temps in trans_VMOV_64_sp()
The function neon_store_reg32() doesn't free the TCG temp that it
is passed, so the caller must do that. We got this right in most
places but forgot to free the TCG temps in trans_VMOV_64_sp().
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190827121931.26836-1-peter.maydell@linaro.org
Alex Bennée [Wed, 28 Aug 2019 16:53:07 +0000 (17:53 +0100)]
include/exec/cpu-defs.h: fix typo
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190828165307.18321-10-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Emilio G. Cota [Wed, 28 Aug 2019 16:53:05 +0000 (17:53 +0100)]
atomic_template: fix indentation in GEN_ATOMIC_HELPER
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190828165307.18321-8-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Emilio G. Cota [Wed, 28 Aug 2019 16:53:04 +0000 (17:53 +0100)]
tcg/README: fix typo s/afterwise/afterwards/
Afterwise is "wise after the fact", as in "hindsight".
Here we meant "afterwards" (as in "subsequently"). Fix it.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190828165307.18321-7-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 28 Aug 2019 16:53:03 +0000 (17:53 +0100)]
includes: remove stale [smp|max]_cpus externs
Commit a5e0b3311 removed these in favour of querying machine
properties. Remove the extern declarations as well.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190828165307.18321-6-alex.bennee@linaro.org Cc: Like Xu <like.xu@linux.intel.com>
Message-Id: <20190711130546.18578-1-alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Both functions, object_initialize() and object_property_add_child()
increase the reference counter of the new object, so one of the
references has to be dropped afterwards to get the reference
counting right. Otherwise the child object will not be properly
cleaned up when the parent gets destroyed.
Thus let's use now object_initialize_child() instead to get the
reference counting here right.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-7-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Both functions, object_initialize() and object_property_add_child()
increase the reference counter of the new object, so one of the
references has to be dropped afterwards to get the reference
counting right. Otherwise the child object will not be properly
cleaned up when the parent gets destroyed.
Thus let's use now object_initialize_child() instead to get the
reference counting here right.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-6-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/fsl-imx: Add the cpu as child of the SoC object
Child properties form the composition tree. All objects need to be
a child of another object. Objects can only be a child of one object.
Respect this with the i.MX SoC, to get a cleaner composition tree.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-5-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm: Use sysbus_init_child_obj for correct reference counting
Both object_initialize() and qdev_set_parent_bus() increase the
reference counter of the new object, so one of the references has
to be dropped afterwards to get the reference counting right.
In machine model code this refcount leak is not particularly
problematic because (unlike devices) machines will never be
created on demand via QMP, and they are never destroyed.
But in any case let's use the new sysbus_init_child_obj() instead
to get the reference counting here right.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-4-philmd@redhat.com
[PMM: rewrote commit message] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Both functions, object_initialize() and object_property_add_child()
increase the reference counter of the new object, so one of the
references has to be dropped afterwards to get the reference
counting right. Otherwise the child object will not be properly
cleaned up when the parent gets destroyed.
Thus let's use now object_initialize_child() instead to get the
reference counting here right.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-3-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm: Use ARM_CPU_TYPE_NAME() macro when appropriate
Commit ba1ba5cca introduce the ARM_CPU_TYPE_NAME() macro.
Unify the code base by use it in all places.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190823143249.8096-2-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The previous simplification got the order of operands to the
subtraction wrong. Since the 64-bit product is the subtrahend,
we must use a 64-bit subtract to properly compute the borrow
from the low-part of the product.
Fixes: 5f8cd06ebcf5 ("target/arm: Simplify SMMLA, SMMLAR, SMMLS, SMMLSR") Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190829013258.16102-1-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Auger [Thu, 22 Aug 2019 17:23:50 +0000 (19:23 +0200)]
hw/arm/smmuv3: Remove spurious error messages on IOVA invalidations
An IOVA/ASID invalidation is notified to all IOMMU Memory Regions
through smmuv3_inv_notifiers_iova/smmuv3_notify_iova.
When the notification occurs it is possible that some of the
PCIe devices associated to the notified regions do not have a
valid stream table entry. In that case we output a LOG_GUEST_ERROR
message, for example:
invalid sid=<SID> (L1STD span=0)
"smmuv3_notify_iova error decoding the configuration for iommu mr=<MR>
This is unfortunate as the user gets the impression that there
are some translation decoding errors whereas there are not.
