aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-10-05softfloat: Fix divisionRichard Henderson
The __udiv_qrnnd primitive that we nicked from gmp requires its inputs to be normalized. We were not doing that. Because the inputs are nearly normalized already, finishing that is trivial. Replace div128to64 with a "proper" udiv_qrnnd, so that this remains a reusable primitive. Fixes: cf07323d494 Fixes: https://bugs.launchpad.net/qemu/+bug/1793119 Tested-by: Emilio G. Cota <cota@braap.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-10-05softfloat: Replace countLeadingZeros32/64 with clz32/64Thomas Huth
Our minimum required compiler for compiling QEMU is GCC 4.1 these days, so we can drop the support for compilers which do not provide the __builtin_clz*() functions yet. Since the countLeadingZeros32/64 are then identical to the clz32/64 functions, and we do not have to sync the softloat 2 codebase with upstream anymore (softloat 3 is a complete rewrite) we can simply replace the functions with our QEMU versions. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1538118095-7003-1-git-send-email-thuth@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-10-05tests/fp/fp-test: add floating point testsEmilio G. Cota
By leveraging berkeley's softfloat and testfloat. With this we get decent coverage of softfloat.c: $ ./fp-test -r even: 67.22% coverage $ ./fp-test -r all: 73.11% coverage Note that we do not yet test parts of softfloat.c that aren't in the original softfloat library, namely: - denormal inputs - *_to_int16/uint16 conversions - scalbn for fixed point - muladd variants - min/max - exp2 - log2 - float*_compare (except float16_compare) Signed-off-by: Emilio G. Cota <cota@braap.org> [rth: Add the new modules to git_submodules.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-10-05gitmodules: add berkeley's softfloat + testfloat version 3Emilio G. Cota
These are BSD-licensed so we can add them as submodules. Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-10-05softfloat: remove float64_trunc_to_intEmilio G. Cota
It has not had users since f83311e476 ("target-m68k: use floatx80 internally", 2017-06-21). Note that no other bit-width has floatX_trunc_to_int. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-10-05Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20181004' into stagingPeter Maydell
Various s390x updates: - fix several struct definitions so that sparc hosts do not trip over unaligned accesses - fence enabling huge pages for pre-3.1 machines - sysbus init -> realize conversion - fixes and improvements in tcg (instruction flags and AFP registers) # gpg: Signature made Thu 04 Oct 2018 16:22:20 BST # gpg: using RSA key DECF6B93C6F02FAF # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" # gpg: aka "Cornelia Huck <cohuck@kernel.org>" # gpg: aka "Cornelia Huck <cohuck@redhat.com>" # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20181004: hw/s390x/s390-pci-bus: Convert sysbus init function to realize function s390x/tcg: refactor specification checking s390x/tcg: fix FP register pair checks s390x/tcg: handle privileged instructions via flags s390x/tcg: check for AFP-register, BFP and DFP data exceptions s390x/tcg: add instruction flags for floating point instructions s390x/tcg: support flags for instructions s390x/tcg: store in the TB flags if AFP is enabled s390x/tcg: factor out and fix DATA exception injection s390x: move tcg_s390_program_interrupt() into TCG code and mark it noreturn target/s390x: exception on non-aligned LPSW(E) s390x: Fence huge pages prior to 3.1 hw/s390x/ioinst: Fix alignment problem in struct SubchDev hw/s390x/css: Remove QEMU_PACKED from struct SenseId hw/s390x/ipl: Fix alignment problems of S390IPLState members Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-05Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2018-10-03-v2' ↵Peter Maydell
into staging nbd patches for 2018-10-03 Fix bugs in NBD_CMD_CACHE, drop support for oldstyle NBD server, minor build and doc fixes - Denis V. Lunev: nbd: fix NBD_CMD_CACHE negitiation... [retitled] - Vladimir Sementsov-Ogievskiy: 0/2 server: drop old-style negotiation - Eric Blake: qemu-nbd: Document --tls-creds - Vladimir Sementsov-Ogievskiy: nbd/server: fix NBD_CMD_CACHE - Peter Maydell: nbd: Don't take address of fields in packed structs # gpg: Signature made Thu 04 Oct 2018 15:19:32 BST # gpg: using RSA key A7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" # gpg: aka "[jpeg image of size 6874]" # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2018-10-03-v2: nbd: fix NBD_FLAG_SEND_CACHE value nbd/server: drop old-style negotiation qemu-nbd: drop old-style negotiation qemu-nbd: Document --tls-creds nbd/server: fix NBD_CMD_CACHE nbd: Don't take address of fields in packed structs Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-05Merge remote-tracking branch ↵Peter Maydell
