Peter Maydell [Mon, 23 Jul 2018 17:37:39 +0000 (18:37 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches:
- vvfat: Disable debug message by default
- qemu-iotests fixes
- Fix typos in comments
# gpg: Signature made Mon 23 Jul 2018 17:44:40 BST
# gpg: using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream:
block/vvfat: Disable debug message by default
iotests: Disallow compat=0.10 in 223
iotest: Fix filtering order in 226
iotests: remove LUKS support from test 226
qemu-img: avoid overflow of min_sparse parameter
block: Fix typos in comments (found by codespell)
qemu-iotests: Use host_device instead of file in 149
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When host vector registers and operations were introduced, I failed
to mark the registers call clobbered as required by the ABI.
Fixes: 770c2fc7bb7 Cc: qemu-stable@nongnu.org Reported-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Rename DCACHE to DATA_CACHE and ICACHE to INSTRUCTION_CACHE.
This avoids conflict with Linux asm/cachectl.h macros and fixes
build failure on mips hosts.
Reported-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20180717194010.30096-1-ehabkost@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Acked-by: Aleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: Babu Moger <babu.moger@amd.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Peter Maydell [Mon, 23 Jul 2018 15:15:24 +0000 (16:15 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180723' into staging
target-arm queue:
* spitz, exynos: fix bugs when introspecting some devices
* hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc'
* target/arm: Correctly handle overlapping small MPU regions
* hw/sd/bcm2835_sdhost: Fix PIO mode writes
* remotes/pmaydell/tags/pull-target-arm-20180723:
hw/intc/exynos4210_gic: Turn instance_init into realize function
hw/arm/spitz: Move problematic nand_init() code to realize function
target/arm: Correctly handle overlapping small MPU regions
hw/sd/bcm2835_sdhost: Fix PIO mode writes
hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc'
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Thomas Huth [Wed, 18 Jul 2018 15:08:29 +0000 (17:08 +0200)]
block/vvfat: Disable debug message by default
It's annoying to see this debug message every time you use vvfat.
Disable it with the DLOG() macro by default, as it is done with the
other debug messages in this file.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Max Reitz [Fri, 13 Jul 2018 19:15:06 +0000 (21:15 +0200)]
iotests: Disallow compat=0.10 in 223
223 tests persistent dirty bitmaps which are not supported in
compat=0.10, so that option is unsupported for this test.
Signed-off-by: Max Reitz <mreitz@redhat.com> Tested-by: John Snow <jsnow@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Max Reitz [Fri, 13 Jul 2018 19:41:00 +0000 (21:41 +0200)]
iotest: Fix filtering order in 226
The test directory should be filtered before the image format, otherwise
the test will fail if the image format is part of the test directory,
like so:
[...]
-can't open: Could not open 'TEST_DIR/t.IMGFMT': Is a directory
+can't open: Could not open '/tmp/test-IMGFMT/t.IMGFMT': Is a directory
[...]
Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
John Snow [Fri, 13 Jul 2018 17:37:21 +0000 (13:37 -0400)]
iotests: remove LUKS support from test 226
This test doesn't actually care about the format anyway, it just
supports "all formats" as a convenience. LUKS however does not use a
simple image filename which confuses this iotest.
We can simply skip the test for formats that use IMGOPTSSYNTAX for
their filenames without missing much coverage.
Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Peter Lieven [Fri, 13 Jul 2018 07:15:39 +0000 (09:15 +0200)]
qemu-img: avoid overflow of min_sparse parameter
the min_sparse convert parameter can overflow (e.g. -S 1024G)
in the conversion from int64_t to int resulting in a negative
min_sparse parameter. Avoid this by limiting the valid parameters
to sane values. In fact anything exceeding the convert buffer size
is also pointless. While at it also forbid values that are non
multiple of 512 to avoid undesired behaviour. For instance, values
between 1 and 511 were legal, but resulted in full allocation.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Weil [Thu, 12 Jul 2018 19:51:20 +0000 (21:51 +0200)]
block: Fix typos in comments (found by codespell)
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Fri, 13 Jul 2018 07:05:39 +0000 (09:05 +0200)]
qemu-iotests: Use host_device instead of file in 149
The test case uses block devices with driver=file, which causes the test
to fail after commit 230ff73904 added a deprecation warning for this.
Fix the test case to use driver=host_device and update the reference
output accordingly.
Thomas Huth [Mon, 23 Jul 2018 14:21:27 +0000 (15:21 +0100)]
hw/intc/exynos4210_gic: Turn instance_init into realize function
The instance_init function of the "exynos4210.gic" device creates a
new "arm_gic" device and immediately realizes it with qdev_init_nofail().
This will leave a lot of object in the QOM tree during introspection of
the "exynos4210.gic" device, e.g. reproducible by starting QEMU like this:
And then by running "info qom-tree" at the HMP monitor, followed by
"device_add exynos4210.gic,help" and finally checking "info qom-tree"
again.
Also note that qdev_init_nofail() can exit QEMU in case of errors - and
this must never happen during an instance_init function, otherwise QEMU
could terminate unexpectedly during introspection of a device.
