ui/virtio-gpu: add and use qemu_create_displaysurface_pixman
Add a the new qemu_create_displaysurface_pixman function, to create
a DisplaySurface backed by an existing pixman image. In that case
there is no need to create a new pixman image pointing to the same
backing storage. We can just use the existing image directly.
This does not only simplify things a bit, but most importantly it
gets the reference counting right, so the backing storage for the
pixman image wouldn't be released underneath us.
Use new function in virtio-gpu, where using it actually fixes
use-after-free crashes.
Peter Maydell [Fri, 8 Apr 2016 11:45:53 +0000 (12:45 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pci, virtio, acpi: fixes for 2.6
Fixes all over the place. Most notably, fixes migration
for systems with pci express bridges, and random crashes
observed with virtio blk and scsi dataplane.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri 08 Apr 2016 08:53:46 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
hw/pci-bridge: Add missing unref in case register-bus fails
virtio: merge virtio_queue_aio_set_host_notifier_handler with virtio_queue_set_aio
virtio-scsi: use aio handler for data plane
virtio-blk: use aio handler for data plane
virtio: add aio handler
virtio-scsi: fix disabled mode
virtio-blk: fix disabled mode
virtio: make virtio_queue_notify_vq static
tests/bios-tables-test: fix assert
virtio-balloon: reset the statistic timer to load device
Migration: Add i82801b11 migration data
Sort the fw_cfg file list
xen: piix reuse pci generic class init function
pci-testdev: fast mmio support
acpi: Add missing GCC_FMT_ATTR
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 8 Apr 2016 10:54:18 +0000 (11:54 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160408' into staging
ppc patch queue for 2016-04-08
Just a single bugfix for spapr in this batch, but I want to make sure
it gets in for 2.6.
# gpg: Signature made Fri 08 Apr 2016 06:02:45 BST using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392
Peter Maydell [Fri, 8 Apr 2016 09:51:45 +0000 (10:51 +0100)]
Merge remote-tracking branch 'remotes/weil/tags/pull-tci-20160407' into staging
tci patch queue
# gpg: Signature made Thu 07 Apr 2016 18:01:55 BST using RSA key ID 677450AD
# gpg: Good signature from "Stefan Weil <sw@weilnetz.de>"
# gpg: aka "Stefan Weil <stefan.weil@weilnetz.de>"
# gpg: aka "Stefan Weil <stefan.weil@bib.uni-mannheim.de>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4923 6FEA 75C9 5D69 8EC2 B78A E08C 21D5 6774 50AD
Peter Maydell [Fri, 8 Apr 2016 09:25:22 +0000 (10:25 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* NBD fixes from Alex and Eric
* Debug code bitrot from Emilio
* HPET fix from Bill
* ps2kbd fix from Hervé
* PKU fix from myself
* Coverity fixes from Gonglei
* More memory.txt update from Jiangang
* .gitignore maintenance from Changlong
# gpg: Signature made Thu 07 Apr 2016 23:08:12 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
* remotes/bonzini/tags/for-upstream:
target-i386: check for PKU even for non-writable pages
tests: ignore test-logging
translate-all: add missing fold of tb_ctx into tcg_ctx
hostmem-file: fix memory leak
spapr: fix possible Negative array index read
nbd: do not hang nbd_wr_syncv if outside a coroutine and no available data
nbd: Don't kill server when client requests unknown option
nbd: Fix NBD unsupported options
qemu-nbd: Document -x option
nbd: Improve debug traces on little-endian
nbd: Avoid bitrot in TRACE() usage
nbd: Return correct error for write to read-only export
docs: fix typo in memory.txt
hw/timer: Revert "hpet: inverse polarity when pin above ISA_NUM_IRQS"
ps2kbd: default to scancode_set 2, as with KBD_CMD_RESET
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
ibm,lrdr-capacity has a field to describe the maximum address in bytes
and therefore, the most memory that can be allocated to this guest. We
are using maxmem for this field, but instead should use the actual RAM
address corresponding to the end of hotplug region.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(All failures are combinations of "pde.user pde.p pkru.wd pkey=1",
plus either "pde.pse" or "pte.p pte.user", plus one of "user cr0.wp",
"cr0.wp" or "user", plus unimportant bits such as accessed/dirty or
efer.nx).
So PFEC.PKEY is set even if the ordinary check failed (which it did
because pde.w is zero). Adjust QEMU to match behavior of silicon.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
translate-all: add missing fold of tb_ctx into tcg_ctx
Since 5e5f07e08 "TCG: Move translation block variables
to new context inside tcg_ctx: tb_ctx" on Feb 1 2013, compilation
of usermode + TB_DEBUG_CHECK has been broken. Fix it.
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1459834253-8291-2-git-send-email-cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 7 Apr 2016 11:25:08 +0000 (13:25 +0200)]
nbd: do not hang nbd_wr_syncv if outside a coroutine and no available data
Until commit 1c778ef7 ("nbd: convert to using I/O channels for actual
socket I/O", 2016-02-16), nbd_wr_sync returned -EAGAIN this scenario.
nbd_reply_ready required these semantics because it has two conflicting
requirements:
1) if a reply can be received on the socket, nbd_reply_ready needs
to read the header outside coroutine context to identify _which_
coroutine to enter to process the rest of the reply
2) on the other hand, nbd_reply_ready can find a false positive if
another thread (e.g. a VCPU thread running aio_poll) sneaks in and
calls nbd_reply_ready too. In this case nbd_reply_ready does nothing
and expects nbd_wr_syncv to return -EAGAIN.
Currently, the solution to the first requirement is to wait in the very
rare case of a read() that doesn't retrieve the reply header in its
entirety; this is what nbd_wr_syncv does by calling qio_channel_wait().
However, the unconditional call to qio_channel_wait() breaks the second
requirement. To fix this, the patch makes nbd_wr_syncv return -EAGAIN
if done is zero, similar to the code before commit 1c778ef7.
