Commit Graph

76602 Commits

Author SHA1 Message Date
Richard Henderson
2f311075b7 softfloat: Fix BAD_SHIFT from normalizeFloatx80Subnormal
All other calls to normalize*Subnormal detect zero input before
the call -- this is the only outlier.  This case can happen with
+0.0 + +0.0 = +0.0 or -0.0 + -0.0 = -0.0, so return a zero of
the correct sign.

Reported-by: Coverity (CID 1421991)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200327232042.10008-1-richard.henderson@linaro.org>
Message-Id: <20200403191150.863-8-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Denis Plotnikov
076b2fadb5 gdbstub: fix compiler complaining
./gdbstub.c: In function ‘handle_query_thread_extra’:
        /usr/include/glib-2.0/glib/glib-autocleanups.h:28:10:
    error: ‘cpu_name’ may be used uninitialized in this function
    [-Werror=maybe-uninitialized]
        g_free (*pp);
               ^
    ./gdbstub.c:2063:26: note: ‘cpu_name’ was declared here
        g_autofree char *cpu_name;
                         ^
    cc1: all warnings being treated as errors

Signed-off-by: Denis Plotnikov <dplotnikov@virtuozzo.com>
Message-Id: <20200326151407.25046-1-dplotnikov@virtuozzo.com>
Reported-by: Euler Robot <euler.robot@huawei.com>
Reported-by: Chen Qun <kuhn.chenqun@huawei.com>
Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-Id: <20200325092137.24020-1-kuhn.chenqun@huawei.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200403191150.863-7-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
1f089c6705 target/xtensa: add FIXME for translation memory leak
Dynamically allocating a new structure within the DisasContext can
potentially leak as we can longjmp out of the translation loop (see
test_phys_mem). The proper fix would be to use static allocation
within the DisasContext but as the Xtensa translator imports it's code
from elsewhere I leave that as an exercise for the maintainer.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Message-Id: <20200403191150.863-6-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
b859040dc4 linux-user: more debug for init_guest_space
Searching for memory space can cause problems so lets extend the
CPU_LOG_PAGE output so you can watch init_guest_space fail to
allocate memory. A more involved fix is actually required to make this
function play nicely with the large guard pages the sanitiser likes to
use.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200403191150.863-5-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
af7fc47f2c tests/tcg: remove extraneous pasting macros
We are not using them and they just get in the way.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200403191150.863-4-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
bbf5f2a1aa linux-user: protect fcntl64 with an #ifdef
Checking TARGET_ABI_BITS is sketchy - we should check for the presence
of the define to be sure. Also clean up the white space while we are
there.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200403191150.863-3-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Alex Bennée
040425f849 elf-ops: bail out if we have no function symbols
It's perfectly possible to have no function symbols in your elf file
and if we do the undefined behaviour sanitizer rightly complains about
us passing NULL to qsort. Check nsyms before we go ahead.

While we are at it lets drop the unchecked return value and cleanup
the fail leg by use of g_autoptr.

Another fix was proposed 101 weeks ago in:
Message-Id: 20180421232120.22208-1-f4bug@amsat.org

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200403191150.863-2-alex.bennee@linaro.org>
2020-04-07 16:19:49 +01:00
Philippe Mathieu-Daudé
20a4f14f6e .github: Enable repo-lockdown bot to refuse GitHub pull requests
Some GitHub users try to open pull requests against the GitHub
mirror. Unfortunate these get ignored until eventually someone
notices and closes the request.

Enable the 'Repo Lockdown' [*] 3rd party bot which can autorespond
to pull requests with a friendly comment, close the request, and
then lock it to prevent further comments.

[*] https://github.com/dessant/repo-lockdown

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-Id: <20200406214125.18538-1-f4bug@amsat.org>
[AJB: s/fill/file/ and point at canonical qemu.org/contribute]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2020-04-07 16:19:18 +01:00
Anthony PERARD
758af9cfab MAINTAINERS: Add xen-usb.c to Xen section
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Paul Durrant <paul@xen.org>
Message-Id: <20200406165043.1447837-1-anthony.perard@citrix.com>
2020-04-07 16:13:26 +01:00
Anthony PERARD
0cd40042c5 xen-block: Fix uninitialized variable
Since 7f5d9b206d ("object-add: don't create return value if
failed"), qmp_object_add() don't write any value in 'ret_data', thus
has random data. Then qobject_unref() fails and abort().

Fix by initialising 'ret_data' properly.

Fixes: 5f07c4d60d ("qapi: Flatten object-add")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200406164207.1446817-1-anthony.perard@citrix.com>
2020-04-07 16:13:26 +01:00
Peter Maydell
1aef27c93d hw/usb/xen-usb.c: Pass struct usbback_req* to usbback_packet_complete()
The function usbback_packet_complete() currently takes a USBPacket*,
which must be a pointer to the packet field within a struct
usbback_req; the function uses container_of() to get the struct
usbback_req* given the USBPacket*.