This patch adds a new field in SMMUEventInfo that tells whether
the detection of an invalid STE must lead to an error report.
invalid_ste_allowed is set before doing the invalidations and
kept unset on actual translation.
The other configuration decoding error messages are kept since if the
STE is valid then the rest of the config must be correct.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20190822172350.12008-6-eric.auger@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Auger [Thu, 22 Aug 2019 17:23:49 +0000 (19:23 +0200)]
hw/arm/smmuv3: Log a guest error when decoding an invalid STE
Log a guest error when encountering an invalid STE.
Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190822172350.12008-5-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
memory_region_iommu_replay_all is not used. Remove it.
Signed-off-by: Eric Auger <eric.auger@redhat.com> Reported-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com>
Message-id: 20190822172350.12008-2-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Andrew Jeffery [Thu, 4 Jul 2019 05:51:50 +0000 (07:51 +0200)]
aspeed/timer: Provide back-pressure information for short periods
First up: This is not the way the hardware behaves.
However, it helps resolve real-world problems with short periods being
used under Linux. Commit 4451d3f59f2a ("clocksource/drivers/fttmr010:
Fix set_next_event handler") in Linux fixed the timer driver to
correctly schedule the next event for the Aspeed controller, and in
combination with 5daa8212c08e ("ARM: dts: aspeed: Describe random number
device") Linux will now set a timer with a period as low as 1us.
Configuring a qemu timer with such a short period results in spending
time handling the interrupt in the model rather than executing guest
code, leading to noticeable "sticky" behaviour in the guest.
The behaviour of Linux is correct with respect to the hardware, so we
need to improve our handling under emulation. The approach chosen is to
provide back-pressure information by calculating an acceptable minimum
number of ticks to be set on the model. Under Linux an additional read
is added in the timer configuration path to detect back-pressure, which
will never occur on hardware. However if back-pressure is observed, the
driver alerts the clock event subsystem, which then performs its own
next event dilation via a config option - d1748302f70b ("clockevents:
Make minimum delay adjustments configurable")
A minimum period of 5us was experimentally determined on a Lenovo
T480s, which I've increased to 20us for "safety".
Signed-off-by: Andrew Jeffery <andrew@aj.id.au> Reviewed-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20190704055150.4899-1-clg@kaod.org
[clg: - changed the computation of min_ticks to be done each time the
timer value is reloaded. It removes the ordering issue of the
timer and scu reset handlers but is slightly slower ]
- introduced TIMER_MIN_NS
- introduced calculate_min_ticks() ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 16 Aug 2019 12:58:02 +0000 (13:58 +0100)]
target/arm: Take exceptions on ATS instructions when needed
The translation table walk for an ATS instruction can result in
various faults. In general these are just reported back via the
PAR_EL1 fault status fields, but in some cases the architecture
requires that the fault is turned into an exception:
* synchronous stage 2 faults of any kind during AT S1E0* and
AT S1E1* instructions executed from NS EL1 fault to EL2 or EL3
* synchronous external aborts are taken as Data Abort exceptions
(This is documented in the v8A Arm ARM DDI0487A.e D5.2.11 and
G5.13.4.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20190816125802.25877-3-peter.maydell@linaro.org
Peter Maydell [Fri, 16 Aug 2019 12:58:01 +0000 (13:58 +0100)]
target/arm: Allow ARMCPRegInfo read/write functions to throw exceptions
Currently the only part of an ARMCPRegInfo which is allowed to cause
a CPU exception is the access function, which returns a value indicating
that some flavour of UNDEF should be generated.
For the ATS system instructions, we would like to conditionally
generate exceptions as part of the writefn, because some faults
during the page table walk (like external aborts) should cause
an exception to be raised rather than returning a value.
There are several ways we could do this:
* plumb the GETPC() value from the top level set_cp_reg/get_cp_reg
helper functions through into the readfn and writefn hooks
* add extra readfn_with_ra/writefn_with_ra hooks that take the GETPC()
value
* require the ATS instructions to provide a dummy accessfn,
which serves no purpose except to cause the code generation
to emit TCG ops to sync the CPU state
* add an ARM_CP_ flag to mark the ARMCPRegInfo as possibly
throwing an exception in its read/write hooks, and make the
codegen sync the CPU state before calling the hooks if the
flag is set
This patch opts for the last of these, as it is fairly simple
to implement and doesn't require invasive changes like updating
the readfn/writefn hook function prototype signature.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20190816125802.25877-2-peter.maydell@linaro.org
target/arm: Factor out unallocated_encoding for aarch32
Make this a static function private to translate.c.
