aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-07-14ast2400: pretend DMAs are done for U-bootCédric Le Goater
U-boot does SPI timing calibration using DMA tranfers. To let the initialization continue, we fake success by setting the DMA status of the Interrupt Control Register. For the moment, DMA support is not required as it is not used in normal operation. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-id: 1467994016-11678-4-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14ast2400: replace aspeed_smc_is_implemented()Cédric Le Goater
aspeed_smc_is_implemented() filters invalid registers in a peculiar way. Let's remove it and open code the if conditions. It serves the same purpose, the aesthetic is better, and new registers can easily be added. Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-id: 1467994016-11678-3-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14hw/misc: fix typo in Aspeed SCU hw-strap2 property nameCédric Le Goater
Signed-off-by: Cédric Le Goater <clg@kaod.org> Message-id: 1467994016-11678-2-git-send-email-clg@kaod.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14m25p80: Fix QIOR/DIOR handling for WinbondMarcin Krzeminski
Winbond also support continuous read mode, but as an opposite for other flash type read mode clock cycles are included to dummy cycles number. This path add proper handling of read mode byte and update needed dummy cycles. QPI mode and dummy cycles configuration are not supported. Signed-off-by: Marcin Krzeminski <marcin.krzeminski@nokia.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Message-id: 1467809036-6986-1-git-send-email-marcin.krzeminski@nokia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14target-arm: Add missed AArch32 TLBI sytem registersSergey Sorokin
Some PL2 related TLBI system registers are missed in AArch32 implementation. The patch fixes it. Signed-off-by: Sergey Sorokin <afarallax@yandex.ru> Message-id: 1468328885-3217862-1-git-send-email-afarallax@yandex.ru Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14hw/arm/virt: tcg: adjust MPIDR like KVMAndrew Jones
KVM adjusts the MPIDR of guest vcpus based on the architecture of the host, 32-bit vs. 64-bit, and, for 64-bit, also on the type of GIC the guest is using. To be consistent and improve SGI efficiency we make the same adjustments for TCG as 64-bit KVM hosts. We neglect to add consistency with 32-bit KVM hosts, as that would reduce SGI efficiency and KVM is expected to change. As MPIDR is a system register, and thus guest visible, we only make adjustments for current and later versioned machines. Signed-off-by: Andrew Jones <drjones@redhat.com> Message-id: 1467378129-23302-3-git-send-email-drjones@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14gic: provide defines for v2/v3 targetlist sizesAndrew Jones
Signed-off-by: Andrew Jones <drjones@redhat.com> Message-id: 1467378129-23302-2-git-send-email-drjones@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14target-arm: Use Neon for zero checkingVijay
Use Neon instructions to perform zero checking of buffer. This is helps in reducing total migration time. Use case: Idle VM live migration with 4 VCPUS and 8GB ram running CentOS 7. Without Neon, the Total migration time is 3.5 Sec Migration status: completed total time: 3560 milliseconds downtime: 33 milliseconds setup: 5 milliseconds transferred ram: 297907 kbytes throughput: 685.76 mbps remaining ram: 0 kbytes total ram: 8519872 kbytes duplicate: 2062760 pages skipped: 0 pages normal: 69808 pages normal bytes: 279232 kbytes dirty sync count: 3 With Neon, the total migration time is 2.9 Sec Migration status: completed total time: 2960 milliseconds downtime: 65 milliseconds setup: 4 milliseconds transferred ram: 299869 kbytes throughput: 830.19 mbps remaining ram: 0 kbytes total ram: 8519872 kbytes duplicate: 2064313 pages skipped: 0 pages normal: 70294 pages normal bytes: 281176 kbytes dirty sync count: 3 Signed-off-by: Vijaya Kumar K <vijayak@cavium.com> Signed-off-by: Suresh <ksuresh@cavium.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1467190029-694-2-git-send-email-vijayak@cavium.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14Revert "hw/ptimer: Perform counter wrap around if timer already expired"Dmitry Osipenko
