Commit Graph

55340 Commits

Author SHA1 Message Date
Jeff Cody
27539ac531 block/vhdx: check for offset overflow to bdrv_truncate()
VHDX uses uint64_t types for most offsets, following the VHDX spec.
However, bdrv_truncate() takes an int64_t value for the truncating
offset.  Check for overflow before calling bdrv_truncate().

While we are here, replace the bit shifting with QEMU_ALIGN_UP as well.

N.B.: For a compliant image this is not an issue, as the maximum VHDX
image size is defined per the spec to be 64TB.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 14:37:00 +02:00
Jeff Cody
3f910692c2 block/vhdx: check error return of bdrv_getlength()
Calls to bdrv_getlength() were not checking for error.  In vhdx.c, this
can lead to truncating an image file, so it is a definite bug.  In
vhdx-log.c, the path for improper behavior is less clear, but it is best
to check in any case.

Some minor code movement of the log_guid intialization, as well.

Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 14:37:00 +02:00
Alberto Garcia
795be0621a quorum: Set sectors-count to 0 when reporting a flush error
The QUORUM_REPORT_BAD event has fields to report the sector in which
the error was detected and the number of affected sectors starting
from that one. This is important for read and write errors, but not
for flush errors.

For flush errors the current code reports the total size of the disk
image. That is however not useful information in this case. Moreover,
the bdrv_getlength() call can fail, and there's no good way of
handling that failure.

Since we're reporting useless information and we cannot even guarantee
to do it in a consistent way, this patch changes the code to report 0
instead in all cases.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 14:37:00 +02:00
Cleber Rosa
53dd4015ac qemu-iotests/109: Fix lock race condition
A race condition is currently present between the clean up attempt of
the QEMU process and the execution of qemu-img.  The actual (bad)
output is:

 -Warning: Image size mismatch!
 -Images are identical.
 +qemu-img: Could not open '<build_dir>/tests/qemu-iotests/scratch/t.raw': Failed to get "consistent read" lock
 +Is another process using the image?

A KILL signal is sent to the QEMU process, but qemu-img may begin to
run before the QEMU process is really gone.  qemu-img will then
attempt to open the TEST_IMG file before it can secure a lock on it.

This attempts a more graceful shutdown, and waits for the QEMU process
to exit.

Signed-off-by: Cleber Rosa <crosa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-08-08 14:36:59 +02:00
Peter Maydell
b4174c4b08 virtio: fix for rc2
It turns out there's a way to setup SHPC on Q35: just put
 a PCI to PCI bridge behind a DMI to PCI one. Our _OSC is
 thus incorrect.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJZiN4IAAoJECgfDbjSjVRp6+gH/21G0tjqatydSjrosT+ZZH02
 KnEBAVD8S01naiZjqYOKdlScBYaTeMWlaoAN2zRQYedpD9H2otseOV1Hjqw7wlcf
 5gxbnivK79nhBe1fXxrWe3wJt41nR3N9045S9OAn6g0wjLOEI0M91+wSu1aP+pGN
 X8V3uCBagJeggFdfpVi7IyaT2D/bTB2H1avIKwkzE68bqfEyD2d/AxV84ugXL5II
 V3xndpBC1S2rnYKAs1Glg1mwP4CiWItKPZ+duiqiFeJ+Co2/NbZudCwU/hxS2tei
 lflh3L979wTn3AJFm2FVnecpXVGLkf43QKRATLqN+K4xvwMA+mXPSIXZyjalB4w=
 =mIAB
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio: fix for rc2

It turns out there's a way to setup SHPC on Q35: just put
a PCI to PCI bridge behind a DMI to PCI one. Our _OSC is
thus incorrect.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 07 Aug 2017 22:39:20 BST
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  cpu: add APIs to allocate/free CPU environment
  hw/i386: allow SHPC for Q35 machine

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-08 10:01:49 +01:00
Joseph Myers
ab6ab3e997 target/i386: set rip_offset for some SSE4.1 instructions
When emulating various SSE4.1 instructions such as pinsrd, the address
of a memory operand is computed without allowing for the 8-bit
immediate operand located after the memory operand, meaning that the
memory operand uses the wrong address in the case where it is
rip-relative.  This patch adds the required rip_offset setting for
those instructions, so fixing some GCC test failures (13 in the gcc
testsuite in my GCC 6-based testing) when testing with a default CPU
setting enabling those instructions.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>

Message-Id: <alpine.DEB.2.20.1708080041391.28702@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 10:40:20 +02:00
Hannes Reinecke
ded6ddc5a7 scsi: clarify sense codes for LUN0 emulation
The LUN0 emulation is just that, an emulation for a non-existing
LUN0. So we should be returning LUN_NOT_SUPPORTED for any request
coming from any other LUN.
And we should be aborting unhandled commands with INVALID OPCODE,
not LUN NOT SUPPORTED.

