Commit Graph

82582 Commits

Author SHA1 Message Date
Kirti Wankhede
e408aeef86 Fix use after free in vfio_migration_probe
Fixes Coverity issue:
CID 1436126:  Memory - illegal accesses  (USE_AFTER_FREE)

Fixes: a9e271ec9b ("vfio: Add migration region initialization and finalize function")
Signed-off-by: Kirti Wankhede <kwankhede@nvidia.com>
Reviewed-by: David Edmondson <dme@dme.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2020-11-12 15:58:16 -07:00
Peter Maydell
4cfac0152e Migration & virtiofs fixes for 5.2
A bunch of small fixes.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEERfXHG0oMt/uXep+pBRYzHrxb/ecFAl+tgEEACgkQBRYzHrxb
 /ecT7g/5Aamy5RpHUibvkpBq6SNEgePLwrifVL934WCMykzkktOWM4dMMjW1klXS
 b/0a+YUaUS0Ig2NKEJQxFEF1JTevQ74I/ZeqmMJCghkprjlMT7Px4HpNiaL/Dmcn
 19U/GnDTdpDfZWj1XjAcdd72rEbn8Pd0npOOhIMXnlUiEi3/kmdDllViK7bi1rwG
 bkUWtn9WffuVmE99HzgqIXOdScu2BV/j2w30xZqfk/luXJFVPnuKSfGjdpBeJ+XY
 ugrduubGrT/DRVWqbKHxAjA0oBGloPU9oSBOhw3r0PePJNAbwMiq3fW8njhTwPh7
 uFw2RJWUmv8Q0l46ogF/xR+kI1g22sn2WoeIYr6tYnKgYw7eM+1q+Flkk2NHou9I
 xaIxeCES5rsEq/5Q1fkit6qbkfbohgB6tKZtWtmhKOVQRHKdoQzc4kWOiQjFr6E9
 kY5dQhKShB6egYt/diqR+dxQvy3EnYWnIFtgYZ+egkG2jgrZ4+GjIACXaZ6GQ05J
 wHVNOx09bRMIC+XSAosHGPw/0T4K+GoBrusTdhvFgRQGQKKZ2bH6VLuDvPa8oa0p
 G8ySPX0jXrW+wSX2WCpHUYaohGVLyOmzrPLMZUtz3DREVVQQXgw28pKT4sd+xyXj
 OkcIZ+kZmjja9R8CvB01oTBqIZLQw7V+rbjNiHDJuUF670pTUoQ=
 =tfAA
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20201112a' into staging

Migration & virtiofs fixes for 5.2

A bunch of small fixes.

# gpg: Signature made Thu 12 Nov 2020 18:34:41 GMT
# gpg:                using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert/tags/pull-migration-20201112a:
  virtiofsd: check whether strdup lo.source return NULL in main func
  virtiofsd: check whether lo_map_reserve returns NULL in, main func
  tools/virtiofsd/buffer.c: check whether buf is NULL in fuse_bufvec_advance func
  virtiofsd: Announce submounts even without statx()
  migration: handle CANCELLING state in migration_completion()
  multifd/tls: fix memoryleak of the QIOChannelSocket object when cancelling migration
  migration/dirtyrate: simplify includes in dirtyrate.c
  migration: fix uninitialized variable warning in migrate_send_rp_req_pages()
  migration/multifd: fix hangup with TLS-Multifd due to blocking handshake
  ACPI: Avoid infinite recursion when dump-vmstate
  migration/ram: Fix hexadecimal format string specifier

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-12 20:13:01 +00:00
Haotian Li
7632b56c8f virtiofsd: check whether strdup lo.source return NULL in main func
In main func, strdup lo.source may fail. So check whether strdup
lo.source return NULL before using it.

Signed-off-by: Haotian Li <lihaotian9@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Message-Id: <f1e48ca8-d6de-d901-63c8-4f4024bda518@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-12 16:25:38 +00:00
Haotian Li
db2e026a39 virtiofsd: check whether lo_map_reserve returns NULL in, main func
In main func, func lo_map_reserve is called without NULL check.
If reallocing new_elems fails in func lo_map_grow, the func
lo_map_reserve may return NULL. We should check whether
lo_map_reserve returns NULL before using it.

Signed-off-by: Haotian Li <lihaotian9@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Message-Id: <48887813-1c95-048c-6d10-48e3dd2bac71@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-12 16:25:32 +00:00
Haotian Li
7fa87944f8 tools/virtiofsd/buffer.c: check whether buf is NULL in fuse_bufvec_advance func
In fuse_bufvec_advance func, calling fuse_bufvec_current func
may return NULL, so we should check whether buf is NULL before
using it.

Signed-off-by: Haotian Li <lihaotian9@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Message-Id: <29fc87c2-b87c-4c34-40d4-75381f228849@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-12 16:25:23 +00:00
Max Reitz
f26688a911 virtiofsd: Announce submounts even without statx()
Contrary to what the check (and warning) in lo_init() claims, we can
announce submounts just fine even without statx() -- the check is based
on comparing both the mount ID and st_dev of parent and child.  Without
statx(), we will not have the mount ID; but we always have st_dev.

The only problems we have (without statx() and its mount ID) are:

(1) Mounting the same device twice may lead to both trees being treated
    as exactly the same tree by virtiofsd.  But that is a problem that
    is completely independent of mirroring host submounts in the guest.
    Both submount roots will still show the FUSE_SUBMOUNT flag, because
    their st_dev still differs from their respective parent.