This is okay because NBD client-side negotiation is the only other case
that calls nbd_wr_syncv outside a coroutine, and it places the socket
in blocking mode. On the other hand, it is a bit unpleasant to put
this in nbd_wr_syncv(), because the function is used by both client
and server.
The full fix would be to add a counter to NbdClientSession for how
many bytes have been filled in s->reply. Then a reply can be filled
by multiple separate invocations of nbd_reply_ready and the
qio_channel_wait() call can be removed completely. Something to
consider for 2.7...
Reported-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eric Blake [Wed, 6 Apr 2016 22:48:38 +0000 (16:48 -0600)]
nbd: Don't kill server when client requests unknown option
nbd-server.c currently fails to handle unsupported options properly.
If during option haggling the client sends an unknown request, the
server kills the connection instead of letting the client try to
fall back to something older. This is precisely what advertising
NBD_FLAG_FIXED_NEWSTYLE was supposed to fix.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459982918-32229-1-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Alex Bligh [Wed, 6 Apr 2016 16:59:22 +0000 (10:59 -0600)]
nbd: Fix NBD unsupported options
nbd-client.c currently fails to handle unsupported options properly.
If during option haggling the server finds an option that is
unsupported, it returns an NBD_REP_ERR_UNSUP reply.
According to nbd's proto.md, the format for such a reply
should be:
S: 64 bits, 0x3e889045565a9 (magic number for replies)
S: 32 bits, the option as sent by the client to which this is a reply
S: 32 bits, reply type (e.g., NBD_REP_ACK for successful completion,
or NBD_REP_ERR_UNSUP to mark use of an option not known by this server
S: 32 bits, length of the reply. This may be zero for some replies,
in which case the next field is not sent
S: any data as required by the reply (e.g., an export name in the case
of NBD_REP_SERVER, or optional UTF-8 message for NBD_REP_ERR_*)
However, in nbd-client.c, the reply type was being read, and if it
contained an error, it was bailing out and issuing the next option
request without first reading the length. This meant that the
next option / handshake read had an extra 4 or more bytes of data in it.
In practice, this makes Qemu incompatible with servers that do not
support NBD_OPT_LIST.
To verify this isn't an error in the specification or my reading of
it, replies are sent by the reference implementation here:
https://github.com/yoe/nbd/blob/66dfb35/nbd-server.c#L1232
and as is evident it always sends a 'datasize' (aka length) 32 bit
word. Unsupported elements are replied to here:
https://github.com/yoe/nbd/blob/66dfb35/nbd-server.c#L1371
Signed-off-by: Alex Bligh <alex@alex.org.uk>
Message-Id: <1459882500-24316-1-git-send-email-alex@alex.org.uk>
[rework to ALWAYS consume an optional UTF-8 message from the server] Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459961962-18771-1-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eric Blake [Wed, 6 Apr 2016 02:02:08 +0000 (20:02 -0600)]
qemu-nbd: Document -x option
Commit 3d4b2f9c added -x to force qemu-nbd to use new-style
negotiation, but while it documented it in the man page, it
omitted docs in the --help output.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459908128-11925-1-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eric Blake [Wed, 6 Apr 2016 03:35:04 +0000 (21:35 -0600)]
nbd: Improve debug traces on little-endian
Print debug tracing messages while data is still in native
ordering, rather than after we've potentially swapped it into
network order for transmission. Also, it's nice if the server
mentions what it is replying, to correlate it to with what the
client says it is receiving.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459913704-19949-4-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eric Blake [Wed, 6 Apr 2016 03:35:03 +0000 (21:35 -0600)]
nbd: Avoid bitrot in TRACE() usage
The compiler is smart enough to optimize out 'if (0)', but won't
type-check our printfs if they are hidden behind #if.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459913704-19949-3-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eric Blake [Wed, 6 Apr 2016 03:35:02 +0000 (21:35 -0600)]
nbd: Return correct error for write to read-only export
The NBD Protocol requires that servers should send EPERM for
attempts to write (or trim) a read-only export. We were
correct for TRIM (blk_co_discard() gave EPERM); but were
manually setting EROFS which then got mapped to EINVAL over
the wire on writes.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459913704-19949-2-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This change was originally intended to correct the HPET behavior
in conjunction with Linux, however the behavior that it actually creates
is not compatible with the ioapic.c implementation; it used to be
compatible with KVM's own IOAPIC but it is not anymore.
Signed-off-by: Bill Paul <wpaul@windriver.com> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Richard Henderson <rth@twiddle.net> CC: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <201604051558.20070.wpaul@windriver.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Hervé Poussineau [Wed, 23 Mar 2016 06:21:40 +0000 (07:21 +0100)]
ps2kbd: default to scancode_set 2, as with KBD_CMD_RESET
This line has been added in commit ef74679a810fe6858f625b9d52b68cc3fc61eb3d with
other initializations. However, scancode set 0 doesn't exist (only 1, 2, 3).
This works well as long as operating system is resetting keyboard, or overwriting
the current scancode set with the one it wants.
This fixes IBM 40p firmware, which doesn't bother sending KBD_CMD_RESET or KBD_CMD_SCANCODE.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-Id: <1458714100-28885-1-git-send-email-hpoussin@reactos.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Thu, 7 Apr 2016 17:06:14 +0000 (18:06 +0100)]
Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2016-04-07-tag' into staging
qemu-ga patch queue for 2.6
* fix w32 bug where output from guest-exec is not properly captured
* fix w32 bug where FDs are leaked after guest-exec is invoked
# gpg: Signature made Thu 07 Apr 2016 17:46:21 BST using RSA key ID F108B584
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>"
# gpg: aka "Michael Roth <mdroth@utexas.edu>"
# gpg: aka "Michael Roth <mdroth@linux.vnet.ibm.com>"
* remotes/mdroth/tags/qga-pull-2016-04-07-tag:
qga: Workaround for console redirection from non-interactive qemu-ga service
qga: fix fd leak with guest-exec i/o channels
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Weil [Tue, 5 Apr 2016 20:24:51 +0000 (22:24 +0200)]
tci: Fix build regression
Commit d38ea87ac54af64ef611de434d07c12dc0399216 cleaned the include
statements which resulted in a wrong order of assert.h and the definition
of NDEBUG in tci.c. Normally NDEBUG modifies the definition of the assert
macro, but here this definition comes too late which results in a failing
build.
