aboutsummaryrefslogtreecommitdiff
path: root/hw/block
AgeCommit message (Collapse)Author
2020-06-25Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
virtio,acpi,pci: fixes, cleanups. Fixes, cleanups in ACPI, PCI, virtio. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Thu 25 Jun 2020 07:48:47 BST # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: Rename use_acpi_pci_hotplug to more appropriate use_acpi_hotplug_bridge Stop vhost-user sending uninitialized mmap_offsets docs/specs/tpm: ACPI boot now supported for TPM/ARM arm/acpi: Add the TPM2.0 device under the DSDT acpi: Some build_tpm2() code reshape tests/acpi: update expected data files acpi: q35: drop _SB.PCI0.ISA.LPCD opregion. acpi: drop build_piix4_pm() acpi: drop serial/parallel enable bits from dsdt acpi: simplify build_isa_devices_aml() acpi: factor out fw_cfg_add_acpi_dsdt() acpi: move aml builder code for i8042 (kbd+mouse) device floppy: move cmos_get_fd_drive_type() from pc floppy: make isa_fdc_get_drive_max_chs static acpi: move aml builder code for floppy device acpi: bios-tables-test: show more context on asl diffs qtest: allow DSDT acpi table changes Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-24floppy: move cmos_get_fd_drive_type() from pcGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: John Snow <jsnow@redhat.com> Message-Id: <20200619091905.21676-6-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-24floppy: make isa_fdc_get_drive_max_chs staticGerd Hoffmann
acpi aml generator needs this, but it is in floppy code now so we can make the function static. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: John Snow <jsnow@redhat.com> Message-Id: <20200619091905.21676-5-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-24acpi: move aml builder code for floppy deviceGerd Hoffmann
DSDT change: isa device order changes in case MI1 (ipmi) is present. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20200619091905.21676-4-kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-06-23qdev: Make qdev_prop_set_drive() match the other helpersMarkus Armbruster
qdev_prop_set_drive() can fail. None of the other qdev_prop_set_FOO() can; they abort on error. To clean up this inconsistency, rename qdev_prop_set_drive() to qdev_prop_set_drive_err(), and create a qdev_prop_set_drive() that aborts on error. Coccinelle script to update callers: @ depends on !(file in "hw/core/qdev-properties-system.c")@ expression dev, name, value; symbol error_abort; @@ - qdev_prop_set_drive(dev, name, value, &error_abort); + qdev_prop_set_drive(dev, name, value); @@ expression dev, name, value, errp; @@ - qdev_prop_set_drive(dev, name, value, errp); + qdev_prop_set_drive_err(dev, name, value, errp); Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200622094227.1271650-14-armbru@redhat.com>
2020-06-23fdc: Deprecate configuring floppies with -global isa-fdcMarkus Armbruster
Deprecate -global isa-fdc.driveA=... -global isa-fdc.driveB=... in favour of -device floppy,unit=0,drive=... -device floppy,unit=1,drive=... Same for the other floppy controller devices. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: John Snow <jsnow@redhat.com> Message-Id: <20200622094227.1271650-7-armbru@redhat.com>
2020-06-23fdc: Open-code fdctrl_init_isa()Markus Armbruster
Helper function fdctrl_init_isa() is less than helpful: one of three places creating "isa-fdc" devices use it. Open-code it there, and drop the function. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200622094227.1271650-6-armbru@redhat.com>
2020-06-23fdc: Reject clash between -drive if=floppy and -global isa-fdcMarkus Armbruster
The floppy controller devices desugar their drive properties into floppy devices (since commit a92bd191a4 "fdc: Move qdev properties to FloppyDrive", v2.8.0). This involves some bad magic in fdctrl_connect_drives(), and exists for backward compatibility. The functions for boards to create floppy controller devices fdctrl_init_isa(), fdctrl_init_sysbus(), and sun4m_fdctrl_init() desugar -drive if=floppy to these floppy controller drive properties. If you use both -drive if=floppy (or its -fda / -fdb sugar) and -global isa-fdc for the same floppy device, -global silently loses the conflict, and both backends involved end up with the floppy device frontend attached, as demonstrated by iotest 172 (see commit before previous). This is wrong. Desugar -drive if=floppy straight to floppy devices instead, with helper fdctrl_init_drives(). The conflict now gets rejected cleanly: first, fdctrl_connect_drives() creates the floppy for the controller's property, then fdctrl_init_drives() attempts to create the floppy for -drive if=floppy, but fails because the unit is already in use. Output of iotest 172 changes in three ways: 1. The clash gets rejected. 