Thus we can use the same idiom between aarch64 and aarch32
without actually sharing function implementations.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190826151536.6771-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Despite the fact that the text for the call to gen_exception_insn
is identical for aarch64 and aarch32, the implementation inside
gen_exception_insn is totally different.
This fixes exceptions raised from aarch64.
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190826151536.6771-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 3 Sep 2019 08:43:26 +0000 (09:43 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Pull request
# gpg: Signature made Tue 27 Aug 2019 21:16:27 BST
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/block-pull-request:
block/qcow2: implement .bdrv_co_pwritev(_compressed)_part
block/qcow2: implement .bdrv_co_preadv_part
block/qcow2: refactor qcow2_co_preadv to use buffer-based io
block/io: introduce bdrv_co_p{read, write}v_part
block/io: bdrv_aligned_pwritev: use and support qiov_offset
block/io: bdrv_aligned_preadv: use and support qiov_offset
block/io: bdrv_co_do_copy_on_readv: lazy allocation
block/io: bdrv_co_do_copy_on_readv: use and support qiov_offset
block: define .*_part io handlers in BlockDriver
block/io: refactor padding
util/iov: improve qemu_iovec_is_zero
util/iov: introduce qemu_iovec_init_extended
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Kővágó, Zoltán [Mon, 26 Aug 2019 19:59:02 +0000 (21:59 +0200)]
audio: omitting audiodev= parameter is only deprecated
Unfortunately, changes introduced in af2041ed2d "audio: audiodev=
parameters no longer optional when -audiodev present" breaks backward
compatibility. This patch changes the error into a deprecation warning.
Kővágó, Zoltán [Mon, 26 Aug 2019 19:59:01 +0000 (21:59 +0200)]
audio: fix invalid malloc size in audio_create_pdos
The code used sizeof(AudiodevAlsaPerDirectionOptions) instead of the
appropriate per direction options for the audio backend. If the size of
the actual audiodev's per direction options are larger than alsa's, it
could cause a buffer overflow.
However, alsa has three fields in per direction options: a string, an
uint32 and a bool. Oss has the same fields, coreaudio has a single
uint32, paaudio has a string and an uint32, all other backends only use
the common options, so currently no per direction options struct should
be larger than alsa's.
This reverts commit 45db1ac157 ("modules-test: ui-spice-app is not
built as module") and fixes commit d8aec9d9f1 ("display: add -display
spice-app launching a Spice client").
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20190827140241.20818-1-marcandre.lureau@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Most tracing backends are implemented within QEMU, except the
DTrace/SystemTap backends.
One side effect is when running 'qemu -trace help', an incomplete
list of trace events is displayed when using the DTrace/SystemTap
backends.
This is partly due to trace events registered as modules with
trace_init(), and since the events are not used within QEMU,
the linker optimize and remove the unused modules (which is
OK in this particular case).
Currently only the events compiled in trace-root.o and in the
last trace.o member of libqemuutil.a are linked, resulting in
an incomplete list of events.
To avoid confusion, improve the help message, recommending to
use the proper systemtap script to display the events list.
Before:
$ lm32-softmmu/qemu-system-lm32 -trace help 2>&1 | wc -l
70
After:
$ lm32-softmmu/qemu-system-lm32 -trace help
Run 'qemu-trace-stap list qemu-system-lm32' to print a list
of names of trace points with the DTrace/SystemTap backends.
$ qemu-trace-stap list qemu-system-lm32 | wc -l
1136
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190823142203.5210-1-philmd@redhat.com
Message-Id: <20190823142203.5210-1-philmd@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
block/io: bdrv_co_do_copy_on_readv: use and support qiov_offset
Use and support new API in bdrv_co_do_copy_on_readv. Note that in case
of allocated-in-top we need to shrink read size to MIN(..) by hand, as
pre-patch this was actually done implicitly by qemu_iovec_concat (and
we used local_qiov.size).
