aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-11-13block: Leave valid throttle timers when removing a BDS from a backendAlberto Garcia
If a BlockBackend has I/O limits set then its ThrottleGroupMember structure uses the AioContext from its attached BlockDriverState. Those two contexts must be kept in sync manually. This is not ideal and will be fixed in the future by removing the throttling configuration from the BlockBackend and storing it in an implicit filter node instead, but for now we have to live with this. When you remove the BlockDriverState from the backend then the throttle timers are destroyed. If a new BlockDriverState is later inserted then they are created again using the new AioContext. There are a couple of problems with this: a) The code manipulates the timers directly, leaving the ThrottleGroupMember.aio_context field in an inconsisent state. b) If you remove the I/O limits (e.g by destroying the backend) when the timers are gone then throttle_group_unregister_tgm() will attempt to destroy them again, crashing QEMU. While b) could be fixed easily by allowing the timers to be freed twice, this would result in a situation in which we can no longer guarantee that a valid ThrottleState has a valid AioContext and timers. This patch ensures that the timers and AioContext are always valid when I/O limits are set, regardless of whether the BlockBackend has a BlockDriverState inserted or not. [Fixed "There'a" typo as suggested by Max Reitz <mreitz@redhat.com> --Stefan] Reported-by: sochin jiang <sochin.jiang@huawei.com> Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Message-id: e089c66e7c20289b046d782cea4373b765c5bc1d.1510339534.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-13block: Check for inserted BlockDriverState in blk_io_limits_disable()Alberto Garcia
When you set I/O limits using block_set_io_throttle or the command line throttling.* options they are kept in the BlockBackend regardless of whether a BlockDriverState is attached to the backend or not. Therefore when removing the limits using blk_io_limits_disable() we need to check if there's a BDS before attempting to drain it, else it will crash QEMU. This can be reproduced very easily using HMP: (qemu) drive_add 0 if=none,throttling.iops-total=5000 (qemu) drive_del none0 Reported-by: sochin jiang <sochin.jiang@huawei.com> Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Message-id: 0d3a67ce8d948bb33e08672564714dcfb76a3d8c.1510339534.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-13Merge remote-tracking branch 'remotes/kraxel/tags/vga-20171110-pull-request' ↵Peter Maydell
into staging vga: bugfixes for 2.11 # gpg: Signature made Fri 10 Nov 2017 13:26:30 GMT # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20171110-pull-request: vmsvga: use ARRAY_SIZE macro vga: fix region checks in wraparound case virtio-gpu: fix bug in host memory calculation. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13throttle-groups: drain before detaching ThrottleStateStefan Hajnoczi
I/O requests hang after stop/cont commands at least since QEMU 2.10.0 with -drive iops=100: (guest)$ dd if=/dev/zero of=/dev/vdb oflag=direct count=1000 (qemu) stop (qemu) cont ...I/O is stuck... This happens because blk_set_aio_context() detaches the ThrottleState while requests may still be in flight: if (tgm->throttle_state) { throttle_group_detach_aio_context(tgm); throttle_group_attach_aio_context(tgm, new_context); } This patch encloses the detach/attach calls in a drained region so no I/O request is left hanging. Also add assertions so we don't make the same mistake again in the future. Reported-by: Yongxue Hong <yhong@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Message-id: 20171110151934.16883-1-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-13block: all I/O should be completed before removing throttle timers.Zhengui
In blk_remove_bs, all I/O should be completed before removing throttle timers. If there has inflight I/O, removing throttle timers here will cause the inflight I/O never return. This patch add bdrv_drained_begin before throttle_timers_detach_aio_context to let all I/O completed before removing throttle timers. [Moved declaration of bs as suggested by Alberto Garcia <berto@igalia.com>. --Stefan] Signed-off-by: Zhengui <lizhengui@huawei.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Message-id: 1508564040-120700-1-git-send-email-lizhengui@huawei.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-13accel/tcg/translate-all: expand cpu_restore_state addr checkAlex Bennée
