mtvsrdd: Move To VSR Double Doubleword
Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
mfvsrld: Move From VSR Lower Doubleword
Signed-off-by: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
Signed-off-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
KVM-PR currently does not support transactional memory, and the
implementation in TCG is just a fake. We should not announce TM
support in the ibm,pa-features property when running on such a
system, so disable it by default and only enable it if the KVM
implementation supports it (i.e. recent versions of KVM-HV).
These changes are based on some earlier work from Anton Blanchard
(thanks!).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The current code uses pa_features_206 for POWERPC_MMU_2_06, and
for everything else, it uses pa_features_207. This is bad in some
cases because there is also a "degraded" MMU version of ISA 2.06,
called POWERPC_MMU_2_06a, which should of course use the flags for
2.06 instead. And there is also the possibility that the user runs
the pseries machine with a POWER5+ or even 970 processor. In that
case we certainly do not want to set the flags for 2.07, and rather
simply skip the setting of the pa-features property instead.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The function spapr_populate_cpu_dt() has become quite big
already, and since we likely have to extend the pa-features
property for every new processor generation, it is nicer
if we put the related code into a separate function.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Now that 2.7 is released, create the pseries-2.8 machine type and add the
boilerplate compatiblity macro stuff. There's nothing new to put into the
2.7 compatiliby properties yet, but we'll need something eventually, so
we might as well get it ready now.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The firmware of the pseries machine, SLOF, is able to load files via
IPv6 networking, too. So to test both, network bootloading on ppc64
and IPv6 (via Slirp) , let's add some PXE tests for this environment,
too. Since we can not use the normal x86 boot sector for network boot
loading, we use a simple Forth script on ppc64 instead.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
A typo introduced in f19661c8 prevents qemu from building when configured
with --enable-trace-backend=dtrace.
Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Just Wanpeng's pull request this time, but
this pull is as much about me checking out my
process.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJX8+W6AAoJEAUWMx68W/3nuEEQAJTdAGV5El6ueF7CLrhL/06g
bhlxkkhoTfb9UiAAt3K2FpgsQ0ObzQ7OnpuB4EAct9ix0HeZbtXRH7XFEeLCc0SN
4eQC4CKMm3IM+Hz3zg+hsYcwDydE7shnXRiy+cBUmZjbbquEAyik2wymcrWk7Le5
zdHfgoD7oN8pdDLnplaGekPCMOSv88ecTCkTwj13AO49YQLLzQeGn1ALfm9Xwe+j
wEAdkvAbjT81e5QyQvRcDTBChoWg6ttqnSdmhAD/3ZwyA3V0SLNOsTrexy4p23VX
oXRyXB1tCyA88oOpkbOvJmFT2/VJl1Ij8+9J9LMCGlKDYE0ceWIFIAzw75moY0BP
WGwv0qgZ8qK7zXc8Mne2NCHabJ1WV8Z4wsr1qCHqQGeZRbJt/77MXt2ePqbE9hbK
psV9RwhqATQAhmBNEU1uGZ2/2aXqrpUFGgm9f9DVEVdL/tQX3DOHzAjMzKkEdk6T
dsSBrdiVSAk9if/sj/7ObXV/qdpNxhcEyrg51uHPA02EJvF8Hlm1w/dSfc1lYCDR
u1UGkn52Kc30wJ1QfyMyYJawZpWzrdnCmFVxSkCqBVqu80z5+2V7HigI7D7/Ielp
zkVV3FXvGQwUslKdidLtVL/+NfUb2m0nJOADdBiDvhFEtvbiapQtcvPIH5UWCiXB
VTYcIS+wksOvWCBg7bfp
=eXab
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/dgilbert/tags/pull-hmp-20161004' into staging
HMP pull
Just Wanpeng's pull request this time, but
this pull is as much about me checking out my
process.
# gpg: Signature made Tue 04 Oct 2016 18:24:10 BST
# gpg: using RSA key 0x0516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert/tags/pull-hmp-20161004:
hmp: fix qemu crash due to ioapic state dump w/ split irqchip
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The qemu will crash when info ioapic through hmp if irqchip
is split. Below message is splat:
KVM_GET_IRQCHIP failed: Unknown error -6
This patch fix it by dumping the ioapic state from the qemu
emulated ioapic if irqchip is split.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Message-Id: <1474602456-3232-1-git-send-email-wanpeng.li@hotmail.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Message-ID: <20160923090824.GF15411@pxdev.xzpeter.org>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
In the ARM v6 architecture, 'sub pc, pc, 1' is not an interworking
branch, so the computed new value is written to r15 as a normal
value. The architecture says that in this case, bits [1:0] of
the value written must be ignored if we are in ARM mode (or
bit [0] ignored if in Thumb mode); this is a change from the
ARMv4/v5 specification that behaviour is UNPREDICTABLE.
