Commit Graph

62909 Commits

Author SHA1 Message Date
Thomas Huth
14c520e335 hw/arm/bcm2836: Fix crash with device_add bcm2837 on unsupported machines
When trying to "device_add bcm2837" on a machine that is not suitable for
this device, you can quickly crash QEMU afterwards, e.g. with "info qtree":

echo "{'execute':'qmp_capabilities'} {'execute':'device_add', " \
 "'arguments':{'driver':'bcm2837'}} {'execute': 'human-monitor-command', " \
 "'arguments': {'command-line': 'info qtree'}}" | \
 aarch64-softmmu/qemu-system-aarch64 -M integratorcp,accel=qtest -S -qmp stdio

{"QMP": {"version": {"qemu": {"micro": 50, "minor": 12, "major": 2},
 "package": "build-all"}, "capabilities": []}}
{"return": {}}
{"error": {"class": "GenericError", "desc": "Device 'bcm2837' can not be
 hotplugged on this machine"}}
Segmentation fault (core dumped)

The qdev_set_parent_bus() from instance_init adds a link to the child devices
which is not valid anymore after the bcm2837 instance has been destroyed.
Unfortunately, the child devices do not get destroyed / unlinked correctly
because both object_initialize() and object_property_add_child() increase
the reference count of the child objects by one, but only one reference
is dropped when the parent gets removed. So let's use the new functions
object_initialize_child() and sysbus_init_child_obj() instead to create
the objects, which will take care of creating the child objects with the
correct reference count of one.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1531745974-17187-4-git-send-email-thuth@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-17 13:12:49 +01:00
Thomas Huth
046f370fb4 hw/core/sysbus: Add a function for creating and attaching an object
A lot of functions are initializing an object and attach it immediately
afterwards to the system bus. Provide a common function for this, which
also uses object_initialize_child() to make sure that the reference
counter is correctly initialized to 1 afterwards.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1531745974-17187-3-git-send-email-thuth@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-17 13:12:49 +01:00
Thomas Huth
0210b39d0e qom/object: Add a new function object_initialize_child()
A lot of code is using the object_initialize() function followed by a call
to object_property_add_child() to add the newly initialized object as a child
of the current object. Both functions increase the reference counter of the
new object, but many spots that call these two functions then forget to drop
one of the superfluous references. So the newly created object is often not
cleaned up correctly when the parent is destroyed. In the worst case, this
can cause crashes, e.g. because device objects are not correctly removed from
their parent_bus.

Since this is a common pattern between many code spots, let's introduce a
new function that takes care of calling all three required initialization
functions, first object_initialize(), then object_property_add_child() and
finally object_unref(). And since the function does a similar job like
object_new_with_props(), also allow to set additional properties via
varargs, and use user_creatable_complete() to make sure that the functions
can be used similarly.

And while we're at object.h, also fix some copy-n-paste errors in the
comments there ("to store the area" --> "to store the error").

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 1531745974-17187-2-git-send-email-thuth@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-17 13:12:49 +01:00
Peter Maydell
3e86907c82 qemu-ga patch queue for hard-freeze
* fix file descriptor leak in suspend command
 * fix leak in guest-get-fsinfo
 -----BEGIN PGP SIGNATURE-----
 
 iQE3BAABCAAhBQJbTREVGhxtZHJvdGhAbGludXgudm5ldC5pYm0uY29tAAoJEDNT
 yc7xCLWEg4AH+wcZd8dreTUt0wIINAMABhAHNdoQtjx7hbPGvwyx+B1f67tyQt1h
 i1jfJlEexS6N382NOK64su8gk5P9ZCMUr7d7hzymhKkZcYpqdje3IUHHRwIjdNgE
 2IoV0JZUShnoVSz/KXy+esHF+rfOIBAeC2DlZpm1nLTF5NDVPBKt5MyrWzn4tM3H
 0IXgtzozEs11Fx9XIR3RRR4X+MGqQGYPoGypHkBtW2u6BBQwItS7S1Slcx2Rd3sI
 Uvs0sotaIm6e/dZRhsYHS2iPtrp7w2aGmX41EfisEy8zt2AbXclHw0WAfSoGAyiY
 taST+3Fae3FzLwMRq7vS6YDiWpfWJyQfFN4=
 =7t16
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2018-07-16-tag' into staging

qemu-ga patch queue for hard-freeze

* fix file descriptor leak in suspend command
* fix leak in guest-get-fsinfo

# gpg: Signature made Mon 16 Jul 2018 22:41:41 BST
# gpg:                using RSA key 3353C9CEF108B584
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>"
# gpg:                 aka "Michael Roth <mdroth@utexas.edu>"
# gpg:                 aka "Michael Roth <mdroth@linux.vnet.ibm.com>"
# Primary key fingerprint: CEAC C9E1 5534 EBAB B82D  3FA0 3353 C9CE F108 B584

* remotes/mdroth/tags/qga-pull-2018-07-16-tag:
  qga: fix file descriptor leak
  qga: fix 'driver' leak in guest-get-fsinfo

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-17 09:57:34 +01:00
Paolo Bonzini
d9c745c176 qga: fix file descriptor leak
The file descriptor for /sys/power/state was never closed.  Reported
by Coverity.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2018-07-16 15:05:58 -05:00
Marc-André Lureau
bb23a7362a qga: fix 'driver' leak in guest-get-fsinfo
'driver' is leaked when the loop is not broken.

Leak introduced by commit 743c71d03c,
spotted by ASAN.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2018-07-16 12:51:32 -05:00
Peter Maydell
1310df8b99 target-arm queue:
* accel/tcg: Use correct test when looking in victim TLB for code
  * bcm2835_aux: Swap RX and TX interrupt assignments
  * hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
  * hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
  * hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
  * aspeed: Implement write-1-{set, clear} for AST2500 strapping
  * target/arm: Fix LD1W and LDFF1W (scalar plus vector)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJbTMoMAAoJEDwlJe0UNgzeuUcQAIN8zicyj69ef1Ax0wNvLKFQ
 LYuLNkTuO8OHYGt/BlvsRJzZVMuESwQzc9Hx62+zhALLgNOwK4kBwthw5HDRzNFH
 XTaOj1uHejjFas2AT6PiIZqvupOJyX8ns7aQJL+OHyR0JrTVg7Ig4itWw3ePpIl2
 mga8JUBf3Mxf7i1DpWDmtWs++CaXQg7fDjSDziAdeO5qyu17TLv+twyoFhynlhe1
 q9EKm/Qmei09DnYizFrj525E7fEDfT3y9tv/QadO0vOwPdxAs1MQLs6ypEGTK5wR
 mkJnfTIls/Q6Pl6JebezmkGJ6r30A7IPDwwg2vaEAbB7DM0spkF7LZJrynu8IwLF
 XACcYfJbbFFUgdDFKce9BTkS9FyC99erot7F5OlqgCFhr4+A69MEKLxQSiQMqeo3
 Q4JzO1aqqWyxkx8xJDJun98P7XcNefwnFizhr3NQm6UWs2miB+E03LiQumYA4ra0
 Y5mqDm1LgBquDnS50sbA45oBpjLRmR/29LIKz5WYG5J7FclrnxFFhzWqt2kdoMJN
 QmOMzlzS4Z55Jym4CdNs7ZCRroL6vELXQwjXOVOjp2fdPcGl295v7dOFPqj1V0eB
 7CQZmxGUV2OzLOsBSHiUq6t1snXzmNVd269sL7vUkdcO0od27cIJbrGDToSb4OnA
 3zk5U0r/mF+kfd7AU55x
 =eKFb
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180716' into staging