We are still seeing signals during translation time when we walk over a page protection boundary. This expands the check to ensure the host PC is inside the code generation buffer. The original suggestion was to check versus tcg_ctx.code_gen_ptr but as we now segment the translation buffer we have to settle for just a general check for being inside. I've also fixed up the declaration to make it clear it can deal with invalid addresses. A later patch will fix up the call sites. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reported-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20171108153245.20740-2-alex.bennee@linaro.org Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Tested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13hw: add .min_cpus and .default_cpus fields to machine_classEmilio G. Cota
max_cpus needs to be an upper bound on the number of vCPUs initialized; otherwise TCG region initialization breaks. Some boards initialize a hard-coded number of vCPUs, which is not captured by the global max_cpus and therefore breaks TCG initialization. Fix it by adding the .min_cpus field to machine_class. This commit also changes some user-facing behaviour: we now die if -smp is below this hard-coded vCPU minimum instead of silently ignoring the passed -smp value (sometimes announcing this by printing a warning). However, the introduction of .default_cpus lessens the likelihood that users will notice this: if -smp isn't set, we now assign the value in .default_cpus to both smp_cpus and max_cpus. IOW, if a user does not set -smp, they always get a correct number of vCPUs. This change fixes 3468b59 ("tcg: enable multiple TCG contexts in softmmu", 2017-10-24), which broke TCG initialization for some ARM boards. Fixes: 3468b59e18b179bc63c7ce934de912dfa9596122 Reported-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Emilio G. Cota <cota@braap.org> Message-id: 1510343626-25861-6-git-send-email-cota@braap.org Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13xlnx-zcu102: Specify the max number of CPUs for the EP108Emilio G. Cota
Just like the zcu102, the ep108 can instantiate several CPUs. Signed-off-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: 1510343626-25861-5-git-send-email-cota@braap.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13xlnx-zcu102: Add an info message deprecating the EP108Alistair Francis
The EP108 was an early access development board that is no longer used. Add an info message to convert any users to the ZCU102 instead. On QEMU they are both identical. This patch also updated the qemu-doc.texi file to indicate that the EP108 has been deprecated. Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Emilio G. Cota <cota@braap.org> Message-id: 1510343626-25861-4-git-send-email-cota@braap.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13xlnx-zynqmp: Properly support the smp command line optionAlistair Francis
Allow the -smp command line option to control the number of CPUs we create. Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Emilio G. Cota <cota@braap.org> Tested-by: Emilio G. Cota <cota@braap.org> Message-id: 1510343626-25861-3-git-send-email-cota@braap.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13qom: move CPUClass.tcg_initialize to a globalEmilio G. Cota
55c3cee ("qom: Introduce CPUClass.tcg_initialize", 2017-10-24) introduces a per-CPUClass bool that we check so that the target CPU is initialized for TCG only once. This works well except when we end up creating more than one CPUClass, in which case we end up incorrectly initializing TCG more than once, i.e. once for each CPUClass. This can be replicated with: $ aarch64-softmmu/qemu-system-aarch64 -machine xlnx-zcu102 -smp 6 \ -global driver=xlnx,,zynqmp,property=has_rpu,value=on In this case the class name of the "RPUs" is prefixed by "cortex-r5-", whereas the "regular" CPUs are prefixed by "cortex-a53-". This results in two CPUClass instances being created. Fix it by introducing a static variable, so that only the first target CPU being initialized will initialize the target-dependent part of TCG, regardless of CPUClass instances. Fixes: 55c3ceef61fcf06fc98ddc752b7cce788ce7680b Signed-off-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: 1510343626-25861-2-git-send-email-cota@braap.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13MAINTAINERS: Add entries for Smartfusion2Subbaraya Sundeep
Voluntarily add myself as maintainer for Smartfusion2 Signed-off-by: Subbaraya Sundeep <sundeep.lkml@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@xilinx.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1510552520-3566-1-git-send-email-sundeep.lkml@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13highbank: validate register offset before accessPrasad J Pandit
