Commit Graph

55378 Commits

Author SHA1 Message Date
Stefan Hajnoczi
17d0bc01bf virtio-blk: handle blk_getlength() errors
If blk_getlength() fails in virtio_blk_update_config() consider the disk
image length to be 0 bytes.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 20170808122251.29815-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-08-10 14:33:43 +01:00
Kevin Wolf
ce317e8dea IDE: test flush on empty CDROM
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20170809160212.29976-3-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-08-10 14:33:43 +01:00
Stefan Hajnoczi
4da97120d5 IDE: Do not flush empty CDROM drives
The block backend changed in a way that flushing empty CDROM drives now
crashes.  Amend IDE to avoid doing so until the root problem can be
addressed for 2.11.

Original patch by John Snow <jsnow@redhat.com>.

Reported-by: Kieron Shorrock <kshorrock@paloaltonetworks.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20170809160212.29976-2-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-08-10 14:33:43 +01:00
Greg Kurz
4751fd5328 9pfs: local: fix fchmodat_nofollow() limitations
This function has to ensure it doesn't follow a symlink that could be used
to escape the virtfs directory. This could be easily achieved if fchmodat()
on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but
it doesn't. There was a tentative to implement a new fchmodat2() syscall
with the correct semantics:

https://patchwork.kernel.org/patch/9596301/

but it didn't gain much momentum. Also it was suggested to look at an O_PATH
based solution in the first place.

The current implementation covers most use-cases, but it notably fails if:
- the target path has access rights equal to 0000 (openat() returns EPERM),
  => once you've done chmod(0000) on a file, you can never chmod() again
- the target path is UNIX domain socket (openat() returns ENXIO)
  => bind() of UNIX domain sockets fails if the file is on 9pfs

The solution is to use O_PATH: openat() now succeeds in both cases, and we
can ensure the path isn't a symlink with fstat(). The associated entry in
"/proc/self/fd" can hence be safely passed to the regular chmod() syscall.

The previous behavior is kept for older systems that don't have O_PATH.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Zhi Yong Wu <zhiyong.wu@ucloud.cn>
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-08-10 14:36:11 +02:00
Peter Maydell
b38df311c1 ppc patch queue 2017-08-09
This series contains a number of bugfixes for ppc and related
 machines, for the qemu-2.10.release.  Some are true regressions,
 others are serious enough and non-invasive enough to fix that it's
 worth putting in 2.10 this late.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAlmKrEUACgkQbDjKyiDZ
 s5IkMQ/+NGW30/N3siqDh3R7JUL9jpT7N4XRuYrGlWcJFh25NscEVw6M6iPJtkDZ
 qS7/OZDlfnELj/9Js8kcTYdzI+X3X9WSnftiZalJ0KYiE6sPDiWRa4bo9jiT+0OU
 MkIY1pVTpzrJnZl0XSlN/n+senjdBQWg/djmatX8+LPTz75lOlkujxo6LEDOtyv5
 RSx9jME4J/HZ0WQyoY8dOAORBQQHxtJel5RBfd+BloTfslA+VREJEOi8d+Xkc9oz
 H4UPEMp/Kb4fpBB7XsaACUC3HRs7kikG/eS6tOtwKor9jwpp2v/BP733jMHsebzw
 RiyJVnVVk8kfyC7DBsra3XhjBtDlQPbq/quL/O3qMcdc8EslkVECMBUbb2tWsnYD
 /H1H1sjdvDJV9nVs9Wbqmi/N/SE6gvubK35wBpWQ0U0ZDGcbSdmwXkbdjFT1plUg
 z5+oZWYmOP0ndsKrv4+rmeqbMszEBQv4EBSZJ1LswGdC7+7Ga95VmN+f6ZUFq2en
 OlSlgPAvXn0PkEYgn/CVIr+Oq6lR5SNRtvDkLNpa+IkQzBoGXCgIeiuyR6ZaswH5
 FywK+QaiVKqtwgF0Zb3JWf6L5fyKdOE6fTZvyL93esXVCBSfkMIvCeACDLInczUl
 xgZCryyBpdVT/mxz4M06QI43H8nb0WIbY6UeV2WuXIN4dJlSJqE=
 =43aW
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.10-20170809' into staging

ppc patch queue 2017-08-09

This series contains a number of bugfixes for ppc and related
machines, for the qemu-2.10.release.  Some are true regressions,
others are serious enough and non-invasive enough to fix that it's
worth putting in 2.10 this late.

