blockjob: leak fix, remove from txn when failing early
This fixes leaks found by ASAN such as:
GTESTER tests/test-blockjob
=================================================================
==31442==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7f88483cba38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38)
#1 0x7f8845e1bd77 in g_malloc0 ../glib/gmem.c:129
#2 0x7f8845e1c04b in g_malloc0_n ../glib/gmem.c:360
#3 0x5584d2732498 in block_job_txn_new /home/elmarco/src/qemu/blockjob.c:172
#4 0x5584d2739b28 in block_job_create /home/elmarco/src/qemu/blockjob.c:973
#5 0x5584d270ae31 in mk_job /home/elmarco/src/qemu/tests/test-blockjob.c:34
#6 0x5584d270b1c1 in do_test_id /home/elmarco/src/qemu/tests/test-blockjob.c:57
#7 0x5584d270b65c in test_job_ids /home/elmarco/src/qemu/tests/test-blockjob.c:118
#8 0x7f8845e40b69 in test_case_run ../glib/gtestutils.c:2255
#9 0x7f8845e40f29 in g_test_run_suite_internal ../glib/gtestutils.c:2339
#10 0x7f8845e40fd2 in g_test_run_suite_internal ../glib/gtestutils.c:2351
#11 0x7f8845e411e9 in g_test_run_suite ../glib/gtestutils.c:2426
#12 0x7f8845e3fe72 in g_test_run ../glib/gtestutils.c:1692
#13 0x5584d270d6e2 in main /home/elmarco/src/qemu/tests/test-blockjob.c:377
#14 0x7f8843641f29 in __libc_start_main (/lib64/libc.so.6+0x20f29)
Add an assert to make sure that the job doesn't have associated txn before free().
[Jeff Cody: N.B., used updated patch provided by John Snow]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com>
Peter Maydell [Sat, 31 Mar 2018 08:42:33 +0000 (09:42 +0100)]
Merge remote-tracking branch 'remotes/riscv/tags/riscv-qemu-2.12-critical-fixes' into staging
RISC-V: Critical fixes for QEMU 2.12
This series includes changes that are considered release critical,
such as floating point register file corruption under SMP Linux
due to incorrect handling of mstatus.FS.
This workaround will be replaced with a more comprehensive fix
for mstatus.FS handling in QEMU 2.13.
# gpg: Signature made Thu 29 Mar 2018 18:22:42 BST
# gpg: using DSA key 6BF1D7B357EF3E4F
# gpg: Good signature from "Michael Clark <michaeljclark@mac.com>"
# gpg: aka "Michael Clark <mjc@sifive.com>"
# gpg: aka "Michael Clark <michael@metaparadigm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7C99 930E B17C D8BA 073D 5EFA 6BF1 D7B3 57EF 3E4F
* remotes/riscv/tags/riscv-qemu-2.12-critical-fixes:
RISC-V: Workaround for critical mstatus.FS bug
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sat, 31 Mar 2018 07:39:08 +0000 (08:39 +0100)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Fri 30 Mar 2018 04:49:42 BST
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
qemu-doc: Rework the network options chapter to make "-net" less prominent
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 30 Mar 2018 22:05:19 +0000 (23:05 +0100)]
Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2018-03-29-1' into staging
Merge tpm 2018/03/29 v1
# gpg: Signature made Fri 30 Mar 2018 01:04:47 BST
# gpg: using RSA key 75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* remotes/stefanberger/tags/pull-tpm-2018-03-29-1:
tests: Tests more flags of the CRB interface
tpm: CRB: Enforce locality is requested before processing buffer
tpm: CRB: Reset Granted flag when relinquishing locality
tpm: CRB: set the Idle flag by default
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Thomas Huth [Mon, 12 Mar 2018 12:20:50 +0000 (13:20 +0100)]
qemu-doc: Rework the network options chapter to make "-net" less prominent
"-net" is clearly a legacy option. Yet we still use it in almost all
examples in the qemu documentation, and many other spots in the network
chapter. We should make it less prominent that users are not lured into
using it so often anymore. So instead of starting the network chapter with
"-net nic" and documenting "-net <backend>" below "-netdev <backend>"
everywhere, all the "-net" related documentation is now moved to the end
of the chapter. The new "-nic" option is moved to the beginning of the
chapter instead, with a new example that should demonstrate how "-nic"
can be used to shortcut "-device" with "-netdev". The examples in this
chapter are changed to use the "-device" and "-netdev" options or
"-nic" instead of "-net nic -net <backend>".
While we're at it, also remove a legacy remark about very old Linux
distributions. Also remove the "[...]" from the examples in this chapter
since we are not using this ellipsis in any other examples in our docu-
mentation.
Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Stefan Berger [Wed, 28 Mar 2018 19:39:17 +0000 (15:39 -0400)]
tpm: CRB: Enforce locality is requested before processing buffer
Section 5.5.3.2.2 of the CRB specs states that use of the TPM
through the localty control method must first be requested,
otherwise the command will be dropped.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Michael Clark [Fri, 23 Mar 2018 23:49:07 +0000 (16:49 -0700)]
RISC-V: Workaround for critical mstatus.FS bug
This change is a workaround for a bug where mstatus.FS
is not correctly reporting dirty after operations that
modify floating point registers. This a critical bug
or RISC-V in QEMU as it results in floating point
register file corruption when running SMP Linux due to
task migration and possibly uniprocessor Linux if
more than one process is using the FPU.
This workaround will return dirty if mstatus.FS is
switched from off to initial or clean. According to
the specification it is legal for an implementation
to return only off, or dirty.
Cc: Palmer Dabbelt <palmer@sifive.com> Cc: Sagar Karandikar <sagark@eecs.berkeley.edu> Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Alex Bennée <alex.bennee@linaro.org> Cc: Richard Henderson <richard.henderson@linaro.org> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Michael Clark <mjc@sifive.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
migration: Don't activate block devices if using -S
Activating the block devices causes the locks to be taken on
the backing file. If we're running with -S and the destination libvirt
hasn't started the destination with 'cont', it's expecting the locks are
still untaken.
Don't activate the block devices if we're not going to autostart the VM;
'cont' already will do that anyway.
bz: https://bugzilla.redhat.com/show_bug.cgi?id=1560854 Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20180328170207.49512-1-dgilbert@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x7fe1abb80a38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38)
#1 0x7fe1aaf1bf75 in g_malloc0 ../glib/gmem.c:124
#2 0x7fe1aaf1c249 in g_malloc0_n ../glib/gmem.c:355
#3 0x55f4841cfaa9 in postcopy_ram_fault_thread /home/elmarco/src/qemu/migration/postcopy-ram.c:596
#4 0x55f48479447b in qemu_thread_start /home/elmarco/src/qemu/util/qemu-thread-posix.c:504
#5 0x7fe1a043550a in start_thread (/lib64/libpthread.so.0+0x750a)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180321113644.21899-1-marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Peter Maydell [Wed, 28 Mar 2018 21:13:38 +0000 (22:13 +0100)]
Merge remote-tracking branch 'remotes/riscv/tags/riscv-qemu-2.12-important-fixes' into staging
RISC-V: Important fixes for QEMU 2.12
This series includes changes that are considered important.
i.e. correct user-visible bugs that are exercised by common
operations such as -cpu list (CPU model changes) or -d in_asm
(fix for disassembly of addiw)
# gpg: Signature made Wed 28 Mar 2018 21:34:57 BST
# gpg: using DSA key 6BF1D7B357EF3E4F
# gpg: Good signature from "Michael Clark <michaeljclark@mac.com>"
# gpg: aka "Michael Clark <mjc@sifive.com>"
# gpg: aka "Michael Clark <michael@metaparadigm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7C99 930E B17C D8BA 073D 5EFA 6BF1 D7B3 57EF 3E4F
* remotes/riscv/tags/riscv-qemu-2.12-important-fixes:
RISC-V: Fix incorrect disassembly for addiw
RISC-V: Convert cpu definition to future model
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Michael Clark [Fri, 23 Mar 2018 08:07:01 +0000 (01:07 -0700)]
RISC-V: Fix incorrect disassembly for addiw
This fixes a bug in the disassembler constraints used
to lift instructions into pseudo-instructions, whereby
addiw instructions are always lifted to sext.w instead
of just lifting addiw with a zero immediate.
An associated fix has been made to the metadata used to
machine generate the disseasembler:
Michael Clark [Thu, 8 Mar 2018 22:12:31 +0000 (11:12 +1300)]
RISC-V: Convert cpu definition to future model
- Model borrowed from target/sh4/cpu.c
- Rewrote riscv_cpu_list to use object_class_get_list
- Dropped 'struct RISCVCPUInfo' and used TypeInfo array
- Replaced riscv_cpu_register_types with DEFINE_TYPES
- Marked base class as abstract
- Fixes -cpu list
Cc: Igor Mammedov <imammedo@redhat.com> Cc: Sagar Karandikar <sagark@eecs.berkeley.edu> Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Cc: Palmer Dabbelt <palmer@sifive.com> Signed-off-by: Michael Clark <mjc@sifive.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Failure to do so results in the tcg optimizer sign-extending
any constant fold from 32-bits. This turns out to be visible
in the RISC-V testsuite using a host that emits these opcodes
(e.g. any non-x86_64).
Reported-by: Michael Clark <mjc@sifive.com> Reviewed-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
GDB crashes when qemu exits (at least on sparc-softmmu):
Remote communication error. Target disconnected.: Connection reset by peer.
Quitting: putpkt: write failed: Broken pipe.
So send a packet to exit GDB before we exit QEMU:
[Inferior 1 (Thread 0) exited normally]
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-id: 1521538773-30802-1-git-send-email-frederic.konrad@adacore.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 137b5cb6 refactored 'info cpus' output, changing
'thread_id' to 'thread-id'. While HMP is not a stable
interface, it is trivial to keep the spelling consistent
for test frameworks that have not yet updated to using QMP.