target-arm queue:
 * accel/tcg: Use correct test when looking in victim TLB for code
 * bcm2835_aux: Swap RX and TX interrupt assignments
 * hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
 * hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
 * hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
 * aspeed: Implement write-1-{set, clear} for AST2500 strapping
 * target/arm: Fix LD1W and LDFF1W (scalar plus vector)

# gpg: Signature made Mon 16 Jul 2018 17:38:36 BST
# gpg:                using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20180716:
  accel/tcg: Assert that tlb fill gave us a valid TLB entry
  accel/tcg: Use correct test when looking in victim TLB for code
  bcm2835_aux: Swap RX and TX interrupt assignments
  hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
  hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
  hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
  aspeed: Implement write-1-{set, clear} for AST2500 strapping
  target/arm: Fix LD1W and LDFF1W (scalar plus vector)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16 17:43:23 +01:00
Peter Maydell
3474c98a2a accel/tcg: Assert that tlb fill gave us a valid TLB entry
In commit 4b1a3e1e34 we added a check for whether the TLB entry
we had following a tlb_fill had the INVALID bit set.  This could
happen in some circumstances because a stale or wrong TLB entry was
pulled out of the victim cache.  However, after commit
68fea03855 (which prevents stale entries being in the victim
cache) and the previous commit (which ensures we don't incorrectly
hit in the victim cache)) this should never be possible.

Drop the check on TLB_INVALID_MASK from the "is this a TLB_RECHECK?"
condition, and instead assert that the tlb fill procedure has given
us a valid TLB entry (or longjumped out with a guest exception).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180713141636.18665-3-peter.maydell@linaro.org
2018-07-16 17:26:01 +01:00
Peter Maydell
b493ccf1fc accel/tcg: Use correct test when looking in victim TLB for code
In get_page_addr_code(), we were incorrectly looking in the victim
TLB for an entry which matched the target address for reads, not
for code accesses. This meant that we could hit on a victim TLB
entry that indicated that the address was readable but not
executable, and incorrectly bypass the call to tlb_fill() which
should generate the guest MMU exception. Fix this bug.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180713141636.18665-2-peter.maydell@linaro.org
2018-07-16 17:26:01 +01:00
Guenter Roeck
65e9f27f22 bcm2835_aux: Swap RX and TX interrupt assignments
RX and TX interrupt bits were reversed, resulting in an endless sequence
of serial interupts in the emulated system and the following repeated
error message when booting Linux.

serial8250: too much work for irq61

This results in a boot failure most of the time.

Qemu command line used to reproduce the problem:

	qemu-system-aarch64 -M raspi3 -m 1024 \
	-kernel arch/arm64/boot/Image \
	--append "rdinit=/sbin/init console=ttyS1,115200"
	-initrd rootfs.cpio \
	-dtb arch/arm64/boot/dts/broadcom/bcm2837-rpi-3-b.dtb \
	-nographic -monitor null -serial null -serial stdio

This is with arm64:defconfig. The root file system was generated using
buildroot.

NB that this error likely arises from an erratum in the
BCM2835 datasheet where the TX and RX bits were swapped
in the AU_MU_IER_REG description (but correct for IIR):
 https://elinux.org/BCM2835_datasheet_errata#p12

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 1529355846-25102-1-git-send-email-linux@roeck-us.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: added NB about datasheet]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16 17:18:42 +01:00
Thomas Huth
cccf96c3d4 hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
These devices are currently causing some problems when a user is trying
to hot-plug or introspect them during runtime. Since these devices can
not be instantiated by the user at all (they need to be wired up in code
instead), we should mark them with user_creatable = false anyway, then we
avoid at least the crashes with the hot-plugging. The introspection problem
will be handled by a separate patch.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1531415537-26037-1-git-send-email-thuth@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16 17:18:41 +01:00
Peter Maydell
7995206d05 hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
The GICD_ITARGETSR implementation still has some 11MPCore behaviour
that we were incorrectly using in our GICv1 and GICv2 implementations
for the case where the interrupt number is less than GIC_INTERNAL.
The desired behaviour here is:
 * for 11MPCore: RAZ/WI for irqs 0..28; read a number matching the
   CPU doing the read for irqs 29..31
 * for GICv1 and v2: RAZ/WI if uniprocessor; otherwise read a
   number matching the CPU doing the read for all irqs < 32

Stop squashing GICD_ITARGETSR to 0 for IRQs 0..28 unless this
is an 11MPCore GIC.

Reported-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180712154152.32183-3-peter.maydell@linaro.org
2018-07-16 17:18:41 +01:00
Peter Maydell
ee03cca88e hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
In gic_deactivate_irq() the interrupt number comes from the guest
(on a write to the GICC_DIR register), so we need to sanity check
that it isn't out of range before we use it as an array index.
Handle this in a similar manner to the check we do in
gic_complete_irq() for the GICC_EOI register.