Signed-off-by: Hannes Reinecke <hare@suse.com>
Message-Id: <1501835795-92331-4-git-send-email-hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 10:40:20 +02:00
Greg Kurz
1b7ac7cab6 kvm: workaround build break on gcc-7.1.1 / fedora26
Building QEMU on fedora26 with the latest gcc package fails:

  CC      ppc64-softmmu/target/ppc/kvm.o
In file included from include/sysemu/hw_accel.h:16:0,
                 from target/ppc/kvm.c:31:
target/ppc/kvm.c: In function ‘kvmppc_booke_watchdog_enable’:
include/sysemu/kvm.h:449:35: error: ‘args_tmp[i]’ may be used uninitialized
 in this function [-Werror=maybe-uninitialized]
             cap.args[i] = args_tmp[i];                               \
                                   ^
target/ppc/kvm.c: In function ‘kvmppc_set_papr’:
include/sysemu/kvm.h:449:35: error: ‘args_tmp[i]’ may be used uninitialized
 in this function [-Werror=maybe-uninitialized]
cc1: all warnings being treated as errors

$ rpm -q gcc
gcc-7.1.1-3.fc26.ppc64le

The compiler should obviously optimize this code away when no extra
agument is passed to kvm_vm_enable_cap() and kvm_vcpu_enable_cap(),
but it doesn't. This bug should be fixed one day in gcc, but we can
also change our code pattern so that we don't hit the issue anymore.
We workaround this, by using memcpy() instead of open-coding the copy.

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <150210580404.1343.7325713896658799315.stgit@bahia.lan>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 10:40:20 +02:00
Paolo Bonzini
2a96a552f9 Revert "rcu: do not create thread in pthread_atfork callback"
This reverts commit a59629fcc6.
This is not needed anymore because the IOThread mutex is not
"magic" anymore (need not kick the CPU thread)and also because
fork callbacks are only enabled at the very beginning of
QEMU's execution.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 10:40:19 +02:00
Paolo Bonzini
73c6e4013b rcu: completely disable pthread_atfork callbacks as soon as possible
Because of -daemonize, system mode QEMU sometimes needs to fork() and
keep RCU enabled in the child.  However, there is a possible deadlock
with synchronize_rcu:

- the CPU thread is inside a RCU critical section and wants to take
  the BQL in order to do MMIO

- the monitor thread, which is owning the BQL, calls rcu_init_lock
  which tries to take the rcu_sync_lock

- the call_rcu thread has taken rcu_sync_lock in synchronize_rcu, but
  synchronize_rcu needs the CPU thread to end the critical section
  before returning.

This cannot happen for user-mode emulation, because it does not have
a BQL.

To fix it, assume that system mode QEMU only forks in preparation for
exec (except when daemonizing) and disable pthread_atfork as soon as
the double fork has happened.

Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-08-08 10:40:09 +02:00
Michael S. Tsirkin
e2a7f28693 cpu: add APIs to allocate/free CPU environment
These will be implemented and then used by follow-up patches.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-08 00:31:09 +03:00
Aleksandr Bezzubikov
a41c78c135 hw/i386: allow SHPC for Q35 machine
Unmask previously masked SHPC feature in _OSC method.

Signed-off-by: Aleksandr Bezzubikov <zuban32s@gmail.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-08 00:31:09 +03:00
Eric Auger
f22ab6cb0c hw/arm/virt: Add 2.10 machine type
Add virt-2.10 machine type.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-id: 1502106581-11714-1-git-send-email-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-07 14:16:31 +01:00
Peter Maydell
3a789fcca0 -----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJZiEkaAAoJEJykq7OBq3PIq80H/1Wc11s6c9eO9wXeEytqk0CR
 EQOYMaZAHvOa/MwUq4amCXTQbkcnrB4imhfC+5TAPZZBbsixZxzEoKHfTh60DEmr
 +MV38TNIqGQ6v5YUDnGjG23PzSG6FieY4U21oueMh0OmNvzeTzo9xVPHs5qwRw4u
 Q+/oRUtbEIJcdZudMzPuAOh/lJczSXRftiKc/K3GrqdPpi9lBUCkxkGlZ2G2up4q
 mKyZew2doQ9ERaPqe88MBBj0RQgucgwJF0hYLJ92GbN0sY7NeFIKVGkAsIo7TSFJ
 OKipp70pLz9cfMzkb5Mvl4kc3OvOomgD90bIOPghM1GaKuJXNPBS1wswx0uPE68=
 =/EUm
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging

# gpg: Signature made Mon 07 Aug 2017 12:03:54 BST
# gpg:                using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/tracing-pull-request:
  block: move trace probes into bdrv_co_preadv|pwritev

