aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-07-01Added Bulgarian translationAlexander Shopov
Signed-off-by: Alexander Shopov <ash@kambanaria.org> Message-id: 20160626105922.40590-2-ash@kambanaria.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-01Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160701' ↵Peter Maydell
into staging ppc patch queue 2016-07-01 Here's the current ppc patch queue. This is a fairly large batch, containing: * A number of further preliminary patches towards full hypervisor mode emulation * Some further fixes / cleanups for the recently merged device_add based CPU hotplug * Preliminary patches towards supporting a native (rather than paravirtualized) XICS device. This will be needed to emulate a physical Power machine, including hypervisor capabilities * Assorted bug fixes # gpg: Signature made Fri 01 Jul 2016 06:56:35 BST # gpg: using RSA key 0x6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-2.7-20160701: (23 commits) qmp: fix spapr example of query-hotpluggable-cpus spapr: drop duplicate variable in spapr_core_release() spapr: do proper error propagation in spapr_cpu_core_realize_child() spapr: drop reference on child object during core realization spapr: Restore support for 970MP and POWER8NVL CPU cores target-ppc: gen_pause for instructions: yield, mdoio, mdoom, miso ppc/xics: Replace "icp" with "xics" in most places ppc/xics: Implement H_IPOLL using an accessor ppc/xics: Move SPAPR specific code to a separate file ppc/xics: Rename existing xics to xics_spapr ppc: Fix 64K pages support in full emulation target-ppc: Eliminate redundant and incorrect function booke206_page_size_to_tlb spapr: Restore support for older PowerPC CPU cores spapr: fix write-past-end-of-array error in cpu core device init code hw/ppc/spapr: Add some missing hcall function set strings ppc: Print HSRR0/HSRR1 in "info registers" ppc: LPCR is a HV resource ppc: Initial HDEC support ppc: Enforce setting MSR:EE,IR and DR when MSR:PR is set ppc: Fix conditions for delivering external interrupts to a guest ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-01Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20160630.0' ↵Peter Maydell
into staging VFIO updates 2016-06-30 - Fix VGA quirks (stable 2.6) (Alex Williamson) - Registering PCIe extended capabilities (Chen Fan) - Hide read-only SR-IOV capability from VM (Alex Williamson) - MemoryRegionIOMMUOps.notify_started/stopped (Alexey Kardashevskiy) - hw_error on intel_iommu notify_started (Alex Williamson) # gpg: Signature made Thu 30 Jun 2016 20:45:55 BST # gpg: using RSA key 0x239B9B6E3BB08B22 # gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" # gpg: aka "Alex Williamson <alex@shazbot.org>" # gpg: aka "Alex Williamson <alwillia@redhat.com>" # gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" # Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B 8A90 239B 9B6E 3BB0 8B22 * remotes/awilliam/tags/vfio-update-20160630.0: intel_iommu: Throw hw_error on notify_started memory: Add MemoryRegionIOMMUOps.notify_started/stopped callbacks vfio/pci: Hide SR-IOV capability vfio: add pcie extended capability support vfio/pci: Fix VGA quirks Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-01Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-06-30' into ↵Peter Maydell
staging QAPI patches 2016-06-30 # gpg: Signature made Thu 30 Jun 2016 14:29:43 BST # gpg: using RSA key 0x3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-qapi-2016-06-30: qapi: Fix memleak in string visitors on int lists qapi: Simplify use of range.h range: Create range.c for code that should not be inline qapi: Fix crash on missing alternate member of QAPI struct checkpatch: There is no qemu_strtod() qobject: Correct JSON lexer grammar comments json-streamer: Don't leak tokens on incomplete parse Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-01qmp: fix spapr example of query-hotpluggable-cpusIgor Mammedov
27393c33 qapi: keep names in 'CpuInstanceProperties' in sync with struct CPUCore added -id suffix to property names but forgot to fix example in qmp-commands.hx Fix example to have 'core-id' instead of 'core' to match current code Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01spapr: drop duplicate variable in spapr_core_release()Greg Kurz
Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01spapr: do proper error propagation in spapr_cpu_core_realize_child()Greg Kurz
This patch changes spapr_cpu_core_realize_child() to have a local error pointer and use error_propagate() as it is supposed to be done. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01spapr: drop reference on child object during core realizationGreg Kurz
