aboutsummaryrefslogtreecommitdiff
path: root/cpus.c
AgeCommit message (Collapse)Author
2020-03-16cpus: avoid pause_all_vcpus getting stuck due to raceLongpeng
We found an issue when repeat reboot in guest during migration, it cause the migration thread never be waken up again. <main loop> |<migration_thread> | LOCK BQL | ... | main_loop_should_exit | pause_all_vcpus | 1. set all cpus ->stop=true | and then kick | 2. return if all cpus is paused | (by '->stopped == true'), else| 3. qemu_cond_wait [BQL UNLOCK] | |LOCK BQL |... |do_vm_stop | pause_all_vcpus | (A)set all cpus ->stop=true | and then kick | (B)return if all cpus is paused | (by '->stopped == true'), else | (C)qemu_cond_wait [BQL UNLOCK] 4. be waken up and LOCK BQL | (D)be waken up BUT wait for BQL 5. goto 2. | (BQL is still LOCKed) | resume_all_vcpus | 1. set all cpus ->stop=false | and ->stopped=false | ... | BQL UNLOCK | (E)LOCK BQL | (F)goto B. [but stopped is false now!] |Finally, sleep at step 3 forever. resume_all_vcpus should notice this race, so we need to move the change of runstate before pause_all_vcpus in do_vm_stop() and ignore the resume request if runstate is not running. Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Signed-off-by: Longpeng <longpeng2@huawei.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200316083732.2010-1-longpeng2@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-02-03Wrapper function to wait on condition for the main loop mutexAravinda Prasad
Introduce a wrapper function to wait on condition for the main loop mutex. This function atomically releases the main loop mutex and causes the calling thread to block on the condition. This wrapper is required because qemu_global_mutex is a static variable. Signed-off-by: Aravinda Prasad <arawinda.p@gmail.com> Signed-off-by: Ganesh Goudar <ganeshgr@linux.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <20200130184423.20519-2-ganeshgr@linux.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-01-15tcg: Search includes from the project root source directoryPhilippe Mathieu-Daudé
We currently search both the root and the tcg/ directories for tcg files: $ git grep '#include "tcg/' | wc -l 28 $ git grep '#include "tcg[^/]' | wc -l 94 To simplify the preprocessor search path, unify by expliciting the tcg/ directory. Patch created mechanically by running: $ for x in \ tcg.h tcg-mo.h tcg-op.h tcg-opc.h \ tcg-op-gvec.h tcg-gvec-desc.h; do \ sed -i "s,#include \"$x\",#include \"tcg/$x\"," \ $(git grep -l "#include \"$x\""); \ done Acked-by: David Gibson <david@gibson.dropbear.id.au> (ppc parts) Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200101112303.20724-2-philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-01-07replay: check other timers for icount limitPavel Dovgalyuk
Record/replay can stall when there are no virtual devices that generate events - it just uses all the time for vCPU thread. Therefore main loop has to wait too much for the vCPU thread, because they are synchronized in rr mode. This patch does not let creating too long vCPU executions without interrupting to main loop. It checks realtime timers that always exits to control user input. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Message-Id: <157675958855.14346.18049977447896411847.stgit@pasha-Precision-3630-Tower> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-12-17tcg: move qemu_tcg_configure to accel/tcg/tcg-all.cPaolo Bonzini
Move everything related to mttcg_enabled in accel/tcg/tcg-all.c, which will make even more sense when "thread" becomes a QOM property. For now, initializing mttcg_enabled in the instance_init function prepares for the next patch, which will only invoke qemu_tcg_configure when the command line includes a -accel option. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-10-28cpu: hook plugin vcpu eventsEmilio G. Cota
Signed-off-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2019-10-17Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20191013' into stagingPeter Maydell