This patch just reverts back output format to 'thread_id'.
CC: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com> Signed-off-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Message-Id: <20180327123800.28851-1-sathnaga@linux.vnet.ibm.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
[eblake: improve commit message] Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Peter Xu [Mon, 26 Mar 2018 06:39:01 +0000 (14:39 +0800)]
tests: qmp-test: add test for new "x-oob"
Test the new OOB capability. It's mostly the reverted OOB test
(see commit 4fd78ad7), but differs in that:
- It uses the new qtest_init_without_qmp_handshake() parameter to
create the monitor with "x-oob"
- Squashed the capability tests on greeting message
- Don't use qtest_global any more, instead use self-maintained
QTestState, which is the trend
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180326063901.27425-9-peterx@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
[eblake: rebase to qtest_init changes] Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Eric Blake [Tue, 27 Mar 2018 01:36:19 +0000 (20:36 -0500)]
tests: Add parameter to qtest_init_without_qmp_handshake
Allow callers to choose whether to allow OOB support during a test;
for now, all existing callers pass false, but the next patch will
add a new caller. Also, rewrite the monitor setup to be generic
(using the -qmp shorthand is insufficient for honoring the parameter).
Based on an idea by Peter Xu, in <20180326063901.27425-8-peterx@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180327013620.1644387-4-eblake@redhat.com> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Acked-by: Peter Xu <peterx@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
It is not allowed if either MUX or non-QMP is detected, since
Out-Of-Band is currently only for QMP, and non-MUX chardev backends.
Note that the client STILL has to request 'oob' during qmp_capabilities;
in part because the x-oob command line option may disappear in the
future if we decide the capabilities negotiation is sufficient.
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180326063901.27425-4-peterx@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[eblake: enhance commit message] Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Peter Xu [Mon, 26 Mar 2018 06:38:55 +0000 (14:38 +0800)]
qmp: cleanup qmp queues properly
Marc-André Lureau reported that we can have this happen:
1. client1 connects, send command C1
2. client1 disconnects before getting response for C1
3. client2 connects, who might receive response of C1
However client2 should not receive remaining responses for client1.
Basically, we should clean up the request/response queue elements when:
- after a session is closed
- before destroying the queues
Some helpers are introduced to achieve that. We need to make sure we're
with the lock when operating on those queues. This also needed the
declaration of QMPRequest moved earlier.
Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180326063901.27425-3-peterx@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[eblake: drop pointless qmp_response_free(), drop queue flush on connect
since a clean queue on disconnect is sufficient] Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Peter Xu [Mon, 26 Mar 2018 06:38:58 +0000 (14:38 +0800)]
tests: let qapi-schema tests detect oob
The allow_oob parameter was passed in but not used in tests. Now
reflect that in the tests, so we need to touch up other command testers
with that new change.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180326063901.27425-6-peterx@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20180323143202.28879-5-lvivier@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Acked-by: Fam Zheng <famz@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Eric Blake [Fri, 23 Mar 2018 20:43:41 +0000 (15:43 -0500)]
tests: Silence false positive warning on generated test name
Running 'make check' on rawhide with gcc 8.0.1 fails:
tests/test-visitor-serialization.c: In function 'main':
tests/test-visitor-serialization.c:1127:34: error: '/primitives/' directive writing 12 bytes into a region of size between 1 and 128 [-Werror=format-overflow=]
The warning is a false positive (we have two buffers of size 128,
so yes, if we FULLY used the first buffer, then sprint'ing it into
the second will overflow the second). But in practice, our first
buffer will not be longer than "/visitor/serialization/String",
so sizing it smaller is enough to let gcc see that we don't
overflow the second.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180323204341.1501664-1-eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Stefan Hajnoczi [Mon, 12 Mar 2018 13:22:04 +0000 (13:22 +0000)]
MAINTAINERS: add include/block/aio-wait.h
The include/block/aio-wait.h header file was added by commit 7719f3c968c59e1bcda7e177679dc765b59e578f ("block: extract
AIO_WAIT_WHILE() from BlockDriverState") without updating MAINTAINERS.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20180312132204.23683-1-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Thu, 22 Mar 2018 15:28:34 +0000 (15:28 +0000)]
coroutine: add test-aio coroutine queue chaining test case
Check that two coroutines can queue each other repeatedly without
hitting stack exhaustion.
Switch to qemu_init_main_loop() in main() because coroutines use
qemu_get_aio_context() - they don't know about test-aio's ctx variable.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20180322152834.12656-4-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Thu, 22 Mar 2018 15:28:33 +0000 (15:28 +0000)]
coroutine: avoid co_queue_wakeup recursion
qemu_aio_coroutine_enter() is (indirectly) called recursively when
processing co_queue_wakeup. This can lead to stack exhaustion.
This patch rewrites co_queue_wakeup in an iterative fashion (instead of
recursive) with bounded memory usage to prevent stack exhaustion.
qemu_co_queue_run_restart() is inlined into qemu_aio_coroutine_enter()
and the qemu_coroutine_enter() call is turned into a loop to avoid
recursion.