Software should see timer counter wraparound only after IRQ being triggered. This fixes regression introduced by the commit 5a50307 ("hw/ptimer: Perform counter wrap around if timer already expired"), resulting in monotonic timer jumping backwards on SPARC emulated machine running NetBSD guest OS, as reported by Mark Cave-Ayland. Signed-off-by: Dmitry Osipenko <digetx@gmail.com> Message-id: 20160708132206.2080-1-digetx@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14virtio-mmio: format transport base address in BusClass.get_dev_pathLaszlo Ersek
At the moment the following QEMU command line triggers an assertion failure (minimal reproducer by Cole): qemu-system-aarch64 \ -machine virt-2.6,accel=tcg \ -nodefaults \ -no-user-config \ -nographic -monitor stdio \ -device virtio-scsi-device,id=scsi0 \ -device virtio-scsi-device,id=scsi1 \ -drive file=foo.img,format=raw,if=none,id=d0 \ -device scsi-hd,bus=scsi0.0,drive=d0 \ -drive file=foo.img,format=raw,if=none,id=d1 \ -device scsi-hd,bus=scsi1.0,drive=d1 qemu-system-aarch64: migration/savevm.c:615: vmstate_register_with_alias_id: Assertion `!se->compat || se->instance_id == 0' failed. The reason is that the vmstate sections for the two scsi-hd devices are not uniquely identifiable by name. The direct parent buses of the scsi-hd devices -- scsi0.0 and scsi1.0 -- support the BusClass.get_dev_path member function. scsibus_get_dev_path() formats a device path prefix with the help of its topologically parent bus, and then appends the chan:id:lun triplet to it. For both scsi-hd devices, this triplet is 0:0:0. (Here we use "device path" in the QEMU migration sense, for vmstate section identification, not in the OFW or UEFI device path senses.) The virtio-scsi HBA is plugged into the virtio-mmio bus (implemented by the internal VirtIOMMIOProxy device). This bus class (TYPE_VIRTIO_MMIO_BUS) inherits, as its get_dev_path() member function, the virtio_bus_get_dev_path() method from its parent class (TYPE_VIRTIO_BUS). virtio_bus_get_dev_path() does not format any kind of device address on its own; "virtio addresses" are transport-specific. Therefore virtio_bus_get_dev_path() asks the topologically parent bus of the proxy object (implementing the specific virtio transport) to format the address of the proxy object. (For virtio-pci devices (where the proxy is an instance of VirtIOPCIProxy, plugged into a PCI bus), this ends up in pcibus_get_dev_path().) However, VirtIOMMIOProxy is usually (in practice: always) plugged into "main-system-bus", the singleton TYPE_SYSTEM_BUS object. This BusClass does not support formatting QEMU vmstate device paths at all (as SysBusDevice objects can have zero or more IO ports and zero or more MMIO regions). Hence the formatting request delegated from virtio_bus_get_dev_path() gets answered with NULL. The end result is that the two scsi-hd devices end up with the same device path "0:0:0", which triggers the assert. We can solve this by recognizing that virtio-mmio transports are distinguished from each other by their base addresses in MMIO address space. Implement virtio_mmio_bus_get_dev_path() as follows: (1) The virtio device whose devpath is to be formatted resides on a virtio-mmio bus that is implemented by a VirtIOMMIOProxy object. Ask the parent bus of VirtIOMMIOProxy to format the device path of VirtIOMMIOProxy, as a path prefix. (This is identical to what virtio_bus_get_dev_path() does.) (2) Append the base address of VirtIOMMIOProxy to the device path, such as: - virtio-mmio@000000000a003e00, - virtio-mmio@000000000a003c00. Given that these device paths are placed in the migration stream, step (2) above, if done unconditionally, would break migration. So make that step conditional on a new VirtIOMMIOProxy property, which is enabled for 2.7 machine types and later. Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Cole Robinson <crobinso@redhat.com> Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Cc: Kevin Zhao <kevin.zhao@linaro.org> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Tom Hanson <thomas.hanson@linaro.org> Reported-by: Kevin Zhao <kevin.zhao@linaro.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-id: 1467739394-28357-1-git-send-email-lersek@redhat.com Fixes: https://bugs.launchpad.net/qemu/+bug/1594239 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14Merge remote-tracking branch 'remotes/xtensa/tags/20160714-xtensa' into stagingPeter Maydell
