aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-18block: Add BlockDriver.is_formatMax Reitz
We want to unify child_format and child_file at some point. One of the important things that set format drivers apart from other drivers is that they do not expect other format nodes under them (except in the backing chain), i.e. we must not probe formats inside of formats. That means we need something on which to distinguish format drivers from others, and hence this flag. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Message-Id: <20200513110544.176672-3-mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18block: Mark commit, mirror, blkreplay as filtersMax Reitz
The commit, mirror, and blkreplay block nodes are filters, so they should be marked as such. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200513110544.176672-2-mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18block: Use bdrv_make_empty() where possibleMax Reitz
Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Message-Id: <20200429141126.85159-3-mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18replication: Avoid blk_make_empty() on read-only childKevin Wolf
This is just a bandaid to keep tests/test-replication working after bdrv_make_empty() starts to assert that we're not trying to call it on a read-only child. For the real solution in the future, replication should not steal the BdrvChild from its backing file (this is never correct to do!), but instead have its own child node references, with the appropriate permissions. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18block: Use blk_make_empty() after commitsMax Reitz
bdrv_commit() already has a BlockBackend pointing to the BDS that we want to empty, it just has the wrong permissions. qemu-img commit has no BlockBackend pointing to the old backing file yet, but introducing one is simple. After this commit, bdrv_make_empty() is the only remaining caller of BlockDriver.bdrv_make_empty(). Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200429141126.85159-5-mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> [kwolf: Fixed up reference output for 098] Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18block: Add blk_make_empty()Max Reitz
Two callers of BlockDriver.bdrv_make_empty() remain that should not call this method directly. Both do not have access to a BdrvChild, but they can use a BlockBackend, so we add this function that lets them use it. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200429141126.85159-4-mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18block: Add bdrv_make_empty()Max Reitz
Right now, all users of bdrv_make_empty() call the BlockDriver method directly. That is not only bad style, it is also wrong, unless the caller has a BdrvChild with a WRITE or WRITE_UNCHANGED permission. (WRITE_UNCHANGED suffices, because callers generally use this function to clear a node with a backing file after a commit operation.) Introduce bdrv_make_empty() that verifies that it does. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200429141126.85159-2-mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18iotests: Run pylint and mypy in a testcaseKevin Wolf
We made sure that iotests.py passes pylint. It would be a shame if we allowed new patches in that break this again, so let's just add a meta-test case that runs pylint on it. While we don't pass mypy --strict yet, we can already run it with a few options that would be part of --strict to make sure that we won't regress on these aspects at least until we can enable the full thing. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Message-Id: <20200511163529.349329-3-kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18iotests: Fix incomplete type declarationsKevin Wolf
We need to fix only a few places so that iotests.py can pass mypy --disallow-incomplete-defs, which seems to be a desirable option to have enabled in the long run. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Message-Id: <20200511163529.349329-2-kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18block/replication.c: Avoid cancelling the job twiceLukas Straub
If qemu in colo secondary mode is stopped, it crashes because s->backup_job is canceled twice: First with job_cancel_sync_all() in qemu_cleanup() and then in replication_stop(). Fix this by assigning NULL to s->backup_job when the job completes so replication_stop() and replication_do_checkpoint() won't touch the job. Signed-off-by: Lukas Straub <lukasstraub2@web.de> Message-Id: <20200511090801.7ed5d8f3@luklap> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18iotests: Mirror with different source/target sizeKevin Wolf
This tests that the mirror job catches situations where the target node has a different size than the source node. It must also forbid resize operations when the job is already running. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20200511135825.219437-5-kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18mirror: Make sure that source and target size matchKevin Wolf
