Commit Graph

76363 Commits

Author SHA1 Message Date
Max Filippov
1a03362b14 target/xtensa: fix pasto in pfwait.r opcode name
Core xtensa opcode table has pfwait.o instead of pfwait.r. Fix that.

Fixes: c884400f29 ("target/xtensa: implement block prefetch option opcodes")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2020-04-07 16:08:11 -07:00
Peter Maydell
f3bac27cc1 Update version for v5.0.0-rc2 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 23:13:37 +01:00
Peter Maydell
e715f7b77e Various fixes:
- add .github repo lockdown config
   - better handle missing symbols in elf-ops
   - protect fcntl64 with #ifdef
   - remove unused macros from test
   - fix handling of /proc/self/maps
   - avoid BAD_SHIFT in x80 softfloat
   - properly terminate on .hex EOF
   - fix configure probe on windows cross build
   - fix %r12 guest_base initialization
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAl6MnMIACgkQ+9DbCVqe
 KkQmYQf9EvffSO3rsazTR4fairuzKipnLaQor9LuwusV5CbESwC9BQiUt3G5Q/Ue
 cvBI9Lvwp0v2q0F/nLgRiomI+ZyOgxBNElAmX5YBiO9sKn+O/lIUSbEJvuglEl2F
 4sfnwLH3tXsIe+7N5R/NSS4VkOpMebIRBHQUNHZgg00KJuhRrK8Ikl/XW7RiqHrM
 bK2BmxgWRtx63JDGZDKVSsDIkY8dhCmlWIDyXaspaYUrU7kAoxoD6YwM4armIYat
 TkYeZxEAXRn5e9ln/hXg4sUd348Hhw4arCHqsOplPk8BQ9psw98o/TuHnvJ1CX1q
 G1Ci9LcGBhvaz8yoImzhiczykwCiiw==
 =PXy6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stsquad/tags/pull-misc-fixes-070420-1' into staging

Various fixes:

  - add .github repo lockdown config
  - better handle missing symbols in elf-ops
  - protect fcntl64 with #ifdef
  - remove unused macros from test
  - fix handling of /proc/self/maps
  - avoid BAD_SHIFT in x80 softfloat
  - properly terminate on .hex EOF
  - fix configure probe on windows cross build
  - fix %r12 guest_base initialization

# gpg: Signature made Tue 07 Apr 2020 16:31:14 BST
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-misc-fixes-070420-1:
  tcg/i386: Fix %r12 guest_base initialization
  configure: Add -Werror to PIE probe
  hw/core: properly terminate loading .hex on EOF record
  linux-user: clean-up padding on /proc/self/maps
  linux-user: factor out reading of /proc/self/maps
  softfloat: Fix BAD_SHIFT from normalizeFloatx80Subnormal
  gdbstub: fix compiler complaining
  target/xtensa: add FIXME for translation memory leak
  linux-user: more debug for init_guest_space
  tests/tcg: remove extraneous pasting macros
  linux-user: protect fcntl64 with an #ifdef
  elf-ops: bail out if we have no function symbols
  .github: Enable repo-lockdown bot to refuse GitHub pull requests

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 22:12:05 +01:00
Peter Maydell
3f1082e5b8 Xen queue for QEMU 5.0
- Fix for xen-block.
 - A fix for a Coverity false positive in xen-usb.
 - Update MAINTAINERS to add xen-usb.c to Xen section.
 -----BEGIN PGP SIGNATURE-----
 
 iQFOBAABCgA4FiEE+AwAYwjiLP2KkueYDPVXL9f7Va8FAl6MmmwaHGFudGhvbnku
 cGVyYXJkQGNpdHJpeC5jb20ACgkQDPVXL9f7Va/iiAf/SHWEbkvUyaEIl9RrTzpo
 ZsFrtUMGhi3YRvxKUD8Q8zebejemLROwvPGxg/rJ5kq5ecygq8W1crXgN4OyaRzh
 oV00uC6h6AhfmUrZFuWGcgXDY+dg5rOPPmKLiF8ilE9dVZBSL2nPYo41QDaV96Q4
 1alJIh0IE5WwVzZb2D/dqt7jve3SB5zlHZigwtCRTMN5o/qJYUb66s/XIQc2htIq
 BsSNfU3QAZIXih6rGvzvG6Er7OnI86QtXlNl46zsjRr581nIwBndIdE2IU+Afm3+
 pZhXQR13OVSXPu5djv6rlfmYDsTI9zn90L9IIf7lLmW+8B3SOVlAbDr9GmGi+RKu
 Yg==
 =zTtF
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20200407' into staging

Xen queue for QEMU 5.0

- Fix for xen-block.
- A fix for a Coverity false positive in xen-usb.
- Update MAINTAINERS to add xen-usb.c to Xen section.