When a core is being realized, we create a child object for each thread of the core. The child is first initialized with object_initialize() which sets its ref count to 1, and then added to the core with object_property_add_child() which bumps the ref count to 2. When the core gets released, object_unparent() decreases the ref count to 1, and we g_free() the object: we hence loose the reference on an unfinalized object. This is likely to cause random crashes. Let's drop the extra reference as soon as we don't need it, after the thread is added to the core. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01spapr: Restore support for 970MP and POWER8NVL CPU coresBharata B Rao
Introduction of core based CPU hotplug for PowerPC sPAPR didn't add support for 970MP and POWER8NVL based core types. Add support for the same. While we are here, add support for explicit specification of POWER5+_v2.1 core type. Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01target-ppc: gen_pause for instructions: yield, mdoio, mdoom, misoAaron Larson
Call gen_pause for all "or rx,rx,rx" encodings other nop. This provides a reasonable implementation for yield, and a better approximation for mdoio, mdoom, and miso. The choice to pause for all encodings !=0 leverages the PowerISA admonition that the reserved encodings might change program priority, providing a slight "future proofing". Signed-off-by: Aaron Larson <alarson@ddci.com> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc/xics: Replace "icp" with "xics" in most placesBenjamin Herrenschmidt
The "ICP" is a different object than the "XICS". For historical reasons, we have a number of places where we name a variable "icp" while it contains a XICSState pointer. There *is* an ICPState structure too so this makes the code really confusing. This is a mechanical replacement of all those instances to use the name "xics" instead. There should be no functional change. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> [spapr_cpu_init has been moved to spapr_cpu_core.c, change there] Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc/xics: Implement H_IPOLL using an accessorBenjamin Herrenschmidt
None of the other presenter functions directly mucks with the internal state, so don't do it there either. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc/xics: Move SPAPR specific code to a separate fileBenjamin Herrenschmidt
Leave the core ICP/ICS logic in xics.c and move the top level class wrapper, hypercall and RTAS handlers to xics_spapr.c Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> [add cpu.h in xics_spapr.c, move set_nr_irqs and set_nr_servers to xics_spapr.c] Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc/xics: Rename existing xics to xics_spaprBenjamin Herrenschmidt
The common class doesn't change, the KVM one is sPAPR specific. Rename variables and functions to xics_spapr. Retain the type name as "xics" to preserve migration for existing sPAPR guests. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc: Fix 64K pages support in full emulationBenjamin Herrenschmidt
We were always advertising only 4K & 16M. Additionally the code wasn't properly matching the page size with the PTE content, which meant we could potentially hit an incorrect PTE if the guest used multiple sizes. Finally, honor the CPU capabilities when decoding the size from the SLB so we don't try to use 64K pages on 970. This still doesn't add support for MPSS (Multiple Page Sizes per Segment) Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> [clg: fixed checkpatch.pl errors commits 61a36c9b5a12 and 1114e712c998 reworked the hpte code doing insertion/removal in hw/ppc/spapr_hcall.c. The hunks modifying these areas were removed. ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01target-ppc: Eliminate redundant and incorrect function booke206_page_size_to_tlbAaron Larson
Eliminate redundant and incorrect booke206_page_size_to_tlb function from ppce500_spin.c in preference to previously existing but newly exported definition from e500.c Defect analysis: The booke206_page_size_to_tlb function in e500.c was updated in commit 2bd9543 "ppc: booke206: use MAV=2.0 TSIZE definition, fix 4G pages" to reflect a change in the definition of MAS1_TSIZE_SHIFT from 8 (corresponding to a min TLB page size of 4kb) to a value of 7 (TLB page size 2k). The booke206_page_size_to_tlb() function defined in ppce500_spin.c was never updated to reflect the change in MAS1_TSIZE_SHIFT. In http://lists.nongnu.org/archive/html/qemu-ppc/2016-06/msg00533.html, Scott Wood suggested this "root cause" explanation: SW> The patch that changed MAS1_TSIZE_SHIFT from 8 to 7 was around the SW> same time as the patch that added this code, which is probably why SW> adjusting it got missed. Commit 2bd9543cd3 did update the SW> equivalent code in ppce500_mpc8544ds.c, which now resides in SW> hw/ppc/e500.c and has been changed to not assume a power-of-2 SW> size. The ppce500_spin version should be eliminated. Signed-off-by: Aaron Larson <alarson@ddci.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01spapr: Restore support for older PowerPC CPU coresBharata B Rao