Host vector support for tcg/ppc. Fix thread=single cpu kicking. # gpg: Signature made Mon 14 Oct 2019 15:11:55 BST # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth/tags/pull-tcg-20191013: (23 commits) cpus: kick all vCPUs when running thread=single tcg/ppc: Update vector support for v3.00 dup/dupi tcg/ppc: Update vector support for v3.00 load/store tcg/ppc: Update vector support for v3.00 Altivec tcg/ppc: Update vector support for v2.07 FP tcg/ppc: Update vector support for v2.07 VSX tcg/ppc: Update vector support for v2.07 Altivec tcg/ppc: Update vector support for VSX tcg/ppc: Enable Altivec detection tcg/ppc: Support vector dup2 tcg/ppc: Support vector multiply tcg/ppc: Support vector shift by immediate tcg/ppc: Add support for vector saturated add/subtract tcg/ppc: Add support for vector add/subtract tcg/ppc: Add support for vector maximum/minimum tcg/ppc: Add support for load/store/logic/comparison tcg/ppc: Enable tcg backend vector compilation tcg/ppc: Replace HAVE_ISEL macro with a variable tcg/ppc: Replace HAVE_ISA_2_06 tcg/ppc: Create TCGPowerISA and have_isa ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-10-14replay: don't drain/flush bdrv queue while RR is workingPavel Dovgalyuk
In record/replay mode bdrv queue is controlled by replay mechanism. It does not allow saving or loading the snapshots when bdrv queue is not empty. Stopping the VM is not blocked by nonempty queue, but flushing the queue is still impossible there, because it may cause deadlocks in replay mode. This patch disables bdrv_drain_all and bdrv_flush_all in record/replay mode. Stopping the machine when the IO requests are not finished is needed for the debugging. E.g., breakpoint may be set at the specified step, and forcing the IO requests to finish may break the determinism of the execution. Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Acked-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-10-14cpus: kick all vCPUs when running thread=singleAlex Bennée
qemu_cpu_kick is used for a number of reasons including to indicate there is work to be done. However when thread=single the old qemu_cpu_kick_rr_cpu only advanced the vCPU to the next executing one which can lead to a hang in the case that: a) the kick is from outside the vCPUs (e.g. iothread) b) the timers are paused (i.e. iothread calling run_on_cpu) To avoid this lets split qemu_cpu_kick_rr into two functions. One for the timer which continues to advance to the next timeslice and another for all other kicks. Message-Id: <20191001160426.26644-1-alex.bennee@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-09-16cpus: Fix throttling during vm_stopYury Kotov
Throttling thread sleeps in VCPU thread. For high throttle percentage this sleep is more than 10ms. E.g. for 60% - 15ms, for 99% - 990ms. vm_stop() kicks all VCPUs and waits for them. It's called at the end of migration and because of the long sleep the migration downtime might be more than 100ms even for downtime-limit 1ms. Use qemu_cond_timedwait for high percentage to wake up during vm_stop. Signed-off-by: Yury Kotov <yury-kotov@yandex-team.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20190909131335.16848-3-yury-kotov@yandex-team.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-08-20util/qemu-timer: refactor deadline calculation for external timersPavel Dovgalyuk
icount-based record/replay uses qemu_clock_deadline_ns_all to measure the period until vCPU may be interrupted. This function takes in account the virtual timers, because they belong to the virtual devices that may generate interrupt request or affect the virtual machine state. However, there are a subset of virtual timers, that are marked with 'external' flag. These do not change the virtual machine state and only based on virtual clock. Calculating the deadling using the external timers breaks the determinism, because they do not belong to the replayed part of the virtual machine. This patch fixes the deadline calculation for this case by adding new parameter for skipping the external timers when it is needed. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> -- v2 changes: - added new parameter for timer attribute mask Message-Id: <156404426682.18669.17014100602930969222.stgit@pasha-Precision-3630-Tower> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-08-16sysemu: Split sysemu/runstate.h off sysemu/sysemu.hMarkus Armbruster
