aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-02-07ivshmem: Disable irqfd on device resetLadi Prosek
The effects of ivshmem_enable_irqfd() was not undone on device reset. This manifested as: ivshmem_add_kvm_msi_virq: Assertion `!s->msi_vectors[vector].pdev' failed. when irqfd was enabled before reset and then enabled again after reset, making ivshmem_enable_irqfd() run for the second time. To reproduce, run: ivshmem-server and QEMU with: -device ivshmem-doorbell,chardev=iv -chardev socket,path=/tmp/ivshmem_socket,id=iv then install the Windows driver, at the time of writing available at: https://github.com/virtio-win/kvm-guest-drivers-windows/tree/master/ivshmem and crash-reboot the guest by inducing a BSOD. Signed-off-by: Ladi Prosek <lprosek@redhat.com> Message-Id: <20171211072110.9058-5-lprosek@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07ivshmem: Improve MSI irqfd error handlingLadi Prosek
Adds a rollback path to ivshmem_enable_irqfd() and fixes ivshmem_disable_irqfd() to bail if irqfd has not been enabled. To reproduce, run: ivshmem-server -n 0 and QEMU with: -device ivshmem-doorbell,chardev=iv -chardev socket,path=/tmp/ivshmem_socket,id=iv then load, unload, and load again the Windows driver, at the time of writing available at: https://github.com/virtio-win/kvm-guest-drivers-windows/tree/master/ivshmem The issue is believed to have been masked by other guest drivers, notably Linux ones, not enabling MSI-X on the device. Signed-off-by: Ladi Prosek <lprosek@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20171211072110.9058-4-lprosek@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07ivshmem: Always remove irqfd notifiersLadi Prosek
As of commit 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications"), QEMU crashes with: ivshmem: msix_set_vector_notifiers failed msix_unset_vector_notifiers: Assertion `dev->msix_vector_use_notifier && dev->msix_vector_release_notifier' failed. if MSI-X is repeatedly enabled and disabled on the ivshmem device, for example by loading and unloading the Windows ivshmem driver. This is because msix_unset_vector_notifiers() doesn't call any of the release notifier callbacks since MSI-X is already disabled at that point (msix_enabled() returning false is how this transition is detected in the first place). Thus ivshmem_vector_mask() doesn't run and when MSI-X is subsequently enabled again ivshmem_vector_unmask() fails. This is fixed by keeping track of unmasked vectors and making sure that ivshmem_vector_mask() always runs on MSI-X disable. Fixes: 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications") Signed-off-by: Ladi Prosek <lprosek@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20171211072110.9058-3-lprosek@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07ivshmem: Don't update non-existent MSI routesLadi Prosek
As of commit 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications"), QEMU crashes with: kvm_irqchip_commit_routes: Assertion `ret == 0' failed. if the ivshmem device is configured with more vectors than what the server supports. This is caused by the ivshmem_vector_unmask() being called on vectors that have not been initialized by ivshmem_add_kvm_msi_virq(). This commit fixes it by adding a simple check to the mask and unmask callbacks. Note that the opposite mismatch, if the server supplies more vectors than what the device is configured for, is already handled and leads to output like: Too many eventfd received, device has 1 vectors To reproduce the assert, run: ivshmem-server -n 0 and QEMU with: -device ivshmem-doorbell,chardev=iv -chardev socket,path=/tmp/ivshmem_socket,id=iv then load the Windows driver, at the time of writing available at: https://github.com/virtio-win/kvm-guest-drivers-windows/tree/master/ivshmem The issue is believed to have been masked by other guest drivers, notably Linux ones, not enabling MSI-X on the device. Fixes: 660c97eef6f8 ("ivshmem: use kvm irqfd for msi notifications") Signed-off-by: Ladi Prosek <lprosek@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20171211072110.9058-2-lprosek@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07chardev/char-socket: add POLLHUP handlerKlim Kireev
The following behavior was observed for QEMU configured by libvirt to use guest agent as usual for the guests without virtio-serial driver (Windows or the guest remaining in BIOS stage). In QEMU on first connect to listen character device socket the listen socket is removed from poll just after the accept(). virtio_serial_guest_ready() returns 0 and the descriptor of the connected Unix socket is removed from poll and it will not be present in poll() until the guest will initialize the driver and change the state of the serial to "guest connected". In libvirt connect() to guest agent is performed on restart and is run under VM state lock. Connect() is blocking and can wait forever. In this case libvirt can not perform ANY operation on that VM. The bug can be easily reproduced this way: Terminal 1: qemu-system-x86_64 -m 512 -device pci-serial,chardev=serial1 -chardev socket,id=serial1,path=/tmp/console.sock,server,nowait (virtio-serial and isa-serial also fit) Terminal 2: minicom -D unix\#/tmp/console.sock (type something and press enter) C-a x (to exit) Do 3 times: minicom -D unix\#/tmp/console.sock C-a x It needs 4 connections, because the first one is accepted by QEMU, then two are queued by the kernel, and the 4th blocks. The problem is that QEMU doesn't add a read watcher after succesful read until the guest device wants to acquire recieved data, so I propose to install a separate pullhup watcher regardless of whether the device waits for data or not. Signed-off-by: Klim Kireev <klim.kireev@virtuozzo.com> Message-Id: <20180125135129.9305-1-klim.kireev@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07memory: do explicit cleanup when remove listenersPeter Xu