2. In one test case, "info qtree" has the floppy devices swapped, and "info block" has their QOM paths swapped. This is because the floppy device for -fda now gets created after the one for -global isa-fdc.driveB. 3. The error message for -global floppy.drive=floppy0 changes. Before the patch, we set isa-fdc.driveA to -fda's block backend, then create the floppy device for it, then move the backend from isa-fdc.driveA to floppy.drive. Floppy creation fails when applying -global floppy.drive=floppy0, because floppy0 is still attached to isa-fdc. After the patch, we create the floppy for -fda, then set its drive property to floppy0. Now floppy creation succeeds, but setting the drive property fails, because -global already set it. Yes, this is exasperatingly complicated. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200622094227.1271650-5-armbru@redhat.com>
2020-06-17block: make BlockConf size props 32bit and accept size suffixesRoman Kagan
Convert all size-related properties in BlockConf to 32bit. This will accommodate bigger block sizes (in a followup patch). This also allows to make them all accept size suffixes, either via DEFINE_PROP_BLOCKSIZE or via DEFINE_PROP_SIZE32. Also, since min_io_size is exposed to the guest by scsi and virtio-blk devices as an uint16_t in units of logical blocks, introduce an additional check in blkconf_blocksizes to prevent its silent truncation. Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru> Message-Id: <20200528225516.1676602-7-rvkagan@yandex-team.ru> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17block: consolidate blocksize properties consistency checksRoman Kagan
Several block device properties related to blocksize configuration must be in certain relationship WRT each other: physical block must be no smaller than logical block; min_io_size, opt_io_size, and discard_granularity must be a multiple of a logical block. To ensure these requirements are met, add corresponding consistency checks to blkconf_blocksizes, adjusting its signature to communicate possible error to the caller. Also remove the now redundant consistency checks from the specific devices. Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Paul Durrant <paul@xen.org> Message-Id: <20200528225516.1676602-3-rvkagan@yandex-team.ru> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17virtio-blk: store opt_io_size with correct sizeRoman Kagan
The width of opt_io_size in virtio_blk_config is 32bit. However, it's written with virtio_stw_p; this may result in value truncation, and on big-endian systems with legacy virtio in completely bogus readings in the guest. Use the appropriate accessor to store it. Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Message-Id: <20200528225516.1676602-2-rvkagan@yandex-team.ru> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: verify msix_init_exclusive_bar() return valueKlaus Jensen
Pass an Error to msix_init_exclusive_bar() and check it. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Message-Id: <20200609190333.59390-23-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: add msix_qsize parameterKlaus Jensen
Decouple the requested maximum number of ioqpairs (param max_ioqpairs) from the number of MSI-X interrupt vectors by introducing a new msix_qsize parameter and initialize MSI-X with that. This allows emulating a device that has fewer vectors than I/O queue pairs and also allows more than 2048 queue pairs. To keep the device behaving as previously, use a msix_qsize default of 65 (default max_ioqpairs + 1). This decoupling was actually suggested by Maxim some time ago in a slightly different context, so adding a Suggested-by. Suggested-by: Maxim Levitsky <mlevitsk@redhat.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Message-Id: <20200609190333.59390-22-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: Verify msix_vector_use() returned valuePhilippe Mathieu-Daudé
msix_vector_use() returns -EINVAL on error. Assert it won't. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200609190333.59390-21-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: factor out controller identify setupKlaus Jensen
Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-20-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: do cmb/pmr init as part of pci initKlaus Jensen
Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200609190333.59390-19-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: factor out pmr setupKlaus Jensen
Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200609190333.59390-18-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: factor out cmb setupKlaus Jensen
Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-17-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: factor out pci setupKlaus Jensen
Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-16-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: factor out namespace setupKlaus Jensen
Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-15-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: add namespace helpersKlaus Jensen
Introduce some small helpers to make the next patches easier on the eye. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-14-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: factor out block backend setupKlaus Jensen
Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-13-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: factor out device state setupKlaus Jensen
Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-12-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: factor out property/constraint checksKlaus Jensen
Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-11-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: remove redundant cmbloc/cmbsz membersKlaus Jensen
Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-10-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: add max_ioqpairs device parameterKlaus Jensen
The num_queues device paramater has a slightly confusing meaning because it accounts for the admin queue pair which is not really optional. Secondly, it is really a maximum value of queues allowed. Add a new max_ioqpairs parameter that only accounts for I/O queue pairs, but keep num_queues for compatibility. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-9-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: fix pin-based interrupt behaviorKlaus Jensen
First, since the device only supports MSI-X or pin-based interrupt, if MSI-X is not enabled, it should not accept interrupt vectors different from 0 when creating completion queues. Secondly, the irq_status NvmeCtrl member is meant to be compared to the INTMS register, so it should only be 32 bits wide. And it is really only useful when used with multi-message MSI. Third, since we do not force a 1-to-1 correspondence between cqid and interrupt vector, the irq_status register should not have bits set according to cqid, but according to the associated interrupt vector. Fix these issues, but keep irq_status available so we can easily support multi-message MSI down the line. Fixes: 5e9aa92eb1a5 ("hw/block: Fix pin-based interrupt behaviour of NVMe") Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-8-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: refactor nvme_addr_readKlaus Jensen
Pull the controller memory buffer check to its own function. The check will be used on its own in later patches. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-7-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: use constants in identifyKlaus Jensen
Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-6-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: move device parameters to separate structKlaus Jensen
Move device configuration parameters to separate struct to make it explicit what is configurable and what is set internally. Signed-off-by: Klaus Jensen <klaus.jensen@cnexlabs.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20200609190333.59390-5-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: remove superfluous breaksKlaus Jensen
These break statements was left over when commit 3036a626e9ef ("nvme: add Get/Set Feature Timestamp support") was merged. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-4-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: rename trace events to pci_nvmeKlaus Jensen
Change the prefix of all nvme device related trace events to 'pci_nvme' to not clash with trace events from the nvme block driver. Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-3-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17hw/block/nvme: fix pci doorbell size calculationKlaus Jensen
