The PCA9552 device does not expose LEDs, but simple pins
to connnect LEDs to. To be clearer with the device model,
rename 'nr_leds' as 'pin_count'.
Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20200623072723.6324-3-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
AspeedMachineState seems crippled. We use incorrectly 2
different structures to do the same thing. Merge them
altogether:
- Move AspeedMachine fields to AspeedMachineState
- AspeedMachineState is now QOM
- Remove unused AspeedMachine structure
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20200623072132.2868-4-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/aspeed: Rename AspeedBoardState as AspeedMachineState
To have a more consistent naming, rename AspeedBoardState
as AspeedMachineState.
Suggested-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20200623072132.2868-3-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
memory_region_init_ram_nomigrate(mr, owner, name, size, &err);
if (err) {
error_propagate(errp, err);
return;
}
/* This will assert if owner is neither NULL nor a DeviceState.
* We only want the owner here for the purposes of defining a
* unique name for migration. TODO: Ideally we should implement
* a naming scheme for Objects which are not DeviceStates, in
* which case we can relax this restriction.
*/
owner_dev = DEVICE(owner);
vmstate_register_ram(mr, owner_dev);
}
The expected assertion is not triggered ('bmc' is not NULL neither
a DeviceState).
The 'soc' object is indeed a DeviceState, so the assertion passes.
Since this is fragile and only happens to work by luck, remove the
dangerous OBJECT(bmc) owner argument.
Note, this probably breaks migration for this machine.
Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200623072132.2868-2-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 26 Jun 2020 12:48:53 +0000 (13:48 +0100)]
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
Pull request
# gpg: Signature made Wed 24 Jun 2020 11:01:57 BST
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/block-pull-request:
block/nvme: support nested aio_poll()
block/nvme: keep BDRVNVMeState pointer in NVMeQueuePair
block/nvme: clarify that free_req_queue is protected by q->lock
block/nvme: switch to a NVMeRequest freelist
block/nvme: don't access CQE after moving cq.head
block/nvme: drop tautologous assertion
block/nvme: poll queues without q->lock
check-block: enable iotests with SafeStack
configure: add flags to support SafeStack
coroutine: add check for SafeStack in sigaltstack
coroutine: support SafeStack in ucontext backend
minikconf: explicitly set encoding to UTF-8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Jingqi Liu [Wed, 29 Apr 2020 08:50:09 +0000 (16:50 +0800)]
exec: fetch the alignment of Linux devdax pmem character device nodes
If the backend file is devdax pmem character device, the alignment
specified by the option 'align=NUM' in the '-object memory-backend-file'
needs to match the alignment requirement of the devdax pmem character device.
This patch uses the interfaces of libdaxctl to fetch the devdax pmem file
'align', so that we can compare it with the NUM of 'align=NUM'.
The NUM needs to be larger than or equal to the devdax pmem file 'align'.
It also fixes the problem that mmap() returns failure in qemu_ram_mmap()
when the NUM of 'align=NUM' is less than the devdax pmem file 'align'.
Suggested-by: Dan Williams <dan.j.williams@intel.com> Reviewed-by: Joao Martins <joao.m.martins@oracle.com> Signed-off-by: Jingqi Liu <jingqi.liu@intel.com>
Message-Id: <20200429085011.63752-2-jingqi.liu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Fri, 26 Jun 2020 11:14:18 +0000 (12:14 +0100)]
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-macppc-20200626' into staging
qemu-macppc patches
# gpg: Signature made Fri 26 Jun 2020 10:15:36 BST
# gpg: using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg: issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F
* remotes/mcayland/tags/qemu-macppc-20200626: (22 commits)
adb: add ADB bus trace events
adb: use adb_device prefix for ADB device trace events
adb: only call autopoll callbacks when autopoll is not blocked
mac_via: rework ADB state machine to be compatible with both MacOS and Linux
mac_via: move VIA1 portB write logic into mos6522_q800_via1_write()
pmu: add adb_autopoll_block() and adb_autopoll_unblock() functions
cuda: add adb_autopoll_block() and adb_autopoll_unblock() functions
adb: add autopoll_blocked variable to block autopoll
adb: use adb_request() only for explicit requests
adb: add status field for holding information about the last ADB request
adb: keep track of devices with pending data
adb: introduce new ADBDeviceHasData method to ADBDeviceClass
mac_via: convert to use ADBBusState internal autopoll variables
pmu: convert to use ADBBusState internal autopoll variables
cuda: convert to use ADBBusState internal autopoll variables
adb: create autopoll variables directly within ADBBusState
adb: introduce realize/unrealize and VMStateDescription for ADB bus
pmu: honour autopoll_rate_ms when rearming the ADB autopoll timer
pmu: fix duplicate autopoll mask variable
cuda: convert ADB autopoll timer from ns to ms
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Jingqi Liu [Wed, 29 Apr 2020 08:50:11 +0000 (16:50 +0800)]
configure: add libdaxctl support
Add a pair of configure options --{enable,disable}-libdaxctl to control
whether QEMU is compiled with libdaxctl [1]. Libdaxctl is a utility
library for managing the device dax subsystem.
QEMU uses mmap(2) to maps vNVDIMM backends and aligns the mapping
address to the page size (getpagesize(2)) by default. However, some
types of backends may require an alignment different than the page
size. The 'align' option is provided to memory-backend-file to allow
users to specify the proper alignment.
For device dax (e.g., /dev/dax0.0), the 'align' option needs to match
the alignment requirement of the device dax, which can be fetched
through the APIs of libdaxctl version 57 or up.
[1] Libdaxctl is a part of ndctl project.
The project's repository is: https://github.com/pmem/ndctl
For more information about libdaxctl APIs, you can refer to the
comments in source code of: pmem/ndctl/daxctl/lib/libdaxctl.c.
Reviewed-by: Joao Martins <joao.m.martins@oracle.com> Signed-off-by: Jingqi Liu <jingqi.liu@intel.com>
Message-Id: <20200429085011.63752-4-jingqi.liu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Pavel Dovgalyuk [Fri, 22 May 2020 06:35:27 +0000 (09:35 +0300)]
replay: synchronize on every virtual timer callback
Sometimes virtual timer callbacks depend on order
of virtual timer processing and warping of virtual clock.