(2) There is only one exception to (1), and that is if you mount a
    device inside a mount of itself: Then, its st_dev will be the same
    as that of its parent, and so without a mount ID, virtiofsd will not
    be able to recognize the nested mount's root as a submount.
    However, thanks to virtiofsd then treating both trees as exactly the
    same tree, it will be caught up in a loop when the guest tries to
    examine the nested submount, so the guest will always see nothing
    but an ELOOP there.  Therefore, this case is just fully broken
    without statx(), whether we check for submounts (based on st_dev) or
    not.

All in all, checking for submounts works well even without comparing the
mount ID (i.e., without statx()).  The only concern is an edge case
that, without statx() mount IDs, is utterly broken anyway.

Thus, drop said check in lo_init().

Reported-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20201103164135.169325-1-mreitz@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-12 15:52:20 +00:00
Longpeng(Mike)
6ba11211bd migration: handle CANCELLING state in migration_completion()
The following sequence may cause the VM abort during migration:

1. RUN_STATE_RUNNING,MIGRATION_STATUS_ACTIVE

2. before call migration_completion(), we send migrate_cancel
   QMP command, the state machine is changed to:
     RUN_STATE_RUNNING,MIGRATION_STATUS_CANCELLING

3. call migration_completion(), and the state machine is
   switch to: RUN_STATE_RUNNING,MIGRATION_STATUS_COMPLETED

4. call migration_iteration_finish(), because the migration
   status is COMPLETED, so it will try to set the runstate
   to POSTMIGRATE, but RUNNING-->POSTMIGRATE is an invalid
   transition, so abort().

The migration_completion() should not change the migration state
to COMPLETED if it is already changed to CANCELLING.

Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
Message-Id: <20201105091726.148-1-longpeng2@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-12 15:52:20 +00:00
Chuan Zheng
9e8424088c multifd/tls: fix memoryleak of the QIOChannelSocket object when cancelling migration
When creating new tls client, the tioc->master will be referenced which results in socket
leaking after multifd_save_cleanup if we cancel migration.
Fix it by do object_unref() after tls client creation.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Chuan Zheng <zhengchuan@huawei.com>
Message-Id: <1605104763-118687-1-git-send-email-zhengchuan@huawei.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-12 15:52:20 +00:00
Chuan Zheng
a18ed79b19 migration/dirtyrate: simplify includes in dirtyrate.c
Remove redundant blank line which is left by Commit 662770af7c,
also take this opportunity to remove redundant includes in dirtyrate.c.

Signed-off-by: Chuan Zheng <zhengchuan@huawei.com>
Message-Id: <1604030281-112946-1-git-send-email-zhengchuan@huawei.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-12 15:52:14 +00:00
Chen Qun
a24292830b migration: fix uninitialized variable warning in migrate_send_rp_req_pages()
After the WITH_QEMU_LOCK_GUARD macro is added, the compiler cannot identify
 that the statements in the macro must be executed. As a result, some variables
 assignment statements in the macro may be considered as unexecuted by the compiler.

When the -Wmaybe-uninitialized capability is enabled on GCC9,the compiler showed warning:
migration/migration.c: In function ‘migrate_send_rp_req_pages’:
migration/migration.c:384:8: warning: ‘received’ may be used uninitialized in this function [-Wmaybe-uninitialized]
 384 |     if (received) {
     |        ^

Add a default value for 'received' to prevented the warning.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201111142203.2359370-6-kuhn.chenqun@huawei.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-12 14:49:16 +00:00
Chuan Zheng
a1af605bd5 migration/multifd: fix hangup with TLS-Multifd due to blocking handshake
The qemu main loop could hang up forever when we enable TLS+Multifd.
The Src multifd_send_0 invokes tls handshake, it sends hello to sever
and wait response.
However, the Dst main qemu loop has been waiting recvmsg() for multifd_recv_1.
Both of Src and Dst main qemu loop are blocking and waiting for reponse which
results in hanging up forever.

Src: (multifd_send_0)                                              Dst: (multifd_recv_1)
multifd_channel_connect                                            migration_channel_process_incoming
  multifd_tls_channel_connect                                        migration_tls_channel_process_incoming
    multifd_tls_channel_connect                                        qio_channel_tls_handshake_task
       qio_channel_tls_handshake                                         gnutls_handshake
          qio_channel_tls_handshake_task                                       ...
            qcrypto_tls_session_handshake                                      ...
              gnutls_handshake                                                 ...
                   ...                                                         ...
                recvmsg (Blocking I/O waiting for response)                recvmsg (Blocking I/O waiting for response)

Fix this by offloadinig handshake work to a background thread.

Reported-by: Yan Jin <jinyan12@huawei.com>
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Chuan Zheng <zhengchuan@huawei.com>
Message-Id: <1604643893-8223-1-git-send-email-zhengchuan@huawei.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-12 14:35:29 +00:00
Philippe Mathieu-Daudé
727a06326c hw/i386/acpi-build: Fix maybe-uninitialized error when ACPI hotplug off
GCC 9.3.0 thinks that 'method' can be left uninitialized. This code
is already in the "if (bsel || pcihp_bridge_en)" block statement,
but it isn't smart enough to figure it out.