Since most of the code that follows the qdev_init_nofail() depends on
the realized "gicbusdev", the easiest solution to the problem is to
turn the whole instance_init function into a realize function instead.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1532337784-334-1-git-send-email-thuth@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Thomas Huth [Mon, 23 Jul 2018 14:21:26 +0000 (15:21 +0100)]
hw/arm/spitz: Move problematic nand_init() code to realize function
nand_init() does not only create the NAND device, it also realizes
the device with qdev_init_nofail() already. So we must not call
nand_init() from an instance_init function like sl_nand_init(),
otherwise we get superfluous NAND devices in the QOM tree after
introspecting the 'sl-nand' device. So move the nand_init() to the
realize function of 'sl-nand' instead.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1532006134-7701-1-git-send-email-thuth@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 23 Jul 2018 14:21:26 +0000 (15:21 +0100)]
target/arm: Correctly handle overlapping small MPU regions
To correctly handle small (less than TARGET_PAGE_SIZE) MPU regions,
we must correctly handle the case where the address being looked
up hits in an MPU region that is not small but the address is
in the same page as a small region. For instance if MPU region
1 covers an entire page from 0x2000 to 0x2400 and MPU region
2 is small and covers only 0x2200 to 0x2280, then for an access
to 0x2000 we must not return a result covering the full page
even though we hit the page-sized region 1. Otherwise we will
then cache that result in the TLB and accesses that should
hit region 2 will incorrectly find the region 1 information.
Check for the case where we miss an MPU region but it is still
within the same page, and in that case narrow the size we will
pass to tlb_set_page_with_attrs() for whatever the final
outcome is of the MPU lookup.
Reported-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180716133302.25989-1-peter.maydell@linaro.org
- A data interrupt must be generated after a write command has been
issued to indicate that the chip is ready to receive data.
- A block interrupt must be generated after each block to indicate
that the chip is ready to receive the next data block.
Rearrange the code to make this happen. Tested on raspi3 (in PIO mode)
and raspi2 (in DMA mode).
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 1531779837-20557-1-git-send-email-linux@roeck-us.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use the new object_initialize_child() and sysbus_init_child_obj() to
fix the issue.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1531839343-13828-1-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 23 Jul 2018 13:03:14 +0000 (14:03 +0100)]
Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-3.0-pull-request' into staging
Some ppc/ppc64 fixes:
- we can run now most of the targets on a ppc64 host with 64kB pages
- add swapcontext syscall to run tests/test-coroutine in
debian-powerpc-user-cross
Peter Xu [Fri, 20 Jul 2018 03:34:51 +0000 (11:34 +0800)]
monitor: Fix unsafe sharing of @cur_mon among threads
@cur_mon is null unless the main thread is running monitor code, either
HMP code within monitor_read(), or QMP code within
monitor_qmp_dispatch().
Use of @cur_mon outside the main thread is therefore unsafe.
Most of its uses are in monitor command handlers. These run in the main
thread.
However, there are also uses hiding elsewhere, such as in
error_vprintf(), and thus error_report(), making these functions unsafe
outside the main thread. No such unsafe uses are known at this time.
Regardless, this is an unnecessary trap. It's an ancient trap, though.
More recently, commit cf869d53172 "qmp: support out-of-band (oob)
execution" spiced things up: the monitor I/O thread assigns to @cur_mon
when executing commands out-of-band. Having two threads save, set and
restore @cur_mon without synchronization is definitely unsafe. We can
end up with @cur_mon null while the main thread runs monitor code, or
non-null while it runs non-monitor code.
We could fix this by making the I/O thread not mess with @cur_mon, but
that would leave the trap armed and ready.
Instead, make @cur_mon thread-local. It's now reliably null unless the
thread is running monitor code.
Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[peterx: update subject and commit message written by Markus] Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180720033451.32710-1-peterx@redhat.com>
qapi: Make 'allow-oob' optional in SchemaInfoCommand
Making 'allow-oob' optional in SchemaInfoCommand permits omitting it
in the common case. Shrinks query-qmp-schema's output from 122.1KiB
to 118.6KiB for me.
Note that out-of-band execution is still experimental (you have to
configure the monitor with x-oob=on to use it).
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180718090557.17248-1-armbru@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com>
Stefan Weil [Fri, 20 Jul 2018 21:25:09 +0000 (23:25 +0200)]
po: Don't include comments with location
Those comments change often when ui/gtk.c is changed and are not
really useful.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20180720212509.18339-1-sw@weilnetz.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When we try to use some targets on ppc64, it can happen the target
doesn't support the host page size to align ELF load sections and
fails with:
ELF load command alignment not page-aligned
Since commit a70daba3771 ("linux-user: Tell guest about big host
page sizes") the host page size is used to align ELF sections, but
this doesn't work if the alignment required by the load section is
smaller than the host one. For these cases, we continue to use the
TARGET_PAGE_SIZE instead of the host one.
I have tested this change on ppc64, and it fixes qemu linux-user for:
s390x, m68k, i386, arm, aarch64, hppa
and I have tested it doesn't break the following targets:
x86_64, mips64el, sh4
mips and mipsel abort, but I think for another reason.