The array overrun is not disastrous because the calling code
uses (value & 0x3ff) to extract the interrupt field, so the
only out-of-range values possible are 1020..1023, which allow
overrunning only from irq_state[] into the following
irq_target[] array which the guest can already manipulate.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
Message-id: 20180712154152.32183-2-peter.maydell@linaro.org
2018-07-16 17:18:41 +01:00
Andrew Jeffery
333b9c8a68 aspeed: Implement write-1-{set, clear} for AST2500 strapping
The AST2500 SoC family changes the runtime behaviour of the hardware
strapping register (SCU70) to write-1-set/write-1-clear, with
write-1-clear implemented on the "read-only" SoC revision register
(SCU7C). For the the AST2400, the hardware strapping is
runtime-configured with read-modify-write semantics.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20180709143524.17480-1-andrew@aj.id.au
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16 17:18:41 +01:00
Richard Henderson
628fc75f3a target/arm: Fix LD1W and LDFF1W (scalar plus vector)
'I' was being double-incremented; correctly within the inner loop
and incorrectly within the outer loop.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20180711103957.3040-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16 17:18:41 +01:00
Peter Maydell
102ad0a80f Miscellaneous patches for 2018-07-16 (3.0.0-rc1)
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbTKKPAAoJEDhwtADrkYZTOMYQAJlozaYHvlX2eNqoaq9bEiD9
 lhtH2jei6tP1pjJHiP6cf8sabDO6acmxIQR0cnGxEanjbwPHRKZPAyfr1AEvn0iJ
 E0B7m0HragD1yK5fgr4VNdY6aNX8HBuf9kFvhENjwMqMAEohtEkJtBu8i3OLLJ2H
 rjvupmNarJ7wDXRoPgtBNOgCcqndrsOIKecTww4dyZS3ihzLXGa2x1R78u7x9dbS
 5c+KOduldGJASAgn8gPXXFj8zFAx3aw+u2/vTbkzk+baFlU1lqjetHfHuOYt1SnZ
 YmQd54KKQvC+oHzj/w1YAKkNOH2sQJSfcdUZ7ZrtmCf+F1NyUQZ7FCjd+OOFF6hW
 yqRO81uCiQg9jwzRZ9b+n0wWuJ0JyGqHLliAf7L2lCOwHyv4rgjb/MY+hOQsVKwe
 TWayA71/RK+xJkTZeOGL6xJBcsud0wb6JC/PPvtoBRlxF//fmyGJa5elB7aiNfSq
 iR5GpDgVn4HdOi5jG3pEx5pQyBy3awTFwUQ8vrNjA2Fh6iLTcUC8PntcCU7l4Eib
 kIZVl0PReI7YZ4F1zHxWsC3tESAEBBxwkVGx+qb20beHzmjaRA3UNOOg2yZhy0aD
 eA7BvQk70z/duS39XQKTnBIHo4laCEEBgq321YuZGHE5rWl5bySuRlkYXXqLxl+P
 6xveeS2inRKJBPXK9xGP
 =exdb
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2018-07-16' into staging

Miscellaneous patches for 2018-07-16 (3.0.0-rc1)

# gpg: Signature made Mon 16 Jul 2018 14:50:07 BST
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-misc-2018-07-16:
  monitor: Fix tracepoint crash on JSON syntax error
  MAINTAINERS: New section "Incompatible changes", copy libvir-list
  qemu-doc: Move appendix "Deprecated features" to its own file
  cli qmp: Mark --preconfig, exit-preconfig experimental
  qapi: Do not expose "allow-preconfig" in query-qmp-schema

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16 15:34:38 +01:00
Markus Armbruster
8720e63e09 monitor: Fix tracepoint crash on JSON syntax error
When tracepoint handle_qmp_command is enabled, we crash on JSON syntax
errors.  Broken in commit 1cc3747152.  Fix by skipping the tracepoint
on JSON syntax error.  Before the flawed commit, we skipped it by
returning early.

Fixes: CID 1394216
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180716091012.29510-1-armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
2018-07-16 15:46:57 +02:00
Markus Armbruster
b02c9bc35a MAINTAINERS: New section "Incompatible changes", copy libvir-list
Libvirt developers would like to be copied on patches to qemu-doc
appendix "Deprecated features".  Do them the favor.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180716073226.21127-3-armbru@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-16 15:46:52 +02:00
Markus Armbruster
44c67847e3 qemu-doc: Move appendix "Deprecated features" to its own file
Consumers of QEMU need to track feature deprecation.  Keeping
deprecation documentation in its own file helps in two small ways:

* You can track changes the easy and obvious way, with git-log.
  Before, you had to resort to more complex gittery like "git-log
  --oneline -L '/@node Deprecated features/,/@node Supported build
  platforms/:qemu-doc.texi'"

* It lets us use MAINTAINERS to copy interested parties on deprecation
  patches, so they can advise or object before they're a done deal.
  The next commit will do that for libvirt.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180716073226.21127-2-armbru@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-07-16 15:43:06 +02:00
Markus Armbruster
361ac948a5 cli qmp: Mark --preconfig, exit-preconfig experimental
Committing to the current --preconfig / exit-preconfig interface
before it has seen any use is premature.  Mark both as experimental,
the former in documentation, the latter by renaming it to
x-exit-preconfig.

See the previous commit for more detailed rationale.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180705091402.26244-3-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
[Straightforward conflict with commit 514337c142 resolved]
2018-07-16 15:38:19 +02:00
Markus Armbruster
1f214ee1b8 qapi: Do not expose "allow-preconfig" in query-qmp-schema
According to commit 047f7038f5, option --preconfig

    [...] allows pausing QEMU in the new RUN_STATE_PRECONFIG state,
    allowing the configuration of QEMU from QMP before the machine
    jumps into board initialization code of machine_run_board_init()

    The intent is to allow management to query machine state and
    additionally configure it using previous query results within one
    QEMU instance (i.e. eliminate the need to start QEMU twice, 1st to
    query board specific parameters and 2nd for actual VM start using
    query results for additional parameters).

The implementation is a bit of a hack: it splices in an additional
main loop before machine creation, in special runstate preconfig.  New
command exit-preconfig exits that main loop.  QEMU continues
initializing, creates the machine, and runs the good old main loop.
The replacement of the main loop is transparent to monitors.

Sadly, some commands expect initialization to be complete.  Running
them in --preconfig's main loop violates their preconditions.  Since
we don't really know which commands are safe, we use a whitelist.
This drags the concept of run state into the QMP core.

The whitelist is done as a command flag in the QAPI schema (commit
d6fe3d02e9).  Drags the concept of run state further into the QAPI
language.

The command flag is exposed in query-qmp-schema (also commit
d6fe3d02e9).  This makes it ABI.

I consider the whole thing an offensively ugly hack, but sometimes an
ugly hack is the best we can do to solve a problem people have.

The need described by the commit message quote above is genuine.  The
proper solution would be a main loop that permits complete
configuration via QMP.  This is out of reach, thus the hack.

However, even though the need is genuine, it isn't urgent: libvirt is
not going to use this anytime soon.  Baking a hack into ABI before it
has any users is a bad idea.

This commit reverts the parts of commit d6fe3d02e9 that affect ABI
via query-qmp-schema.  The commit did the following:

(1) Add command flag 'allow-preconfig' to the QAPI schema language

(2) Pass it to code generators

(3) Have the commands.py code generator pass it to the command
    registry (so commit 047f7038f5 can use it as whitelist)

(4) Add 'allow-preconfig' to SchemaInfoCommand (neglecting to update
    qapi-code-gen.txt section "Client JSON Protocol introspection")

(5) Set 'allow-preconfig': true for commands qmp_capabilities,
    query-commands, query-command-line-options, query-status

Revert exactly (4), plus a bit of documentation added to
qemu-tech.info in commit 047f7038f5.