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-07 13:17:12 +01:00
Daniel P. Berrange
f42cf447e2 block: move trace probes into bdrv_co_preadv|pwritev
There are trace probes in bdrv_co_readv|writev, however, the
block drivers are being gradually moved over to using the
bdrv_co_preadv|pwritev functions instead. As a result some
block drivers miss the current probes. Move the probes
into bdrv_co_preadv|pwritev instead, so that they are triggered
by more (all?) I/O code paths.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170804105036.11879-1-berrange@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-08-07 09:39:35 +01:00
Peter Maydell
e59b1c5f67 Queued misc tcg patches
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJZg2ZWAAoJEK0ScMxN0Ceb3ocIAKMDPgUeyCFfrmED5v2WLF+b
 /oKDC+9fbZ14GJ5FgJI2wiYpnT4Myl2Uj+pKZq+bwNCvw8QpL+xpbr/xyZg2s1nk
 XJ5t9lkiKl6nKE0IpOc0abAPvzmHXdW/uDgXMsWshan5SQkWKx3/JOeCAhk7/GtP
 UxsA+pGiW9haBuSywADXdqCAXHtxP20mnPAXMm1fdOnVmz459m0SWMH/wA4frGlY
 RMzl4nxvNA/OvJ9+c1hUTwdAwdL58PFMvoWZFq/eNMYIxWKoJiDg0gmv4OsPO5M9
 ptbapxe/BV/Qb902r+PlUUxZ6NZr79w/58iSVmW31wkZ065tEGvCrMclFm1DDFs=
 =ZYcg
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20170803' into staging

Queued misc tcg patches

# gpg: Signature made Thu 03 Aug 2017 19:07:18 BST
# gpg:                using RSA key 0xAD1270CC4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg:                 aka "Richard Henderson <rth@twiddle.net>"
# Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC  16A4 AD12 70CC 4DD0 279B

* remotes/rth/tags/pull-tcg-20170803:
  tcg: Increase minimum alignment from tcg_malloc to 8
  target/s390x: Fix CSST for 16-byte store
  tcg/arm: Fix runtime overalignment test

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-04 14:23:29 +01:00
Peter Maydell
ac44ed2afb cpu: crash fix (don't allow negative core id)
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJZg2QVAAoJECgHk2+YTcWmIKsQALDCnH42+oQ3JmrpcWD4wUuZ
 QqzJU6ufhM9dKS+kCNTdS/UB+kLS7SujzqGvYwdsHFo6b43nj04Zujy693t2Qj7/
 +elMAlzweH6sXOEdqnZae4sY8JL2yWFhvs3gik54BcF4bCEb3/XaO9/6jWQH4aPC
 ajgArz4euYtVNUHkz1gIPAIz4qyVW+0p7mBeiJRHpr07Q5mixvdKUnNWJJS726IB
 JNX4CasTUJH9DWJs2Chw6MjS9YrpQQoF3X6+Lm7Aa+WEuDvmkbu4uAXL/Qxoa+7b
 6ShBR6s00Hwt+hPDjdRJg3g2UZ9v19dE4isK+shOwky8Qfsb2csGtOgoqMCkYMrw
 AQp7sjSxBUhvvr4PEFli1M9WJqE0Y5VZf4dfQHrcqfwwluSGJDYESgi1N8dSv5JN
 qX23Wbt52hIa2+m20pdx8IPACA1cOZsvhMl3YeowR8k8lhydV2MTFPLplFFGb7G0
 pS9JdYozpl/cwZMbghzBCtjdXqjKPSjrVG6gaYiM7ap1NqasfrNa9E3Bjq3/gLgp
 VV2WtQEANzGFVgKgLz5bJtjUpfQTonxysLevMORB+nt3vM0s+HUJEXi9XHhJ6FlU
 108JcpNy9ARx1Kzgl+Q1G/1iHOpJ6iS3HzFmZz/o2EHL2KbfP/+1nODYh/tqxIbP
 QOe4xDLibr0kFK7ycJtw
 =Uk30
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/machine-pull-request' into staging

cpu: crash fix (don't allow negative core id)

# gpg: Signature made Thu 03 Aug 2017 18:57:41 BST
# gpg:                using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/machine-pull-request:
  cpu: don't allow negative core id

