aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-07-16hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = falseThomas Huth
These devices are currently causing some problems when a user is trying to hot-plug or introspect them during runtime. Since these devices can not be instantiated by the user at all (they need to be wired up in code instead), we should mark them with user_creatable = false anyway, then we avoid at least the crashes with the hot-plugging. The introspection problem will be handled by a separate patch. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1531415537-26037-1-git-send-email-thuth@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16hw/intc/arm_gic: Fix handling of GICD_ITARGETSRPeter Maydell
The GICD_ITARGETSR implementation still has some 11MPCore behaviour that we were incorrectly using in our GICv1 and GICv2 implementations for the case where the interrupt number is less than GIC_INTERNAL. The desired behaviour here is: * for 11MPCore: RAZ/WI for irqs 0..28; read a number matching the CPU doing the read for irqs 29..31 * for GICv1 and v2: RAZ/WI if uniprocessor; otherwise read a number matching the CPU doing the read for all irqs < 32 Stop squashing GICD_ITARGETSR to 0 for IRQs 0..28 unless this is an 11MPCore GIC. Reported-by: Jan Kiszka <jan.kiszka@web.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180712154152.32183-3-peter.maydell@linaro.org
2018-07-16hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()Peter Maydell
In gic_deactivate_irq() the interrupt number comes from the guest (on a write to the GICC_DIR register), so we need to sanity check that it isn't out of range before we use it as an array index. Handle this in a similar manner to the check we do in gic_complete_irq() for the GICC_EOI register. The array overrun is not disastrous because the calling code uses (value & 0x3ff) to extract the interrupt field, so the only out-of-range values possible are 1020..1023, which allow overrunning only from irq_state[] into the following irq_target[] array which the guest can already manipulate. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20180712154152.32183-2-peter.maydell@linaro.org
2018-07-16aspeed: Implement write-1-{set, clear} for AST2500 strappingAndrew Jeffery
The AST2500 SoC family changes the runtime behaviour of the hardware strapping register (SCU70) to write-1-set/write-1-clear, with write-1-clear implemented on the "read-only" SoC revision register (SCU7C). For the the AST2400, the hardware strapping is runtime-configured with read-modify-write semantics. Signed-off-by: Andrew Jeffery <andrew@aj.id.au> Reviewed-by: Joel Stanley <joel@jms.id.au> Message-id: 20180709143524.17480-1-andrew@aj.id.au Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16target/arm: Fix LD1W and LDFF1W (scalar plus vector)Richard Henderson
'I' was being double-incremented; correctly within the inner loop and incorrectly within the outer loop. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20180711103957.3040-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2018-07-16' into ↵Peter Maydell
staging Miscellaneous patches for 2018-07-16 (3.0.0-rc1) # gpg: Signature made Mon 16 Jul 2018 14:50:07 BST # gpg: using RSA key 3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-misc-2018-07-16: monitor: Fix tracepoint crash on JSON syntax error MAINTAINERS: New section "Incompatible changes", copy libvir-list qemu-doc: Move appendix "Deprecated features" to its own file cli qmp: Mark --preconfig, exit-preconfig experimental qapi: Do not expose "allow-preconfig" in query-qmp-schema Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16monitor: Fix tracepoint crash on JSON syntax errorMarkus Armbruster
When tracepoint handle_qmp_command is enabled, we crash on JSON syntax errors. Broken in commit 1cc37471525. Fix by skipping the tracepoint on JSON syntax error. Before the flawed commit, we skipped it by returning early. Fixes: CID 1394216 Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20180716091012.29510-1-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com>
2018-07-16MAINTAINERS: New section "Incompatible changes", copy libvir-listMarkus Armbruster
Libvirt developers would like to be copied on patches to qemu-doc appendix "Deprecated features". Do them the favor. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20180716073226.21127-3-armbru@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-16qemu-doc: Move appendix "Deprecated features" to its own fileMarkus Armbruster