'remotes/ehabkost/tags/python-next-pull-request' into staging Python queue, 2018-10-03 * Remove fixed serial device errors from device-crash-test * Remove unnecessary Python 2.6 compatibility code # gpg: Signature made Thu 04 Oct 2018 03:17:34 BST # gpg: using RSA key 2807936F984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost/tags/python-next-pull-request: scripts/device-crash-test: Remove entries for serial devices Revert "tests: migration/guestperf Python 2.6 argparse compatibility" Revert "docker.py: Python 2.6 argparse compatibility" device-crash-test: No need for sys.path hack Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-04nbd: fix NBD_FLAG_SEND_CACHE valueDenis V. Lunev
Commit bc37b06a5 added NBD_CMD_CACHE support, but used the wrong value for NBD_FLAG_SEND_CACHE flag for negotiation. That commit picked bit 8, which had already been assigned by the NBD specification to mean NBD_FLAG_CAN_MULTI_CONN, and which was already implemented in the Linux kernel as a part of stable userspace-kernel API since 4.10: "bit 8, NBD_FLAG_CAN_MULTI_CONN: Indicates that the server operates entirely without cache, or that the cache it uses is shared among all connections to the given device. In particular, if this flag is present, then the effects of NBD_CMD_FLUSH and NBD_CMD_FLAG_FUA MUST be visible across all connections when the server sends its reply to that command to the client. In the absense of this flag, clients SHOULD NOT multiplex their commands over more than one connection to the export. ... bit 10, NBD_FLAG_SEND_CACHE: documents that the server understands NBD_CMD_CACHE; however, note that server implementations exist which support the command without advertising this bit, and conversely that this bit does not guarantee that the command will succeed or have an impact." Consequences: - a client trying to use NBD_CMD_CACHE per the NBD spec will not see the feature as available from a qemu 3.0 server (not fatal, clients already have to be prepared for caching to not exist) - a client accidentally coded to the qemu 3.0 bit value instead of following the spec may interpret NBD_CMD_CACHE as being available when it is not (probably not fatal, the spec says the server should gracefully fail unknown commands, and that clients of NBD_CMD_CACHE should be prepared for failure even when the feature is advertised); such clients are unlikely (perhaps only in unreleased Virtuozzo code), and will disappear over time - a client prepared to use multiple connections based on NBD_FLAG_CAN_MULTI_CONN may cause data corruption when it assumes that caching is consistent when in reality qemu 3.0 did not have a consistent cache. Partially mitigated by using read-only connections (where nothing needs to be flushed, so caching is indeed consistent) or when using qemu-nbd with the default -e 1 (at most one client at a time); visible only when using -e 2 or more for a writable export. Thus the commit fixes negotiation flag in QEMU according to the specification. Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> CC: Valery Vdovin <valery.vdovin@acronis.com> CC: Eric Blake <eblake@redhat.com> CC: Paolo Bonzini <pbonzini@redhat.com> CC: qemu-stable@nongnu.org Message-Id: <20181004100313.4253-1-den@openvz.org> Reviewed-by: Eric Blake <eblake@redhat.com> [eblake: enhance commit message, add defines for unimplemented flags] Signed-off-by: Eric Blake <eblake@redhat.com>
2018-10-04hw/s390x/s390-pci-bus: Convert sysbus init function to realize functionThomas Huth
The SysBusDeviceClass->init() interface is considered as a legacy interface and there are currently some efforts going on to get rid of it. Thus let's convert the init function in the s390x code to realize() instead. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1538466491-2073-1-git-send-email-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04s390x/tcg: refactor specification checkingDavid Hildenbrand
We can fit this nicely into less LOC, without harming readability. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180927130303.12236-10-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04s390x/tcg: fix FP register pair checksDavid Hildenbrand