# gpg: Signature made Tue 07 Apr 2020 16:21:16 BST
# gpg:                using RSA key F80C006308E22CFD8A92E7980CF5572FD7FB55AF
# gpg:                issuer "anthony.perard@citrix.com"
# gpg: Good signature from "Anthony PERARD <anthony.perard@gmail.com>" [marginal]
# gpg:                 aka "Anthony PERARD <anthony.perard@citrix.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5379 2F71 024C 600F 778A  7161 D8D5 7199 DF83 42C8
#      Subkey fingerprint: F80C 0063 08E2 2CFD 8A92  E798 0CF5 572F D7FB 55AF

* remotes/aperard/tags/pull-xen-20200407:
  MAINTAINERS: Add xen-usb.c to Xen section
  xen-block: Fix uninitialized variable
  hw/usb/xen-usb.c: Pass struct usbback_req* to usbback_packet_complete()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 20:55:07 +01:00
Peter Maydell
2f37b0222c Block layer patches:
- Fix crashes and hangs related to iothreads, bdrv_drain and block jobs:
     - Fix some AIO context locking in jobs
     - Fix blk->in_flight during blk_wait_while_drained()
 - vpc: Don't round up already aligned BAT sizes
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJejI1UAAoJEH8JsnLIjy/WQhEQAIF2zkkdbT77VTMLvFmPU36J
 hPR2RSzd5egNtfn3zm7vGZJ3FEZb5SEAV5R9CnwVAJeQnPUll7bjkPsoynrEUFU2
 PSoFe8lKuYwoAOOSjqakASpKx/Xs3sctKc4fgRWr5/dbWFCC77Q+qxHiKO4KYfeh
 g00jsjeCLMVLop3r9uMDovlA81mJUIP5axSjSH7akgzLC+ZCfH2RFFu62D7wYv9w
 UgQM/NZt2YuLFm+BeQLB4K2BK+PZBCN1trPj+h11ecUwm9b1XZZfO/7R0T8Wrljc
 49fd5Z/GombCnyxuLCr6QrhLZcr8FffLJXQgkdHTkWUKQXqZUfmqLjVIAbli0ZiC
 hP8jE5EgdAXpBrGeM2oH+dk0iQSBGTIMaGlhDwxO32xOAQ8TKpRiMZMfwGHqB+vn
 m/EPoHLHL6vQGxISfGjj4k3fnSP74nvRrS656MhLuG03SkPZacyTZQpTkErg2imW
 AeU6g4afvvLtJBoF/YYA5Qhff1Ux5eh9jactIW1DRf/Q4tTc4ioTU25560Le4eGZ
 kex/AwIcf9P47eTUCP8L6iNKz8RU7bV4g9vl9zz7fQm3i9GEhly88XvOppnXRUvT
 XdkfdlSmUZ9vue6rAfgsL5fQIHtsGRfH90nT11/IW1X4baOImtcQBWg3xZdR4zPS
 W2H0J01PlSKE8l/OWQlo
 =oODf
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- Fix crashes and hangs related to iothreads, bdrv_drain and block jobs:
    - Fix some AIO context locking in jobs
    - Fix blk->in_flight during blk_wait_while_drained()
- vpc: Don't round up already aligned BAT sizes

# gpg: Signature made Tue 07 Apr 2020 15:25:24 BST
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  vpc: Don't round up already aligned BAT sizes
  block: Fix blk->in_flight during blk_wait_while_drained()
  block: Increase BB.in_flight for coroutine and sync interfaces
  block-backend: Reorder flush/pdiscard function definitions
  backup: don't acquire aio_context in backup_clean
  replication: assert we own context before job_cancel_sync
  job: take each job's lock individually in job_txn_apply

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 19:12:45 +01:00
Peter Maydell
339205e7ef Block patches for 5.0-rc2:
- Fix double QLIST_REMOVE() and potential request object leak in
   xen-block
 - Prevent a potential assertion failure in qcow2's code for compressed
   clusters by rejecting invalid (unaligned) requests with -EIO
 - Prevent discards on qcow2 v2 images from making backing data reappear
 - Make qemu-img convert report I/O error locations by byte offsets
   consistently
 - Fix for potential I/O test errors (accidental globbing due to missing
   quotes)
 -----BEGIN PGP SIGNATURE-----
 
 iQFGBAABCAAwFiEEkb62CjDbPohX0Rgp9AfbAGHVz0AFAl6MckkSHG1yZWl0ekBy
 ZWRoYXQuY29tAAoJEPQH2wBh1c9AGLcH/A8ML6mjaJtwjZG4hL2IuJiA5q+EwswL
 BSM9JBmShFHGkienYhjwMHBgU/QzXMjmsPNLSvdrn09Zd/0C3VjoHVZqfp67o3Cc
 /LmQxnMGfSD8OL/hQmuWeW4S0DKV4rFXFYfbeLFiVpdaS6Sy4BOXiM/ozVJz/IjA
 G+rdr9qk6ICWu940VfQXfl1nNxKw9fUebMH0p2SXbrKDmP4m+Op+Phr9rs506+wj
 Of+RwFQ5mkiou8k5s3ODTzD71gZmWsWP2xOGZ3n5ydVMuwZnblCmaTj2V/tbtBYN
 zQILgnwNYagYWrdOIjJepmC+oHa2tN3tJnMLMYRrB29BJN3AOcB7Etc=
 =0rFv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-04-07' into staging

Block patches for 5.0-rc2:
- Fix double QLIST_REMOVE() and potential request object leak in
  xen-block
- Prevent a potential assertion failure in qcow2's code for compressed
  clusters by rejecting invalid (unaligned) requests with -EIO
- Prevent discards on qcow2 v2 images from making backing data reappear
- Make qemu-img convert report I/O error locations by byte offsets
  consistently
- Fix for potential I/O test errors (accidental globbing due to missing
  quotes)

