Commit Graph

81720 Commits

Author SHA1 Message Date
Vladimir Sementsov-Ogievskiy
67c095c8b8 block/io: fix bdrv_co_block_status_above
bdrv_co_block_status_above has several design problems with handling
short backing files:

1. With want_zeros=true, it may return ret with BDRV_BLOCK_ZERO but
without BDRV_BLOCK_ALLOCATED flag, when actually short backing file
which produces these after-EOF zeros is inside requested backing
sequence.

2. With want_zero=false, it may return pnum=0 prior to actual EOF,
because of EOF of short backing file.

Fix these things, making logic about short backing files clearer.

With fixed bdrv_block_status_above we also have to improve is_zero in
qcow2 code, otherwise iotest 154 will fail, because with this patch we
stop to merge zeros of different types (produced by fully unallocated
in the whole backing chain regions vs produced by short backing files).

Note also, that this patch leaves for another day the general problem
around block-status: misuse of BDRV_BLOCK_ALLOCATED as is-fs-allocated
vs go-to-backing.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20200924194003.22080-2-vsementsov@virtuozzo.com
[Fix s/comes/come/ as suggested by Eric Blake
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
d9b495f9c6 block/export: add vhost-user-blk multi-queue support
Allow the number of queues to be configured using --export
vhost-user-blk,num-queues=N. This setting should match the QEMU --device
vhost-user-blk-pci,num-queues=N setting but QEMU vhost-user-blk.c lowers
its own value if the vhost-user-blk backend offers fewer queues than
QEMU.

The vhost-user-blk-server.c code is already capable of multi-queue. All
virtqueue processing runs in the same AioContext. No new locking is
needed.

Add the num-queues=N option and set the VIRTIO_BLK_F_MQ feature bit.
Note that the feature bit only announces the presence of the num_queues
configuration space field. It does not promise that there is more than 1
virtqueue, so we can set it unconditionally.

I tested multi-queue by running a random read fio test with numjobs=4 on
an -smp 4 guest. After the benchmark finished the guest /proc/interrupts
file showed activity on all 4 virtio-blk MSI-X. The /sys/block/vda/mq/
directory shows that Linux blk-mq has 4 queues configured.

An automated test is included in the next commit.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20201001144604.559733-2-stefanha@redhat.com
[Fixed accidental tab characters as suggested by Markus Armbruster
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
f51d23c80a block/export: add iothread and fixed-iothread options
Make it possible to specify the iothread where the export will run. By
default the block node can be moved to other AioContexts later and the
export will follow. The fixed-iothread option forces strict behavior
that prevents changing AioContext while the export is active. See the
QAPI docs for details.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200929125516.186715-5-stefanha@redhat.com
[Fix stray '#' character in block-export.json and add missing "(since:
5.2)" as suggested by Eric Blake.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
cbc20bfb8f block: move block exports to libblockdev
Block exports are used by softmmu, qemu-storage-daemon, and qemu-nbd.
They are not used by other programs and are not otherwise needed in
libblock.

Undo the recent move of blockdev-nbd.c from blockdev_ss into block_ss.
Since bdrv_close_all() (libblock) calls blk_exp_close_all()
(libblockdev) a stub function is required..

Make qemu-nbd.c use signal handling utility functions instead of
duplicating the code. This helps because os-posix.c is in libblockdev
and it depends on a qemu_system_killed() symbol that qemu-nbd.c lacks.
Once we use the signal handling utility functions we also end up
providing the necessary symbol.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20200929125516.186715-4-stefanha@redhat.com
[Fixed s/ndb/nbd/ typo in commit description as suggested by Eric Blake
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
4fb9071f65 qemu-storage-daemon: avoid compiling blockdev_ss twice
Introduce libblkdev.fa to avoid recompiling blockdev_ss twice.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200929125516.186715-3-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
3a213f83d9 util/vhost-user-server: use static library in meson.build
Don't compile contrib/libvhost-user/libvhost-user.c again. Instead build
the static library once and then reuse it throughout QEMU.