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-6-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-6-vsementsov@virtuozzo.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add handlers supporting qiov_offset parameter:
bdrv_co_preadv_part
bdrv_co_pwritev_part
bdrv_co_pwritev_compressed_part
This is used to reduce need of defining local_qiovs and hd_qiovs in all
corners of block layer code. The following patches will increase usage
of this new API part by part.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-5-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-5-vsementsov@virtuozzo.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We'll need to check a part of qiov soon, so implement it now.
Optimization with align down to 4 * sizeof(long) is dropped due to:
1. It is strange: it aligns length of the buffer, but where is a
guarantee that buffer pointer is aligned itself?
2. buffer_is_zero() is a better place for optimizations and it has
them.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-3-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-3-vsementsov@virtuozzo.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Introduce new initialization API, to create requests with padding. Will
be used in the following patch. New API uses qemu_iovec_init_buf if
resulting io vector has only one element, to avoid extra allocations.
So, we need to update qemu_iovec_destroy to support destroying such
QIOVs.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20190604161514.262241-2-vsementsov@virtuozzo.com
Message-Id: <20190604161514.262241-2-vsementsov@virtuozzo.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Anthony PERARD [Fri, 23 Aug 2019 10:15:34 +0000 (11:15 +0100)]
xen-bus: Avoid rewriting identical values to xenstore
When QEMU receives a xenstore watch event suggesting that the "state"
of the frontend changed, it records this in its own state but it also
re-write the value back into xenstore even so there were no change.
This triggers an unnecessary xenstore watch event which QEMU will
process again (and maybe the frontend as well). Also QEMU could
potentially write an already old value.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Message-Id: <20190823101534.465-3-anthony.perard@citrix.com>
Anthony PERARD [Fri, 23 Aug 2019 10:15:33 +0000 (11:15 +0100)]
xen-bus: Fix backend state transition on device reset
When a frontend wants to reset its state and the backend one, it
starts with setting "Closing", then waits for the backend (QEMU) to do
the same.
But when QEMU is setting "Closing" to its state, it triggers an event
(xenstore watch) that re-execute xen_device_backend_changed() and set
the backend state to "Closed". QEMU should wait for the frontend to
set "Closed" before doing the same.
Before setting "Closed" to the backend_state, we are also going to
check if there is a frontend. If that the case, when the backend state
is set to "Closing" the frontend should react and sets its state to
"Closing" then "Closed". The backend should wait for that to happen.
Fixes: b6af8926fb858c4f1426e5acb2cfc1f0580ec98a Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Message-Id: <20190823101534.465-2-anthony.perard@citrix.com>
Igor Druzhinin [Mon, 29 Jul 2019 19:29:23 +0000 (20:29 +0100)]
xen: cleanup IOREQ server on exit
Device model is supposed to destroy IOREQ server for itself.
Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com> Acked-by: Paul Durrant <paul.durrant@citrix.com>
Message-Id: <1564428563-1006-1-git-send-email-igor.druzhinin@citrix.com> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Anthony PERARD [Thu, 4 Jul 2019 15:36:05 +0000 (16:36 +0100)]
xen: Fix ring.h header
The xen_[rw]?mb() macros defined in ring.h can't be used and the fact
that there are gated behind __XEN_INTERFACE_VERSION__ means that it
needs to be defined somewhere. QEMU doesn't implement interfaces with
the Xen hypervisor so defining __XEN_INTERFACE_VERSION__ is pointless.
This leads to:
include/hw/xen/io/ring.h:47:5: error: "__XEN_INTERFACE_VERSION__"
is not defined, evaluates to 0 [-Werror=undef]
Cleanup ring.h. The xen_*mb() macros are already defined in xenctrl.h
which is included in xen_common.h.
Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190704153605.4140-1-anthony.perard@citrix.com>
[aperard: Adding the comment proposed upstream] Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Aurelien Jarno [Thu, 22 Aug 2019 17:45:14 +0000 (10:45 -0700)]
target/alpha: fix tlb_fill trap_arg2 value for instruction fetch
Commit e41c94529740cc26 ("target/alpha: Convert to CPUClass::tlb_fill")
slightly changed the way the trap_arg2 value is computed in case of TLB
fill. The type of the variable used in the ternary operator has been
changed from an int to an enum. This causes the -1 value to not be
sign-extended to 64-bit in case of an instruction fetch. The trap_arg2
ends up with 0xffffffff instead of 0xffffffffffffffff. Fix that by
changing the -1 into -1LL.