This is unnecessarily confusing (and in particular it confuses the
Coverity Scan analysis, resulting in the false positive CID 1421919
where it thinks that we write off the end of the structure). Since
both callsites already have the pointer to the struct usbback_req,
just pass that in directly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20200323164318.26567-1-peter.maydell@linaro.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2020-04-07 16:13:26 +01:00
Peter Maydell
3f0fb07379 QAPI patches for 2020-04-07
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAl6MZ2oSHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTBTMP/28dQKp+4vbdW98TWg4MoxCkLviWmMLF
 qt8a6zK1WSoKgciUfCLWvGGW6lOmagOiLq+WGt+k23P9Wu5s0ax0tvm7p7Q8m7sx
 NMHh6MIPxCLcNh1zPQ8B2+tJSOOQtXfaZo6W4gfaJ+lgz/NtHPzjcs+tLvDhOofb
 QGH2dUBRmA2gh0kIO0fNfYWEL0/ckQA67bHnHWU714k+U8LWux7yJMK8z3gVjEIs
 Tk6eURF/vaNZrQmOOuqrMc8AIO6l3tgJG7Zcv+4Sv8tJUEiaiASiokEEmEs1bj63
 izt8pAF0EvfMoL/ZFODChTfJDsPuDQad5WApfqzLTE3zBWUEetIQjPZJwxMrv8uQ
 zLjEQxTMGTGkONrFASkSZqlRw6+mWOsE71KJwo/FEfHH2G2lzVnZRzdHhhSMB8+4
 F6dzHRd66oFWz/t2hwGIXc2ng1xqtc/llBC4HZBxBOUQ0iba6LP0clpBHUJ75UDB
 JClxFI6P6xztqSGejp2FsEy2FMUw67TnvRLGPS/t/NfcdsfNfEO1rL1M10RlThoa
 Nl131Opx50cT4jhMtOQS5wySQ8whtYHQQkMCfHc+QYXwmaAiRSvJrl227ywJcX3g
 AnSpCu8VeeKJKwhzLSA3UhROjbuk4NsR/NGERDe1iwtYV9X33/zdO/sGpdmX25rc
 G88DH3NWrzPR
 =BaVo
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-04-07' into staging

QAPI patches for 2020-04-07

# gpg: Signature made Tue 07 Apr 2020 12:43:38 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2020-04-07:
  json: Fix check for unbalanced right curly brace

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 16:05:07 +01:00
Peter Maydell
8f0d25c464 Acceptance tests patches
- Fixed EXEC migration
 - Reduce PReP/40p artifacts download failures,
 - Disable Leon3 HelenOS
 - Speed up Travis-CI job by using a specific cache bucket
 
 CI jobs results:
   https://gitlab.com/philmd/qemu/pipelines/133379305
   https://travis-ci.org/github/philmd/qemu/builds/671762970
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAl6MWAUACgkQ4+MsLN6t
 wN7UEg/9F+2INbIY24MAYhPldO5PZWJp2Eqdt5p0pR6yd4WzTMbRcRezYZZtQ9EP
 V4tsLACWnJAyeXPk0zgr+8gYHTD/m/sZCPU0Zg8v6O98H/XJmQOpRaofKScMdtc8
 QdMPFCtDVlkyWiVQ6BQOwWatYGsr/CIm6AEDNn+TtULLrqnRD1hdajKzQIELZTlO
 AdKThN4ewiDc2MPVSxqHt3z/1pCVSS53g59eSgWKsLvIEoY3UVigmDl2hITd6m8f
 zwCSzDtvDcC4ReKwMPc6OUC3kglp14WuiIgTiuUvb1Rok22A+u0QKqnJxK+aJTZ+
 ZnorEWJg3aEITJue0/biX5is3ieSRMMcNZD8FNxzZCEmwuPCDMlBu2mTQPF7+RwT
 qHZBL+e8ixT5274024ojZQ5fgH6QSSR3NdZ8EBzhQlxOFWpWarey9cQGwFk6Pgal
 mL+GoVHrlN3xt+AxDJaVwBWisSnxsy+ueGANbZ+4uvZxyeLSXCESV6bAEeU9REh4
 fvFmZL2LzV738Z86iwChwy80YkPNNau6BiSIuXn5uUUpjV9dR6u6y1k/oMAuZqvm
 67lbv3uaE6OlYd3JuV9VvaNAbV2BpLab8RCXcAhD2KLfSROJsPzCtGRRE2hGIWoG
 xlMlf/dIbF9p89vZSjmDcDWoKlVsJQUFDfTmqKnU7bABNCv9fRo=
 =YUaj
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/acceptance-fixes-20200407' into staging

Acceptance tests patches

- Fixed EXEC migration
- Reduce PReP/40p artifacts download failures,
- Disable Leon3 HelenOS
- Speed up Travis-CI job by using a specific cache bucket

CI jobs results:
  https://gitlab.com/philmd/qemu/pipelines/133379305
  https://travis-ci.org/github/philmd/qemu/builds/671762970

# gpg: Signature made Tue 07 Apr 2020 11:37:57 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/acceptance-fixes-20200407:
  .travis.yml: Cache acceptance-test assets
  tests/acceptance/machine_sparc_leon3: Disable HelenOS test
  tests/acceptance/ppc_prep_40p: Use mirror for ftp.software.ibm.com
  tests/acceptance/ppc_prep_40p: Use cdn.netbsd.org hostname
  Acceptance test: Fix to EXEC migration

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 15:10:11 +01:00
Kevin Wolf
3f6de653b9 vpc: Don't round up already aligned BAT sizes
As reported on Launchpad, Azure apparently doesn't accept images for
upload that are not both aligned to 1 MB blocks and have a BAT size that
matches the image size exactly.