Xtensa-related fixes: - fix FLASH interface width for XTFPGA boards. # gpg: Signature made Thu 14 Jul 2016 12:00:05 BST # gpg: using RSA key 0x51F9CC91F83FA044 # gpg: Good signature from "Max Filippov <max.filippov@cogentembedded.com>" # gpg: aka "Max Filippov <jcmvbkbc@gmail.com>" # Primary key fingerprint: 2B67 854B 98E5 327D CDEB 17D8 51F9 CC91 F83F A044 * remotes/xtensa/tags/20160714-xtensa: target-xtensa: xtfpga: fix FLASH interface width Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* SCSI scanner support * fixes to qemu-char and net exit * FreeBSD fixes * Other small bugfixes # gpg: Signature made Wed 13 Jul 2016 12:30:11 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: hostmem: detect host backend memory is being used properly hostmem: fix QEMU crash by 'info memdev' char: do not use atexit cleanup handler net: do not use atexit for cleanup slirp: use exit notifier for slirp_smb_cleanup tap: use an exit notifier to call down_script util: Fix MIN_NON_ZERO qemu-sockets: use qapi_free_SocketAddress in cleanup disas: avoid including everything in headers compiled from C++ json-streamer: fix double-free on exiting during a parse main-loop: check return value before using pointer Use "-s" instead of "--quiet" to resolve non-fatal build error on FreeBSD. scsi-bus: Use longer sense buffer with scanners scsi-bus: Add SCSI scanner support Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14target-xtensa: xtfpga: fix FLASH interface widthMax Filippov
FLASH chip on XTFPGA boards is connected with 16-bit-wide interface. Latest U-Boot can see the difference and does not work correctly with 32-bit-wide interface. Set FLASH chip 'width' property to 2. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2016-07-14Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches # gpg: Signature made Wed 13 Jul 2016 12:46:17 BST # gpg: using RSA key 0x7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: (34 commits) iotests: Make 157 actually format-agnostic vvfat: Fix qcow write target driver specification hmp: show all of snapshot info on every block dev in output of 'info snapshots' hmp: use snapshot name to determine whether a snapshot is 'fully available' qemu-iotests: Test naming of throttling groups blockdev: Fix regression with the default naming of throttling groups vmdk: fix metadata write regression Improve block job rate limiting for small bandwidth values qcow2: Fix qcow2_get_cluster_offset() qemu-io: Use correct range limitations qcow2: Avoid making the L1 table too big qemu-img: Use strerror() for generic resize error block: Remove BB options from blockdev-add qemu-iotests: Test setting WCE with qdev block/qdev: Allow configuring rerror/werror with qdev properties commit: Fix use of error handling policy block/qdev: Allow configuring WCE with qdev properties block/qdev: Allow node name for drive properties coroutine: move entry argument to qemu_coroutine_create test-coroutine: prepare for the next patch ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-14Merge remote-tracking branch 'remotes/rth/tags/pull-rth-20160712' into stagingPeter Maydell
target-sparc improvements, v4 # gpg: Signature made Tue 12 Jul 2016 19:04:33 BST # gpg: using RSA key 0xAD1270CC4DD0279B # gpg: Good signature from "Richard Henderson <rth7680@gmail.com>" # gpg: aka "Richard Henderson <rth@redhat.com>" # gpg: aka "Richard Henderson <rth@twiddle.net>" # Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC 16A4 AD12 70CC 4DD0 279B * remotes/rth/tags/pull-rth-20160712: (24 commits) target-sparc: Elide duplicate updates to fprs target-sparc: Use cpu_loop_exit_restore from helper_check_ieee_exceptions target-sparc: Use cpu_fsr in stfsr target-sparc: Use explicit writes to cpu_fsr target-sparc: Remove helper_ldf_asi, helper_stf_asi target-sparc: Directly implement block and short ldf/stf asis target-sparc: Directly implement easy ldf/stf asis target-sparc: Pass TCGMemOp constants to helper_ld/st_asi target-sparc: Fix obvious error in ASI_M_BFILL target-sparc: Directly implement easy ldd/std asis target-sparc: Introduce gen_check_align target-sparc: Use QT0 to return results from ldda target-sparc: Directly implement easy ld/st asis target-sparc: Use defines from asi.h target-sparc: Add UA2005 defines to asi.h target-sparc: Import linux/arch/sparc/include/uapi/asm/asi.h target-sparc: Pass TCGMemOp to gen_ld/st_asi target-sparc: Introduce get_asi target-sparc: Store %asi in TB flags target-sparc: Unify asi handling between 32 and 64-bit ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-13Merge remote-tracking branch 'mreitz/tags/pull-block-for-kevin-2016-07-13' ↵Kevin Wolf