Shrinks query-qmp-schema's output from 126.5KiB to 121.8KiB for me.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180705091402.26244-2-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
[Straightforward conflict with commit d626b6c1ae resolved]
2018-07-16 15:35:57 +02:00
Peter Maydell
633e824037 ppc patch queue 2018-07-16
Here's my first hard freeze pull request for qemu-3.0.  This contains
 an assortment of bugfixes. Several are for regressions, others are for
 bugs that I think are significant enough to address during hard freeze.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAltMVzUACgkQbDjKyiDZ
 s5IHTA/+OSWhSTazsQisNZfAX509m8AtlFCAnaX/d+43RzAD0mRzYL83aXsxX4fz
 CL3q+CJWZLJLfvMy0Tvu6UhkB9FE79UG9W+QWXUitXYlmcBqFtQzc+1hNdTY1iSU
 n6MIRE/QJkam/zktLCY8ZVE121exJK89Yu62RqJD3PuwB3Qz1RbLNUqdIVBQudWd
 wWXhEhGK+hNwG/nWyLA0EfgtX4T1uXj7jxBFe2uxO6r11mzYfSo8+WnAM8A90YB8
 xn8mbIqUe6LkOuzzkVJ89mLWGfXSX+BeyvGeDvVQPsQVhrGRLL5CQTewyGkP5VZB
 dMVBjCLwui54KEHuT9QBozfMb1Tb7IHqsk2xV5wruy2QAJxm/v4ypmcagCusCtHQ
 G8Cb5+ZZ36YbpSMLrezCOaoCRVeSy/jRn4Wj7/Une981BhN2Z89Eges4Be3pdzOI
 ZSWu68RfmuwMxORUkoq803oforQEnvsNqiAa1AtNYFqDXDgu6Wrek1BOsSlxE88g
 94HaIzswrkVTRwdZtPgkUDhxJU54UrGOyqyflpkL8yp2VGuA8u4IevLZlgM8cjCc
 fGrFnDGS4kOLt2ediJNqP8nK4gBaJDPqLLfCZUgU6Dceg5Y9RcyjvMAi79ZYWF1g
 dFCmjiDkE3H7ZfEvsQ2HWi3yGcl9m7Iw/KyOmfutueg6ib5pixc=
 =Pgeu
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-3.0-20180716' into staging

ppc patch queue 2018-07-16

Here's my first hard freeze pull request for qemu-3.0.  This contains
an assortment of bugfixes. Several are for regressions, others are for
bugs that I think are significant enough to address during hard freeze.

# gpg: Signature made Mon 16 Jul 2018 09:28:37 BST
# gpg:                using RSA key 6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-3.0-20180716:
  sm501: Fix warning about unreachable code
  sam460ex: Correct use after free error
  etsec: fix IRQ (un)masking
  ppc/xics: fix ICP reset path
  spapr: Correct inverted test in spapr_pc_dimm_node()
  sm501: Update screen on frame buffer address change

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16 11:04:24 +01:00
Peter Maydell
b808d2001d Some fixes for linux-user:
- workaround for CMSG_NXTHDR bug
 - two patches for ppc64/ppc64le host:
   fix fcntl() with *LK64 commands
   (seen when dpkg wants to lock the DB)
   fix reserved_va alignment (ppc64 needs
   a 64kB alignment)
 - convert a forgotten fcntl() to safe_fcntl()
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbS6W3AAoJEPMMOL0/L748Bs0P/3f+QKMdpllQPDLtrf2SkDw/
 S71+4rz2oKcXX1wBj1btc6zLDTVtX0J65yNUhJ78Q/2pM8WnrFgloc6wnj01V7bR
 HfCNcJ52WtnomNYEUZ2IcbJp6nytcRSjGKNv5oSCVCEe4SYERLWg21u7VOoIp0zb
 DMT4xJ5fLvip6I4I0QCVlSWB9iOuG/zFXQsLlYQet3XZ0cXzy8FTLqp2Jt609k4L
 5073ibHoNF7SHuIf9OP0nP3P0NnD5UKVshDgWDvTPnvhgeVrcypSjZUf7Gcy9//D
 REwTN/gXpyffyhwj7Rqbw+Oi9naUdp4VADRas3qZi5SxouJ9h/ORsce1JgPE9cmL
 jQwh/ZzoajV2omMSLhzVDdRtO0ZWSXX394JaHBIws7q75AecYNR0J6PgBcW25+Q4
 Te6LovxPa0q0ZOTAGh9HnFBcyRR8WxewO++CLWsbrFUqsLBZJgAWh1pBMdKAEOkT
 QX6rWLvzAMJGAjFGEQ7T62lB9khF8ygE2C/s5nbgFG5sc6NVjrcvlCIeFZcYT5BZ
 3PwG6sGSOK/9mc5NLfxGVSwMIwAl+uyP/q3d5GrqJWGYD1ZEIm4h7xmZ68rDNSpK
 IjcpkGt6Vaf2Z79KZGMcPnljItKvGz4+pWXS3g/eWI1H3FuvrYFZE1md9nk6+BP7
 /il1ZjBkLA+GZA+Bnlp1
 =vqGn
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-3.0-pull-request' into staging

Some fixes for linux-user:
- workaround for CMSG_NXTHDR bug
- two patches for ppc64/ppc64le host:
  fix fcntl() with *LK64 commands
  (seen when dpkg wants to lock the DB)
  fix reserved_va alignment (ppc64 needs
  a 64kB alignment)
- convert a forgotten fcntl() to safe_fcntl()

# gpg: Signature made Sun 15 Jul 2018 20:51:19 BST
# gpg:                using RSA key F30C38BD3F2FBE3C
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>"
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>"
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>"
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-3.0-pull-request:
  Zero out the host's `msg_control` buffer
  linux-user: fix mmap_find_vma_reserved()
  linux-user: convert remaining fcntl() to safe_fcntl()
  linux-user: ppc64: use the correct values for F_*LK64s

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-16 10:06:23 +01:00
BALATON Zoltan
6730df0514 sm501: Fix warning about unreachable code
Coverity warned that the false arm of conditional expression is
unreachable when it is inside an if with the same condition.
Remove the unreachable code to avoid the warning.

Fixes: CID 1394215
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-16 11:19:10 +10:00
BALATON Zoltan
3cc702d6aa sam460ex: Correct use after free error
Commit 51b0d834c changed error handling to report file name in error
message but forgot to move freeing it after usage. Noticed by Coverity.