Use the correct mask on the PC value when doing a non-interworking
store to PC.
A popular library used on RaspberryPi uses this instruction
as part of a trick to determine whether it is running on
ARMv6 or ARMv7, and we were mishandling the sequence.
Fixes bug: https://bugs.launchpad.net/bugs/1625295
Reported-by: <stu.axon@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1474380941-4730-1-git-send-email-peter.maydell@linaro.org
Fix the decoding of iss_sf in disas_ld_lit.
The SF (Sixty-Four) field in the ISS (Instruction Specific Syndrome)
is a bit that specifies the width of the register that the
instruction loads to.
If cleared it specifies 32 bits.
If set it specifies 64 bits.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1475230780-8669-1-git-send-email-edgar.iglesias@gmail.com
[PMM: tweaked phrasing per on-list discussion]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There was an error with some of the register implementation assuming
there are 16 priority queues supported when the IP only supports 8. This
patch corrects the registers to only support 8 queues.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 33bf2d28326d22875602234b8b15cf56fb678333.1474911607.git.alistair.francis@xilinx.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add a generic loader to QEMU which can be used to load images or set
memory values.
Internally inside QEMU this is a device. It is a strange device that
provides no hardware interface but allows QEMU to monkey patch memory
specified when it is created. To be able to do this it has a reset
callback that does the memory operations.
This device allows the user to monkey patch memory. To be able to do
this it needs a backend to manage the datas, the same as other
memory-related devices. In this case as the backend is so trivial we
have merged it with the frontend instead of creating and maintaining a
seperate backend.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Markus Armbruster <armbru@redhat.com>
Message-id: 10f2a9dce5e5e11b6c6d959415b0ad6ee22bcba5.1475195078.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
If GIC ITS is supported, add description in ACPI MADT table, then guest
could use ITS when booting with ACPI.
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 1474616617-366-9-git-send-email-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
ACPI Spec 6.0 introduces GIC Interrupt Translation Service Structure.
Here we add the definition of the Structure.
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 1474616617-366-8-git-send-email-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
If supported by the configuration, ITS will be added automatically.
This patch also renames v2m_phandle to msi_phandle because it's now used
by both MSI implementations.
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1474616617-366-7-git-send-email-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The ITS control frame is in-kernel emulated while accesses to the
GITS_TRANSLATER are mediated through the KVM_SIGNAL_MSI ioctl (MSI
direct MSI injection advertised by the CAP_SIGNAL_MSI capability)
the kvm_gsi_direct_mapping is explicitly set to false to emphasize the
difference with GICv2M. Direct mapping cannot work with ITS since
the content of the MSI data is not the target interrupt ID but an
eventd id.
GSI routing is advertised (kvm_gsi_routing_allowed) as well as
msi/irqfd signaling (kvm_msi_via_irqfd_allowed).
The MSI frame (GITS_TRANSLATER) absolute GPA is computed on first
kvm_its_send_msi() call. It is then passed through KVM_SIGNAL_MSI
ioctl.
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 1474616617-366-6-git-send-email-eric.auger@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Introduce global kvm_msi_use_devid flag plus associated
kvm_msi_devid_required() macro. Passes the device ID,
if needed, while building the MSI route entry. Device IDs are
required by the ARM GICv3 ITS (IRQ remapping function is based on
this information).
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 1474616617-366-5-git-send-email-eric.auger@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Machine.c contains code related to migration. Let's move
gicv3_class_name to kvm_arm.h instead.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1474616617-366-4-git-send-email-eric.auger@redhat.com
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This is the basic skeleton for both KVM and software-emulated ITS.
Since we already prepare status structure, we also introduce complete
VMState description. But, because we currently have no migratable
implementations, we also set unmigratable flag.
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1474616617-366-3-git-send-email-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Advertise gsi routing and set up irqchip routing entries for
GIC SPIs.
This is not mandated as long as MSI routing is not used
(because the kernel sets a default irqchip routing table).
However once MSI routing gets used (for VIRTIO-PCI vhost for
example), the first call to KVM_SET_GSI_ROUTING overrides the
kernel default irqchip table.
If no routing entry exists for the GSI, any IRQFD signaling for
this GSI will fail.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1474616617-366-2-git-send-email-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 1474641676-25017-1-git-send-email-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
I'm now saving all 3 of the pll entries; only 2 were saved before.
There are a couple of times that were previously stored as offsets
from 'now' calculated before saving; with vmstate it's easier
to store the 'now' and fix it up on reload.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1474977735-10156-3-git-send-email-dgilbert@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
I've converted the fields in it's main data structure
to fixed size types in ways that look sane.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1474977735-10156-2-git-send-email-dgilbert@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Initialization of a class instance cannot depend on its own properties
as these are not yet set. Move parts of integratorcm_init() that depend
on the "memsz" property to the newly added integratorcm_realize().