sysemu/sysemu.h is a rather unfocused dumping ground for stuff related to the system-emulator. Evidence: * It's included widely: in my "build everything" tree, changing sysemu/sysemu.h still triggers a recompile of some 1100 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h, down from 5400 due to the previous two commits). * It pulls in more than a dozen additional headers. Split stuff related to run state management into its own header sysemu/runstate.h. Touching sysemu/sysemu.h now recompiles some 850 objects. qemu/uuid.h also drops from 1100 to 850, and qapi/qapi-types-run-state.h from 4400 to 4200. Touching new sysemu/runstate.h recompiles some 500 objects. Since I'm touching MAINTAINERS to add sysemu/runstate.h anyway, also add qemu/main-loop.h. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190812052359.30071-30-armbru@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> [Unbreak OS-X build]
2019-08-16Include sysemu/sysemu.h a lot lessMarkus Armbruster
In my "build everything" tree, changing sysemu/sysemu.h triggers a recompile of some 5400 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). hw/qdev-core.h includes sysemu/sysemu.h since recent commit e965ffa70a "qdev: add qdev_add_vm_change_state_handler()". This is a bad idea: hw/qdev-core.h is widely included. Move the declaration of qdev_add_vm_change_state_handler() to sysemu/sysemu.h, and drop the problematic include from hw/qdev-core.h. Touching sysemu/sysemu.h now recompiles some 1800 objects. qemu/uuid.h also drops from 5400 to 1800. A few more headers show smaller improvement: qemu/notify.h drops from 5600 to 5200, qemu/timer.h from 5600 to 4500, and qapi/qapi-types-run-state.h from 5500 to 5000. Cc: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20190812052359.30071-28-armbru@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2019-08-16Include hw/hw.h exactly where neededMarkus Armbruster
In my "build everything" tree, changing hw/hw.h triggers a recompile of some 2600 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). The previous commits have left only the declaration of hw_error() in hw/hw.h. This permits dropping most of its inclusions. Touching it now recompiles less than 200 objects. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190812052359.30071-19-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-08-16Include migration/vmstate.h lessMarkus Armbruster
In my "build everything" tree, changing migration/vmstate.h triggers a recompile of some 2700 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). hw/hw.h supposedly includes it for convenience. Several other headers include it just to get VMStateDescription. The previous commit made that unnecessary. Include migration/vmstate.h only where it's still needed. Touching it now recompiles only some 1600 objects. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190812052359.30071-16-armbru@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-07-05general: Replace global smp variables with smp machine propertiesLike Xu
Basically, the context could get the MachineState reference via call chains or unrecommended qdev_get_machine() in !CONFIG_USER_ONLY mode. A local variable of the same name would be introduced in the declaration phase out of less effort OR replace it on the spot if it's only used once in the context. No semantic changes. Signed-off-by: Like Xu <like.xu@linux.intel.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190518205428.90532-4-like.xu@linux.intel.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-07-02hw/core: Collect QMP command handlers in hw/core/Markus Armbruster
The handlers for qapi/machine.json's QMP commands are spread over cpus.c, hw/core/numa.c, monitor/misc.c, monitor/qmp-cmds.c, and vl.c. Move them all to new hw/core/machine-qmp-cmds.c, where they are covered by MAINTAINERS section "Machine core", just like qapi/machine.json. Cc: Eduardo Habkost <ehabkost@redhat.com> Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190619201050.19040-11-armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-02qapi: Split machine.json off misc.jsonMarkus Armbruster