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-04 13:46:22 +01:00
Peter Maydell
c233a35d3d MIPS patches 2017-08-03
Changes:
 KVM T&E segment support for TCG
 malta: leave space for the bootmap after the initrd
 Apply CP0.PageMask before writing into TLB entry
 Fix fallout from indirect branch optimisation
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.5 (GNU/Linux)
 
 iQIVAwUAWYM0GyI464bV95fCAQLhcw/9EBGDoCKgDGtriMOs6XhJjiGyQi0WZ2js
 kVjcS0jbyyIXgjLAfH33Gbn5/23pJy1rTk9I+ERqqtMgwdnX2zLWax6cm2NM4+hI
 IGuP3rIK0W2ETHRpn8UPA4G89PVh6Q46QW3Cu4jEd699fDZHAQx+YMhEr1RT3m6V
 zWpzH2Myt2DrbglBRAbt20CFZl0z6+OUcYi1Cw7aZ7t7+3hV+ZxLqAa9Vo64VslS
 4bdTrFhpL1+AoxMilGWjNgeoeentsX8OZSl61pAq/vEgaoPT1S+ipmvdH5mAUwPp
 NOXM9A5OwLdWM1pTTLhcPPmdd9zeJbCtCoA1c6CXtULe1oX3MtT/TFvqAV8ALpar
 XffbDk90PyB3cMvFIBjSKmQGVEl580rS7db9G0LMfw9ZnxWKE0txf/qD40MMfG8O
 HQbuazVT8A40VjbF6hPS0rJliI+q+sKChp7ug27PSf22fnEYsPlctgiSYMA44uF8
 HzbgS0jqMNDaKCw+rehxVMQiR1J6sGOt/XLbSkG32l5Qjo6NoYoffC95AGp9R3nH
 DyW8nKrCZsrYXf/nsvAqgWo4ceEGu9xL5hKUfCLFGkgnBzGxyrAYlO0m043/YHbU
 LXJKeq5oN0mqRpZkDZan8P2irL2SaX+kDJeA07Z6xxuQDn+qC4fp2G8HXkNU3n/7
 iQ+XqMDECSE=
 =R2lj
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/yongbok/tags/mips-20170803' into staging

MIPS patches 2017-08-03

Changes:
KVM T&E segment support for TCG
malta: leave space for the bootmap after the initrd
Apply CP0.PageMask before writing into TLB entry
Fix fallout from indirect branch optimisation

# gpg: Signature made Thu 03 Aug 2017 15:32:59 BST
# gpg:                using RSA key 0x2238EB86D5F797C2
# gpg: Good signature from "Yongbok Kim <yongbok.kim@imgtec.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 8600 4CF5 3415 A5D9 4CFA  2B5C 2238 EB86 D5F7 97C2

* remotes/yongbok/tags/mips-20170803:
  target/mips: Fix RDHWR CC with icount
  target/mips: Drop redundant gen_io_start/stop()
  target/mips: Use BS_EXCP where interrupts are expected
  target-mips: apply CP0.PageMask before writing into TLB entry
  mips: Add KVM T&E segment support for TCG
  mips: Improve segment defs for KVM T&E guests
  mips/malta: leave space for the bootmap after the initrd
  target-mips: Don't stop on [d]mtc0 DESAVE/KScratch

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-04 13:03:58 +01:00
Peter Maydell
8377e9f609 virtio: fix for rc2
Looks like the constant stream of additions of vhost-user devices is a
 problem for some people who are concerned about external connections
 from qemu. A per-device flag seems like an overkill, but a single
 configure flag seems like a sane way to support that, and it looks like
 we need to do it before the release.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJZgx3VAAoJECgfDbjSjVRpxUAH/A2ygeZWY/agnIPN0lF0au35
 0sYRyQ5TfM7IGMnR4OpCZCT0q/vZ7bOc9KWfl5u95WEgnOQa2la9U43T+jR+CvN1
 3dzAwtHEsUr/Y8sNVwZd0hy+EKN+saL13EBC64BGge7TmFWsOSRwE1CB12VgcNNG
 Qx4LlWNA28Vy+pxcgQNGWOsH5oQpiDiEDxpfNcgLGYKcKtbjpveblWlE4iPRUOoq
 mJk/tzcBiA/tqZT15VpVi9z+Zy2I06z5wzKjZjOotKjSGCajN6ZUK7lbJ327WwCM
 xi3VzHrwrqmtOQF++z/YJ0CRKLiHhKSWv/nY12NaqqgmyT0GRHnKzY8oubNVlxE=
 =pa4T
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio: fix for rc2

Looks like the constant stream of additions of vhost-user devices is a
problem for some people who are concerned about external connections
from qemu. A per-device flag seems like an overkill, but a single
configure flag seems like a sane way to support that, and it looks like
we need to do it before the release.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Thu 03 Aug 2017 13:57:57 BST
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  build-sys: add --disable-vhost-user