When unregister memory listeners, we should call, e.g., region_del() (and possibly other undo operations) on every existing memory region sections there, otherwise we may leak resources that are held during the region_add(). This patch undo the stuff for the listeners, which emulates the case when the address space is set from current to an empty state. I found this problem when debugging a refcount leak issue that leads to a device unplug event lost (please see the "Bug:" line below). In that case, the leakage of resource is the PCI BAR memory region refcount. And since memory regions are not keeping their own refcount but onto their owners, so the vfio-pci device's (who is the owner of the PCI BAR memory regions) refcount is leaked, and event missing. We had encountered similar issues before and fixed in other way (ee4c112846, "vhost: Release memory references on cleanup"). This patch can be seen as a more high-level fix of similar problems that are caused by the resource leaks from memory listeners. So now we can remove the explicit unref of memory regions since that'll be done altogether during unregistering of listeners now. Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1531393 Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180122060244.29368-5-peterx@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07vfio: listener unregister before unset containerPeter Xu
After next patch, listener unregister will need the container to be alive. Let's move this unregister phase to be before unset container, since that operation will free the backend container in kernel, otherwise we'll get these after next patch: qemu-system-x86_64: VFIO_UNMAP_DMA: -22 qemu-system-x86_64: vfio_dma_unmap(0x559bf53a4590, 0x0, 0xa0000) = -22 (Invalid argument) Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180122060244.29368-4-peterx@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07arm: postpone device listener unregisterPeter Xu
It's a preparation for follow-up patch to call region_del() in memory_listener_unregister(), otherwise all device addr attached with kvm_devices_head will be reset before calling kvm_arm_set_device_addr. Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180122060244.29368-3-peterx@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07vhost: add traces for memory listenersPeter Xu
Trace these operations on two memory listeners. It helps to verify the new memory listener fix, and good to keep them there. Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180122060244.29368-2-peterx@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07ucontext: annotate coroutine stack for ASANMarc-André Lureau
It helps ASAN to detect more leaks on coroutine stacks, and to get rid of some extra warnings. Before: tests/test-coroutine -p /basic/lifecycle /basic/lifecycle: ==20781==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! ==20781==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffcb184d000; bottom 0x7ff6c4cfd000; size: 0x0005ecb50000 (25446121472) False positive error reports may follow For details see https://github.com/google/sanitizers/issues/189 OK After: tests/test-coroutine -p /basic/lifecycle /basic/lifecycle: ==21110==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! OK A similar work would need to be done for sigaltstack & windows fibers to have similar coverage. Since ucontext is preferred, I didn't bother checking the other coroutine implementations for now. Update travis to fix the build with ASAN annotations. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180116151152.4040-4-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07build-sys: add --enable-sanitizersMarc-André Lureau
Typical slowdown introduced by AddressSanitizer is 2x. UBSan shouldn't have much impact on runtime cost. Enable it by default when --enable-debug, unless --disable-sanitizers. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180116151152.4040-3-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05exynos4210: workaround UBSAN compilation errorMarc-André Lureau
gcc 5.4.0-6ubuntu1~16.04.5 build with UBSAN enabled error: CC hw/display/exynos4210_fimd.o /home/petmay01/linaro/qemu-for-merges/hw/display/exynos4210_fimd.c: In function ‘fimd_get_buffer_id’: /home/petmay01/linaro/qemu-for-merges/hw/display/exynos4210_fimd.c:1105:5: error: case label does not reduce to an integer constant case FIMD_WINCON_BUF2_STAT: Because FIMD_WINCON_BUF2_STAT case contains an integer overflow, use U suffix to get the unsigned type. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180116151152.4040-2-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05sockets: fix parsing of ipv4/ipv6 opts in parse_socket_addrDaniel P. Berrange