Also switch from CONFIG_LINUX to CONFIG_VHOST_USER, which is what the
vhost-user tools (vhost-user-gpu, etc) do.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-14-stefanha@redhat.com
[Added CONFIG_LINUX again because libvhost-user doesn't build on macOS.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
80a06cc52b util/vhost-user-server: move header to include/
Headers used by other subsystems are located in include/. Also add the
vhost-user-server and vhost-user-blk-server headers to MAINTAINERS.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-13-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
90fc91d50b block/export: convert vhost-user-blk server to block export API
Use the new QAPI block exports API instead of defining our own QOM
objects.

This is a large change because the lifecycle of VuBlockDev needs to
follow BlockExportDriver. QOM properties are replaced by QAPI options
objects.

VuBlockDev is renamed VuBlkExport and contains a BlockExport field.
Several fields can be dropped since BlockExport already has equivalents.

The file names and meson build integration will be adjusted in a future
patch. libvhost-user should probably be built as a static library that
is linked into QEMU instead of as a .c file that results in duplicate
compilation.

The new command-line syntax is:

  $ qemu-storage-daemon \
      --blockdev file,node-name=drive0,filename=test.img \
      --export vhost-user-blk,node-name=drive0,id=export0,unix-socket=/tmp/vhost-user-blk.sock

Note that unix-socket is optional because we may wish to accept chardevs
too in the future.

Markus noted that supported address families are not explicit in the
QAPI schema. It is unlikely that support for more address families will
be added since file descriptor passing is required and few address
families support it. If a new address family needs to be added, then the
QAPI 'features' syntax can be used to advertize them.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20200924151549.913737-12-stefanha@redhat.com
[Skip test on big-endian host architectures because this device doesn't
support them yet (as already mentioned in a code comment).
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
0534b1b227 block/export: report flush errors
Propagate the flush return value since errors are possible.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-11-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
7185c85776 util/vhost-user-server: rework vu_client_trip() coroutine lifecycle
The vu_client_trip() coroutine is leaked during AioContext switching. It
is also unsafe to destroy the vu_dev in panic_cb() since its callers
still access it in some cases.

Rework the lifecycle to solve these safety issues.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-10-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
edaf6205a3 util/vhost-user-server: check EOF when reading payload
Unexpected EOF is an error that must be reported.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-9-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
8c7f7cbca0 util/vhost-user-server: fix memory leak in vu_message_read()
fds[] is leaked when qio_channel_readv_full() fails.

Use vmsg->fds[] instead of keeping a local fds[] array. Then we can
reuse goto fail to clean up fds. vmsg->fd_num must be zeroed before the
loop to make this safe.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-8-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
47ba680466 util/vhost-user-server: drop unused DevicePanicNotifier
The device panic notifier callback is not used. Drop it.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-7-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
df6af7ce77 block/export: consolidate request structs into VuBlockReq
Only one struct is needed per request. Drop req_data and the separate
VuBlockReq instance. Instead let vu_queue_pop() allocate everything at
once.

This fixes the req_data memory leak in vu_block_virtio_process_req().

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-6-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
dad4f19431 util/vhost-user-server: drop unnecessary watch deletion
Explicitly deleting watches is not necessary since libvhost-user calls
remove_watch() during vu_deinit(). Add an assertion to check this
though.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-5-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
46a096c87a util/vhost-user-server: drop unnecessary QOM cast
We already have access to the value with the correct type (ioc and sioc
are the same QIOChannel).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-4-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Stefan Hajnoczi
1d7874568b util/vhost-user-server: s/fileds/fields/ typo fix
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200924151549.913737-3-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Coiby Xu
8675a37681 MAINTAINERS: Add vhost-user block device backend server maintainer
Suggested-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20200918080912.321299-8-coiby.xu@gmail.com
[Removed reference to vhost-user-blk-test.c, it will be sent in a
separate pull request.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Coiby Xu
3578389bcf block/export: vhost-user block device backend server
By making use of libvhost-user, block device drive can be shared to
the connected vhost-user client. Only one client can connect to the
server one time.