An 'offset' parameter sent to highbank register r/w functions could be greater than number(NUM_REGS=0x200) of hb registers, leading to an OOB access issue. Add check to avoid it. Reported-by: Moguofang (Dennis mo) <moguofang@huawei.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 20171113062658.9697-1-ppandit@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13arm/translate-a64: mark path as unreachable to eliminate warningEmilio G. Cota
Fixes the following warning when compiling with gcc 5.4.0 with -O1 optimizations and --enable-debug: target/arm/translate-a64.c: In function ‘aarch64_tr_translate_insn’: target/arm/translate-a64.c:2361:8: error: ‘post_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized] if (!post_index) { ^ target/arm/translate-a64.c:2307:10: note: ‘post_index’ was declared here bool post_index; ^ target/arm/translate-a64.c:2386:8: error: ‘writeback’ may be used uninitialized in this function [-Werror=maybe-uninitialized] if (writeback) { ^ target/arm/translate-a64.c:2308:10: note: ‘writeback’ was declared here bool writeback; ^ Note that idx comes from selecting 2 bits, and therefore its value can be at most 3. Signed-off-by: Emilio G. Cota <cota@braap.org> Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1510087611-1851-1-git-send-email-cota@braap.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into ↵Peter Maydell
staging slirp updates # gpg: Signature made Thu 09 Nov 2017 18:00:07 GMT # gpg: using RSA key 0x9E511E01C737F075 # gpg: Good signature from "Samuel Thibault <samuel.thibault@aquilenet.fr>" # gpg: aka "Samuel Thibault <sthibault@debian.org>" # gpg: aka "Samuel Thibault <samuel.thibault@gnu.org>" # gpg: aka "Samuel Thibault <samuel.thibault@inria.fr>" # gpg: aka "Samuel Thibault <samuel.thibault@labri.fr>" # gpg: aka "Samuel Thibault <samuel.thibault@ens-lyon.org>" # gpg: aka "Samuel Thibault <samuel.thibault@u-bordeaux.fr>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 900C B024 B679 31D4 0F82 304B D017 8C76 7D06 9EE6 # Subkey fingerprint: 9A37 3D36 64A8 DC62 DA0A 34FD 9E51 1E01 C737 F075 * remotes/thibault/tags/samuel-thibault: slirp: don't zero the whole ti_i when m == NULL Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2017-11-09' into ↵Peter Maydell
staging nbd patches for 2017-11-09 - Vladimir Sementsov-Ogievskiy: nbd/server: fix nbd_negotiate_handle_info - Eric Blake: 0/7 various NBD fixes for 2.11 # gpg: Signature made Thu 09 Nov 2017 16:56:58 GMT # gpg: using RSA key 0xA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" # gpg: aka "[jpeg image of size 6874]" # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2017-11-09: nbd/server: Fix structured read of length 0 nbd-client: Stricter enforcing of structured reply spec nbd-client: Short-circuit 0-length operations nbd: Fix struct name for structured reads nbd/client: Nicer trace of structured reply nbd-client: Refuse read-only client with BDRV_O_RDWR nbd-client: Fix error message typos nbd/server: fix nbd_negotiate_handle_info Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20171109' into stagingPeter Maydell
s390x changes: let pci devices start out in a usable state, and make RISBGN work in tcg. # gpg: Signature made Thu 09 Nov 2017 15:27:21 GMT # gpg: using RSA key 0xDECF6B93C6F02FAF # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" # gpg: aka "Cornelia Huck <cohuck@kernel.org>" # gpg: aka "Cornelia Huck <cohuck@redhat.com>" # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20171109: target/s390x: Finish implementing RISBGN s390x/pci: let pci devices start in configured mode Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13Merge remote-tracking branch 'remotes/rth/tags/pull-cap-20171109' into stagingPeter Maydell
Capstone fixes for 2.11 # gpg: Signature made Thu 09 Nov 2017 07:49:25 GMT # gpg: using RSA key 0x64DF38E8AF7E215F # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth/tags/pull-cap-20171109: Makefile: Capstone: Add support for cross compile ranlib disas: Dump insn bytes along with capstone disassembly Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-13net/socket: fix coverity issueJens Freimann
This fixes coverity issue CID1005339. Make sure that saddr is not used uninitialized if the mcast parameter is NULL. Cc: qemu-stable@nongnu.org Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jens Freimann <jfreimann@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13Add new PCI ID for i82559aMike Nawrocki
Adds a new PCI ID for the i82559a (0x8086 0x1030) interface. The "x-use-alt-device-id" property controls whether this new ID is to be used, and is true by default, and set to false in a compat entry. Signed-off-by: Mike Nawrocki <michael.nawrocki@gtri.gatech.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13Fix eepro100 simple transmission modeMike Nawrocki