As far as I can tell, there is no real reason why we create a BAT that
is one entry longer than necessary for aligned image sizes, so change
that.

(Even though the condition is only mentioned as "should" in the spec and
previous products accepted larger BATs - but we'll try to maintain
compatibility with as many of Microsoft's ever-changing interpretations
of the VHD spec as possible.)

Fixes: https://bugs.launchpad.net/bugs/1870098
Reported-by: Tobias Witek
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200402093603.2369-1-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:42:08 +02:00
Kevin Wolf
7f16476fab block: Fix blk->in_flight during blk_wait_while_drained()
Waiting in blk_wait_while_drained() while blk->in_flight is increased
for the current request is wrong because it will cause the drain
operation to deadlock.

This patch makes sure that blk_wait_while_drained() is called with
blk->in_flight increased exactly once for the current request, and that
it temporarily decreases the counter while it waits.

Fixes: cf3129323f
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200407121259.21350-4-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:40:57 +02:00
Kevin Wolf
fbb92b6798 block: Increase BB.in_flight for coroutine and sync interfaces
External callers of blk_co_*() and of the synchronous blk_*() functions
don't currently increase the BlockBackend.in_flight counter, but calls
from blk_aio_*() do, so there is an inconsistency whether the counter
has been increased or not.

This patch moves the actual operations to static functions that can
later know they will always be called with in_flight increased exactly
once, even for external callers using the blk_co_*() coroutine
interfaces.

If the public blk_co_*() interface is unused, remove it.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200407121259.21350-3-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:40:41 +02:00
Kevin Wolf
564806c529 block-backend: Reorder flush/pdiscard function definitions
Move all variants of the flush/pdiscard functions to a single place and
put the blk_co_*() version first because it is called by all other
variants (and will become static in the next patch).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200407121259.21350-2-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 15:40:28 +02:00
Peter Maydell
ca74fc1988 fixes for 5.0:
- audio: windows (dsound) fixes.
 - vga: ati blitter sanity check fixes.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJejEYoAAoJEEy22O7T6HE4B8wQAMHEcbyXVnh2hc/0x1wHi6T5
 IlsLkWvTEC0ZsyG5FcCm9XVC3b+WYCOyt4p+Zci9/lCZuYVCQjsKAafy8zb/8gZo
 c+bQny3APdzE+LSO8sByRDCrnwAxEzyzdcqEj8NKXUhTK0fZRCopyi4nWDIfK1b8
 fNWhWvObeTQEqULbPk+NRFPzI49vMijNK/y7CA64X12jddstG6psaeNYxrjzSTVf
 Fk2L9f4rccVAIA2Cl1hmp18QqqFiQeL/Bw8zi/mGaMBE9ip+SyrTP70MY1GavRDF
 tRfwAHu+eVD3i6iiyoGOapQjgelprn83Qrce8gXJ4/ldxHLbeGnfVx90usp77d/9
 cMQygbIGzbOCpZFPZ0C6aCQrEBJ8aqrZdiCK9i6Z3loqh3plVWBpoUpKT6L1FF+U
 igO21JX3Sz/T4i2RVToylx/2LFii0A8uoT7OMqT45+yjFcra4T6LWdgQtntomKlV
 J51VIXjAzWrxQ3SNOZHrgKYq6MYuLRU6zDQW/arglgA3t0t+gco6LG63Jbx3IH+C
 CL2j4TVG5XHXf74hkWbWQlMxz7Os49k1DQojB9QfOk4L6M0IpJxZXFE8v+v/tIjE
 TF/KeM20Wv6rc8TWYx96SO8gCTW6lgysRymSn1tU09uWAx/bAfSxTru2E7VErmMx
 aiPUv6uzVdFJG8yRHX8j
 =AoE+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20200407-pull-request' into staging

fixes for 5.0:
- audio: windows (dsound) fixes.
- vga: ati blitter sanity check fixes.

# gpg: Signature made Tue 07 Apr 2020 10:21:44 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/fixes-20200407-pull-request:
  ati-vga: Fix checks in ati_2d_blt() to avoid crash
  dsoundaudio: dsound_get_buffer_in should honor *size
  dsoundaudio: fix "Could not lock capture buffer" warning
  dsoundaudio: fix never-ending playback loop

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 14:01:49 +01:00
Stefan Reiter
eca0f3524a backup: don't acquire aio_context in backup_clean
All code-paths leading to backup_clean (via job_clean) have the job's
context already acquired. The job's context is guaranteed to be the same
as the one used by backup_top via backup_job_create.