This fixes the execution of user space processes in qemu-system-alpha.
Fixes: e41c94529740cc26 Cc: qemu-stable@nongnu.org Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
[rth: Test MMU_DATA_LOAD and MMU_DATA_STORE instead of implying them.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* remotes/cohuck/tags/s390x-20190822:
s390x/mmu: Factor out storage key handling
s390x/mmu: Better storage key reference and change bit handling
s390x/tcg: Flush the TLB of all CPUs on SSKE and RRBE
s390x/tcg: Rework MMU selection for instruction fetches
s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug()
s390x/mmu: Trace the right value if setting/getting the storage key fails
s390x/tcg: Fix VERIM with 32/64 bit elements
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Thu, 22 Aug 2019 17:42:14 +0000 (19:42 +0200)]
modules-test: ui-spice-app is not built as module
$(call land, $(CONFIG_SPICE), $(CONFIG_GIO)) will never return "m" so
ui-spice-app is always linked into QEMU.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-id: 1566495734-23297-2-git-send-email-pbonzini@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 23 Aug 2019 09:58:28 +0000 (10:58 +0100)]
Merge remote-tracking branch 'remotes/elmarco/tags/podman-pull-request' into staging
tests/docker: add podman support
# gpg: Signature made Thu 22 Aug 2019 14:46:51 BST
# gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5
* remotes/elmarco/tags/podman-pull-request:
test: skip tests if socket_check_protocol_support() failed
test-char: skip tcp tests if ipv4 check failed
tests: specify the address family when checking bind
tests/docker: add podman support
docker.py: add podman support
docker.py: add --run-as-current-user
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 22 Aug 2019 16:57:09 +0000 (17:57 +0100)]
Merge remote-tracking branch 'remotes/berrange/tags/autofree-pull-request' into staging
require newer glib2 to enable autofree'ing of stack variables exiting scope
* Bump minium glib2 version to 2.48
* Convert much of the crypto code to use automatic memory free functions
# gpg: Signature made Thu 22 Aug 2019 11:51:59 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/autofree-pull-request:
crypto: use auto cleanup for many stack variables
crypto: define cleanup functions for use with g_autoptr
glib: bump min required glib library version to 2.48
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 22 Aug 2019 16:01:30 +0000 (17:01 +0100)]
Merge remote-tracking branch 'remotes/bkoppelmann2/tags/pull-tricore-20190822-1' into staging
Converted target/tricore to translate_loop
# gpg: Signature made Thu 22 Aug 2019 11:17:37 BST
# gpg: using RSA key 6E636A7E83F2DD0CFA6E6E370AD2C6396B69CA14
# gpg: issuer "kbastian@mail.uni-paderborn.de"
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>" [full]
# Primary key fingerprint: 6E63 6A7E 83F2 DD0C FA6E 6E37 0AD2 C639 6B69 CA14
* remotes/bkoppelmann2/tags/pull-tricore-20190822-1:
target/tricore: Fix tricore_tr_translate_insn
target/tricore: Implement a qemu excptions helper
target/tricore: Use translate_loop
target-tricore: Make env a member of DisasContext
target/tricore: Use DisasContextBase API
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Raphael Norwitz [Wed, 12 Jun 2019 00:35:17 +0000 (17:35 -0700)]
vhost-user-scsi: prevent using uninitialized vqs
Of the 3 virtqueues, seabios only sets cmd, leaving ctrl
and event without a physical address. This can cause
vhost_verify_ring_part_mapping to return ENOMEM, causing
the following logs:
qemu-system-x86_64: Unable to map available ring for ring 0
qemu-system-x86_64: Verify ring failure on region 0
The qemu commit e6cc11d64fc998c11a4dfcde8fda3fc33a74d844
has already resolved the issue for vhost scsi devices but
the fix was never applied to vhost-user scsi devices.
Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1560299717-177734-1-git-send-email-raphael.norwitz@nutanix.com
Message-Id: <1560299717-177734-1-git-send-email-raphael.norwitz@nutanix.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 23 Jul 2019 19:06:23 +0000 (20:06 +0100)]
util/async: hold AioContext ref to prevent use-after-free
The tests/test-bdrv-drain /bdrv-drain/iothread/drain test case does the
following:
1. The preadv coroutine calls aio_bh_schedule_oneshot() and then yields.
2. The one-shot BH executes in another AioContext. All it does is call
aio_co_wakeup(preadv_co).
3. The preadv coroutine is re-entered and returns.
There is a race condition in aio_co_wake() where the preadv coroutine
returns and the test case destroys the preadv IOThread. aio_co_wake()
can still be running in the other AioContext and it performs an access
to the freed IOThread AioContext.
Here is the race in aio_co_schedule():
QSLIST_INSERT_HEAD_ATOMIC(&ctx->scheduled_coroutines,
co, co_scheduled_next);
<-- race: co may execute before we invoke qemu_bh_schedule()!
qemu_bh_schedule(ctx->co_schedule_bh);
So if co causes ctx to be freed then we're in trouble. Fix this problem
by holding a reference to ctx.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20190723190623.21537-1-stefanha@redhat.com
Message-Id: <20190723190623.21537-1-stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Allow to specify the container engine to run with ENGINE variable.
By default, ENGINE=auto and will select either podman or docker.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Add a --engine option to select either docker, podman or auto.
Among other advantages, podman allows to run rootless & daemonless
containers, fortunately sharing compatible CLI with docker.
With current podman, we have to use a uidmap trick in order to be able
to rw-share the ccache directory with the container user.
With a user 1000, the default mapping is: 1000 (host) -> 0 (container).
So write access to /var/tmp/ccache ends will end with permission
denied error.
With "--uidmap 1000:0:1 --uidmap 0:1:1000", the mapping is:
1000 (host) -> 0 (container, 1st namespace) -> 1000 (container, 2nd namespace).
(the rest is mumbo jumbo to avoid holes in the range of UIDs)
A future podman version may have an option such as --userns-keep-uid.
Thanks to Debarshi Ray <rishi@redhat.com> for the help!
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
s390x/mmu: Better storage key reference and change bit handling
Any access sets the reference bit. In case we have a read-fault, we
should not allow writes to the TLB entry if the change bit was not
already set.
This is a preparation for proper storage-key reference/change bit handling
in TCG and a fix for KVM whereby read accesses would set the change
bit (old KVM versions without the ioctl to carry out the translation).
s390x/tcg: Flush the TLB of all CPUs on SSKE and RRBE
Whenever we modify a storage key, we should flush the TLBs of all CPUs,
so the MMU fault handling code can properly consider the changed storage
key (to e.g., properly set the reference and change bit on the next
accesses).
These functions are barely used in modern Linux guests, so the performance
implications are neglectable for now.
This is a preparation for better reference and change bit handling for
TCG, which will require more MMU changes.
Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190816084708.602-5-david@redhat.com> Acked-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
s390x/tcg: Rework MMU selection for instruction fetches
Instructions are always fetched from primary address space, except when
in home address mode. Perform the selection directly in cpu_mmu_index().
get_mem_index() is only used to perform data access, instructions are
fetched via cpu_lduw_code(), which translates to cpu_mmu_index(env, true).
We don't care about restricting the access permissions of the TLB
entries anymore, as we no longer enter PRIMARY entries into the
SECONDARY MMU. Cleanup related code a bit.
Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20190816084708.602-4-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug()
Let's select the ASC before calling the function. This is a prepararion
to remove the ASC magic depending on the access mode from mmu_translate.
There is currently no way to distinguish if we have code or data access.
For now, we were using code access, because especially when debugging with
the gdbstub, we want to read and disassemble what we single-step.
Note: KVM guest can now no longer be crashed using qmp/hmp/gdbstub if they
happen to be in AR mode.
Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20190816084708.602-3-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
we now fetch 2 bytes first, check whether we have a 32 bit insn, and only then
fetch another 2 bytes. We also make sure that a 16 bit insn that still fits
into the current page does not end up in the next page.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
this gets rid of the copied fields of TriCore's DisasContext and now
uses the shared DisasContextBase, which is necessary for the conversion
to translate_loop.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Simplify cleanup paths by using glib's auto cleanup macros for stack
variables, allowing several goto jumps / labels to be eliminated.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: define cleanup functions for use with g_autoptr
Allow crypto structs to be used with g_autoptr, avoiding the need to
explicitly call XXX_free() functions when variables go out of scope on
the stack.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
glib: bump min required glib library version to 2.40
This will result in us dropping support for Debian Jessie and
Ubuntu 14.04.