Fixes: CID 1394217
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-16 11:18:32 +10:00
Michael Davidsaver
fd8e3381a0 etsec: fix IRQ (un)masking
Interrupt conditions occurring while masked are not being
signaled when later unmasked.
The fix is to raise/lower IRQs when IMASK is changed.

To avoid problems like this in future, consolidate
IRQ pin update logic in one function.

Also fix probable typo "IEVENT_TXF | IEVENT_TXF",
and update IRQ pins on reset.

Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-16 11:18:09 +10:00
Greg Kurz
b585395b65 ppc/xics: fix ICP reset path
Recent cleanup in commit a028dd423e dropped the ICPStateClass::reset
handler. It is now up to child ICP classes to call the DeviceClass::reset
handler of the parent class, thanks to device_class_set_parent_reset().
This is a better object programming pattern, but unfortunately it causes
QEMU to crash during CPU hotplug:

(qemu) device_add host-spapr-cpu-core,id=core1,core-id=1
Segmentation fault (core dumped)

When the hotplug path tries to reset the ICP device, we end up calling:

static void icp_kvm_reset(DeviceState *dev)
{
    ICPStateClass *icpc = ICP_GET_CLASS(dev);

    icpc->parent_reset(dev);

but icpc->parent_reset is NULL... This happens because icp_kvm_class_init()
calls:

    device_class_set_parent_reset(dc, icp_kvm_reset,
                                  &icpc->parent_reset);

but dc->reset, ie, DeviceClass::reset for the TYPE_ICP type, is
itself NULL.

This patch hence sets DeviceClass::reset for the TYPE_ICP type to
point to icp_reset(). It then registers a reset handler that calls
DeviceClass::reset. If the ICP subtype has configured its own reset
handler with device_class_set_parent_reset(), this ensures it will
be called first and it can then call ICPStateClass::parent_reset
safely. This fixes the reset path for the TYPE_KVM_ICP type, which
is the only subtype that defines its own reset function.

Reported-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Suggested-by: David Gibson <david@gibson.dropbear.id.au>
Fixes: a028dd423e
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-16 11:18:09 +10:00
David Gibson
ccc2cef8b3 spapr: Correct inverted test in spapr_pc_dimm_node()
This function was introduced between v2.11 and v2.12 to replace obsolete
ways of specifying the NUMA nodes for DIMMs.  It's used to find the correct
node for an LMB, by locating which DIMM object it lies within.

Unfortunately, one of the checks is inverted, so we check whether the
address is less than two different things, rather than actually checking
a range.  This introduced a regression, meaning that after a reboot qemu
will advertise incorrect node information for memory to the guest.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2018-07-16 11:18:09 +10:00
BALATON Zoltan
593a1cdd66 sm501: Update screen on frame buffer address change
When the guest changes the address of the frame buffer we need to
refresh the screen to correctly display the new content. This fixes
display update problems when changing between screens on AmigaOS.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-07-16 11:18:09 +10:00
Jonas Schievink
1d3d1b23e1 Zero out the host's msg_control buffer
If this is not done, qemu would drop any control message after the first
one.

This is because glibc's `CMSG_NXTHDR` macro accesses the uninitialized
cmsghdr's length field in order to find out if the message fits into the
`msg_control` buffer, wrongly assuming that it doesn't because the
length field contains garbage. Accessing the length field is fine for
completed messages we receive from the kernel, but is - as far as I know
- not needed since the kernel won't return such an invalid cmsghdr in
the first place.

This is tracked as this glibc bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=13500

It's probably also a good idea to bail with an error if `CMSG_NXTHDR`
returns NULL but `TARGET_CMSG_NXTHDR` doesn't (ie. we still expect
cmsgs).

Signed-off-by: Jonas Schievink <jonasschievink@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20180711221244.31869-1-jonasschievink@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-07-15 16:04:38 +02:00
Laurent Vivier
dc18baaef3 linux-user: fix mmap_find_vma_reserved()
The value given by mmap_find_vma_reserved() is used with mmap(),
so it is needed to be aligned with the host page size.

Since commit 18e80c55bb, reserved_va is only aligned to TARGET_PAGE_SIZE,
and it works well if this size is greater or equal to the host page size.

But ppc64 hosts have 64kB page size and when we start a 4kiB page size
guest (like i386), it fails when it tries to mmap the stack:

    mmap stack: Invalid argument

Fixes: 18e80c55bb (linux-user: Tidy and enforce reserved_va initialization)
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180714193553.30846-1-laurent@vivier.eu>
2018-07-15 16:01:31 +02:00
Laurent Vivier
af8ab2bf22 linux-user: convert remaining fcntl() to safe_fcntl()
Commit 435da5e709 didn't convert a fcntl() call to safe_fcntl()
for TARGET_NR_fcntl64 case. There is no reason to not use it
in this case.

Fixes: 435da5e709 linux-user: Use safe_syscall wrapper for fcntl
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20180713125805.10749-1-laurent@vivier.eu>
2018-07-15 16:01:15 +02:00
Shivaprasad G Bhat
4a5457616d linux-user: ppc64: use the correct values for F_*LK64s
Qemu includes the glibc headers for the host defines and target headers are
part of the qemu source themselves. The glibc has the F_GETLK64, F_SETLK64
and F_SETLKW64 defined to 12, 13 and 14 for all archs in
sysdeps/unix/sysv/linux/bits/fcntl-linux.h. The linux kernel generic
definition for F_*LK is 5, 6 & 7 and F_*LK64* is 12,13, and 14 as seen in
include/uapi/asm-generic/fcntl.h. On 64bit machine, by default the kernel
assumes all F_*LK to 64bit calls and doesnt support use of F_*LK64* as
can be seen in include/linux/fcntl.h in linux source.

On x86_64 host, the values for F_*LK64* are set to 5, 6 and 7
explicitly in /usr/include/x86_64-linux-gnu/bits/fcntl.h by the glibc.
Whereas, a PPC64 host doesn't have such a definition in
/usr/include/powerpc64le-linux-gnu/bits/fcntl.h by the glibc. So,
the sources on PPC64 host sees the default value of F_*LK64*
as 12, 13 & 14(fcntl-linux.h).

Since the 64bit kernel doesnt support 12, 13 & 14; the glibc fcntl syscall
implementation(__libc_fcntl*(), __fcntl64_nocancel) does the F_*LK64* value
convertion back to F_*LK* values on PPC64 as seen in
sysdeps/unix/sysv/linux/powerpc/powerpc64/sysdep.h with FCNTL_ADJUST_CMD()
macro. Whereas on x86_64 host the values for F_*LK64* are set to 5, 6 and 7
and no adjustments are needed.