To fix this, a new macro tci_assert which depends on CONFIG_DEBUG_TCG
is introduced. Only builds with CONFIG_DEBUG_TCG will use assertions.
Even in this case, it is still possible to disable assertions by
defining NDEBUG via compiler settings.
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Stefan Weil <sw@weilnetz.de>
Wei Jiangang [Wed, 23 Mar 2016 07:26:19 +0000 (15:26 +0800)]
hw/pci-bridge: Add missing unref in case register-bus fails
The error paths after a successful qdev_create/pci_bus_new
should contain a object_unref/object_unparent.
pxb_dev_init_common() did not yet, so add it.
Signed-off-by: Wei Jiangang <weijg.fnst@cn.fujitsu.com> Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Paolo Bonzini [Wed, 6 Apr 2016 10:16:28 +0000 (12:16 +0200)]
virtio: merge virtio_queue_aio_set_host_notifier_handler with virtio_queue_set_aio
Eliminating the reentrancy is actually a nice thing that we can do
with the API that Michael proposed, so let's make it first class.
This also hides the complex assign/set_handler conventions from
callers of virtio_queue_aio_set_host_notifier_handler, which in
fact was always called with assign=true.
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Paolo Bonzini [Wed, 6 Apr 2016 10:16:27 +0000 (12:16 +0200)]
virtio-scsi: use aio handler for data plane
In addition to handling IO in vcpu thread and in io thread, dataplane
introduces yet another mode: handling it by AioContext.
This reuses the same handler as previous modes, which triggers races as
these were not designed to be reentrant. Use a separate handler just
for aio, and disable regular handlers when dataplane is active.
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
In addition to handling IO in vcpu thread and in io thread, dataplane
introduces yet another mode: handling it by AioContext.
This reuses the same handler as previous modes, which triggers races as
these were not designed to be reentrant. Use a separate handler just
for aio, and disable regular handlers when dataplane is active.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
In addition to handling IO in vcpu thread and in io thread, blk dataplane
introduces yet another mode: handling it by AioContext.
Currently, this reuses the same handler as previous modes,
which triggers races as these were not designed to be reentrant.
Add instead a separate handler just for aio; this will make
it possible to disable regular handlers when dataplane is active.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Paolo Bonzini [Wed, 6 Apr 2016 10:16:24 +0000 (12:16 +0200)]
virtio-scsi: fix disabled mode
Add two missing checks for s->dataplane_fenced. In one case, QEMU
would skip injecting an IRQ due to a write to an uninitialized
EventNotifier's file descriptor.
In the second case, the dataplane_disabled field was used by mistake;
in fact after fixing this occurrence it is completely unused.
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Paolo Bonzini [Wed, 6 Apr 2016 10:16:23 +0000 (12:16 +0200)]
virtio-blk: fix disabled mode
We must not call virtio_blk_data_plane_notify if dataplane is
disabled: we would hit a segmentation fault in notify_guest_bh as
s->guest_notifier has not been setup and is NULL.
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Paolo Bonzini [Wed, 6 Apr 2016 10:16:22 +0000 (12:16 +0200)]
virtio: make virtio_queue_notify_vq static
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Newer iasl does not add the aml file name to the Definition Block.
See acpica tools commit 1ecbb3d5:
"Emit the AMLFilename as a zero-length string. Allows the compiler to create
the name later -- making it easier to rename the parent ASL (DSL) file."
That causes an assert in acpi tests:
tests/bios-tables-test.c:455:normalize_asl: assertion failed: (block_name)
Fix it by striping the start of the definition block line until the first comma.
The block name is always the first parameter and
the grammar does not allow comma in between, so it is safe.
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Pavel Butsykin [Tue, 29 Mar 2016 14:00:49 +0000 (17:00 +0300)]
virtio-balloon: reset the statistic timer to load device
If before loading snapshot we had set the timer of statistics, then after
applying snapshot the expiry time would be irrelevant for the restored
state of the virtual clocks. A simple fix is just to restart the timer
after loading snapshot.
For the user it may look like a long delay of statistics update after switch
to the snapshot.
Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Reviewed-by: Roman Kagan <rkagan@virtuozzo.com> Signed-off-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The i82801b11 bridge didn't have a vmsd and thus didn't send
any migration data, including that of its parent PCIBridge object.
The symptom being if the guest used any devices behind the bridge
the guest crashed (mostly with various interrupt related issues).
Note: This will cause migration from old qemus that used this device to
explicitly fail during migration as opposed to the guest crashing.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Suggested-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Entries are inserted in filename order instead of being
appended to the end in case sorting is enabled.
This will avoid any future issues of moving the file creation
around, it doesn't matter what order they are created now,
the will always be in filename order.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Added machine type handling for compatibility. This was
a fairly complex change, this will preserve the order of fw_cfg
for older versions no matter what order the firmware files
actually come in. A list is kept of the correct legacy order
and the entries will be inserted based upon their order in
the list. Except that some entries are ordered (in a specific
area of the list) based upon what order they appear on the
command line. Special handling is added for those entries.
Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
qga: Workaround for console redirection from non-interactive qemu-ga service
mingw-glib uses helper process to assist gspawn() api. There are two
versions of helpers, one with main() and another with WinMain() startup
routines.
Whenever gspawn() detects consoleless environment (and qemu-ga is running
in such environment as Win32 service), it chooses helper with main()
instead of WinMain. It is done by name, e.g.
gspawn-win32-helper-console.exe vs gspawn-win32-helper.exe
Running console-aware application like any win32 console apps from main()
crt initalized process results in redirection of stdout to console created
in crt startup instead of parent-provided handle connected to subprocess
pipe. Thus, stdout/stderr redirection do not work correctly.