Introduction of core based CPU hotplug for PowerPC sPAPR didn't add support for 970 and POWER5+ based core types. Add support for the same. Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01spapr: fix write-past-end-of-array error in cpu core device init codeGreg Kurz
This fixes a potential QEMU crash introduced by commit 3b542549661. Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01hw/ppc/spapr: Add some missing hcall function set stringsThomas Huth
Add "hcall-sprg0" (for H_SET_SPRG0), "hcall-copy" (for H_PAGE_INIT) and "hcall-debug" (for H_LOGICAL_CI_LOAD/STORE) to the property "ibm,hypertas-functions" to indicate that we support these hypercalls. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc: Print HSRR0/HSRR1 in "info registers"Benjamin Herrenschmidt
They are generally useful when debugging HV mode stuff Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> [clg: fixed checkpatch.pl errors ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc: LPCR is a HV resourceBenjamin Herrenschmidt
Don't allow access in guest mode Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc: Initial HDEC supportBenjamin Herrenschmidt
The current behaviour isn't completely right, as for the DEC, we don't properly re-arm when wrapping around, but I will fix this in a separate patch. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> [clg: fixed checkpatch.pl errors ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc: Enforce setting MSR:EE,IR and DR when MSR:PR is setBenjamin Herrenschmidt
The architecture specifies that any instruction that sets MSR:PR will also set MSR:EE, IR and DR. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc: Fix conditions for delivering external interrupts to a guestBenjamin Herrenschmidt
External interrupts can bypass the MSR_EE test if they occur in guest mode and LPES0 is clear. In that case they are directed to the hypervisor Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc: Use a helper to filter writes to LPCRBenjamin Herrenschmidt
This handles filtering bits based on what is implemented by a given architecture version. We also use it to copy to LPCR some of the relevant 970 HID4 bits. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> [clg: fixed checkpatch.pl errors ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc: Update LPCR definitionsBenjamin Herrenschmidt
Includes all the bits up to ISA 2.07 Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> [clg: fixed checkpatch.pl errors ] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-07-01ppc: Add a bunch of hypervisor SPRs to Book3sBenjamin Herrenschmidt
We don't give them a KVM reg number yet as no current KVM version supports HV mode. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> [clg: SPRs AMOR,DAWR,DARWX were already included in commit f401dd32cb8e9] Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2016-06-30intel_iommu: Throw hw_error on notify_startedAlex Williamson
We don't currently support the MemoryRegionIOMMUOps notifier, so throw an error should a device require it. Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Peter Xu <peterx@redhat.com> Tested-by: Peter Xu <peterx@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-06-30memory: Add MemoryRegionIOMMUOps.notify_started/stopped callbacksAlexey Kardashevskiy
The IOMMU driver may change behavior depending on whether a notifier client is present. In the case of POWER, this represents a change in the visibility of the IOTLB, for other drivers such as intel-iommu and future AMD-Vi emulation, notifier support is not yet enabled and this provides the opportunity to flag that incompatibility. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Peter Xu <peterx@redhat.com> Tested-by: Peter Xu <peterx@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> [new log & extracted from [PATCH qemu v17 12/12] spapr_iommu, vfio, memory: Notify IOMMU about starting/stopping listening] Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-06-30vfio/pci: Hide SR-IOV capabilityAlex Williamson
The kernel currently exposes the SR-IOV capability as read-only through vfio-pci. This is sufficient to protect the host kernel, but has the potential to confuse guests without further virtualization. In particular, OVMF tries to size the VF BARs and comes up with absurd results, ending with an assert. There's not much point in adding virtualization to a read-only capability, so we simply hide it for now. If the kernel ever enables SR-IOV virtualization, we should easily be able to test it through VF BAR sizing or explicit flags. Testing whether we should parse extended capabilities is also pulled into the function to keep these assumptions in one place. Tested-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-06-30vfio: add pcie extended capability supportChen Fan