If the target is shorter than the source, mirror would copy data until it reaches the end of the target and then fail with an I/O error when trying to write past the end. If the target is longer than the source, the mirror job would complete successfully, but the target wouldn't actually be an accurate copy of the source image (it would contain some additional garbage at the end). Fix this by checking that both images have the same size when the job starts. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20200511135825.219437-4-kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18iotests/229: Use blkdebug to inject an errorKevin Wolf
229 relies on the mirror running into an I/O error when the target is smaller than the source. After changing mirror to catch this condition while starting the job, this test case won't get a job that is paused for an I/O error any more. Use blkdebug instead to inject an error. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20200511135825.219437-3-kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-18iotests/109: Don't mirror with mismatched sizeKevin Wolf
This patch makes the raw image the same size as the file in a different format that is mirrored as raw to it to avoid errors when mirror starts to enforce that source and target are the same size. We check only that the first 512 bytes are zeroed (instead of 64k) because some image formats create image files that are smaller than 64k, so trying to read 64k would result in I/O errors. Apart from this, 512 is more appropriate anyway because the raw format driver protects specifically the first 512 bytes. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Message-Id: <20200511135825.219437-2-kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-05-15Merge remote-tracking branch 'remotes/rth/tags/pull-fpu-20200515' into stagingPeter Maydell
floatx80 x87 pseudo-denormal fixes # gpg: Signature made Fri 15 May 2020 19:10:27 BST # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth/tags/pull-fpu-20200515: softfloat: fix floatx80 pseudo-denormal round to integer softfloat: fix floatx80 pseudo-denormal comparisons softfloat: fix floatx80 pseudo-denormal addition / subtraction softfloat: silence sNaN for conversions to/from floatx80 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-15softfloat: fix floatx80 pseudo-denormal round to integerJoseph Myers
The softfloat function floatx80_round_to_int incorrectly handles the case of a pseudo-denormal where only the high bit of the significand is set, ignoring that bit (treating the number as an exact zero) rather than treating the number as an alternative representation of +/- 2^-16382 (which may round to +/- 1 depending on the rounding mode) as hardware does. Fix this check (simplifying the code in the process). Signed-off-by: Joseph Myers <joseph@codesourcery.com> Message-Id: <alpine.DEB.2.21.2005042339420.22972@digraph.polyomino.org.uk> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-05-15softfloat: fix floatx80 pseudo-denormal comparisonsJoseph Myers
The softfloat floatx80 comparisons fail to allow for pseudo-denormals, which should compare equal to corresponding values with biased exponent 1 rather than 0. Add an adjustment for that case when comparing numbers with the same sign. Signed-off-by: Joseph Myers <joseph@codesourcery.com> Message-Id: <alpine.DEB.2.21.2005042338470.22972@digraph.polyomino.org.uk> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-05-15softfloat: fix floatx80 pseudo-denormal addition / subtractionJoseph Myers
The softfloat function addFloatx80Sigs, used for addition of values with the same sign and subtraction of values with opposite sign, fails to handle the case where the two values both have biased exponent zero and there is a carry resulting from adding the significands, which can occur if one or both values are pseudo-denormals (biased exponent zero, explicit integer bit 1). Add a check for that case, so making the results match those seen on x86 hardware for pseudo-denormals. Signed-off-by: Joseph Myers <joseph@codesourcery.com> Message-Id: <alpine.DEB.2.21.2005042337570.22972@digraph.polyomino.org.uk> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-05-15softfloat: silence sNaN for conversions to/from floatx80Joseph Myers
Conversions between IEEE floating-point formats should convert signaling NaNs to quiet NaNs. Most of those in QEMU's softfloat code do so, but those for floatx80 fail to. Fix those conversions to silence signaling NaNs as well. Signed-off-by: Joseph Myers <joseph@codesourcery.com> Message-Id: <alpine.DEB.2.21.2005042336170.22972@digraph.polyomino.org.uk> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-05-15Merge remote-tracking branch ↵Peter Maydell