Since qemu doesnt use the glibc fcntl, but makes the safe_syscall* on its
own, the PPC64 qemu is calling the syscall with 12, 13, and 14(without
adjustment) and they all fail. The fcntl calls to F_GETLK/F_SETLK|W all
fail by all pplications run on PPC64 host user emulation.

The fix here could be to see why on PPC64 the glibc is still keeping
F_*LK64* different from F_*LK and why adjusting them to 5, 6 and 7 before
the syscall for PPC only. See if we can make the
/usr/include/powerpc64le-linux-gnu/bits/fcntl.h to have the values
5, 6 & 7 just like x86_64 and remove the adjustment code in glibc. That
way, qemu sources see the kernel supported values in glibc headers.

OR

On PPC64 host, qemu sources see both F_*LK & F_*LK64* as same and set to
12, 13 and 14 because __USE_FILE_OFFSET64 is defined in qemu
sources(also refer sysdeps/unix/sysv/linux/bits/fcntl-linux.h).
Do the value adjustment just like it is done by glibc source by using
F_GETLK value of 5. That way, we make the syscalls with the actual
supported values in Qemu. The patch is taking this approach.

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <153148521235.87746.14142430397318741182.stgit@lep8c.aus.stglabs.ibm.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-07-15 16:00:49 +02:00
Ville Skyttä
9277d81f5c docs: Grammar and spelling fixes
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20180612065150.21110-1-ville.skytta@iki.fi
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-13 10:16:04 +01:00
Peter Maydell
68f1b569dc Block layer patches:
- file-posix: Check correct file type (regular file for 'file',
   character or block device for 'host_device'/'host_cdrom')
 - scsi-disk: Block Device Characteristics emulation fix
 - qemu-img: Consider required alignment for sparse area detection
 - Documentation and test improvements
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbR4HdAAoJEH8JsnLIjy/WJEwQALuwhKqj1UBNKQ67yU8NF9O4
 pVEoEnghqxlg6qOD+GEwgaiN433LeTsiuhfgo4REWzwrz5133OJGGZqx+GQITOQq
 aHANLZrmid1hYfdYvlh0qWXLbVir+1iGySIp1RIkePSINVdS+8BZOKXlOj511VJa
 MYiNX/k0/+7e6DfdgweDyqRprZ79EQthiYYs3OZCv/d53NNLZSF7fmxeNilbD4sn
 a+zuKeh5zIlP0YBAiybE+TW1nt8rTFAfEzkY2J63Ho2e9+Y7ktnJZWW9HSkz7/Kz
 M8M6i03KemT4vniC4RSI6waJCkniQEzvOTCTfmTgn90fkzqxtQ3hTFzT1pPQTy8u
 QYHXWRm2AVG74CNVOWBtPeokP2Fb5TmngKMICdrxV7WwbfSBJ+YgDnBcFYTOtDiG
 rWAh/9ZiiZ0jSxt1A/mt0ZetFl+5z+7cp34W2xn70QByRu6jbQ3QR6SJI1uoJD9g
 Lj0M/5kd5a7oX5bZoLpU1AIRreydPV2wsjxXWEEN5FCi8P/mb1ORzWpK6lO63XOi
 jbVWYlIqS/BSzBWSlF+bSU67RM6VTOgF1+spmwgb2HYylECXKlHNhf71hnUX54g0
 D/n8uZbxRxCZsFU9ojpstaD1qipLoc6CWDsAmxsxJPAy7Cz6IaxXJjzIZuH2hwAY
 4yiowDSLr534epbYPHX5
 =xtsJ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- file-posix: Check correct file type (regular file for 'file',
  character or block device for 'host_device'/'host_cdrom')
- scsi-disk: Block Device Characteristics emulation fix
- qemu-img: Consider required alignment for sparse area detection
- Documentation and test improvements

# gpg: Signature made Thu 12 Jul 2018 17:29:17 BST
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  qemu-img: align result of is_allocated_sectors
  scsi-disk: Block Device Characteristics emulation fix
  iotests: add test 226 for file driver types
  file-posix: specify expected filetypes
  qemu-img: Document copy offloading implications with -S and -c
  iotests: nbd: Stop qemu-nbd before remaking image
  iotests: 153: Fix dead code

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12 17:37:49 +01:00
Peter Lieven
8dcd3c9b91 qemu-img: align result of is_allocated_sectors
We currently don't enforce that the sparse segments we detect during convert are
aligned. This leads to unnecessary and costly read-modify-write cycles either
internally in Qemu or in the background on the storage device as nearly all
modern filesystems or hardware have a 4k alignment internally.

This patch modifies is_allocated_sectors so that its *pnum result will always
end at an alignment boundary. This way all requests will end at an alignment
boundary. The start of all requests will also be aligned as long as the results
of get_block_status do not lead to an unaligned offset.

The number of RMW cycles when converting an example image [1] to a raw device that
has 4k sector size is about 4600 4k read requests to perform a total of about 15000
write requests. With this path the additional 4600 read requests are eliminated while
the number of total write requests stays constant.

[1] https://cloud-images.ubuntu.com/releases/16.04/release/ubuntu-16.04-server-cloudimg-amd64-disk1.vmdk

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12 18:24:08 +02:00
Daniel Henrique Barboza
740842c965 scsi-disk: Block Device Characteristics emulation fix
The current BDC VPD page (page 0xb1) is too short. This can be
seen running sg_utils:

$ sg_vpd --page=bdc /dev/sda
Block device characteristics VPD page (SBC):
Block device characteristics VPD page length too short=8

By the SCSI spec, the expected size of the SBC page is 0x40.
There is no telling how the guest will behave with a shorter
message - it can ignore it, or worse, make (wrong)
assumptions.

This patch fixes the emulation by setting the size to 0x40.
This is the output of the previous sg_vpd command after
applying it:

$ sg_vpd --page=bdc /dev/sda -v
    inquiry cdb: 12 01 b1 00 fc 00
Block device characteristics VPD page (SBC):
   [PQual=0  Peripheral device type: disk]
  Medium rotation rate is not reported
  Product type: Not specified
  WABEREQ=0
  WACEREQ=0
  Nominal form factor not reported
  FUAB=0
  VBULS=0

To improve readability, this patch also adds the VBULS value
explictly and add comments on the existing fields we're
setting.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12 18:24:08 +02:00
John Snow
2d4cb49dda iotests: add test 226 for file driver types
Test that we're rejecting what we ought to for file,
host_driver and host_cdrom drivers. Test that we're
seeing the deprecated message for block and chardevs
on the file driver.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12 18:24:08 +02:00
John Snow
230ff73904 file-posix: specify expected filetypes
Adjust each caller of raw_open_common to specify if they are expecting
host and character devices or not. Tighten expectations of file types upon
open in the common code and refuse types that are not expected.