The simple transmission mode was treating the area immediately after the transmit command block (TCB) as if it were a transmit buffer descriptor, when in reality it is simply the packet data. This change simply copies the data following the TCB into the packet buffer. Signed-off-by: Mike Nawrocki <michael.nawrocki@gtri.gatech.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13colo: Consolidate the duplicate code chunk into a routineMao Zhongyi
Consolidate the code that extract the ip address(src,dst) and port number(src,dst) of the packet into a separate routine extract_ip_and_port() since the same chunk of code is called from two place. Cc: Zhang Chen <zhangckid@gmail.com> Cc: Li Zhijian <lizhijian@cn.fujitsu.com> Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13colo-compare: Fix commentsMao Zhongyi
Cc: Zhang Chen <zhangckid@gmail.com> Cc: Li Zhijian <lizhijian@cn.fujitsu.com> Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com> Signed-off-by: Zhang Chen <zhangckid@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13colo-compare: compare the packet in a specified ConnectionMao Zhongyi
A package from pri_indev or sec_indev only belongs to a particular Connection, so we only need to compare the package in the specified Connection's primary_list and secondary_list, rather than for each the whole Connection list to compare. This is time-consuming and unnecessary. Less checkpoint more efficiency. Cc: Zhang Chen <zhangckid@gmail.com> Cc: Li Zhijian <lizhijian@cn.fujitsu.com> Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13colo-compare: Insert packet into the suitable position of packet queue directlyMao Zhongyi
Currently, a packet from pri_dev or sec_dev is fristly pushed at the tail of the primary or secondary packet queue then sorted by the tcp sequence number. Now, this patch use g_queue_insert_sorted to insert the packet directly into the suitable position to avoid ordering all packets each time when a new packet is comming, thereby increasing efficiency. In addition, consolidate the code that add a packet to the list of Connection (primary or secondary) into a separate routine colo_insert_packet() since the same chunk of code is called from two place. Cc: Zhang Chen <zhangckid@gmail.com> Cc: Li Zhijian <lizhijian@cn.fujitsu.com> Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com> Signed-off-by: Zhang Chen <zhangckid@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13net: fix check for number of parameters to -netdev socketJens Freimann
Since commit 0f8c289ad "net: fix -netdev socket,fd= for UDP sockets" we allow more than one parameter for -netdev socket. But now we run into an assert when no parameter at all is specified > qemu-system-x86_64 -netdev socket socket.c:729: net_init_socket: Assertion `sock->has_udp' failed. Fix this by reverting the change of the if condition done in 0f8c289ad. Cc: Jason Wang <jasowang@redhat.com> Cc: qemu-stable@nongnu.org Fixes: 0f8c289ad539feb5135c545bea947b310a893f4b Reported-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com> Signed-off-by: Jens Freimann <jfreimann@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-10Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging Pull request v2: * v1 emails 2/3 and 3/3 weren't sent due to an email failure * Included Sergio's updated wording in the commit description # gpg: Signature made Wed 08 Nov 2017 19:12:01 GMT # gpg: using RSA key 0x9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/block-pull-request: util/async: use atomic_mb_set in qemu_bh_cancel tests-aio-multithread: fix /aio/multi/schedule race condition Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-10Merge remote-tracking branch ↵Peter Maydell
'remotes/berrange/tags/pull-qcrypto-2017-11-08-1' into staging Merge qcrypto 2017/11/08 v1 # gpg: Signature made Wed 08 Nov 2017 11:06:38 GMT # gpg: using RSA key 0xBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/pull-qcrypto-2017-11-08-1: crypto: afalg: fix a NULL pointer dereference tests: Run the luks tests in test-crypto-block only if encryption is available Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-10Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171108' ↵Peter Maydell
into staging ppc patch queue 2017-11-08 Here's the current set of accumulated ppc patches for qemu-2.11. Since we're now in hard freeze these are all bugfixes (although some fix a bug by way of a cleanup). # gpg: Signature made Wed 08 Nov 2017 08:10:38 GMT # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.11-20171108: e500: ppce500_init_mpic() return device instead of IRQ array hw/display/sm501: Fix comment in sm501_sysbus_class_init() ppc: fix setting of compat mode Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-10ui: use QEMU_IS_ALIGNED macroPhilippe Mathieu-Daudé
Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20170718061005.29518-9-f4bug@amsat.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-11-10vmsvga: use ARRAY_SIZE macroPhilippe Mathieu-Daudé
Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20170718061005.29518-23-f4bug@amsat.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-11-10vga: fix region checks in wraparound caseGerd Hoffmann
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 20171030102830.4469-1-kraxel@redhat.com
2017-11-10ui: fix dcl unregisterGerd Hoffmann
register checks for dcl->ds being NULL, to avoid registering the same dcl twice. Therefore dcl->ds must be cleared on unregister, otherwise un-registering and re-registering doesn't work. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1510809 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20171109105154.29414-1-kraxel@redhat.com
2017-11-10virtio-gpu: fix bug in host memory calculation.Tao Wu
The old code treats bits as bytes when calculating host memory usage. Change it to be consistent with allocation logic in pixman library. Signed-off-by: Tao Wu <lepton@google.com> Message-Id: <20171109181741.31318-1-lepton@google.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-11-09slirp: don't zero the whole ti_i when m == NULLTao Wu
98c63057d2144fb81681580cd84c13c93794c96e ('slirp: Factorizing tcpiphdr structure with an union') introduced a memset call to clear possibly-undefined fields in ti. This however overwrites src/dst/pr which are used below. So let us clear only the unused fields. This should fix some rare cases (some RST cases, keep alive probes) where packets would be sent to 0.0.0.0. Signed-off-by: Tao Wu <lepton@google.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2017-11-09nbd/server: Fix structured read of length 0Eric Blake
The NBD spec was recently clarified to state that a read of length 0 should not be attempted by a compliant client; but that a server must still handle it correctly in an unspecified manner (that is, either a successful no-op or an error reply, but not a crash) [1]. However, it also implies that NBD_REPLY_TYPE_OFFSET_DATA must have a non-zero payload length, but our existing code was replying with a chunk that a picky client could reject as invalid because it was missing a payload (our own client implementation was recently patched to be that picky, after first fixing it to not send 0-length requests). We are already doing successful no-ops for 0-length writes and for non-structured reads; so for consistency, we want structured reply reads to also be a no-op. The easiest way to do this is to return a NBD_REPLY_TYPE_NONE chunk; this is best done via a new helper function (especially since future patches for other structured replies may benefit from using the same helper). [1] https://github.com/NetworkBlockDevice/nbd/commit/ee926037 Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20171108215703.9295-8-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09nbd-client: Stricter enforcing of structured reply specEric Blake
Ensure that the server is not sending unexpected chunk lengths for either the NONE or the OFFSET_DATA chunk, nor unexpected hole length for OFFSET_HOLE. This will flag any server as broken that responds to a zero-length read with an OFFSET_DATA (what our server currently does, but that's about to be fixed) or with OFFSET_HOLE, even though we previously fixed our client to never be able to send such a request over the wire. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20171108215703.9295-7-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09nbd-client: Short-circuit 0-length operationsEric Blake
The NBD spec was recently clarified to state that clients should not send 0-length requests to the server, as the server behavior is undefined [1]. We know that qemu-nbd's behavior is a successful no-op (once it has filtered for read-only exports), but other NBD implementations might return an error. To avoid any questionable server implementations, it is better to just short-circuit such requests on the client side (we are relying on the block layer to already filter out requests such as invalid offset, write to a read-only volume, and so forth); do the short-circuit as late as possible to still benefit from protections from assertions that the block layer is not violating our assumptions. [1] https://github.com/NetworkBlockDevice/nbd/commit/ee926037 Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20171108215703.9295-6-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09nbd: Fix struct name for structured readsEric Blake