Restrict the code to be used only in the "if (bsel || pcihp_bridge_en)"
block statement to fix (on Ubuntu):

  ../hw/i386/acpi-build.c: In function 'build_append_pci_bus_devices':
  ../hw/i386/acpi-build.c:496:9: error: 'method' may be used uninitialized
  in this function [-Werror=maybe-uninitialized]
    496 |         aml_append(parent_scope, method);
        |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  cc1: all warnings being treated as errors

Fixes: df4008c9c5 ("piix4: don't reserve hw resources when hotplug is off globally")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201107194045.438027-1-philmd@redhat.com>
Acked-by: Ani Sinha <ani@anisinha.ca>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-11-12 09:19:40 -05:00
Stefan Hajnoczi
d88618f717 configure: mark vhost-user Linux-only
The vhost-user protocol uses the Linux eventfd feature and is typically
connected to Linux kvm.ko ioeventfd and irqfd file descriptors. The
protocol specification in docs/interop/vhost-user.rst does not describe
how platforms without eventfd support work.

The QEMU vhost-user devices compile on other POSIX host operating
systems because eventfd usage is abstracted in QEMU. The libvhost-user
programs in contrib/ do not compile but we failed to notice since they
are not built by default.

Make it clear that vhost-user is only supported on Linux for the time
being. If someone wishes to support it on other platforms then the
details can be added to vhost-user.rst and CI jobs can test the feature
to prevent bitrot.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20201110171121.1265142-4-stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-11-12 09:19:40 -05:00
Stefan Hajnoczi
eb6a388624 vhost-user-blk-server: depend on CONFIG_VHOST_USER
I interpreted CONFIG_VHOST_USER as controlling only QEMU's vhost-user
device frontends. However, virtiofsd and contrib/ vhost-user device
backends are also controlled by CONFIG_VHOST_USER. Make the
vhost-user-blk server depend on CONFIG_VHOST_USER for consistency.

Now the following error is printed when the vhost-user-blk server is
enabled without CONFIG_VHOST_USER:

  $ ./configure --disable-vhost-user --enable-vhost-user-blk ...
  ../meson.build:761:8: ERROR: Problem encountered: vhost_user_blk_server requires vhost-user support

Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Suggested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20201110171121.1265142-3-stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-11-12 09:19:40 -05:00
Stefan Hajnoczi
e5e856c1eb meson: move vhost_user_blk_server to meson.build
The --enable/disable-vhost-user-blk-server options were implemented in
./configure. There has been confusion about them and part of the problem
is that the shell syntax used for setting the default value is not easy
to read. Move the option over to meson where the conditions are easier
to understand:

  have_vhost_user_blk_server = (targetos == 'linux')

  if get_option('vhost_user_blk_server').enabled()
      if targetos != 'linux'
          error('vhost_user_blk_server requires linux')
      endif
  elif get_option('vhost_user_blk_server').disabled() or not have_system
      have_vhost_user_blk_server = false
  endif

This patch does not change behavior.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20201110171121.1265142-2-stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-11-12 09:19:40 -05:00
Stefan Hajnoczi
3009edff81 vhost-user: fix VHOST_USER_ADD/REM_MEM_REG truncation
QEMU currently truncates the mmap_offset field when sending
VHOST_USER_ADD_MEM_REG and VHOST_USER_REM_MEM_REG messages. The struct
layout looks like this:

  typedef struct VhostUserMemoryRegion {
      uint64_t guest_phys_addr;
      uint64_t memory_size;
      uint64_t userspace_addr;
      uint64_t mmap_offset;
  } VhostUserMemoryRegion;

  typedef struct VhostUserMemRegMsg {
      uint32_t padding;
      /* WARNING: there is a 32-bit hole here! */
      VhostUserMemoryRegion region;
  } VhostUserMemRegMsg;

The payload size is calculated as follows when sending the message in
hw/virtio/vhost-user.c:

  msg->hdr.size = sizeof(msg->payload.mem_reg.padding) +
      sizeof(VhostUserMemoryRegion);

This calculation produces an incorrect result of only 36 bytes.
sizeof(VhostUserMemRegMsg) is actually 40 bytes.

The consequence of this is that the final field, mmap_offset, is
truncated. This breaks x86_64 TCG guests on s390 hosts. Other guest/host
combinations may get lucky if either of the following holds:
1. The guest memory layout does not need mmap_offset != 0.
2. The host is little-endian and mmap_offset <= 0xffffffff so the
   truncation has no effect.

Fix this by extending the existing 32-bit padding field to 64-bit. Now
the padding reflects the actual compiler padding. This can be verified
using pahole(1).

Also document the layout properly in the vhost-user specification.  The
vhost-user spec did not document the exact layout. It would be
impossible to implement the spec without looking at the QEMU source
code.

Existing vhost-user frontends and device backends continue to work after
this fix has been applied. The only change in the wire protocol is that
QEMU now sets hdr.size to 40 instead of 36. If a vhost-user
implementation has a hardcoded size check for 36 bytes, then it will
fail with new QEMUs. Both QEMU and DPDK/SPDK don't check the exact
payload size, so they continue to work.

Fixes: f1aeb14b08 ("Transmit vhost-user memory regions individually")
Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20201109174355.1069147-1-stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: f1aeb14b08 ("Transmit vhost-user memory regions individually")
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
2020-11-12 09:19:40 -05:00
Peng Liang
136fc6aa2c ACPI: Avoid infinite recursion when dump-vmstate
There is a field with vmstate_ghes_state as vmsd in vmstate_ghes_state,
which will lead to infinite recursion in dump_vmstate_vmsd.

Fixes: a08a64627b ("ACPI: Record the Generic Error Status Block address")
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20201112020638.874515-1-liangpeng10@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-12 14:13:59 +00:00
Philippe Mathieu-Daudé
af3bbbe984 migration/ram: Fix hexadecimal format string specifier
The '%u' conversion specifier is for decimal notation.
When prefixing a format with '0x', we want the hexadecimal
specifier ('%x').