Move commands cpu-add, query-cpus, query-cpus-fast, query-current-machine, query-hotpluggable-cpus, query-machines, query-memdev, and set-numa-node with their types from misc.json to new machine.json. Also move types X86CPURegister32 and X86CPUFeatureWordInfo. Add machine.json to MAINTAINERS section "Machine core". Cc: Eduardo Habkost <ehabkost@redhat.com> Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190619201050.19040-9-armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-06-21hax: Honor CPUState::haltedColin Xu
QEMU tracks whether a vcpu is halted using CPUState::halted. E.g., after initialization or reset, halted is 0 for the BSP (vcpu 0) and 1 for the APs (vcpu 1, 2, ...). A halted vcpu should not be handed to the hypervisor to run (e.g. hax_vcpu_run()). Under HAXM, Android Emulator sometimes boots into a "vcpu shutdown request" error while executing in SeaBIOS, with the HAXM driver logging a guest triple fault in vcpu 1, 2, ... at RIP 0x3. That is ultimately because the HAX accelerator asks HAXM to run those APs when they are still in the halted state. Normally, the vcpu thread for an AP will start by looping in qemu_wait_io_event(), until the BSP kicks it via a pair of IPIs (INIT followed by SIPI). But because the HAX accelerator does not honor cpu->halted, it allows the AP vcpu thread to proceed to hax_vcpu_run() as soon as it receives any kick, even if the kick does not come from the BSP. It turns out that emulator has a worker thread which periodically kicks every vcpu thread (possibly to collect CPU usage data), and if one of these kicks comes before those by the BSP, the AP will start execution from the wrong RIP, resulting in the aforementioned SMP boot failure. The solution is inspired by the KVM accelerator (credit to Chuanxiao Dong <chuanxiao.dong@intel.com> for the pointer): 1. Get rid of questionable logic that unconditionally resets cpu->halted before hax_vcpu_run(). Instead, only reset it at the right moments (there are only a few "unhalt" events). 2. Add a check for cpu->halted before hax_vcpu_run(). Note that although the non-Unrestricted Guest (!ug_platform) code path also forcibly resets cpu->halted, it is left untouched, because only the UG code path supports SMP guests. The patch is first merged to android emulator with Change-Id: I9c5752cc737fd305d7eace1768ea12a07309d716 Cc: Yu Ning <yu.ning@intel.com> Cc: Chuanxiao Dong <chuanxiao.dong@intel.com> Signed-off-by: Colin Xu <colin.xu@intel.com> Message-Id: <20190610021939.13669-1-colin.xu@intel.com>
2019-06-12Include qemu-common.h exactly where neededMarkus Armbruster
No header includes qemu-common.h after this commit, as prescribed by qemu-common.h's file comment. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-5-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for include/hw/arm/xlnx-zynqmp.h hw/arm/nrf51_soc.c hw/arm/msf2-soc.c block/qcow2-refcount.c block/qcow2-cluster.c block/qcow2-cache.c target/arm/cpu.h target/lm32/cpu.h target/m68k/cpu.h target/mips/cpu.h target/moxie/cpu.h target/nios2/cpu.h target/openrisc/cpu.h target/riscv/cpu.h target/tilegx/cpu.h target/tricore/cpu.h target/unicore32/cpu.h target/xtensa/cpu.h; bsd-user/main.c and net/tap-bsd.c fixed up]
2019-06-11qemu-common: Move tcg_enabled() etc. to sysemu/tcg.hMarkus Armbruster
Other accelerators have their own headers: sysemu/hax.h, sysemu/hvf.h, sysemu/kvm.h, sysemu/whpx.h. Only tcg_enabled() & friends sit in qemu-common.h. This necessitates inclusion of qemu-common.h into headers, which is against the rules spelled out in qemu-common.h's file comment. Move tcg_enabled() & friends into their own header sysemu/tcg.h, and adjust #include directives. Cc: Richard Henderson <rth@twiddle.net> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-2-armbru@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> [Rebased with conflicts resolved automatically, except for accel/tcg/tcg-all.c]
2019-06-10cpu: Move icount_decr to CPUNegativeOffsetStateRichard Henderson
Amusingly, we had already ignored the comment to keep this value at the end of CPUState. This restores the minimum negative offset from TCG_AREG0 for code generation. For the couple of uses within qom/cpu.c, without NEED_CPU_H, add a pointer from the CPUState object to the IcountDecr object within CPUNegativeOffsetState. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-05-22cpus: Initialize pseudo-random seeds for all guest cpusRichard Henderson