into queue-block Block patches (v2) for the block queue. # gpg: Signature made Wed Jul 13 13:41:53 2016 CEST # gpg: using RSA key 0x3BB14202E838ACAD # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" # Primary key fingerprint: 91BE B60A 30DB 3E88 57D1 1829 F407 DB00 61D5 CF40 # Subkey fingerprint: 58B3 81CE 2DC8 9CF9 9730 EE64 3BB1 4202 E838 ACAD * mreitz/tags/pull-block-for-kevin-2016-07-13: iotests: Make 157 actually format-agnostic vvfat: Fix qcow write target driver specification hmp: show all of snapshot info on every block dev in output of 'info snapshots' hmp: use snapshot name to determine whether a snapshot is 'fully available' qemu-iotests: Test naming of throttling groups blockdev: Fix regression with the default naming of throttling groups vmdk: fix metadata write regression Improve block job rate limiting for small bandwidth values qcow2: Fix qcow2_get_cluster_offset() qemu-io: Use correct range limitations qcow2: Avoid making the L1 table too big qemu-img: Use strerror() for generic resize error Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-13iotests: Make 157 actually format-agnosticMax Reitz
iotest 157 pretends not to care about the image format used, but in fact it does due to the format name not being filtered in its output. This patch adds filtering and changes the reference output accordingly. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-id: 20160711132246.3152-1-mreitz@redhat.com Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13vvfat: Fix qcow write target driver specificationMax Reitz
First, bdrv_open_child() expects all options for the child to be prefixed by the child's name (and a separating dot). Second, bdrv_open_child() does not take ownership of the QDict passed to it but only extracts all options for the child, so if a QDict is created for the sole purpose of passing it to bdrv_open_child(), it needs to be freed afterwards. This patch makes vvfat adhere to both of these rules. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-id: 20160711135452.11304-1-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13hmp: show all of snapshot info on every block dev in output of 'info snapshots'Lin Ma
Currently, the output of 'info snapshots' shows fully available snapshots. It's opaque, hides some snapshot information to users. It's not convenient if users want to know more about all of snapshot information on every block device via monitor. Follow Kevin's and Max's proposals, The patch makes the output more detailed: (qemu) info snapshots List of snapshots present on all disks: ID TAG VM SIZE DATE VM CLOCK -- checkpoint-1 165M 2016-05-22 16:58:07 00:02:06.813 List of partial (non-loadable) snapshots on 'drive_image1': ID TAG VM SIZE DATE VM CLOCK 1 snap1 0 2016-05-22 16:57:31 00:01:30.567 Signed-off-by: Lin Ma <lma@suse.com> Message-id: 1467869164-26688-3-git-send-email-lma@suse.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13hmp: use snapshot name to determine whether a snapshot is 'fully available'Lin Ma
Currently qemu uses snapshot id to determine whether a snapshot is fully available, It causes incorrect output in some scenario. For instance: (qemu) info block drive_image1 (#block113): /opt/vms/SLES12-SP1-JeOS-x86_64-GM/disk0.qcow2 (qcow2) Cache mode: writeback drive_image2 (#block349): /opt/vms/SLES12-SP1-JeOS-x86_64-GM/disk1.qcow2 (qcow2) Cache mode: writeback (qemu) (qemu) info snapshots There is no snapshot available. (qemu) (qemu) snapshot_blkdev_internal drive_image1 snap1 (qemu) (qemu) info snapshots There is no suitable snapshot available (qemu) (qemu) savevm checkpoint-1 (qemu) (qemu) info snapshots ID TAG VM SIZE DATE VM CLOCK 1 snap1 0 2016-05-22 16:57:31 00:01:30.567 (qemu) $ qemu-img snapshot -l disk0.qcow2 Snapshot list: ID TAG VM SIZE DATE VM CLOCK 1 snap1 0 2016-05-22 16:57:31 00:01:30.567 2 checkpoint-1 165M 2016-05-22 16:58:07 00:02:06.813 $ qemu-img snapshot -l disk1.qcow2 Snapshot list: ID TAG VM SIZE DATE VM CLOCK 1 checkpoint-1 0 2016-05-22 16:58:07 00:02:06.813 The patch uses snapshot name instead of snapshot id to determine whether a snapshot is fully available and uses '--' instead of snapshot id in output because the snapshot id is not guaranteed to be the same on all images. For instance: (qemu) info snapshots List of snapshots present on all disks: ID TAG VM SIZE DATE VM CLOCK -- checkpoint-1 165M 2016-05-22 16:58:07 00:02:06.813 Signed-off-by: Lin Ma <lma@suse.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Message-id: 1467869164-26688-2-git-send-email-lma@suse.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13qemu-iotests: Test naming of throttling groupsAlberto Garcia