Therefore every callback should be logged to make replay deterministic.
This patch creates a checkpoint before every virtual timer callback.
With these checkpoints virtual timers processing and clock warping
events order is completely deterministic.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Acked-by: Alex Bennée <alex.bennee@linaro.org>
--
v2:
- remove mutex lock/unlock for virtual clock checkpoint since it is
not process any asynchronous events (commit ca9759c2a92f528f256fef0e3922416f7bb47bf9)
- bump record/replay log file version
Message-Id: <159012932716.27256.8854065545365559921.stgit@pasha-ThinkPad-X280> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Pavel Dovgalyuk [Fri, 22 May 2020 06:47:58 +0000 (09:47 +0300)]
replay: notify the main loop when there are no instructions
When QEMU is executed in console mode without any external event sources,
main loop may sleep for a very long time. But in case of replay
there is another event source - event log.
This patch adds main loop notification when the vCPU loop has nothing
to do and main loop should process the inputs from the event log.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Message-Id: <159013007895.28110.2020104406699709721.stgit@pasha-ThinkPad-X280> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
memory: Revert "memory: accept mismatching sizes in memory_region_access_valid"
Memory API documentation documents valid .min_access_size and .max_access_size
fields and explains that any access outside these boundaries is blocked.
This is what devices seem to assume.
However this is not what the implementation does: it simply
ignores the boundaries unless there's an "accepts" callback.
Naturally, this breaks a bunch of devices.
Revert to the documented behaviour.
Devices that want to allow any access can just drop the valid field,
or add the impl field to have accesses converted to appropriate
length.
Cc: qemu-stable@nongnu.org Reviewed-by: Richard Henderson <rth@twiddle.net> Fixes: CVE-2020-13754 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1842363 Fixes: a014ed07bd5a ("memory: accept mismatching sizes in memory_region_access_valid") Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20200610134731.1514409-1-mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
David CARLIER [Fri, 12 Jun 2020 08:46:06 +0000 (09:46 +0100)]
util/getauxval: Porting to FreeBSD getauxval feature
From d7f9d40777d1ed7c9450b0be4f957da2993dfc72 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Fri, 12 Jun 2020 09:39:17 +0100
Subject: [PATCH] util/getauxval: Porting to FreeBSD getauxval feature
FreeBSD has a similar API for auxiliary vector.
Signed-off-by: David Carlier <devnexen@gmail.com>
Message-Id: <CA+XhMqxTU6PUSQBpbA9VrS1QZfqgrCAKUCtUF-x2aF=fCMTDOw@mail.gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Jay Zhou [Wed, 4 Mar 2020 02:55:54 +0000 (10:55 +0800)]
kvm: support to get/set dirty log initial-all-set capability
Since the new capability KVM_DIRTY_LOG_INITIALLY_SET of
KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2 has been introduced in the
kernel, tweak the userspace side to detect and enable this
capability.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com> Reviewed-by: Peter Xu <peterx@redhat.com>
Message-Id: <20200304025554.2159-1-jianjay.zhou@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Mark Cave-Ayland [Tue, 23 Jun 2020 20:49:33 +0000 (21:49 +0100)]
mac_via: rework ADB state machine to be compatible with both MacOS and Linux
The existing ADB state machine is designed to work with Linux which has a different
interpretation of the state machine detailed in "Guide to the Macintosh Family
Hardware". In particular the current Linux implementation includes an extra change
to IDLE state when switching the VIA between send and receive modes which does not
occur in MacOS, and omitting this transition causes the current mac_via ADB state
machine to fail.
Rework the ADB state machine accordingly so that it can enumerate and autopoll the
ADB under both Linux and MacOS, including the addition of the new adb_autopoll_block()
and adb_autopoll_unblock() functions.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Finn Thain <fthain@telegraphics.com.au> Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200623204936.24064-20-mark.cave-ayland@ilande.co.uk>
Mark Cave-Ayland [Tue, 23 Jun 2020 20:49:32 +0000 (21:49 +0100)]
mac_via: move VIA1 portB write logic into mos6522_q800_via1_write()
Currently the logic is split between the mos6522 portB_write() callback and
the memory region used to capture the VIA1 MMIO accesses. Move everything
into the latter mos6522_q800_via1_write() function to keep all the logic in
one place to make it easier to follow.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Finn Thain <fthain@telegraphics.com.au> Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200623204936.24064-19-mark.cave-ayland@ilande.co.uk>
Mark Cave-Ayland [Tue, 23 Jun 2020 20:49:29 +0000 (21:49 +0100)]
adb: add autopoll_blocked variable to block autopoll
Whilst autopoll is enabled it is necessary to prevent the ADB buffer contents
from being overwritten until the host has read back the response in its
entirety.
Add adb_autopoll_block() and adb_autopoll_unblock() functions in preparation
for ensuring that the ADB buffer contents are protected for explicit ADB
requests.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Finn Thain <fthain@telegraphics.com.au> Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200623204936.24064-16-mark.cave-ayland@ilande.co.uk>
Mark Cave-Ayland [Tue, 23 Jun 2020 20:49:27 +0000 (21:49 +0100)]
adb: add status field for holding information about the last ADB request
Currently only 2 bits are defined: one to indicate if the request timed out (no
reply) and another to indicate whether the request was the result of an autopoll
operation.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Finn Thain <fthain@telegraphics.com.au> Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200623204936.24064-14-mark.cave-ayland@ilande.co.uk>
Mark Cave-Ayland [Tue, 23 Jun 2020 20:49:26 +0000 (21:49 +0100)]
adb: keep track of devices with pending data
Add a new pending variable to ADBBusState which is a bitmask indicating which
ADB devices have data to send. Update the bitmask every time that an ADB
request is executed.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Finn Thain <fthain@telegraphics.com.au> Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200623204936.24064-13-mark.cave-ayland@ilande.co.uk>
Mark Cave-Ayland [Tue, 23 Jun 2020 20:49:21 +0000 (21:49 +0100)]
adb: create autopoll variables directly within ADBBusState
Rather than each ADB implementation requiring its own functions to manage
autopoll state, timers, and autopoll masks prepare to move this information
directly into ADBBusState.