The size of the BAR is 0x1000 (main registers) + 8 bytes for each queue. Currently, the size of the BAR is calculated like so: n->reg_size = pow2ceil(0x1004 + 2 * (n->num_queues + 1) * 4); Since the 'num_queues' parameter already accounts for the admin queue, this should in any case not need to be incremented by one. Also, the size should be initialized to (0x1000). n->reg_size = pow2ceil(0x1000 + 2 * n->num_queues * 4); This, with the default value of num_queues (64), we will set aside room for 1 admin queue and 63 I/O queues (4 bytes per doorbell, 2 doorbells per queue). Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Keith Busch <kbusch@kernel.org> Message-Id: <20200609190333.59390-2-its@irrelevant.dk> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17virtio-blk: On restart, process queued requests in the proper contextSergio Lopez
On restart, we were scheduling a BH to process queued requests, which would run before starting up the data plane, leading to those requests being assigned and started on coroutines on the main context. This could cause requests to be wrongly processed in parallel from different threads (the main thread and the iothread managing the data plane), potentially leading to multiple issues. For example, stopping and resuming a VM multiple times while the guest is generating I/O on a virtio_blk device can trigger a crash with a stack tracing looking like this one: <------> Thread 2 (Thread 0x7ff736765700 (LWP 1062503)): #0 0x00005567a13b99d6 in iov_memset (iov=0x6563617073206f4e, iov_cnt=1717922848, offset=516096, fillc=0, bytes=7018105756081554803) at util/iov.c:69 #1 0x00005567a13bab73 in qemu_iovec_memset (qiov=0x7ff73ec99748, offset=516096, fillc=0, bytes=7018105756081554803) at util/iov.c:530 #2 0x00005567a12f411c in qemu_laio_process_completion (laiocb=0x7ff6512ee6c0) at block/linux-aio.c:86 #3 0x00005567a12f42ff in qemu_laio_process_completions (s=0x7ff7182e8420) at block/linux-aio.c:217 #4 0x00005567a12f480d in ioq_submit (s=0x7ff7182e8420) at block/linux-aio.c:323 #5 0x00005567a12f43d9 in qemu_laio_process_completions_and_submit (s=0x7ff7182e8420) at block/linux-aio.c:236 #6 0x00005567a12f44c2 in qemu_laio_poll_cb (opaque=0x7ff7182e8430) at block/linux-aio.c:267 #7 0x00005567a13aed83 in run_poll_handlers_once (ctx=0x5567a2b58c70, timeout=0x7ff7367645f8) at util/aio-posix.c:520 #8 0x00005567a13aee9f in run_poll_handlers (ctx=0x5567a2b58c70, max_ns=16000, timeout=0x7ff7367645f8) at util/aio-posix.c:562 #9 0x00005567a13aefde in try_poll_mode (ctx=0x5567a2b58c70, timeout=0x7ff7367645f8) at util/aio-posix.c:597 #10 0x00005567a13af115 in aio_poll (ctx=0x5567a2b58c70, blocking=true) at util/aio-posix.c:639 #11 0x00005567a109acca in iothread_run (opaque=0x5567a2b29760) at iothread.c:75 #12 0x00005567a13b2790 in qemu_thread_start (args=0x5567a2b694c0) at util/qemu-thread-posix.c:519 #13 0x00007ff73eedf2de in start_thread () at /lib64/libpthread.so.0 #14 0x00007ff73ec10e83 in clone () at /lib64/libc.so.6 Thread 1 (Thread 0x7ff743986f00 (LWP 1062500)): #0 0x00005567a13b99d6 in iov_memset (iov=0x6563617073206f4e, iov_cnt=1717922848, offset=516096, fillc=0, bytes=7018105756081554803) at util/iov.c:69 #1 0x00005567a13bab73 in qemu_iovec_memset (qiov=0x7ff73ec99748, offset=516096, fillc=0, bytes=7018105756081554803) at util/iov.c:530 #2 0x00005567a12f411c in qemu_laio_process_completion (laiocb=0x7ff6512ee6c0) at block/linux-aio.c:86 #3 0x00005567a12f42ff in qemu_laio_process_completions (s=0x7ff7182e8420) at block/linux-aio.c:217 #4 0x00005567a12f480d in ioq_submit (s=0x7ff7182e8420) at block/linux-aio.c:323 #5 0x00005567a12f4a2f in laio_do_submit (fd=19, laiocb=0x7ff5f4ff9ae0, offset=472363008, type=2) at block/linux-aio.c:375 #6 0x00005567a12f4af2 in laio_co_submit (bs=0x5567a2b8c460, s=0x7ff7182e8420, fd=19, offset=472363008, qiov=0x7ff5f4ff9ca0, type=2) at block/linux-aio.c:394 #7 0x00005567a12f1803 in raw_co_prw (bs=0x5567a2b8c460, offset=472363008, bytes=20480, qiov=0x7ff5f4ff9ca0, type=2) at block/file-posix.c:1892 #8 0x00005567a12f1941 in raw_co_pwritev (bs=0x5567a2b8c460, offset=472363008, bytes=20480, qiov=0x7ff5f4ff9ca0, flags=0) at block/file-posix.c:1925 #9 0x00005567a12fe3e1 in bdrv_driver_pwritev (bs=0x5567a2b8c460, offset=472363008, bytes=20480, qiov=0x7ff5f4ff9ca0, qiov_offset=0, flags=0) at block/io.c:1183 #10 0x00005567a1300340 in bdrv_aligned_pwritev (child=0x5567a2b5b070, req=0x7ff5f4ff9db0, offset=472363008, bytes=20480, align=512, qiov=0x7ff72c0425b8, qiov_offset=0, flags=0) at block/io.c:1980 #11 0x00005567a1300b29 in bdrv_co_pwritev_part (child=0x5567a2b5b070, offset=472363008, bytes=20480, qiov=0x7ff72c0425b8, qiov_offset=0, flags=0) at block/io.c:2137 #12 0x00005567a12baba1 in qcow2_co_pwritev_task (bs=0x5567a2b92740, file_cluster_offset=472317952, offset=487305216, bytes=20480, qiov=0x7ff72c0425b8, qiov_offset=0, l2meta=0x0) at block/qcow2.c:2444 #13 0x00005567a12bacdb in qcow2_co_pwritev_task_entry (task=0x5567a2b48540) at block/qcow2.c:2475 #14 0x00005567a13167d8 in aio_task_co (opaque=0x5567a2b48540) at block/aio_task.c:45 #15 0x00005567a13cf00c in coroutine_trampoline (i0=738245600, i1=32759) at util/coroutine-ucontext.c:115 #16 0x00007ff73eb622e0 in __start_context () at /lib64/libc.so.6 #17 0x00007ff6626f1350 in () #18 0x0000000000000000 in () <------> This is also known to cause crashes with this message (assertion failed): aio_co_schedule: Co-routine was already scheduled in 'aio_co_schedule' RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1812765 Signed-off-by: Sergio Lopez <slp@redhat.com> Message-Id: <20200603093240.40489-3-slp@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17virtio-blk: Refactor the code that processes queued requestsSergio Lopez
Move the code that processes queued requests from virtio_blk_dma_restart_bh() to its own, non-static, function. This will allow us to call it from the virtio_blk_data_plane_start() in a future patch. Signed-off-by: Sergio Lopez <slp@redhat.com> Message-Id: <20200603093240.40489-2-slp@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-15qdev: Convert bus-less devices to qdev_realize() with CoccinelleMarkus Armbruster
All remaining conversions to qdev_realize() are for bus-less devices. Coccinelle script: // only correct for bus-less @dev! @@ expression errp; expression dev; @@ - qdev_init_nofail(dev); + qdev_realize(dev, NULL, &error_fatal); @ depends on !(file in "hw/core/qdev.c") && !(file in "hw/core/bus.c")@ expression errp; expression dev; symbol true; @@ - object_property_set_bool(OBJECT(dev), true, "realized", errp); + qdev_realize(DEVICE(dev), NULL, errp); @ depends on !(file in "hw/core/qdev.c") && !(file in "hw/core/bus.c")@ expression errp; expression dev; symbol true; @@ - object_property_set_bool(dev, true, "realized", errp); + qdev_realize(DEVICE(dev), NULL, errp); Note that Coccinelle chokes on ARMSSE typedef vs. macro in hw/arm/armsse.c. Worked around by temporarily renaming the macro for the spatch run. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200610053247.1583243-57-armbru@redhat.com>
2020-06-15sysbus: Convert to sysbus_realize() etc. with CoccinelleMarkus Armbruster
Convert from qdev_realize(), qdev_realize_and_unref() with null @bus argument to sysbus_realize(), sysbus_realize_and_unref(). Coccinelle script: @@ expression dev, errp; @@ - qdev_realize(DEVICE(dev), NULL, errp); + sysbus_realize(SYS_BUS_DEVICE(dev), errp); @@ expression sysbus_dev, dev, errp; @@ + sysbus_dev = SYS_BUS_DEVICE(dev); - qdev_realize_and_unref(dev, NULL, errp); + sysbus_realize_and_unref(sysbus_dev, errp); - sysbus_dev = SYS_BUS_DEVICE(dev); @@ expression sysbus_dev, dev, errp; expression expr; @@ sysbus_dev = SYS_BUS_DEVICE(dev); ... when != dev = expr; - qdev_realize_and_unref(dev, NULL, errp); + sysbus_realize_and_unref(sysbus_dev, errp); @@ expression dev, errp; @@ - qdev_realize_and_unref(DEVICE(dev), NULL, errp); + sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), errp); @@ expression dev, errp; @@ - qdev_realize_and_unref(dev, NULL, errp); + sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), errp); Whitespace changes minimized manually. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200610053247.1583243-46-armbru@redhat.com> [Conflicts in hw/misc/empty_slot.c and hw/sparc/leon3.c resolved]
2020-06-15isa: Convert uses of isa_create(), isa_try_create() manuallyMarkus Armbruster
Same transformation as in the previous commit. Manual, because convincing Coccinelle to transform these cases is not worthwhile. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200610053247.1583243-21-armbru@redhat.com>
2020-06-15qdev: Convert uses of qdev_create() manuallyMarkus Armbruster
Same transformation as in the previous commit. Manual, because convincing Coccinelle to transform these cases is somewhere between not worthwhile and infeasible (at least for me). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200610053247.1583243-11-armbru@redhat.com>