Inspired-by: Dov Murik <dovmurik@linux.vnet.ibm.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20201103112558.2554390-5-philmd@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-12 14:02:41 +00:00
Peter Maydell
cb5d19e829 qemu-macppc fix for 5.2
-----BEGIN PGP SIGNATURE-----
 
 iQFSBAABCgA8FiEEzGIauY6CIA2RXMnEW8LFb64PMh8FAl+tBXUeHG1hcmsuY2F2
 ZS1heWxhbmRAaWxhbmRlLmNvLnVrAAoJEFvCxW+uDzIfoBIH/RVsunQCZFukuyr7
 vhp6Uf/nf95Rr9EN1Z7/JsmI8vGXaaZUxH3hEsMlW3lFqnobzNM0zhvy/KHkZcIo
 Id3a2jpS1MDTkuk5h0neataMmzpIF1xve5whwl5aLQOHQcYRwgWMhhMZcQKLk0nU
 EH0h/bfITeW353/N8aDmBBZixIsPNzQrG2nk+SDyGUC9eOtKEnwHtI5gsiWzJ3+x
 tpe78wGPCiNm31vGphNxx+QKoFWFOexGHT+pq9oGP+xKWVb0E8q1ebHZ7Yp56U9k
 CVOPjvI6lwpSgatmnhdq8CjMXyvWrPJCXhtKpgVl2cKNuifanDkzGKOh2kGoVKZ2
 5TiovgM=
 =DXCd
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mcayland/tags/qemu-macppc-20201112' into staging

qemu-macppc fix for 5.2

# gpg: Signature made Thu 12 Nov 2020 09:50:45 GMT
# gpg:                using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg:                issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* remotes/mcayland/tags/qemu-macppc-20201112:
  macio: set user_creatable to false in macio_class_init()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-12 11:33:26 +00:00
Mark Cave-Ayland
6bfa035ec3 macio: set user_creatable to false in macio_class_init()
Commit 348b8d1a76 "macio: don't reference serial_hd() directly within the device"
removed the setting of user_creatable to false on the basis that the restriction
was due to the use of serial_hd() in macio_instance_init().

Unfortunately this isn't the full story since the PIC object property links
must still be set before the device is realized. Whilst it is possible to update
the macio device and Mac machines to resolve this, the fix is too invasive at
this point in the release cycle.

For now simply set user_creatable back to false in macio_class_init() to
prevent QEMU from segfaulting in anticipation of the proper fix arriving in
QEMU 6.0.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20201110103111.18395-1-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2020-11-12 09:26:20 +00:00
Peter Maydell
674ee1245b Fixes for epoll_ctl and stack_t
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAl+sWkASHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748ncsQAI6JaS5BJM25vFslcplXyX1jBd8sXk+Z
 CnzgI/moLKr1HZRc3DecHbttApptHg+B4Twp/FqBCTk1gpqDsAUKmIgdqPZhP7Xj
 rsaUqXLJkChJtA5IFImMtI1XhQhuoI+S/AJ6l2gwnXaRqb0xILbonSXk9d2t+qpN
 aq9ho8yZfrB4025kSkEvE7YogPOKdNJdNGjPLn1MSiDP8syzgAKTSOcMehjiGQoC
 90uyDDZqBx6JcFzF7kKl3K0MJxpKrqaEkV8iELQ6UI/SHfVPp/ToaYvgPvy+kloh
 iAuy71PrVWHredeLmyzgwB+fZyq0O+XWFfhw9r37Lo6fn6MQ1xIaNAUzF7+fEBB5
 +2tIxpkeWrOfb2Eu0aagAVEHpFR+1MmtGYwdoxNXFvP15IOLFpGyxAY86m6haBsA
 j3w6lyt51iK6vJt4IYZJjMnh81LZ2fxTCBQs23kH+cxRu2wEc97qkkgNJSjzCCOv
 rgkHpw2cxT16IkqSlFZVu9w8Rv+sibUJWxtcJsYo9Xwy0R5tHoZNn5uzwdo1wTHJ
 ZUY3s9ag6dEle63jMwATZDsekvQVW6AHceFkc7OIr6mMvIynijSQAoi+JZbs4ysD
 NaNklc01H3IJMIv6e5iiWhFVdJL6Nm/mRXU6GC6yn2bp5dhY++GGcPevz+BDfP+v
 FzxALaxQoIHP
 =bIlV
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.2-pull-request' into staging

Fixes for epoll_ctl and stack_t

# gpg: Signature made Wed 11 Nov 2020 21:40:16 GMT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-5.2-pull-request:
  linux-user: Prevent crash in epoll_ctl
  linux-user: Correct definition of stack_t

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-11 21:54:01 +00:00
Peter Maydell
a4c141dca4 Tracing pull request
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAl+sCaIACgkQnKSrs4Gr
 c8iIkQf9EY+dublO65TxV4t/VkcB9Z21BNbcCXNF3F+FtkxkGTszrU9t+Vj6k1wL
 hBkhmQZWOjkYq0/UrbpYCFljulStmUM2stHHI6X/E2RDQkBcqZzXzpz1CkXcyHAh
 4UhA+Mgcga3BvhFbkrni8OUI0zNqjw6LBp8CP9woWQWcFlxUmTg+N1RNHH5DpcqZ
 JbVARvSsy6ts6LDC+YUKeDGe8sj2BeOFymYzh0hmxs4msW3GzR7CSR1oP9J2+G3D
 hzRE62RHXG90SaoGxj8HrpZe/NaW3/esAuOcWgmd0Ef/6FE9qoW0GzDGUENsHIDk
 c5XRuLnHlxQ/J4XyvQ2IudhMStjgxw==
 =yulo
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/tracing-pull-request' into staging