A closer read of the NBD spec shows that a structured reply chunk for a hole is not quite identical to the prefix of a data chunk, because the hole has to also send a 32-bit size field. Although we do not yet send holes, we should fix the misleading information in our header and make it easier for a future patch to support sparse reads. Messed up in commit bae245d1. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20171108215703.9295-5-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09nbd/client: Nicer trace of structured replyEric Blake
It's useful to know which structured reply chunk is being processed. Missed in commit d2febedb. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20171108215703.9295-4-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09nbd-client: Refuse read-only client with BDRV_O_RDWREric Blake
The NBD spec says that clients should not try to write/trim to an export advertised as read-only by the server. But we failed to check that, and would allow the block layer to use NBD with BDRV_O_RDWR even when the server is read-only, which meant we were depending on the server sending a proper EPERM failure for various commands, and also exposes a leaky abstraction: using qemu-io in read-write mode would succeed on 'w -z 0 0' because of local short-circuiting logic, but 'w 0 0' would send a request over the wire (where it then depends on the server, and fails at least for qemu-nbd but might pass for other NBD implementations). With this patch, a client MUST request read-only mode to access a server that is doing a read-only export, or else it will get a message like: can't open device nbd://localhost:10809/foo: request for write access conflicts with read-only export It is no longer possible to even attempt writes over the wire (including the corner case of 0-length writes), because the block layer enforces the explicit read-only request; this matches the behavior of qcow2 when backed by a read-only POSIX file. Fix several iotests to comply with the new behavior (since qemu-nbd of an internal snapshot, as well as nbd-server-add over QMP, default to a read-only export, we must tell blockdev-add/qemu-io to set up a read-only client). CC: qemu-stable@nongnu.org Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20171108215703.9295-3-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09nbd-client: Fix error message typosEric Blake
Provide missing spaces that are required when using string concatenation to break error messages across source lines. Introduced in commit f140e300. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20171108215703.9295-2-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2017-11-09target/s390x: Finish implementing RISBGNRichard Henderson
We added the entry to insn-data.def, but failed to update op_risbg to match. No need to special-case the imask inversion, since that is already ~0 for RISBG (and now RISBGN). Fixes: 375ee58bedcda359011fe7fa99e0647f66f9ffa0 Fixes: https://bugs.launchpad.net/qemu/+bug/1701798 (s390x part) Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20171107145546.767-1-richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Tested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-11-09Makefile: Capstone: Add support for cross compile ranlibAlistair Francis
When cross compiling QEMU for Windows we need to specify the cross version of ranlib to avoid build errors when building capstone. This patch ensures we use the same cross prefix on ranlib as other toolchain components. - Fedora23 mingw - RHEL-7.2 with mingw packages from epel: LINK qemu-img.exe build-win64/capstone/capstone.lib: error adding symbols: Archive has no index; run ranlib to add one collect2: error: ld returned 1 exit status $ x86_64-w64-mingw32-ar --version GNU ar (GNU Binutils) 2.25 Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Suggested-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <e457d4e906dceea4de6c3431813a06b137c1ab9c.1510103351.git.alistair.francis@xilinx.com> Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-11-09disas: Dump insn bytes along with capstone disassemblyRichard Henderson
This feature is present for some targets in the bfd disassembler(s). Implement it generically for all capstone users. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2017-11-08nbd/server: fix nbd_negotiate_handle_infoVladimir Sementsov-Ogievskiy