Throttling groups are named using the 'group' parameter of the block_set_io_throttle command and the throttling.group command-line option. If that parameter is unspecified the groups get the name of the block device. This patch adds a new test to check the naming of throttling groups. Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: d87d02823a6b91609509d8bb18e2f5dbd9a6102c.1467986342.git.berto@igalia.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13blockdev: Fix regression with the default naming of throttling groupsAlberto Garcia
When I/O limits are set for a block device, the name of the throttling group is taken from the BlockBackend if the user doesn't specify one. Commit efaa7c4eeb7490c6f37f3 moved the naming of the BlockBackend in blockdev_init() to the end of the function, after I/O limits are set. The consequence is that the throttling group gets an empty name. Signed-off-by: Alberto Garcia <berto@igalia.com> Reported-by: Stefan Hajnoczi <stefanha@redhat.com> Cc: Max Reitz <mreitz@redhat.com> Cc: qemu-stable@nongnu.org Message-id: af5cd58bd2c4b9f6c57f260d9cfe586b9fb7d34d.1467986342.git.berto@igalia.com [mreitz: Use existing "id" variable instead of new "blk_id"] Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13vmdk: fix metadata write regressionReda Sallahi
Commit "cdeaf1f vmdk: add bdrv_co_write_zeroes" causes a regression on writes. It writes metadata after every write instead of doing it only once for each cluster. vmdk_pwritev() writes metadata whenever m_data is set as valid so this patch sets m_data as valid only when we have a new cluster which hasn't been allocated before or a zero grain. Signed-off-by: Reda Sallahi <fullmanet@gmail.com> Message-id: 20160707084249.29084-1-fullmanet@gmail.com Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13Improve block job rate limiting for small bandwidth valuesSascha Silbe
ratelimit_calculate_delay() previously reset the accounting every time slice, no matter how much data had been processed before. This had (at least) two consequences: 1. The minimum speed is rather large, e.g. 5 MiB/s for commit and stream. Not sure if there are real-world use cases where this would be a problem. Mirroring and backup over a slow link (e.g. DSL) would come to mind, though. 2. Tests for block job operations (e.g. cancel) were rather racy All block jobs currently use a time slice of 100ms. That's a reasonable value to get smooth output during regular operation. However this also meant that the state of block jobs changed every 100ms, no matter how low the configured limit was. On busy hosts, qemu often transferred additional chunks until the test case had a chance to cancel the job. Fix the block job rate limit code to delay for more than one time slice to address the above issues. To make it easier to handle oversized chunks we switch the semantics from returning a delay _before_ the current request to a delay _after_ the current request. If necessary, this delay consists of multiple time slice units. Since the mirror job sends multiple chunks in one go even if the rate limit was exceeded in between, we need to keep track of the start of the current time slice so we can correctly re-compute the delay for the updated amount of data. The minimum bandwidth now is 1 data unit per time slice. The block jobs are currently passing the amount of data transferred in sectors and using 100ms time slices, so this translates to 5120 bytes/second. With chunk sizes usually being O(512KiB), tests have plenty of time (O(100s)) to operate on block jobs. The chance of a race condition now is fairly remote, except possibly on insanely loaded systems. Signed-off-by: Sascha Silbe <silbe@linux.vnet.ibm.com> Message-id: 1467127721-9564-2-git-send-email-silbe@linux.vnet.ibm.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13qcow2: Fix qcow2_get_cluster_offset()Max Reitz