Tracing pull request

# gpg: Signature made Wed 11 Nov 2020 15:56:18 GMT
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha-gitlab/tags/tracing-pull-request:
  scripts/tracetool: silence SystemTap dtrace(1) long long warnings
  trace: remove argument from trace_init_file

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-11 19:53:15 +00:00
Peter Maydell
46d407f84a Bug fixes
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAl+rp+wUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroO1lAf/ejTWVYZaBNyyQNAMvG9/oNfyGc1i
 QXE8TXcJN1MQPBxcthbbRgFVufbXMvHFcV0j4Df2VUSYLXrbTKL/PPVrM+EjMYDD
 400n0XPwcrugsvViZ6N6S1sA/NqSmljWjDSBsS2h+qOq+l7Bw1mal9n+nWWtvLSX
 3mcOe3M2+8ZWfHPMUkCQ5LOnKTt9TqO/pjA0gii7WR2YZqmCPDKeDoRoC9KHfYDY
 ZU0kYgFyh7VZf4ZoPaIjEFbnKsWw+uJJNSA4IyzrJ+7flXf1SR2kcD8swuqdcxks
 GvNK+LNzAllqQgm4KDmKFmC2Iqq4RNu+5MKUgLvpp/gU8UZCq9k9toqB0g==
 =toxr
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

Bug fixes

# gpg: Signature made Wed 11 Nov 2020 08:59:24 GMT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream:
  pvpanic: Advertise the PVPANIC_CRASHLOADED event support
  physmem: improve ram size error messages
  Makefile: No echoing for 'make help V=1'
  replay: remove some dead code
  fix make clean/distclean
  meson: Clarify the confusing vhost-user vs. vhost-kernel output

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-11 16:52:39 +00:00
Peter Maydell
54cd1213ce -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJfq+FCAAoJEO8Ells5jWIRN3gIAKCdxvA6m1Jvlz6cokSUCqEr
 jEKDqGNlVcH+aMykLpdOTF3oTy9zsd885wqbeG27Z+eDBsOjVPm0SWtPM0Ednlhl
 ZTSXtlkSd8w1AH+Kf1oxiyvuBxabiqBMpnIZAnMuRSjrcPVEa+Kkfi0FP5eeNAiu
 DoQlXw/RdlbaJLqvhzoe9FZdWa+tIL0IUeGW6l2Dx2DdQ7h6Es3mesPl2jtd7sl0
 iJU0jB2WGYjjn7wcqwIOFglYxUU7a5EJi2Jm4Zt3SyNFqlloYfbSTErWHwoTvYAP
 wSm8oeSYSGDy642NhWM4F6PazxDG1Q7TCFoAjRXwu0tz9xbNQyR+XP9K012tEAo=
 =Hvd0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Wed 11 Nov 2020 13:04:02 GMT
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  hw/net/can/ctucan_core: Use stl_le_p to write to tx_buffers
  hw/net/can/ctucan_core: Handle big-endian hosts
  hw/net/can/ctucan: Avoid unused value in ctucan_send_ready_buffers()
  hw/net/can/ctucan: Don't allow guest to write off end of tx_buffer
  net/l2tpv3: Remove redundant check in net_init_l2tpv3()
  net: remove an assert call in eth_get_gso_type
  net/colo-compare.c: Increase default queued packet scan frequency
  net/colo-compare.c: Add secondary old packet detection
  net/colo-compare.c: Change the timer clock type
  net/colo-compare.c: Fix compare_timeout format issue
  colo-compare: check mark in mutual exclusion
  colo-compare: fix missing compare_seq initialization
  Fix the qemu crash when guest shutdown in COLO mode
  Reduce the time of checkpoint for COLO
  Optimize seq_sorter function for colo-compare
  net/filter-rewriter: destroy g_hash_table in colo_rewriter_cleanup
  virtio-net: Set mac address to hardware if the peer is vdpa

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-11 14:00:35 +00:00
Stefan Hajnoczi
35e28cb0f2 scripts/tracetool: silence SystemTap dtrace(1) long long warnings
SystemTap's dtrace(1) prints the following warning when it encounters
long long arguments:

  Warning: /usr/bin/dtrace:trace/trace-dtrace-hw_virtio.dtrace:76: syntax error near:
  probe vhost_vdpa_dev_start

  Warning: Proceeding as if --no-pyparsing was given.

Use the uint64_t and int64_t types, respectively. This works with all
host CPU 32- and 64-bit data models (ILP32, LP64, and LLP64) that QEMU
supports.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20201020094043.159935-1-stefanha@redhat.com
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-11-11 13:10:38 +00:00
Paolo Bonzini
92eecfff32 trace: remove argument from trace_init_file
It is not needed, all the callers are just saving what was
retrieved from -trace and trace_init_file can retrieve it
on its own.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20201102115841.4017692-1-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-11-11 13:08:09 +00:00
Peter Maydell
71182187dd hw/net/can/ctucan_core: Use stl_le_p to write to tx_buffers
Instead of casting an address within a uint8_t array to a
uint32_t*, use stl_le_p(). This handles possibly misaligned
addresses which would otherwise crash on some hosts.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Tested-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 20:34:36 +08:00
Peter Maydell
676ea985c0 hw/net/can/ctucan_core: Handle big-endian hosts
The ctucan driver defines types for its registers which are a union
of a uint32_t with a struct with bitfields for the individual
fields within that register. This is a bad idea, because bitfields
aren't portable. The ctu_can_fd_regs.h header works around the
most glaring of the portability issues by defining the
fields in two different orders depending on the setting of the
__LITTLE_ENDIAN_BITFIELD define. However, in ctucan_core.h this
is unconditionally set to 1, which is wrong for big-endian hosts.