As per the commit message 14.04 was already outside our list
of supported build platforms and an exception was only made
because one of the build hosts used during merge testing was
stuck on 14.04.
Debian Jessie is justified to drop because we only aim to
support at most 2 major versions of Debian at any time. This
means Buster and Stretch at this time.
The g_strv_contains compat code is dropped as this API is
present since 2.44
The g_assert_cmpmem compat code is dropped as this API is
present since 2.46
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
BALATON Zoltan [Thu, 15 Aug 2019 22:18:09 +0000 (00:18 +0200)]
ati-vga: Implement dummy VBlank IRQ
The MacOS driver exits if the card does not have an interrupt. If we
set PCI_INTERRUPT_PIN to 1 then it enables VBlank interrupts and it
boots but the mouse pointer cannot be moved. This patch implements a
dummy VBlank interrupt triggered by a 60 Hz timer. With this the
pointer now moves but MacOS still hangs somewhere before completely
finishing boot.
* remotes/vivier2/tags/trivial-branch-pull-request:
hw/display: Compile various display devices as common object
hw/display/sm501: Remove unused include
spapr_events: Rewrite a fall through comment
vl: Rewrite a fall through comment
target/ppc: Rewrite a fall through comment
hw/ipmi: Rewrite a fall through comment
hw/dma/omap_dma: Move switch 'fall through' comment to correct place
json: Move switch 'fall through' comment to correct place
hw/net/e1000: Fix erroneous comment
.gitignore: ignore some vhost-user* related files
configure: fix sdl detection using sdl2-config
configure: remove obsoleted $sparc_cpu variable
misc: fix naming scheme of compatiblity arrays
test: Use g_strndup instead of plain strndup
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alberto Garcia [Mon, 12 Aug 2019 15:58:29 +0000 (18:58 +0300)]
char-socket: Lock tcp_chr_disconnect() and socket_reconnect_timeout()
There's a race condition in which the tcp_chr_read() ioc handler can
close a connection that is being written to from another thread.
Running iotest 136 in a loop triggers this problem and crashes QEMU.
(gdb) bt
#0 0x00005558b842902d in object_get_class (obj=0x0) at qom/object.c:860
#1 0x00005558b84f92db in qio_channel_writev_full (ioc=0x0, iov=0x7ffc355decf0, niov=1, fds=0x0, nfds=0, errp=0x0) at io/channel.c:76
#2 0x00005558b84e0e9e in io_channel_send_full (ioc=0x0, buf=0x5558baf5beb0, len=138, fds=0x0, nfds=0) at chardev/char-io.c:123
#3 0x00005558b84e4a69 in tcp_chr_write (chr=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138) at chardev/char-socket.c:135
#4 0x00005558b84dca55 in qemu_chr_write_buffer (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, offset=0x7ffc355dedd0, write_all=false) at chardev/char.c:112
#5 0x00005558b84dcbc2 in qemu_chr_write (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, write_all=false) at chardev/char.c:147
#6 0x00005558b84dfb26 in qemu_chr_fe_write (be=0x5558ba476610, buf=0x5558baf5beb0 "...", len=138) at chardev/char-fe.c:42
#7 0x00005558b8088c86 in monitor_flush_locked (mon=0x5558ba476610) at monitor.c:406
#8 0x00005558b8088e8c in monitor_puts (mon=0x5558ba476610, str=0x5558ba921e49 "") at monitor.c:449
#9 0x00005558b8089178 in qmp_send_response (mon=0x5558ba476610, rsp=0x5558bb161600) at monitor.c:498
#10 0x00005558b808920c in monitor_qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:526
#11 0x00005558b8089307 in monitor_qapi_event_queue_no_reenter (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:551
#12 0x00005558b80896c0 in qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:626
#13 0x00005558b855f23b in qapi_event_send_shutdown (guest=false, reason=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at qapi/qapi-events-run-state.c:43
#14 0x00005558b81911ef in qemu_system_shutdown (cause=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at vl.c:1837
#15 0x00005558b8191308 in main_loop_should_exit () at vl.c:1885
#16 0x00005558b819140d in main_loop () at vl.c:1924
#17 0x00005558b8198c84 in main (argc=18, argv=0x7ffc355df3f8, envp=0x7ffc355df490) at vl.c:4665
This patch adds a lock to protect tcp_chr_disconnect() and
socket_reconnect_timeout()
Signed-off-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Message-Id: <1565625509-404969-3-git-send-email-andrey.shinkevich@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <1565625509-404969-2-git-send-email-andrey.shinkevich@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Xu [Tue, 20 Aug 2019 14:13:28 +0000 (22:13 +0800)]