Since vhost-user-server needs a block drive to be created first, delay
the creation of this object.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20200918080912.321299-6-coiby.xu@gmail.com
[Shorten "vhost_user_blk_server" string to "vhost_user_blk" to avoid the
following compiler warning:
../block/export/vhost-user-blk-server.c:178:50: error: ‘%s’ directive output truncated writing 21 bytes into a region of size 20 [-Werror=format-truncation=]
and fix "Invalid size %ld ..." ssize_t format string arguments for
32-bit hosts.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Coiby Xu
5937835ac4 block: move logical block size check function to a common utility function
Move the constants from hw/core/qdev-properties.c to
util/block-helpers.h so that knowledge of the min/max values is

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 20200918080912.321299-5-coiby.xu@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Coiby Xu
70eb2c079c util/vhost-user-server: generic vhost user server
Sharing QEMU devices via vhost-user protocol.

Only one vhost-user client can connect to the server one time.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20200918080912.321299-4-coiby.xu@gmail.com
[Fixed size_t %lu -> %zu format string compiler error.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Coiby Xu
f1baeee9ff libvhost-user: remove watch for kick_fd when de-initialize vu-dev
When the client is running in gdb and quit command is run in gdb,
QEMU will still dispatch the event which will cause segment fault in
the callback function.

Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20200918080912.321299-3-coiby.xu@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Coiby Xu
049f55502a libvhost-user: Allow vu_message_read to be replaced
Allow vu_message_read to be replaced by one which will make use of the
QIOChannel functions. Thus reading vhost-user message won't stall the
guest. For slave channel, we still use the default vu_message_read.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200918080912.321299-2-coiby.xu@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Philippe Mathieu-Daudé
f25e7ab2b0 block/nvme: Add driver statistics for access alignment and hw errors
Keep statistics of some hardware errors, and number of
aligned/unaligned I/O accesses.

QMP example booting a full RHEL 8.3 aarch64 guest:

{ "execute": "query-blockstats" }
{
    "return": [
        {
            "device": "",
            "node-name": "drive0",
            "stats": {
                "flush_total_time_ns": 6026948,
                "wr_highest_offset": 3383991230464,
                "wr_total_time_ns": 807450995,
                "failed_wr_operations": 0,
                "failed_rd_operations": 0,
                "wr_merged": 3,
                "wr_bytes": 50133504,
                "failed_unmap_operations": 0,
                "failed_flush_operations": 0,
                "account_invalid": false,
                "rd_total_time_ns": 1846979900,
                "flush_operations": 130,
                "wr_operations": 659,
                "rd_merged": 1192,
                "rd_bytes": 218244096,
                "account_failed": false,
                "idle_time_ns": 2678641497,
                "rd_operations": 7406,
            },
            "driver-specific": {
                "driver": "nvme",
                "completion-errors": 0,
                "unaligned-accesses": 2959,
                "aligned-accesses": 4477
            },
            "qdev": "/machine/peripheral-anon/device[0]/virtio-backend"
        }
    ]
}

Suggested-by: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20201001162939.1567915-1-philmd@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-10-23 13:42:16 +01:00
Peter Maydell
4c5b97bfd0 modules: build spice and opengl as module.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJfkRSjAAoJEEy22O7T6HE4w4UP/RHNNgRzPWB7kJaiCDGrqGVK
 FSMqUKTkzieIEvW7baVaY19KY2z5HB9Mtna6Ogl6BXdMbmwwaxdMtzHc9RySlLyP
 iUA9iFqDjYbbFtanFEQjv/181Dr/Ib3AgW4muQi/BysvAu9GmFQuRlK07w3KR+QR
 0HXYmrKqpnQxrM0s3h9XwT2VKRYEk8X3fcsQypTyiuqqFXFveIwoFl0XtcU8kq8K
 D+BI/nRZRr+wQG2fW0JjRPRxiUPSAUJgMRqJhPdZ+55enfaxCUTThpw9UVRa8vsr
 g7SY6vadGbqyxq45kyc56p7oc5gxeUbTXklrJqz4blBhl/AnAZyjVMOhBqz3+Sgl
 DORyjrz+M4Wyb/nzlh0HsuZYJmHH3tNgFEruPbyPT4LTpFZ8yUuThNUTl8r6r5aE
 mJkRW9U1xeSrsdiw7vJv+gfxC4J37EMry0OdcL6fcixZSEXaDT/9E+MMhz9UOAC1
 cGTg7fBN4sc/6oifqURz3vMJF1NcSocqPg0rvbkOCAzlf5TzRD07A6lgzLclemyi
 XpKp0qbfE9esLAj5/FPZHkOSGKApo3WzdtExrc8aGIRqE3y1FNUG0hY9RTHEi2po
 vWUEmneTo08Ly+t/COBikOUCGwZAZDIr9v7dxZBBmcmvqRrhbzHAr+JM1y0Unfy1
 /3dNMlA2qsjbezkDzO1U
 =5tJo
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/modules-20201022-pull-request' into staging