Set it only if HOST_WORDS_BIGENDIAN is not set. There is no need
for a "have we defined it already" guard, because the only place
that should set it is ctucan_core.h, which has the usual
double-inclusion guard.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Tested-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 20:34:36 +08:00
Peter Maydell
e0784d8375 hw/net/can/ctucan: Avoid unused value in ctucan_send_ready_buffers()
Coverity points out that in ctucan_send_ready_buffers() we
set buff_st_mask = 0xf << (i * 4) inside the loop, but then
we never use it before overwriting it later.

The only thing we use the mask for is as part of the code that is
inserting the new buff_st field into tx_status.  That is more
comprehensibly written using deposit32(), so do that and drop the
mask variable entirely.

We also update the buff_st local variable at multiple points
during this function, but nothing can ever see these
intermediate values, so just drop those, write the final
TXT_TOK as a fixed constant value, and collapse the only
remaining set/use of buff_st down into an extract32().

Fixes: Coverity CID 1432869
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Tested-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 20:34:36 +08:00
Peter Maydell
5e73953a27 hw/net/can/ctucan: Don't allow guest to write off end of tx_buffer
The ctucan device has 4 CAN bus cores, each of which has a set of 20
32-bit registers for writing the transmitted data. The registers are
however not contiguous; each core's buffers is 0x100 bytes after
the last.

We got the checks on the address wrong in the ctucan_mem_write()
function:
 * the first "is addr in range at all" check allowed
   addr == CTUCAN_CORE_MEM_SIZE, which is actually the first
   byte off the end of the range
 * the decode of addresses into core-number plus offset in the
   tx buffer for that core failed to check that the offset was
   in range, so the guest could write off the end of the
   tx_buffer[] array

NB: currently the values of CTUCAN_CORE_MEM_SIZE, CTUCAN_CORE_TXBUF_NUM,
etc, make "buff_num >= CTUCAN_CORE_TXBUF_NUM" impossible, but we
retain this as a runtime check rather than an assertion to permit
those values to be changed in future (in hardware they are
configurable synthesis parameters).

Fix the top level check, and check the offset is within the buffer.

Fixes: Coverity CID 1432874
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Tested-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 20:34:36 +08:00
LemonBoy
c7811022eb linux-user: Prevent crash in epoll_ctl
From 894bb5172705e46a3a04c93b4962c0f0cafee814 Mon Sep 17 00:00:00 2001
From: Giuseppe Musacchio <thatlemon@gmail.com>
Date: Fri, 17 Apr 2020 17:25:07 +0200
Subject: [PATCH] linux-user: Prevent crash in epoll_ctl

The `event` parameter is ignored by the kernel if `op` is EPOLL_CTL_DEL,
do the same and avoid returning EFAULT if garbage is passed instead of a
valid pointer.

Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <a244fa67-dace-abdb-995a-3198bd80fee8@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-11-11 11:01:08 +01:00
LemonBoy
ce437484fc linux-user: Correct definition of stack_t
Some platforms used the wrong definition of stack_t where the flags and
size fields were swapped or where the flags field had type ulong instead
of int.

Due to the presence of padding space in the structure and the prevalence
of little-endian machines this problem went unnoticed for a long time.

The type definitions have been cross-checked with the ones defined in
the Linux kernel v5.9, plus some older versions for a few architecture
that have been removed and Xilinx's kernel fork for NiosII [1].

The bsd-user headers remain unchanged as I don't know if they are wrong
or not.

[1] https://github.com/Xilinx/linux-xlnx/blob/master/arch/nios2/include/uapi/asm/signal.h

Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <e9d47692-ee92-009f-6007-0abc3f502b97@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-11-11 10:59:39 +01:00
Paolo Bonzini
b1b0393c3c pvpanic: Advertise the PVPANIC_CRASHLOADED event support
Advertise both types of events as supported when the guest OS
queries the pvpanic device.  Currently only PVPANIC_PANICKED is
exposed; PVPANIC_CRASHLOADED must also be advertised, but only on
new machine types.

Fixes: 7dc58deea7 ("pvpanic: implement crashloaded event handling")
Reported-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-11 03:59:05 -05:00
AlexChen
d949fe64b0 net/l2tpv3: Remove redundant check in net_init_l2tpv3()
The result has been checked to be NULL before, it cannot be NULL here,
so the check is redundant. Remove it.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: AlexChen <alex.chen@huawei.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:53:01 +08:00
Prasad J Pandit
7564bf7701 net: remove an assert call in eth_get_gso_type
eth_get_gso_type() routine returns segmentation offload type based on
L3 protocol type. It calls g_assert_not_reached if L3 protocol is
unknown, making the following return statement unreachable. Remove the
g_assert call, it maybe triggered by a guest user.

Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Zhang Chen
2f2fcff323 net/colo-compare.c: Increase default queued packet scan frequency
In my test, use this default parameter looks better.

Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Zhang Chen
17475df2c1 net/colo-compare.c: Add secondary old packet detection
Detect queued secondary packet to sync VM state in time.

Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Zhang Chen
ec081984f4 net/colo-compare.c: Change the timer clock type
The virtual clock only runs during the emulation. It stops
when the virtual machine is stopped.
The host clock should be used for device models that emulate accurate
real time sources. It will continue to run when the virtual machine
is suspended. COLO need to know the host time here.

Fixes: dd321ecfc2 ("colo-compare: Use IOThread to Check old packet
regularly and Process packets of the primary")

Reported-by: Derek Su <dereksu@qnap.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Zhang Chen
0c4266ef26 net/colo-compare.c: Fix compare_timeout format issue
This parameter need compare with the return of qemu_clock_get_ms(),
it is uint64_t. So we need fix this issue here.

Fixes: 9cc43c94b3 ("net/colo-compare.c: Expose "compare_timeout" to users")

Reported-by: Derek Su <dereksu@qnap.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Li Zhijian
45b9e8c33a colo-compare: check mark in mutual exclusion
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Li Zhijian
862ee1e07e colo-compare: fix missing compare_seq initialization
Fixes: f449c9e549 ("colo: compare the packet based on the tcp sequence
number")

Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Rao, Lei
5647051f43 Fix the qemu crash when guest shutdown in COLO mode
In COLO mode, if the startup parameters of QEMU include "no-shutdown",
QEMU will crash when the guest shutdown. The root cause is when the
guest shutdown, the state of VM will switch COLO to SHUTDOWN. When do
checkpoint again, the state will be changed to COLO. But the state
switch is undefined in runstate_transitions_def, we should add it.
This patch fixes the following:
qemu-system-x86_64: invalid runstate transition: 'shutdown' -> 'colo'
Aborted

Signed-off-by: Lei Rao <lei.rao@intel.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Rao, Lei
b70cb3b485 Reduce the time of checkpoint for COLO
we should set ram_bulk_stage to false after ram_state_init,
otherwise the bitmap will be unused in migration_bitmap_find_dirty.
all pages in ram cache will be flushed to the ram of secondary guest
for each checkpoint.

Signed-off-by: Lei Rao <lei.rao@intel.com>
Signed-off-by: Derek Su <dereksu@qnap.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Rao, Lei
33609e95b2 Optimize seq_sorter function for colo-compare
The seq of tcp has been filled in fill_pkt_tcp_info, it
can be used directly here.

Signed-off-by: Lei Rao <lei.rao@intel.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Pan Nengyuan
b492a4b8ca net/filter-rewriter: destroy g_hash_table in colo_rewriter_cleanup
s->connection_track_table forgot to destroy in colo_rewriter_cleanup. Fix it.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Cindy Lu
e87936ea29 virtio-net: Set mac address to hardware if the peer is vdpa
If the peer's type is vdpa, we need to set the mac address to hardware
in virtio_net_device_realize,

Signed-off-by: Cindy Lu <lulu@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-11 16:52:23 +08:00
Peter Maydell
c6f28ed507 Update version for v5.2.0-rc1 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-10 22:29:57 +00:00
Peter Maydell
3e7d06d05a target-arm queue:
* hw/arm/Kconfig: ARM_V7M depends on PTIMER
  * Minor coding style fixes
  * docs: add some notes on the sbsa-ref machine
  * hw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals
  * target/arm: Fix neon VTBL/VTBX for len > 1
  * hw/arm/armsse: Correct expansion MPC interrupt lines
  * hw/misc/stm32f2xx_syscfg: Remove extraneous IRQ
  * hw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()
  * hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input
  * hw/arm/musicpal: Only use qdev_get_gpio_in() when necessary
  * hw/arm/nseries: Check return value from load_image_targphys()
  * tests/qtest/npcm7xx_rng-test: count runs properly
  * target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl+qdtkZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3kWqEACyn/fKX+t1Da51xIGcXyks
 xteHytZ2CE56AUO/fluPzWO1a3CuPR5BiIy3PyD7WdoZPCybK1tU0ZUhsTDR9rn/
 0Bk/wmYipb4tgyvnesL0ZFAMoUR1Dc2JmRJiSOf7Gzsy8wXtHkN+ybOUFx++bq9r
 8Vf2AtTI2BhYduq0vw7aJYxJUMUjyRoE1LhemscknLPqoTQZJ+g7DUpxQQuKZNtv
 KK+hayZLY7W8dgGDa9c5ZeSZoJyJrV6enCPHuDAblQeFqMqlU5AcsNr87Yzqvn8C
 IUru2e09esLc8AunMR2Qzpu4jVf7gkk/StUXeXykVytKhuBI6fsXnrUWREvG+k13
 8Hkb1I2uVcXC2jzgPi2Ax8kOc8MG+5NL+qhLbPyHDa18vXlZNW/d4NNKVQG8FWHq
 2vM4dxEHAiA5uBno46YlE2mbpzYwJ5WtqmOjSsO+nYxenxdIr/Kh508HuWuwp3xA
 FLekctpgz1Xp05aGIWTu57jK3uTU1YKNbhlbOh2HZWc26mZCvAi1pBhN3Ce/2gjG
 h9Cq/6AxLTYDSJh9g4SmmIuGmDcbElnsJecA8nEJ7mW0HKZNicyS0i1NR2Tlc29/
 VA4UtjYSwvBeZFxDNpV78tXaSX7rfMSAu2kPe02gGqC4gaFDv29AkFZqDDk71f/W
 lYaOCN9C5TnW47ttJAe38A==
 =iKQn
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20201110' into staging

target-arm queue:
 * hw/arm/Kconfig: ARM_V7M depends on PTIMER
 * Minor coding style fixes
 * docs: add some notes on the sbsa-ref machine
 * hw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals
 * target/arm: Fix neon VTBL/VTBX for len > 1
 * hw/arm/armsse: Correct expansion MPC interrupt lines
 * hw/misc/stm32f2xx_syscfg: Remove extraneous IRQ
 * hw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()
 * hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input
 * hw/arm/musicpal: Only use qdev_get_gpio_in() when necessary
 * hw/arm/nseries: Check return value from load_image_targphys()
 * tests/qtest/npcm7xx_rng-test: count runs properly
 * target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check