# gpg: Signature made Wed 09 Aug 2017 07:31:33 BST
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.10-20170809:
  spapr: Fix bug in h_signal_sys_reset()
  spapr_drc: abort if object_property_add_child() fails
  target/ppc: Add stub implementation of the PSSCR
  target/ppc: Implement TIDR
  ppc: fix double-free in cpu_post_load()
  booke206: fix MAS update on tlb miss

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-10 11:12:36 +01:00
Peter Maydell
8a6be122e4 pc, vhost: fixes for rc3
Fix up bugs and warnings in tests. Revert an experimental commit that I
 put in by mistake: harmless but useless.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJZimQFAAoJECgfDbjSjVRp+lQIAKAb7hAJFDnnE9qeRE2fbuQ6
 7l1CkBD4i8r/KWsQ4dqpOlaMquQIfnzu2GXbg52tJdQQqajYuFVDSZx+1EO+OOEP
 ZUSCTbWJW1VWNeCNt2nmy5gfI8+f40uijpg2NBjMl5//t+EG9dXR29gH7+X+UWii
 TuJ7bT8njNbYWPCAOyWbDPP3Y2PHZMsbEDqoSbIlt+X/Hk/3fvynBGH1VpS4swlx
 VoUqTXqd070m5IciENio8ygwDLOjr6hrtsmuiPL1vq7YzKZhylQt2/IywaqOK6M5
 7AKWnm9E8v6zyizQSx1jPmRlcwf4VJ5gvw7fTboCMEEpwqu4WkQafObwSH857Ao=
 =8ZKa
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc, vhost: fixes for rc3

Fix up bugs and warnings in tests. Revert an experimental commit that I
put in by mistake: harmless but useless.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Wed 09 Aug 2017 02:23:17 BST
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  libqtest: always set up signal handler for SIGABRT
  libvhost-user: quit when no more data received
  net: fix -netdev socket,fd= for UDP sockets
  Revert "cpu: add APIs to allocate/free CPU environment"
  acpi-test: update expected DSDT files

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-10 10:05:29 +01:00
Sam Bobroff
f57467e3b3 spapr: Fix bug in h_signal_sys_reset()
The unicast case in h_signal_sys_reset() seems to be broken:
rather than selecting the target CPU, it looks like it will pick
either the first CPU or fail to find one at all.

Fix it by using the search function rather than open coding the
search.

This was found by inspection; the code appears to be unused because
the Linux kernel only uses the broadcast target.

Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-08-09 14:04:28 +10:00
Greg Kurz
325837ca38 spapr_drc: abort if object_property_add_child() fails
object_property_add_child() can only fail in two cases:
- the child already has a parent, which shouldn't happen since the DRC was
  allocated a few lines above
- the parent already has a child with the same name, which would mean the
  caller tries to create a DRC that already exists

In both case, this is a QEMU bug and we should abort.

Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-08-09 11:46:44 +10:00
David Gibson
b8af5b2d5f target/ppc: Add stub implementation of the PSSCR
The PSSCR register added in POWER9 controls certain power saving mode
behaviours.  Mostly, it's not relevant to TCG, however because qemu
doesn't know about it yet, it doesn't synchronize the state with KVM,
and thus it doesn't get migrated.