modules: build spice and opengl as module.

# gpg: Signature made Thu 22 Oct 2020 06:12:03 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/modules-20201022-pull-request:
  opengl: build opengl helper code modular
  opengl: build egl-headless display modular
  spice: flip modules switch
  modules: add spice dependencies
  modules: dependencies infrastructure
  spice: load module when enabled on the cmdline
  spice: wire up monitor in QemuSpiceOps.
  spice: move display_add_client() to QemuSpiceOps.
  spice: move auth functions to QemuSpiceOps.
  spice: move add_interface() to QemuSpiceOps.
  spice: move display_init() to QemuSpiceOps.
  spice: move qemu_spice_init() to QemuSpiceOps.
  spice: add QemuSpiceOps, move migrate_info
  spice: add module helpers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-22 12:33:21 +01:00
Peter Maydell
eec4682e99 SD/MMC patches
Fix two heap-overflow reported by Alexander Bulekov while fuzzing:
 - https://bugs.launchpad.net/qemu/+bug/1892960
 - https://bugs.launchpad.net/qemu/+bug/1895310
 
 CI jobs results:
 . https://cirrus-ci.com/build/6399328187056128
 . https://gitlab.com/philmd/qemu/-/pipelines/205701966
 . https://travis-ci.org/github/philmd/qemu/builds/737708930
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAl+QcNQACgkQ4+MsLN6t
 wN5Bng/8C2xAFjxnXGbyDq3KKNX6+ag82pZc1+wI4PiYvjCNwQ3BL3FMU6Itu/xE
 8bqI5UMlVQGJ0npS8YL4AYdU1wuyk5kb30oXubj+uKreMLd7gVgZSi6rM0C3xDu1
 6atNYZK3BDbIdbKKoSx9cOAGnvsI0/gjei+OcmPRzyqQff7RLrOdIW0OaGqrKkjc
 ovvtV2gWxTo16HSe2pji4lfw6WkE4H8EshU1YA5ZgIhyQ6HvVz9qLd9QC3zyu9pl
 GfeHqEj9BQCnwGTpISewJVCAWdEQyygQxdbTpSEMYyN9A52WB3+Ne/AFESfoDYU4
 dc3lefUEjim+EiddB2cGtMjXER8m0Xrl3Z9raRLj5Mrb9bVx+gso1/0L9utQLCy6
 eVOGwSFZQ0Va64ng3z5w0tliLEB61B3nDNsIQSU2WLjQxGUVwli6YhHaGXbW9F39
 hU0yuqch2cHpUtlvZREymsTkV1cTr1NXmyXN/fzIiDyi8GQZ54AP16eVW/jrj1Bn
 Rf1Q0ywe0zb/+bFK/oq6tN9zIoV1/DaJlKQSjmDFdIUBqaSxcUrj53yUHsno/slh
 U7cj2ItvlpOljpUrKgV4bVbP7UWsOPC9RX9j5YbkwpHevyWdk/XNlzxoEJAe8Zj1
 3AdWsCtnxFdgLLEF3Y2tOENbVUI6Axo7If1oz83X0N782YZMbW8=
 =9A05
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/sd-next-20201021' into staging

SD/MMC patches

Fix two heap-overflow reported by Alexander Bulekov while fuzzing:
- https://bugs.launchpad.net/qemu/+bug/1892960
- https://bugs.launchpad.net/qemu/+bug/1895310

CI jobs results:
. https://cirrus-ci.com/build/6399328187056128
. https://gitlab.com/philmd/qemu/-/pipelines/205701966
. https://travis-ci.org/github/philmd/qemu/builds/737708930