Consumers of QEMU need to track feature deprecation. Keeping deprecation documentation in its own file helps in two small ways: * You can track changes the easy and obvious way, with git-log. Before, you had to resort to more complex gittery like "git-log --oneline -L '/@node Deprecated features/,/@node Supported build platforms/:qemu-doc.texi'" * It lets us use MAINTAINERS to copy interested parties on deprecation patches, so they can advise or object before they're a done deal. The next commit will do that for libvirt. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20180716073226.21127-2-armbru@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-16cli qmp: Mark --preconfig, exit-preconfig experimentalMarkus Armbruster
Committing to the current --preconfig / exit-preconfig interface before it has seen any use is premature. Mark both as experimental, the former in documentation, the latter by renaming it to x-exit-preconfig. See the previous commit for more detailed rationale. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20180705091402.26244-3-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: Igor Mammedov <imammedo@redhat.com> [Straightforward conflict with commit 514337c142f resolved]
2018-07-16qapi: Do not expose "allow-preconfig" in query-qmp-schemaMarkus Armbruster
According to commit 047f7038f58, option --preconfig [...] allows pausing QEMU in the new RUN_STATE_PRECONFIG state, allowing the configuration of QEMU from QMP before the machine jumps into board initialization code of machine_run_board_init() The intent is to allow management to query machine state and additionally configure it using previous query results within one QEMU instance (i.e. eliminate the need to start QEMU twice, 1st to query board specific parameters and 2nd for actual VM start using query results for additional parameters). The implementation is a bit of a hack: it splices in an additional main loop before machine creation, in special runstate preconfig. New command exit-preconfig exits that main loop. QEMU continues initializing, creates the machine, and runs the good old main loop. The replacement of the main loop is transparent to monitors. Sadly, some commands expect initialization to be complete. Running them in --preconfig's main loop violates their preconditions. Since we don't really know which commands are safe, we use a whitelist. This drags the concept of run state into the QMP core. The whitelist is done as a command flag in the QAPI schema (commit d6fe3d02e9a). Drags the concept of run state further into the QAPI language. The command flag is exposed in query-qmp-schema (also commit d6fe3d02e9a). This makes it ABI. I consider the whole thing an offensively ugly hack, but sometimes an ugly hack is the best we can do to solve a problem people have. The need described by the commit message quote above is genuine. The proper solution would be a main loop that permits complete configuration via QMP. This is out of reach, thus the hack. However, even though the need is genuine, it isn't urgent: libvirt is not going to use this anytime soon. Baking a hack into ABI before it has any users is a bad idea. This commit reverts the parts of commit d6fe3d02e9a that affect ABI via query-qmp-schema. The commit did the following: (1) Add command flag 'allow-preconfig' to the QAPI schema language (2) Pass it to code generators (3) Have the commands.py code generator pass it to the command registry (so commit 047f7038f58 can use it as whitelist) (4) Add 'allow-preconfig' to SchemaInfoCommand (neglecting to update qapi-code-gen.txt section "Client JSON Protocol introspection") (5) Set 'allow-preconfig': true for commands qmp_capabilities, query-commands, query-command-line-options, query-status Revert exactly (4), plus a bit of documentation added to qemu-tech.info in commit 047f7038f58. Shrinks query-qmp-schema's output from 126.5KiB to 121.8KiB for me. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20180705091402.26244-2-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: Igor Mammedov <imammedo@redhat.com> [Straightforward conflict with commit d626b6c1ae7 resolved]
2018-07-16Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-3.0-20180716' ↵Peter Maydell