# gpg: Signature made Tue 07 Apr 2020 13:30:01 BST
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/maxreitz/tags/pull-block-2020-04-07:
  xen-block: Fix double qlist remove and request leak
  iotests/common.pattern: Quote echos
  qcow2: Check request size in qcow2_co_pwritev_compressed_part()
  qemu-img: Report convert errors by bytes, not sectors
  qcow2: Forbid discard in qcow2 v2 images with backing files

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 17:38:47 +01:00
Richard Henderson
cce743abbf tcg/i386: Fix %r12 guest_base initialization
When %gs cannot be used, we use register offset addressing.
This path is almost never used, so it was clearly not tested.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200406174803.8192-1-richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Richard Henderson
eca7a8e6c0 configure: Add -Werror to PIE probe
Without -Werror, the probe may succeed, but then compilation fails
later when -Werror is added for other reasons.  Shows up on windows,
where the compiler complains about -fPIC.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200401214756.6559-1-richard.henderson@linaro.org>
Message-Id: <20200403191150.863-13-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
58d5e749d6 hw/core: properly terminate loading .hex on EOF record
The https://makecode.microbit.org/#editor generates slightly weird
.hex files which work fine on a real microbit but causes QEMU to
choke. The reason is extraneous data after the EOF record which causes
the loader to attempt to write a bigger file than it should to the
"rom". According to the HEX file spec an EOF really should be the last
thing we process so lets do that.

Reported-by: Ursula Bennée <alex.bennee@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200403191150.863-12-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
bb55173cfb linux-user: clean-up padding on /proc/self/maps
Don't use magic spaces, calculate the justification for the file
field like the kernel does with seq_pad.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200403191150.863-10-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
01ef6b9e4e linux-user: factor out reading of /proc/self/maps
Unfortunately reading /proc/self/maps is still considered the gold
standard for a process finding out about it's own memory layout. As we
will want this data in other contexts soon factor out the code to read
and parse the data. Rather than just blindly copying the existing
sscanf based code we use a more modern glib version of the parsing
code to make a more general purpose map structure.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200403191150.863-9-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Richard Henderson
2f311075b7 softfloat: Fix BAD_SHIFT from normalizeFloatx80Subnormal
All other calls to normalize*Subnormal detect zero input before
the call -- this is the only outlier.  This case can happen with
+0.0 + +0.0 = +0.0 or -0.0 + -0.0 = -0.0, so return a zero of
the correct sign.

Reported-by: Coverity (CID 1421991)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200327232042.10008-1-richard.henderson@linaro.org>
Message-Id: <20200403191150.863-8-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Denis Plotnikov
076b2fadb5 gdbstub: fix compiler complaining
./gdbstub.c: In function ‘handle_query_thread_extra’:
        /usr/include/glib-2.0/glib/glib-autocleanups.h:28:10:
    error: ‘cpu_name’ may be used uninitialized in this function
    [-Werror=maybe-uninitialized]
        g_free (*pp);
               ^
    ./gdbstub.c:2063:26: note: ‘cpu_name’ was declared here
        g_autofree char *cpu_name;
                         ^
    cc1: all warnings being treated as errors

Signed-off-by: Denis Plotnikov <dplotnikov@virtuozzo.com>
Message-Id: <20200326151407.25046-1-dplotnikov@virtuozzo.com>
Reported-by: Euler Robot <euler.robot@huawei.com>
Reported-by: Chen Qun <kuhn.chenqun@huawei.com>
Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-Id: <20200325092137.24020-1-kuhn.chenqun@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200403191150.863-7-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
1f089c6705 target/xtensa: add FIXME for translation memory leak
Dynamically allocating a new structure within the DisasContext can
potentially leak as we can longjmp out of the translation loop (see
test_phys_mem). The proper fix would be to use static allocation
within the DisasContext but as the Xtensa translator imports it's code
from elsewhere I leave that as an exercise for the maintainer.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Message-Id: <20200403191150.863-6-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
b859040dc4 linux-user: more debug for init_guest_space
Searching for memory space can cause problems so lets extend the
CPU_LOG_PAGE output so you can watch init_guest_space fail to
allocate memory. A more involved fix is actually required to make this
function play nicely with the large guard pages the sanitiser likes to
use.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200403191150.863-5-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
af7fc47f2c tests/tcg: remove extraneous pasting macros
We are not using them and they just get in the way.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200403191150.863-4-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
bbf5f2a1aa linux-user: protect fcntl64 with an #ifdef
Checking TARGET_ABI_BITS is sketchy - we should check for the presence
of the define to be sure. Also clean up the white space while we are
there.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200403191150.863-3-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
040425f849 elf-ops: bail out if we have no function symbols
It's perfectly possible to have no function symbols in your elf file
and if we do the undefined behaviour sanitizer rightly complains about
us passing NULL to qsort. Check nsyms before we go ahead.

While we are at it lets drop the unchecked return value and cleanup
the fail leg by use of g_autoptr.

Another fix was proposed 101 weeks ago in:
Message-Id: 20180421232120.22208-1-f4bug@amsat.org

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200403191150.863-2-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Philippe Mathieu-Daudé
20a4f14f6e .github: Enable repo-lockdown bot to refuse GitHub pull requests
Some GitHub users try to open pull requests against the GitHub
mirror. Unfortunate these get ignored until eventually someone
notices and closes the request.

Enable the 'Repo Lockdown' [*] 3rd party bot which can autorespond
to pull requests with a friendly comment, close the request, and
then lock it to prevent further comments.