# gpg: Signature made Wed 21 Oct 2020 18:33:08 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/sd-next-20201021:
  hw/sd/sdcard: Assert if accessing an illegal group
  hw/sd/sdcard: Do not attempt to erase out of range addresses
  hw/sd/sdcard: Reset both start/end addresses on error
  hw/sd/sdcard: Do not use legal address '0' for INVALID_ADDRESS
  hw/sd/sdcard: Introduce the INVALID_ADDRESS definition
  hw/sd/sdcard: Add trace event for ERASE command (CMD38)
  hw/sd/sdhci: Yield if interrupt delivered during multiple transfer
  hw/sd/sdhci: Let sdhci_update_irq() return if IRQ was delivered
  hw/sd/sdhci: Resume pending DMA transfers on MMIO accesses
  hw/sd/sdhci: Stop multiple transfers when block count is cleared
  hw/sd/sdhci: Fix DMA Transfer Block Size field
  hw/sd/sdhci: Document the datasheet used
  hw/sd/sdhci: Fix qemu_log_mask() format string

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-22 11:13:25 +01:00
Peter Maydell
02aa56c4bc microvm: fix PCIe IRQs in APIC table.
microvm: add usb support.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJfkEogAAoJEEy22O7T6HE4yBMP/1csWFbfJ6JWbqiLoH/ltMn5
 ojgGfcP6ErGNtNP6kBO/FupCzc26ejRDJuvYLmlJ6+Jkga/zCAXjdLyXrSMRbtKK
 Nk8KwYSo82ApK45yJuVKZonUoGV6l9sIMyipkctlUXFMrvVaPh0MtnLIFckxtkCJ
 npAUnakkke5fP5Bsluw/N+fApAKQlPyqSBlPoPgsjNQ3ODisCitaH6Fx5sGuNJnV
 RSCAynkVkJ+vRT5iEojR6nNEn3vei8KHzL7vGxSdVd6ypjUc16ARpaPyXs2+opdP
 jqtGArrLn8V94rOPnGBwpV5P5soUch/tllCZtzbBZDaFr3bCHo0kNytxufoZ7yzM
 3z+wLgEHm3ZVRhraKE/Ed0Fz99tHm13zBWM3HctNtaY1tP7/4MnjMXRYArLQFFIt
 SoG7hSOPQJ/9JgtMPLRwjne2kHqYWwQ7wrROmnTWvx7RlfsD5JhUqMPocBnEb4pq
 kl5r6ajtZ9D67IZYKtv1JxKBdOXy7VmoEQMsZPwIxuMb5EN4N+RBqdMXs9lzzNEG
 mNCDzW5jDUlVG3YWu1Zxbs8j0+Mvlk7yD5zj368DvZZIgAMR0OxlcNbLVEFMpu8u
 pndpELjb/A/zHZloJyMXfCz19ahKxQeKjF1n4H5Ja6PvC8olALzhIy0ikOA66At0
 2I7Qs8bfGahjOdz4HSnJ
 =LkZR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/microvm-20201021-pull-request' into staging

microvm: fix PCIe IRQs in APIC table.
microvm: add usb support.

# gpg: Signature made Wed 21 Oct 2020 15:48:00 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/microvm-20201021-pull-request:
  tests/acpi: update expected data files
  tests/acpi: add microvm rtc test
  tests/acpi: add microvm usb test
  tests/acpi: add empty tests/data/acpi/microvm/DSDT.{usb, rtc} files
  tests/acpi: allow updates for expected data files
  microvm: add usb support
  usb/xhci: fixup xhci kconfig deps
  usb/xhci: add xhci_sysbus_build_aml() helper
  usb/xhci: add include/hw/usb/xhci.h header file
  acpi: add aml builder stubs
  tests/acpi: disallow changes for microvm/APIC.pcie
  tests/acpi: update expected data files
  apci: drop has_pci arg for acpi_build_madt
  microvm: set pci_irq_mask
  x86: make pci irqs runtime configurable
  tests/acpi: add empty microvm/APIC.pcie
  tests/acpi: allow changes for microvm/APIC.pcie