The inet_parse() function looks for 'ipv4' and 'ipv6' flags, but only treats them as bare bool flags. The normal QemuOpts parsing would allow on/off values to be set too. This updates inet_parse() so that its handling of the 'ipv4' and 'ipv6' flags matches that done by QemuOpts. This impacts the NBD block driver parsing the legacy filename syntax and the migration code parsing the socket scheme. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <20180125171412.21627-1-berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05Drop remaining bits of ia64 host supportPeter Maydell
We dropped support for ia64 host CPUs in the 2.11 release (removing the TCG backend for it, and advertising the support as being completely removed in the changelog). However there are a few bits and pieces of code still floating about. Remove those, too. We can drop the check in configure for "ia64 or hppa host?" entirely, because we don't support hppa hosts either any more. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <1516897189-11035-1-git-send-email-peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05hvf: ept_emulation_fault() needs NetApp BSD attributionPaolo Bonzini
Add the BSD license there. Reported-by: Izik Eidus <izik@veertu.com> Message-Id: <20180123123639.35255-3-izik@veertu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05Add missing hvdos public domain attribution:Izik Eidus
hvf.c and vmx.h contain code from hvdos.c that is released as public domain: from hvdos github: https://github.com/mist64/hvdos "License See LICENSE.txt (2-clause-BSD). In order to simplify use of this code as a template, you can consider any parts from "hvdos.c" and "interface.h" as being in the public domain." Signed-off-by: Izik Eidus <izik@veertu.com> Message-Id: <20180123123639.35255-2-izik@veertu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05i2c: Add a CONFIG_I2C master switch to the configuration filesThomas Huth
The i2c core and the at24c EEPROM should only be compiled and linked on the machines that support i2c. Otherwise it's quite strange to see the at24c-eeprom to be "available" on qemu-system-s390x for example. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1516634853-15883-1-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05memory-internal.h: Remove obsolete claim that header is obsoletePeter Maydell
The memory-internal.h header claims that it is for "obsolete exec.c functions" which "will be removed soon". This statement was added in 2011, six years ago, but the header is still here. (Admittedly none of the prototypes added in commit 67d95c153bef55f6 are still in the header.) It's convenient to have a place to put prototypes for functions which are used internally to the various .c files of the memory system or by the accel/tcg code, which is inevitably fairly closely coupled. So keep the header but update the comments to reflect what we're actually using it for. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <1511276888-17834-1-git-send-email-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05scripts/qemu-gdb/timers.py: define encoding in header commentGreg Kurz
This is required otherwise python complains because of the accentuated letter in Alex's last name: Traceback (most recent call last): File "scripts/qemu-gdb.py", line 29, in <module> from qemugdb import aio, mtree, coroutine, tcg, timers File "scripts/qemugdb/timers.py", line 1 SyntaxError: Non-ASCII character '\xc3' in file scripts/qemugdb/timers.py on line 1, but no encoding declared; see http://www.python.org/peps/pep-0263.html for details Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <151629549711.18276.15497684562308683805.stgit@bahia.lan> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05readline: don't free completions in readline_free()Greg Kurz
Since commit e5dc1a6c6c43, QEMU aborts on exit if completion was used in the monitor: *** Error in `obj/ppc64-softmmu/qemu-system-ppc64': double free or corruption (fasttop): 0x00000100331069d0 *** /home/greg/Work/qemu/qemu-spapr/util/readline.c:514 /home/greg/Work/qemu/qemu-spapr/monitor.c:586 /home/greg/Work/qemu/qemu-spapr/monitor.c:4125 argv=<optimized out>, envp=<optimized out>) at /home/greg/Work/qemu/qemu-spapr/vl.c:4795 Completion strings are not persistent accross completions (why would they?). They are allocated under readline_completion(), which already takes care of freeing them before returning. Maybe all completion related bits should be moved out of ReadLineState to a dedicated structure ? In the meantime, let's drop the offending lines from readline_free() to fix the crash. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <151627206353.4505.4602428849861610759.stgit@bahia.lan> Fixes: e5dc1a6c6c43 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05chardev: fix incorrect unref of sourcePeter Xu