2020-06-15qdev: Convert uses of qdev_create() with CoccinelleMarkus Armbruster
This is the transformation explained in the commit before previous. Takes care of just one pattern that needs conversion. More to come in this series. Coccinelle script: @ depends on !(file in "hw/arm/highbank.c")@ expression bus, type_name, dev, expr; @@ - dev = qdev_create(bus, type_name); + dev = qdev_new(type_name); ... when != dev = expr - qdev_init_nofail(dev); + qdev_realize_and_unref(dev, bus, &error_fatal); @@ expression bus, type_name, dev, expr; identifier DOWN; @@ - dev = DOWN(qdev_create(bus, type_name)); + dev = DOWN(qdev_new(type_name)); ... when != dev = expr - qdev_init_nofail(DEVICE(dev)); + qdev_realize_and_unref(DEVICE(dev), bus, &error_fatal); @@ expression bus, type_name, expr; identifier dev; @@ - DeviceState *dev = qdev_create(bus, type_name); + DeviceState *dev = qdev_new(type_name); ... when != dev = expr - qdev_init_nofail(dev); + qdev_realize_and_unref(dev, bus, &error_fatal); @@ expression bus, type_name, dev, expr, errp; symbol true; @@ - dev = qdev_create(bus, type_name); + dev = qdev_new(type_name); ... when != dev = expr - object_property_set_bool(OBJECT(dev), true, "realized", errp); + qdev_realize_and_unref(dev, bus, errp); @@ expression bus, type_name, expr, errp; identifier dev; symbol true; @@ - DeviceState *dev = qdev_create(bus, type_name); + DeviceState *dev = qdev_new(type_name); ... when != dev = expr - object_property_set_bool(OBJECT(dev), true, "realized", errp); + qdev_realize_and_unref(dev, bus, errp); The first rule exempts hw/arm/highbank.c, because it matches along two control flow paths there, with different @type_name. Covered by the next commit's manual conversions. Missing #include "qapi/error.h" added manually. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200610053247.1583243-10-armbru@redhat.com> [Conflicts in hw/misc/empty_slot.c and hw/sparc/leon3.c resolved]
2020-06-15qdev: Put qdev_new() to use with CoccinelleMarkus Armbruster
Let's start simple and put qdev_new() to use. Coccinelle script: @ depends on !(file in "hw/core/qdev.c")@ expression type_name; @@ - DEVICE(object_new(type_name)) + qdev_new(type_name) Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200610053247.1583243-6-armbru@redhat.com>
2020-06-12Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* Miscellaneous fixes and feature enablement (many) * SEV refactoring (David) * Hyper-V initial support (Jon) * i386 TCG fixes (x87 and SSE, Joseph) * vmport cleanup and improvements (Philippe, Liran) * Use-after-free with vCPU hot-unplug (Nengyuan) * run-coverity-scan improvements (myself) * Record/replay fixes (Pavel) * -machine kernel_irqchip=split improvements for INTx (Peter) * Code cleanups (Philippe) * Crash and security fixes (PJP) * HVF cleanups (Roman) # gpg: Signature made Fri 12 Jun 2020 16:57:04 BST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (116 commits) target/i386: Remove obsolete TODO file stubs: move Xen stubs to accel/ replay: fix replay shutdown for console mode exec/cpu-common: Move MUSB specific typedefs to 'hw/usb/hcd-musb.h' hw/usb: Move device-specific declarations to new 'hcd-musb.h' header exec/memory: Remove unused MemoryRegionMmio type checkpatch: reversed logic with acpi test checks target/i386: sev: Unify SEVState and SevGuestState target/i386: sev: Remove redundant handle field target/i386: sev: Remove redundant policy field target/i386: sev: Remove redundant cbitpos and reduced_phys_bits fields target/i386: sev: Partial cleanup to sev_state global target/i386: sev: Embed SEVState in SevGuestState target/i386: sev: Rename QSevGuestInfo target/i386: sev: Move local structure definitions into .c file target/i386: sev: Remove unused QSevGuestInfoClass xen: fix build without pci passthrough i386: hvf: Drop HVFX86EmulatorState i386: hvf: Move mmio_buf into CPUX86State i386: hvf: Move lazy_flags into CPUX86State ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # hw/i386/acpi-build.c
2020-06-10qom/object: Move Object typedef to 'qemu/typedefs.h'Philippe Mathieu-Daudé
We use the Object type all over the place. Forward declare it in "qemu/typedefs.h". Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20200504115656.6045-2-f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-09vhost-user-blk: delay vhost_user_blk_disconnectDima Stepanov