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-21 21:45:46 +01:00
Peter Maydell
e06c687fdf QAPI patches patches for 2020-10-21
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAl+PpJUSHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTkT8P/iGv6mzciCEsEL1LrYIrHXCpUDeQyXoZ
 i+pXisOaUNXQzwb9HIcUzy95srWQjORVMCzanRkS/LIm7XziAAWJDKFQrNXK6S/6
 8DNkzymOQaswRRGpEEX7KqgJFWCwhy+RqGlWXAtVVQLPMIfMIkCnx/vOtEGrvItt
 USzWwXkOnqy+cd4yNYi7V3oidE8uHbaVFopXs1MQCiGJ49uUMBibdFt/KGC0tTwQ
 q/1hJOJyCQrAjzBh6cNwych+5QdOwhRMEVp8Lqly87hEyaTBJvXKdnf4LuFRWcaF
 PIh265CPqxsETc/rR7S2LWmFmsXj6ruPUwIPIWKQKjqTDaqseOCOcHvLI7I+5ccT
 i4La+tWmH6U/8VuyGfplYZ2CphA51bkBlIGZVWsXw/eGc2md9p19fUMyLM65WfBW
 /Oi98O+ZveqOvZbfOtEN4Sanxx5VJ9aCMOyr97GjER2W1Q2BkZjKz67qpFws1amX
 +pgS7GaMyN3vcy9CMQ3aCZx8LNJMTyBIzBsWYKtDJbaDzaMvAcsIPgSQVSDGkpy3
 d1dph7tgOLaamvVCn44J/R/DefrTZHK19NY3OG8BUm7lxBeWAaj+GeeCHlDDoF73
 q0CpcMeUdPGGFcS1XE0AlpRq95J+M/Cs+p080TYM4RUEzJumoKZwvJLurH2jhh4o
 9X3GzMMZ6cpu
 =fsLv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-10-21' into staging

QAPI patches patches for 2020-10-21

# gpg: Signature made Wed 21 Oct 2020 04:01:41 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2020-10-21:
  qapi: Restrict Xen migration commands to migration.json
  qapi: Restrict 'query-kvm' command to machine code
  qapi: Restrict '(p)memsave' command to machine code
  qapi: Restrict 'system wakeup/reset/powerdown' commands to machine.json
  qapi: Restrict 'inject-nmi' command to machine code

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-21 16:56:35 +01:00
Gerd Hoffmann
c8263659f1 opengl: build opengl helper code modular
Removes opengl dependency from core qemu.  The number of shared
libraries for qemu-system-x86_64 goes down from 66 to 60 on my system.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-15-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
39d41e855b opengl: build egl-headless display modular
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-14-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
cbe5fa1178 spice: flip modules switch
Build spice core code as module.  This removes libspice-server and a
handful of indirect dependencies from core qemu.  The number of shared
libraries for qemu-system-x86_64 goes down from 73 to 66 on my system.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-13-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
4e6515143a modules: add spice dependencies
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-12-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
6f13fa7a98 modules: dependencies infrastructure
Allow modules depending on other modules.

module_load_file() gets the option to export symbols (by not adding the
G_MODULE_BIND_LOCAL flag).

module_load_one() will check the module dependency list to figure (a)
whenever are other modules must be loaded first, or (b) the module
should export the symbols.

The dependencies are specificed as static list in the source code for
now as I expect the list will stay small.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-11-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
9ed345a14e spice: load module when enabled on the cmdline
In case the spice opts are not registered, try loading the spice module.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-10-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
db5732c9cf spice: wire up monitor in QemuSpiceOps.
Rename qmp_query_spice() to qmp_query_spice_real(), add to QemuSpiceOps.