When the -seed option is given, call qemu_guest_random_seed_main, putting the subsystem into deterministic mode. Pass derived seeds to each cpu created; which is a no-op unless the subsystem is in deterministic mode. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-04-18qom/cpu: Simplify how CPUClass:cpu_dump_state() printsMarkus Armbruster
CPUClass method dump_statistics() takes an fprintf()-like callback and a FILE * to pass to it. Most callers pass fprintf() and stderr. log_cpu_state() passes fprintf() and qemu_log_file. hmp_info_registers() passes monitor_fprintf() and the current monitor cast to FILE *. monitor_fprintf() casts it right back, and is otherwise identical to monitor_printf(). The callback gets passed around a lot, which is tiresome. The type-punning around monitor_fprintf() is ugly. Drop the callback, and call qemu_fprintf() instead. Also gets rid of the type-punning, since qemu_fprintf() takes NULL instead of the current monitor cast to FILE *. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20190417191805.28198-15-armbru@redhat.com>
2019-04-18target: Simplify how the TARGET_cpu_list() printMarkus Armbruster
The various TARGET_cpu_list() take an fprintf()-like callback and a FILE * to pass to it. Their callers (vl.c's main() via list_cpus(), bsd-user/main.c's main(), linux-user/main.c's main()) all pass fprintf() and stdout. Thus, the flexibility provided by the (rather tiresome) indirection isn't actually used. Drop the callback, and call qemu_printf() instead. Calling printf() would also work, but would make the code unsuitable for monitor context without making it simpler. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190417191805.28198-10-armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2019-04-18tcg: Simplify how dump_drift_info() printsMarkus Armbruster
dump_drift_info() takes an fprintf()-like callback and a FILE * to pass to it. Its only caller hmp_info_jit() passes monitor_fprintf() and a Monitor * cast to FILE *. monitor_fprintf() casts it right back, and is otherwise identical to monitor_printf(). The type-punning is ugly. Drop the callback, and call qemu_printf() instead. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20190417191805.28198-6-armbru@redhat.com>
2019-02-26cpus: Properly release the iothread lock when killing a dummy VCPUDavid Hildenbrand
This enables CPU unplug under qtest. Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190218092202.26683-2-david@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-02-05cpus: ignore ESRCH in qemu_cpu_kick_thread()Laurent Vivier
We can have a race condition between qemu_cpu_kick_thread() and qemu_kvm_cpu_thread_fn() when we hotunplug a CPU. In this case, qemu_cpu_kick_thread() can try to kick a thread that is exiting. pthread_kill() returns an error and qemu is stopped by an exit(1). qemu:qemu_cpu_kick_thread: No such process We can ignore safely this error. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-07cpus.c: Fix race condition in cpu_stop_current()Peter Maydell
We use cpu_stop_current() to ensure the current CPU has stopped from places like qemu_system_reset_request(). Unfortunately its current implementation has a race. It calls qemu_cpu_stop(), which sets cpu->stopped to true even though the CPU hasn't actually stopped yet. The main thread will look at the flags set by qemu_system_reset_request() and call pause_all_vcpus(). pause_all_vcpus() waits for every cpu to have cpu->stopped true, so it can continue (and we will start the system reset operation) before the vcpu thread has got back to its top level loop. Instead, just set cpu->stop and call cpu_exit(). This will cause the vcpu to exit back to the top level loop, and there (as part of the wait_io_event code) it will call qemu_cpu_stop(). This fixes bugs where the reset request appeared to be ignored or the CPU misbehaved because the reset operation started to change vcpu state while the vcpu thread was still using it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Emilio G. Cota <cota@braap.org> Tested-by: Jaap Crezee <jaap@jcz.nl> Message-id: 20181207155911.12710-1-peter.maydell@linaro.org
2018-11-27cpus: run work items for all vCPUs if single-threadedPaolo Bonzini