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-04 11:51:50 +01:00
Peter Maydell
413ff8be2f slirp updates
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEmjc9NmSo3GLaCjT9nlEeAcc38HUFAlmCUd0ACgkQnlEeAcc3
 8HV0nA/+Kgz37pP6APdN/M9UWlW1rpSTCmmv2twmuhmHNYIqykE3mTNuQL2GJHbw
 rL091wv0qUh+423mM/eoQex3L7/zdKxPwZKyZXFLdUnKT1os92UAgmiXeTDpcOH3
 dudas3m+Ip1dEXL9BGS0J3mAp2vqbWdOPb8QEbeMJb+k/5fYHTI/QzIoEKHq8Wqc
 uDVeqFS4zTfXzU6FD8VJy/LzW0hbhbVQJU5L9O4RNCEeeNz95ZgIoU1FBrUULq35
 b6XmFXhCBzbY3A9J6NqcftiLsv46NsQuawKNbd68shaVDubnn/awRRBT5c4EDD2I
 jDBI12/Abh8K25wg8kvjQob1AQDWp6ipbe8hhht8lS0OXhPToYaQUcLiZdlMUQ7A
 6wj2G1Mv2ch3PYzrGzYln6IK466N4qLU1L5FxPurDoKwRQxCeEKXmLCVsHvi5MmM
 J/g1sdTSZZRkj4ZlPMooQ+e0+YZuxgMSaCnMeT+cLFfTf1uNjeCakZZXryHsR9ZE
 atcjlzPgGW/6p1rQuHyN+0W+G0PJkj7v02X839bMAZj3A/PajFwLjlqyOBhfIJCu
 oQNNk5NyS7WzkSXPOB6aR14QkMtZZ174T1B5vzGZsUxw5cG6NVDEZwEYmzE2iEue
 ZUnZi7arT2qzcp6LFGvbAq70CKDUVaqaJxygnb6hGgdsLuQMIcw=
 =nOS3
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging

slirp updates

# gpg: Signature made Wed 02 Aug 2017 23:27:41 BST
# gpg:                using RSA key 0x9E511E01C737F075
# gpg: Good signature from "Samuel Thibault <samuel.thibault@aquilenet.fr>"
# gpg:                 aka "Samuel Thibault <sthibault@debian.org>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@gnu.org>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@inria.fr>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@labri.fr>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@ens-lyon.org>"
# gpg:                 aka "Samuel Thibault <samuel.thibault@u-bordeaux.fr>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 900C B024 B679 31D4 0F82  304B D017 8C76 7D06 9EE6
#      Subkey fingerprint: 9A37 3D36 64A8 DC62 DA0A  34FD 9E51 1E01 C737 F075

* remotes/thibault/tags/samuel-thibault:
  slirp: check len against dhcp options array end
  slirp: fill error when failing to initialize user network

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-04 11:07:50 +01:00
Richard Henderson
13aaef678e tcg: Increase minimum alignment from tcg_malloc to 8
For a 64-bit ILP32 host, aligning to sizeof(long) is not enough.
Guess the minimum for any host is 8, as that covers uint64_t.
Qemu doesn't use a host long double or host vectors, except in
extremely limited circumstances.

Fixes a bus error for a sparc v8plus host.

Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-08-03 11:00:30 -07:00
Richard Henderson
de4e05d1e5 target/s390x: Fix CSST for 16-byte store
Found by Coverity (CID 1378273).

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-08-03 10:58:50 -07:00
Richard Henderson
ca671de8af tcg/arm: Fix runtime overalignment test
Patch 85aa80813d changed the IF emitting the TST instruction,
but failed to change the ?: converting CMP to CMPEQ, so the
result of the TST is ignored.

Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-08-03 10:56:44 -07:00
Marc-André Lureau
e6a74868d9 build-sys: add --disable-vhost-user
Learn to compile out vhost-user (net, scsi & upcoming users). Keep it
enabled by default on non-win32, that is assumed to be POSIX. Fail if
trying to enable it on win32.

When trying to make a vhost-user netdev, it gives the following error:

-netdev vhost-user,id=foo,chardev=chr-test: Parameter 'type' expects a netdev backend type

And similar error with the HMP/QMP monitors.

While at it, rename CONFIG_VHOST_NET_TEST CONFIG_VHOST_USER_NET_TEST
since it's a vhost-user specific variable.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-03 15:55:41 +03:00
Prasad J Pandit
413d463f43 slirp: check len against dhcp options array end
While parsing dhcp options string in 'dhcp_decode', if an options'
length 'len' appeared towards the end of 'bp_vend' array, ensuing
read could lead to an OOB memory access issue. Add check to avoid it.

This is CVE-2017-11434.