Since the previous logic effectively acquired the lock twice, this
broke cleanup of backups for disks using IO threads, since the BDRV_POLL_WHILE
in bdrv_backup_top_drop -> bdrv_do_drained_begin would only release the lock
once, thus deadlocking with the IO thread.

This is a partial revert of 0abf258171.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200407115651.69472-4-s.reiter@proxmox.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 14:34:47 +02:00
Stefan Reiter
08558e3325 replication: assert we own context before job_cancel_sync
job_cancel_sync requires the job's lock to be held, all other callers
already do this (replication_stop, drive_backup_abort,
blockdev_backup_abort, job_cancel_sync_all, cancel_common).

In this case we're in a BlockDriver handler, so we already have a lock,
just assert that it is the same as the one used for the commit_job.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Message-Id: <20200407115651.69472-3-s.reiter@proxmox.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 14:34:47 +02:00
Stefan Reiter
b660a84bbb job: take each job's lock individually in job_txn_apply
All callers of job_txn_apply hold a single job's lock, but different
jobs within a transaction can have different contexts, thus we need to
lock each one individually before applying the callback function.

Similar to job_completed_txn_abort this also requires releasing the
caller's context before and reacquiring it after to avoid recursive
locks which might break AIO_WAIT_WHILE in the callback. This is safe, since
existing code would already have to take this into account, lest
job_completed_txn_abort might have broken.

This also brings to light a different issue: When a callback function in
job_txn_apply moves it's job to a different AIO context, callers will
try to release the wrong lock (now that we re-acquire the lock
correctly, previously it would just continue with the old lock, leaving
the job unlocked for the rest of the return path). Fix this by not caching
the job's context.

This is only necessary for qmp_block_job_finalize, qmp_job_finalize and
job_exit, since everyone else calls through job_exit.

One test needed adapting, since it calls job_finalize directly, so it
manually needs to acquire the correct context.

Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Message-Id: <20200407115651.69472-2-s.reiter@proxmox.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-04-07 14:34:47 +02:00
Anthony PERARD
36d883ba0d xen-block: Fix double qlist remove and request leak
Commit a31ca6801c ("qemu/queue.h: clear linked list pointers on
remove") revealed that a request was removed twice from a list, once
in xen_block_finish_request() and a second time in
xen_block_release_request() when both function are called from
xen_block_complete_aio(). But also, the `requests_inflight' counter is
decreased twice, and thus became negative.

This is a bug that was introduced in bfd0d63660 ("xen-block: improve
response latency"), where a `finished' list was removed.

That commit also introduced a leak of request in xen_block_do_aio().
That function calls xen_block_finish_request() but the request is
never released after that.

To fix both issue, we do two changes:
- we squash finish_request() and release_request() together as we want
  to remove a request from 'inflight' list to add it to 'freelist'.
- before releasing a request, we need to let the other end know the
  result, thus we should call xen_block_send_response() before
  releasing a request.

The first change fixes the double QLIST_REMOVE() as we remove the extra
call. The second change makes the leak go away because if we want to
call finish_request(), we need to call a function that does all of
finish, send response, and release.

Fixes: bfd0d63660 ("xen-block: improve response latency")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20200406140217.1441858-1-anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
[mreitz: Amended commit message as per Paul's suggestions]
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Max Reitz
25fb2e9c39 iotests/common.pattern: Quote echos
From time to time, my shell decides to repace the bracketed numbers here
by the numbers inside (i.e., "=== Clusters to be compressed [1]" is
printed as "=== Clusters to be compressed 1").  That makes tests that
use common.pattern fail.  Prevent that from happening by quoting the
arguments to all echos in common.pattern.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200403101134.805871-1-mreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Alberto Garcia
fb43d2d46e qcow2: Check request size in qcow2_co_pwritev_compressed_part()
When issuing a compressed write request the number of bytes must be a
multiple of the cluster size or reach the end of the last cluster.

With the current code such requests are allowed and we hit an
assertion:

   $ qemu-img create -f qcow2 img.qcow2 1M
   $ qemu-io -c 'write -c 0 32k' img.qcow2

   qemu-io: block/qcow2.c:4257: qcow2_co_pwritev_compressed_task:
   Assertion `bytes == s->cluster_size || (bytes < s->cluster_size &&
              (offset + bytes == bs->total_sectors << BDRV_SECTOR_BITS))' failed.
   Aborted

This patch fixes a regression introduced in 0d483dce38

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20200406143401.26854-1-berto@igalia.com>
Reviewed-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Eric Blake
39f77cb662 qemu-img: Report convert errors by bytes, not sectors
Various qemu-img commands are inconsistent on whether they report
status/errors in terms of bytes or sector offsets.  The latter is
confusing (especially as more places move to 4k block sizes), so let's
switch everything to just use bytes everywhere.  One iotest is
impacted.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200402135717.476398-1-eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Alberto Garcia
80f5c01183 qcow2: Forbid discard in qcow2 v2 images with backing files
A discard request deallocates the selected clusters so they read back
as zeroes. This is done by clearing the cluster offset field and
setting QCOW_OFLAG_ZERO in the L2 entry.