Peter Maydell [Fri, 20 Jul 2018 09:00:08 +0000 (10:00 +0100)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Fri 20 Jul 2018 01:40:43 BST
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
tap: fix memory leak on success to create a tap device
e1000e: Prevent MSI/MSI-X storms
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Yunjian Wang [Thu, 31 May 2018 07:28:22 +0000 (15:28 +0800)]
tap: fix memory leak on success to create a tap device
The memory leak on success to create a tap device. And the nfds and
nvhosts may not be the same and need to be processed separately.
Fixes: 07825977 ("tap: fix memory leak on failure to create a multiqueue tap device") Fixes: 264986e2 ("tap: multiqueue support") Cc: qemu-stable@nongnu.org Signed-off-by: Yunjian Wang <wangyunjian@huawei.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Jan Kiszka [Thu, 5 Apr 2018 17:41:47 +0000 (19:41 +0200)]
e1000e: Prevent MSI/MSI-X storms
Only signal MSI/MSI-X events on rising edges. So far we re-triggered the
interrupt sources even if the guest did no consumed the pending one,
easily causing interrupt storms.
Issue was observable with Linux 4.16 e1000e driver when MSI-X was used.
Vector 2 was causing interrupt storms after the driver activated the
device.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
# gpg: Signature made Thu 19 Jul 2018 17:06:07 BST
# gpg: using RSA key 21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-pull-20180719:
spike: Fix crash when introspecting the device
riscv_hart: Fix crash when introspecting the device
virt: Fix crash when introspecting the device
sifive_u: Fix crash when introspecting the device
sifive_e: Fix crash when introspecting the device
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Thu, 19 Jul 2018 15:42:48 +0000 (16:42 +0100)]
tcg/aarch64: limit mul_vec size
In AdvSIMD we can only do 32x32 integer multiples although SVE is
capable of larger 64 bit multiples. As a result we can end up
generating invalid opcodes. Fix this by only reprting we can emit
mul vector ops if the size is small enough.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20180719154248.29669-1-alex.bennee@linaro.org>
[rth: Removed the tcg_debug_assert -- there are plenty of other
cases that we do not diagnose within the insn encoding helpers.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Alistair Francis [Tue, 17 Jul 2018 18:06:47 +0000 (11:06 -0700)]
spike: Fix crash when introspecting the device
Use the new object_initialize_child() and sysbus_init_child_obj() to
fix the issue.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Suggested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Michael Clark <mjc@sifive.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Alistair Francis [Tue, 17 Jul 2018 18:03:05 +0000 (11:03 -0700)]
riscv_hart: Fix crash when introspecting the device
Use the new object_initialize_child() and sysbus_init_child_obj() to
fix the issue.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Suggested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Michael Clark <mjc@sifive.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Alistair Francis [Mon, 16 Jul 2018 22:30:47 +0000 (15:30 -0700)]
virt: Fix crash when introspecting the device
Use the new object_initialize_child() and sysbus_init_child_obj() to
fix the issue.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Suggested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Michael Clark <mjc@sifive.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Alistair Francis [Mon, 16 Jul 2018 22:30:32 +0000 (15:30 -0700)]
sifive_u: Fix crash when introspecting the device
Use the new object_initialize_child() and sysbus_init_child_obj() to
fix the issue.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Suggested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Michael Clark <mjc@sifive.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Alistair Francis [Mon, 16 Jul 2018 22:29:01 +0000 (15:29 -0700)]
sifive_e: Fix crash when introspecting the device
Use the new object_initialize_child() and sysbus_init_child_obj() to
fix the issue.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Suggested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Michael Clark <mjc@sifive.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Yaowei Bai [Wed, 4 Jul 2018 03:17:27 +0000 (11:17 +0800)]
tracing: Use double-dash spelling for trace option
The '-trace' and '--trace' spellings are only both supported in qemu
binary, while for qemu-nbd or qemu-img only '--trace' spelling is
supported. So for the consistency of trace option invocation, we
should use double-dash spelling in our documentation.
This's also mentioned in
https://wiki.qemu.org/BiteSizedTasks#Consistent_option_usage_in_documentation
.
Signed-off-by: Yaowei Bai <baiyaowei@cmss.chinamobile.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1530674247-31200-1-git-send-email-baiyaowei@cmss.chinamobile.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 4 Jul 2018 14:54:10 +0000 (15:54 +0100)]
throttle-groups: fix hang when group member leaves
Throttle groups consist of members sharing one throttling state
(including bps/iops limits). Round-robin scheduling is used to ensure
fairness. If a group member already has a timer pending then other
groups members do not schedule their own timers. The next group member
will have its turn when the existing timer expires.
A hang may occur when a group member leaves while it had a timer
scheduled. Although the code carefully removes the group member from
the round-robin list, it does not schedule the next member. Therefore
remaining members continue to wait for the removed member's timer to
expire.
This patch schedules the next request if a timer is pending.
Unfortunately the actual bug is a race condition that I've been unable
to capture in a test case.