The patch makes WinMain()'s version of helper be used as the only helper
shipped with qemu-ga package. Using only win32 helper ensures console
is created before any redirection and fixes stdout/stderr redirection
issue.
Signed-off-by: Yuri Pudgorodskiy <yur@virtuozzo.com> Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Yuriy Pudgorodskiy <yur@virtuozzo.com> Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Michael Roth <mdroth@linux.vnet.ibm.com>
* squashed in g_io_channel_shutdown() to match cleanup paths for
input/output Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Thu, 7 Apr 2016 11:15:33 +0000 (12:15 +0100)]
Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging
slirp updates
# gpg: Signature made Thu 07 Apr 2016 12:02:23 BST using RSA key ID FB6B2F1D
# gpg: Good signature from "Samuel Thibault <samuel.thibault@gnu.org>"
# gpg: aka "Samuel Thibault <sthibault@debian.org>"
# gpg: aka "Samuel Thibault <samuel.thibault@inria.fr>"
# gpg: aka "Samuel Thibault <samuel.thibault@labri.fr>"
# gpg: aka "Samuel Thibault <samuel.thibault@ens-lyon.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 900C B024 B679 31D4 0F82 304B D017 8C76 7D06 9EE6
# Subkey fingerprint: F632 74CD C630 0873 CB3D 29D9 E3E5 1CE8 FB6B 2F1D
* remotes/thibault/tags/samuel-thibault:
slirp: handle deferred ECONNREFUSED on non-blocking TCP sockets
slirp: Propagate host TCP RST to the guest.
slirp: avoid use-after-free in slirp_pollfds_poll() if soread() returns an error
slirp: don't crash when tcp_sockclosed() is called with a NULL tp
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Steven Luo [Thu, 7 Apr 2016 05:04:55 +0000 (22:04 -0700)]
slirp: handle deferred ECONNREFUSED on non-blocking TCP sockets
slirp currently only handles ECONNREFUSED in the case where connect()
returns immediately with that error; since we use non-blocking sockets,
most of the time we won't receive the error until we later try to read
from the socket. Ensure that we deliver the appropriate RST to the
guest in this case.
Signed-off-by: Steven Luo <steven+qemu@steven676.net> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
When the host aborts (RST) its side of a TCP connection we need to
propagate that RST to the guest. The current code can leave such guest
connections dangling forever. Spotted by Jason Wessel.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
[steven@steven676.net: coding style adjustments] Signed-off-by: Steven Luo <steven+qemu@steven676.net> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Peter Maydell [Thu, 7 Apr 2016 09:14:41 +0000 (10:14 +0100)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Wed 06 Apr 2016 03:21:19 BST using RSA key ID 398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
filter-buffer: fix segfault when starting qemu with status=off property
rtl8139: using CP_TX_OWN for ownership transferring during tx
net: fix OptsVisitor memory leak
net: Allocating Large sized arrays to heap
util: Improved qemu_hexmap() to include an ascii dump of the buffer
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Steven Luo [Thu, 7 Apr 2016 05:04:32 +0000 (22:04 -0700)]
slirp: avoid use-after-free in slirp_pollfds_poll() if soread() returns an error
Samuel Thibault pointed out that it's possible that slirp_pollfds_poll()
will try to use a socket even after soread() returns an error, resulting
in an use-after-free if the socket was removed while handling the error.
Avoid this by refusing to continue to work with the socket in this case.
Signed-off-by: Steven Luo <steven+qemu@steven676.net> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Steven Luo [Thu, 7 Apr 2016 05:04:21 +0000 (22:04 -0700)]
slirp: don't crash when tcp_sockclosed() is called with a NULL tp
Signed-off-by: Steven Luo <steven+qemu@steven676.net> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
filter-buffer: fix segfault when starting qemu with status=off property
After commit 338d3f, we support 'status' property for filter object.
The segfault can be triggered by starting qemu with 'status=off' property
for filter, when the s->incoming_queue is NULL, we reference it directly
in qemu_net_queue_flush() which was called in status_changed() callback
function.
We shouldn't trigger status_changed() before the filter was initialized,
We can check the value of 'nf->netdev' to confirm if the filter is
initialized or not, so let's check its value before calling
status_changed().
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Paolo Bonzini [Thu, 31 Mar 2016 14:28:56 +0000 (16:28 +0200)]
net: fix OptsVisitor memory leak
Fixes 96a1616("qapi-dealloc: Reduce use outside of generated code") Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Pooja Dhannawat [Mon, 28 Mar 2016 12:34:11 +0000 (18:04 +0530)]
net: Allocating Large sized arrays to heap
nc_sendv_compat has a huge stack usage of 69680 bytes approx.
Moving large arrays to heap to reduce stack usage.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Pooja Dhannawat <dhannawatpooja1@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Isaac Lozano [Fri, 25 Mar 2016 10:42:15 +0000 (03:42 -0700)]
util: Improved qemu_hexmap() to include an ascii dump of the buffer
qemu_hexdump() in util/hexdump.c has been changed to give also include a
ascii dump of the buffer. Also, calls to hex_dump() in net/net.c have
been replaced with calls to qemu_hexdump(). This takes care of two misc
BiteSized Tasks.
Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Isaac Lozano <109lozanoi@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
James Hogan [Fri, 1 Apr 2016 14:49:39 +0000 (15:49 +0100)]
tcg/mips: Fix type of tcg_target_reg_alloc_order[]
The MIPS TCG backend is the only one to have
tcg_target_reg_alloc_order[] elements of type TCGReg rather than int.
This resulted in commit 91478cefaaf2 ("tcg: Allocate indirect_base
temporaries in a different order") breaking the build on MIPS since the
type differed from indirect_reg_alloc_order[]:
tcg/tcg.c:1725:44: error: pointer type mismatch in conditional expression [-Werror]
order = rev ? indirect_reg_alloc_order : tcg_target_reg_alloc_order;
^
Make it an array of ints to fix the build and match other architectures.