Add external functions within adb.h to allow each ADB implementation to
manage the new autopoll variables.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Finn Thain <fthain@telegraphics.com.au> Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200623204936.24064-8-mark.cave-ayland@ilande.co.uk>
Mark Cave-Ayland [Tue, 23 Jun 2020 20:49:16 +0000 (21:49 +0100)]
adb: fix adb-mouse read length and revert disable-reg3-direct-writes workaround
Commit 84051eb400 "adb: add property to disable direct reg 3 writes" introduced
a workaround for spurious writes to ADB register 3 when MacOS 9 enables
autopoll on the mouse device. Further analysis shows that the problem is that
only a partial request is sent, and since the len parameter is ignored then
stale data from the previous request is used causing the incorrect address
assignment.
Remove the disable-reg3-direct-writes workaround and instead check the length
parameter when the write is attempted, discarding the invalid request.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: Finn Thain <fthain@telegraphics.com.au> Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200623204936.24064-3-mark.cave-ayland@ilande.co.uk>
Peter Maydell [Fri, 26 Jun 2020 08:30:29 +0000 (09:30 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.1-20200626' into staging
ppc patch queue 2020-06-26
Here's another pull request for qemu-5.1. Not very much in this one,
just a handful of assorted minor fixes and cleanups.
I'm about to go on holiday for a couple of weeks, so this will be my
last PR before the freeze, and maybe the last for 5.1 at all. If
there's some super important fix we need, Greg Kurz will handle it.
Greg Kurz [Mon, 22 Jun 2020 06:57:18 +0000 (08:57 +0200)]
ppc/pnv: Silence missing BMC warning with qtest
The device introspect test in qtest emits some warnings with the
the pnv machine types during the "nodefaults" phase:
TEST check-qtest-ppc64: tests/qtest/device-introspect-test
qemu-system-ppc64: warning: machine has no BMC device. Use '-device
ipmi-bmc-sim,id=bmc0 -device isa-ipmi-bt,bmc=bmc0,irq=10' to define
one
qemu-system-ppc64: warning: machine has no BMC device. Use '-device
ipmi-bmc-sim,id=bmc0 -device isa-ipmi-bt,bmc=bmc0,irq=10' to define
one
qemu-system-ppc64: warning: machine has no BMC device. Use '-device
ipmi-bmc-sim,id=bmc0 -device isa-ipmi-bt,bmc=bmc0,irq=10' to define
one
This is expected since the pnv machine doesn't create the internal
BMC simulator fallback when "-nodefaults" is passed on the command
line, but these warnings appear in ci logs and confuse people.
Not having a BMC isn't recommended but it is still a supported
configuration, so a straightforward fix is to just silent this
warning when qtest is enabled.
Fixes: 25f3170b0654 ("ppc/pnv: Create BMC devices only when defaults are enabled") Reported-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <159280903824.485572.831378159272329707.stgit@bahia.lan> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Peter Maydell [Thu, 25 Jun 2020 20:20:44 +0000 (21:20 +0100)]
Merge remote-tracking branch 'remotes/xtensa/tags/20200625-xtensa' into staging
target/xtensa fixes for 5.1:
- fix access to special registers missing in the core configuration;
- fix simcall opcode behavior for new hardware;
- drop gen_io_end call from xtensa translator.
* remotes/xtensa/tags/20200625-xtensa:
target/xtensa: drop gen_io_end call
target/xtensa: fix simcall for newer hardware
target/xtensa: fetch HW version from configuration overlay
target/xtensa: work around missing SR definitions
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 25 Jun 2020 15:52:42 +0000 (16:52 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio,acpi,pci: fixes, cleanups.
Fixes, cleanups in ACPI, PCI, virtio.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 25 Jun 2020 07:48:47 BST
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
Rename use_acpi_pci_hotplug to more appropriate use_acpi_hotplug_bridge
Stop vhost-user sending uninitialized mmap_offsets
docs/specs/tpm: ACPI boot now supported for TPM/ARM
arm/acpi: Add the TPM2.0 device under the DSDT
acpi: Some build_tpm2() code reshape
tests/acpi: update expected data files
acpi: q35: drop _SB.PCI0.ISA.LPCD opregion.
acpi: drop build_piix4_pm()
acpi: drop serial/parallel enable bits from dsdt
acpi: simplify build_isa_devices_aml()
acpi: factor out fw_cfg_add_acpi_dsdt()
acpi: move aml builder code for i8042 (kbd+mouse) device
floppy: move cmos_get_fd_drive_type() from pc
floppy: make isa_fdc_get_drive_max_chs static
acpi: move aml builder code for floppy device
acpi: bios-tables-test: show more context on asl diffs
qtest: allow DSDT acpi table changes
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 25 Jun 2020 08:34:52 +0000 (09:34 +0100)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-qdev-2020-06-23' into staging
Qdev patches for 2020-06-23
# gpg: Signature made Tue 23 Jun 2020 15:08:28 BST
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-qdev-2020-06-23:
sd/milkymist-memcard: Fix error API violation
sd/pxa2xx_mmci: Don't crash on pxa2xx_mmci_init() error
arm/aspeed: Drop aspeed_board_init_flashes() parameter @errp
qdev: Make qdev_prop_set_drive() match the other helpers
qdev: Reject chardev property override
qdev: Reject drive property override
qdev: Improve netdev property override error a bit
qdev: Eliminate get_pointer(), set_pointer()
blockdev: Deprecate -drive with bogus interface type
docs/qdev-device-use.txt: Update section "Default Devices"
fdc: Deprecate configuring floppies with -global isa-fdc
fdc: Open-code fdctrl_init_isa()
fdc: Reject clash between -drive if=floppy and -global isa-fdc
iotests/172: Cover -global floppy.drive=...
iotests/172: Cover empty filename and multiple use of drives
iotests/172: Include "info block" in test output
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Ani Sinha [Tue, 16 Jun 2020 12:31:39 +0000 (12:31 +0000)]
Rename use_acpi_pci_hotplug to more appropriate use_acpi_hotplug_bridge
Currently, the option use_acpi_pci_hotplug is being used to control device
hotplug capability using ACPI for slots of cold plugged bridges. Hence, we
are renaming this option to better reflect what it actually does.