Valid register pairs are 0/2, 1/3, 4/6, 5/7, 8/10, 9/11, 12/14, 13/15. R1/R2 always selects the lower number, so the current checks are not correct as e.g. 2/4 could be selected as a pair. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180927130303.12236-9-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04s390x/tcg: handle privileged instructions via flagsDavid Hildenbrand
Let's check this also at a central place. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180927130303.12236-8-david@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04s390x/tcg: check for AFP-register, BFP and DFP data exceptionsDavid Hildenbrand
With the annotated functions, we can now easily check this at a central place. DXC 1 is to be injected if an AFP register is used (for a HFP AND FPS instruction) when AFP is disabled. DXC 2 is to be injected if a BFP instruction is used when AFP is disabled. DXC 3 is to be injected if a DFP instruction is used when AFP is disabled. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180927130303.12236-7-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04s390x/tcg: add instruction flags for floating point instructionsDavid Hildenbrand
These flags allow us to later on detect if a DATA program interrupt is to be injected, and which DXC (1,2,3) is to be used. Interestingly, some support FP instructions are considered as HFP instructions (I assume simply because they were available very early). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180927130303.12236-6-david@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04s390x/tcg: support flags for instructionsDavid Hildenbrand
Storing flags for instructions allows us to efficiently verify certain properties at a central point. Examples might later be handling if AFP is disabled in CR0, we are not in problem state, or if vector instructions are disabled in CR0. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180927130303.12236-5-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04s390x/tcg: store in the TB flags if AFP is enabledDavid Hildenbrand
We exit the TB when changing the control registers, so just like PSW bits, this should always be consistent for a TB. Using the PSW bit semantic makes things a lot easier compared to manually defining the spare, shifted bits. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180927130303.12236-4-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04s390x/tcg: factor out and fix DATA exception injectionDavid Hildenbrand
The DXC is to be stored in the low core, and only in the FPC in case AFP is enabled in CR0. Stub is not required in current code, but this way we never run into problems. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180927130303.12236-3-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04s390x: move tcg_s390_program_interrupt() into TCG code and mark it noreturnDavid Hildenbrand
Move it into TCG-only code and provide a stub. Turn it into noreturn. As Richard noted, we currently don't log the psw.addr before restoring the state, fix that by moving (duplicating) the qemu_log_mask in the tcg/kvm handlers. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20180927130303.12236-2-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04target/s390x: exception on non-aligned LPSW(E)Pavel Zbitskiy
Both LPSW and LPSWE should raise a specification exception when their operand is not doubleword aligned. Signed-off-by: Pavel Zbitskiy <pavel.zbitskiy@gmail.com> Message-Id: <20180902003322.3428-3-pavel.zbitskiy@gmail.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04s390x: Fence huge pages prior to 3.1Janosch Frank
As the kernel has no way of disallowing the start of a huge page backed VM, we can migrate a running huge backed VM to a host that has no huge page KVM support. Let's glue huge page support support to the 3.1 machine, so we do not migrate to a destination host that doesn't have QEMU huge page support and can stop migration if KVM doesn't indicate support. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Message-Id: <20180928093435.198573-1-frankja@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04hw/s390x/ioinst: Fix alignment problem in struct SubchDevThomas Huth