This avoids the following I/O thread deadlock: 1) the I/O thread calls run_on_cpu for CPU 3 from a timer. single_tcg_halt_cond is signaled 2) CPU 1 is running and exits. It finds no work item and enters CPU 2 3) because the I/O thread is stuck in run_on_cpu, the round-robin kick timer never triggers, and CPU 3 never runs the work item 4) run_on_cpu never completes Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-11-06icount: fix deadlock when all cpus are sleepingClement Deschamps
When all cpus are sleeping (e.g in WFI), to avoid a deadlock in the main_loop, wake it up in order to start the warp timer. Signed-off-by: Clement Deschamps <clement.deschamps@greensocs.com> Message-Id: <20181021142103.19014-1-clement.deschamps@greensocs.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-23Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2018-10-22' ↵Peter Maydell
into staging Error reporting patches for 2018-10-22 # gpg: Signature made Mon 22 Oct 2018 13:20:23 BST # gpg: using RSA key 3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-error-2018-10-22: (40 commits) error: Drop bogus "use error_setg() instead" admonitions vpc: Fail open on bad header checksum block: Clean up bdrv_img_create()'s error reporting vl: Simplify call of parse_name() vl: Fix exit status for -drive format=help blockdev: Convert drive_new() to Error vl: Assert drive_new() does not fail in default_drive() fsdev: Clean up error reporting in qemu_fsdev_add() spice: Clean up error reporting in add_channel() tpm: Clean up error reporting in tpm_init_tpmdev() numa: Clean up error reporting in parse_numa() vnc: Clean up error reporting in vnc_init_func() ui: Convert vnc_display_init(), init_keyboard_layout() to Error ui/keymaps: Fix handling of erroneous include files vl: Clean up error reporting in device_init_func() vl: Clean up error reporting in parse_fw_cfg() vl: Clean up error reporting in mon_init_func() vl: Clean up error reporting in machine_set_property() vl: Clean up error reporting in chardev_init_func() qom: Clean up error reporting in user_creatable_add_opts_foreach() ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-19Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* RTC fixes (Artem) * icount fixes (Artem) * rr fixes (Pavel, myself) * hotplug cleanup (Igor) * SCSI fixes (myself) * 4.20-rc1 KVM header update (myself) * coalesced PIO support (Peng Hao) * HVF fixes (Roman B.) * Hyper-V refactoring (Roman K.) * Support for Hyper-V IPI (Vitaly) # gpg: Signature made Fri 19 Oct 2018 12:47:58 BST # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (47 commits) replay: pass raw icount value to replay_save_clock target/i386: kvm: just return after migrate_add_blocker failed hyperv_testdev: add SynIC message and event testmodes hyperv: process POST_MESSAGE hypercall hyperv: add support for KVM_HYPERV_EVENTFD hyperv: process SIGNAL_EVENT hypercall hyperv: add synic event flag signaling hyperv: add synic message delivery hyperv: make overlay pages for SynIC hyperv: only add SynIC in compatible configurations hyperv: qom-ify SynIC hyperv:synic: split capability testing and setting i386: add hyperv-stub for CONFIG_HYPERV=n default-configs: collect CONFIG_HYPERV* in hyperv.mak hyperv: factor out arch-independent API into hw/hyperv hyperv: make hyperv_vp_index inline hyperv: split hyperv-proto.h into x86 and arch-independent parts hyperv: rename kvm_hv_sint_route_set_sint hyperv: make HvSintRoute reference-counted hyperv: address HvSintRoute by X86CPU pointer ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-10-19cpus hw target: Use warn_report() & friends to report warningsMarkus Armbruster
Calling error_report() in a function that takes an Error ** argument is suspicious. Convert a few that are actually warnings to warn_report(). While there, split a warning consisting of multiple sentences to conform to conventions spelled out in warn_report()'s contract. Cc: Alex Bennée <alex.bennee@linaro.org> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Cc: Alex Williamson <alex.williamson@redhat.com> Cc: Fam Zheng <famz@redhat.com> Cc: Wei Huang <wei@redhat.com> Cc: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20181017082702.5581-5-armbru@redhat.com>