Reported-by: Reno Robert <renorobert@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2017-08-03 00:26:44 +02:00
Hervé Poussineau
5c843af226 slirp: fill error when failing to initialize user network
With "-netdev user,id=net0,dns=1.2.3.4"
error was:
qemu-system-i386: -netdev user,id=net0,dns=1.2.3.4: Device 'user' could not be initialized

Error is now:
qemu-system-i386: -netdev user,id=net0,dns=1.2.3.4: DNS doesn't belong to network

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2017-08-03 00:24:31 +02:00
Laurent Vivier
be2960baae cpu: don't allow negative core id
With pseries machine type a negative core-id is not managed properly:
-1 gives an inaccurate error message ("core -1 already populated"),
-2 crashes QEMU (core dump)

As it seems a negative value is invalid for any architecture,
instead of checking this in spapr_core_pre_plug() I think it's better
to check this in the generic part, core_prop_set_core_id()

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20170802103259.25940-1-lvivier@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-08-02 18:30:13 -03:00
James Hogan
d673a68db6 target/mips: Fix RDHWR CC with icount
RDHWR CC reads the CPU timer like MFC0 CP0_Count, so with icount enabled
it must set can_do_io while it calls the helper to avoid the "Bad icount
read" error. It should also break out of the translation loop to ensure
that timer interrupts are immediately handled.

Fixes: 2e70f6efa8 ("Add instruction counter.")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-08-02 22:18:13 +01:00
James Hogan
51ca717b07 target/mips: Drop redundant gen_io_start/stop()
DMTC0 CP0_Cause does a redundant gen_io_start() and gen_io_end() pair,
even though this is done for all DMTC0 operations outside of the switch
statement. Remove these redundant calls.

Fixes: 5dc5d9f055 ("mips: more fixes to the MIPS interrupt glue logic")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-08-02 22:18:13 +01:00
James Hogan
b74cddcbf6 target/mips: Use BS_EXCP where interrupts are expected
Commit e350d8ca3a ("target/mips: optimize indirect branches") made
indirect branches able to directly find the next TB and jump straight to
it without breaking out of translated code and going around the main
execution loop. This breaks the assumption in target/mips/translate.c
that BS_STOP is sufficient to cause pending interrupts to be handled,
since interrupts are only checked in the main loop.

Fix a few of these assumptions by using gen_save_pc to update the saved
PC and using BS_EXCP instead of BS_STOP:

 - [D]MFC0 CP0_Count may trigger a timer interrupt which should be
   immediately handled.

 - [D]MTC0 CP0_Cause may trigger an interrupt (but in fact translation
   was only even being stopped in the DMTC0 case).

 - [D]MTC0 CP0_<any> when icount is used is assumed could potentially
   cause interrupts.

 - EI may trigger an interrupt which was pending. I specifically hit
   this case when running KVM nested in mipsel-softmmu. A timer
   interrupt while the 2nd guest was executing is caught by KVM which
   switches back to the normal Linux exception base and re-enables
   interrupts with EI. Since the above commit QEMU doesn't leave
   translated code until the nested KVM has already restored the KVM
   exception base and returned to the 2nd guest, at which point it is
   too late to check for pending interrupts and it gets stuck in an
   infinite loop of unhandled interrupts.

Something similar was needed for ARM in commit b29fd33db5
("target/arm: use DISAS_EXIT for eret handling").

Fixes: e350d8ca3a ("target/mips: optimize indirect branches")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Richard Henderson <rth@twiddle.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-08-02 22:18:12 +01:00
Leon Alrae
2d1847ec1c target-mips: apply CP0.PageMask before writing into TLB entry
PFN0 and PFN1 have to be masked out with PageMask_Mask.

Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
[Yongbok Kim:
  Added commit message]
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-08-02 22:18:11 +01:00
James Hogan
d3d93c6c1e mips: Add KVM T&E segment support for TCG
MIPS KVM trap & emulate guest kernels have a different segment layout
compared with traditional MIPS kernels, to allow both the user and
kernel code to run from the user address segment without repeatedly
trapping to KVM.

QEMU currently supports this layout only for KVM, but its sometimes
useful to be able to run these kernels in QEMU on a PC, so enable it for
TCG too.

This also paves the way for MIPS KVM VZ support (which uses the normal
virtual memory layout) by abstracting whether user mode kernel segments
are in use.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
[Yongbok Kim:
  minor change]
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-08-02 22:18:06 +01:00
James Hogan
6743334568 mips: Improve segment defs for KVM T&E guests
Improve the segment definitions used by get_physical_address() to yield
target_ulong types, e.g. 0xffffffff80000000 instead of 0x80000000. This
is in preparation for enabling emulation of MIPS KVM T&E segments in TCG
MIPS targets, which unlike KVM could potentially have 64-bit
target_ulong. In such a case the offset guest KSEG0 address ends up at
e.g. 0x000000008xxxxxxx instead of 0xffffffff8xxxxxxx.

This also allows the casts to int32_t that force sign extension to be
removed, which removes any confusion due to relational comparison of
unsigned (target_ulong) and signed (int32_t) types.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-08-02 17:01:27 +01:00
Aurelien Jarno
9652ef24bf mips/malta: leave space for the bootmap after the initrd
Since commit 9768e2abf7 the initrd is loaded at the end of the low
memory to avoid clash for the kernel relocation when kaslr is used.