'remotes/stsquad/tags/pull-testing-tcg-plugins-150520-2' into staging Various testing, tcg and plugin updates - fix bug in gdbstub tests that leave hanging QEMUs - tweak s390x travis test - re-factor guest_base handling - support "notes" in disassembler output - include guest address notes in out_asm - cleanup plugin headers and and constify hwaddr - updates MAINTAINERS for cpu-common.c # gpg: Signature made Fri 15 May 2020 15:40:40 BST # gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44 # gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full] # Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44 * remotes/stsquad/tags/pull-testing-tcg-plugins-150520-2: MAINTAINERS: update the orphaned cpus-common.c file qemu/qemu-plugin: Make qemu_plugin_hwaddr_is_io() hwaddr argument const qemu/plugin: Move !CONFIG_PLUGIN stubs altogether qemu/plugin: Trivial code movement translate-all: include guest address in out_asm output disas: add optional note support to cap_disas disas: include an optional note for the start of disassembly accel/tcg: don't disable exec_tb trace events accel/tcg: Relax va restrictions on 64-bit guests exec/cpu-all: Use bool for have_guest_base linux-user: completely re-write init_guest_space travis.yml: Improve the --disable-tcg test on s390x tests/guest-debug: catch hanging guests Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-15MAINTAINERS: update the orphaned cpus-common.c fileAlex Bennée
We forgot to update MAINTAINERS when this code was re-factored. Fixes: 267f685b8b Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200513173200.11830-5-alex.bennee@linaro.org>
2020-05-15qemu/qemu-plugin: Make qemu_plugin_hwaddr_is_io() hwaddr argument constPhilippe Mathieu-Daudé
Rename qemu_plugin_hwaddr_is_io() address argument 'haddr' similarly to qemu_plugin_hwaddr_device_offset(), and make it const. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200510171119.20827-4-f4bug@amsat.org> Message-Id: <20200513173200.11830-4-alex.bennee@linaro.org>
2020-05-15qemu/plugin: Move !CONFIG_PLUGIN stubs altogetherPhilippe Mathieu-Daudé
Simplify the ifdef'ry by moving all stubs together. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200510171119.20827-3-f4bug@amsat.org> Message-Id: <20200513173200.11830-3-alex.bennee@linaro.org>
2020-05-15qemu/plugin: Trivial code movementPhilippe Mathieu-Daudé
Move the qemu_plugin_event enum declaration earlier. This will make the next commit easier to review. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200510171119.20827-2-f4bug@amsat.org> Message-Id: <20200513173200.11830-2-alex.bennee@linaro.org>
2020-05-15translate-all: include guest address in out_asm outputAlex Bennée
We already have information about where each guest instructions representation starts stored in the tcg_ctx->gen_insn_data so we can rectify the PC for faults. We can re-use this information to annotate the out_asm output with guest instruction address which makes it a bit easier to work out where you are especially with longer blocks. A minor wrinkle is that some instructions get optimised away so we have to scan forward until we find some actual generated code. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200513175134.19619-11-alex.bennee@linaro.org>
2020-05-15disas: add optional note support to cap_disasAlex Bennée
Include support for outputting a note at the top of a chunk of disassembly to capstone as well. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200513175134.19619-10-alex.bennee@linaro.org>
2020-05-15disas: include an optional note for the start of disassemblyAlex Bennée
This will become useful shortly for providing more information about output assembly inline. While there fix up the indenting and code formatting in disas(). Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200513175134.19619-9-alex.bennee@linaro.org>
2020-05-15accel/tcg: don't disable exec_tb trace eventsAlex Bennée
I doubt the well predicted trace event check is particularly special in the grand context of TCG code execution. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200513175134.19619-8-alex.bennee@linaro.org>
2020-05-15accel/tcg: Relax va restrictions on 64-bit guestsRichard Henderson
We cannot at present limit a 64-bit guest to a virtual address space smaller than the host. It will mostly work to ignore this limitation, except if the guest uses high bits of the address space for tags. But it will certainly work better, as presently we can wind up failing to allocate the guest stack. Widen our user-only page tree to the host or abi pointer width. Remove the workaround for this problem from target/alpha. Always validate guest addresses vs reserved_va, as there we control allocation ourselves. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200513175134.19619-7-alex.bennee@linaro.org>