There is one change that is worth mentioning: Previously, when
coroutine A queued coroutine B, qemu_co_queue_run_restart() entered
coroutine B from coroutine A. If A was terminating then it would still
stay alive until B yielded. After this patch B is entered by A's parent
so that a A can be deleted immediately if it is terminating.
It is safe to make this change since B could never interact with A if it
was terminating anyway.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20180322152834.12656-3-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Thu, 22 Mar 2018 15:28:32 +0000 (15:28 +0000)]
queue: add QSIMPLEQ_PREPEND()
QSIMPLEQ_CONCAT(a, b) joins a = a + b. The new QSIMPLEQ_PREPEND(a, b)
API joins a = b + a.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20180322152834.12656-2-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Mark Cave-Ayland [Tue, 27 Mar 2018 04:38:00 +0000 (00:38 -0400)]
macio: fix NULL pointer dereference when issuing IDE trim
Commit ef0e64a983 "ide: pass IDEState to trim AIO callback" changed the
IDE trim callback from using a BlockBackend to an IDEState but forgot to update
the dma_blk_io() call in hw/ide/macio.c accordingly.
Without this fix qemu-system-ppc segfaults when issuing an IDE trim command on
any of the PPC Mac machines (easily triggered by running the Debian installer).
Reported-by: Howard Spoelstra <hsp.cat7@gmail.com> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
Message-id: 20180223184700.28854-1-mark.cave-ayland@ilande.co.uk Signed-off-by: John Snow <jsnow@redhat.com>
Anton Nefedov [Tue, 27 Mar 2018 04:38:00 +0000 (00:38 -0400)]
ide: fix invalid TRIM range abortion for macio
commit 947858b0 "ide: abort TRIM operation for invalid range"
is incorrect for macio; just ide_dma_error() without doing a callback
is not enough for that errorpath.
Instead, pass -EINVAL to the callback and handle it there
(see related motivation for read/write in 58ac32113).
It will however catch possible EINVAL from the block layer too.
Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-id: 1520010495-58172-1-git-send-email-anton.nefedov@virtuozzo.com Signed-off-by: John Snow <jsnow@redhat.com>
Max Filippov [Fri, 23 Mar 2018 12:56:19 +0000 (05:56 -0700)]
target/xtensa: fix timers test
The value of CCOUNT special register is calculated as time elapsed
since CCOUNT == 0 multiplied by the core frequency. In icount mode time
increment between consecutive instructions that don't involve time
warps is constant, but unless the result of multiplication of this
constant by the core frequency is a whole number the CCOUNT increment
between these instructions may not be constant. E.g. with icount=7 each
instruction takes 128ns, with core clock of 10MHz CCOUNT values for
consecutive instructions are:
I.e.the CCOUNT increments depend on the absolute time. This results in
varying CCOUNT differences for consecutive instructions in tests that
involve time warps and don't set CCOUNT explicitly.
Change frequency of the core used in tests so that clock cycle takes
exactly 64ns. Change icount power used in tests to 6, so that each
instruction takes exactly 1 clock cycle. With these changes CCOUNT
increments only depend on the number of executed instructions and that's
what timer tests expect, so they work correctly.
Cc: Pavel Dovgaluk <Pavel.Dovgaluk@ispras.ru> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
yuchenlin [Thu, 22 Mar 2018 13:33:37 +0000 (21:33 +0800)]
vmdk: return ERROR when cluster sector is larger than vmdk limitation
VMDK has a hard limitation of extent size, which is due to the size of grain
table entry is 32 bits. It means it can only point to a grain located at
offset = 2^32. To avoid writing the user data beyond limitation and record a useless offset
in grain table. We should return ERROR here.
Shared migration for dirty bitmaps is fixed by previous patches,
so we can enable the test.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-id: 20180320170521.32152-5-vsementsov@virtuozzo.com Signed-off-by: Max Reitz <mreitz@redhat.com>
qcow2: fix bitmaps loading when bitmaps already exist
On reopen with existing bitmaps, instead of loading bitmaps, lets
reopen them if needed. This also fixes bitmaps migration through
shared storage.
Consider the case. Persistent bitmaps are stored on bdrv_inactivate.