To fix that, this adds a minimal stub implementation of the register.
This isn't complete, even to the extent that an implementation is
possible in TCG, just enough to get migration working.  We need to
come back later and at least properly filter the various fields in the
register based on privilege level.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
2017-08-09 11:46:44 +10:00
David Gibson
650f3287ab target/ppc: Implement TIDR
This adds a trivial implementation of the TIDR register added in
POWER9.  This isn't particularly important to qemu directly - it's
used by accelerator modules that we don't emulate.

However, since qemu isn't aware of it, its state is not synchronized
with KVM and therefore not migrated, which can be a problem.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
2017-08-09 11:46:44 +10:00
Greg Kurz
e7bab9a256 ppc: fix double-free in cpu_post_load()
When running nested with KVM PR, ppc_set_compat() fails and QEMU crashes
because of "double free or corruption (!prev)". The crash happens because
error_report_err() has already called error_free().

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-08-09 11:46:44 +10:00
KONRAD Frederic
89fca22f21 booke206: fix MAS update on tlb miss
When a tlb instruction miss happen, rw is set to 0 at the bottom
of cpu_ppc_handle_mmu_fault which cause the MAS update function to miss
the SAS and TS bit in MAS6, MAS1 in booke206_update_mas_tlb_miss.

Just calling booke206_update_mas_tlb_miss with rw = 2 solve the issue.

Signed-off-by: KONRAD Frederic <frederic.konrad@adacore.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-08-09 11:46:44 +10:00
Jens Freimann
24dd1e1769 libqtest: always set up signal handler for SIGABRT
Currently abort handlers only work for the first test function
in a testcase, because the list of abort handlers is not properly
cleared when qtest_quit() is called.

qtest_quit() only deletes the kill_qemu_hook but doesn't completely
clear the abrt_hooks list.  The effect is that abrt_hooks.is_setup is
never set to false and in a following test the abrt_hooks list is not
initialized and setup_sigabrt_handler() is not called.

One way to solve this is to clear the list in qtest_quit(), but
that means only asserts between qtest_start and qtest_quit will
be catched by the abort handler.

We can make abort handlers work in all cases if we always setup the
signal handler for SIGABRT in qtest_init.

Signed-off-by: Jens Freimann <jfreimann@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-09 04:22:14 +03:00
Jens Freimann
2566378d6d libvhost-user: quit when no more data received
End processing of messages when VHOST_USER_NONE
is received.

Without this we run into a vubr_panic() call and get
"PANIC: Unhandled request: 0"

Signed-off-by: Jens Freimann <jfreiman@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-09 04:22:13 +03:00
Jens Freimann
0f8c289ad5 net: fix -netdev socket,fd= for UDP sockets
This patch fixes -netdev socket,fd= for UDP sockets
Currently -netdev socket,fd=<...> results in

  qemu: error: specified mcastaddr "127.0.0.1" (0x7f000001) does not
    contain a multicast address
  qemu-system-x86_64: -netdev
    socket,id=n1,fd=3: Device 'socket' could not be initialized

To fix these we need to allow specifying multicast and fd arguments
for the same netdev. With this the user can specify "-netdev
fd=3,mcast=<IP:port>"

Cc: Jason Wang <jasowang@redhat.com>
Fixes: 3d830459b1
Signed-off-by: Jens Freimann <jfreimann@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-09 04:22:13 +03:00
Michael S. Tsirkin
cde0a63ad7 Revert "cpu: add APIs to allocate/free CPU environment"
This reverts commit e2a7f28693.