2020-05-15exec/cpu-all: Use bool for have_guest_baseRichard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20200513175134.19619-6-alex.bennee@linaro.org>
2020-05-15linux-user: completely re-write init_guest_spaceAlex Bennée
First we ensure all guest space initialisation logic comes through probe_guest_base once we understand the nature of the binary we are loading. The convoluted init_guest_space routine is removed and replaced with a number of pgb_* helpers which are called depending on what requirements we have when loading the binary. We first try to do what is requested by the host. Failing that we try and satisfy the guest requested base address. If all those options fail we fall back to finding a space in the memory map using our recently written read_self_maps() helper. There are some additional complications we try and take into account when looking for holes in the address space. We try not to go directly after the system brk() space so there is space for a little growth. We also don't want to have to use negative offsets which would result in slightly less efficient code on x86 when it's unable to use the segment offset register. Less mind-binding gotos and hopefully clearer logic throughout. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20200513175134.19619-5-alex.bennee@linaro.org>
2020-05-15travis.yml: Improve the --disable-tcg test on s390xThomas Huth
Since the s390x containers do not allow KVM, we only compile-test the --disable-tcg build on s390x and do not run the qtests. Thus, it does not make sense to install genisoimage here, and it also does not make sense to build the s390-ccw.img here again - it is simply not used without the qtests. On the other hand, if we do not build the s390-ccw.img anymore, we can also compile with Clang - so let's use that compiler here to get some additional test coverage. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200512133849.10624-1-thuth@redhat.com> Message-Id: <20200513175134.19619-3-alex.bennee@linaro.org>
2020-05-15tests/guest-debug: catch hanging guestsAlex Bennée
If gdb never actually connected with the guest we need to catch that and clean-up after ourselves. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200513175134.19619-2-alex.bennee@linaro.org>
2020-05-15Merge remote-tracking branch 'remotes/kraxel/tags/ui-20200515-pull-request' ↵Peter Maydell
into staging ui: sdl bugfix, -show-cursor deprecation message # gpg: Signature made Fri 15 May 2020 09:21:29 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/ui-20200515-pull-request: ui/sdl2: fix segment fault caused by null pointer dereference ui: improve -show-cursor deprecation message Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-15Merge remote-tracking branch 'remotes/armbru/tags/pull-qom-2020-05-15' into ↵Peter Maydell
staging QOM patches for 2020-05-15 # gpg: Signature made Fri 15 May 2020 06:58:29 BST # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-qom-2020-05-15: (21 commits) hw: Remove unnecessary DEVICE() cast various: Remove unnecessary OBJECT() cast target: Remove unnecessary CPU() cast qom: Drop @errp parameter of object_property_del() spapr_pci: Drop some dead error handling qdev: Unrealize must not fail Drop more @errp parameters after previous commit qom: Drop parameter @errp of object_property_add() & friends qdev: Clean up qdev_connect_gpio_out_named() hw/arm/bcm2835: Drop futile attempts at QOM-adopting memory e1000: Don't run e1000_instance_init() twice hw/isa/superio: Make the components QOM children s390x/cpumodel: Fix UI to CPU features pcc-cmac-{aes,eaes}-256 tests/check-qom-proplist: Improve iterator coverage qom: Drop object_property_set_description() parameter @errp qom: Make all the object_property_add_FOO() return the property qom: Drop convenience method object_property_get_uint16List() qom: Simplify object_property_get_enum() qom: Drop object_property_del_child()'s unused parameter @errp qom: Clean up inconsistent use of gchar * vs. char * ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-05-15hw: Remove unnecessary DEVICE() castPhilippe Mathieu-Daudé
The DEVICE() macro is defined as: #define DEVICE(obj) OBJECT_CHECK(DeviceState, (obj), TYPE_DEVICE) which expands to: ((DeviceState *)object_dynamic_cast_assert((Object *)(obj), (name), __FILE__, __LINE__, __func__)) This assertion can only fail when @obj points to something other than its stated type, i.e. when we're in undefined behavior country. Remove the unnecessary DEVICE() casts when we already know the pointer is of DeviceState type. Patch created mechanically using spatch with this script: @@ typedef DeviceState; DeviceState *s; @@ - DEVICE(s) + s Acked-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Paul Durrant <paul@xen.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Acked-by: John Snow <jsnow@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20200512070020.22782-4-f4bug@amsat.org>