Signed-off-by: Ani Sinha <ani.sinha@nutanix.com>
Message-Id: <1592310699-58916-1-git-send-email-ani.sinha@nutanix.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Ani Sinha <ani.sinha@nutanix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Prior to this change, the vhost_user_fill_msg_region function filled out
all elements of the VhostUserMemoryRegion struct except the mmap_offset.
This function is often called on uninitialized structs, which are then
copied into VHOST_USER_SET_MEM_TABLE and VHOST_USER_ADD/REM_MEM_REG
messages. In some cases, where the mmap_offset was not needed, it was
left uninitialized, causing QEMU to send the backend uninitialized data,
which Coverity flagged as a series of issues.
This change augments the vhost_user_fill_msg_region API, adding a
mmap_offset paramenter, forcing the caller to initialize mmap_offset.
Fixes: ece99091c2d0aeb23734289a50ef2ff4e0a08929 Fixes: f1aeb14b0809e313c74244d838645ed25e85ea63 Reported-by: Coverity (CIDs 1429802, 1429803 and 1429804) Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <1592650156-25845-1-git-send-email-raphael.norwitz@nutanix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Eric Auger [Mon, 22 Jun 2020 14:06:20 +0000 (16:06 +0200)]
docs/specs/tpm: ACPI boot now supported for TPM/ARM
ACPI boot now is supported. Let's remove the comment
saying it is not.
Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200622140620.17229-4-eric.auger@redhat.com> Tested-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eric Auger [Mon, 22 Jun 2020 14:06:19 +0000 (16:06 +0200)]
arm/acpi: Add the TPM2.0 device under the DSDT
In case it is dynamically instantiated, add the TPM 2.0 device object
under the DSDT table in the ACPI namespace. Its HID is MSFT0101
while its current resource settings (CRS) property is initialized
with the guest physical address and MMIO size of the device.
Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200622140620.17229-3-eric.auger@redhat.com> Tested-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Eric Auger [Mon, 22 Jun 2020 14:06:18 +0000 (16:06 +0200)]
acpi: Some build_tpm2() code reshape
Remove any reference to Acpi20TPM2 and adopt an implementation
similar to build_ghes_v2().
Signed-off-by: Eric Auger <eric.auger@redhat.com> Suggested-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200622140620.17229-2-eric.auger@redhat.com> Tested-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gerd Hoffmann [Fri, 19 Jun 2020 09:19:05 +0000 (11:19 +0200)]
tests/acpi: update expected data files
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20200619091905.21676-13-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200619091905.21676-12-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Igor Mammedow <imammedo@redhat.com>
Message-Id: <20200619091905.21676-11-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200619091905.21676-10-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gerd Hoffmann [Fri, 19 Jun 2020 09:19:01 +0000 (11:19 +0200)]
acpi: simplify build_isa_devices_aml()
x86 machines can have a single ISA bus only.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200619091905.21676-9-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gerd Hoffmann [Fri, 19 Jun 2020 09:19:00 +0000 (11:19 +0200)]
acpi: factor out fw_cfg_add_acpi_dsdt()
Add helper function to add fw_cfg device,
also move code to hw/i386/fw_cfg.c.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200619091905.21676-8-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gerd Hoffmann [Fri, 19 Jun 2020 09:18:59 +0000 (11:18 +0200)]
acpi: move aml builder code for i8042 (kbd+mouse) device
DSDT change: isa device order changes in case MI1 (ipmi) is present.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200619091905.21676-7-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gerd Hoffmann [Fri, 19 Jun 2020 09:18:58 +0000 (11:18 +0200)]
floppy: move cmos_get_fd_drive_type() from pc
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: John Snow <jsnow@redhat.com>
Message-Id: <20200619091905.21676-6-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gerd Hoffmann [Fri, 19 Jun 2020 09:18:57 +0000 (11:18 +0200)]
floppy: make isa_fdc_get_drive_max_chs static
acpi aml generator needs this, but it is in floppy code now
so we can make the function static.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: John Snow <jsnow@redhat.com>
Message-Id: <20200619091905.21676-5-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gerd Hoffmann [Fri, 19 Jun 2020 09:18:56 +0000 (11:18 +0200)]
acpi: move aml builder code for floppy device
DSDT change: isa device order changes in case MI1 (ipmi) is present.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200619091905.21676-4-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gerd Hoffmann [Fri, 19 Jun 2020 09:18:55 +0000 (11:18 +0200)]
acpi: bios-tables-test: show more context on asl diffs
Makes it easier to create good commit messages from the logs.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200619091905.21676-3-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Gerd Hoffmann [Fri, 19 Jun 2020 09:18:54 +0000 (11:18 +0200)]
qtest: allow DSDT acpi table changes
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20200619091905.21676-2-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell [Wed, 24 Jun 2020 20:19:53 +0000 (21:19 +0100)]
Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2020-06-23-1' into staging
Merge tpm 2020/06/23 v1
# gpg: Signature made Tue 23 Jun 2020 12:35:03 BST
# gpg: using RSA key B818B9CADF9089C2D5CEC66B75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* remotes/stefanberger/tags/pull-tpm-2020-06-23-1:
tpm: Move backend code under the 'backends/' directory
hw/tpm: Make 'tpm_util.h' publicly accessible as "sysemu/tpm_util.h"
hw/tpm: Move DEFINE_PROP_TPMBE() macro to 'tmp_prop.h' local header
hw/tpm: Move few declarations from 'tpm_util.h' to 'tpm_int.h'
hw/tpm: Make TRACE_TPM_UTIL_SHOW_BUFFER check local to tpm_util.c
hw/tpm: Remove unnecessary 'tpm_int.h' header inclusion
hw/tpm: Move 'hw/acpi/tpm.h' inclusion from header to sources
hw/tpm: Include missing 'qemu/option.h' header
hw/tpm: Do not include 'qemu/osdep.h' in header
hw/tpm: Rename TPMDEV as TPM_BACKEND in Kconfig
backends: Add TPM files into their own directory
docs/specs/tpm: Correct header path name
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
st_set_trace_file() accidentally enables tracing. It's called
unconditionally during startup, which is why QEMU built with the
simple trace backend always writes a trace file "trace-$PID".