struct SubchDev embeds several other structures which are marked with QEMU_PACKED. This causes the compiler to not care for proper alignment of these structures. When we later pass around pointers to the unaligned struct members during migration, this causes problems on host architectures like Sparc that can not do unaligned memory access. Most of the structs in ioinst.h are naturally aligned, so we can fix most of the problem by removing the QEMU_PACKED statements (and use QEMU_BUILD_BUG_MSG() statements instead to make sure that there is no padding). However, for the struct SCHIB, we have to keep the QEMU_PACKED since the compiler adds some padding here otherwise. Move this struct to the beginning of struct SubchDev instead to fix the alignment problem here, too. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1538036615-32542-4-git-send-email-thuth@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04hw/s390x/css: Remove QEMU_PACKED from struct SenseIdThomas Huth
The uint16_t member cu_type of struct SenseId is not naturally aligned, and since the struct is marked with QEMU_PACKED, this can lead to unaligned memory accesses - which does not work on architectures like Sparc. Thus remove the QEMU_PACKED here and rather copy the struct byte by byte when we do copy_sense_id_to_guest(). Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1538036615-32542-3-git-send-email-thuth@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-04hw/s390x/ipl: Fix alignment problems of S390IPLState membersThomas Huth
The IplParameterBlock and QemuIplParameters structures are declared with QEMU_PACKED, so the compiler assumes that the structures do not need to be aligned in memory. Since the are listed after a "bool" within the S390IPLState, the IplParameterBlock and QemuIplParameters are also indeed mis-aligned in memory. This causes problems on Sparc during migration, since we use VMSTATE_UINT16 in vmstate_iplb to access the devno member for example, and the corresponding migration functions (like qemu_get_be16s) then try to access a 16-bit value from a misaligned memory address. The easiest solution to fix this problem is to move the packed structures to the beginning of the S390IPLState, right after the DeviceState of course which has to stay first for QOM reasons. But since DeviceState is a non-packed struct, we can be sure that it will be padded to the correct alignment at the end. If not, the QEMU_BUILD_BUG_MSG in this patch will tell us. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1538036615-32542-2-git-send-email-thuth@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-10-03scripts/device-crash-test: Remove entries for serial devicesThomas Huth
The problem with the various serial devices has been fixed a while ago in commit 47c4f85a0c27888e12af827471cfef87deb49821 ("hw/char/serial: Allow disconnected chardevs") already, so we can remove these entries from the "ignore" list in the device-crash-test script now. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1538403190-27146-1-git-send-email-thuth@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-10-03Revert "tests: migration/guestperf Python 2.6 argparse compatibility"Eduardo Habkost
This reverts commit 0ea47d0f36112f0f38661e2e430edf32737c7f43. scripts/argparse.py was removed from the tree, so we don't need this hack anymore. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20180618225131.13113-4-ehabkost@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-10-03Revert "docker.py: Python 2.6 argparse compatibility"Eduardo Habkost
This reverts commit c2d3189667409561772e8c1e5615c5166cd8aa2c. scripts/argparse.py was removed from the tree, so we don't need this hack anymore. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20180618225131.13113-3-ehabkost@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-10-03device-crash-test: No need for sys.path hackEduardo Habkost
The device-crash-test script is already inside the 'scripts' directory, there's no need to add the directory manually to sys.path. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20180618225131.13113-2-ehabkost@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-10-03nbd/server: drop old-style negotiationVladimir Sementsov-Ogievskiy
After the previous commit, nbd_client_new's first parameter is always NULL. Let's drop it with all corresponding old-style negotiation code path which is unreachable now. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20181003170228.95973-3-vsementsov@virtuozzo.com> Reviewed-by: Eric Blake <eblake@redhat.com> [eblake: re-wrap short line] Signed-off-by: Eric Blake <eblake@redhat.com>
2018-10-03qemu-nbd: drop old-style negotiationVladimir Sementsov-Ogievskiy