Fixes: 91478cefaaf2 ("tcg: Allocate indirect_base temporaries in a different order") Signed-off-by: James Hogan <james.hogan@imgtec.com> Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Message-Id: <1459522179-6584-1-git-send-email-james.hogan@imgtec.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
Ed Maste [Tue, 5 Apr 2016 14:46:33 +0000 (10:46 -0400)]
bsd-user: Suppress gcc 4.x -Wpointer-sign (included in -Wall) warning
This is the same change as b55266b5 in linux-user.
Signed-off-by: Ed Maste <emaste@freebsd.org>
Message-id: 1459867593-72017-1-git-send-email-emaste@freebsd.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Ed Maste <emaste@freebsd.org>
Message-id: 1459864881-71319-1-git-send-email-emaste@freebsd.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 5 Apr 2016 16:03:32 +0000 (17:03 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches for 2.6
# gpg: Signature made Tue 05 Apr 2016 16:32:25 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream:
crypto: Avoid memory leak on failure
qemu-iotests: 149: Use "/usr/bin/env python"
block: Forbid I/O throttling on nodes with multiple parents for 2.6
block: forbid x-blockdev-del from acting on DriveInfo
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Blake [Fri, 1 Apr 2016 15:57:02 +0000 (09:57 -0600)]
crypto: Avoid memory leak on failure
Commit 7836857 introduced a memory leak due to invalid use of
Error vs. visit_type_end(). If visiting the intermediate
members fails, we clear the error and unconditionally use
visit_end_struct() on the same error object; but if that
cleanup succeeds, we then skip the qapi_free call.
Until a later patch adds visit_check_struct(), the only safe
approach is to use two separate error objects.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-id: 1459526222-30052-1-git-send-email-eblake@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
Peter Maydell [Tue, 5 Apr 2016 10:53:53 +0000 (11:53 +0100)]
Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-04-05-1' into staging
Merge QCrypto fixes 2016/04/05 v1
# gpg: Signature made Tue 05 Apr 2016 10:53:59 BST using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
* remotes/berrange/tags/pull-qcrypto-2016-04-05-1:
crypto: fix nettle config check for running pbkdf test
crypto: fix typo in docs for secret object type
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
# gpg: Signature made Tue 05 Apr 2016 10:47:49 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
* remotes/bonzini/tags/for-upstream:
net: fix missing include of qapi/error.h in netmap.c
nbd: Fix poor debug message
include/qemu/atomic: add compile time asserts
cpus: don't use atomic_read for vm_clock_warp_start
nbd: don't request FUA on FLUSH
doc/memory: update MMIO section
char: ensure all clients are in non-blocking mode
char: fix broken EAGAIN retry on OS-X due to errno clobbering
util: retry getaddrinfo if getting EAI_BADFLAGS with AI_V4MAPPED
checkpatch: add target_ulong to typelist
target-i386: assert that KVM_GET/SET_MSRS can set all requested MSRs
target-i386: do not pass MSR_TSC_AUX to KVM ioctls if CPUID bit is not set
memory: fix segv on qemu_ram_free(block=0x0)
target-i386/kvm: Hyper-V VMBus hypercalls blank handlers
update Linux headers to 4.6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
crypto: fix nettle config check for running pbkdf test
The pbkdf test is being built based on a check for CONFIG_NETTLE.
As of fff2f982ab6ac0dd2b641d30303f72270a019f28, it should be
instead checking CONFIG_NETTLE_KDF
Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Tested-by: Bruce Rogers <brogers@suse.com> Tested-by: Ed Maste <emaste@freebsd.org> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
net: fix missing include of qapi/error.h in netmap.c
The netmap.c file fails to build on FreeBSD with
net/netmap.c:95:9: warning: implicit declaration of function 'error_setg_errno' is invalid in C99 [-Wimplicit-function-declaration]
error_setg_errno(errp, errno, "Failed to nm_open() %s",
^
net/netmap.c:432:9: warning: implicit declaration of function 'error_propagate' is invalid in C99 [-Wimplicit-function-declaration]
error_propagate(errp, err);
^
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1459429690-6144-1-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eric Blake [Thu, 31 Mar 2016 21:20:21 +0000 (15:20 -0600)]
nbd: Fix poor debug message
The client sends messages to the server, not itself.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459459222-8637-3-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Alex Bennée [Mon, 4 Apr 2016 14:35:49 +0000 (15:35 +0100)]
include/qemu/atomic: add compile time asserts
To be safely portable no atomic access should be trying to do more than
the natural word width of the host. The most common abuse is trying to
atomically access 64 bit values on a 32 bit host.
This patch adds some QEMU_BUILD_BUG_ON to the __atomic instrinsic paths
to create a build failure if (sizeof(*ptr) > sizeof(void *)).
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <1459780549-12942-3-git-send-email-alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Alex Bennée [Mon, 4 Apr 2016 14:35:48 +0000 (15:35 +0100)]
cpus: don't use atomic_read for vm_clock_warp_start
As vm_clock_warp_start is a 64 bit value this causes problems for the
compiler trying to come up with a suitable atomic operation on 32 bit
hosts. Because the variable is protected by vm_clock_seqlock, we check its
value inside a seqlock critical section.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <1459780549-12942-2-git-send-email-alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eric Blake [Fri, 1 Apr 2016 16:08:22 +0000 (10:08 -0600)]
nbd: don't request FUA on FLUSH
The NBD protocol does not clearly document what will happen
if a client sends NBD_CMD_FLAG_FUA on NBD_CMD_FLUSH.
Historically, both the qemu and upstream NBD servers silently
ignored that flag, but that feels a bit risky. Meanwhile, the
qemu NBD client unconditionally sends the flag (without even
bothering to check whether the caller cares; at least with
NBD_CMD_WRITE the client only sends FUA if requested by a
higher layer).