This fixes: https://bugs.launchpad.net/qemu/+bug/1624726
Signed-off-by: Jakub Jermar <jakub@jermar.eu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add missed out mappings. These mappings are from the "Intel PXA27x
Processor Developer's Kit User Guide".
Signed-off-by: Vijay Kumar B. <vijaykumar@zilogic.com>
Reviewed-by: Deepak S. <deepak@zilogic.com>
Message-id: 1475063033-8176-3-git-send-email-vijaykumar@zilogic.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
According to the manual the (5, 5) corresponds to backspace key, and
not Enter key. Linux kernel maps (5, 4) to the enter key. Fixing it up
to match the mapping in the Linux kernel.
Signed-off-by: Vijay Kumar B. <vijaykumar@zilogic.com>
Reviewed-by: Deepak S. <deepak@zilogic.com>
Message-id: 1475063033-8176-2-git-send-email-vijaykumar@zilogic.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add Alistair Francis as the maintainer for the Netduino 2
and SMM32F205 SoC.
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 5a46ccf398b050a41cc3b3d0e94bcff4ce2d85e0.1474742262.git.alistair@alistair23.me
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add the STM32F2xx ADC device. This device randomly
generates values on each read.
This also includes creating a hw/adc directory.
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 3240e660adaf537f55a63ce06096e844aece8cda.1474742262.git.alistair@alistair23.me
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
If correctly configured allow the STM32F2xx timer to print
out the PWM duty cycle information.
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: cdb59039a25e061615713a94b40797baa12ea9f9.1474742262.git.alistair@alistair23.me
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Cleanup the individual DeviceState and SysBusDevice
variables to re-use the same variable for each
device.
Signed-off-by: Alistair Francis <alistair@alistair23.me>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: fc5d75a57d320b69704df2c1146ff0fd482e4a88.1474742262.git.alistair@alistair23.me
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fix for a XSAVE regression when using "-cpu host", and a fix on
the Opteron_G3 CPU model.
-----BEGIN PGP SIGNATURE-----
iQIcBAABCAAGBQJX8qydAAoJECgHk2+YTcWm4xsP/1ht2HSL7keujGJmYtqueuAN
GLsldvqewqlGdaSpAoMNB7IcS54Hvi/WGeqdebZl5bs3sNTbryrqwqQu6uCyBfRu
UyuifIchuY0Rq4iys5tjBvodhOzGBW9zZzOl2zM84uZCVHdTKgS1oQGkeN63clY0
0NiGQAfJ2xbaXMJRaSxkE5/SeQie52HjIvJu3uGwSaAJ7rk82p9HJeaemBLFOarD
IPWirpkYtQYIrjfZXaP187Z7bXQYEzsZPWtsoBFlTaRc+yyCZtzoSLSA/T+VwN4Q
0hCSQU7Fk0JUfjphFOLRx4U0NzUf9NrTxHYtSIM1zdBa/W6dNLomi5GrEEmvK6ih
VBrIWqw70SnrDN5kn5jVu6zlqYNKmG8TWHv+pna4iDF3Pn3odx3+KjfZsq9GF8NU
aPr4tt8BUljKRdMw392GCC9seII7oJP0uu1oyHkpH6tKFmfb103nSWRsdF98rdUT
rNxqacUdOiZzfm/OB3FYYgJDKSp5/KtKKsrxauO1lYgcEn7LOWI+jvbijSssr5L4
o2RRWz4uS2u2KKxaFR7GdOr7P94py2H/SsPUsuOwwS/RkWuy7oPZBlLfT5jJpFve
01NNcXbDwHS6WLh1c17sPZ4e81lYt9lecBbQObv8x1+r7wXJ/KCaerPOxnuzXqsB
i8vDPJGUwgnPWmBC7Zz0
=HmoZ
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
x86 bug fixes
Fix for a XSAVE regression when using "-cpu host", and a fix on
the Opteron_G3 CPU model.