However this in turn conflicts with the bootmap memory that the kernel
tries to place after initrd, but in low memory. The bootmap spans the
whole usable physical address space. The machine can have at most 2GiB
of memory, 256MiB of low memory mapped at 0x00000000, and 1792MiB of
high memory mapped at 0x90000000. The biggest bootmap therefore
corresponds to the adresses 0x00000000 -> 0xffffffff, which at 1 bit
per 4kiB page corresponds to 128kiB in memory.

Therefore reserve 128kiB after the initrd.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-08-02 17:01:27 +01:00
James Hogan
cb539fd241 target-mips: Don't stop on [d]mtc0 DESAVE/KScratch
Writing to the MIPS DESAVE register (and now the KScratch registers)
will stop translation, supposedly due to risk of execution mode
switches. However these registers are basically RW scratch registers
with no side effects so there is no risk of them triggering execution
mode changes.

Drop the bstate = BS_STOP for these registers for both mtc0 and dmtc0.

Fixes: 7a387fffce ("Add MIPS32R2 instructions, and generally straighten out the instruction decoding. This is also the first percent towards MIPS64 support.")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Yongbok Kim <yongbok.kim@imgtec.com>
Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com>
Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-08-02 17:01:27 +01:00
Peter Maydell
aaaec6acad Update version for v2.10.0-rc1 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-02 16:36:32 +01:00
Thomas Huth
bbcee372ed tests/hmp: Fix typo in the 'chardev-send-break' test
testchardev2 is not a valid chardev id here. Use testchardev1
instead which has been created with chardev-add right before
the 'chardev-send-break' line.
And while we're at it, add the test-hmp.c file to the MAINTAINERS
file, too.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1501149097-19071-1-git-send-email-thuth@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-02 15:51:52 +01:00
Peter Maydell
b21c2751b6 Migration pull 2017-08-02
Just minor fixes for 2.10
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJZgdnJAAoJEAUWMx68W/3nw+MQAKphjisLyMqvfWY35Oe3jX0I
 cmLN2odU8ruX43dNij/0cUk1ETCAkNMBXgN2Y0uX9Ab8PEE9Z+YvumtVA9VUYRwF
 ljM5Md4I/5zLuW3e0X4btQtM/AV6vyEttt543lCHiFTZHlBltoJ6WoZZE2gg4Gz6
 tZjJIFtk4u8ojGoVO5dgb9O4EKwBSn0pvkr2UcA5AhWSA6WdOj96AKMqLBJaiJng
 r6xihQZMXgndalds3qFhHk8LQTSh8Nc8iL8DgurRgl7fd8Gc9nur9h27YRzQaP+y
 PvRJVMT+zuIBD1Ph/ZdGTUQbRpnVNUARNHSWKOSynWuPPEUQWxdcqoKorMpIVhkD
 C3pw/iVIGBpasNQc23TZSAUr2nG49c+ThJIvMqXcHGfDz7VguOaVTvX6dDbiHnvr
 uSeQisyeM+dCmDK1rLuewxkiTPaO003kMIdoDvzol4xItcQI0rdrzetwLQ3acN1A
 jP54WOOynx18Gj3mBnZcarydumOtcJ4Bh7zxgSzuKnD3L+0KjJWJOy3SZLGzuJTL
 DeETNIzGU525qWsEta0HowhDRhkape1Ie4f4Di6UuWrRboEeG/8+69EBAGbWJBwo
 WBY8dHPoY2eaYXSa08macx5jUTfh3zNZjshxx9xUCB4FHVT9ooaYGXG22mnjhM5O
 arWAqj6sa2zIDe1jEsG8
 =IAK0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20170802a' into staging

Migration pull 2017-08-02

Just minor fixes for 2.10

# gpg: Signature made Wed 02 Aug 2017 14:55:21 BST
# gpg:                using RSA key 0x0516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert/tags/pull-migration-20170802a:
  io: fix qio_channel_socket_accept err handling
  migration: fix comment disorder in RAMState
  migration: fix small leaks

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-02 15:13:24 +01:00
Peter Xu
8bd9c4e6c5 io: fix qio_channel_socket_accept err handling
When accept failed, we should setup errp with the reason. More
importantly, the caller may assume errp be non-NULL when error happens,
and not setting the errp may crash QEMU.

At the same time, move the trace_qio_channel_socket_accept_fail() after
the if check on EINTR. Two reasons:

1. when EINTR happened, it's not really a fault (we should just try
   again), so we should not log with an "accept failure".