# gpg: Signature made Tue 10 Nov 2020 11:17:45 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20201110:
  target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check
  tests/qtest/npcm7xx_rng-test: count runs properly
  hw/arm/nseries: Check return value from load_image_targphys()
  hw/arm/musicpal: Only use qdev_get_gpio_in() when necessary
  hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input
  hw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()
  hw/misc/stm32f2xx_syscfg: Remove extraneous IRQ
  hw/arm/armsse: Correct expansion MPC interrupt lines
  target/arm: Fix neon VTBL/VTBX for len > 1
  hw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals
  docs: add some notes on the sbsa-ref machine
  target/arm: add space before the open parenthesis '('
  target/arm: Don't use '#' flag of printf format
  target/arm: add spaces around operator
  ssi: Fix bad printf format specifiers
  hw/arm/Kconfig: ARM_V7M depends on PTIMER

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-10 14:59:20 +00:00
Peter Maydell
879860ca70 * Some small qtest fixes
* Oss-fuzz updates
 * Publish the docs built during gitlab CI to the user's gitlab.io page
 * Update the OpenBSD VM test to v6.8
 * Fix the device-crash-test script to run with the meson build system
 * Some small s390x fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAl+qc+IRHHRodXRoQHJl
 ZGhhdC5jb20ACgkQLtnXdP5wLbUPfg//Z4AbWXNwldRTTZM/61kY88meNT6jHVaF
 narl6v1u+1oLeSlwoHaZb7PZ3auxAuukROaiUWqIzn9udpyvRBB6pXz+JzGpwmWk
 DUady8vYXg/Q9Yux8MZMgKzhOH484eVM1y9NXQ+lzJT7R3VtbcN0IvlFv20M5d+k
 S449CuAlXH5b42A6OUpABZYfxm59lWZW91qdejRnLOyqyLrv5GPhro5J3Uadv3l2
 lHExdzjSCBovK3ORCR9L6JghLMmN3M6a9VArNas6KTSLvz5Vh/Rnz5otfpf5DiHv
 D/FOXQjm1aujCmfa41oBZH84aGhZrdK/fhtryJE+OBa7a5mpSOv5mXg7IFKDeCRd
 p0bmLOo891LdzOHlkZ/p+8uK3CkdsJpxch0/8mLLLvgJCGCNpeq7GJXj7wuPa2RK
 gc2Ax+XoOR/C5f+x4PbRjHYgI3tTbO8MM9G87QT8TvV3llwpeFs7LRjegoanoAxn
 OA0hVp+4dEXBPJF0bludSNnJ+NPDUWDKVPW/sTlaVytxSgFw0v5bBtne+CUY8QGN
 xNX9T3qsSN56phaZlSzB0ktJKid8nvqEBp82/ayAVyhf6cYk4p08f+cS/qb0RpMm
 5J7GbmB54HWq8Is6BjG261BvnKfEdhl58YIREbgY0gQopGDXZzazozIysNKcZAnI
 WzL1cfWPWwc=
 =a3YE
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-11-10' into staging

* Some small qtest fixes
* Oss-fuzz updates
* Publish the docs built during gitlab CI to the user's gitlab.io page
* Update the OpenBSD VM test to v6.8
* Fix the device-crash-test script to run with the meson build system
* Some small s390x fixes

# gpg: Signature made Tue 10 Nov 2020 11:05:06 GMT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2020-11-10:
  s390x: Avoid variable size warning in ipl.h
  s390x: fix clang 11 warnings in cpu_models.c
  qtest: Update references to parse_escape() in comments
  fuzz: add virtio-blk fuzz target
  docs: add "page source" link to sphinx documentation
  gitlab: force enable docs build in Fedora, Ubuntu, Debian
  gitlab: publish the docs built during CI
  configure: surface deprecated targets in the help output
  fuzz: Make fork_fuzz.ld compatible with LLVM's LLD
  scripts/oss-fuzz: give all fuzzers -target names
  docs/fuzz: update fuzzing documentation post-meson
  docs/fuzz: rST-ify the fuzzing documentation
  MAINTAINERS: Add gitlab-pipeline-status script to GitLab CI section
  gitlab-ci: Drop generic cache rule
  tests/qtest/tpm: Remove redundant check in the tpm_test_swtpm_test()
  qtest: Fix bad printf format specifiers
  device-crash-test: Check if path is actually an executable file
  tests/vm: update openbsd to release 6.8
  meson: always include contrib/libvhost-user

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-10 12:23:05 +00:00
Pankaj Gupta
a3a929083b physmem: improve ram size error messages
Ram size mismatch condition logs below message.

   "Length mismatch: pc.ram: 0x80000000 in != 0x180000000: Invalid argument"

 This patch improves the readability of error messages.
 Removed the superflous "in" and changed "Length" to "Size".

Signed-off-by: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
Reported-by: Li Zhang <li.zhang@cloud.ionos.com>
Message-Id: <20201022111302.8105-1-pankaj.gupta.linux@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-10 06:27:17 -05:00