Recently, qcow2_get_cluster_offset() has been changed to work with bytes instead of sectors. This invalidated some assertions and introduced a possible integer multiplication overflow. This could be reproduced using e.g. $ qemu-img create -f qcow2 -o cluster_size=1M blub.qcow2 8G Formatting 'foo.qcow2', fmt=qcow2 size=8589934592 encryption=off cluster_size=1048576 lazy_refcounts=off refcount_bits=16 $ qemu-io -c map blub.qcow2 qemu-io: qemu/block/qcow2-cluster.c:504: qcow2_get_cluster_offset: Assertion `bytes_needed <= INT_MAX' failed. [1] 20775 abort (core dumped) qemu-io -c map foo.qcow2 This patch removes the now wrong assertion, adding comments and more assertions to prove its correctness (and fixing the overflow which would become apparent with the original assertion removed). Signed-off-by: Max Reitz <mreitz@redhat.com> Message-id: 20160620142623.24471-3-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13qemu-io: Use correct range limitationsMax Reitz
create_iovec() has a comment lamenting the lack of SIZE_T_MAX. Since there actually is a SIZE_MAX, use it. Two places use INT_MAX for checking the upper bound of a sector count that is used as an argument for a blk_*() function (blk_discard() and blk_write_compressed(), respectively). BDRV_REQUEST_MAX_SECTORS should be used instead. And finally, do_co_pwrite_zeroes() used to similarly check that the sector count does not exceed INT_MAX. However, this function is now backed by blk_co_pwrite_zeroes() which takes bytes as an argument instead of sectors. Therefore, it should be the byte count that does not exceed INT_MAX, not the sector count. Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13qcow2: Avoid making the L1 table too bigMax Reitz
We refuse to open images whose L1 table we deem "too big". Consequently, we should not produce such images ourselves. Cc: qemu-stable@nongnu.org Signed-off-by: Max Reitz <mreitz@redhat.com> Message-id: 20160615153630.2116-3-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> [mreitz: Added QEMU_BUILD_BUG_ON()] Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13qemu-img: Use strerror() for generic resize errorMax Reitz
Emitting the plain error number is not very helpful. Use strerror() instead. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-id: 20160615153630.2116-2-mreitz@redhat.com Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-07-13block: Remove BB options from blockdev-addKevin Wolf
werror/rerror are now available as qdev options. The stats-* options are removed without an existing replacement; they should probably be configurable with a separate QMP command like I/O throttling settings. Removing id is left for another day because this involves updating qemu-iotests cases to use node-name for everything. Before we can do that, however, all QMP commands must support node-name. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-07-13qemu-iotests: Test setting WCE with qdevKevin Wolf
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-07-13block/qdev: Allow configuring rerror/werror with qdev propertiesKevin Wolf
The rerror/werror policies are implemented in the devices, so that's where they should be configured. In comparison to the old options in -drive, the qdev properties are only added to those devices that actually support them. If the option isn't given (or "auto" is specified), the setting of the BlockBackend is used for compatibility with the old options. For block jobs, "auto" is the same as "enospc". Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-07-13commit: Fix use of error handling policyKevin Wolf
Commit implemented the 'enospc' policy as 'ignore' if the error was not ENOSPC. The QAPI documentation promises that it's treated as 'stop'. Using the common block job error handling function fixes this and also adds the missing QMP event. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-07-13block/qdev: Allow configuring WCE with qdev propertiesKevin Wolf
As cache.writeback is a BlockBackend property and as such more related to the guest device than the BlockDriverState, we already removed it from the blockdev-add interface. This patch adds the new way to set it, as a qdev property of the corresponding guest device. For example: -drive if=none,file=test.img,node-name=img -device ide-hd,drive=img,write-cache=off Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-07-13hostmem: detect host backend memory is being used properlyXiao Guangrong