Sometimes drive2 hangs when drive1 is removed from the throttling group:
s390x/cpumodel: fix segmentation fault when baselining models
Usually, when baselining two CPU models, whereby one of them has base
CPU features disabled (e.g. z14-base,msa=off), we fallback to an older
model that did not have these features in the base model. We always try to
create a "sane" CPU model (as far as possible), and one part of it is that
removing base features is no good and to be avoided.
Now, if we disable base features that were part of a z900, we're out of
luck. We won't find a CPU model and QEMU will segfault. This is a
scenario that should never happen in real life, but it can be used to
crash QEMU.
So let's properly report an error if we baseline e.g.:
* remotes/bonzini/tags/for-upstream:
Document command line options with single dash
opts: remove redundant check for NULL parameter
i386: only parse the initrd_filename once for multiboot modules
i386: fix regression parsing multiboot initrd modules
virtio-scsi: fix hotplug ->reset() vs event race
qdev: add HotplugHandler->post_plug() callback
hw/char/serial: retry write if EAGAIN
PC Chipset: Improve serial divisor calculation
vhost-user-test: added proper TestServer *dest initialization in test_migrate()
hyperv: ensure VP index equal to QEMU cpu_index
hyperv: rename vcpu_id to vp_index
accel: Fix typo and grammar in comment
dump: add kernel_gs_base to QEMU CPU state
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
QEMU options have a single dash (but also work as double dash for
convenience and compatibility). Most options are listed with single
dash in command line help but some were listed with two dashes.
Normalize these to have the same format as the others.
Left --preconfig as that is mentioned as double dash everywhere so I
assume that is the preferred form for that.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20180716193312.A5BA17456B9@zero.eik.bme.hu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
No callers of get_opt_value() pass in a NULL for the "value" parameter,
so the check is redundant.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180514171913.17664-4-berrange@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Tested-by: Roman Kagan <rkagan@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
i386: only parse the initrd_filename once for multiboot modules
The multiboot code parses the initrd_filename twice, first to count how
many entries there are, and second to process each entry. This changes
the first loop to store the parse module names in a list, and the second
loop can now use these names. This avoids having to pass NULL to the
get_opt_value() method which means it can safely assume a non-NULL param.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180514171913.17664-3-berrange@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Tested-by: Roman Kagan <rkagan@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Causing the length to be undercounter, and the number of modules over
counted. It also passes NULL to get_opt_value() which was not robust
at accepting a NULL value.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20180514171913.17664-2-berrange@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Tested-by: Roman Kagan <rkagan@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Use the new object_initialize_child() and sysbus_init_child_obj()
functions to get the refernce counting of the child objects right, so
that they are properly cleaned up when the parent gets destroyed.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1531745974-17187-18-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Mon, 16 Jul 2018 12:59:33 +0000 (14:59 +0200)]
hw/display/xlnx_dp: Move problematic code from instance_init to realize
aux_create_slave() calls qdev_init_nofail() which in turn "realizes"
the corresponding object. This is unlike qdev_create(), and it is wrong
because qdev_init_nofail() must not be called from an instance_init
function. Move qdev_init_nofail() and the subsequent aux_map_slave into
the caller's realize function.
There are two more bugs that needs to be fixed here, too, where the
objects are created but not added as children. Therefore when
you call object_unparent on them, nothing happens.
In particular dpcd and edid give you an infinite loop in bus_unparent,
because device_unparent is not called and does not remove them from
the list of devices on the bus.
Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1531745974-17187-17-git-send-email-thuth@redhat.com
[thuth: Added Paolo's fixup for the dpcd and edid unparenting] Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use the new functions object_initialize_child() and sysbus_init_child_obj()
to make sure that all objects get cleaned up correctly when the instances
are destroyed.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1531745974-17187-5-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
{"QMP": {"version": {"qemu": {"micro": 50, "minor": 12, "major": 2},
"package": "build-all"}, "capabilities": []}}
{"return": {}}
{"error": {"class": "GenericError", "desc": "Device 'bcm2837' can not be
hotplugged on this machine"}}
Segmentation fault (core dumped)
The qdev_set_parent_bus() from instance_init adds a link to the child devices
which is not valid anymore after the bcm2837 instance has been destroyed.
Unfortunately, the child devices do not get destroyed / unlinked correctly
because both object_initialize() and object_property_add_child() increase
the reference count of the child objects by one, but only one reference
is dropped when the parent gets removed. So let's use the new functions
object_initialize_child() and sysbus_init_child_obj() instead to create
the objects, which will take care of creating the child objects with the
correct reference count of one.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1531745974-17187-4-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Thomas Huth [Mon, 16 Jul 2018 12:59:19 +0000 (14:59 +0200)]
hw/core/sysbus: Add a function for creating and attaching an object
A lot of functions are initializing an object and attach it immediately
afterwards to the system bus. Provide a common function for this, which
also uses object_initialize_child() to make sure that the reference
counter is correctly initialized to 1 afterwards.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1531745974-17187-3-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Thomas Huth [Mon, 16 Jul 2018 12:59:18 +0000 (14:59 +0200)]
qom/object: Add a new function object_initialize_child()
A lot of code is using the object_initialize() function followed by a call
to object_property_add_child() to add the newly initialized object as a child
of the current object. Both functions increase the reference counter of the
new object, but many spots that call these two functions then forget to drop
one of the superfluous references. So the newly created object is often not
cleaned up correctly when the parent is destroyed. In the worst case, this
can cause crashes, e.g. because device objects are not correctly removed from
their parent_bus.