into staging ppc patch queue 2018-07-16 Here's my first hard freeze pull request for qemu-3.0. This contains an assortment of bugfixes. Several are for regressions, others are for bugs that I think are significant enough to address during hard freeze. # gpg: Signature made Mon 16 Jul 2018 09:28:37 BST # gpg: using RSA key 6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-3.0-20180716: sm501: Fix warning about unreachable code sam460ex: Correct use after free error etsec: fix IRQ (un)masking ppc/xics: fix ICP reset path spapr: Correct inverted test in spapr_pc_dimm_node() sm501: Update screen on frame buffer address change Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16Merge remote-tracking branch ↵Peter Maydell
'remotes/vivier2/tags/linux-user-for-3.0-pull-request' into staging Some fixes for linux-user: - workaround for CMSG_NXTHDR bug - two patches for ppc64/ppc64le host: fix fcntl() with *LK64 commands (seen when dpkg wants to lock the DB) fix reserved_va alignment (ppc64 needs a 64kB alignment) - convert a forgotten fcntl() to safe_fcntl() # gpg: Signature made Sun 15 Jul 2018 20:51:19 BST # gpg: using RSA key F30C38BD3F2FBE3C # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" # gpg: aka "Laurent Vivier <laurent@vivier.eu>" # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier2/tags/linux-user-for-3.0-pull-request: Zero out the host's `msg_control` buffer linux-user: fix mmap_find_vma_reserved() linux-user: convert remaining fcntl() to safe_fcntl() linux-user: ppc64: use the correct values for F_*LK64s Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16sm501: Fix warning about unreachable codeBALATON Zoltan
Coverity warned that the false arm of conditional expression is unreachable when it is inside an if with the same condition. Remove the unreachable code to avoid the warning. Fixes: CID 1394215 Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-16sam460ex: Correct use after free errorBALATON Zoltan
Commit 51b0d834c changed error handling to report file name in error message but forgot to move freeing it after usage. Noticed by Coverity. Fixes: CID 1394217 Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-16etsec: fix IRQ (un)maskingMichael Davidsaver
Interrupt conditions occurring while masked are not being signaled when later unmasked. The fix is to raise/lower IRQs when IMASK is changed. To avoid problems like this in future, consolidate IRQ pin update logic in one function. Also fix probable typo "IEVENT_TXF | IEVENT_TXF", and update IRQ pins on reset. Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-16ppc/xics: fix ICP reset pathGreg Kurz
Recent cleanup in commit a028dd423ee6 dropped the ICPStateClass::reset handler. It is now up to child ICP classes to call the DeviceClass::reset handler of the parent class, thanks to device_class_set_parent_reset(). This is a better object programming pattern, but unfortunately it causes QEMU to crash during CPU hotplug: (qemu) device_add host-spapr-cpu-core,id=core1,core-id=1 Segmentation fault (core dumped) When the hotplug path tries to reset the ICP device, we end up calling: static void icp_kvm_reset(DeviceState *dev) { ICPStateClass *icpc = ICP_GET_CLASS(dev); icpc->parent_reset(dev); but icpc->parent_reset is NULL... This happens because icp_kvm_class_init() calls: device_class_set_parent_reset(dc, icp_kvm_reset, &icpc->parent_reset); but dc->reset, ie, DeviceClass::reset for the TYPE_ICP type, is itself NULL. This patch hence sets DeviceClass::reset for the TYPE_ICP type to point to icp_reset(). It then registers a reset handler that calls DeviceClass::reset. If the ICP subtype has configured its own reset handler with device_class_set_parent_reset(), this ensures it will be called first and it can then call ICPStateClass::parent_reset safely. This fixes the reset path for the TYPE_KVM_ICP type, which is the only subtype that defines its own reset function. Reported-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com> Suggested-by: David Gibson <david@gibson.dropbear.id.au> Fixes: a028dd423ee6dfd091a8c63028240832bf10f671 Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-16spapr: Correct inverted test in spapr_pc_dimm_node()David Gibson