memory: Fix up memory_region_{add|del}_coalescing
The old memory_region_{add|clear}_coalescing() has some defects
because they both changed mr->coalesced before updating the regions
using memory_region_update_coalesced_range_as(). Then when the
regions were updated in memory_region_update_coalesced_range_as() the
mr->coalesced will always be either one more or one less. So:
- For memory_region_add_coalescing: it'll always trying to remove the
newly added coalesced region while it shouldn't, and,
- For memory_region_clear_coalescing: when it calls the update there
will be no coalesced ranges on mr->coalesced because they were all
removed before hand so the update will probably do nothing for real.
Let's fix this. Now we've got flat_range_coalesced_io_notify() to
notify a single CoalescedMemoryRange instance change, so use it in the
existing memory_region_update_coalesced_range() logic by only notify
either an addition or deletion. Then we hammer both the
memory_region_{add|clear}_coalescing() to use it.
Fixes: 3ac7d43a6fbb5d4a3 Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20190820141328.10009-5-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Xu [Tue, 20 Aug 2019 14:13:26 +0000 (22:13 +0800)]
memory: Remove has_coalesced_range counter
The has_coalesced_range could potentially be problematic in that it
only works for additions of coalesced mmio ranges but not deletions.
The reason is that has_coalesced_range information can be lost when
the FlatView updates the topology again when the updated region is not
covering the coalesced regions. When that happens, due to
flatrange_equal() is not checking against has_coalesced_range, the new
FlatRange will be seen as the same one as the old and the new
instance (whose has_coalesced_range will be zero) will replace the old
instance (whose has_coalesced_range _could_ be non-zero).
The counter was originally used to make sure every FlatRange will only
notify once for coalesced_io_{add|del} memory listeners, because each
FlatRange can be used by multiple address spaces, so logically
speaking it could be called multiple times. However we should not
limit that, because memory listeners should will only be registered
with specific address space rather than multiple address spaces.
So let's fix this up by simply removing the whole has_coalesced_range.
Fixes: 3ac7d43a6fbb5d4a3 Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20190820141328.10009-3-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Xu [Tue, 20 Aug 2019 14:13:25 +0000 (22:13 +0800)]
memory: Split zones when do coalesced_io_del()
It is a workaround of current KVM's KVM_UNREGISTER_COALESCED_MMIO
interface. The kernel interface only allows to unregister an mmio
device with exactly the zone size when registered, or any smaller zone
that is included in the device mmio zone. It does not support the
userspace to specify a very large zone to remove all the small mmio
devices within the zone covered.
Logically speaking it would be nicer to fix this from KVM side, though
in all cases we still need to coop with old kernels so let's do this.
Fixes: 3ac7d43a6fbb5d4a3 Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20190820141328.10009-2-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
qemu in general doesn't define CONFIG_FOO if it's false. This also
helps with the dumb kconfig parser from meson, as source_set considers
any non-empty value as true.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 18 Jul 2019 10:24:29 +0000 (12:24 +0200)]
configure: define CONFIG_TOOLS here
Defining CONFIG_TOOLS on the basis of $(TOOLS) has the disadvantage
of including it also if e.g. qemu-ga is requested. The correct
information is available in configure, define it there.
This also has the benefit of not installing the manpages for block layer
tools if the only "tool" being built is the guest agent.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 18 Jul 2019 10:22:01 +0000 (12:22 +0200)]
qemu-ga: clean up TOOLS variable
qemu-ga is included in the TOOLS variable without the .exe suffix, and this is
then worked around twice in the Makefile. Do the right thing in configure
instead.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
projects / mirror_qemu.git / log