This was not supposed to go upstream yet. Reverting.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-09 04:22:13 +03:00
Michael S. Tsirkin
114e0af84e acpi-test: update expected DSDT files
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-09 04:22:13 +03:00
Peter Maydell
54affb3a36 Update version for v2.10.0-rc2 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-08 19:07:46 +01:00
Peter Maydell
e42590c22a * --help/--version improvements (Eric)
* GCC 7 workaround (Greg)
 * Small SCSI fix (Hannes)
 * SSE 4.1 fix (Joseph)
 * RCU deadlock fix (myself)
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAlmJ2LgUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroPMLgf/Zvj+1yP94YejCWma5jay8/kbWqNx
 25AVurgleLsuhFATpZixyURauVkyGi1RCCldq0EZR2bXMDmwTk76VTt2Kh7/xh5I
 GZIT44tRKwItpihfN600xGHFH00C9pu4dg5zSZvj1nuwlowEgmx7hni2uG4DdKaM
 PSGckkXq4IaIAh49Pggc/Mucj9S5ZbgFvEUK4KcB75+U5x0UXpQRh/dY7gOfIrw/
 Alufbu48UOFNIW9k8AcMRucin0HawHyWhaGbn3cgyfdVTNO2t9mhFyAIYcPbF/6L
 7LLXp1Ujngfdfcq4b4pLaFAkFkGOjHwXEtgEi/Z+mphXfORlf7haOphdOA==
 =v1PK
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* --help/--version improvements (Eric)
* GCC 7 workaround (Greg)
* Small SCSI fix (Hannes)
* SSE 4.1 fix (Joseph)
* RCU deadlock fix (myself)

# gpg: Signature made Tue 08 Aug 2017 16:28:56 BST
# gpg:                using RSA key 0xBFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  maint: Include bug-reporting info in --help output
  qga: Give more --version information
  qemu-io: Give more --version information
  qemu-img: Sort sub-command names in --help
  target/i386: set rip_offset for some SSE4.1 instructions
  scsi: clarify sense codes for LUN0 emulation
  kvm: workaround build break on gcc-7.1.1 / fedora26
  Revert "rcu: do not create thread in pthread_atfork callback"
  rcu: completely disable pthread_atfork callbacks as soon as possible

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-08 16:32:54 +01:00
Eric Blake
f5048cb751 maint: Include bug-reporting info in --help output
These days, many programs are including a bug-reporting address,
or better yet, a link to the project web site, at the tail of
their --help output.  However, we were not very consistent at
doing so: only qemu-nbd and qemu-qa mentioned anything, with the
latter pointing to an individual person instead of the project.

Add a new #define that sets up a uniform string, mentioning both
bug reporting instructions and overall project details, and which
a downstream vendor could tweak if they want bugs to go to a
downstream database.  Then use it in all of our binaries which
have --help output.

The canned text intentionally references http:// instead of https://
because our https website currently causes certificate errors in
some browsers.  That can be tweaked later once we have resolved the
web site issued.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20170803163353.19558-5-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 17:28:53 +02:00
Eric Blake
8f1c29af01 qga: Give more --version information
Include the package version information (useful for detecting
builds from git or downstream backports), and the copyright notice.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <20170803163353.19558-4-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 17:28:53 +02:00
Eric Blake
4face32a7a qemu-io: Give more --version information
Include the package version information (useful for detecting
builds from git or downstream backports), and the copyright notice.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20170803163353.19558-3-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 17:28:53 +02:00
Eric Blake
57b2d9d4a7 qemu-img: Sort sub-command names in --help
'amend' and 'create' were not listed alphabetically; hoist them
earlier.  Separate the @end table block to make it easier to
copy-and-paste the addition of future sub-commands.