There is ongoing discussion on the NBD list to fix the
protocol documentation to require that the server MUST ignore
the flag (unless the kernel folks can better explain what FUA
means for a flush), but until those doc improvements land, the
current nbd.git master was recently changed to reject the flag
with EINVAL (see nbd commit ab22e082), which now makes it
impossible for a qemu client to use FLUSH with an upstream NBD
server.
We should not send FUA with flush unless the upstream protocol
documents what it will do, and even then, it should be something
that the caller can opt into, rather than being unconditional.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1459526902-32561-1-git-send-email-eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cao jin [Fri, 1 Apr 2016 10:47:57 +0000 (18:47 +0800)]
doc/memory: update MMIO section
There is no memory_region_io(). And remove a stray '-'.
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Message-Id: <1459507677-16662-1-git-send-email-caoj.fnst@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Only some callers of tcp_chr_new_client are putting the
socket client into non-blocking mode. Move the call to
qio_channel_set_blocking() into the tcp_chr_new_client
method to guarantee that all code paths set non-blocking
mode
Reported-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Reported-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1458324041-22709-1-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
char: fix broken EAGAIN retry on OS-X due to errno clobbering
Some of the chardev I/O paths really want to write the
complete data buffer even though the channel is in
non-blocking mode. To achieve this they look for EAGAIN
and g_usleep() for 100ms. Unfortunately the code is set
to check errno == EAGAIN a second time, after the g_usleep()
call has completed. On OS-X at least, g_usleep clobbers
errno to ETIMEDOUT, causing the retry to be skipped.
This failure to retry means the full data isn't written
to the chardev backend, which causes various failures
including making the tests/ahci-test qtest hang.
Rather than playing games trying to reset errno just
simplify the code to use a goto to retry instead of a
a loop.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1459438168-8146-2-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
util: retry getaddrinfo if getting EAI_BADFLAGS with AI_V4MAPPED
The FreeBSD header files define the AI_V4MAPPED but its
implementation of getaddrinfo() always returns an error
when that flag is set. eg
address resolution failed for localhost:9000: Invalid value for ai_flags
There are also reports of the same problem on OS-X 10.6
Since AI_V4MAPPED is not critical functionality, if we
get an EAI_BADFLAGS error then just retry without the
AI_V4MAPPED flag set. Use a static var to cache this
status so we don't have to retry on every single call.
Also remove its use from the test suite since it serves
no useful purpose there.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1459786920-15961-1-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In some occasions, a patch [1] can start with a hunk containing a
simple type cast. At the time annotate_values() is run, the type is
unknown and the cast type is misinterpreted as a identifier, resulting
in an error if it is followed with a negative value:
ERROR: spaces required around that '-' (ctx:WxV)
It seems complex to catch all possible types in a cast expression. So,
as a fallback solution, let's add some common qemu types to the
typeList array.
Paolo Bonzini [Wed, 30 Mar 2016 20:47:47 +0000 (22:47 +0200)]
target-i386: do not pass MSR_TSC_AUX to KVM ioctls if CPUID bit is not set
KVM does not let you read or write this MSR if the corresponding CPUID
bit is not set. This in turn causes MSRs that come after MSR_TSC_AUX
to be ignored by KVM_SET_MSRS.
One visible symptom is that s3.flat from kvm-unit-tests fails with
CPUs that do not have RDTSCP, because the SMBASE is not reset to
0x30000 after reset.
Fixes: c9b8f6b6210847b4381c5b2ee172b1c7eb9985d6 Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Since f1060c55bf1377b4, the pointer is directly passed to
qemu_ram_free(). However, on initialization failure, it may be called
with a NULL pointer. Return immediately in this case.
This fixes a SEGV when memory initialization failed, for example
permission denied on open backing store /dev/hugepages, with -object
memory-backend-file,mem-path=/dev/hugepages.
Program received signal SIGSEGV, Segmentation fault.
0x00005555556e67e7 in qemu_ram_free (block=0x0) at /home/elmarco/src/qemu/exec.c:1775
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1459250451-29984-1-git-send-email-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Add Hyper-V VMBus hypercalls blank handlers which
just returns error code - HV_STATUS_INVALID_HYPERCALL_CODE.
This is required when the synthetic interrupt controller is
active.
Fixes: 50efe82c3c27195162dd8df273eadd77d8aecad3 Signed-off-by: Andrey Smetanin <asmetanin@virtuozzo.com> Reviewed-by: Roman Kagan <rkagan@virtuozzo.com> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Richard Henderson <rth@twiddle.net> CC: Eduardo Habkost <ehabkost@redhat.com> CC: "Andreas Färber" <afaerber@suse.de> CC: Marcelo Tosatti <mtosatti@redhat.com> CC: Roman Kagan <rkagan@virtuozzo.com> CC: Denis V. Lunev <den@openvz.org> CC: kvm@vger.kernel.org
Message-Id: <1456309368-29769-2-git-send-email-asmetanin@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Tue, 5 Apr 2016 09:40:54 +0000 (10:40 +0100)]
Merge remote-tracking branch 'remotes/stsquad/tags/travis-pull-05042016' into staging
This pull request includes:
- further collapse of the build matrix
- enabling MacOSX in the build
- make -j3 change
Other pending updates are deferred for later in the cycle.
# gpg: Signature made Tue 05 Apr 2016 10:11:25 BST using RSA key ID 5A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>"
* remotes/stsquad/tags/travis-pull-05042016:
.travis.yml: make -j3
.travis.yml: enable OSX builds
.travis.yml: collapse the test matrix
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Tue, 22 Mar 2016 12:22:27 +0000 (12:22 +0000)]
.travis.yml: make -j3
The move from Travis VMs to Containers came with a upgrade from 1.5
cores to 2. The received wisdom is -j N+1 means a core can be doing work
while other threads wait for IO to complete. This is hard to test on the
Travis infrastructure but an initial before/after eyeballing seems to
confirm it is an improvement.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Alex Bennée [Mon, 21 Mar 2016 19:54:57 +0000 (19:54 +0000)]
.travis.yml: enable OSX builds
Travis has support for OSX builds. Making the setup work cleanly
involves a little hacking about with the .travis.yml file but rather
than make it too messy I've pushed all the "brew" install stuff into a
support script called ./scripts/macosx-brew.sh.