This has been broken for quite a while. I didn't track down the exact
commit.
Fix st_set_trace_file() to restore the state.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200527065613.25322-1-armbru@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
There is an effort in progress to generate a QEMU Python
package. As I'm not sure this old email is still valid,
update it to not produce package with broken maintainer
email.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 20200511082816.696-1-philmd@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Maydell [Tue, 23 Jun 2020 17:57:05 +0000 (18:57 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200623' into staging
target-arm queue:
* util/oslib-posix : qemu_init_exec_dir implementation for Mac
* target/arm: Last parts of neon decodetree conversion
* hw/arm/virt: Add 5.0 HW compat props
* hw/watchdog/cmsdk-apb-watchdog: Add trace event for lock status
* mps2: Add CMSDK APB watchdog, FPGAIO block, S2I devices and I2C devices
* mps2: Add some unimplemented-device stubs for audio and GPIO
* mps2-tz: Use the ARM SBCon two-wire serial bus interface
* target/arm: Check supported KVM features globally (not per vCPU)
* tests/qtest/arm-cpu-features: Add feature setting tests
* arm/virt: Add memory hot remove support
* remotes/pmaydell/tags/pull-target-arm-20200623: (42 commits)
arm/virt: Add memory hot remove support
tests/qtest/arm-cpu-features: Add feature setting tests
target/arm: Check supported KVM features globally (not per vCPU)
hw/arm/mps2-tz: Use the ARM SBCon two-wire serial bus interface
hw/arm/mps2: Add audio I2S interface as unimplemented device
hw/arm/mps2: Add I2C devices
hw/arm/mps2: Add SPI devices
hw/arm/mps2: Map the FPGA I/O block
hw/arm/mps2: Add CMSDK AHB GPIO peripherals as unimplemented devices
hw/arm/mps2: Add CMSDK APB watchdog device
hw/arm/mps2: Rename CMSDK AHB peripheral region
hw/arm/mps2: Document CMSDK/FPGA APB subsystem sections
hw/arm: Use TYPE_VERSATILE_I2C instead of hardcoded string
hw/i2c: Add header for ARM SBCon two-wire serial bus interface
hw/i2c/versatile_i2c: Add SCL/SDA definitions
hw/i2c/versatile_i2c: Add definitions for register addresses
hw/watchdog/cmsdk-apb-watchdog: Add trace event for lock status
target/arm: Remove dead code relating to SABA and UABA
target/arm: Remove unnecessary gen_io_end() calls
target/arm: Move some functions used only in translate-neon.inc.c to that file
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Wed, 17 Jun 2020 13:22:01 +0000 (14:22 +0100)]
block/nvme: support nested aio_poll()
QEMU block drivers are supposed to support aio_poll() from I/O
completion callback functions. This means completion processing must be
re-entrant.
The standard approach is to schedule a BH during completion processing
and cancel it at the end of processing. If aio_poll() is invoked by a
callback function then the BH will run. The BH continues the suspended
completion processing.
All of this means that request A's cb() can synchronously wait for
request B to complete. Previously the nvme block driver would hang
because it didn't process completions from nested aio_poll().
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Sergio Lopez <slp@redhat.com>
Message-id: 20200617132201.1832152-8-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 17 Jun 2020 13:22:00 +0000 (14:22 +0100)]
block/nvme: keep BDRVNVMeState pointer in NVMeQueuePair
Passing around both BDRVNVMeState and NVMeQueuePair is unwieldy. Reduce
the number of function arguments by keeping the BDRVNVMeState pointer in
NVMeQueuePair. This will come in handly when a BH is introduced in a
later patch and only one argument can be passed to it.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Sergio Lopez <slp@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200617132201.1832152-7-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 17 Jun 2020 13:21:58 +0000 (14:21 +0100)]
block/nvme: switch to a NVMeRequest freelist
There are three issues with the current NVMeRequest->busy field:
1. The busy field is accidentally accessed outside q->lock when request
submission fails.
2. Waiters on free_req_queue are not woken when a request is returned
early due to submission failure.
2. Finding a free request involves scanning all requests. This makes
request submission O(n^2).
Switch to an O(1) freelist that is always accessed under the lock.
Also differentiate between NVME_QUEUE_SIZE, the actual SQ/CQ size, and
NVME_NUM_REQS, the number of usable requests. This makes the code
simpler than using NVME_QUEUE_SIZE everywhere and having to keep in mind
that one slot is reserved.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Sergio Lopez <slp@redhat.com>
Message-id: 20200617132201.1832152-5-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 17 Jun 2020 13:21:57 +0000 (14:21 +0100)]
block/nvme: don't access CQE after moving cq.head
Do not access a CQE after incrementing q->cq.head and releasing q->lock.
It is unlikely that this causes problems in practice but it's a latent
bug.
The reason why it should be safe at the moment is that completion
processing is not re-entrant and the CQ doorbell isn't written until the
end of nvme_process_completion().