Currently, we use memory_region_is_mapped() to detect if the host backend memory is being used. This works if the memory is directly mapped into guest's address space, however, it is not true for nvdimm as it uses aliased memory region to map the memory. This is why this bug can happen: https://bugzilla.redhat.com/show_bug.cgi?id=1352769 Fix it by introduce a new filed, is_mapped, to HostMemoryBackend, we set/clear this filed accordingly when the device link/unlink to host backend memory Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-13hostmem: fix QEMU crash by 'info memdev'Xiao Guangrong
'info memdev' crashes QEMU: (qemu) info memdev Unexpected error in parse_str() at qapi/string-input-visitor.c:111: Parameter 'null' expects an int64 value or range It is caused by null uint16List is returned if 'host-nodes' is the default value Return MAX_NODES under this case to fix this bug Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-13char: do not use atexit cleanup handlerMarc-André Lureau
It turns out qemu is calling exit() in various places from various threads without taking much care of resources state. The atexit() cleanup handlers cannot easily destroy resources that are in use (by the same thread or other). Since c1111a24a3, TCG arm guests run into the following abort() when running tests, the chardev mutex is locked during the write, so qemu_mutex_destroy() returns an error: #0 0x00007fffdbb806f5 in raise () at /lib64/libc.so.6 #1 0x00007fffdbb822fa in abort () at /lib64/libc.so.6 #2 0x00005555557616fe in error_exit (err=<optimized out>, msg=msg@entry=0x555555c38c30 <__func__.14622> "qemu_mutex_destroy") at /home/drjones/code/qemu/util/qemu-thread-posix.c:39 #3 0x0000555555b0be20 in qemu_mutex_destroy (mutex=mutex@entry=0x5555566aa0e0) at /home/drjones/code/qemu/util/qemu-thread-posix.c:57 #4 0x00005555558aab00 in qemu_chr_free_common (chr=0x5555566aa0e0) at /home/drjones/code/qemu/qemu-char.c:4029 #5 0x00005555558b05f9 in qemu_chr_delete (chr=<optimized out>) at /home/drjones/code/qemu/qemu-char.c:4038 #6 0x00005555558b05f9 in qemu_chr_delete (chr=<optimized out>) at /home/drjones/code/qemu/qemu-char.c:4044 #7 0x00005555558b062c in qemu_chr_cleanup () at /home/drjones/code/qemu/qemu-char.c:4557 #8 0x00007fffdbb851e8 in __run_exit_handlers () at /lib64/libc.so.6 #9 0x00007fffdbb85235 in () at /lib64/libc.so.6 #10 0x00005555558d1b39 in testdev_write (testdev=0x5555566aa0a0) at /home/drjones/code/qemu/backends/testdev.c:71 #11 0x00005555558d1b39 in testdev_write (chr=<optimized out>, buf=0x7fffc343fd9a "", len=0) at /home/drjones/code/qemu/backends/testdev.c:95 #12 0x00005555558adced in qemu_chr_fe_write (s=0x5555566aa0e0, buf=buf@entry=0x7fffc343fd98 "0q", len=len@entry=2) at /home/drjones/code/qemu/qemu-char.c:282 Instead of using a atexit() handler, only run the chardev cleanup as initially proposed at the end of main(), where there are less chances (hic) of conflicts or other races. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reported-by: Andrew Jones <drjones@redhat.com> Message-Id: <20160704153823.16879-1-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-13net: do not use atexit for cleanupPaolo Bonzini
This will be necessary in the next patch, which stops using atexit for character devices; without it, vhost-user and the redirector filter will cause a use-after-free. Relying on the ordering of atexit calls is also brittle, even now that both the network and chardev subsystems are using atexit. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-13slirp: use exit notifier for slirp_smb_cleanupPaolo Bonzini
We would like to move back net_cleanup() at the end of main function, like it used to be until f30dbae63a46f23116715dff8d130c, but minimum cleanup is needed regardless at exit() time for slirp's SMB functionality. Use an exit notifier to call slirp_smb_cleanup. If net_cleanup() is called first, then remove the exit notifier as it will become a dangling pointer otherwise. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-13tap: use an exit notifier to call down_scriptMarc-André Lureau
We would like to move back net_cleanup() at the end of main function, like it used to be until f30dbae63a46f23116715dff8d130c, but minimum tap cleanup is necessary regarless at exit() time. Use an exit notifier to call TAP down_script. If net_cleanup() is called first, then remove the exit notifier as it will become a dangling pointer otherwise. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20160711144847.16651-1-marcandre.lureau@redhat.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-13block/qdev: Allow node name for drive propertiesKevin Wolf