glib reported error when pty chardev used: $ ./qemu-system-x86_64 -chardev pty,id=foo -device isa-serial,chardev=foo qemu-system-x86_64: -chardev pty,id=foo: char device redirected to /dev/pts/2 (label foo) (qemu-system-x86_64:27885): GLib-CRITICAL **: g_source_unref: assertion 'source != NULL' failed (qemu-system-x86_64:27885): GLib-CRITICAL **: g_source_unref: assertion 'source != NULL' failed This patch fixes that. Fixes: 2c716ba150 ("chardev: introduce qemu_chr_timeout_add_ms()") CC: Paolo Bonzini <pbonzini@redhat.com> Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180118052049.31119-1-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05scsi-generic: Simplify error handling codeFam Zheng
Coverity doesn't like the ignored return value introduced in 9d3b155186c278 (hw/block: Fix the return type), and other callers are converted already in ceff3e1f01. This one was added lately in d9bcd6f7f23a and missed the train. Do it now. Signed-off-by: Fam Zheng <famz@redhat.com> Message-Id: <20180118025245.13042-1-famz@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05memory: set ioeventfd_update_pending after address_space_update_ioeventfdslinzhecheng
We should set ioeventfd_update_pending same as memory_region_update_pending. Signed-off-by: linzhecheng <linzc@zju.edu.cn> Message-Id: <1515934519-16158-1-git-send-email-linzc@zju.edu.cn> Cc: qemu-stable@nongnu.org Fixes: ade9c1aac5292ff698fa550adebe794c37d86cc9 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05qemu: improve hugepage allocation failure messageMarcelo Tosatti
Improve hugepage allocation failure message, indicating what is happening to the user. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Message-Id: <20180115201700.GA4439@amt.cnet> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05kvm: Add kvm_set_user_memory tracepointAlexey Kardashevskiy
This adds a tracepoint to trace the KVM_SET_USER_MEMORY_REGION ioctl parameters which is quite useful for debugging VFIO memory regions being actually registered with KVM. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Message-Id: <20171215052326.21386-1-aik@ozlabs.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05qdev: use device_class_set_parent_realize/unrealize/reset()Philippe Mathieu-Daudé
changes generated using the following Coccinelle patch: @@ type DeviceParentClass; DeviceParentClass *pc; DeviceClass *dc; identifier parent_fn; identifier child_fn; @@ ( +device_class_set_parent_realize(dc, child_fn, &pc->parent_fn); -pc->parent_fn = dc->realize; ... -dc->realize = child_fn; | +device_class_set_parent_unrealize(dc, child_fn, &pc->parent_fn); -pc->parent_fn = dc->unrealize; ... -dc->unrealize = child_fn; | +device_class_set_parent_reset(dc, child_fn, &pc->parent_fn); -pc->parent_fn = dc->reset; ... -dc->reset = child_fn; ) Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180114020412.26160-4-f4bug@amsat.org> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05qdev: add helpers to be more explicit when using abstract QOM parent functionsPhilippe Mathieu-Daudé
QOM API learning curve is quite hard, in particular when devices inherit from abstract parent. To be more explicit about when a device class change the parent hooks, add few helpers hoping a device class_init() will be easier to understand. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180114020412.26160-3-f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05qdev: rename typedef qdev_resetfn() -> DeviceReset()Philippe Mathieu-Daudé
following the DeviceRealize and DeviceUnrealize typedefs, this unify a bit the new QOM API. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180114020412.26160-2-f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-05memory: update comments and fix some typosJay Zhou
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com> Message-Id: <1515043788-38300-1-git-send-email-jianjay.zhou@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-02Merge remote-tracking branch 'remotes/kraxel/tags/ui-20180202-pull-request' ↵Peter Maydell
into staging ui: use QIONetListener in vnc, bugfixes for sdl1 and vnc. # gpg: Signature made Fri 02 Feb 2018 07:17:36 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/ui-20180202-pull-request: ui: correctly advance output buffer when writing SASL data ui: convert VNC server to QIONetListener ui: fix mixup between qnum and qcode in SDL1 key handling Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180202-pull-request' ↵Peter Maydell
into staging virtio-gpu: disallow vIOMMU # gpg: Signature made Fri 02 Feb 2018 08:31:52 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20180202-pull-request: virtio-gpu: disallow vIOMMU Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into stagingPeter Maydell