2020-05-15various: Remove unnecessary OBJECT() castPhilippe Mathieu-Daudé
The OBJECT() macro is defined as: #define OBJECT(obj) ((Object *)(obj)) Remove the unnecessary OBJECT() casts when we already know the pointer is of Object type. Patch created mechanically using spatch with this script: @@ typedef Object; Object *o; @@ - OBJECT(o) + o Acked-by: Cornelia Huck <cohuck@redhat.com> Acked-by: Corey Minyard <cminyard@mvista.com> Acked-by: John Snow <jsnow@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20200512070020.22782-3-f4bug@amsat.org> [Trivial rebase conflict in hw/s390x/sclp.c resolved]
2020-05-15target: Remove unnecessary CPU() castPhilippe Mathieu-Daudé
The CPU() macro is defined as: #define CPU(obj) ((CPUState *)(obj)) which expands to: ((CPUState *)object_dynamic_cast_assert((Object *)(obj), (name), __FILE__, __LINE__, __func__)) This assertion can only fail when @obj points to something other than its stated type, i.e. when we're in undefined behavior country. Remove the unnecessary CPU() casts when we already know the pointer is of CPUState type. Patch created mechanically using spatch with this script: @@ typedef CPUState; CPUState *s; @@ - CPU(s) + s Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20200512070020.22782-2-f4bug@amsat.org>
2020-05-15qom: Drop @errp parameter of object_property_del()Markus Armbruster
Same story as for object_property_add(): the only way object_property_del() can fail is when the property with this name does not exist. Since our property names are all hardcoded, failure is a programming error, and the appropriate way to handle it is passing &error_abort. Most callers do that, the commit before previous fixed one that didn't (and got the error handling wrong), and the two remaining exceptions ignore errors. Drop the @errp parameter. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200505152926.18877-19-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-15spapr_pci: Drop some dead error handlingMarkus Armbruster
chassis_from_bus() uses object_property_get_uint() to get property "chassis_nr" of the bridge device. Failure would be a programming error. Pass &error_abort, and simplify its callers. Cc: David Gibson <david@gibson.dropbear.id.au> Cc: qemu-ppc@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200505152926.18877-18-armbru@redhat.com>
2020-05-15qdev: Unrealize must not failMarkus Armbruster
Devices may have component devices and buses. Device realization may fail. Realization is recursive: a device's realize() method realizes its components, and device_set_realized() realizes its buses (which should in turn realize the devices on that bus, except bus_set_realized() doesn't implement that, yet). When realization of a component or bus fails, we need to roll back: unrealize everything we realized so far. If any of these unrealizes failed, the device would be left in an inconsistent state. Must not happen. device_set_realized() lets it happen: it ignores errors in the roll back code starting at label child_realize_fail. Since realization is recursive, unrealization must be recursive, too. But how could a partly failed unrealize be rolled back? We'd have to re-realize, which can fail. This design is fundamentally broken. device_set_realized() does not roll back at all. Instead, it keeps unrealizing, ignoring further errors. It can screw up even for a device with no buses: if the lone dc->unrealize() fails, it still unregisters vmstate, and calls listeners' unrealize() callback. bus_set_realized() does not roll back either. Instead, it stops unrealizing. Fortunately, no unrealize method can fail, as we'll see below. To fix the design error, drop parameter @errp from all the unrealize methods. Any unrealize method that uses @errp now needs an update. This leads us to unrealize() methods that can fail. Merely passing it to another unrealize method cannot cause failure, though. Here are the ones that do other things with @errp: * virtio_serial_device_unrealize() Fails when qbus_set_hotplug_handler() fails, but still does all the other work. On failure, the device would stay realized with its resources completely gone. Oops. Can't happen, because qbus_set_hotplug_handler() can't actually fail here. Pass &error_abort to qbus_set_hotplug_handler() instead. * hw/ppc/spapr_drc.c's unrealize() Fails when object_property_del() fails, but all the other work is already done. On failure, the device would stay realized with its vmstate registration gone. Oops. Can't happen, because object_property_del() can't actually fail here. Pass &error_abort to object_property_del() instead. * spapr_phb_unrealize() Fails and bails out when remove_drcs() fails, but other work is already done. On failure, the device would stay realized with some of its resources gone. Oops. remove_drcs() fails