Signed-off-by: Eric Blake <eblake@redhat.com>

Message-Id: <20170803163353.19558-2-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 17:28:53 +02:00
Peter Maydell
53b080fa83 Block layer patches for 2.10.0-rc2
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJZicL/AAoJEH8JsnLIjy/WnRYP/AhJ+3RuyemPn1rTRVbz6AtS
 3nWmNJTCrbbmxP9dfM50C30q1OjT9114AibC0qz4cm6LGRA7O82kWT0KcWHOM443
 ljnuxXfJ3S0FGC0sJXG4jdzkOEIWBnIsfYqkVih4KPzsARUTlBZjtANjyyvRMFmT
 hgqUKrKl+WwE0Ys248xSuE8bCE5TmSkvKV14ezq/FpjZMmJVpsQXFhkUfH8ZjX48
 USCDG8MAOFFJsPojl9ONOFn9dc3hX2GLwOJe7fSLe19ppnA7FiTPLy0ySpLMpQA6
 Ipu+PmHtfVBmHX6g6a0XXput7gGNJ1aURNRQuWiLtOlo4uoybwMRf7teKe8ob5+n
 S2PmhKOFXVMK+pbARZJ8IPAWcHo6dcMqEJXN5xvJLcKiN2WM5A4rx1/liSDIbQ9p
 +TrFhzZlLmMy/6xMJdv63uwKbWcdS18R4q9tzU5Y+/BTG/+LsKgpkwscnqeEvEEv
 i5+0QjdJZQajCuF4PTE2dEzw2WesPHdUFcYMtYAm9QKGG07kwJOoncJ+ghuriyrw
 JzvcoSbkug8a7M+18zoDTszWyXqHl3ObODVUCiLQFe0Tzu+SxYy0cDrH/QMNi7cI
 EcfbLDfCNOaNU27ctsGiey6idB2qHwWpZ0N+XnTb2TRIBRX6WAefVdxF0aTJPQdh
 +vwWHW7+gd1QwEgCQpvP
 =swst
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches for 2.10.0-rc2

# gpg: Signature made Tue 08 Aug 2017 14:56:15 BST
# gpg:                using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  block/nfs: fix mutex assertion in nfs_file_close()
  qemu-iotests: Test reopen between read-only and read-write
  qemu-io: Allow reopen read-write
  block: Set BDRV_O_ALLOW_RDWR during rw reopen
  block: Allow reopen rw without BDRV_O_ALLOW_RDWR
  block: Fix order in bdrv_replace_child()
  parallels: drop check that bdrv_truncate() is working
  parallels: respect error code of bdrv_getlength() in allocate_clusters()
  block: respect error code from bdrv_getlength in handle_aiocb_write_zeroes
  vmdk: Fix error handling/reporting of vmdk_check
  block/null: Remove 'filename' option
  block: drop bdrv_set_key from BlockDriver
  block/vhdx: check error return of bdrv_truncate()
  block/vhdx: check error return of bdrv_flush()
  block/vhdx: check for offset overflow to bdrv_truncate()
  block/vhdx: check error return of bdrv_getlength()
  quorum: Set sectors-count to 0 when reporting a flush error
  qemu-iotests/109: Fix lock race condition

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-08 15:23:21 +01:00
Jeff Cody
113fe792fd block/nfs: fix mutex assertion in nfs_file_close()
Commit c096358e74 introduced assertion
checks for when qemu_mutex() functions are called without the
corresponding qemu_mutex_init() having initialized the mutex.

This uncovered a latent bug in qemu's nfs driver - in
nfs_client_close(), the NFSClient structure is overwritten with zeros,
prior to the mutex being destroyed.

Go ahead and destroy the mutex in nfs_client_close(), and change where
we call qemu_mutex_init() so that it is correctly balanced.

There are also a couple of memory leaks obscured by the memset, so this
fixes those as well.

Finally, we should be able to get rid of the memset(), as it isn't
necessary.

Cc: qemu-stable@nongnu.org
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 15:19:16 +02:00
Kevin Wolf
ea22b7a220 qemu-iotests: Test reopen between read-only and read-write
This serves as a regression test for the bugs that were just fixed for
bdrv_reopen() between read-only and read-write mode.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
2017-08-08 15:19:16 +02:00
Kevin Wolf
ea92203c66 qemu-io: Allow reopen read-write
This allows qemu-iotests to test the switch between read-only and
read-write mode for block devices.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
2017-08-08 15:19:16 +02:00
Kevin Wolf
fd4520212b block: Set BDRV_O_ALLOW_RDWR during rw reopen
Reopening an image should be consistent with opening it, so we should
set BDRV_O_ALLOW_RDWR for any image that is reopened read-write like in
bdrv_open_inherit().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
2017-08-08 15:19:16 +02:00
Kevin Wolf
54a32bfec1 block: Allow reopen rw without BDRV_O_ALLOW_RDWR
BDRV_O_ALLOW_RDWR is a flag that tells whether qemu can internally
reopen a node read-write temporarily because the user requested
read-write for the top-level image, but qemu decided that read-only is
enough for this node (a backing file).