This series is mostly about 9p request cancellation. It fixes a long standing bug (read "specification violation") where the server would send an invalid response when the client has cancelled an in-flight request. This was causing annoying spurious EINTR returns in linux. The fix comes with some related testing in QTEST. Other patches are code cleanup and improvements. # gpg: Signature made Fri 02 Feb 2018 10:16:03 GMT # gpg: using RSA key 71D4D5E5822F73D6 # gpg: Good signature from "Greg Kurz <groug@kaod.org>" # gpg: aka "Gregory Kurz <gregory.kurz@free.fr>" # gpg: aka "[jpeg image of size 3330]" # Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6 * remotes/gkurz/tags/for-upstream: tests/virtio-9p: explicitly handle potential integer overflows tests: virtio-9p: add FLUSH operation test libqos/virtio: return length written into used descriptor tests: virtio-9p: add WRITE operation test tests: virtio-9p: add LOPEN operation test tests: virtio-9p: use the synth backend tests: virtio-9p: wait for completion in the test code tests: virtio-9p: move request tag to the test functions 9pfs: Correctly handle cancelled requests 9pfs: drop v9fs_register_transport() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02Merge remote-tracking branch ↵Peter Maydell
'remotes/kraxel/tags/audio-20180202-pull-request' into staging audio: two small fixes. # gpg: Signature made Fri 02 Feb 2018 07:49:20 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/audio-20180202-pull-request: hw/audio/sb16.c: change dolog() to qemu_log_mask() hw/audio/wm8750: move WM8750 declarations from i2c/i2c.h to audio/wm8750.h Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02Merge remote-tracking branch 'remotes/cminyard/tags/for-release-20180201' ↵Peter Maydell
into staging Lots of litte miscellaneous fixes for the IPMI code, plus add me as the IPMI maintainer. # gpg: Signature made Thu 01 Feb 2018 18:44:55 GMT # gpg: using RSA key 61F38C90919BFF81 # gpg: Good signature from "Corey Minyard <cminyard@mvista.com>" # gpg: aka "Corey Minyard <minyard@acm.org>" # gpg: aka "Corey Minyard <corey@minyard.net>" # gpg: aka "Corey Minyard <minyard@mvista.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: FD0D 5CE6 7CE0 F59A 6688 2686 61F3 8C90 919B FF81 * remotes/cminyard/tags/for-release-20180201: ipmi: Allow BMC device properties to be set ipmi: disable IRQ and ATN on an external disconnect ipmi: Fix macro issues ipmi: Add the platform event message command ipmi: Don't set the timestamp on add events that don't have it ipmi: Fix SEL get/set time commands Add maintainer for the IPMI code Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02Merge remote-tracking branch 'remotes/elmarco/tags/dump-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Thu 01 Feb 2018 11:15:42 GMT # gpg: using RSA key DAE8E10975969CE5 # gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" # gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" # Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5 * remotes/elmarco/tags/dump-pull-request: dump-guest-memory.py: skip vmcoreinfo section if not available Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02tests/virtio-9p: explicitly handle potential integer overflowsGreg Kurz
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-02tests: virtio-9p: add FLUSH operation testGreg Kurz
The idea is to send a victim request that will possibly block in the server and to send a flush request to cancel the victim request. This patch adds two test to verifiy that: - the server does not reply to a victim request that was actually cancelled - the server replies to the flush request after replying to the victim request if it could not cancel it 9p request cancellation reference: http://man.cat-v.org/plan_9/5/flush Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> (groug, change the test to only write a single byte to avoid any alignment or endianess consideration)
2018-02-02libqos/virtio: return length written into used descriptorGreg Kurz
When a 9p request is flushed (ie, cancelled) by the guest, the device is expected to simply mark the request as used, without sending a 9p reply (ie, without writing anything into the used buffer). To be able to test this, we need access to the length written by the device into the used descriptor. This patch adds a uint32_t * argument to qvirtqueue_get_buf() and qvirtio_wait_used_elem() for this purpose. All existing users are updated accordingly. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-02Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into stagingPeter Maydell
# gpg: Signature made Thu 01 Feb 2018 04:05:22 GMT # gpg: using RSA key BDBE7B27C0DE3057 # gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>" # gpg: aka "Jeffrey Cody <jeff@codyprime.org>" # gpg: aka "Jeffrey Cody <codyprime@gmail.com>" # Primary key fingerprint: 9957 4B4D 3474 90E7 9D98 D624 BDBE 7B27 C0DE 3057 * remotes/cody/tags/block-pull-request: iotests: Make 200 run on tmpfs block/ssh: fix possible segmentation fault when .desc is not null-terminated Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-02-02virtio-gpu: disallow vIOMMUPeter Xu
virtio-gpu has special code path that bypassed vIOMMU protection. So for now let's disable iommu_platform for the device until we fully support that (if needed). After the patch, both virtio-vga and virtio-gpu won't allow to boot with iommu_platform parameter set. CC: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-id: 20180131040401.3550-1-peterx@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-02hw/audio/sb16.c: change dolog() to qemu_log_mask()John Arbuckle
Changes all the occurrances of dolog() to qemu_log_mask(). Signed-off-by: John Arbuckle <programmingkidx@gmail.com> Message-id: 20180201172744.7504-1-programmingkidx@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-02hw/audio/wm8750: move WM8750 declarations from i2c/i2c.h to audio/wm8750.hPhilippe Mathieu-Daudé