[*] https://github.com/dessant/repo-lockdown

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-Id: <20200406214125.18538-1-f4bug@amsat.org>
[AJB: s/fill/file/ and point at canonical qemu.org/contribute]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2020-04-07 16:19:18 +01:00
Anthony PERARD
758af9cfab MAINTAINERS: Add xen-usb.c to Xen section
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Paul Durrant <paul@xen.org>
Message-Id: <20200406165043.1447837-1-anthony.perard@citrix.com>
2020-04-07 16:13:26 +01:00
Anthony PERARD
0cd40042c5 xen-block: Fix uninitialized variable
Since 7f5d9b206d ("object-add: don't create return value if
failed"), qmp_object_add() don't write any value in 'ret_data', thus
has random data. Then qobject_unref() fails and abort().

Fix by initialising 'ret_data' properly.

Fixes: 5f07c4d60d ("qapi: Flatten object-add")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200406164207.1446817-1-anthony.perard@citrix.com>
2020-04-07 16:13:26 +01:00
Peter Maydell
1aef27c93d hw/usb/xen-usb.c: Pass struct usbback_req* to usbback_packet_complete()
The function usbback_packet_complete() currently takes a USBPacket*,
which must be a pointer to the packet field within a struct
usbback_req; the function uses container_of() to get the struct
usbback_req* given the USBPacket*.

This is unnecessarily confusing (and in particular it confuses the
Coverity Scan analysis, resulting in the false positive CID 1421919
where it thinks that we write off the end of the structure). Since
both callsites already have the pointer to the struct usbback_req,
just pass that in directly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20200323164318.26567-1-peter.maydell@linaro.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2020-04-07 16:13:26 +01:00
Peter Maydell
3f0fb07379 QAPI patches for 2020-04-07
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAl6MZ2oSHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTBTMP/28dQKp+4vbdW98TWg4MoxCkLviWmMLF
 qt8a6zK1WSoKgciUfCLWvGGW6lOmagOiLq+WGt+k23P9Wu5s0ax0tvm7p7Q8m7sx
 NMHh6MIPxCLcNh1zPQ8B2+tJSOOQtXfaZo6W4gfaJ+lgz/NtHPzjcs+tLvDhOofb
 QGH2dUBRmA2gh0kIO0fNfYWEL0/ckQA67bHnHWU714k+U8LWux7yJMK8z3gVjEIs
 Tk6eURF/vaNZrQmOOuqrMc8AIO6l3tgJG7Zcv+4Sv8tJUEiaiASiokEEmEs1bj63
 izt8pAF0EvfMoL/ZFODChTfJDsPuDQad5WApfqzLTE3zBWUEetIQjPZJwxMrv8uQ
 zLjEQxTMGTGkONrFASkSZqlRw6+mWOsE71KJwo/FEfHH2G2lzVnZRzdHhhSMB8+4
 F6dzHRd66oFWz/t2hwGIXc2ng1xqtc/llBC4HZBxBOUQ0iba6LP0clpBHUJ75UDB
 JClxFI6P6xztqSGejp2FsEy2FMUw67TnvRLGPS/t/NfcdsfNfEO1rL1M10RlThoa
 Nl131Opx50cT4jhMtOQS5wySQ8whtYHQQkMCfHc+QYXwmaAiRSvJrl227ywJcX3g
 AnSpCu8VeeKJKwhzLSA3UhROjbuk4NsR/NGERDe1iwtYV9X33/zdO/sGpdmX25rc
 G88DH3NWrzPR
 =BaVo
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-04-07' into staging

QAPI patches for 2020-04-07

# gpg: Signature made Tue 07 Apr 2020 12:43:38 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2020-04-07:
  json: Fix check for unbalanced right curly brace

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 16:05:07 +01:00
Peter Maydell
8f0d25c464 Acceptance tests patches
- Fixed EXEC migration
 - Reduce PReP/40p artifacts download failures,
 - Disable Leon3 HelenOS
 - Speed up Travis-CI job by using a specific cache bucket
 
 CI jobs results:
   https://gitlab.com/philmd/qemu/pipelines/133379305
   https://travis-ci.org/github/philmd/qemu/builds/671762970
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAl6MWAUACgkQ4+MsLN6t
 wN7UEg/9F+2INbIY24MAYhPldO5PZWJp2Eqdt5p0pR6yd4WzTMbRcRezYZZtQ9EP
 V4tsLACWnJAyeXPk0zgr+8gYHTD/m/sZCPU0Zg8v6O98H/XJmQOpRaofKScMdtc8
 QdMPFCtDVlkyWiVQ6BQOwWatYGsr/CIm6AEDNn+TtULLrqnRD1hdajKzQIELZTlO
 AdKThN4ewiDc2MPVSxqHt3z/1pCVSS53g59eSgWKsLvIEoY3UVigmDl2hITd6m8f
 zwCSzDtvDcC4ReKwMPc6OUC3kglp14WuiIgTiuUvb1Rok22A+u0QKqnJxK+aJTZ+
 ZnorEWJg3aEITJue0/biX5is3ieSRMMcNZD8FNxzZCEmwuPCDMlBu2mTQPF7+RwT
 qHZBL+e8ixT5274024ojZQ5fgH6QSSR3NdZ8EBzhQlxOFWpWarey9cQGwFk6Pgal
 mL+GoVHrlN3xt+AxDJaVwBWisSnxsy+ueGANbZ+4uvZxyeLSXCESV6bAEeU9REh4
 fvFmZL2LzV738Z86iwChwy80YkPNNau6BiSIuXn5uUUpjV9dR6u6y1k/oMAuZqvm
 67lbv3uaE6OlYd3JuV9VvaNAbV2BpLab8RCXcAhD2KLfSROJsPzCtGRRE2hGIWoG
 xlMlf/dIbF9p89vZSjmDcDWoKlVsJQUFDfTmqKnU7bABNCv9fRo=
 =YUaj
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/acceptance-fixes-20200407' into staging