Use new-style negotiation always, with default "" (empty) export name if it is not specified with '-x' option. qemu as client can manage either style since 2.6.0, commit 69b49502d8 For comparison: nbd 3.10 dropped oldstyle long ago (Mar 2015): https://github.com/NetworkBlockDevice/nbd/commit/36940193 nbdkit 1.3 switched its default to newstyle (Jan 2018): https://github.com/libguestfs/nbdkit/commit/b2a8aecc https://github.com/libguestfs/nbdkit/commit/8158e773 Furthermore, if a client that only speaks oldstyle still needs to communicate to qemu, nbdkit remains available to perform the translation between the two protocols. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20181003170228.95973-2-vsementsov@virtuozzo.com> Reviewed-by: Eric Blake <eblake@redhat.com> [eblake: enhance commit message] Signed-off-by: Eric Blake <eblake@redhat.com>
2018-10-03qemu-nbd: Document --tls-credsEric Blake
Commit 145614a1 introduced --tls-creds and documented it in qemu-nbd.texi, but forgot to document it in 'qemu-nbd --help'. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20181003180426.602765-1-eblake@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
2018-10-03nbd/server: fix NBD_CMD_CACHEVladimir Sementsov-Ogievskiy
We should not go to structured-read branch on CACHE command, fix that. Bug introduced in bc37b06a5cde24 "nbd/server: introduce NBD_CMD_CACHE" with the whole feature and affects 3.0.0 release. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> CC: qemu-stable@nongnu.org Message-Id: <20181003144738.70670-1-vsementsov@virtuozzo.com> Reviewed-by: Eric Blake <eblake@redhat.com> [eblake: commit message typo fix] Signed-off-by: Eric Blake <eblake@redhat.com>
2018-10-03nbd: Don't take address of fields in packed structsPeter Maydell
Taking the address of a field in a packed struct is a bad idea, because it might not be actually aligned enough for that pointer type (and thus cause a crash on dereference on some host architectures). Newer versions of clang warn about this. Avoid the bug by not using the "modify in place" byte swapping functions. This patch was produced with the following spatch script: @@ expression E; @@ -be16_to_cpus(&E); +E = be16_to_cpu(E); @@ expression E; @@ -be32_to_cpus(&E); +E = be32_to_cpu(E); @@ expression E; @@ -be64_to_cpus(&E); +E = be64_to_cpu(E); @@ expression E; @@ -cpu_to_be16s(&E); +E = cpu_to_be16(E); @@ expression E; @@ -cpu_to_be32s(&E); +E = cpu_to_be32(E); @@ expression E; @@ -cpu_to_be64s(&E); +E = cpu_to_be64(E); Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180927164200.15097-1-peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> [eblake: rebase, and squash in missed changes] Signed-off-by: Eric Blake <eblake@redhat.com>
2018-10-03Merge remote-tracking branch 'remotes/elmarco/tags/chardev-pull-request' ↵Peter Maydell
into staging chardev patches # gpg: Signature made Wed 03 Oct 2018 11:57:34 BST # gpg: using RSA key DAE8E10975969CE5 # gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" # gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" # Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5 * remotes/elmarco/tags/chardev-pull-request: chardev: use a child source for qio input source chardev: mark the calls that allow an implicit mux monitor char.h: fix gtk-doc comment style chardev: unref if underlying chardev has no parent chardev: remove qemu_chr_fe_read_all() counter chardev: avoid crash if no associated address Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-03chardev: use a child source for qio input sourceMarc-André Lureau
GLib child source were added with version 2.28. We can use them now that we bumped our requirement to 2.40. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-03chardev: mark the calls that allow an implicit mux monitorMarc-André Lureau
This is mostly for readability of the code. Let's make it clear which callers can create an implicit monitor when the chardev is muxed. This will also enforce a safer behaviour, as we don't really support creating monitor anywhere/anytime at the moment. Add an assert() to make sure the programmer explicitely wanted that behaviour. There are documented cases, such as: -serial/-parallel/-virtioconsole and to less extent -debugcon. Less obvious and questionable ones are -gdb, SLIRP -guestfwd and Xen console. Add a FIXME note for those, but keep the support for now. Other qemu_chr_new() callers either have a fixed parameter/filename string or do not need it, such as -qtest: * qtest.c: qtest_init() Afaik, only used by tests/libqtest.c, without mux. I don't think we support it outside of qemu testing: drop support for implicit mux monitor (qemu_chr_new() call: no implicit mux now). * hw/ All with literal @filename argument that doesn't enable mux monitor. * tests/ All with @filename argument that doesn't enable mux monitor. On a related note, the list of monitor creation places: - the chardev creators listed above: all from command line (except perhaps Xen console?) - -gdb & hmp gdbserver will create a "GDB monitor command" chardev that is wired to an HMP monitor. - -mon command line option From this short study, I would like to think that a monitor may only be created in the main thread today, though I remain skeptical :) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2018-10-03char.h: fix gtk-doc comment styleMarc-André Lureau