bdrv_reopen() is different, it is also used for cases where the user
changed their mind and wants to update the options. There is no reason
to forbid making a node read-write in that case.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
2017-08-08 15:19:16 +02:00
Kevin Wolf
8aecf1d1bd block: Fix order in bdrv_replace_child()
Commit 8ee03995 refactored the code incorrectly and broke the release of
permissions on the old BDS. Instead of changing the permissions to the
new required values after removing the old BDS from the list of
children, it only re-obtains the permissions it already had.

Change the order of operations so that the old BDS is removed again
before calculating the new required permissions.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
2017-08-08 15:19:16 +02:00
Denis V. Lunev
e5e6268348 parallels: drop check that bdrv_truncate() is working
This would be actually strange and error prone. If truncate() nowadays
will fail, there is something fatally wrong. Let's check for that during
the actual work.

The only fallback case is when the file is not zero initialized. In this
case we should switch to preallocation via fallocate().

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Markus Armbruster <armbru@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Max Reitz <mreitz@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 15:19:16 +02:00
Denis V. Lunev
d8b83e37c3 parallels: respect error code of bdrv_getlength() in allocate_clusters()
If we can not get the file length, the state of BDS is broken completely.
Return error to the caller.

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Markus Armbruster <armbru@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Max Reitz <mreitz@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2017-08-08 15:19:16 +02:00
Denis V. Lunev
70d9110b44 block: respect error code from bdrv_getlength in handle_aiocb_write_zeroes
Original idea beyond the code in question was the following: we have failed
to write zeroes with fallocate(FALLOC_FL_ZERO_RANGE) as the simplest
approach and via fallocate(FALLOC_FL_PUNCH_HOLE)/fallocate(0). We have the
only chance now: if the request comes beyond end of the file. Thus we
should calculate file length and respect the error code from that op.

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Markus Armbruster <armbru@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Max Reitz <mreitz@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2017-08-08 15:19:16 +02:00
Fam Zheng
0e51b9b7c7 vmdk: Fix error handling/reporting of vmdk_check
Errors from the callees must be captured and propagated to our caller,
ensure this for both find_extent() and bdrv_getlength().

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 15:19:16 +02:00
Kevin Wolf
809eb70ed6 block/null: Remove 'filename' option
This option was only added to allow 'null-co://' and 'null-aio://' as
filenames, its value never served any actual purpose and was ignored.
Nevertheless it was accepted as '-drive driver=null,filename=foo'.

The correct way to enable the protocol prefixes (and that without adding
a useless -drive option) is implementing .bdrv_parse_filename. This is
what this patch does.

Technically, this is an incompatible change, but the null block driver
is only used for benchmarking, testing and debugging, and an option
without effect isn't likely to be used by anyone anyway, so no bad
effects are to be expected.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-08-08 15:19:16 +02:00
Paolo Bonzini
82346685b8 block: drop bdrv_set_key from BlockDriver
This is not used anymore since c01c214b69 ("block: remove all encryption
handling APIs", 2017-07-11).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 14:37:00 +02:00
Jeff Cody
95d729835f block/vhdx: check error return of bdrv_truncate()
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 14:37:00 +02:00
Jeff Cody
c6572fa0d2 block/vhdx: check error return of bdrv_flush()
Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 14:37:00 +02:00
Jeff Cody
27539ac531 block/vhdx: check for offset overflow to bdrv_truncate()
VHDX uses uint64_t types for most offsets, following the VHDX spec.
However, bdrv_truncate() takes an int64_t value for the truncating
offset.  Check for overflow before calling bdrv_truncate().