Since this is a common pattern between many code spots, let's introduce a
new function that takes care of calling all three required initialization
functions, first object_initialize(), then object_property_add_child() and
finally object_unref(). And since the function does a similar job like
object_new_with_props(), also allow to set additional properties via
varargs, and use user_creatable_complete() to make sure that the functions
can be used similarly.
And while we're at object.h, also fix some copy-n-paste errors in the
comments there ("to store the area" --> "to store the error").
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 1531745974-17187-2-git-send-email-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Sun, 15 Jul 2018 16:21:56 +0000 (18:21 +0200)]
qga: fix file descriptor leak
The file descriptor for /sys/power/state was never closed. Reported
by Coverity.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Mon, 16 Jul 2018 16:43:23 +0000 (17:43 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180716' into staging
target-arm queue:
* accel/tcg: Use correct test when looking in victim TLB for code
* bcm2835_aux: Swap RX and TX interrupt assignments
* hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
* hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
* hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
* aspeed: Implement write-1-{set, clear} for AST2500 strapping
* target/arm: Fix LD1W and LDFF1W (scalar plus vector)
* remotes/pmaydell/tags/pull-target-arm-20180716:
accel/tcg: Assert that tlb fill gave us a valid TLB entry
accel/tcg: Use correct test when looking in victim TLB for code
bcm2835_aux: Swap RX and TX interrupt assignments
hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
aspeed: Implement write-1-{set, clear} for AST2500 strapping
target/arm: Fix LD1W and LDFF1W (scalar plus vector)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 13 Jul 2018 14:16:36 +0000 (15:16 +0100)]
accel/tcg: Assert that tlb fill gave us a valid TLB entry
In commit 4b1a3e1e34ad97 we added a check for whether the TLB entry
we had following a tlb_fill had the INVALID bit set. This could
happen in some circumstances because a stale or wrong TLB entry was
pulled out of the victim cache. However, after commit 68fea038553039e (which prevents stale entries being in the victim
cache) and the previous commit (which ensures we don't incorrectly
hit in the victim cache)) this should never be possible.
Drop the check on TLB_INVALID_MASK from the "is this a TLB_RECHECK?"
condition, and instead assert that the tlb fill procedure has given
us a valid TLB entry (or longjumped out with a guest exception).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180713141636.18665-3-peter.maydell@linaro.org
Peter Maydell [Fri, 13 Jul 2018 14:16:35 +0000 (15:16 +0100)]
accel/tcg: Use correct test when looking in victim TLB for code
In get_page_addr_code(), we were incorrectly looking in the victim
TLB for an entry which matched the target address for reads, not
for code accesses. This meant that we could hit on a victim TLB
entry that indicated that the address was readable but not
executable, and incorrectly bypass the call to tlb_fill() which
should generate the guest MMU exception. Fix this bug.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180713141636.18665-2-peter.maydell@linaro.org
RX and TX interrupt bits were reversed, resulting in an endless sequence
of serial interupts in the emulated system and the following repeated
error message when booting Linux.
This is with arm64:defconfig. The root file system was generated using
buildroot.
NB that this error likely arises from an erratum in the
BCM2835 datasheet where the TX and RX bits were swapped
in the AU_MU_IER_REG description (but correct for IIR):
https://elinux.org/BCM2835_datasheet_errata#p12
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 1529355846-25102-1-git-send-email-linux@roeck-us.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added NB about datasheet] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Thomas Huth [Mon, 16 Jul 2018 16:18:41 +0000 (17:18 +0100)]
hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
These devices are currently causing some problems when a user is trying
to hot-plug or introspect them during runtime. Since these devices can
not be instantiated by the user at all (they need to be wired up in code
instead), we should mark them with user_creatable = false anyway, then we
avoid at least the crashes with the hot-plugging. The introspection problem
will be handled by a separate patch.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1531415537-26037-1-git-send-email-thuth@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 16 Jul 2018 16:18:41 +0000 (17:18 +0100)]
hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
The GICD_ITARGETSR implementation still has some 11MPCore behaviour
that we were incorrectly using in our GICv1 and GICv2 implementations
for the case where the interrupt number is less than GIC_INTERNAL.
The desired behaviour here is:
* for 11MPCore: RAZ/WI for irqs 0..28; read a number matching the
CPU doing the read for irqs 29..31
* for GICv1 and v2: RAZ/WI if uniprocessor; otherwise read a
number matching the CPU doing the read for all irqs < 32
Stop squashing GICD_ITARGETSR to 0 for IRQs 0..28 unless this
is an 11MPCore GIC.