Then, on destination process_incoming_migration_bh() calls
bdrv_invalidate_cache_all() which leads to
qcow2_load_autoloading_dirty_bitmaps() which fails if bitmaps are
already loaded on destination start.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-id: 20180320170521.32152-3-vsementsov@virtuozzo.com Signed-off-by: Max Reitz <mreitz@redhat.com>
Add version of qcow2_reopen_bitmaps_rw, which do the same work but
also return a hint about was header updated or not. This will be
used in the following fix for bitmaps reloading after migration.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 20180320170521.32152-2-vsementsov@virtuozzo.com Signed-off-by: Max Reitz <mreitz@redhat.com>
Peter Maydell [Mon, 26 Mar 2018 16:13:31 +0000 (17:13 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches
# gpg: Signature made Mon 26 Mar 2018 15:33:01 BST
# gpg: using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream:
qemu-iotests: Test vhdx image creation with QMP
vhdx: Check for 4 GB maximum log size on creation
vhdx: Don't use error_setg_errno() with constant errno
vhdx: Require power-of-two block size on create
qemu-iotests: Test parallels image creation with QMP
parallels: Check maximum cluster size on create
qemu-iotests: Test invalid resize on luks
luks: Turn another invalid assertion into check
qemu-iotests: Enable 025 for luks
qemu-iotests: Test vdi image creation with QMP
vdi: Fix build with CONFIG_VDI_DEBUG
vdi: Change 'static' create option to 'preallocation' in QMP
qcow2: Reset free_cluster_index when allocating a new refcount block
include/block/block_int: Document protocol related functions
block/blkreplay: Remove protocol-related fields
block/throttle: Remove protocol-related fields
block/quorum: Remove protocol-related fields
block/replication: Remove protocol_name field
iotests: 163 is not quick
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
A recent glibc change relies on the fact that the iaoq must be 3,
and computes an address based on that. QEMU had been ignoring the
priv level for user-only, which produced an incorrect address.
Reported-by: John David Anglin <dave.anglin@bell.net> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* remotes/bonzini/tags/for-upstream:
qemu-pr-helper: Actually allow users to specify pidfile
chardev/char-fe: Allow NULL chardev in qemu_chr_fe_init()
iothread: fix breakage on windows
scsi: turn "is this a SCSI device?" into a conditional hint
chardev-socket: remove useless if
tcg: Really fix cpu_io_recompile
vhost-user-test: add back memfd check
vhost-user-test: do not hang if chardev creation failed
scripts/device-crash-test: Remove fixed isapc-with-iommu entry
hw/audio: Fix crashes when devices are used on ISA bus without DMA
fdc: Exit if ISA controller does not support DMA
hw/net/can: Fix segfaults when using the devices without bus
WHPX improve vcpu_post_run perf
WHPX fix WHvSetPartitionProperty in PropertyCode
WHPX fix WHvGetCapability out WrittenSizeInBytes
scripts/get_maintainer.pl: Print proper error message for missing $file
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 23 Mar 2018 15:29:48 +0000 (15:29 +0000)]
chardev/char-fe: Allow NULL chardev in qemu_chr_fe_init()
All the functions in char-fe.c handle the CharBackend
having a NULL Chardev pointer, which means that the
backend exists but is not connected to anything. The
exception is qemu_chr_fe_init(), which will crash if
passed a NULL Chardev pointer argument. This can happen
for various boards if they're started with 'nodefaults':
arm-softmmu/qemu-system-arm -S -nodefaults -M cubieboard
riscv32-softmmu/qemu-system-riscv32 -nodefaults -M sifive_e
Make qemu_chr_fe_init() accept a NULL chardev. This allows
UART models to handle NULL chardev properties without
generally needing to special case them or to manually
create a NullChardev.
Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20180323152948.27048-1-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Xu [Thu, 22 Mar 2018 08:56:30 +0000 (16:56 +0800)]
iothread: fix breakage on windows
OOB can enable iothread for parsing even on Windows. We need some tunes
to enable that on Windows otherwise it'll break Windows users. This
patch fixes the breakage on Windows with qemu-system-ppc.exe.
Reported-by: Howard Spoelstra <hsp.cat7@gmail.com> Tested-by: Howard Spoelstra <hsp.cat7@gmail.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180322085630.23654-1-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 21 Mar 2018 10:57:26 +0000 (11:57 +0100)]
scsi: turn "is this a SCSI device?" into a conditional hint
If the user does not have permissions to send ioctls to the device (due to
SELinux or cgroups, for example), the output can look like
qemu-kvm: -device scsi-block,drive=disk: cannot get SG_IO version number:
Operation not permitted. Is this a SCSI device?
but this is confusing because the ioctl was blocked _before_ the device
even received the SG_GET_VERSION_NUM ioctl. Therefore, for EPERM errors
the suggestion should be eliminated. To make that simpler, change the
code to use error_append_hint.
Reported-by: Ala Hino <ahino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 20 Mar 2018 15:18:43 +0000 (16:18 +0100)]
chardev-socket: remove useless if
This trips Coverity, which believes the subsequent qio_channel_create_watch
can dereference a NULL pointer. In reality, tcp_chr_connect's callers
all have s->ioc properly initialized, since they are all rooted at
tcp_chr_new_client.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We have confused the number of instructions that have been
executed in the TB with the number of instructions needed
to repeat the I/O instruction.
We have used cpu_restore_state_from_tb, which means that
the guest pc is pointing to the I/O instruction. The only
time the answer to the later question is not 1 is when
MIPS or SH4 need to re-execute the branch for the delay
slot as well.
We must rely on cpu->cflags_next_tb to generate the next TB,
as otherwise we have a race condition with other guest cpus
within the TB cache.