For vfio pcie device, we could expose the extended capability on PCIE bus. due to add a new pcie capability at the tail of the chain, in order to avoid config space overwritten, we introduce a copy config for parsing extended caps. and rebuild the pcie extended config space. Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-06-30vfio/pci: Fix VGA quirksAlex Williamson
Commit 2d82f8a3cdb2 ("vfio/pci: Convert all MemoryRegion to dynamic alloc and consistent functions") converted VFIOPCIDevice.vga to be dynamically allocted, negating the need for VFIOPCIDevice.has_vga. Unfortunately not all of the has_vga users were converted, nor was the field removed from the structure. Correct these oversights. Reported-by: Peter Maloney <peter.maloney@brockmann-consult.de> Tested-by: Peter Maloney <peter.maloney@brockmann-consult.de> Fixes: 2d82f8a3cdb2 ("vfio/pci: Convert all MemoryRegion to dynamic alloc and consistent functions") Fixes: https://bugs.launchpad.net/qemu/+bug/1591628 Cc: qemu-stable@nongnu.org Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-06-30linux-user: Fix compilation when F_SETPIPE_SZ isn't definedPeter Maydell
Older kernels don't have F_SETPIPE_SZ and F_GETPIPE_SZ (in particular RHEL6's system headers don't define these). Add ifdefs so that we can gracefully fall back to not supporting those guest ioctls rather than failing to build. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-id: 1467304429-21470-1-git-send-email-peter.maydell@linaro.org
2016-06-30pcspk: fix KVMPaolo Bonzini
The link property that was added to the pcspk device has the wrong type: it is only correct for TCG and for KVM's userspace or split irqchip options. The default KVM option (fully in-kernel irqchip) breaks because it uses a PIT whose type is a sibling of TYPE_I8254. Fixes: 873b4d3f0571a1e415cf089a67a230ea8a12d059 Tested-by: Peter Lieven <pl@kamp.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1467298657-6588-1-git-send-email-pbonzini@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-30qapi: Fix memleak in string visitors on int listsEric Blake
Commit 7f8f9ef1 introduced the ability to store a list of integers as a sorted list of ranges, but when merging ranges, it leaks one or more ranges. It was also using range_get_last() incorrectly within range_compare() (a range is a start/end pair, but range_get_last() is for start/len pairs), and will also mishandle a range ending in UINT64_MAX (remember, we document that no range covers 2**64 bytes, but that ranges that end on UINT64_MAX have end < begin). The whole merge algorithm was rather complex, and included unnecessary passes over data within glib functions, and enough indirection to make it hard to easily plug the data leaks. Since we are already hard-coding things to a list of ranges, just rewrite the thing to open-code the traversal and comparisons, by making the range_compare() helper function give us an answer that is easier to use, at which point we avoid the need to pass any callbacks to g_list_*(). Then by reusing range_extend() instead of duplicating effort with range_merge(), we cover the corner cases correctly. Drop the now-unused range_merge() and ranges_can_merge(). Doing this lets test-string-{input,output}-visitor pass under valgrind without leaks. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1464712890-14262-4-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> [Comment hoisted out of loop] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-06-30qapi: Simplify use of range.hEric Blake
Calling our function g_list_insert_sorted_merged is a misnomer, since we are NOT writing a glib function. Furthermore, we are making every caller pass the same comparator function of range_merge(): any caller that would try otherwise would break in weird ways since our internal call to ranges_can_merge() is hard-coded to operate only on ranges, rather than paying attention to the caller's comparator. Better is to fix things so that callers don't have to care about our internal comparator, by picking a function name and updating the parameter type away from a gratuitous use of void*, to make it obvious that we are operating specifically on a list of ranges and not a generic list. Plus, refactoring the code here will make it easier to plug a memory leak in the next patch. range_compare() is now internal only, and moves to the .c file. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1464712890-14262-3-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-06-30range: Create range.c for code that should not be inlineEric Blake
g_list_insert_sorted_merged() is rather large to be an inline function; move it to its own file. range_merge() and ranges_can_merge() can likewise move, as they are only used internally. Also, it becomes obvious that the condition within range_merge() is already satisfied by its caller, and that the return value is not used. The diffstat is misleading, because of the copyright boilerplate. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1464712890-14262-2-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-06-30qapi: Fix crash on missing alternate member of QAPI structEric Blake