This function was introduced between v2.11 and v2.12 to replace obsolete ways of specifying the NUMA nodes for DIMMs. It's used to find the correct node for an LMB, by locating which DIMM object it lies within. Unfortunately, one of the checks is inverted, so we check whether the address is less than two different things, rather than actually checking a range. This introduced a regression, meaning that after a reboot qemu will advertise incorrect node information for memory to the guest. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2018-07-16sm501: Update screen on frame buffer address changeBALATON Zoltan
When the guest changes the address of the frame buffer we need to refresh the screen to correctly display the new content. This fixes display update problems when changing between screens on AmigaOS. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-15Zero out the host's `msg_control` bufferJonas Schievink
If this is not done, qemu would drop any control message after the first one. This is because glibc's `CMSG_NXTHDR` macro accesses the uninitialized cmsghdr's length field in order to find out if the message fits into the `msg_control` buffer, wrongly assuming that it doesn't because the length field contains garbage. Accessing the length field is fine for completed messages we receive from the kernel, but is - as far as I know - not needed since the kernel won't return such an invalid cmsghdr in the first place. This is tracked as this glibc bug: https://sourceware.org/bugzilla/show_bug.cgi?id=13500 It's probably also a good idea to bail with an error if `CMSG_NXTHDR` returns NULL but `TARGET_CMSG_NXTHDR` doesn't (ie. we still expect cmsgs). Signed-off-by: Jonas Schievink <jonasschievink@gmail.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20180711221244.31869-1-jonasschievink@gmail.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-07-15linux-user: fix mmap_find_vma_reserved()Laurent Vivier
The value given by mmap_find_vma_reserved() is used with mmap(), so it is needed to be aligned with the host page size. Since commit 18e80c55bb, reserved_va is only aligned to TARGET_PAGE_SIZE, and it works well if this size is greater or equal to the host page size. But ppc64 hosts have 64kB page size and when we start a 4kiB page size guest (like i386), it fails when it tries to mmap the stack: mmap stack: Invalid argument Fixes: 18e80c55bb (linux-user: Tidy and enforce reserved_va initialization) Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20180714193553.30846-1-laurent@vivier.eu>
2018-07-15linux-user: convert remaining fcntl() to safe_fcntl()Laurent Vivier
Commit 435da5e709 didn't convert a fcntl() call to safe_fcntl() for TARGET_NR_fcntl64 case. There is no reason to not use it in this case. Fixes: 435da5e709 linux-user: Use safe_syscall wrapper for fcntl Signed-off-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20180713125805.10749-1-laurent@vivier.eu>
2018-07-15linux-user: ppc64: use the correct values for F_*LK64sShivaprasad G Bhat
Qemu includes the glibc headers for the host defines and target headers are part of the qemu source themselves. The glibc has the F_GETLK64, F_SETLK64 and F_SETLKW64 defined to 12, 13 and 14 for all archs in sysdeps/unix/sysv/linux/bits/fcntl-linux.h. The linux kernel generic definition for F_*LK is 5, 6 & 7 and F_*LK64* is 12,13, and 14 as seen in include/uapi/asm-generic/fcntl.h. On 64bit machine, by default the kernel assumes all F_*LK to 64bit calls and doesnt support use of F_*LK64* as can be seen in include/linux/fcntl.h in linux source. On x86_64 host, the values for F_*LK64* are set to 5, 6 and 7 explicitly in /usr/include/x86_64-linux-gnu/bits/fcntl.h by the glibc. Whereas, a PPC64 host doesn't have such a definition in /usr/include/powerpc64le-linux-gnu/bits/fcntl.h by the glibc. So, the sources on PPC64 host sees the default value of F_*LK64* as 12, 13 & 14(fcntl-linux.h). Since the 64bit kernel doesnt support 12, 13 & 14; the glibc fcntl syscall implementation(__libc_fcntl*(), __fcntl64_nocancel) does the F_*LK64* value convertion back to F_*LK* values on PPC64 as seen in sysdeps/unix/sysv/linux/powerpc/powerpc64/sysdep.h with FCNTL_ADJUST_CMD() macro. Whereas on x86_64 host the values for F_*LK64* are set to 5, 6 and 7 and no adjustments are needed. Since qemu doesnt use the glibc fcntl, but makes the safe_syscall* on its own, the PPC64 qemu is calling the syscall with 12, 13, and 14(without adjustment) and they all fail. The fcntl calls to F_GETLK/F_SETLK|W all fail by all pplications run on PPC64 host user emulation. The fix here could be to see why on