Fixes: 0790f86861079b1932679d0f011e431aaf4ee9e2 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180319031545.29359-1-richard.henderson@linaro.org> Tested-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This revert commit fb68096da3d35e64c88cd610c1fa42766c58e92a, and
modify test_read_guest_mem() to use different chardev names, when
using memfd (_test_server_free(), where the chardev is removed, runs
in idle).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180215212552.26997-4-marcandre.lureau@redhat.com> Acked-by: Maxime Coquelin <maxime.coquelin@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
vhost-user-test: do not hang if chardev creation failed
Before the chardev name fix, the following error may happen: "attempt
to add duplicate property 'chr-test' to object (type 'container')",
due to races.
Sadly, error_vprintf() uses g_test_message(), so you have to use
read the cryptic --debug-log to see it. Later, it would make sense to
use g_critical() instead, and catch errors with
g_test_expect_message() (in glib 2.34).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180215212552.26997-5-marcandre.lureau@redhat.com> Acked-by: Maxime Coquelin <maxime.coquelin@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1521193892-15552-5-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Thomas Huth [Fri, 16 Mar 2018 09:51:31 +0000 (10:51 +0100)]
hw/audio: Fix crashes when devices are used on ISA bus without DMA
The cs4231a, gus and sb16 sound cards crash QEMU when the user tries
to instantiate them on a machine with DMA-less ISA bus (for example
with "qemu-system-mips64el -M mips -device sb16"). Add proper checks
to the realize functions to avoid the crashes.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1521193892-15552-4-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
A "powernv" machine type defines an ISA bus but it does not add any DMA
controller to it so it is possible to hit assert(fdctrl->dma) by
adding "-machine powernv -device isa-fdc".
This replaces assert() with an error message.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[thuth: Slightly adjusted error message and updated scripts/device-crash-test] Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1521193892-15552-3-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
So we've got to add a proper check here that the corresponding
bus is available.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1521193892-15552-2-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This removes the additional call to WHvGetVirtualProcessorRegisters in
whpx_vcpu_post_run now that the WHV_VP_EXIT_CONTEXT is returned in all
WHV_RUN_VP_EXIT_CONTEXT structures.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
Message-Id: <1521039163-138-4-git-send-email-juterry@microsoft.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This fixes a breaking change to WHvSetPartitionProperty to pass the 'in'
PropertyCode on function invocation introduced in Windows Insider SDK 17110.
Usage of this indicates the PropertyCode of the opaque PropertyBuffer passed in
on function invocation.
Also fixes the removal of the PropertyCode parameter from the
WHV_PARTITION_PROPERTY struct as it is now passed to the function directly.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
Message-Id: <1521039163-138-3-git-send-email-juterry@microsoft.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Ian Jackson [Thu, 8 Mar 2018 19:03:07 +0000 (19:03 +0000)]
scripts/get_maintainer.pl: Print proper error message for missing $file
If you pass scripts/get_maintainer.pl the name of a FIFO or other
exciting object (/dev/stdin, for example), it would falsely print
"file not found". Instead: stat the object rather than using -f so
that we do not mind if the object is not a file; and print the errno
value in the error message.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Thomas Huth <thuth@redhat.com> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Stefano Stabellini <sstabellini@kernel.org> CC: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <1520535787-6223-13-git-send-email-ian.jackson@eu.citrix.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Kevin Wolf [Tue, 20 Mar 2018 17:24:54 +0000 (18:24 +0100)]
vhdx: Check for 4 GB maximum log size on creation
It's unclear what the real maximum is, but we use an uint32_t to store
the log size in vhdx_co_create(), so we should check that the given
value fits in 32 bits.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com>
Kevin Wolf [Tue, 20 Mar 2018 17:11:09 +0000 (18:11 +0100)]
vhdx: Don't use error_setg_errno() with constant errno
error_setg_errno() is meant for cases where we got an errno from the OS
that can add useful extra information to an error message. It's
pointless if we pass a constant errno, these cases should use plain
error_setg().
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com>
Kevin Wolf [Tue, 20 Mar 2018 16:07:58 +0000 (17:07 +0100)]
parallels: Check maximum cluster size on create
It's unclear what the real maximum cluster size is for the Parallels
format, but let's at least make sure that we don't get integer
overflows in our .bdrv_co_create implementation.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Kevin Wolf [Tue, 20 Mar 2018 15:38:51 +0000 (16:38 +0100)]
luks: Turn another invalid assertion into check
Commit e39e959e fixed an invalid assertion in the .bdrv_length
implementation, but left a similar assertion in place for
.bdrv_truncate. Instead of crashing when the user requests a too large
image size, fail gracefully.