Make this change now because QEMU expects completion processing to be
re-entrant and later patches will do that.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Sergio Lopez <slp@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200617132201.1832152-4-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 17 Jun 2020 13:21:55 +0000 (14:21 +0100)]
block/nvme: poll queues without q->lock
A lot of CPU time is spent simply locking/unlocking q->lock during
polling. Check for completion outside the lock to make q->lock disappear
from the profile.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Sergio Lopez <slp@redhat.com>
Message-id: 20200617132201.1832152-2-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Daniele Buono [Fri, 29 May 2020 20:51:22 +0000 (16:51 -0400)]
check-block: enable iotests with SafeStack
SafeStack is a stack protection technique implemented in llvm. It is
enabled with a -fsanitize flag.
iotests are currently disabled when any -fsanitize option is used,
because such options tend to produce additional warnings and false
positives.
While common -fsanitize options are used to verify the code and not
added in production, SafeStack's main use is in production environments
to protect against stack smashing.
Since SafeStack does not print any warning or false positive, enable
iotests when SafeStack is the only -fsanitize option used.
This is likely going to be a production binary and we want to make sure
it works correctly.
Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
Message-id: 20200529205122.714-5-dbuono@linux.vnet.ibm.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Daniele Buono [Fri, 29 May 2020 20:51:21 +0000 (16:51 -0400)]
configure: add flags to support SafeStack
This patch adds a flag to enable/disable the SafeStack instrumentation
provided by LLVM.
On enable, make sure that the compiler supports the flags, and that we
are using the proper coroutine implementation (coroutine-ucontext).
On disable, explicitly disable the option if it was enabled by default.
While SafeStack is supported only on Linux, NetBSD, FreeBSD and macOS,
we are not checking for the O.S. since this is already done by LLVM.
Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
Message-id: 20200529205122.714-4-dbuono@linux.vnet.ibm.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Daniele Buono [Fri, 29 May 2020 20:51:20 +0000 (16:51 -0400)]
coroutine: add check for SafeStack in sigaltstack
Current implementation of LLVM's SafeStack is not compatible with
code that uses an alternate stack created with sigaltstack().
Since coroutine-sigaltstack relies on sigaltstack(), it is not
compatible with SafeStack. The resulting binary is incorrect, with
different coroutines sharing the same unsafe stack and producing
undefined behavior at runtime.
In the future LLVM may provide a SafeStack implementation compatible with
sigaltstack(). In the meantime, if SafeStack is desired, the coroutine
implementation from coroutine-ucontext should be used.
As a safety check, add a control in coroutine-sigaltstack to throw a
preprocessor #error if SafeStack is enabled and we are trying to
use coroutine-sigaltstack to implement coroutines.
Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
Message-id: 20200529205122.714-3-dbuono@linux.vnet.ibm.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Daniele Buono [Fri, 29 May 2020 20:51:19 +0000 (16:51 -0400)]
coroutine: support SafeStack in ucontext backend
LLVM's SafeStack instrumentation does not yet support programs that make
use of the APIs in ucontext.h
With the current implementation of coroutine-ucontext, the resulting
binary is incorrect, with different coroutines sharing the same unsafe
stack and producing undefined behavior at runtime.
This fix allocates an additional unsafe stack area for each coroutine,
and sets the new unsafe stack pointer before calling swapcontext() in
qemu_coroutine_new.
This is the only place where the pointer needs to be manually updated,
since sigsetjmp/siglongjmp are already instrumented by LLVM to properly
support SafeStack.
The additional stack is then freed in qemu_coroutine_delete.
Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
Message-id: 20200529205122.714-2-dbuono@linux.vnet.ibm.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Thu, 21 May 2020 15:36:16 +0000 (16:36 +0100)]
minikconf: explicitly set encoding to UTF-8
QEMU currently only has ASCII Kconfig files but Linux actually uses
UTF-8. Explicitly specify the encoding and that we're doing text file
I/O.
It's unclear whether or not QEMU will ever need Unicode in its Kconfig
files. If we start using the help text then it will become an issue
sooner or later. Make this change now for consistency with Linux
Kconfig.
Reported-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200521153616.307100-1-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call.
milkymist_memcard_realize() is wrong that way: it passes &err to
qdev_prop_set_drive_err() and qdev_realize_and_unref(). Currently
harmless, because the latter uses it only as first argument of
error_propagate().
Making qdev_prop_set_drive_err() fail involves abuse of -global.
Leave handling that to qdev_prop_set_drive(), like we do elsewhere.
Cc: Michael Walle <michael@walle.cc> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200622094227.1271650-17-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
sd/pxa2xx_mmci: Don't crash on pxa2xx_mmci_init() error
On error, pxa2xx_mmci_init() reports to stderr and returns NULL.
Callers don't check for errors. Machines akita, borzoi, mainstone,
spitz, terrier, tosa, and z2 crash shortly after, like this:
$ qemu-system-aarch64 -M akita -drive if=sd,readonly=on
qemu-system-aarch64: failed to init SD card: Cannot use read-only drive as SD card
Segmentation fault (core dumped)
Machines connex and verdex reach the check for orphaned drives first:
$ aarch64-softmmu/qemu-system-aarch64 -M connex -drive if=sd,readonly=on -accel qtest
qemu-system-aarch64: failed to init SD card: Cannot use read-only drive as SD card
qemu-system-aarch64: -drive if=sd,readonly=on: machine type does not support if=sd,bus=0,unit=0
Make pxa2xx_mmci_init() fail cleanly right away.
Cc: Andrzej Zaborowski <balrogg@gmail.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200622094227.1271650-16-armbru@redhat.com>
arm/aspeed: Drop aspeed_board_init_flashes() parameter @errp
We always pass &error_abort. Drop the parameter, use &error_abort
directly.
Cc: Cédric Le Goater <clg@kaod.org> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Andrew Jeffery <andrew@aj.id.au> Cc: Joel Stanley <joel@jms.id.au> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200622094227.1271650-15-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200622094227.1271650-14-armbru@redhat.com>
qdev_prop_set_chr() screws up when the property already has a non-null
value: it neglects to release the old value. Both the old and the new
backend become attached to the same device. Unlike for block devices
(see previous commit), this can't be observed from the monitor (I
think).