If a QAPI struct has a mandatory alternate member which is not present on input, the input visitor reports an error for the missing alternate without setting the discriminator, but the cleanup code for the struct still tries to use the dealloc visitor to clean up the alternate. Commit dbf11922 changed visit_start_alternate to set *obj to NULL when an error occurs, where it was previously left untouched. Thus, before the patch, the dealloc visitor is blindly trying to cleanup whatever branch corresponds to (*obj)->type == 0 (that is, QTYPE_NONE, because *obj still pointed to zeroed memory), which selects the default branch of the switch and sets an error, but this second error is ignored by the way the dealloc visitor is used; but after the patch, the attempt to switch dereferences NULL. When cleaning up after a partial object parse, we specifically check for !*obj after visit_start_struct() (see gen_visit_object()); doing the same for alternates fixes the crash. Enhance the testsuite to give coverage for both missing struct and missing alternate members. Also add an abort - we expect visit_start_alternate() to either set an error or to set (*obj)->type to a valid QType that corresponds to actual user input, and QTYPE_NONE should never be reachable from valid input. Had the abort() been in place earlier, we might have noticed the dealloc visitor dereferencing bogus zeroed memory prior to when commit dbf11922 forced our hand by setting *obj to NULL and causing a fault. Test case: {'execute':'blockdev-add', 'arguments':{'options':{'driver':'raw'}}} The choice of 'driver':'raw' selects a BlockdevOptionsGenericFormat struct, which has a mandatory 'file':'BlockdevRef' in QAPI. Since 'file' is missing as a sibling of 'driver', this should report a graceful error rather than fault. After this patch, we are back to: {"error": {"class": "GenericError", "desc": "Parameter 'file' is missing"}} Generated code in qapi-visit.c changes as: |@@ -2444,6 +2444,9 @@ void visit_type_BlockdevRef(Visitor *v, | if (err) { | goto out; | } |+ if (!*obj) { |+ goto out_obj; |+ } | switch ((*obj)->type) { | case QTYPE_QDICT: | visit_start_struct(v, name, NULL, 0, &err); |@@ -2459,10 +2462,13 @@ void visit_type_BlockdevRef(Visitor *v, | case QTYPE_QSTRING: | visit_type_str(v, name, &(*obj)->u.reference, &err); | break; |+ case QTYPE_NONE: |+ abort(); | default: | error_setg(&err, QERR_INVALID_PARAMETER_TYPE, name ? name : "null", | "BlockdevRef"); | } |+out_obj: | visit_end_alternate(v); Reported by Kashyap Chamarthy <kchamart@redhat.com> CC: qemu-stable@nongnu.org Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1466012271-5204-1-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Tested-by: Kashyap Chamarthy <kchamart@redhat.com> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-06-30checkpatch: There is no qemu_strtod()Eric Blake
Maybe there should be; but until there is, we should not flag strtod() calls as something to replaced with qemu_strtod(). We also lack qemu_strtof() and qemu_strtold(), but as no one has been using strtof() or strtold(), it's not worth complicating the regex for them. (Ironically, I had to use 'git commit -n' since checkpatch uses TAB indents, in violation of its own recommendations.) Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1465526889-8339-3-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-06-30qobject: Correct JSON lexer grammar commentsEric Blake
Fix the regex comments describing what we parse as JSON. No change to the lexer itself, just to the comments: - The "" and '' string construction was missing alternation between different escape sequences - The construction for numbers forgot to handle optional leading '-' - The construction for numbers was grouped incorrectly so that it didn't permit '0.1' - The construction for numbers forgot to mark the exponent as optional - No mention that our '' string and "\'" are JSON extensions - No mention of our %d and related extensions when constructing JSON Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1465526889-8339-2-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> [Eric's regexp simplification squashed in] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-06-30json-streamer: Don't leak tokens on incomplete parseEric Blake
Valgrind complained about a number of leaks in tests/check-qobject-json: ==12657== definitely lost: 17,247 bytes in 1,234 blocks All of which had the same root cause: on an incomplete parse, we were abandoning the token queue without cleaning up the allocated data within each queue element. Introduced in commit 95385fe, when we switched from QList (which recursively frees contents) to g_queue (which does not). We don't yet require glib 2.32 with its g_queue_free_full(), so open-code it instead. CC: qemu-stable@nongnu.org Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1463608012-12760-1-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-06-30MAINTAINERS: Remove Blue Swirl leftoversMarkus Armbruster