2018-10-19replay: pass raw icount value to replay_save_clockPaolo Bonzini
This avoids lock recursion when REPLAY_CLOCK is called inside the timers spinlock. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-18tcg: distribute tcg_time into TCG contextsEmilio G. Cota
When we implemented per-vCPU TCG contexts, we forgot to also distribute the tcg_time counter, which has remained as a global accessed without any serialization, leading to potentially missed counts. Fix it by distributing the field over the TCG contexts, embedding it into TCGProfile with a field called "cpu_exec_time", which is more descriptive than "tcg_time". Add a function to query this value directly, and for completeness, fill in the field in tcg_profile_snapshot, even though its callers do not use it. Signed-off-by: Emilio G. Cota <cota@braap.org> Message-Id: <20181010144853.13005-5-cota@braap.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-10-02cpus: fix TCG kick timer leakAlex Bennée
This is an alternative fix to Marc-André's original patch. Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20180927171724.30128-1-alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02replay: wake up vCPU when replayingPavel Dovgalyuk
In record/replay icount mode vCPU thread and iothread synchronize the execution using the checkpoints. vCPU thread processes the virtual timers and iothread processes all others. When iothread wants to wake up sleeping vCPU thread, it sends dummy queued work. Therefore it could be the following sequence of the events in record mode: - IO: sending dummy work - IO: processing timers - CPU: wakeup - CPU: clearing dummy work - CPU: processing virtual timers But due to the races in replay mode the sequence may change: - IO: sending dummy work - CPU: wakeup - CPU: clearing dummy work - CPU: sleeping again because nothing to do - IO: Processing timers - CPU: zzzz In this case vCPU will not wake up, because dummy work is not to be set up again. This patch tries to wake up the vCPU when it sleeps and the icount warp checkpoint isn't met. It means that vCPU has something to do, because there are no other reasons of non-matching warp checkpoint. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> -- v5: improve checking that vCPU is still sleeping Message-Id: <20180912081945.3228.19776.stgit@pasha-VirtualBox> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02cpus: access .qemu_icount_bias with atomic64Emilio G. Cota
Signed-off-by: Emilio G. Cota <cota@braap.org> Message-Id: <20180910232752.31565-11-cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02cpus: access .qemu_icount with atomic64Emilio G. Cota
Signed-off-by: Emilio G. Cota <cota@braap.org> Message-Id: <20180910232752.31565-10-cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02cpus: take seqlock across qemu_icount updatesPaolo Bonzini
Even though writes of qemu_icount can safely race with reads in qemu_icount_raw, qemu_icount is also read by icount_adjust, which runs in the I/O thread. Therefore, writes do needs protection of the vm_clock_lock; for simplicity the patch protects it with both seqlock+spinlock, which we already do for hosts that lack 64-bit atomics. The bug actually predated the introduction of vm_clock_lock; cpu_update_icount would have needed the BQL before the spinlock was introduced. Reported-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02cpus: initialize timers_state.vm_clock_lockEmilio G. Cota
We forgot to initialize the spinlock introduced in 94377115b2 ("cpus: protect TimerState writes with a spinlock", 2018-08-23). Fix it. Signed-off-by: Emilio G. Cota <cota@braap.org> Message-Id: <20180903171831.15446-5-cota@braap.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-09-24Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-3.1-20180907' ↵Peter Maydell