Acceptance tests patches

- Fixed EXEC migration
- Reduce PReP/40p artifacts download failures,
- Disable Leon3 HelenOS
- Speed up Travis-CI job by using a specific cache bucket

CI jobs results:
  https://gitlab.com/philmd/qemu/pipelines/133379305
  https://travis-ci.org/github/philmd/qemu/builds/671762970

# gpg: Signature made Tue 07 Apr 2020 11:37:57 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/acceptance-fixes-20200407:
  .travis.yml: Cache acceptance-test assets
  tests/acceptance/machine_sparc_leon3: Disable HelenOS test
  tests/acceptance/ppc_prep_40p: Use mirror for ftp.software.ibm.com
  tests/acceptance/ppc_prep_40p: Use cdn.netbsd.org hostname
  Acceptance test: Fix to EXEC migration

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 15:10:11 +01:00
Kevin Wolf
3f6de653b9 vpc: Don't round up already aligned BAT sizes
As reported on Launchpad, Azure apparently doesn't accept images for
upload that are not both aligned to 1 MB blocks and have a BAT size that
matches the image size exactly.

As far as I can tell, there is no real reason why we create a BAT that
is one entry longer than necessary for aligned image sizes, so change
that.

(Even though the condition is only mentioned as "should" in the spec and
previous products accepted larger BATs - but we'll try to maintain
compatibility with as many of Microsoft's ever-changing interpretations
of the VHD spec as possible.)

Fixes: https://bugs.launchpad.net/bugs/1870098
Reported-by: Tobias Witek
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200402093603.2369-1-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:42:08 +02:00
Kevin Wolf
7f16476fab block: Fix blk->in_flight during blk_wait_while_drained()
Waiting in blk_wait_while_drained() while blk->in_flight is increased
for the current request is wrong because it will cause the drain
operation to deadlock.

This patch makes sure that blk_wait_while_drained() is called with
blk->in_flight increased exactly once for the current request, and that
it temporarily decreases the counter while it waits.

Fixes: cf3129323f
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200407121259.21350-4-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:40:57 +02:00
Kevin Wolf
fbb92b6798 block: Increase BB.in_flight for coroutine and sync interfaces
External callers of blk_co_*() and of the synchronous blk_*() functions
don't currently increase the BlockBackend.in_flight counter, but calls
from blk_aio_*() do, so there is an inconsistency whether the counter
has been increased or not.

This patch moves the actual operations to static functions that can
later know they will always be called with in_flight increased exactly
once, even for external callers using the blk_co_*() coroutine
interfaces.

If the public blk_co_*() interface is unused, remove it.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200407121259.21350-3-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:40:41 +02:00
Kevin Wolf
564806c529 block-backend: Reorder flush/pdiscard function definitions
Move all variants of the flush/pdiscard functions to a single place and
put the blk_co_*() version first because it is called by all other
variants (and will become static in the next patch).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200407121259.21350-2-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:40:28 +02:00
Peter Maydell
ca74fc1988 fixes for 5.0:
- audio: windows (dsound) fixes.
 - vga: ati blitter sanity check fixes.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJejEYoAAoJEEy22O7T6HE4B8wQAMHEcbyXVnh2hc/0x1wHi6T5
 IlsLkWvTEC0ZsyG5FcCm9XVC3b+WYCOyt4p+Zci9/lCZuYVCQjsKAafy8zb/8gZo
 c+bQny3APdzE+LSO8sByRDCrnwAxEzyzdcqEj8NKXUhTK0fZRCopyi4nWDIfK1b8
 fNWhWvObeTQEqULbPk+NRFPzI49vMijNK/y7CA64X12jddstG6psaeNYxrjzSTVf
 Fk2L9f4rccVAIA2Cl1hmp18QqqFiQeL/Bw8zi/mGaMBE9ip+SyrTP70MY1GavRDF
 tRfwAHu+eVD3i6iiyoGOapQjgelprn83Qrce8gXJ4/ldxHLbeGnfVx90usp77d/9
 cMQygbIGzbOCpZFPZ0C6aCQrEBJ8aqrZdiCK9i6Z3loqh3plVWBpoUpKT6L1FF+U
 igO21JX3Sz/T4i2RVToylx/2LFii0A8uoT7OMqT45+yjFcra4T6LWdgQtntomKlV
 J51VIXjAzWrxQ3SNOZHrgKYq6MYuLRU6zDQW/arglgA3t0t+gco6LG63Jbx3IH+C
 CL2j4TVG5XHXf74hkWbWQlMxz7Os49k1DQojB9QfOk4L6M0IpJxZXFE8v+v/tIjE
 TF/KeM20Wv6rc8TWYx96SO8gCTW6lgysRymSn1tU09uWAx/bAfSxTru2E7VErmMx
 aiPUv6uzVdFJG8yRHX8j
 =AoE+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20200407-pull-request' into staging

fixes for 5.0:
- audio: windows (dsound) fixes.
- vga: ati blitter sanity check fixes.