While we are here, replace the bit shifting with QEMU_ALIGN_UP as well.

N.B.: For a compliant image this is not an issue, as the maximum VHDX
image size is defined per the spec to be 64TB.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 14:37:00 +02:00
Jeff Cody
3f910692c2 block/vhdx: check error return of bdrv_getlength()
Calls to bdrv_getlength() were not checking for error.  In vhdx.c, this
can lead to truncating an image file, so it is a definite bug.  In
vhdx-log.c, the path for improper behavior is less clear, but it is best
to check in any case.

Some minor code movement of the log_guid intialization, as well.

Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 14:37:00 +02:00
Alberto Garcia
795be0621a quorum: Set sectors-count to 0 when reporting a flush error
The QUORUM_REPORT_BAD event has fields to report the sector in which
the error was detected and the number of affected sectors starting
from that one. This is important for read and write errors, but not
for flush errors.

For flush errors the current code reports the total size of the disk
image. That is however not useful information in this case. Moreover,
the bdrv_getlength() call can fail, and there's no good way of
handling that failure.

Since we're reporting useless information and we cannot even guarantee
to do it in a consistent way, this patch changes the code to report 0
instead in all cases.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 14:37:00 +02:00
Cleber Rosa
53dd4015ac qemu-iotests/109: Fix lock race condition
A race condition is currently present between the clean up attempt of
the QEMU process and the execution of qemu-img.  The actual (bad)
output is:

 -Warning: Image size mismatch!
 -Images are identical.
 +qemu-img: Could not open '<build_dir>/tests/qemu-iotests/scratch/t.raw': Failed to get "consistent read" lock
 +Is another process using the image?

A KILL signal is sent to the QEMU process, but qemu-img may begin to
run before the QEMU process is really gone.  qemu-img will then
attempt to open the TEST_IMG file before it can secure a lock on it.

This attempts a more graceful shutdown, and waits for the QEMU process
to exit.

Signed-off-by: Cleber Rosa <crosa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 14:36:59 +02:00
Peter Maydell
b4174c4b08 virtio: fix for rc2
It turns out there's a way to setup SHPC on Q35: just put
 a PCI to PCI bridge behind a DMI to PCI one. Our _OSC is
 thus incorrect.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJZiN4IAAoJECgfDbjSjVRp6+gH/21G0tjqatydSjrosT+ZZH02
 KnEBAVD8S01naiZjqYOKdlScBYaTeMWlaoAN2zRQYedpD9H2otseOV1Hjqw7wlcf
 5gxbnivK79nhBe1fXxrWe3wJt41nR3N9045S9OAn6g0wjLOEI0M91+wSu1aP+pGN
 X8V3uCBagJeggFdfpVi7IyaT2D/bTB2H1avIKwkzE68bqfEyD2d/AxV84ugXL5II
 V3xndpBC1S2rnYKAs1Glg1mwP4CiWItKPZ+duiqiFeJ+Co2/NbZudCwU/hxS2tei
 lflh3L979wTn3AJFm2FVnecpXVGLkf43QKRATLqN+K4xvwMA+mXPSIXZyjalB4w=
 =mIAB
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio: fix for rc2

It turns out there's a way to setup SHPC on Q35: just put
a PCI to PCI bridge behind a DMI to PCI one. Our _OSC is
thus incorrect.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 07 Aug 2017 22:39:20 BST
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  cpu: add APIs to allocate/free CPU environment
  hw/i386: allow SHPC for Q35 machine

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-08 10:01:49 +01:00
Joseph Myers
ab6ab3e997 target/i386: set rip_offset for some SSE4.1 instructions
When emulating various SSE4.1 instructions such as pinsrd, the address
of a memory operand is computed without allowing for the 8-bit
immediate operand located after the memory operand, meaning that the
memory operand uses the wrong address in the case where it is
rip-relative.  This patch adds the required rip_offset setting for
those instructions, so fixing some GCC test failures (13 in the gcc
testsuite in my GCC 6-based testing) when testing with a default CPU
setting enabling those instructions.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>