PPC64 the glibc is still keeping F_*LK64* different from F_*LK and why adjusting them to 5, 6 and 7 before the syscall for PPC only. See if we can make the /usr/include/powerpc64le-linux-gnu/bits/fcntl.h to have the values 5, 6 & 7 just like x86_64 and remove the adjustment code in glibc. That way, qemu sources see the kernel supported values in glibc headers. OR On PPC64 host, qemu sources see both F_*LK & F_*LK64* as same and set to 12, 13 and 14 because __USE_FILE_OFFSET64 is defined in qemu sources(also refer sysdeps/unix/sysv/linux/bits/fcntl-linux.h). Do the value adjustment just like it is done by glibc source by using F_GETLK value of 5. That way, we make the syscalls with the actual supported values in Qemu. The patch is taking this approach. Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <153148521235.87746.14142430397318741182.stgit@lep8c.aus.stglabs.ibm.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-07-13docs: Grammar and spelling fixesVille Skyttä
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 20180612065150.21110-1-ville.skytta@iki.fi Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches: - file-posix: Check correct file type (regular file for 'file', character or block device for 'host_device'/'host_cdrom') - scsi-disk: Block Device Characteristics emulation fix - qemu-img: Consider required alignment for sparse area detection - Documentation and test improvements # gpg: Signature made Thu 12 Jul 2018 17:29:17 BST # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: qemu-img: align result of is_allocated_sectors scsi-disk: Block Device Characteristics emulation fix iotests: add test 226 for file driver types file-posix: specify expected filetypes qemu-img: Document copy offloading implications with -S and -c iotests: nbd: Stop qemu-nbd before remaking image iotests: 153: Fix dead code Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12qemu-img: align result of is_allocated_sectorsPeter Lieven
We currently don't enforce that the sparse segments we detect during convert are aligned. This leads to unnecessary and costly read-modify-write cycles either internally in Qemu or in the background on the storage device as nearly all modern filesystems or hardware have a 4k alignment internally. This patch modifies is_allocated_sectors so that its *pnum result will always end at an alignment boundary. This way all requests will end at an alignment boundary. The start of all requests will also be aligned as long as the results of get_block_status do not lead to an unaligned offset. The number of RMW cycles when converting an example image [1] to a raw device that has 4k sector size is about 4600 4k read requests to perform a total of about 15000 write requests. With this path the additional 4600 read requests are eliminated while the number of total write requests stays constant. [1] https://cloud-images.ubuntu.com/releases/16.04/release/ubuntu-16.04-server-cloudimg-amd64-disk1.vmdk Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12scsi-disk: Block Device Characteristics emulation fixDaniel Henrique Barboza
The current BDC VPD page (page 0xb1) is too short. This can be seen running sg_utils: $ sg_vpd --page=bdc /dev/sda Block device characteristics VPD page (SBC): Block device characteristics VPD page length too short=8 By the SCSI spec, the expected size of the SBC page is 0x40. There is no telling how the guest will behave with a shorter message - it can ignore it, or worse, make (wrong) assumptions. This patch fixes the emulation by setting the size to 0x40. This is the output of the previous sg_vpd command after applying it: $ sg_vpd --page=bdc /dev/sda -v inquiry cdb: 12 01 b1 00 fc 00 Block device characteristics VPD page (SBC): [PQual=0 Peripheral device type: disk] Medium rotation rate is not reported Product type: Not specified WABEREQ=0 WACEREQ=0 Nominal form factor not reported FUAB=0 VBULS=0 To improve readability, this patch also adds the VBULS value explictly and add comments on the existing fields we're setting. Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12iotests: add test 226 for file driver typesJohn Snow
Test that we're rejecting what we ought to for file, host_driver and host_cdrom drivers. Test that we're seeing the deprecated message for block and chardevs on the file driver. Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12file-posix: specify expected filetypesJohn Snow