Reported-by: Jan Kiszka <jan.kiszka@web.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180712154152.32183-3-peter.maydell@linaro.org
Peter Maydell [Mon, 16 Jul 2018 16:18:41 +0000 (17:18 +0100)]
hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
In gic_deactivate_irq() the interrupt number comes from the guest
(on a write to the GICC_DIR register), so we need to sanity check
that it isn't out of range before we use it as an array index.
Handle this in a similar manner to the check we do in
gic_complete_irq() for the GICC_EOI register.
The array overrun is not disastrous because the calling code
uses (value & 0x3ff) to extract the interrupt field, so the
only out-of-range values possible are 1020..1023, which allow
overrunning only from irq_state[] into the following
irq_target[] array which the guest can already manipulate.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180712154152.32183-2-peter.maydell@linaro.org
Andrew Jeffery [Mon, 16 Jul 2018 16:18:41 +0000 (17:18 +0100)]
aspeed: Implement write-1-{set, clear} for AST2500 strapping
The AST2500 SoC family changes the runtime behaviour of the hardware
strapping register (SCU70) to write-1-set/write-1-clear, with
write-1-clear implemented on the "read-only" SoC revision register
(SCU7C). For the the AST2400, the hardware strapping is
runtime-configured with read-modify-write semantics.
Signed-off-by: Andrew Jeffery <andrew@aj.id.au> Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20180709143524.17480-1-andrew@aj.id.au Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Mon, 16 Jul 2018 08:37:32 +0000 (09:37 +0100)]
virtio-scsi: fix hotplug ->reset() vs event race
There is a race condition during hotplug when iothread is used. It
occurs because virtio-scsi may be processing command queues in the
iothread while the monitor performs SCSI device hotplug.
When a SCSI device is hotplugged the HotplugHandler->plug() callback is
invoked and virtio-scsi emits a rescan event to the guest.
If the guest submits a SCSI command at this point then it may be
cancelled before hotplug completes. This happens because ->reset() is
called by hw/core/qdev.c:device_set_realized() after
HotplugHandler->plug() has been called and
hw/scsi/scsi-disk.c:scsi_disk_reset() purges all requests.
This patch uses the new HotplugHandler->post_plug() callback to emit the
rescan event after ->reset(). This eliminates the race conditions where
requests could be cancelled.
Reported-by: l00284672 <lizhengui@huawei.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20180716083732.3347-3-stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Stefan Hajnoczi [Mon, 16 Jul 2018 08:37:31 +0000 (09:37 +0100)]
qdev: add HotplugHandler->post_plug() callback
The ->pre_plug() callback is invoked before the device is realized. The
->plug() callback is invoked when the device is being realized but
before it is reset.
This patch adds a ->post_plug() callback which is invoked after the
device has been reset. This callback is needed by HotplugHandlers that
need to wait until after ->reset().
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20180716083732.3347-2-stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Calvin Lee [Sat, 12 May 2018 00:05:44 +0000 (18:05 -0600)]
PC Chipset: Improve serial divisor calculation
This fixes several problems I found in the UART serial implementation.
Now all divisor values are allowed, while before divisor values of zero
and below the base baud rate were rejected. All changes are in reference
to http://www.sci.muni.cz/docs/pc/serport.txt
Signed-off-by: Calvin Lee <cyrus296@gmail.com>
Message-Id: <20180512000545.966-2-cyrus296@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
vhost-user-test: added proper TestServer *dest initialization in test_migrate()
server->bus in _test_server_free() could be NULL, since TestServer
*dest in test_migrate() was not properly initialized like TestServer *s.
Added init_virtio_dev(dest) and uninit_virtio_dev(dest), so the fields
are properly set and when test_server_free(dest); is called, they can
be correctly freed.
The reason for that is init_virtio_dev() calls qpci_init_pc(), that
creates a QPCIBusPC * (returned as QPCIBus *), while test_server_free()
calls qpci_free_pc(), that frees the QPCIBus *. Not calling
init_virtio_dev() would leave the QPCIBus * of TestServer unset.
Problem came out once I modified pci-pc.c and pci-pc.h, modifying
QPCIBusPC by adding another field before QPCIBus bus. Re-running the
tests showed vhost-user-test failing.
Signed-off-by: Emanuele Giuseppe Esposito <e.emanuelegiuseppe@gmail.com>
Message-Id: <1530022733-29581-1-git-send-email-esposem@usi.ch> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Roman Kagan [Mon, 2 Jul 2018 13:41:56 +0000 (16:41 +0300)]
hyperv: ensure VP index equal to QEMU cpu_index
Hyper-V identifies vCPUs by Virtual Processor (VP) index which can be
queried by the guest via HV_X64_MSR_VP_INDEX msr. It is defined by the
spec as a sequential number which can't exceed the maximum number of
vCPUs per VM.
It has to be owned by QEMU in order to preserve it across migration.
However, the initial implementation in KVM didn't allow to set this
msr, and KVM used its own notion of VP index. Fortunately, the way
vCPUs are created in QEMU/KVM makes it likely that the KVM value is
equal to QEMU cpu_index.
So choose cpu_index as the value for vp_index, and push that to KVM on
kernels that support setting the msr. On older ones that don't, query
the kernel value and assert that it's in sync with QEMU.