# gpg: Signature made Tue 07 Apr 2020 10:21:44 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/fixes-20200407-pull-request:
  ati-vga: Fix checks in ati_2d_blt() to avoid crash
  dsoundaudio: dsound_get_buffer_in should honor *size
  dsoundaudio: fix "Could not lock capture buffer" warning
  dsoundaudio: fix never-ending playback loop

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 14:01:49 +01:00
Stefan Reiter
eca0f3524a backup: don't acquire aio_context in backup_clean
All code-paths leading to backup_clean (via job_clean) have the job's
context already acquired. The job's context is guaranteed to be the same
as the one used by backup_top via backup_job_create.

Since the previous logic effectively acquired the lock twice, this
broke cleanup of backups for disks using IO threads, since the BDRV_POLL_WHILE
in bdrv_backup_top_drop -> bdrv_do_drained_begin would only release the lock
once, thus deadlocking with the IO thread.

This is a partial revert of 0abf258171.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200407115651.69472-4-s.reiter@proxmox.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 14:34:47 +02:00
Stefan Reiter
08558e3325 replication: assert we own context before job_cancel_sync
job_cancel_sync requires the job's lock to be held, all other callers
already do this (replication_stop, drive_backup_abort,
blockdev_backup_abort, job_cancel_sync_all, cancel_common).

In this case we're in a BlockDriver handler, so we already have a lock,
just assert that it is the same as the one used for the commit_job.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Message-Id: <20200407115651.69472-3-s.reiter@proxmox.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 14:34:47 +02:00
Stefan Reiter
b660a84bbb job: take each job's lock individually in job_txn_apply
All callers of job_txn_apply hold a single job's lock, but different
jobs within a transaction can have different contexts, thus we need to
lock each one individually before applying the callback function.

Similar to job_completed_txn_abort this also requires releasing the
caller's context before and reacquiring it after to avoid recursive
locks which might break AIO_WAIT_WHILE in the callback. This is safe, since
existing code would already have to take this into account, lest
job_completed_txn_abort might have broken.

This also brings to light a different issue: When a callback function in
job_txn_apply moves it's job to a different AIO context, callers will
try to release the wrong lock (now that we re-acquire the lock
correctly, previously it would just continue with the old lock, leaving
the job unlocked for the rest of the return path). Fix this by not caching
the job's context.

This is only necessary for qmp_block_job_finalize, qmp_job_finalize and
job_exit, since everyone else calls through job_exit.

One test needed adapting, since it calls job_finalize directly, so it
manually needs to acquire the correct context.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Message-Id: <20200407115651.69472-2-s.reiter@proxmox.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 14:34:47 +02:00
Anthony PERARD
36d883ba0d xen-block: Fix double qlist remove and request leak
Commit a31ca6801c ("qemu/queue.h: clear linked list pointers on
remove") revealed that a request was removed twice from a list, once
in xen_block_finish_request() and a second time in
xen_block_release_request() when both function are called from
xen_block_complete_aio(). But also, the `requests_inflight' counter is
decreased twice, and thus became negative.

This is a bug that was introduced in bfd0d63660 ("xen-block: improve
response latency"), where a `finished' list was removed.

That commit also introduced a leak of request in xen_block_do_aio().
That function calls xen_block_finish_request() but the request is
never released after that.

To fix both issue, we do two changes:
- we squash finish_request() and release_request() together as we want
  to remove a request from 'inflight' list to add it to 'freelist'.
- before releasing a request, we need to let the other end know the
  result, thus we should call xen_block_send_response() before
  releasing a request.

The first change fixes the double QLIST_REMOVE() as we remove the extra
call. The second change makes the leak go away because if we want to
call finish_request(), we need to call a function that does all of
finish, send response, and release.

Fixes: bfd0d63660 ("xen-block: improve response latency")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20200406140217.1441858-1-anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
[mreitz: Amended commit message as per Paul's suggestions]
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Max Reitz
25fb2e9c39 iotests/common.pattern: Quote echos
From time to time, my shell decides to repace the bracketed numbers here
by the numbers inside (i.e., "=== Clusters to be compressed [1]" is
printed as "=== Clusters to be compressed 1").  That makes tests that
use common.pattern fail.  Prevent that from happening by quoting the
arguments to all echos in common.pattern.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200403101134.805871-1-mreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Alberto Garcia
fb43d2d46e qcow2: Check request size in qcow2_co_pwritev_compressed_part()
When issuing a compressed write request the number of bytes must be a
multiple of the cluster size or reach the end of the last cluster.

With the current code such requests are allowed and we hit an
assertion:

   $ qemu-img create -f qcow2 img.qcow2 1M
   $ qemu-io -c 'write -c 0 32k' img.qcow2

   qemu-io: block/qcow2.c:4257: qcow2_co_pwritev_compressed_task:
   Assertion `bytes == s->cluster_size || (bytes < s->cluster_size &&
              (offset + bytes == bs->total_sectors << BDRV_SECTOR_BITS))' failed.
   Aborted

This patch fixes a regression introduced in 0d483dce38

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20200406143401.26854-1-berto@igalia.com>
Reviewed-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Eric Blake
39f77cb662 qemu-img: Report convert errors by bytes, not sectors
Various qemu-img commands are inconsistent on whether they report
status/errors in terms of bytes or sector offsets.  The latter is
confusing (especially as more places move to 4k block sizes), so let's
switch everything to just use bytes everywhere.  One iotest is
impacted.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200402135717.476398-1-eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Alberto Garcia
80f5c01183 qcow2: Forbid discard in qcow2 v2 images with backing files
A discard request deallocates the selected clusters so they read back
as zeroes. This is done by clearing the cluster offset field and
setting QCOW_OFLAG_ZERO in the L2 entry.