Adjust each caller of raw_open_common to specify if they are expecting host and character devices or not. Tighten expectations of file types upon open in the common code and refuse types that are not expected. This has two effects: (1) Character and block devices are now considered deprecated for the 'file' driver, which expects only S_IFREG, and (2) no file-posix driver (file, host_cdrom, or host_device) can open directories now. I don't think there's a legitimate reason to open directories as if they were files. This prevents QEMU from opening and attempting to probe a directory inode, which can break in exciting ways. One of those ways is lseek on ext4/xfs, which will return 0x7fffffffffffffff as the file size instead of EISDIR. This can coax QEMU into responding with a confusing "file too big" instead of "Hey, that's not a file". See: https://bugs.launchpad.net/qemu/+bug/1739304/ Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12qemu-img: Document copy offloading implications with -S and -cFam Zheng
Explicitly enabling zero detection or compression suppresses copy offloading during convert. Document it. Suggested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12iotests: nbd: Stop qemu-nbd before remaking imageFam Zheng
197 is one example where _make_test_img is used twice without stopping the NBD server in between. An error will occur like this: @@ -26,9 +26,13 @@ === Partial final cluster === +qemu-img: TEST_DIR/t.IMGFMT: Failed to get "resize" lock +Is another process using the image? Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1024 +Failed to find an available port: Address already in use read 1024/1024 bytes at offset 0 Patch _make_test_img to stop the old qemu-nbd before starting a new one, which fixes this problem, and similarly 215. Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12iotests: 153: Fix dead codeFam Zheng
This step was left behind my mistake. As suggested by the echoed text, the intention was to test two devices with the same image, with different options. The behavior should be the same as two QEMU processes. Complete it. Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12ui/cocoa.m: replace scrollingDeltaY with deltaYJohn Arbuckle
The NSEvent class method scrollingDeltaY is available for Mac OS 10.7 and newer. Since QEMU supports Mac OS 10.5 and up, we need to be using a method that is available on these version of Mac OS X. The deltaY method is a method that does almost the same thing as scrollingDeltaY and is available on Mac OS 10.5 and up. So we can replace scrollingDeltaY with deltaY. We only check deltaY's value if it is not zero because zero means that the scrolling increment was sufficiently fine that it was only reported in scrollingDeltaY, or that the scrolling was horizontal. Signed-off-by: John Arbuckle <programmingkidx@gmail.com> Message-id: 20180709150235.7573-1-programmingkidx@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: tweak commit message and comment a little] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20180712' into ↵Peter Maydell
staging pull-seccomp-20180712 # gpg: Signature made Thu 12 Jul 2018 13:55:34 BST # gpg: using RSA key DF32E7C0F0FFF9A2 # gpg: Good signature from "Eduardo Otubo (Senior Software Engineer) <otubo@redhat.com>" # Primary key fingerprint: D67E 1B50 9374 86B4 0723 DBAB DF32 E7C0 F0FF F9A2 * remotes/otubo/tags/pull-seccomp-20180712: seccomp: allow sched_setscheduler() with SCHED_IDLE policy Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12seccomp: allow sched_setscheduler() with SCHED_IDLE policyMarc-André Lureau
Current and upcoming mesa releases rely on a shader disk cash. It uses a thread job queue with low priority, set with sched_setscheduler(SCHED_IDLE). However, that syscall is rejected by the "resourcecontrol" seccomp qemu filter. Since it should be safe to allow lowering thread priority, let's allow scheduling thread to idle policy. Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1594456 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com>
2018-07-12Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180712' into stagingPeter Maydell