Currently only the default ./configure ${CONFIG} is built as I'm not
sure what extra coverage would come from the other build stanzas.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Tue, 15 Mar 2016 16:12:58 +0000 (16:12 +0000)]
.travis.yml: collapse the test matrix
Remove the concept of TARGETS and build the complete target list for
each config combination. Now the matrix is just based on CONFIG stanzas
and we use the additional stuff for:
- things that only work on one compiler (sparse, gcov, gprof)
- combos where "make check" fails
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Peter Maydell [Tue, 5 Apr 2016 08:32:35 +0000 (09:32 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.6-20160405' into staging
ppc patch queue for 2016-03-24
Three bugfixes for target-ppc, pseries machine type and related devices.
1. Fix a bug in the core code where kvm_vcpu_dirty would not be set
before the very first system reset. This meant that if things in
the reset path did their own cpu_synchronize_state() it would pull
stale data out of KVM.
On ppc this, in combination with a previous cleanup meant that the
MSR would be zeroed before entry, instead of correctly having the
SF (64-bit mode) bit set.
2. Allow immediate detach of hot-added PCI devices which haven't yet
been announced to the guest.
This fixes a regression: because of a case where we now defer
announcement of non-zero functions to the guest, an incorrect
hot-add of such a device can't be backed out until the add is
completed, which is counter-intuitive to say the least.
3. Fix migration of alternate interrupt locations. The location of
interrupt vectors can be affected by the LPCR, and we weren't
correctly recalculating this after migration of a non-standard LPCR
value.
# gpg: Signature made Tue 05 Apr 2016 03:13:41 BST using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392
* remotes/dgibson/tags/ppc-for-2.6-20160405:
vl: Move cpu_synchronize_all_states() into qemu_system_reset()
spapr_drc: enable immediate detach for unsignalled devices
ppc: Rework POWER7 & POWER8 exception model
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Kevin Wolf [Mon, 4 Apr 2016 15:11:13 +0000 (17:11 +0200)]
block: Forbid I/O throttling on nodes with multiple parents for 2.6
As the patches to move I/O throttling to BlockBackend didn't make it in
time for the 2.6 release, but the release adds new ways of configuring
VMs whose behaviour would change once the move is done, we need to
outlaw such configurations temporarily.
The problem exists whenever a BDS has more users than just its BB, for
example it is used as a backing file for another node. (This wasn't
possible in 2.5 yet as we introduced node references to specify a
backing file only recently.) In these cases, the throttling would
apply to these other users now, but after moving throttling to the
BlockBackend the other users wouldn't be throttled any more.
This patch prevents making new references to a throttled node as well as
using monitor commands to throttle a node with multiple parents.
Compared to 2.5 this changes behaviour in some corner cases where
references were allowed before, like bs->file or Quorum children. It
seems reasonable to assume that users didn't use I/O throttling on such
low level nodes. With the upcoming move of throttling into BlockBackend,
such configurations won't be possible anyway.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
David Gibson [Mon, 4 Apr 2016 08:42:36 +0000 (18:42 +1000)]
vl: Move cpu_synchronize_all_states() into qemu_system_reset()
There are currently 3 calls to qemu_system_reset() in vl.c. Two of them
are immediately preceded by a cpu_synchronize_all_states9) and the
remaining one should be.
The one which doesn't is the very first reset called directly from main().
Without a cpu_synchronize_all_states(), kvm_vcpu_dirty is false at this
point from the earlier cpu_synchronize_all_post_init(). That's incorrect
because the reset path is quite likely to update the CPU state, and that
updated state should be pushed back to KVM, not overwritten with stale
data pushed to KVM immediately after init.
This patch moves the call to cpu_synchronize_all_states() into
qemu_system_reset() for safety, so it is always called. AFAICT this should
be safe for the handful of callers outside vl.c - these all appear to be in
places where the cpu state is already synchronized so the extra call
will be a no-op.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Tested-by: Laurent Vivier <lvivier@redhat.com>
Michael Roth [Thu, 31 Mar 2016 22:27:37 +0000 (17:27 -0500)]
spapr_drc: enable immediate detach for unsignalled devices
Currently spapr doesn't support "aborting" hotplug of PCI
devices by allowing device_del to immediately remove the
device if we haven't signalled the presence of the device
to the guest.
In the past this wasn't an issue, since we always immediately
signalled device attach and simply relied on full guest-aware
add->remove path for device removal. However, as of 788d259,
we now defer signalling for PCI functions until function 0
is attached, so now we need to deal with these "abort" operations
for cases where a user hotplugs a non-0 function, then opts to
remove it prior hotplugging function 0. Currently they'd have to
reboot before the unplug completed. PCIe multifunction hotplug
does not have this requirement however, so from a management
implementation perspective it would be good to address this within
the same release as 788d259.
We accomplish this by simply adding a 'signalled' flag to track
whether a device hotplug event has been sent to the guest. If it
hasn't, we allow immediate removal under the assumption that the
guest will not be using the device. Devices present at boot/reset
time are also assumed to be 'signalled'.
For CPU/memory/etc, signalling will still happen immediately
as part of device_add, so only PCI functions should be affected.