A file size of exactly INT64_MAX caused failure before, but is actually
legal.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Kevin Wolf [Tue, 20 Mar 2018 13:41:53 +0000 (14:41 +0100)]
vdi: Fix build with CONFIG_VDI_DEBUG
Use qemu_uuid_unparse() instead of uuid_unparse() to make vdi.c compile
again when CONFIG_VDI_DEBUG is set. In order to prevent future bitrot,
replace '#ifdef CONFIG_VDI_DEBUG' by 'if (VDI_DEBUG)' so that the
compiler always sees the code.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Kevin Wolf [Tue, 20 Mar 2018 14:08:00 +0000 (15:08 +0100)]
vdi: Change 'static' create option to 'preallocation' in QMP
What static=on really does is what we call metadata preallocation for
other block drivers. While we can still change the QMP interface, make
it more consistent by using 'preallocation' for VDI, too.
This doesn't implement any new functionality, so the only supported
preallocation modes are 'off' and 'metadata' for now.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Alberto Garcia [Wed, 21 Mar 2018 13:38:52 +0000 (15:38 +0200)]
qcow2: Reset free_cluster_index when allocating a new refcount block
When we try to allocate new clusters we first look for available ones
starting from s->free_cluster_index and once we find them we increase
their reference counts. Before we get to call update_refcount() to do
this last step s->free_cluster_index is already pointing to the next
cluster after the ones we are trying to allocate.
During update_refcount() it may happen however that we also need to
allocate a new refcount block in order to store the refcounts of these
new clusters (and to complicate things further that may also require
us to grow the refcount table). After all this we don't know if the
clusters that we originally tried to allocate are still available, so
we return -EAGAIN to ask the caller to restart the search for free
clusters.
This is what can happen in a common scenario:
1) We want to allocate a new cluster and we see that cluster N is
free.
2) We try to increase N's refcount but all refcount blocks are full,
so we allocate a new one at N+1 (where s->free_cluster_index was
pointing at).
3) Once we're done we return -EAGAIN to look again for a free
cluster, but now s->free_cluster_index points at N+2, so that's
the one we allocate. Cluster N remains unallocated and we have a
hole in the qcow2 file.
After this the image has 132608 bytes (256 clusters), and the refcount
block is full. If we write 512 more bytes it should allocate two new
clusters: the data cluster itself and a new refcount block.
qemu-io -c 'write 124k 512' hd.qcow2
However the image has now three new clusters (259 in total), and the
first one of them is empty (and unallocated):
If we write larger amounts of data in the last step instead of the 512
bytes used in this example we can create larger holes in the qcow2
file.
What this patch does is reset s->free_cluster_index to its previous
value when alloc_refcount_block() returns -EAGAIN. This way the caller
will try to allocate again the original clusters if they are still
free.
The output of iotest 026 also needs to be updated because now that
images have no holes some tests fail at a different point and the
number of leaked clusters is different.
Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fabiano Rosas [Mon, 12 Mar 2018 22:07:52 +0000 (19:07 -0300)]
block/blkreplay: Remove protocol-related fields
The blkreplay driver is not a protocol so it should implement bdrv_open
instead of bdrv_file_open and not provide a protocol_name.
Attempts to invoke this driver using protocol syntax
(i.e. blkreplay:<filename:options:...>) will now fail gracefully:
$ qemu-img info blkreplay:foo
qemu-img: Could not open 'blkreplay:foo': Unknown protocol 'blkreplay'
Signed-off-by: Fabiano Rosas <farosas@linux.vnet.ibm.com> Reviewed-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fabiano Rosas [Mon, 12 Mar 2018 22:07:51 +0000 (19:07 -0300)]
block/throttle: Remove protocol-related fields
The throttle driver is not a protocol so it should implement bdrv_open
instead of bdrv_file_open and not provide a protocol_name.
Attempts to invoke this driver using protocol syntax
(i.e. throttle:<filename:options:...>) will now fail gracefully:
$ qemu-img info throttle:foo
qemu-img: Could not open 'throttle:foo': Unknown protocol 'throttle'
Signed-off-by: Fabiano Rosas <farosas@linux.vnet.ibm.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fabiano Rosas [Mon, 12 Mar 2018 22:07:50 +0000 (19:07 -0300)]
block/quorum: Remove protocol-related fields
The quorum driver is not a protocol so it should implement bdrv_open
instead of bdrv_file_open and not provide a protocol_name.
Attempts to invoke this driver using protocol syntax
(i.e. quorum:<filename:options:...>) will now fail gracefully:
$ qemu-img info quorum:foo
qemu-img: Could not open 'quorum:foo': Unknown protocol 'quorum'
Signed-off-by: Fabiano Rosas <farosas@linux.vnet.ibm.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fabiano Rosas [Mon, 12 Mar 2018 22:07:49 +0000 (19:07 -0300)]
block/replication: Remove protocol_name field
The protocol_name field is used when selecting a driver via protocol
syntax (i.e. <protocol_name>:<filename:options:...>). Drivers that are
only selected explicitly (e.g. driver=replication,mode=primary,...)
should not have a protocol_name.