namelen should be here, length is unrelated, and always 0 at this point. Broken in introduction in commit f37708f6, but mostly harmless (replying with '' as the name does not violate protocol, and does not confuse qemu as the nbd client since our implementation does not ask for the name; but might confuse some other client that does ask for the name especially if the default export is different than the export name being queried). Adding an assert makes it obvious that we are not skipping any bytes in the client's message, as well as making it obvious that we were using the wrong variable. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> CC: qemu-stable@nongnu.org Message-Id: <20171101154204.27146-1-vsementsov@virtuozzo.com> [eblake: improve commit message, squash in assert addition] Signed-off-by: Eric Blake <eblake@redhat.com>
2017-11-08util/async: use atomic_mb_set in qemu_bh_cancelSergio Lopez
Commit b7a745d added a qemu_bh_cancel call to the completion function as an optimization to prevent it from unnecessarily rescheduling itself. This completion function is scheduled from worker_thread, after setting the state of a ThreadPoolElement to THREAD_DONE. This was considered to be safe, as the completion function restarts the loop just after the call to qemu_bh_cancel. But, as this loop lacks a HW memory barrier, the read of req->state may actually happen _before_ the call, seeing it still as THREAD_QUEUED, and ending the completion function without having processed a pending TPE linked at pool->head: worker thread | I/O thread ------------------------------------------------------------------------ | speculatively read req->state req->state = THREAD_DONE; | qemu_bh_schedule(p->completion_bh) | bh->scheduled = 1; | | qemu_bh_cancel(p->completion_bh) | bh->scheduled = 0; | if (req->state == THREAD_DONE) | // sees THREAD_QUEUED The source of the misunderstanding was that qemu_bh_cancel is now being used by the _consumer_ rather than the producer, and therefore now needs to have acquire semantics just like e.g. aio_bh_poll. In some situations, if there are no other independent requests in the same aio context that could eventually trigger the scheduling of the completion function, the omitted TPE and all operations pending on it will get stuck forever. [Added Sergio's updated wording about the HW memory barrier. --Stefan] Signed-off-by: Sergio Lopez <slp@redhat.com> Message-id: 20171108063447.2842-1-slp@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-11-08crypto: afalg: fix a NULL pointer dereferenceLongpeng
Test-crypto-hash calls qcrypto_hash_bytesv/digest/base64 with errp=NULL, this will cause a NULL pointer dereference if afalg_driver doesn't support requested algos: ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov, result, resultlen, errp); if (ret == 0) { return ret; } error_free(*errp); // <--- here Because the error message is thrown away immediately, we should just pass NULL to hash_bytesv(). There is also the same problem in afalg-backend cipher & hmac, let's fix them together. Reviewed-by: Eric Blake <eblake@redhat.com> Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Longpeng <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-11-08tests: Run the luks tests in test-crypto-block only if encryption is availableThomas Huth
The test-crypto-block currently fails if encryption has not been compiled into QEMU: TEST: tests/test-crypto-block... (pid=22231) /crypto/block/qcow: OK /crypto/block/luks/default: Unexpected error in qcrypto_pbkdf2() at qemu/crypto/pbkdf-stub.c:41: FAIL GTester: last random seed: R02Sbbb5b6f299c6727f41bb50ba4aa6ef5c (pid=22237) /crypto/block/luks/aes-256-cbc-plain64: Unexpected error in qcrypto_pbkdf2() at qemu/crypto/pbkdf-stub.c:41: FAIL GTester: last random seed: R02S3e27992a5ab4cc95e141c4ed3c7f0d2e (pid=22239) /crypto/block/luks/aes-256-cbc-essiv: Unexpected error in qcrypto_pbkdf2() at qemu/crypto/pbkdf-stub.c:41: FAIL GTester: last random seed: R02S51b52bb02a66c42d8b331fd305384f53 (pid=22241) FAIL: tests/test-crypto-block So run the luks test only if the required encryption support is available. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-11-08s390x/pci: let pci devices start in configured modeChristian Borntraeger
Currently, to enable a pci device in the guest, the user has to issue echo 1 > /sys/bus/pci/slots/00000000/power. This is not what people expect. On an LPAR, the user can put a PCI device in configured or deconfigured state via IOCDS. The "start in deconfigured state" can be used for "sharing" a pci function across LPARs. This is not what we are going to use in KVM, so always start configured. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Acked-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com> Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com> Message-Id: <20171107175455.73793-2-borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>