Message-Id: <alpine.DEB.2.20.1708080041391.28702@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 10:40:20 +02:00
Hannes Reinecke
ded6ddc5a7 scsi: clarify sense codes for LUN0 emulation
The LUN0 emulation is just that, an emulation for a non-existing
LUN0. So we should be returning LUN_NOT_SUPPORTED for any request
coming from any other LUN.
And we should be aborting unhandled commands with INVALID OPCODE,
not LUN NOT SUPPORTED.

Signed-off-by: Hannes Reinecke <hare@suse.com>
Message-Id: <1501835795-92331-4-git-send-email-hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 10:40:20 +02:00
Greg Kurz
1b7ac7cab6 kvm: workaround build break on gcc-7.1.1 / fedora26
Building QEMU on fedora26 with the latest gcc package fails:

  CC      ppc64-softmmu/target/ppc/kvm.o
In file included from include/sysemu/hw_accel.h:16:0,
                 from target/ppc/kvm.c:31:
target/ppc/kvm.c: In function ‘kvmppc_booke_watchdog_enable’:
include/sysemu/kvm.h:449:35: error: ‘args_tmp[i]’ may be used uninitialized
 in this function [-Werror=maybe-uninitialized]
             cap.args[i] = args_tmp[i];                               \
                                   ^
target/ppc/kvm.c: In function ‘kvmppc_set_papr’:
include/sysemu/kvm.h:449:35: error: ‘args_tmp[i]’ may be used uninitialized
 in this function [-Werror=maybe-uninitialized]
cc1: all warnings being treated as errors

$ rpm -q gcc
gcc-7.1.1-3.fc26.ppc64le

The compiler should obviously optimize this code away when no extra
agument is passed to kvm_vm_enable_cap() and kvm_vcpu_enable_cap(),
but it doesn't. This bug should be fixed one day in gcc, but we can
also change our code pattern so that we don't hit the issue anymore.
We workaround this, by using memcpy() instead of open-coding the copy.

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <150210580404.1343.7325713896658799315.stgit@bahia.lan>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 10:40:20 +02:00
Paolo Bonzini
2a96a552f9 Revert "rcu: do not create thread in pthread_atfork callback"
This reverts commit a59629fcc6.
This is not needed anymore because the IOThread mutex is not
"magic" anymore (need not kick the CPU thread)and also because
fork callbacks are only enabled at the very beginning of
QEMU's execution.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 10:40:19 +02:00
Paolo Bonzini
73c6e4013b rcu: completely disable pthread_atfork callbacks as soon as possible
Because of -daemonize, system mode QEMU sometimes needs to fork() and
keep RCU enabled in the child.  However, there is a possible deadlock
with synchronize_rcu:

- the CPU thread is inside a RCU critical section and wants to take
  the BQL in order to do MMIO

- the monitor thread, which is owning the BQL, calls rcu_init_lock
  which tries to take the rcu_sync_lock

- the call_rcu thread has taken rcu_sync_lock in synchronize_rcu, but
  synchronize_rcu needs the CPU thread to end the critical section
  before returning.

This cannot happen for user-mode emulation, because it does not have
a BQL.

To fix it, assume that system mode QEMU only forks in preparation for
exec (except when daemonizing) and disable pthread_atfork as soon as
the double fork has happened.

Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 10:40:09 +02:00
Michael S. Tsirkin
e2a7f28693 cpu: add APIs to allocate/free CPU environment
These will be implemented and then used by follow-up patches.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-08 00:31:09 +03:00
Aleksandr Bezzubikov
a41c78c135 hw/i386: allow SHPC for Q35 machine
Unmask previously masked SHPC feature in _OSC method.

Signed-off-by: Aleksandr Bezzubikov <zuban32s@gmail.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-08 00:31:09 +03:00