This flag is however only supported when qcow_version >= 3. In older
images the cluster is simply deallocated, exposing any possible stale
data from the backing file.

Since discard is an advisory operation it's safer to simply forbid it
in this scenario.

Note that we are adding this check to qcow2_co_pdiscard() and not to
qcow2_cluster_discard() or discard_in_l2_slice() because the last
two are also used by qcow2_snapshot_create() to discard the clusters
used by the VM state. In this case there's no risk of exposing stale
data to the guest and we really want that the clusters are always
discarded.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20200331114345.29993-1-berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00
Simran Singhal
1394dc0690 json: Fix check for unbalanced right curly brace
We immediately diagnose unbalanced right curly brace:

    $ qemu-kvm --nodefaults --nographic --qmp stdio
    {"QMP": {"version": {"qemu": {"micro": 91, "minor": 2, "major": 4},
    "package": "v5.0.0-rc1-1-gf6ce4a439a08"}, "capabilities": ["oob"]}}
    }
    {"error": {"class": "GenericError", "desc": "JSON parse error,
    expecting value"}}

except within square bracket:

    [}

The check for unbalanced braces has a typo.  Fix it.

Fixes: 8d3265b3d0
Signed-off-by: Simran Singhal <singhalsimran0@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200402182848.GA3023@simran-Inspiron-5558>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message rewritten to explain what's broken]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-04-07 13:10:11 +02:00
Peter Maydell
c185e22112 ppc patch queue 2020-04-07
An assortment of fixes for qemu-5.0, including a number for the FWNMI
 feature which is new this release.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAl6MAv4ACgkQbDjKyiDZ
 s5LxjhAAuyKEYD0n6U5JL/+4zIe2YPZbzyUJL4ZeTCwcKgPY71bvOO+57/ATHOBU
 7DJ92glrdN1DN5iA6tpI3nTEA6ghDOR3/16UizqC0CdT17a5V4LOhcZ76ZbtPXyM
 ct9bZPEkGvnHsr5UGZ9fcGLeapHYQa6GEww1BI0Ed8Sa6D3yX+mk9x4PTMQKN8+R
 P8GmLUt6CYNxtvv15mILNA5BsFJDpAYKh3WSqYrXD0UF10w0UKI/Ma0hfqevrpiE
 aXF/TQOnEzirQEQ5jAgFy88einu70LuJx5ws96CJJAUPrjhi9vWuuHe4hk03z795
 CFpjWBwB5Kf/bkwkJgzQ2SxOHRnFPaQPCJG1Baf2B+VXdo/6R9Y7tq+ia3qDq4QK
 +O30HVHjzGFerURiTFh5yvaT7nN24BL6L3vSU/njyLpy2hy8Kfa8q4ic2k17DBGn
 ZfD844r+8mFLiSCr+g11iLBYqFRtzqdvCYYJlhdJxQISzQdDHIoobNfWglv9uTD2
 CZ6wPPdw7nGIPdBIxsTmztJREgLVO0oeXa/0yZG//gaQKHhxDeD2iajSd87Z20Cl
 bZ8K/mDE3QSt8KQOtq22whivJIwzUAi6XWcRTnCaCs39rYRoVRo9Ey55KnV1b6gI
 WjkCCzoPrGxrDMyHw9o571QvWWynANCHBzolUR8p9VU0abBugI4=
 =F8JM
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.0-20200407' into staging

ppc patch queue 2020-04-07

An assortment of fixes for qemu-5.0, including a number for the FWNMI
feature which is new this release.

# gpg: Signature made Tue 07 Apr 2020 05:35:10 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-5.0-20200407:
  ppc/pnv: Create BMC devices only when defaults are enabled
  pseries: Update SLOF firmware image
  hw/ppc/ppc440_uc.c: Remove incorrect iothread locking from dcr_write_pcie()
  spapr: Fix failure path for attempting to hot unplug PCI bridges
  ppc/spapr: Don't kill the guest if a recovered FWNMI machine check delivery fails
  ppc/spapr: Add FWNMI machine check delivery warnings
  ppc/spapr: Improve FWNMI machine check delivery corner case comments
  ppc/spapr: KVM FWNMI should not be enabled until guest requests it
  vfio/spapr: Fix page size calculation
  hw/ppc/e500.c: Handle qemu_find_file() failure

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-07 11:19:31 +01:00
BALATON Zoltan
ac2071c379 ati-vga: Fix checks in ati_2d_blt() to avoid crash
In some corner cases (that never happen during normal operation but a
malicious guest could program wrong values) pixman functions were
called with parameters that result in a crash. Fix this and add more
checks to disallow such cases.