Fix up conformance to GTK-Doc function comment style, as documented in https://developer.gnome.org/gtk-doc-manual/stable/documenting_symbols.html.en Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2018-10-03chardev: unref if underlying chardev has no parentMarc-André Lureau
It's possible to write code creating a chardev backend that is not registered. When it is not user-created, it makes sense to keep it hidden. Let the associated frontend destroy it also in this case. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-03chardev: remove qemu_chr_fe_read_all() counterMarc-André Lureau
There is no obvious reason to have a loop counter. This limits from reading several megabytes large buffers in one go, since socket read/write usually have a limit. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-03chardev: avoid crash if no associated addressMarc-André Lureau
A socket chardev may not have associated address (when adding client fd manually for example). But on disconnect, updating socket filename expects an address and may lead to this crash: Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. 0x0000555555d8c70c in SocketAddress_to_str (prefix=0x555556043062 "disconnected:", addr=0x0, is_listen=false, is_telnet=false) at /home/elmarco/src/qq/chardev/char-socket.c:388 388 switch (addr->type) { (gdb) bt #0 0x0000555555d8c70c in SocketAddress_to_str (prefix=0x555556043062 "disconnected:", addr=0x0, is_listen=false, is_telnet=false) at /home/elmarco/src/qq/chardev/char-socket.c:388 #1 0x0000555555d8c8aa in update_disconnected_filename (s=0x555556b1ed00) at /home/elmarco/src/qq/chardev/char-socket.c:419 #2 0x0000555555d8c959 in tcp_chr_disconnect (chr=0x555556b1ed00) at /home/elmarco/src/qq/chardev/char-socket.c:438 #3 0x0000555555d8cba1 in tcp_chr_hup (channel=0x555556b75690, cond=G_IO_HUP, opaque=0x555556b1ed00) at /home/elmarco/src/qq/chardev/char-socket.c:482 #4 0x0000555555da596e in qio_channel_fd_source_dispatch (source=0x555556bb68b0, callback=0x555555d8cb58 <tcp_chr_hup>, user_data=0x555556b1ed00) at /home/elmarco/src/qq/io/channel-watch.c:84 Replace filename with a generic "disconnected:socket" in this case. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-10-02Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* configure fix for environment variables (Daniel) * fix memory leaks (Alex) * x86_64 MTTCG fixes (Emilio) * introduce atomic64 (Emilio) * Fix for virtio hang (Fam, myself) * SH serial port fix (Geert) * Deprecate rotation_rate for scsi-block (Fam) * Extend memory-backend-file availability to all POSIX hosts (Hikaru) * Memory API cleanups and fixes (Igor, Li Qiang, Peter, Philippe) * MSI/IOMMU fix (Jan) * Socket reconnection fixes (Marc-André) * icount fixes (Emilio, myself) * QSP fixes for Coverity (myself) * Some record/replay improovements (Pavel) * Packed struct fixes (Peter) * Windows dump fixes and elf2dmp (Viktor) * kbmclock fix (Yongji) # gpg: Signature made Tue 02 Oct 2018 18:13:12 BST # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (80 commits) hw/scsi/mptendian: Avoid taking address of fields in packed structs cpus: fix TCG kick timer leak docs/devel/memory.txt: Document _with_attrs accessors hw/nvram/fw_cfg: Use memberwise copy of MemoryRegionOps struct memory: Remove old_mmio accessors memory: Fix access_with_adjusted_size(small size) on big-endian memory regions memory: Refactor common shifting code from accessors memory: Use MAKE_64BIT_MASK() virtio: do not take address of packed members replay: replay BH for IDE trim operation hostmem-file: make available memory-backend-file on POSIX-based hosts target/i386: fix translation for icount mode hvf: drop unused variable qom/object: add some interface asserts accel/tcg: Remove dead code lsi53c895a: convert to trace-events scsi-block: Deprecate rotation_rate kvmclock: run KVM_KVMCLOCK_CTRL ioctl in vcpu thread MAINTAINERS: add myself as elf2dmp maintainer contrib: add elf2dmp tool ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-02hw/scsi/mptendian: Avoid taking address of fields in packed structsPeter Maydell