Besides, since handling errors from vCPU init at hotplug time is
impossible, disable vCPU hotplug.
This patch also introduces accessor functions to encapsulate the mapping
between a vCPU and its vp_index.
Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180702134156.13404-3-rkagan@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Roman Kagan [Mon, 2 Jul 2018 13:41:55 +0000 (16:41 +0300)]
hyperv: rename vcpu_id to vp_index
In Hyper-V-related code, vCPUs are identified by their VP (virtual
processor) index. Since it's customary for "vcpu_id" in QEMU to mean
APIC id, rename the respective variables to "vp_index" to make the
distinction clear.
Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20180702134156.13404-2-rkagan@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* remotes/armbru/tags/pull-misc-2018-07-16:
monitor: Fix tracepoint crash on JSON syntax error
MAINTAINERS: New section "Incompatible changes", copy libvir-list
qemu-doc: Move appendix "Deprecated features" to its own file
cli qmp: Mark --preconfig, exit-preconfig experimental
qapi: Do not expose "allow-preconfig" in query-qmp-schema
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Viktor Prutyanov [Sat, 14 Jul 2018 12:30:00 +0000 (15:30 +0300)]
dump: add kernel_gs_base to QEMU CPU state
This patch adds field with content of KERNEL_GS_BASE MSR to QEMU note in
ELF dump.
On Windows, if all vCPUs are running usermode tasks at the time the dump is
created, this can be helpful in the discovery of guest system structures
during conversion ELF dump to MEMORY.DMP dump.
Signed-off-by: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com>
Message-Id: <20180714123000.11326-1-viktor.prutyanov@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
monitor: Fix tracepoint crash on JSON syntax error
When tracepoint handle_qmp_command is enabled, we crash on JSON syntax
errors. Broken in commit 1cc37471525. Fix by skipping the tracepoint
on JSON syntax error. Before the flawed commit, we skipped it by
returning early.
Fixes: CID 1394216 Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180716091012.29510-1-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com>
MAINTAINERS: New section "Incompatible changes", copy libvir-list
Libvirt developers would like to be copied on patches to qemu-doc
appendix "Deprecated features". Do them the favor.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180716073226.21127-3-armbru@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
qemu-doc: Move appendix "Deprecated features" to its own file
Consumers of QEMU need to track feature deprecation. Keeping
deprecation documentation in its own file helps in two small ways:
* You can track changes the easy and obvious way, with git-log.
Before, you had to resort to more complex gittery like "git-log
--oneline -L '/@node Deprecated features/,/@node Supported build
platforms/:qemu-doc.texi'"
* It lets us use MAINTAINERS to copy interested parties on deprecation
patches, so they can advise or object before they're a done deal.
The next commit will do that for libvirt.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180716073226.21127-2-armbru@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
cli qmp: Mark --preconfig, exit-preconfig experimental
Committing to the current --preconfig / exit-preconfig interface
before it has seen any use is premature. Mark both as experimental,
the former in documentation, the latter by renaming it to
x-exit-preconfig.
See the previous commit for more detailed rationale.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180705091402.26244-3-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: Igor Mammedov <imammedo@redhat.com>
[Straightforward conflict with commit 514337c142f resolved]
qapi: Do not expose "allow-preconfig" in query-qmp-schema
According to commit 047f7038f58, option --preconfig
[...] allows pausing QEMU in the new RUN_STATE_PRECONFIG state,
allowing the configuration of QEMU from QMP before the machine
jumps into board initialization code of machine_run_board_init()
The intent is to allow management to query machine state and
additionally configure it using previous query results within one
QEMU instance (i.e. eliminate the need to start QEMU twice, 1st to
query board specific parameters and 2nd for actual VM start using
query results for additional parameters).
The implementation is a bit of a hack: it splices in an additional
main loop before machine creation, in special runstate preconfig. New
command exit-preconfig exits that main loop. QEMU continues
initializing, creates the machine, and runs the good old main loop.
The replacement of the main loop is transparent to monitors.
Sadly, some commands expect initialization to be complete. Running
them in --preconfig's main loop violates their preconditions. Since
we don't really know which commands are safe, we use a whitelist.
This drags the concept of run state into the QMP core.
The whitelist is done as a command flag in the QAPI schema (commit d6fe3d02e9a). Drags the concept of run state further into the QAPI
language.
The command flag is exposed in query-qmp-schema (also commit d6fe3d02e9a). This makes it ABI.
I consider the whole thing an offensively ugly hack, but sometimes an
ugly hack is the best we can do to solve a problem people have.
The need described by the commit message quote above is genuine. The
proper solution would be a main loop that permits complete
configuration via QMP. This is out of reach, thus the hack.
However, even though the need is genuine, it isn't urgent: libvirt is
not going to use this anytime soon. Baking a hack into ABI before it
has any users is a bad idea.