into staging ppc patch queue 2018-09-07 Here's another pull request for qemu-3.1. No real theme here, just an assortment of various fixes. Probably the most notable thing is the removal of the ppcemb target which has been deprecated for some time now. # gpg: Signature made Fri 07 Sep 2018 08:30:02 BST # gpg: using RSA key 6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-3.1-20180907: target-ppc: Extend HWCAP2 bits for ISA 3.0 target/ppc/kvm: set vcpu as online/offline Fix a deadlock case in the CPU hotplug flow spapr: Correct reference count on spapr-cpu-core mac_newworld: implement custom FWPathProvider uninorth: add ofw-addr property to allow correct fw path generation mac_oldworld: implement custom FWPathProvider grackle: set device fw_name and address for correct fw path generation macio: add addr property to macio IDE object macio: add macio bus to help with fw path generation macio: move MACIOIDEState type declarations to macio.h spapr_pci: fix potential NULL pointer dereference spapr: fix leak of rev array ppc: Remove deprecated ppcemb target Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-28qapi: Drop qapi_event_send_FOO()'s Error ** argumentPeter Xu
The generated qapi_event_send_FOO() take an Error ** argument. They can't actually fail, because all they do with the argument is passing it to functions that can't fail: the QObject output visitor, and the @qmp_emit callback, which is either monitor_qapi_event_queue() or event_test_emit(). Drop the argument, and pass &error_abort to the QObject output visitor and @qmp_emit instead. Suggested-by: Eric Blake <eblake@redhat.com> Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180815133747.25032-4-peterx@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> [Commit message rewritten, update to qapi-code-gen.txt corrected] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2018-08-28ppc: Remove deprecated ppcemb targetThomas Huth
There is no known available OS for ppc around anymore that uses page sizes below 4k, so it does not make much sense that we keep wasting our time on building and testing the ppcemb-softmmu target. It has been deprecated since two releases, and nobody complained, so let's remove this now. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-08-23cpus: allow cpu_get_ticks out of BQLPaolo Bonzini
Because of cpu_ticks_prev, we cannot use a seqlock. But then the conversion is even easier. :) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23cpus: protect TimerState writes with a spinlockPaolo Bonzini
In the next patch, we will need to write cpu_ticks_offset from any thread, even outside the BQL. Currently, it is protected by the BQL just because cpu_enable_ticks and cpu_disable_ticks happen to hold it, but the critical sections are well delimited and it's easy to remove the BQL dependency. Add a spinlock that matches vm_clock_seqlock, and hold it when writing to the TimerState. This also lets us fix cpu_update_icount when 64-bit atomics are not available. Fields of TiemrState are reordered to avoid padding. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23cpus: protect all icount computation with seqlockPaolo Bonzini
Move the icount->ns computation to cpu_get_icount, and make cpu_get_icount_locked return the raw value. This makes the atomic_read__nocheck safe, because it now happens always inside a seqlock and any torn reads will be retried. qemu_icount_bias and icount_time_shift also need to be accessed with atomics. At the same time, however, you don't need atomic_read within the writer, because no concurrent writes are possible. The fix to vmstate lets us keep the struct nicely packed. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23qom: convert the CPU list to RCUEmilio G. Cota
Iterating over the list without using atomics is undefined behaviour, since the list can be modified concurrently by other threads (e.g. every time a new thread is created in user-mode). Fix it by implementing the CPU list as an RCU QTAILQ. This requires a little bit of extra work to traverse list in reverse order (see previous patch), but other than that the conversion is trivial. Signed-off-by: Emilio G. Cota <cota@braap.org> Message-Id: <20180819091335.22863-12-cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-08-23qsp: track BQL callers explicitlyEmilio G. Cota
The BQL is acquired via qemu_mutex_lock_iothread(), which makes the profiler assign the associated wait time (i.e. most of BQL wait time) entirely to that function. This loses the original call site information, which does not help diagnose BQL contention. Fix it by tracking the callers explicitly. Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>