This flag is however only supported when qcow_version >= 3. In older
images the cluster is simply deallocated, exposing any possible stale
data from the backing file.

Since discard is an advisory operation it's safer to simply forbid it
in this scenario.

Note that we are adding this check to qcow2_co_pdiscard() and not to
qcow2_cluster_discard() or discard_in_l2_slice() because the last
two are also used by qcow2_snapshot_create() to discard the clusters
used by the VM state. In this case there's no risk of exposing stale
data to the guest and we really want that the clusters are always
discarded.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20200331114345.29993-1-berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Simran Singhal
1394dc0690 json: Fix check for unbalanced right curly brace
We immediately diagnose unbalanced right curly brace:

    $ qemu-kvm --nodefaults --nographic --qmp stdio
    {"QMP": {"version": {"qemu": {"micro": 91, "minor": 2, "major": 4},
    "package": "v5.0.0-rc1-1-gf6ce4a439a08"}, "capabilities": ["oob"]}}
    }
    {"error": {"class": "GenericError", "desc": "JSON parse error,
    expecting value"}}

except within square bracket:

    [}

The check for unbalanced braces has a typo.  Fix it.

Fixes: 8d3265b3d0
Signed-off-by: Simran Singhal <singhalsimran0@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200402182848.GA3023@simran-Inspiron-5558>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message rewritten to explain what's broken]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-04-07 13:10:11 +02:00
Peter Maydell
c185e22112 ppc patch queue 2020-04-07
An assortment of fixes for qemu-5.0, including a number for the FWNMI
 feature which is new this release.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAl6MAv4ACgkQbDjKyiDZ
 s5LxjhAAuyKEYD0n6U5JL/+4zIe2YPZbzyUJL4ZeTCwcKgPY71bvOO+57/ATHOBU
 7DJ92glrdN1DN5iA6tpI3nTEA6ghDOR3/16UizqC0CdT17a5V4LOhcZ76ZbtPXyM
 ct9bZPEkGvnHsr5UGZ9fcGLeapHYQa6GEww1BI0Ed8Sa6D3yX+mk9x4PTMQKN8+R
 P8GmLUt6CYNxtvv15mILNA5BsFJDpAYKh3WSqYrXD0UF10w0UKI/Ma0hfqevrpiE
 aXF/TQOnEzirQEQ5jAgFy88einu70LuJx5ws96CJJAUPrjhi9vWuuHe4hk03z795
 CFpjWBwB5Kf/bkwkJgzQ2SxOHRnFPaQPCJG1Baf2B+VXdo/6R9Y7tq+ia3qDq4QK
 +O30HVHjzGFerURiTFh5yvaT7nN24BL6L3vSU/njyLpy2hy8Kfa8q4ic2k17DBGn
 ZfD844r+8mFLiSCr+g11iLBYqFRtzqdvCYYJlhdJxQISzQdDHIoobNfWglv9uTD2
 CZ6wPPdw7nGIPdBIxsTmztJREgLVO0oeXa/0yZG//gaQKHhxDeD2iajSd87Z20Cl
 bZ8K/mDE3QSt8KQOtq22whivJIwzUAi6XWcRTnCaCs39rYRoVRo9Ey55KnV1b6gI
 WjkCCzoPrGxrDMyHw9o571QvWWynANCHBzolUR8p9VU0abBugI4=
 =F8JM
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.0-20200407' into staging

ppc patch queue 2020-04-07

An assortment of fixes for qemu-5.0, including a number for the FWNMI
feature which is new this release.

# gpg: Signature made Tue 07 Apr 2020 05:35:10 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-5.0-20200407:
  ppc/pnv: Create BMC devices only when defaults are enabled
  pseries: Update SLOF firmware image
  hw/ppc/ppc440_uc.c: Remove incorrect iothread locking from dcr_write_pcie()
  spapr: Fix failure path for attempting to hot unplug PCI bridges
  ppc/spapr: Don't kill the guest if a recovered FWNMI machine check delivery fails
  ppc/spapr: Add FWNMI machine check delivery warnings
  ppc/spapr: Improve FWNMI machine check delivery corner case comments
  ppc/spapr: KVM FWNMI should not be enabled until guest requests it
  vfio/spapr: Fix page size calculation
  hw/ppc/e500.c: Handle qemu_find_file() failure

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 11:19:31 +01:00
BALATON Zoltan
ac2071c379 ati-vga: Fix checks in ati_2d_blt() to avoid crash
In some corner cases (that never happen during normal operation but a
malicious guest could program wrong values) pixman functions were
called with parameters that result in a crash. Fix this and add more
checks to disallow such cases.