A socket write during vhost-user communication may trigger a disconnect event, calling vhost_user_blk_disconnect() and clearing all the vhost_dev structures holding data that vhost-user functions expect to remain valid to roll back initialization correctly. Delay the cleanup to keep vhost_dev structure valid. There are two possible states to handle: 1. RUN_STATE_PRELAUNCH: skip bh oneshot call and perform disconnect in the caller routine. 2. RUN_STATE_RUNNING: delay by using bh BH changes are based on the similar changes for the vhost-user-net device: commit e7c83a885f865128ae3cf1946f8cb538b63cbfba "vhost-user: delay vhost_user_stop" Signed-off-by: Dima Stepanov <dimastep@yandex-team.ru> Message-Id: <69b73b94dcd066065595266c852810e0863a0895.1590396396.git.dimastep@yandex-team.ru> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Li Feng <fengli@smartx.com> Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
2020-06-05hw/block: Let the NVMe emulated device be target-agnosticPhilippe Mathieu-Daudé
Now than the non-target specific memory_region_msync() function is available, use it to make this device target-agnostic. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20200508062456.23344-4-philmd@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-05-22hw/block/pflash: Check return value of blk_pwrite()Mansour Ahmadi
When updating the PFLASH file contents, we should check for a possible failure of blk_pwrite(). Similar to commit 3a688294e. Reported-by: Coverity (CID 1357678 CHECKED_RETURN) Signed-off-by: Mansour Ahmadi <mansourweb@gmail.com> Message-Id: <20200408003552.58095-1-mansourweb@gmail.com> [PMD: Add missing "qemu/error-report.h" include and TODO comment] Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-22hw/block/pflash_cfi01: Rename 'reset_flash' label as 'mode_read_array'Philippe Mathieu-Daudé
Rename the 'reset_flash' as 'mode_read_array' to make explicit we do not reset the device, we simply set its internal state machine in the READ_ARRAY mode. We do not reset the status register error bits, as a device reset would do. Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190716221555.11145-5-philmd@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-22hw/block/pflash_cfi01: Document use of non-CFI compliant command '0x00'Philippe Mathieu-Daudé
The command 0x00 is used by this model since its origin (commit 05ee37ebf630). In this commit the command is described with a amusing '/* ??? */' comment, probably meaning 'FIXME'. switch (cmd) { case 0x00: /* ??? */ ... This comment survived 12 years because the 0x00 value is indeed not specified by the CFI open standard (as of this commit). The 'cmd' field is transfered during migration. To keep the migration feature working with older QEMU version, we have to take a lot of care with migrated field. We figured out it is too late to remove a non-specified value from this model (this would make migration review very complex). It is however not too late to improve the documentation. Add few comments to remember this is a special value related to QEMU, and we won't find information about it on the CFI spec. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190716221555.11145-3-philmd@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-22hw/block/pflash_cfi01: Removed an unused timerPhilippe Mathieu-Daudé
The 'CFI02' NOR flash was introduced in commit 29133e9a0fff, with timing modelled. One year later, the CFI01 model was introduced (commit 05ee37ebf630) based on the CFI02 model. As noted in the header, "It does not support timings". 12 years later, we never had to model the device timings. Time to remove the unused timer, we can still add it back if required. Suggested-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Wei Yang <richardw.yang@linux.intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Tested-by: Laszlo Ersek <lersek@redhat.com> [Laszlo Ersek: Regression tested EDK2 OVMF IA32X64, ArmVirtQemu Aarch64 https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg04373.html] Message-Id: <20190716221555.11145-2-philmd@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-05-18hw: Use QEMU_IS_ALIGNED() on parallel flash block sizePhilippe Mathieu-Daudé
Use the QEMU_IS_ALIGNED() macro to verify the flash block size is properly aligned. It is quicker to process when reviewing. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200511205246.24621-1-philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>