If a node name instead of a BlockBackend name is specified as the driver for a guest device, an anonymous BlockBackend is created now. The order of operations in release_drive() must be reversed in order to avoid a use-after-free bug because now blk_detach_dev() frees the last reference if an anonymous BlockBackend is used. usb-storage uses a hack where it forwards its BlockBackend as a property to another device that it internally creates. This hack must be updated so that it doesn't drop its original BB before it can be passed to the other device. This used to work because we always had the monitor reference around, but with node-names the device reference is the only one now. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2016-07-13coroutine: move entry argument to qemu_coroutine_createPaolo Bonzini
In practice the entry argument is always known at creation time, and it is confusing that sometimes qemu_coroutine_enter is used with a non-NULL argument to re-enter a coroutine (this happens in block/sheepdog.c and tests/test-coroutine.c). So pass the opaque value at creation time, for consistency with e.g. aio_bh_new. Mostly done with the following semantic patch: @ entry1 @ expression entry, arg, co; @@ - co = qemu_coroutine_create(entry); + co = qemu_coroutine_create(entry, arg); ... - qemu_coroutine_enter(co, arg); + qemu_coroutine_enter(co); @ entry2 @ expression entry, arg; identifier co; @@ - Coroutine *co = qemu_coroutine_create(entry); + Coroutine *co = qemu_coroutine_create(entry, arg); ... - qemu_coroutine_enter(co, arg); + qemu_coroutine_enter(co); @ entry3 @ expression entry, arg; @@ - qemu_coroutine_enter(qemu_coroutine_create(entry), arg); + qemu_coroutine_enter(qemu_coroutine_create(entry, arg)); @ reentry @ expression co; @@ - qemu_coroutine_enter(co, NULL); + qemu_coroutine_enter(co); except for the aforementioned few places where the semantic patch stumbled (as expected) and for test_co_queue, which would otherwise produce an uninitialized variable warning. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-13test-coroutine: prepare for the next patchPaolo Bonzini
The next patch moves the coroutine argument from first-enter to creation time. In this case, coroutine has not been initialized yet when the coroutine is created, so change to a pointer. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-13coroutine: use QSIMPLEQ instead of QTAILQPaolo Bonzini
CoQueue do not need to remove any element but the head of the list; processing is always strictly FIFO. Therefore, the simpler singly-linked QSIMPLEQ can be used instead. Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-13raw-posix: Use qemu_dupFam Zheng
Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-13osdep: Introduce qemu_dupFam Zheng
And use it in qemu_dup_flags. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-13blockjob: Update description of the 'device' field in the QMP APIAlberto Garcia
The 'device' field in all BLOCK_JOB_* events and 'block-job-*' command is no longer the device name, but the ID of the job. This patch updates the documentation to clarify that. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-13qemu-img: Set the ID of the block job in img_commit()Alberto Garcia
img_commit() creates a block job without an ID. This is no longer allowed now that we require it to be unique and well-formed. We were solving this by having a fallback in block_job_create(), but now that we extended the API of commit_active_start() we can finally set an explicit ID and revert that change. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-13commit: Add 'job-id' parameter to 'block-commit'Alberto Garcia
This patch adds a new optional 'job-id' parameter to 'block-commit', allowing the user to specify the ID of the block job to be created. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-13stream: Add 'job-id' parameter to 'block-stream'Alberto Garcia
This patch adds a new optional 'job-id' parameter to 'block-stream', allowing the user to specify the ID of the block job to be created. The HMP 'block_stream' command remains unchanged. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-07-13backup: Add 'job-id' parameter to 'blockdev-backup' and 'drive-backup'Alberto Garcia
This patch adds a new optional 'job-id' parameter to 'blockdev-backup' and 'drive-backup', allowing the user to specify the ID of the block job to be created. The HMP 'drive_backup' command remains unchanged. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>