Reported-by: Ziming Zhang <ezrakiez@gmail.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 20200406204029.19559747D5D@zero.eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-04-07 09:25:23 +02:00
Cédric Le Goater
25f3170b06 ppc/pnv: Create BMC devices only when defaults are enabled
Commit e2392d4395 ("ppc/pnv: Create BMC devices at machine init")
introduced default BMC devices which can be a problem when the same
devices are defined on the command line with :

  -device ipmi-bmc-sim,id=bmc0 -device isa-ipmi-bt,bmc=bmc0,irq=10

QEMU fails with :

  qemu-system-ppc64: error creating device tree: node: FDT_ERR_EXISTS

Use defaults_enabled() when creating the default BMC devices to let
the user provide its own BMC devices using '-nodefaults'. If no BMC
device are provided, output a warning but let QEMU run as this is a
supported configuration. However, when multiple BMC devices are
defined, stop QEMU with a clear error as the results are unexpected.

Fixes: e2392d4395 ("ppc/pnv: Create BMC devices at machine init")
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200404153655.166834-1-clg@kaod.org>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:11 +10:00
Alexey Kardashevskiy
a872e4328b pseries: Update SLOF firmware image
This is a single regression fix for for 5.0:

Greg Kurz (1):
      slof: Only close stdout for virtio-serial devices

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:11 +10:00
Peter Maydell
2025fc6766 hw/ppc/ppc440_uc.c: Remove incorrect iothread locking from dcr_write_pcie()
In dcr_write_pcie() we take the iothread lock around a call to
pcie_host_mmcfg_udpate().  This is an incorrect attempt to deal with
the bug fixed in commit 235352ee6e, where we were not taking
the iothread lock before calling device dcr read/write functions.
(It's not sufficient locking, because although the other cases in the
switch statement won't assert, there is no locking which prevents
multiple guest CPUs from trying to access the PPC460EXPCIEState
struct at the same time and corrupting data.)

Unfortunately with commit 235352ee6e we are now trying
to recursively take the iothread lock, which will assert:

  $ qemu-system-ppc -M sam460ex --display none
  **
  ERROR:/home/petmay01/linaro/qemu-from-laptop/qemu/cpus.c:1830:qemu_mutex_lock_iothread_impl: assertion failed: (!qemu_mutex_iothread_locked())
  Aborted (core dumped)

Remove the locking within dcr_write_pcie().

Fixes: 235352ee6e
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200330125228.24994-1-peter.maydell@linaro.org>
Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:11 +10:00
David Gibson
7aab589976 spapr: Fix failure path for attempting to hot unplug PCI bridges
For various technical reasons we can't currently allow unplug a PCI to PCI
bridge on the pseries machine.  spapr_pci_unplug_request() correctly
generates an error message if that's attempted.

But.. if the given errp is not error_abort or error_fatal, it doesn't
actually stop trying to unplug the bridge anyway.

Fixes: 14e714900f "spapr: Allow hot plug/unplug of PCI bridges and devices under PCI bridges"
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
2020-04-07 08:55:11 +10:00
Nicholas Piggin
4f7a11f93f ppc/spapr: Don't kill the guest if a recovered FWNMI machine check delivery fails
Try to be tolerant of FWNMI delivery errors if the machine check had been
recovered by the host.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-5-npiggin@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
[dwg: Updated comment at Greg's suggestion]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Nicholas Piggin
b90b9ecb12 ppc/spapr: Add FWNMI machine check delivery warnings
Add some messages which explain problems and guest misbehaviour that
may be difficult to diagnose in rare cases of machine checks.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-4-npiggin@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Nicholas Piggin
6c3dd24c05 ppc/spapr: Improve FWNMI machine check delivery corner case comments
Some of the conditions are not as clearly documented as they could be.
Also the non-FWNMI case does not need a large comment.

Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-3-npiggin@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Nicholas Piggin
ec010c0066 ppc/spapr: KVM FWNMI should not be enabled until guest requests it
The KVM FWNMI capability should be enabled with the "ibm,nmi-register"
rtas call. Although MCEs from KVM will be delivered as architected
interrupts to the guest before "ibm,nmi-register" is called, KVM has
different behaviour depending on whether the guest has enabled FWNMI
(it attempts to do more recovery on behalf of a non-FWNMI guest).

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-2-npiggin@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Alexey Kardashevskiy
79178edd2a vfio/spapr: Fix page size calculation
Coverity detected an issue (CID 1421903) with potential call of clz64(0)
which returns 64 which make it do "<<" with a negative number.

This checks the mask and avoids undefined behaviour.

In practice pgsizes and memory_region_iommu_get_min_page_size() always
have some common page sizes and even if they did not, the resulting page
size would be 0x8000.0000.0000.0000 (gcc 9.2) and
ioctl(VFIO_IOMMU_SPAPR_TCE_CREATE) would fail anyway.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20200324063912.25063-1-aik@ozlabs.ru>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Peter Maydell
3b4f50bd7d hw/ppc/e500.c: Handle qemu_find_file() failure
If qemu_find_file() doesn't find the BIOS it returns NULL; we were
passing that unchecked through to load_elf(), which assumes a non-NULL
pointer and may misbehave. In practice it fails with a weird message:

  $ qemu-system-ppc -M ppce500 -display none -kernel nonesuch
  Bad address
  qemu-system-ppc: could not load firmware '(null)'

Handle the failure case better:

  $ qemu-system-ppc -M ppce500 -display none -kernel nonesuch
  qemu-system-ppc: could not find firmware/kernel file 'nonesuch'

Spotted by Coverity (CID 1238954).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200324121216.23899-1-peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00