- fix confusion around sizes in storage attribute migration - remove NULL check on error_propagate() in virtio-ccw # gpg: Signature made Thu 12 Jul 2018 10:27:28 BST # gpg: using RSA key DECF6B93C6F02FAF # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" # gpg: aka "Cornelia Huck <cohuck@kernel.org>" # gpg: aka "Cornelia Huck <cohuck@redhat.com>" # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20180712: error: Remove NULL checks on error_propagate() calls s390x/storage attributes: fix CMMA_BLOCK_SIZE usage Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12Merge remote-tracking branch 'remotes/awilliam/tags/vfio-fixes-20180711.1' ↵Peter Maydell
into staging VFIO fixes 2018-07-11 - Avoid RAMBlock segfault in option ROM teardown for vfio-pci devices (Cédric Le Goater) # gpg: Signature made Wed 11 Jul 2018 20:44:44 BST # gpg: using RSA key 239B9B6E3BB08B22 # gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" # gpg: aka "Alex Williamson <alex@shazbot.org>" # gpg: aka "Alex Williamson <alwillia@redhat.com>" # gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" # Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B 8A90 239B 9B6E 3BB0 8B22 * remotes/awilliam/tags/vfio-fixes-20180711.1: vfio/pci: do not set the PCIDevice 'has_rom' attribute Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2018-07-11' ↵Peter Maydell
into staging Monitor patches for 2018-07-11 # gpg: Signature made Wed 11 Jul 2018 20:12:31 BST # gpg: using RSA key 3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-monitor-2018-07-11: monitor: fix double-free of request error Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-11vfio/pci: do not set the PCIDevice 'has_rom' attributeCédric Le Goater
PCI devices needing a ROM allocate an optional MemoryRegion with pci_add_option_rom(). pci_del_option_rom() does the cleanup when the device is destroyed. The only action taken by this routine is to call vmstate_unregister_ram() which clears the id string of the optional ROM RAMBlock and now, also flags the RAMBlock as non-migratable. This was recently added by commit b895de502717 ("migration: discard non-migratable RAMBlocks"), . VFIO devices do their own loading of the PCI option ROM in vfio_pci_size_rom(). The memory region is switched to an I/O region and the PCI attribute 'has_rom' is set but the RAMBlock of the ROM region is not allocated. When the associated PCI device is deleted, pci_del_option_rom() calls vmstate_unregister_ram() which tries to flag a NULL RAMBlock, leading to a SEGV. It seems that 'has_rom' was set to have memory_region_destroy() called, but since commit 469b046ead06 ("memory: remove memory_region_destroy") this is not necessary anymore as the MemoryRegion is freed automagically. Remove the PCIDevice 'has_rom' attribute setting in vfio. Fixes: b895de502717 ("migration: discard non-migratable RAMBlocks") Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-07-11monitor: fix double-free of request errorMarc-André Lureau
qmp_error_response() will free the given error. Fix double-free in later qmp_request_free(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180705164201.9853-1-marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Fixes: 1cc37471525d03f963bc71d724f0dc9eab888fc1 Signed-off-by: Markus Armbruster <armbru@redhat.com>
2018-07-11error: Remove NULL checks on error_propagate() callsPhilippe Mathieu-Daudé
Patch created mechanically by rerunning: $ spatch --sp-file scripts/coccinelle/error_propagate_null.cocci \ --macro-file scripts/cocci-macro-file.h \ --dir . --in-place Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20180705155811.20366-3-f4bug@amsat.org> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-07-11s390x/storage attributes: fix CMMA_BLOCK_SIZE usageClaudio Imbrenda
The macro CMMA_BLOCK_SIZE was defined but not used, and a hardcoded value was instead used in the code. This patch fixes the value of CMMA_BLOCK_SIZE and uses it in the appropriate place in the code, and fixes another case of hardcoded value in the KVM backend, replacing it with the more appropriate constant KVM_S390_CMMA_SIZE_MAX. Signed-off-by: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com> Message-Id: <1530787170-3101-1-git-send-email-imbrenda@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-07-10Update version for v3.0.0-rc0 releasev3.0.0-rc0Peter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-10Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches: - Copy offloading fixes for when the copy increases the image size - Temporary revert of the removal of deprecated -drive options - Fix request serialisation in the image