# gpg: Signature made Mon 03 Oct 2016 20:08:13 BST
# gpg: using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Correct family/model/stepping for Opteron_G3
target-i386: Report known CPUID[EAX=0xD,ECX=0]:EAX bits as migratable
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Version: GnuPG v2
iQEcBAABCAAGBQJX8GfGAAoJEMo1YkxqkXHGFGQH/27Zjku3/aImefu+BkpYt3Zn
xbSqnPPpmqZqJmjf5JNIJm3YP9wYMk0BrSzitUox/1SAGR/2FoAc78ODVVUgisJD
NmJI4yHxow4KmqHpjoQ5lZEeWZOPg+KhNEtVOf+QuedrrSpsQCoe5AEPSQKP9Ngg
OoxMj/Iu+RZawl7QFizqAvHNkfS9Km02P56BnXsh02Ie1QeckPE/lTj1J1HTI5it
vlQk7GXCoAhbXnlzKPXN1iiPL+7G7QJZ9INF28l1JWX8chO4XK7yqywfjPtL5Ej8
PeZM18kSXrpnSffktnfTlUfa3Ancle7bN+BnkY5Ws7E1njX2WkxyIRfV1V9krHU=
=6JV5
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/famz/tags/for-upstream' into staging
# gpg: Signature made Sun 02 Oct 2016 02:49:58 BST
# gpg: using RSA key 0xCA35624C6A9171C6
# gpg: Good signature from "Fam Zheng <famz@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5003 7CB7 9706 0F76 F021 AD56 CA35 624C 6A91 71C6
* remotes/famz/tags/for-upstream:
docker: Build in a clean directory
smbios: fix uuid copy
xenpv: Fix qemu_uuid compiling error
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When qemu is being killed, its last words are:
2016-08-31T11:48:15.293587Z qemu-system-x86_64: terminating on signal 15 from pid 11180
That's nice, but what process is 11180? What if I told you we can
do better:
2016-08-31T11:48:15.293587Z qemu-system-x86_64: terminating on signal 15 from pid 11180 (/usr/sbin/libvirtd)
And that's exactly what this patch does.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Message-Id: <a2ba85a8e349a0ea9ee06424226197a03cd04bd3.1474987617.git.mprivozn@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This is a small helper that tries to fetch binary name for given
PID.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Message-Id: <4d75d475c1884f8e94ee8b1e57273ddf3ed68bf7.1474987617.git.mprivozn@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In commit ac1b84dd1 (rhbz#1027181), a check was added to only update the
"read handler" when the front-end is opened, because the read callbacks
were not restored when a device is plugged. However, this seems not
correct, the handler is correctly set back on hotplug (in
virtconsole_realize) and the bug can no longer be reproduced.
Calling chr_update_read_handler() allows to fix the mux driver to stop
calling the child handlers (which may be going to be destroyed).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20161003094704.18087-2-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
mux_chr_update_read_handler() is adding a new mux_cnt each time
mux_chr_update_read_handler() is called, it's not possible to actually
update the "child" chr callbacks that were set previously. This may lead
to crashes if the "child" chr is destroyed:
valgrind x86_64-softmmu/qemu-system-x86_64 -chardev
stdio,mux=on,id=char0 -mon chardev=char0,mode=control,default
when quitting:
==4306== Invalid read of size 8
==4306== at 0x8061D3: json_lexer_destroy (json-lexer.c:385)
==4306== by 0x7E39F8: json_message_parser_destroy (json-streamer.c:134)
==4306== by 0x3447F6: monitor_qmp_event (monitor.c:3908)
==4306== by 0x480153: mux_chr_send_event (qemu-char.c:630)
==4306== by 0x480694: mux_chr_event (qemu-char.c:734)
==4306== by 0x47F1E9: qemu_chr_be_event (qemu-char.c:205)
==4306== by 0x481207: fd_chr_close (qemu-char.c:1114)
==4306== by 0x481659: qemu_chr_close_stdio (qemu-char.c:1221)
==4306== by 0x486F07: qemu_chr_free (qemu-char.c:4146)
==4306== by 0x486F97: qemu_chr_delete (qemu-char.c:4154)
==4306== by 0x487E66: qemu_chr_cleanup (qemu-char.c:4678)
==4306== by 0x495A98: main (vl.c:4675)
==4306== Address 0x28439e90 is 112 bytes inside a block of size 240 free'd
==4306== at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==4306== by 0x1E4CBF2D: g_free (in /usr/lib64/libglib-2.0.so.0.4800.2)
==4306== by 0x344DE9: monitor_cleanup (monitor.c:4058)
==4306== by 0x495A93: main (vl.c:4674)
==4306== Block was alloc'd at
==4306== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==4306== by 0x1E4CBE18: g_malloc (in /usr/lib64/libglib-2.0.so.0.4800.2)
==4306== by 0x344BF8: monitor_init (monitor.c:4021)
==4306== by 0x49063C: mon_init_func (vl.c:2417)
==4306== by 0x7FC6DE: qemu_opts_foreach (qemu-option.c:1116)
==4306== by 0x4954E0: main (vl.c:4473)
Instead, keep the "child" chr associated with a particular idx so its
handlers can be updated and removed to avoid the crash.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20161003094704.18087-3-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