Special case: attempting to use the same backend both times crashes:
$ qemu-system-x86_64 --nodefaults -serial null -global isa-serial.chardev=serial0
Unexpected error in qemu_chr_fe_init() at /work/armbru/qemu/chardev/char-fe.c:220:
qemu-system-x86_64: Device 'serial0' is in use
Aborted (core dumped)
Yet another example: -device with multiple chardev=... (but not
device_add, which silently drops all but the last duplicate property).
Perhaps chardev property override could be made to work. Perhaps it
should. I can't afford the time to figure this out now. What I can
do reject usage that leaves backends in unhealthy states. For what
it's worth, we've long done the same for netdev properties.
Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200622094227.1271650-13-armbru@redhat.com>
qdev_prop_set_drive() screws up when the property already has a
non-null value: it neglects to release the old value. Both the old
and the new backend become attached to the same device.
Example (taken from iotest 172): -fda ... -drive if=none,... -global
floppy.drive=none0.
Special case: attempting to use the same backend both times fails.
Example (also from iotest 172): -fda ... -global floppy.drive=floppy0.
Yet another example: -device with multiple drive=... (but not
device_add, which silently drops all but the last duplicate property).
Perhaps drive property override could be made to work. Perhaps it
should. I can't afford the time to figure this out now. What I can
do is reject usage that leaves backends in unhealthy states. For what
it's worth, we've long done the same for netdev properties.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200622094227.1271650-12-armbru@redhat.com>
qdev: Improve netdev property override error a bit
qdev_prop_set_netdev() fails when the property already has a non-null
value. Seems to go back to commit 30c367ed44
"qdev-properties-system.c: Allow vlan or netdev for -device, not
both", v1.7.0. Board code doesn't expect failure, and crashes:
$ qemu-system-x86_64 --nodefaults -nic user -netdev user,id=nic0 -global e1000.netdev=nic0
Unexpected error in error_set_from_qdev_prop_error() at /work/armbru/qemu/hw/core/qdev-properties.c:1101:
qemu-system-x86_64: Property 'e1000.netdev' doesn't take value '__org.qemu.nic0
'
Aborted (core dumped)
-device and device_add handle the failure:
$ qemu-system-x86_64 -nodefaults -netdev user,id=net0 -netdev user,id=net1 -device e1000,netdev=net0,netdev=net1
qemu-system-x86_64: -device e1000,netdev=net0,netdev=net1: Property 'e1000.netdev' doesn't take value 'net1'
$ qemu-system-x86_64 -nodefaults -S -display none -monitor stdio -netdev user,id=net0 -netdev user,id=net1 -global e1000.netdev=net0
QEMU 5.0.50 monitor - type 'help' for more information
(qemu) qemu-system-x86_64: warning: netdev net0 has no peer
qemu-system-x86_64: warning: netdev net1 has no peer
device_add e1000,netdev=net1
Error: Property 'e1000.netdev' doesn't take value 'net1'
Perhaps netdev property override could be made to work. Perhaps it
should. I'm not the right guy to figure this out. What I can do is
improve the error message a bit:
(qemu) device_add e1000,netdev=net1
Error: -global e1000.netdev=... conflicts with netdev=net1
Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200622094227.1271650-11-armbru@redhat.com>
We stopped using get_pointer() and set_pointer() for netdev in commit 23120b13c6 "net: don't use set/get_pointer() in set/get_netdev()"
(v2.3.0), and for chardev in commit becdfa00cf "char: replace PROP_CHR
with CharBackend" (v2.8.0). With only the drive user left, they're
not helpful anymore. Eliminate.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200622094227.1271650-10-armbru@redhat.com>
blockdev: Deprecate -drive with bogus interface type
Drives with interface types other than if=none are for onboard
devices. Unfortunately, any such drives the board doesn't pick up can
still be used with -device, like this:
$ qemu-system-x86_64 -nodefaults -display none -S -drive if=floppy,id=bogus,unit=7 -device ide-cd,drive=bogus -monitor stdio
QEMU 5.0.50 monitor - type 'help' for more information
(qemu) info block
bogus: [not inserted]
Attached to: /machine/peripheral-anon/device[0]
Removable device: not locked, tray closed
(qemu) info qtree
bus: main-system-bus
type System
[...]
bus: ide.1
type IDE
dev: ide-cd, id ""
---> drive = "bogus"
[...]
unit = 0 (0x0)
[...]
This kind of abuse has always worked. Deprecate it:
qemu-system-x86_64: -drive if=floppy,id=bogus,unit=7: warning: bogus if=floppy is deprecated, use if=none
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200622094227.1271650-9-armbru@redhat.com>
Helper function fdctrl_init_isa() is less than helpful: one of three
places creating "isa-fdc" devices use it. Open-code it there, and
drop the function.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200622094227.1271650-6-armbru@redhat.com>
fdc: Reject clash between -drive if=floppy and -global isa-fdc
The floppy controller devices desugar their drive properties into
floppy devices (since commit a92bd191a4 "fdc: Move qdev properties to
FloppyDrive", v2.8.0). This involves some bad magic in
fdctrl_connect_drives(), and exists for backward compatibility.
The functions for boards to create floppy controller devices
fdctrl_init_isa(), fdctrl_init_sysbus(), and sun4m_fdctrl_init()
desugar -drive if=floppy to these floppy controller drive properties.
If you use both -drive if=floppy (or its -fda / -fdb sugar) and
-global isa-fdc for the same floppy device, -global silently loses the
conflict, and both backends involved end up with the floppy device
frontend attached, as demonstrated by iotest 172 (see commit before
previous). This is wrong.
Desugar -drive if=floppy straight to floppy devices instead, with
helper fdctrl_init_drives(). The conflict now gets rejected cleanly:
first, fdctrl_connect_drives() creates the floppy for the controller's
property, then fdctrl_init_drives() attempts to create the floppy for
-drive if=floppy, but fails because the unit is already in use.
Output of iotest 172 changes in three ways:
1. The clash gets rejected.
2. In one test case, "info qtree" has the floppy devices swapped, and
"info block" has their QOM paths swapped. This is because the
floppy device for -fda now gets created after the one for -global
isa-fdc.driveB.