fleecing scenario - Fix copy-on-read crash with unaligned image size - Fix another drain crash # gpg: Signature made Tue 10 Jul 2018 16:37:52 BST # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: (24 commits) block: Use common write req handling in truncate block: Fix bdrv_co_truncate overlap check block: Use common req handling in copy offloading block: Use common req handling for discard block: Fix handling of image enlarging write block: Extract common write req handling block: Use uint64_t for BdrvTrackedRequest byte fields block: Use BdrvChild to discard block: Add copy offloading trace points block: Prefix file driver trace points with "file_" Revert "block: Remove deprecated -drive geometry options" Revert "block: Remove deprecated -drive option addr" Revert "block: Remove deprecated -drive option serial" Revert "block: Remove dead deprecation warning code" block/blklogwrites: Make sure the log sector size is not too small qapi/block-core.json: Add missing documentation for blklogwrites log-append option block/backup: fix fleecing scheme: use serialized writes block: add BDRV_REQ_SERIALISING flag block: split flags in copy_range block/io: fix copy_range ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-10Merge remote-tracking branch ↵Peter Maydell
'remotes/dgilbert/tags/pull-migration-20180710a' into staging Migration pull 2018-07-10 (for 3.0) Migration fixes and migration test fixes, mostly around postcopy and postcopy recovery # gpg: Signature made Tue 10 Jul 2018 16:27:19 BST # gpg: using RSA key 0516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20180710a: migration: reorder MIG_CMD_POSTCOPY_RESUME tests: hide stderr for postcopy recovery test tests: add postcopy recovery test tests: introduce wait_for_migration_status() tests: introduce migrate_query*() helpers tests: allow migrate() to take extra flags tests: introduce migrate_postcopy_* helpers migration: show pause/recover state on dst host migration: fix incorrect bitmap size calculation migration: loosen recovery check when load vm migration: simplify check to use qemu file buffer migration: unify incoming processing migration: unbreak postcopy recovery migration: move income process out of multifd migration: delay postcopy paused state Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-10block: Use common write req handling in truncateFam Zheng
Truncation is the last to convert from open coded req handling to reusing helpers. This time the permission check in prepare has to adapt to the new caller: it checks a different permission bit, and doesn't trigger the before write notifier. Also, truncation should always trigger a bs->total_sectors update and in turn call parent resize_cb. Update the condition in finish helper, too. It's intended to do a duplicated bs->read_only check before calling bdrv_co_write_req_prepare() so that we can be more informative with the error message, as bdrv_co_write_req_prepare() doesn't have Error parameter. Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10block: Fix bdrv_co_truncate overlap checkFam Zheng
If we are growing the image and potentially using preallocation for the new area, we need to make sure that no write requests are made to the "preallocated" area which is [@old_size, @offset), not [@offset, offset * 2 - @old_size). Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10block: Use common req handling in copy offloadingFam Zheng
This brings the request handling logic inline with write and discard, fixing write_gen, resize_cb, dirty bitmaps and image size refreshing. The last of these issues broke iotest case 222, which is now fixed. Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10block: Use common req handling for discardFam Zheng
Reuse the new bdrv_co_write_req_prepare/finish helpers. The variation here is that discard requests don't affect bs->wr_highest_offset, and it cannot extend the image. Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-10migration: reorder MIG_CMD_POSTCOPY_RESUMEPeter Xu
It was accidently added before MIG_CMD_PACKAGED so it might break command compatibility when we run postcopy migration between old/new QEMUs. Fix that up quickly before the QEMU 3.0 release. Reported-by: Lukáš Doktor <ldoktor@redhat.com> Suggested-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180710094424.30754-1-peterx@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>