This has two effects:

(1) Character and block devices are now considered deprecated for the
    'file' driver, which expects only S_IFREG, and
(2) no file-posix driver (file, host_cdrom, or host_device) can open
    directories now.

I don't think there's a legitimate reason to open directories as if
they were files. This prevents QEMU from opening and attempting to probe
a directory inode, which can break in exciting ways. One of those ways
is lseek on ext4/xfs, which will return 0x7fffffffffffffff as the file
size instead of EISDIR. This can coax QEMU into responding with a
confusing "file too big" instead of "Hey, that's not a file".

See: https://bugs.launchpad.net/qemu/+bug/1739304/
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12 18:24:08 +02:00
Fam Zheng
eb461485f4 qemu-img: Document copy offloading implications with -S and -c
Explicitly enabling zero detection or compression suppresses copy
offloading during convert. Document it.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12 18:24:08 +02:00
Fam Zheng
2f9d4083f7 iotests: nbd: Stop qemu-nbd before remaking image
197 is one example where _make_test_img is used twice without stopping
the NBD server in between. An error will occur like this:

    @@ -26,9 +26,13 @@

     === Partial final cluster ===

    +qemu-img: TEST_DIR/t.IMGFMT: Failed to get "resize" lock
    +Is another process using the image?
     Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1024
    +Failed to find an available port: Address already in use
     read 1024/1024 bytes at offset 0

Patch _make_test_img to stop the old qemu-nbd before starting a new one,
which fixes this problem, and similarly 215.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12 18:24:08 +02:00
Fam Zheng
0e1a582750 iotests: 153: Fix dead code
This step was left behind my mistake. As suggested by the echoed text,
the intention was to test two devices with the same image, with
different options. The behavior should be the same as two QEMU
processes. Complete it.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-07-12 18:24:08 +02:00
John Arbuckle
dc3c89d612 ui/cocoa.m: replace scrollingDeltaY with deltaY
The NSEvent class method scrollingDeltaY is available
for Mac OS 10.7 and newer. Since QEMU supports Mac OS
10.5 and up, we need to be using a method that is
available on these version of Mac OS X. The deltaY
method is a method that does almost the same thing as
scrollingDeltaY and is available on Mac OS 10.5 and
up. So we can replace scrollingDeltaY with deltaY.

We only check deltaY's value if it is not zero
because zero means that the scrolling increment was
sufficiently fine that it was only reported in scrollingDeltaY,
or that the scrolling was horizontal.

Signed-off-by: John Arbuckle <programmingkidx@gmail.com>
Message-id: 20180709150235.7573-1-programmingkidx@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: tweak commit message and comment a little]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12 16:03:50 +01:00
Peter Maydell
7fdf16e114 pull-seccomp-20180712
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJbR0/GAAoJEN8y58Dw//miNK4IAJeRWlrUC6Ky/2F/1ppX3gS0
 +nwIBnlzMMI2cJv9yaEF7q5dIQklXD9jblhL6NlXXUdu4BhDZyY6MUn1d0pKuefC
 g9imYQ88/esuomWYuZhADM6+vW3Cqbi57Z5pQJgCLHM9aF9sH2IQkVfJZgHWqWft
 BxWDih3xtnx6UG7kqbFCA3gsdkdIceUCh4ANm+KYP/iB/JB0t7WoDviEVTyji83D
 ci3SzK7eRn0stjCz+X2hR9hoSdsU89DOJDdVAiTct4swrbuR0RFHZdsgC+gHUZJr
 9YnYudYE4SOxoczkM1LsUmitKIL2BK7vRBmY2B/2EWndi8/XIRg6TtvhPvKPe7E=
 =xTNJ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20180712' into staging

pull-seccomp-20180712

# gpg: Signature made Thu 12 Jul 2018 13:55:34 BST
# gpg:                using RSA key DF32E7C0F0FFF9A2
# gpg: Good signature from "Eduardo Otubo (Senior Software Engineer) <otubo@redhat.com>"
# Primary key fingerprint: D67E 1B50 9374 86B4 0723  DBAB DF32 E7C0 F0FF F9A2

* remotes/otubo/tags/pull-seccomp-20180712:
  seccomp: allow sched_setscheduler() with SCHED_IDLE policy

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12 14:59:28 +01:00
Marc-André Lureau
056de1e894 seccomp: allow sched_setscheduler() with SCHED_IDLE policy
Current and upcoming mesa releases rely on a shader disk cash. It uses
a thread job queue with low priority, set with
sched_setscheduler(SCHED_IDLE). However, that syscall is rejected by
the "resourcecontrol" seccomp qemu filter.

Since it should be safe to allow lowering thread priority, let's allow
scheduling thread to idle policy.

Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=1594456

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Eduardo Otubo <otubo@redhat.com>
2018-07-12 14:52:39 +02:00
Peter Maydell
ff82d3c73e - fix confusion around sizes in storage attribute migration
- remove NULL check on error_propagate() in virtio-ccw
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAltHHwASHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vF7gP/2ynEG18551bjR2LwHUdzmVhn3f0TKnd
 IrVFJfq+DpmgN4xVTgma4saf3+xiRVxEj9kiUwdiKA6InAJwIJbveHPjI4AtUR+r
 1+dxYEB17latQktSfUjk2aqfDx/x7+G12hon9dc6Xzt7o7RcJui4o5tUZO4TJViw
 psKuWNgIt2EzZ+KOyMWJPHOTTYt3mV38Z/YIDF3CpmBe4Y9efdOa5Qq/nEOQyjIV
 nWqOKExtYIs7EezZjJzl/Zz59ccpF7QY9WfqNkDFj6VBr9u/XPxqNOJliWYa9Myv
 qVHMJzlkBsNTGe1Fmnl9s3zMVV9DuHfFrSsZ9YZ8L3xBb2lbFANXOafiNegGrc1X
 I8vUxRW+BbMTtpmbuadTO09Ea4mtMsl6odT9t0bPasIvbD/tyeNNzGqENlxqAbLK
 XUoYULhSS/c5KSzdK+QcaqHswyCoYtTpjNpcmrnA2x9csmwBkWYUKzB7MD8BiIVo
 p7YA7mThewIp6XPC2ItcHAdOfGG5BEMLeGTEokHCKTVfd8pXWjJvJuXVFhigWPud
 EN1lbB9QWRBeK6yEklSG2DhfTKIAZAcGWg5PZgz5mLTOCSTEzlw1D0H42WYciSYD
 chrVYavMaokUMjpBFLLImG/nY2Z8R2uF58eJJq+wFmhknaegTW4QaJnJHzdiyXTs
 pKVty0r8WdmE
 =MLOD
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20180712' into staging