only when chassis_from_bus()'s object_property_get_uint() fails, and it can't here. Pass &error_abort to remove_drcs() instead. Therefore, no unrealize method can fail before this patch. device_set_realized()'s recursive unrealization via bus uses object_property_set_bool(). Can't drop @errp there, so pass &error_abort. We similarly unrealize with object_property_set_bool() elsewhere, always ignoring errors. Pass &error_abort instead. Several unrealize methods no longer handle errors from other unrealize methods: virtio_9p_device_unrealize(), virtio_input_device_unrealize(), scsi_qdev_unrealize(), ... Much of the deleted error handling looks wrong anyway. One unrealize methods no longer ignore such errors: usb_ehci_pci_exit(). Several realize methods no longer ignore errors when rolling back: v9fs_device_realize_common(), pci_qdev_unrealize(), spapr_phb_realize(), usb_qdev_realize(), vfio_ccw_realize(), virtio_device_realize(). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200505152926.18877-17-armbru@redhat.com>
2020-05-15Drop more @errp parameters after previous commitMarkus Armbruster
Several functions can't fail anymore: ich9_pm_add_properties(), device_add_bootindex_property(), ppc_compat_add_property(), spapr_caps_add_properties(), PropertyInfo.create(). Drop their @errp parameter. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200505152926.18877-16-armbru@redhat.com>
2020-05-15qom: Drop parameter @errp of object_property_add() & friendsMarkus Armbruster
The only way object_property_add() can fail is when a property with the same name already exists. Since our property names are all hardcoded, failure is a programming error, and the appropriate way to handle it is passing &error_abort. Same for its variants, except for object_property_add_child(), which additionally fails when the child already has a parent. Parentage is also under program control, so this is a programming error, too. We have a bit over 500 callers. Almost half of them pass &error_abort, slightly fewer ignore errors, one test case handles errors, and the remaining few callers pass them to their own callers. The previous few commits demonstrated once again that ignoring programming errors is a bad idea. Of the few ones that pass on errors, several violate the Error API. The Error ** argument must be NULL, &error_abort, &error_fatal, or a pointer to a variable containing NULL. Passing an argument of the latter kind twice without clearing it in between is wrong: if the first call sets an error, it no longer points to NULL for the second call. ich9_pm_add_properties(), sparc32_ledma_realize(), sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize() are wrong that way. When the one appropriate choice of argument is &error_abort, letting users pick the argument is a bad idea. Drop parameter @errp and assert the preconditions instead. There's one exception to "duplicate property name is a programming error": the way object_property_add() implements the magic (and undocumented) "automatic arrayification". Don't drop @errp there. Instead, rename object_property_add() to object_property_try_add(), and add the obvious wrapper object_property_add(). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200505152926.18877-15-armbru@redhat.com> [Two semantic rebase conflicts resolved]
2020-05-15qdev: Clean up qdev_connect_gpio_out_named()Markus Armbruster
Both qdev_connect_gpio_out_named() and device_set_realized() put objects without a parent into the "/machine/unattached/" orphanage. qdev_connect_gpio_out_named() needs a lengthy comment to explain how it works. It exploits that object_property_add_child() can fail only when we got a parent already, and ignoring that error does what we want. True. If it failed due to "duplicate property", we'd be in trouble, but that would be a programming error. device_set_realized() is cleaner: it checks whether we need a parent, then calls object_property_add_child(), aborting on failure. No need for a comment, and programming errors get caught. Change qdev_connect_gpio_out_named() to match. Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200505152926.18877-14-armbru@redhat.com>
2020-05-15hw/arm/bcm2835: Drop futile attempts at QOM-adopting memoryMarkus Armbruster
The "bcm2835-peripherals" device's .instance_init() method bcm2835_peripherals_init() attempts to make two memory regions QOM children of the device. This is futile, because memory_region_init() already did. The errors are ignored (a later commit will change that). Drop the useless calls. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Andrew Baumann <Andrew.Baumann@microsoft.com> Cc: "Philippe Mathieu-Daudé" <philmd@redhat.com> Cc: qemu-arm@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20200505152926.18877-13-armbru@redhat.com>
2020-05-15e1000: Don't run e1000_instance_init() twiceMarkus Armbruster