3. The error message for -global floppy.drive=floppy0 changes. Before
the patch, we set isa-fdc.driveA to -fda's block backend, then
create the floppy device for it, then move the backend from
isa-fdc.driveA to floppy.drive. Floppy creation fails when
applying -global floppy.drive=floppy0, because floppy0 is still
attached to isa-fdc. After the patch, we create the floppy for
-fda, then set its drive property to floppy0. Now floppy creation
succeeds, but setting the drive property fails, because -global
already set it. Yes, this is exasperatingly complicated.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200622094227.1271650-5-armbru@redhat.com>
Use of -global to set a default backend for non-singleton devices is a
bad idea. But as long as we permit it, we better test it.
Test output demonstrates we screw up when -global floppy clashes with
-fda or with -device floppy: according to "info qtree", only the
latter backend is attached, but according to "info block", both are.
Here's the clash with -device:
dev: isa-fdc, id ""
[...]
driveA = ""
driveB = ""
[...]
bus: floppy-bus.0
type floppy-bus
dev: floppy, id ""
unit = 0 (0x0)
---> drive = "none1"
[...]
none0 (NODE_NAME): TEST_DIR/t.qcow2 (qcow2)
---> Attached to: /machine/peripheral-anon/device[0]
Cache mode: writeback
none1 (NODE_NAME): TEST_DIR/t.qcow2.2 (qcow2)
---> Attached to: /machine/peripheral-anon/device[0]
Removable device: not locked, tray closed
Cache mode: writeback
/machine/peripheral-anon/device[0] is the floppy created with -device.
Test output further demonstrates the "Drive 'FOO' is already in use
because it has been automatically connected to another device" error
message can be misleading. With '-fda "" -global
floppy.drive=floppy0', it's in use because -global reuses -fda's
backend. There is no other device involved.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200622094227.1271650-4-armbru@redhat.com>
The additional output demonstrates we screw up when -global isa-fdc
clashes with -drive if=floppy or its sugared forms: according to "info
qtree", only the latter backend is attached, but according to "info
block", both are. For instance:
Some cpu features may be enabled and disabled for all configurations
that support the feature. Let's test that.
A recent regression[*] inspired adding these tests.
[*] '-cpu host,pmu=on' caused a segfault
Signed-off-by: Andrew Jones <drjones@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200623090622.30365-2-philmd@redhat.com
Message-Id: <20200623082310.17577-1-drjones@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Thread 1 "qemu-system-aar" received signal SIGSEGV, Segmentation fault.
0x0000aaaaaae356d0 in kvm_ioctl (s=0x0, type=44547) at accel/kvm/kvm-all.c:2588
2588 ret = ioctl(s->fd, type, arg);
(gdb) bt
#0 0x0000aaaaaae356d0 in kvm_ioctl (s=0x0, type=44547) at accel/kvm/kvm-all.c:2588
#1 0x0000aaaaaae31568 in kvm_check_extension (s=0x0, extension=126) at accel/kvm/kvm-all.c:916
#2 0x0000aaaaaafce254 in kvm_arm_pmu_supported (cpu=0xaaaaac214ab0) at target/arm/kvm.c:213
#3 0x0000aaaaaafc0f94 in arm_set_pmu (obj=0xaaaaac214ab0, value=true, errp=0xffffffffe438) at target/arm/cpu.c:1111
#4 0x0000aaaaab5533ac in property_set_bool (obj=0xaaaaac214ab0, v=0xaaaaac223a80, name=0xaaaaac11a970 "pmu", opaque=0xaaaaac222730, errp=0xffffffffe438) at qom/object.c:2170
#5 0x0000aaaaab5512f0 in object_property_set (obj=0xaaaaac214ab0, v=0xaaaaac223a80, name=0xaaaaac11a970 "pmu", errp=0xffffffffe438) at qom/object.c:1328
#6 0x0000aaaaab551e10 in object_property_parse (obj=0xaaaaac214ab0, string=0xaaaaac11b4c0 "on", name=0xaaaaac11a970 "pmu", errp=0xffffffffe438) at qom/object.c:1561
#7 0x0000aaaaab54ee8c in object_apply_global_props (obj=0xaaaaac214ab0, props=0xaaaaac018e20, errp=0xaaaaabd6fd88 <error_fatal>) at qom/object.c:407
#8 0x0000aaaaab1dd5a4 in qdev_prop_set_globals (dev=0xaaaaac214ab0) at hw/core/qdev-properties.c:1218
#9 0x0000aaaaab1d9fac in device_post_init (obj=0xaaaaac214ab0) at hw/core/qdev.c:1050
...
#15 0x0000aaaaab54f310 in object_initialize_with_type (obj=0xaaaaac214ab0, size=52208, type=0xaaaaabe237f0) at qom/object.c:512
#16 0x0000aaaaab54fa24 in object_new_with_type (type=0xaaaaabe237f0) at qom/object.c:687
#17 0x0000aaaaab54fa80 in object_new (typename=0xaaaaabe23970 "host-arm-cpu") at qom/object.c:702
#18 0x0000aaaaaaf04a74 in machvirt_init (machine=0xaaaaac0a8550) at hw/arm/virt.c:1770
#19 0x0000aaaaab1e8720 in machine_run_board_init (machine=0xaaaaac0a8550) at hw/core/machine.c:1138
#20 0x0000aaaaaaf95394 in qemu_init (argc=5, argv=0xffffffffea58, envp=0xffffffffea88) at softmmu/vl.c:4348
#21 0x0000aaaaaada3f74 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at softmmu/main.c:48
This is because in frame #2, cpu->kvm_state is still NULL
(the vCPU is not yet realized).
KVM has a hard requirement of all cores supporting the same
feature set. We only need to check if the accelerator supports
a feature, not each vCPU individually.
Fix by removing the 'CPUState *cpu' argument from the
kvm_arm_<FEATURE>_supported() functions.
Fixes: d70c996df23f ('Use CPUState::kvm_state in kvm_arm_pmu_supported') Reported-by: Haibo Xu <haibo.xu@linaro.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / mirror_qemu.git / log