- fix confusion around sizes in storage attribute migration
- remove NULL check on error_propagate() in virtio-ccw

# gpg: Signature made Thu 12 Jul 2018 10:27:28 BST
# gpg:                using RSA key DECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20180712:
  error: Remove NULL checks on error_propagate() calls
  s390x/storage attributes: fix CMMA_BLOCK_SIZE usage

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12 12:29:23 +01:00
Peter Maydell
87130a0d43 VFIO fixes 2018-07-11
- Avoid RAMBlock segfault in option ROM teardown for vfio-pci devices
    (Cédric Le Goater)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJbRl4sAAoJECObm247sIsigUwP/AnG3qRSe41CH2V2/FXPz4Me
 zzS7ClhggHk5ml0eNIGy0D6ooh2DZ9XwY7DK/WP1UW0/mqwxro77HsH4f1C5I+fG
 7ORX0ywzUlPugZKcfEq2MWN6CzzvUqtaSfFLY4BnBfnZiQ0OH+Etm5ebdVUFkxlk
 6ZT/I/aXjujoXwpUCXf1sRzUTBVPyABKHe4oOpwzVigWwKu9QtzgOm6nXekdiAq+
 JBfhAtu0B15UYHcHG1DPbdNOF/0WVmXzzMaUUUqJy1c1CaVdoHswJMv+qwfLGwks
 QVBu59KEO41vUaBsn6S53tPNO/3N8kChMt/g8k+MICBnV7IghJC/a9/3ZJ7lYjjq
 I8nP3jkepiEM+9eglNxqAtZfb51WHz+OANedQVsHjClzFEU03n8KzmH3qIrVFu2b
 tY5gSx48vG/BiWicJ1HzAT+N9i6s8k/VV52J/UR2BZGAr/nZ+85byKVq6aHJbNWk
 d7cr1N6WfZJRVs47RjYOD0ENvZ8oZ8pDwTSKsc5qR9r9IBszuiI50VAqoWGaWlZL
 Jz8Anw0ED391D65GuyEttKiiVxH5bPonrS2xb+vv9SFIOH+bLdCd64vdbtg8L3EW
 Q/GZrv+coMfKc4plOQjn7TwSYEjFhObWA6k0039ZP3DcVTEbJZPeNxKkd550AY7m
 08K/396HQrwo8IB+ZHqz
 =1V6g
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-fixes-20180711.1' into staging

VFIO fixes 2018-07-11

 - Avoid RAMBlock segfault in option ROM teardown for vfio-pci devices
   (Cédric Le Goater)

# gpg: Signature made Wed 11 Jul 2018 20:44:44 BST
# gpg:                using RSA key 239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* remotes/awilliam/tags/vfio-fixes-20180711.1:
  vfio/pci: do not set the PCIDevice 'has_rom' attribute

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12 11:05:21 +01:00
Peter Maydell
7411faed38 Monitor patches for 2018-07-11
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbRlafAAoJEDhwtADrkYZTaJoP/0EWyQVHpRQ/DjWPFBw7ib7S
 5OdarPIpVs1kY6jDHnxaMuud9t1ks2riX/+mFvrhgPjiHQsk4QAxZdp7Q1U7QJyJ
 VnQxQTGi5D/qVXFhOzYjaWD4Szg6PCYYD2wdgLV6SMYgdbdGSHgY0ONwR/G0d/Yi
 w9CXTAO/HPIWEzX9VhMqnL+/lpdo5kp4WgS+gvNslcghhODmj6pZMYqKl+ScBTvq
 lIGl6DIEcjqeWKyaCA+ZGwtr/p/J8XiVRJJ4jYOIBPtO0zozRLugNAvCN/Gp0MXE
 kN/cFlSrj2yFLUNLQcWx35y6lg97J2ENro7ZRXcBv+oBTLF1mPkpH8BiCZcHuFmy
 O5qANgU8vPnFZ2LNg/v9zQfYGpLTeQ5alHfhO3TmtzaQzudWqR+LqghVU/ACplZL
 oGazBclFVX7h+6KAPei7Jyd0HbCyeOA1whMoV/I7yu81s7FDLzOU5hLsvOIM0ziP
 lgX4Q4K+pvfnYSOim2OGNIWsRZzEioXJsGVsY+o8tev3DlvupPR8KiDsg1cY7RFN
 KhqOpbU4NSTnQ81sZ5Re83SRchLdF5K8lfO2aTK73ock4NNA+VtEyEUnD6r6/Hti
 9Ju0oH4WS9m7KBrdcKN5YAV0GB2xEJJ0P2tH101gpJvRiFY+xFTL3gZt00/u/tH2
 Ul3dUxL1jJDQqV1uVIMD
 =1mPc
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2018-07-11' into staging

Monitor patches for 2018-07-11

# gpg: Signature made Wed 11 Jul 2018 20:12:31 BST
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-monitor-2018-07-11:
  monitor: fix double-free of request error

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-07-12 09:53:40 +01:00
Cédric Le Goater
26c0ae5638 vfio/pci: do not set the PCIDevice 'has_rom' attribute
PCI devices needing a ROM allocate an optional MemoryRegion with
pci_add_option_rom(). pci_del_option_rom() does the cleanup when the
device is destroyed. The only action taken by this routine is to call
vmstate_unregister_ram() which clears the id string of the optional
ROM RAMBlock and now, also flags the RAMBlock as non-migratable. This
was recently added by commit b895de5027 ("migration: discard
non-migratable RAMBlocks"), .

VFIO devices do their own loading of the PCI option ROM in
vfio_pci_size_rom(). The memory region is switched to an I/O region
and the PCI attribute 'has_rom' is set but the RAMBlock of the ROM
region is not allocated. When the associated PCI device is deleted,
pci_del_option_rom() calls vmstate_unregister_ram() which tries to
flag a NULL RAMBlock, leading to a SEGV.

It seems that 'has_rom' was set to have memory_region_destroy()
called, but since commit 469b046ead ("memory: remove
memory_region_destroy") this is not necessary anymore as the
MemoryRegion is freed automagically.

Remove the PCIDevice 'has_rom' attribute setting in vfio.

Fixes: b895de5027 ("migration: discard non-migratable RAMBlocks")
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-07-11 13:43:57 -06:00
Marc-André Lureau
42eab8dbec monitor: fix double-free of request error
qmp_error_response() will free the given error. Fix double-free in
later qmp_request_free().

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180705164201.9853-1-marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Fixes: 1cc3747152
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2018-07-11 21:11:15 +02:00