This patch removes the protocol_name field from the brdv_replication
structure so that attempts to invoke this driver using protocol syntax
will fail gracefully:
$ qemu-img info replication:foo
qemu-img: Could not open 'replication:': Unknown protocol 'replication'
Buglink: https://bugs.launchpad.net/qemu/+bug/1726733 Signed-off-by: Fabiano Rosas <farosas@linux.vnet.ibm.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Peter Maydell [Mon, 26 Mar 2018 10:02:50 +0000 (11:02 +0100)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Mon 26 Mar 2018 07:53:27 BST
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
net/vde: print error on vde_open() failure
virtio_net: flush uncompleted TX on reset
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Despite the fact that now when the initialization of vde fails, qemu
does not end silently, no informative error is printed. The patch
generates an error and pushes it through the calling function.
Related bug: https://bugs.launchpad.net/qemu/+bug/676029
Signed-off-by: Julia Suvorova <jusual@mail.ru> Signed-off-by: Jason Wang <jasowang@redhat.com>
Greg Kurz [Tue, 20 Mar 2018 10:44:56 +0000 (11:44 +0100)]
virtio_net: flush uncompleted TX on reset
If the backend could not transmit a packet right away for some reason,
the packet is queued for asynchronous sending. The corresponding vq
element is tracked in the async_tx.elem field of the VirtIONetQueue,
for later freeing when the transmission is complete.
If a reset happens before completion, virtio_net_tx_complete() will push
async_tx.elem back to the guest anyway, and we end up with the inuse flag
of the vq being equal to -1. The next call to virtqueue_pop() is then
likely to fail with "Virtqueue size exceeded".
This can be reproduced easily by starting a guest with an hubport backend
that is not connected to a functional network, eg,
and no other -netdev hubport,hubid=0 on the command line.
The appropriate fix is to ensure that such an asynchronous transmission
cannot survive a device reset. So for all queues, we first try to send
the packet again, and eventually we purge it if the backend still could
not deliver it.
CC: qemu-stable@nongnu.org Reported-by: R. Nageswara Sastry <nasastry@in.ibm.com> Buglink: https://github.com/open-power-host-os/qemu/issues/37 Signed-off-by: Greg Kurz <groug@kaod.org> Tested-by: R. Nageswara Sastry <nasastry@in.ibm.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Peter Maydell [Sun, 25 Mar 2018 12:51:33 +0000 (13:51 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180323' into staging
target-arm queue:
* arm/translate-a64: don't lose interrupts after unmasking via write to DAIF
* sdhci: fix incorrect use of Error *
* hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses
* hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15
* i.MX: Support serial RS-232 break properly
* mach-virt: Set VM's SMBIOS system version to mc->name
* target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK
* target/arm: Factor out code to calculate FSR for debug exceptions
* target/arm: Set FSR for BKPT, BRK when raising exception
* target/arm: Always set FAR to a known unknown value for debug exceptions
# gpg: Signature made Fri 23 Mar 2018 18:48:57 GMT
# gpg: using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg: aka "Peter Maydell <pmaydell@gmail.com>"
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-20180323:
target/arm: Always set FAR to a known unknown value for debug exceptions
target/arm: Set FSR for BKPT, BRK when raising exception
target/arm: Factor out code to calculate FSR for debug exceptions
target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK
mach-virt: Set VM's SMBIOS system version to mc->name
i.MX: Support serial RS-232 break properly
hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15
hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses
sdhci: fix incorrect use of Error *
arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sat, 24 Mar 2018 19:26:11 +0000 (19:26 +0000)]
Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20180323a' into staging
Migration fixes for 2.12
All small fixes. Dan's is a missing piece
of a cleanup that finally completes something,
and between Paolo, Dan and myself we recon it's
still on the edge of being a bug fix.
# gpg: Signature made Fri 23 Mar 2018 20:17:40 GMT
# gpg: using RSA key 0516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>"
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert/tags/pull-migration-20180323a:
migration: Fix block migration flag case
migration/block: compare only read blocks against the rate limiter
migration/block: limit the number of parallel I/O requests
migration: Fix rate limiting issue on RDMA migration
migration: convert socket server to QIONetListener
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sat, 24 Mar 2018 16:34:06 +0000 (16:34 +0000)]
Merge remote-tracking branch 'remotes/marcel/tags/rdma-pull-request' into staging
* fix PVRDMA compilation errors and warnings
* implement query_qp for the PVRDMA device
* fix make - switch from -I to -iquote
# gpg: Signature made Fri 23 Mar 2018 15:39:23 GMT
# gpg: using RSA key 36D4C0F0CF2FE46D
# gpg: Good signature from "Marcel Apfelbaum <marcel@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B1C6 3A57 F92E 08F2 640F 31F5 36D4 C0F0 CF2F E46D
* remotes/marcel/tags/rdma-pull-request:
hw/rdma: Fix 32-bit compilation
hw/rdma: Use correct print format in CHK_ATTR macro
hw/rdma: Change host_virt to void *
hw/rdma: fix clang compilation errors
make: switch from -I to -iquote
rdma: fix up include directives
hw/rdma: Add support for Query QP verb to pvrdma device
hw/rdma: Add Query QP operation
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / mirror_qemu.git / log