while here use TYPE_WM8750 and declare a data_req_cb() typedef. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20170919123053.32675-1-f4bug@amsat.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-02ui: correctly advance output buffer when writing SASL dataDaniel P. Berrangé
In this previous commit: commit 8f61f1c5a6bc06438a1172efa80bc7606594fa07 Author: Daniel P. Berrange <berrange@redhat.com> Date: Mon Dec 18 19:12:20 2017 +0000 ui: track how much decoded data we consumed when doing SASL encoding I attempted to fix a flaw with tracking how much data had actually been processed when encoding with SASL. With that flaw, the VNC server could mistakenly discard queued data that had not been sent. The fix was not quite right though, because it merely decremented the vs->output.offset value. This is effectively discarding data from the end of the pending output buffer. We actually need to discard data from the start of the pending output buffer. We also want to free memory that is no longer required. The correct way to handle this is to use the buffer_advance() helper method instead of directly manipulating the offset value. Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 20180201155841.27509-1-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-02ui: convert VNC server to QIONetListenerDaniel P. Berrange
The VNC server already has the ability to listen on multiple sockets. Converting it to use the QIONetListener APIs though, will reduce the amount of code in the VNC server and improve the clarity of what is left. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20180201164514.10330-1-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-02ui: fix mixup between qnum and qcode in SDL1 key handlingDaniel P. Berrangé
The previous commit: commit 2ec78706d188df7d3dab43d07b19b05ef7800a44 Author: Daniel P. Berrange <berrange@redhat.com> Date: Wed Jan 17 16:47:15 2018 +0000 ui: convert GTK and SDL1 frontends to keycodemapdb changed the x_keymap.c keymap so that its target was qcodes instead of qnums. It updated the GTK frontend to take account of this change, but forgot to update the SDL1 frontend. Thus the SDL frontend was getting qcodes but dispatching them as if they were qnums. IOW, keyboard input was completely hosed with SDL1. Since the keyboard layout tables are still all based on qnums, it is easier to just keep SDL1 using qnums as it will be deleted in a few releases time. Reported-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Message-id: 20180201180033.14255-1-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-01tests: virtio-9p: add WRITE operation testGreg Kurz
Trivial test of a successful write. Signed-off-by: Greg Kurz <groug@kaod.org> (groug, handle potential overflow when computing request size, add missing g_free(buf), backend handles one written byte at a time to validate the server doesn't do short-reads) Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-01tests: virtio-9p: add LOPEN operation testGreg Kurz
Trivial test of a successful open. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-01tests: virtio-9p: use the synth backendGreg Kurz
The purpose of virtio-9p-test is to test the virtio-9p device, especially the 9p server state machine. We don't really care what fsdev backend we're using. Moreover, if we want to be able to test the flush request or a device reset with in-flights I/O, it is close to impossible to achieve with a physical backend because we cannot ask it reliably to put an I/O on hold at a specific point in time. Fortunately, we can do that with the synthetic backend, which allows to register callbacks on read/write accesses to a specific file. This will be used by a later patch to test the 9P flush request. The walk request test is converted to using the synth backend. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-01tests: virtio-9p: wait for completion in the test codeGreg Kurz
In order to test request cancellation, we will need to send multiple requests and wait for the associated replies. Since we poll the ISR to know if a request completed, we may have several replies to parse when we detect ISR was set to 1. This patch moves the waiting out of the reply parsing path, up into the functional tests. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-02-01tests: virtio-9p: move request tag to the test functionsGreg Kurz
It doesn't really makes sense to hide the request tag from the test functions. It prevents to test the 9p server behavior when passed a wrong tag (ie, still in use or different from P9_NOTAG for a version request). Also the spec says that a tag is reusable as soon as the corresponding request was replied or flushed: no need to always increment tags like we do now. And finaly, an upcoming test of the flush command will need to manipulate tags explicitely. This simply changes all request functions to have a tag argument. Except for the version request which needs P9_NOTAG, all other tests can pass 0 since they wait for the reply before sending another request. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>