Taking the address of a field in a packed struct is a bad idea, because it might not be actually aligned enough for that pointer type (and thus cause a crash on dereference on some host architectures). Newer versions of clang warn about this. Avoid the bug by not using the "modify in place" byte swapping functions. This patch was produced with the following simple spatch script: @@ expression E; @@ -le16_to_cpus(&E); +E = le16_to_cpu(E); @@ expression E; @@ -le32_to_cpus(&E); +E = le32_to_cpu(E); @@ expression E; @@ -le64_to_cpus(&E); +E = le64_to_cpu(E); @@ expression E; @@ -cpu_to_le16s(&E); +E = cpu_to_le16(E); @@ expression E; @@ -cpu_to_le32s(&E); +E = cpu_to_le32(E); @@ expression E; @@ -cpu_to_le64s(&E); +E = cpu_to_le64(E); followed by some minor tidying of overlong lines and bad indent. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180927134852.21490-1-peter.maydell@linaro.org> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02cpus: fix TCG kick timer leakAlex Bennée
This is an alternative fix to Marc-André's original patch. Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20180927171724.30128-1-alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02docs/devel/memory.txt: Document _with_attrs accessorsPeter Maydell
When we added the _with_attrs accessors we forgot to mention them in the documentation. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180824170422.5783-4-peter.maydell@linaro.org> Based-on: <20180802174042.29234-1-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02hw/nvram/fw_cfg: Use memberwise copy of MemoryRegionOps structPeter Maydell
We've now removed the 'old_mmio' member from MemoryRegionOps, so we can perform the copy as a simple struct copy rather than having to do it via a memberwise copy. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180824170422.5783-3-peter.maydell@linaro.org> Based-on: <20180802174042.29234-1-peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02memory: Remove old_mmio accessorsPeter Maydell
Now that all the users of old_mmio MemoryRegion accessors have been converted, we can remove the core code support. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180824170422.5783-2-peter.maydell@linaro.org> Based-on: <20180802174042.29234-1-peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02memory: Fix access_with_adjusted_size(small size) on big-endian memory regionsPhilippe Mathieu-Daudé
Memory regions configured as DEVICE_BIG_ENDIAN (or DEVICE_NATIVE_ENDIAN on big-endian guest) behave incorrectly when the memory access 'size' is smaller than the implementation 'access_size'. In the following code segment from access_with_adjusted_size(): if (memory_region_big_endian(mr)) { for (i = 0; i < size; i += access_size) { r |= access_fn(mr, addr + i, value, access_size, (size - access_size - i) * 8, access_mask, attrs); } (size - access_size - i) * 8 is the number of bits that will arithmetic shift the current value. Currently we can only 'left' shift a read() access, and 'right' shift a write(). When the access 'size' is smaller than the implementation, we get a negative number of bits to shift. For the read() case, a negative 'left' shift is a 'right' shift :) However since the 'shift' type is unsigned, there is currently no way to right shift. Fix this by changing the access_fn() prototype to handle signed shift values, and modify the memory_region_shift_read|write_access() helpers to correctly arithmetic shift the opposite direction when the 'shift' value is negative. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180927002416.1781-4-f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02memory: Refactor common shifting code from accessorsPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180927002416.1781-3-f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02memory: Use MAKE_64BIT_MASK()Philippe Mathieu-Daudé
Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180927002416.1781-2-f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02virtio: do not take address of packed membersPaolo Bonzini
The address of a packed member is not packed, which may cause accesses to unaligned pointers. Avoid this by reading the packed value before passing it to another function. Cc: Jason Wang <jasowang@redhat.com> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>