Reported-by: Ziming Zhang <ezrakiez@gmail.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 20200406204029.19559747D5D@zero.eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-04-07 09:25:23 +02:00
Cédric Le Goater
25f3170b06 ppc/pnv: Create BMC devices only when defaults are enabled
Commit e2392d4395 ("ppc/pnv: Create BMC devices at machine init")
introduced default BMC devices which can be a problem when the same
devices are defined on the command line with :

  -device ipmi-bmc-sim,id=bmc0 -device isa-ipmi-bt,bmc=bmc0,irq=10

QEMU fails with :

  qemu-system-ppc64: error creating device tree: node: FDT_ERR_EXISTS

Use defaults_enabled() when creating the default BMC devices to let
the user provide its own BMC devices using '-nodefaults'. If no BMC
device are provided, output a warning but let QEMU run as this is a
supported configuration. However, when multiple BMC devices are
defined, stop QEMU with a clear error as the results are unexpected.

Fixes: e2392d4395 ("ppc/pnv: Create BMC devices at machine init")
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20200404153655.166834-1-clg@kaod.org>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:11 +10:00
Alexey Kardashevskiy
a872e4328b pseries: Update SLOF firmware image
This is a single regression fix for for 5.0:

Greg Kurz (1):
      slof: Only close stdout for virtio-serial devices

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:11 +10:00
Peter Maydell
2025fc6766 hw/ppc/ppc440_uc.c: Remove incorrect iothread locking from dcr_write_pcie()
In dcr_write_pcie() we take the iothread lock around a call to
pcie_host_mmcfg_udpate().  This is an incorrect attempt to deal with
the bug fixed in commit 235352ee6e, where we were not taking
the iothread lock before calling device dcr read/write functions.
(It's not sufficient locking, because although the other cases in the
switch statement won't assert, there is no locking which prevents
multiple guest CPUs from trying to access the PPC460EXPCIEState
struct at the same time and corrupting data.)

Unfortunately with commit 235352ee6e we are now trying
to recursively take the iothread lock, which will assert:

  $ qemu-system-ppc -M sam460ex --display none
  **
  ERROR:/home/petmay01/linaro/qemu-from-laptop/qemu/cpus.c:1830:qemu_mutex_lock_iothread_impl: assertion failed: (!qemu_mutex_iothread_locked())
  Aborted (core dumped)

Remove the locking within dcr_write_pcie().

Fixes: 235352ee6e
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200330125228.24994-1-peter.maydell@linaro.org>
Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:11 +10:00
David Gibson
7aab589976 spapr: Fix failure path for attempting to hot unplug PCI bridges
For various technical reasons we can't currently allow unplug a PCI to PCI
bridge on the pseries machine.  spapr_pci_unplug_request() correctly
generates an error message if that's attempted.

But.. if the given errp is not error_abort or error_fatal, it doesn't
actually stop trying to unplug the bridge anyway.

Fixes: 14e714900f "spapr: Allow hot plug/unplug of PCI bridges and devices under PCI bridges"
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
2020-04-07 08:55:11 +10:00
Nicholas Piggin
4f7a11f93f ppc/spapr: Don't kill the guest if a recovered FWNMI machine check delivery fails
Try to be tolerant of FWNMI delivery errors if the machine check had been
recovered by the host.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-5-npiggin@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
[dwg: Updated comment at Greg's suggestion]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Nicholas Piggin
b90b9ecb12 ppc/spapr: Add FWNMI machine check delivery warnings
Add some messages which explain problems and guest misbehaviour that
may be difficult to diagnose in rare cases of machine checks.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-4-npiggin@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Nicholas Piggin
6c3dd24c05 ppc/spapr: Improve FWNMI machine check delivery corner case comments
Some of the conditions are not as clearly documented as they could be.
Also the non-FWNMI case does not need a large comment.

Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-3-npiggin@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Nicholas Piggin
ec010c0066 ppc/spapr: KVM FWNMI should not be enabled until guest requests it
The KVM FWNMI capability should be enabled with the "ibm,nmi-register"
rtas call. Although MCEs from KVM will be delivered as architected
interrupts to the guest before "ibm,nmi-register" is called, KVM has
different behaviour depending on whether the guest has enabled FWNMI
(it attempts to do more recovery on behalf of a non-FWNMI guest).

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-2-npiggin@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Alexey Kardashevskiy
79178edd2a vfio/spapr: Fix page size calculation
Coverity detected an issue (CID 1421903) with potential call of clz64(0)
which returns 64 which make it do "<<" with a negative number.

This checks the mask and avoids undefined behaviour.

In practice pgsizes and memory_region_iommu_get_min_page_size() always
have some common page sizes and even if they did not, the resulting page
size would be 0x8000.0000.0000.0000 (gcc 9.2) and
ioctl(VFIO_IOMMU_SPAPR_TCE_CREATE) would fail anyway.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20200324063912.25063-1-aik@ozlabs.ru>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Peter Maydell
3b4f50bd7d hw/ppc/e500.c: Handle qemu_find_file() failure
If qemu_find_file() doesn't find the BIOS it returns NULL; we were
passing that unchecked through to load_elf(), which assumes a non-NULL
pointer and may misbehave. In practice it fails with a weird message:

  $ qemu-system-ppc -M ppce500 -display none -kernel nonesuch
  Bad address
  qemu-system-ppc: could not load firmware '(null)'

Handle the failure case better:

  $ qemu-system-ppc -M ppce500 -display none -kernel nonesuch
  qemu-system-ppc: could not find firmware/kernel file 'nonesuch'

Spotted by Coverity (CID 1238954).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200324121216.23899-1-peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Philippe Mathieu-Daudé
a41f167547 .travis.yml: Cache acceptance-test assets
Keep all acceptance-test assets in the same cache bucket.