This commit reverts the parts of commit d6fe3d02e9a that affect ABI
via query-qmp-schema. The commit did the following:
(1) Add command flag 'allow-preconfig' to the QAPI schema language
(2) Pass it to code generators
(3) Have the commands.py code generator pass it to the command
registry (so commit 047f7038f58 can use it as whitelist)
(4) Add 'allow-preconfig' to SchemaInfoCommand (neglecting to update
qapi-code-gen.txt section "Client JSON Protocol introspection")
(5) Set 'allow-preconfig': true for commands qmp_capabilities,
query-commands, query-command-line-options, query-status
Revert exactly (4), plus a bit of documentation added to
qemu-tech.info in commit 047f7038f58.
Shrinks query-qmp-schema's output from 126.5KiB to 121.8KiB for me.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180705091402.26244-2-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: Igor Mammedov <imammedo@redhat.com>
[Straightforward conflict with commit d626b6c1ae7 resolved]
Peter Maydell [Mon, 16 Jul 2018 10:04:24 +0000 (11:04 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-3.0-20180716' into staging
ppc patch queue 2018-07-16
Here's my first hard freeze pull request for qemu-3.0. This contains
an assortment of bugfixes. Several are for regressions, others are for
bugs that I think are significant enough to address during hard freeze.
Peter Maydell [Mon, 16 Jul 2018 09:06:23 +0000 (10:06 +0100)]
Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-3.0-pull-request' into staging
Some fixes for linux-user:
- workaround for CMSG_NXTHDR bug
- two patches for ppc64/ppc64le host:
fix fcntl() with *LK64 commands
(seen when dpkg wants to lock the DB)
fix reserved_va alignment (ppc64 needs
a 64kB alignment)
- convert a forgotten fcntl() to safe_fcntl()
* remotes/vivier2/tags/linux-user-for-3.0-pull-request:
Zero out the host's `msg_control` buffer
linux-user: fix mmap_find_vma_reserved()
linux-user: convert remaining fcntl() to safe_fcntl()
linux-user: ppc64: use the correct values for F_*LK64s
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Coverity warned that the false arm of conditional expression is
unreachable when it is inside an if with the same condition.
Remove the unreachable code to avoid the warning.
Fixes: CID 1394215 Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Interrupt conditions occurring while masked are not being
signaled when later unmasked.
The fix is to raise/lower IRQs when IMASK is changed.
To avoid problems like this in future, consolidate
IRQ pin update logic in one function.
Also fix probable typo "IEVENT_TXF | IEVENT_TXF",
and update IRQ pins on reset.
Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Greg Kurz [Thu, 12 Jul 2018 10:01:49 +0000 (12:01 +0200)]
ppc/xics: fix ICP reset path
Recent cleanup in commit a028dd423ee6 dropped the ICPStateClass::reset
handler. It is now up to child ICP classes to call the DeviceClass::reset
handler of the parent class, thanks to device_class_set_parent_reset().
This is a better object programming pattern, but unfortunately it causes
QEMU to crash during CPU hotplug:
but dc->reset, ie, DeviceClass::reset for the TYPE_ICP type, is
itself NULL.
This patch hence sets DeviceClass::reset for the TYPE_ICP type to
point to icp_reset(). It then registers a reset handler that calls
DeviceClass::reset. If the ICP subtype has configured its own reset
handler with device_class_set_parent_reset(), this ensures it will
be called first and it can then call ICPStateClass::parent_reset
safely. This fixes the reset path for the TYPE_KVM_ICP type, which
is the only subtype that defines its own reset function.
Reported-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com> Suggested-by: David Gibson <david@gibson.dropbear.id.au> Fixes: a028dd423ee6dfd091a8c63028240832bf10f671 Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
David Gibson [Tue, 10 Jul 2018 01:40:52 +0000 (11:40 +1000)]
spapr: Correct inverted test in spapr_pc_dimm_node()
This function was introduced between v2.11 and v2.12 to replace obsolete
ways of specifying the NUMA nodes for DIMMs. It's used to find the correct
node for an LMB, by locating which DIMM object it lies within.
Unfortunately, one of the checks is inverted, so we check whether the
address is less than two different things, rather than actually checking
a range. This introduced a regression, meaning that after a reboot qemu
will advertise incorrect node information for memory to the guest.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
sm501: Update screen on frame buffer address change
When the guest changes the address of the frame buffer we need to
refresh the screen to correctly display the new content. This fixes
display update problems when changing between screens on AmigaOS.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Jonas Schievink [Wed, 11 Jul 2018 22:12:44 +0000 (00:12 +0200)]
Zero out the host's `msg_control` buffer
If this is not done, qemu would drop any control message after the first
one.
This is because glibc's `CMSG_NXTHDR` macro accesses the uninitialized
cmsghdr's length field in order to find out if the message fits into the
`msg_control` buffer, wrongly assuming that it doesn't because the
length field contains garbage. Accessing the length field is fine for
completed messages we receive from the kernel, but is - as far as I know
- not needed since the kernel won't return such an invalid cmsghdr in
the first place.
This is tracked as this glibc bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=13500
It's probably also a good idea to bail with an error if `CMSG_NXTHDR`
returns NULL but `TARGET_CMSG_NXTHDR` doesn't (ie. we still expect
cmsgs).
projects / mirror_qemu.git / log