Add new qmp_query_spice() function which calls the real function via
QemuSpiceOps if available, otherwise return SpiceInfo.enabled = false.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-9-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
864a024c69 spice: move display_add_client() to QemuSpiceOps.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-8-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
08ad262643 spice: move auth functions to QemuSpiceOps.
Move qemu_spice_set_passwd() and qemu_spice_set_pw_expire() functions to
QemuSpiceOps.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-7-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
05b53636d0 spice: move add_interface() to QemuSpiceOps.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-6-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
b192cd1e4f spice: move display_init() to QemuSpiceOps.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-5-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
63be30e6d5 spice: move qemu_spice_init() to QemuSpiceOps.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-4-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
7477477ca7 spice: add QemuSpiceOps, move migrate_info
Add QemuSpiceOps struct.  This struct holds function pointers to the
spice functions.  It will be initialized with pointers to the stub
functions.  When spice gets initialized the function pointers will
be re-written to the real functions.

The spice stubs will move from qemu-spice.h to spice-module.c for that,
because they will be needed for both "CONFIG_SPICE=n" and "CONFIG_SPICE=y
but spice module not loaded" cases.

This patch adds the infrastructure and starts with moving
qemu_spice_migrate_info() to QemuSpiceOps.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-3-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Gerd Hoffmann
2e31e210a8 spice: add module helpers
Add new spice-module.c + qemu-spice-module.h files.  The code needed to
support modular spice will be there.  For starters this will be only the
using_spice variable, more will follow ...

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20201019075224.14803-2-kraxel@redhat.com
2020-10-21 15:46:14 +02:00
Philippe Mathieu-Daudé
84816fb63e hw/sd/sdcard: Assert if accessing an illegal group
We can not have more group than 'wpgrps_size'.
Assert if we are accessing a group above this limit.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-7-f4bug@amsat.org>
2020-10-21 13:34:27 +02:00
Philippe Mathieu-Daudé
1bd6fd8ed5 hw/sd/sdcard: Do not attempt to erase out of range addresses
While the Spec v3 is not very clear, v6 states:

  If the host provides an out of range address as an argument
  to CMD32 or CMD33, the card shall indicate OUT_OF_RANGE error
  in R1 (ERX) for CMD38.

If an address is out of range, do not attempt to erase it:
return R1 with the error bit set.

Buglink: https://bugs.launchpad.net/qemu/+bug/1895310
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-6-f4bug@amsat.org>
2020-10-21 13:34:04 +02:00
Philippe Mathieu-Daudé
c8c8b3f1c1 hw/sd/sdcard: Reset both start/end addresses on error
From the Spec "4.3.5 Erase":

  The host should adhere to the following command
  sequence: ERASE_WR_BLK_START, ERASE_WR_BLK_END and
  ERASE (CMD38).

  If an erase (CMD38) or address setting (CMD32, 33)
  command is received out of sequence, the card shall
  set the ERASE_SEQ_ERROR bit in the status register
  and reset the whole sequence.

Reset both addresses if the ERASE command occured
out of sequence (one of the start/end address is
not set).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-5-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
7dae0a1dd1 hw/sd/sdcard: Do not use legal address '0' for INVALID_ADDRESS
As it is legal to WRITE/ERASE the address/block 0,
change the value of this definition to an illegal
address: UINT32_MAX.

Unfortunately this break the migration stream, so
bump the VMState version number. This affects some
ARM boards and the SDHCI_PCI device (which is only
used for testing).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-4-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
872b8fde6c hw/sd/sdcard: Introduce the INVALID_ADDRESS definition
'0' is used as a value to indicate an invalid (or unset)
address. Use a definition instead of a magic value.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-3-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
aafe6c5836 hw/sd/sdcard: Add trace event for ERASE command (CMD38)
Trace addresses provided to the ERASE command.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201015063824.212980-2-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
9321c1f2d0 hw/sd/sdhci: Yield if interrupt delivered during multiple transfer
The Descriptor Table has a bit to allow the DMA to generates
Interrupt when the operation of the descriptor line is completed
(see "1.13.4. Descriptor Table" of 'SD Host Controller Simplified
Specification Version 2.00').

If we have pending interrupt and the descriptor requires it
to be generated as soon as it is completed, reschedule pending
transfers and yield to the CPU.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200903172806.489710-5-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00
Philippe Mathieu-Daudé
2bd9ae7e30 hw/sd/sdhci: Let sdhci_update_irq() return if IRQ was delivered
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200903172806.489710-4-f4bug@amsat.org>
2020-10-21 13:19:02 +02:00