As of v5.0.0-rc1, the cache is 2610.11MB:
https://travis-ci.org/github/philmd/qemu/jobs/670558103

Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200403172919.24621-6-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-04-06 20:03:14 +02:00
Philippe Mathieu-Daudé
5baecf58ad tests/acceptance/machine_sparc_leon3: Disable HelenOS test
This test was written/tested around beginning of 2019, but was
extracted from a bigger series and posted end of June 2019 [*].
Unfortunately I did not notice commit 162abf1a8 was merged by
then, which implements the AHB and APB plug and play devices.

HelenOS 0.6 is expecting the PnP registers to be not implemented
by QEMU, then forces the discovered AMBA devices (see [2]).

Before 162abf1a8, the console was displaying:

  HelenOS bootloader, release 0.6.0 (Elastic Horse)
  Built on 2014-12-21 20:17:42 for sparc32
  Copyright (c) 2001-2014 HelenOS project
   0x4000bf20|0x4000bf20: kernel image (496640/128466 bytes)
   0x4002b4f2|0x4002b4f2: ns image (154195/66444 bytes)
   0x4003b87e|0x4003b87e: loader image (153182/66437 bytes)
   0x4004bc03|0x4004bc03: init image (155339/66834 bytes)
   0x4005c115|0x4005c115: locsrv image (162063/70267 bytes)
   0x4006d390|0x4006d390: rd image (152678/65889 bytes)
   0x4007d4f1|0x4007d4f1: vfs image (168480/73394 bytes)
   0x4008f3a3|0x4008f3a3: logger image (158034/68368 bytes)
   0x4009feb3|0x4009feb3: ext4fs image (234510/100301 bytes)
   0x400b8680|0x400b8680: initrd image (8388608/1668901 bytes)
  ABMA devices:
  <1:00c> at 0x80000100 irq 3
  <1:00d> at 0x80000200
  <1:011> at 0x80000300 irq 8
  Memory size: 64 MB

As of this commit, it is now confused:

  ABMA devices:
  <1:3000> at 0x00000000 irq 0
  <1:3000> at 0x00000000 irq 0
  <1:3000> at 0x00000000 irq 0
  <1:3000> at 0x00000000 irq 0
  <1:3000> at 0x00000000 irq 0
  <1:3000> at 0x00000000 irq 0
  <1:3000> at 0x00000000 irq 0
  ...

As this test is not working as expected, simply disable it (by
skipping it) for now.

[1] https://www.mail-archive.com/qemu-devel@nongnu.org/msg627094.html
[2] https://github.com/HelenOS/helenos/blob/0.6.0/boot/arch/sparc32/src/ambapp.c#L75

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200331105048.27989-2-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-04-06 20:03:14 +02:00
Philippe Mathieu-Daudé
b131b49768 tests/acceptance/ppc_prep_40p: Use mirror for ftp.software.ibm.com
To avoid regular failures on Travis-CI with ftp.software.ibm.com,
use a mirror.

Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Tested-by: Willian Rampazzo <willianr@gmail.com>
Reviewed-by: Willian Rampazzo <willianr@gmail.com>
Message-Id: <20200403172919.24621-4-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-04-06 20:03:14 +02:00
Philippe Mathieu-Daudé
5cf67ac04f tests/acceptance/ppc_prep_40p: Use cdn.netbsd.org hostname
Use NetBSD content delivery network to get faster downloads.

Suggested-by: Kamil Rytarowski <kamil@netbsd.org>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Message-Id: <20200211134504.9156-1-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-04-06 20:03:14 +02:00
Oksana Vohchana
002b24c0c7 Acceptance test: Fix to EXEC migration
The exec migration test isn't run a whole test scenario.
This patch fixes it