QOM object initialization runs .instance_init() for the type and all its supertypes; see object_init_with_type(). Both TYPE_E1000_BASE and its concrete subtypes set .instance_init() to e1000_instance_init(). For the concrete subtypes, it duly gets run twice. The second run fails, but the error gets ignored (a later commit will change that). Remove it from the subtypes. Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200505152926.18877-12-armbru@redhat.com>
2020-05-15hw/isa/superio: Make the components QOM childrenMarkus Armbruster
isa_superio_realize() attempts to make isa-parallel and isa-serial QOM children, but this does not work, because it calls object_property_add_child() after realizing with qdev_init_nofail(). Realizing a device without a parent gives it one: it gets put into the "/machine/unattached/" orphanage. The extra object_property_add_child() fails, and isa_superio_realize() ignores the error. Move the object_property_add_child() before qdev_init_nofail(), and pass &error_abort. For the other components, isa_superio_realize() doesn't even try. Add object_property_add_child() there. This affects machines 40p, clipper and fulong2e. For instance, fulong2e has its vt82c686b-superio (which is an isa-superio) at /machine/unattached/device[9]. Before the patch, its components are at /machine/unattached/device[10] .. [14]. Afterwards, they are at /machine/unattached/device[9]/{parallel0,serial0,serial1,isa-fdc,i8042}. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200505152926.18877-11-armbru@redhat.com>
2020-05-15s390x/cpumodel: Fix UI to CPU features pcc-cmac-{aes,eaes}-256Markus Armbruster
Both s390_features[S390_FEAT_PCC_CMAC_AES_256].name and s390_features[S390_FEAT_PCC_CMAC_EAES_256].name is "pcc-cmac-eaes-256". The former is obviously a pasto. Impact: * s390_feat_bitmap_to_ascii() misidentifies S390_FEAT_PCC_CMAC_AES_256 as "pcc-cmac-eaes-256". Affects QMP commands query-cpu-definitions, query-cpu-model-expansion, query-cpu-model-baseline, query-cpu-model-comparison, and the error message when s390_realize_cpu_model() fails in check_compatibility(). * s390_cpu_list() also misidentifies it. Affects -cpu help. * s390_cpu_model_register_props() creates CPU property "pcc-cmac-eaes-256" twice. The second one fails, but the error is ignored (a later commit will change that). Results in a single property "pcc-cmac-eaes-256" with the description for S390_FEAT_PCC_CMAC_AES_256, and no property for S390_FEAT_PCC_CMAC_EAES_256. CPU properties are visible in CLI -cpu and -device, QMP & HMP device_add, QMP device-list-properties, and QOM introspection. The two features are almost always used via their group msa4. Such use is not affected by this bug. Fix by deleting the wayward 'e'. Fixes: 782417446279 ("s390x/cpumodel: introduce CPU features") Cc: Halil Pasic <pasic@linux.ibm.com> Cc: Cornelia Huck <cohuck@redhat.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Richard Henderson <rth@twiddle.net> Cc: David Hildenbrand <david@redhat.com> Cc: qemu-s390x@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20200505152926.18877-10-armbru@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> [Lost paragraph in commit message restored, Fixes: tweaked]
2020-05-15tests/check-qom-proplist: Improve iterator coverageMarkus Armbruster
The tests' "qemu-dummy" device has only class properties. Turn one of them into an instance property. test_dummy_class_iterator() expects one fewer property than test_dummy_iterator(). Rewrite test_dummy_prop_iterator() to take expected properties as argument. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200505152926.18877-9-armbru@redhat.com>
2020-05-15qom: Drop object_property_set_description() parameter @errpMarkus Armbruster
object_property_set_description() and object_class_property_set_description() fail only when property @name is not found. There are 85 calls of object_property_set_description() and object_class_property_set_description(). None of them can fail: * 84 immediately follow the creation of the property. * The one in spapr_rng_instance_init() refers to a property created in spapr_rng_class_init(), from spapr_rng_properties[]. Every one of them still gets to decide what to pass for @errp. 51 calls pass &error_abort, 32 calls pass NULL, one receives the error and propagates it to &error_abort, and one propagates it to &error_fatal. I'm actually surprised none of them violates the Error API. What are we gaining by letting callers handle the "property not found" error? Use when the property is not known to exist is simpler: you don't have to guard the call with a check. We haven't found such a use in 5+ years. Until we do, let's make life a bit simpler and drop the @errp parameter. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200505152926.18877-8-armbru@redhat.com> [One semantic rebase conflict resolved]