Cc: bharata@linux.vnet.ibm.com Cc: david@gibson.dropbear.id.au Cc: sbhat@linux.vnet.ibm.com Cc: qemu-ppc@nongnu.org Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
[dwg: This fixes a regression where an incorrect hot-add of a non-zero
function can no longer be backed out until function 0 is added] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
This patch fixes the current AIL implementation for POWER8. The
interrupt vector address can be calculated directly from LPCR when the
exception is handled. The excp_prefix update becomes useless and we
can cleanup the H_SET_MODE hcall.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[clg: Removed LPES0/1 handling for HV vs. !HV
Fixed LPCR_ILE case for POWERPC_EXCP_POWER8 ] Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
[dwg: This was written as a cleanup, but it also fixes a real bug
where setting an alternative interrupt location would not be
correctly migrated] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Peter Maydell [Mon, 4 Apr 2016 16:43:39 +0000 (17:43 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160404' into staging
target-arm queue:
* bcm2836: wire up CPU timer interrupts correctly
* linux-user: ignore EXCP_YIELD in ARM cpu_loop()
* target-arm: correctly reset SCTLR_EL3
* target-arm: remove incorrect ALIAS tags from ESR_EL2 and ESR_EL3
* target-arm: make the 64-bit version of VTCR do the migration
# gpg: Signature made Mon 04 Apr 2016 17:42:16 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg: aka "Peter Maydell <pmaydell@gmail.com>"
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
* remotes/pmaydell/tags/pull-target-arm-20160404:
target-arm: Make the 64-bit version of VTCR do the migration
target-arm: Remove incorrect ALIAS tags from ESR_EL2 and ESR_EL3
target-arm: Correctly reset SCTLR_EL3 for 64-bit CPUs
linux-user: arm: Handle (ignore) EXCP_YIELD in ARM cpu_loop()
hw/arm/bcm2836: Wire up CPU timer interrupts correctly
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 4 Apr 2016 16:33:52 +0000 (17:33 +0100)]
target-arm: Make the 64-bit version of VTCR do the migration
Move the ALIAS tag from VTCR_EL2 to VTCR so that we migrate the
64-bit version, as is usual. (This has no particular effect now
unless the guest wrote to the high RES0 bits of VTCR_EL2.)
Add a comment about why it's OK that we don't have the various
accessor functions that the EL1 TCR regdefs do.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Sergey Fedorov <sergey.fedorov@linaro.org>
Message-id: 1459435778-5526-4-git-send-email-peter.maydell@linaro.org
Peter Maydell [Mon, 4 Apr 2016 16:33:51 +0000 (17:33 +0100)]
target-arm: Remove incorrect ALIAS tags from ESR_EL2 and ESR_EL3
The regdefs for the ESR_EL2 and ESR_EL3 system registers should not
be marked as ARM_CP_ALIAS, because these are the master copies; the
DFSR regdef in vmsa_pmsa_cp_reginfo[] is marked as an alias.
Remove the ALIAS tags so that these registers are correctly migrated.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Sergey Fedorov <sergey.fedorov@linaro.rog>
Message-id: 1459435778-5526-3-git-send-email-peter.maydell@linaro.org
Peter Maydell [Mon, 4 Apr 2016 16:33:51 +0000 (17:33 +0100)]
target-arm: Correctly reset SCTLR_EL3 for 64-bit CPUs
The regdef for SCTRL_EL3 was incorrectly marked as being an
ARM_CP_ALIAS, with the remark that this was because the 32-bit
definition would take care of reset and migration. However the
intention for banked registers as documented in the comment in
add_cpreg_to_hashtable() is:
* 2) If ARMv8 is enabled then we can count on a 64-bit version
* taking care of the secure bank. This requires that separate
* 32 and 64-bit definitions are provided.
and so it marks the 32-bit secure banked version as an alias.
This results in the sctlr_s/sctlr_el[3] field never being reset
or migrated for a 64-bit CPU with EL3 enabled.
Fix this by removing the ARM_CP_ALIAS annotation from SCTLR_EL3.
Since this means it now needs a real reset value, move the regdef
into the same place that we define the 32-bit SCTLR.
Peter Maydell [Mon, 4 Apr 2016 16:33:51 +0000 (17:33 +0100)]
linux-user: arm: Handle (ignore) EXCP_YIELD in ARM cpu_loop()
The new-in-ARMv8 YIELD instruction has been implemented to throw
an EXCP_YIELD back up to the QEMU main loop. In system emulation
we use this to decide to schedule a different guest CPU in SMP
configurations. In usermode emulation there is nothing to do,
so just ignore it and resume the guest.
This prevents an abort with "unhandled CPU exception 0x10004"
if the guest process uses the YIELD instruction.
Reported-by: Hunter Laux <hunterlaux@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1456833171-31900-1-git-send-email-peter.maydell@linaro.org
Peter Maydell [Mon, 4 Apr 2016 16:33:51 +0000 (17:33 +0100)]
hw/arm/bcm2836: Wire up CPU timer interrupts correctly
Wire up the CPU timer interrupts in the right order, with the
nonsecure physical timer on cntpnsirq, the hyp timer on cnthpirq,
and the secure physical timer on cntpsirq. (We did get the
virt timer right, at least.)
Reported-by: Antonio Huete Jiménez <tuxillo@quantumachine.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1458210790-6621-1-git-send-email-peter.maydell@linaro.org
Ed Maste [Mon, 4 Apr 2016 14:58:23 +0000 (10:58 -0400)]
bsd-user: add necessary includes to fix warnings
Signed-off-by: Ed Maste <emaste@freebsd.org>
Message-id: 1459781903-64465-1-git-send-email-emaste@freebsd.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
net: fix missing include of qapi/error.h in netmap.c
The netmap.c file fails to build on FreeBSD with
net/netmap.c:95:9: warning: implicit declaration of function 'error_setg_errno' is invalid in C99 [-Wimplicit-function-declaration]
error_setg_errno(errp, errno, "Failed to nm_open() %s",
^
net/netmap.c:432:9: warning: implicit declaration of function 'error_propagate' is invalid in C99 [-Wimplicit-function-declaration]
error_propagate(errp, err);
^
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1459429690-6144-1-git-send-email-berrange@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / mirror_qemu.git / log