Fixes: 2e768cb682
Signed-off-by: Oksana Vohchana <ovoshcha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Message-Id: <20200325113138.20337-1-ovoshcha@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-04-06 20:03:14 +02:00
Peter Maydell
53ef8a92eb target-arm queue:
* don't expose "ieee_half" via gdbstub (prevents gdb crashes or errors
    with older GDB versions)
  * hw/arm/collie: Put StrongARMState* into a CollieMachineState struct
  * PSTATE.PAN should not clear exec bits
  * hw/gpio/aspeed_gpio.c: Don't directly include assert.h
    (fixes compilation on some Windows build scenarios)
  * dump: Fix writing of ELF section
  * dma/xlnx-zdma: various bug fixes
  * target/arm/helperc. delete obsolete TODO comment
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl6K/pEZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3iIkD/4xLIib97Ts4iXB3ReCjUpZ
 5l1Exb9Rp+r1MSTK3F7UgcI7MT/1MIh/IPkWYdG2Fwh4BAw+aQNQrLqjT9sDLeLK
 YZzEj97H4ZEFwJnj/OL/j3AfG+vnQdQ0Uj+xac3c1Nx0Isy7vGbG1cG5pIrVOWFM
 0rtLH8SdO2G1VUMnPG0Y6sf8vdCXQmJpdI8QS2FmulP0atgJmbLdmaXmZgOn5Dfx
 Y+L7v9E6aV3el1v905dt0iZhs4qcJc27SzFuT0SoGzCMS65fBpRKenCwUbxteLkU
 ItCFY5dx2IpyLuI/TS8X1UN335Mlnz3AGdlZdtm644BpxvuOMIqkVjY6di2WH02X
 etb78rLY4EKUwI/wTPueN57M5FoZRKkQkO1XvrBv2NPkyz1sFU4pI2cMfSQVQAI7
 azVKCdZuHv88raZ3tqdnPKsujyrc9pWX3HSD3Bsh+IcMqhBDBCt+pGbg352pw12E
 KT9xuIEpiEtkb/x4jShwezXKXbUbg62RNZTLyw5PmhKbWsc14ALXD75SXMXBlk9a
 Qkd3Rp3xQML6HO7qhOAxQQw1WAX1c/x4P/X6c2+lMyuorL6jByhSKgM7HxAw4XKa
 yo3ZSWc9bMl8vPkfxG+0vUe/cHtooSQYpGBlgSoxqwBpSIVAJeY7BdSgYAuJ8L5x
 y+dQHc/Zp2qk2VbFLjrdmw==
 =QEcM
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200406' into staging

target-arm queue:
 * don't expose "ieee_half" via gdbstub (prevents gdb crashes or errors
   with older GDB versions)
 * hw/arm/collie: Put StrongARMState* into a CollieMachineState struct
 * PSTATE.PAN should not clear exec bits
 * hw/gpio/aspeed_gpio.c: Don't directly include assert.h
   (fixes compilation on some Windows build scenarios)
 * dump: Fix writing of ELF section
 * dma/xlnx-zdma: various bug fixes
 * target/arm/helperc. delete obsolete TODO comment

# gpg: Signature made Mon 06 Apr 2020 11:04:01 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200406:
  dma/xlnx-zdma: Reorg to fix CUR_DSCR
  dma/xlnx-zdma: Advance the descriptor address when stopping
  dma/xlnx-zdma: Clear DMA_DONE when halting
  dma/xlnx-zdma: Populate DBG0.CMN_BUF_FREE
  dma/xlnx-zdma: Remove comment
  dump: Fix writing of ELF section
  hw/gpio/aspeed_gpio.c: Don't directly include assert.h
  target/arm: Remove obsolete TODO note from get_phys_addr_lpae()
  target/arm: PSTATE.PAN should not clear exec bits
  hw/arm/collie: Put StrongARMState* into a CollieMachineState struct
  target/arm: don't expose "ieee_half" via gdbstub

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-06 12:36:45 +01:00
Volker Rümelin
8d1439b692 dsoundaudio: dsound_get_buffer_in should honor *size
This patch prevents an underflow of variable samples in function
audio_pcm_hw_run_in(). See commit 599eac4e5a "audio:
audio_generic_get_buffer_in should honor *size". This time the
while loop in audio_pcm_hw_run_in() will terminate nevertheless,
because it seems the recording stream in Windows is always rate
limited.

Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200405075017.9901-3-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-04-06 13:29:53 +02:00
Volker Rümelin
174702986c dsoundaudio: fix "Could not lock capture buffer" warning
IDirectSoundCaptureBuffer_Lock() fails on Windows when called
with len = 0. Return early from dsound_get_buffer_in() in this
case.

To reproduce the warning start a linux guest. In the guest
start Audacity and you will see a lot of "Could not lock
capture buffer" warnings.

Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200405075017.9901-2-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-04-06 13:29:53 +02:00
Volker Rümelin
4ba664cb0a dsoundaudio: fix never-ending playback loop
Currently the DirectSound backend fails to stop audio playback
in dsound_enable_out(). To detect a lost buffer condition
dsound_get_status_out() incorrectly uses the error code
DSERR_BUFFERLOST instead of flag DSBSTATUS_BUFFERLOST as a mask
and returns with an error. As a result dsound_enable_out()
returns early and doesn't stop playback.

To reproduce the bug start qemu on a Windows host with
-soundhw pcspk -audiodev dsound,id=audio0. On the guest
FreeDOS 1.2 command line enter beep. The image Day 1 - F-Bird
from the QEMU Advent Calendar 2018 shows the bug as well.

Buglink: https://bugs.launchpad.net/qemu/+bug/1699628
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200405075017.9901-1-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-04-06 13:29:53 +02:00
Edgar E. Iglesias
8893790966 dma/xlnx-zdma: Reorg to fix CUR_DSCR
Reorganize the descriptor handling so that CUR_DSCR always
points to the next descriptor to be processed.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: 20200402134721.27863-6-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-06 10:59:56 +01:00
Edgar E. Iglesias
4ec037f1dd dma/xlnx-zdma: Advance the descriptor address when stopping
Advance the descriptor address when stopping the channel.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200402134721.27863-5-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-06 10:59:56 +01:00