Blue hasn't been active in the QEMU project for a long time. Drop his last MAINTAINERS entries. As per Paolo's recommendation, downgrade status of "BSD user" from Maintained to Orphan since the FreeBSD guys effectively forked it, and "SPARC target" from Maintained to Odd Fixes, since we still have the overall TCG maintainer looking after it. I'm leaving Checkpatch's status at Odd Fixes. Calling it Maintained wouldn't be wrong, but I'm not comfortable upgrading it while nobody is willing to have his name nailed to the thing. Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-30MAINTAINERS: update email address for Greg KurzGreg Kurz
While here, also add a section for the tree I use for 9p. Signed-off-by: Greg Kurz <groug@kaod.org> Acked-by: Cédric Le Goater <clg@kaod.org> Acked-by: Cédric Le Goater <clg@fr.ibm.com> Acked-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Message-id: 146617410554.7281.1733165006203821878.stgit@bahia.lan Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-29Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* serial port fixes (Paolo) * Q35 modeling improvements (Paolo, Vasily) * chardev cleanup improvements (Marc-André) * iscsi bugfix (Peter L.) * cpu_exec patch from multi-arch patches (Peter C.) * pci-assign tweak (Lin Ma) # gpg: Signature made Wed 29 Jun 2016 15:56:30 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (35 commits) socket: unlink unix socket on remove socket: add listen feature char: clean up remaining chardevs when leaving vhost-user: disable chardev handlers on close vhost-user-test: fix g_cond_wait_until compat implementation vl: smp_parse: fix regression ich9: implement SCI_IRQ_SEL register ich9: implement ACPI_EN register serial: reinstate watch after migration serial: remove watch on reset char: change qemu_chr_fe_add_watch to return unsigned serial: separate serial_xmit and serial_watch_cb serial: simplify tsr_retry reset serial: make tsr_retry unsigned iscsi: fix assertion in is_sector_request_lun_aligned target-*: Don't redefine cpu_exec() pci-assign: Move "Invalid ROM" error message to pci-assign-load-rom.c vnc: generalize "VNC server running on ..." message scsi: esp: fix migration MC146818 RTC: add GPIO access to output IRQ ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-29Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into stagingPeter Maydell
# gpg: Signature made Wed 29 Jun 2016 04:09:26 BST # gpg: using RSA key 0xBDBE7B27C0DE3057 # gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>" # gpg: aka "Jeffrey Cody <jeff@codyprime.org>" # gpg: aka "Jeffrey Cody <codyprime@gmail.com>" # Primary key fingerprint: 9957 4B4D 3474 90E7 9D98 D624 BDBE 7B27 C0DE 3057 * remotes/cody/tags/block-pull-request: mirror: fix misleading comments blockjob: assert(cb) when create job iotests: add small-granularity mirror test mirror: limit niov to IOV_MAX elements, again mirror: clarify mirror_do_read return code block/gluster: add support for selecting debug logging level mirror: fix trace_mirror_yield_in_flight usage in mirror_iteration() block/nfs: add support for libnfs pagecache block/nfs: refuse readahead if cache.direct is on block/gluster: add support for SEEK_DATA/SEEK_HOLE Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-29socket: unlink unix socket on removeMarc-André Lureau
qemu leaves unix socket files behind when removing a listening chardev or leaving. qemu could clean that up, even if doing so isn't race-free. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1347077 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1466105332-10285-4-git-send-email-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-06-29socket: add listen featureMarc-André Lureau
Add a flag to tell whether the channel socket is listening. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1466105332-10285-3-git-send-email-marcandre.lureau@redhat.com> Acked-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2016-06-29char: clean up remaining chardevs when leavingMarc-André Lureau
This helps to remove various chardev resources leaks when leaving qemu. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1466105332-10285-2-git-send-email-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-06-29vhost-user: disable chardev handlers on closePaolo Bonzini
This otherwise causes a use-after-free if network backend cleanup is performed before character device cleanup. Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-06-29vhost-user-test: fix g_cond_wait_until compat implementationPaolo Bonzini
This fixes compilation with glib versions up to 2.30, such as the one in CentOS 6. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>