2. trace_*() functions may overwrite errno, then the old errno will be
   missing. We need to either check errno before trace_*() calls, or
   reserve the errno.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1501666880-10159-3-git-send-email-peterx@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-08-02 11:27:44 +01:00
Peter Xu
2dfaf12ebb migration: fix comment disorder in RAMState
Comments for "migration_dirty_pages" and "bitmap_mutex" are switched.
Fix it.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1501666880-10159-2-git-send-email-peterx@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-08-02 11:27:28 +01:00
Marc-André Lureau
b91bf5e488 migration: fix small leaks
Spotted thanks to valgrind and tests/device-introspect-test:

==11711== 1 bytes in 1 blocks are definitely lost in loss record 6 of 14,537
==11711==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
==11711==    by 0x1E0CDBD8: g_malloc (gmem.c:94)
==11711==    by 0x1E0E696E: g_strdup (gstrfuncs.c:363)
==11711==    by 0x695693: migration_instance_init (migration.c:2226)
==11711==    by 0x717C4B: object_init_with_type (object.c:344)
==11711==    by 0x717E80: object_initialize_with_type (object.c:375)
==11711==    by 0x7182EB: object_new_with_type (object.c:483)
==11711==    by 0x718328: object_new (object.c:493)
==11711==    by 0x4B8A29: qmp_device_list_properties (qmp.c:542)
==11711==    by 0x4A9561: qmp_marshal_device_list_properties (qmp-marshal.c:1425)
==11711==    by 0x819D4A: do_qmp_dispatch (qmp-dispatch.c:104)
==11711==    by 0x819E82: qmp_dispatch (qmp-dispatch.c:131)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20170801160419.14180-1-marcandre.lureau@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-08-02 11:26:09 +01:00
Peter Maydell
d3d183a638 pc, acpi, virtio: fixes, test speedup for rc1
Some fixes all over the place. Notably vhost-user gained a new message
 to set endian-ness. Borderline for 2.10 but seems to be the only way to
 fix legacy guests.  Also pc tests are run on kvm now. Not a fix at all
 but doesn't touch qemu itself, so I merged it since I had to run these a
 lot and I just got tired of waiting for these to finish.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJZgPRvAAoJECgfDbjSjVRpUKAH/RE1PohaH/klzEVFLPZUdISN
 /1zOdFN0BgVOUxS2udLVdZBUrWBiJWt11fbzASeGtOu3ruTpVfp69C7HUH8z4MOB
 cyBWgtcf7qQc9cqE0VGO1kLU+ujSyPlkZonjWVfeCrf298SElIXUNVXcihqVsglA
 VAL+tIUFT2Bbc3SH5xGsqHCMAy1hNRkEuF5t7enphOoxm7CdqghDLMfUEW65igYg
 XNt3DELfFDQVnwGP8DWSWjgLVAvGAGWGNHQ9QD/FO5mdVrXh1lukV8ZtXf6K2VJc
 svR670n3ZbMOkEIOGJYcYUFEKMgJXLNEpQX8WRM+vjnuEpDML6bBROtA8hckRv8=
 =9TSs
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc, acpi, virtio: fixes, test speedup for rc1

Some fixes all over the place. Notably vhost-user gained a new message
to set endian-ness. Borderline for 2.10 but seems to be the only way to
fix legacy guests.  Also pc tests are run on kvm now. Not a fix at all
but doesn't touch qemu itself, so I merged it since I had to run these a
lot and I just got tired of waiting for these to finish.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 01 Aug 2017 22:36:47 BST
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  pc: acpi: force FADT rev1 for 440fx based machine types
  pc: make 'pc.rom' readonly when machine has PCI enabled
  vhost-user: fix watcher need be removed when vhost-user hotplug
  tests/bios-tables-test: Compiler warning fix
  accel: cleanup error output
  intel_iommu: use access_flags for iotlb
  intel_iommu: fix iova for pt
  vhost-user: fix legacy cross-endian configurations
  vhost: fix a memory leak
  tests: switch pxe and vm gen id tests to use kvm

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-08-02 09:49:02 +01:00
Igor Mammedov
3a3fcc75f9 pc: acpi: force FADT rev1 for 440fx based machine types
w2k used to boot on QEMU until revision of FADT has
been bumped to rev3
(commit 77af8a2b hw/i386: Use Rev3 FADT (ACPI 2.0) instead of Rev1 to improve guest OS support.)

Keep PC machine at rev1 to remain compatible and Q35
at rev3 where w2k isn't supported anyway so OSX could
run as well.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Tested-by: John Arbuckle <programmingkidx@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-02 00:13:26 +03:00
Igor Mammedov
208fa0e436 pc: make 'pc.rom' readonly when machine has PCI enabled
looking at bios ROM mapping in QEMU it seems that only isapc
(i.e. not PCI enabled machine) requires ROM being mapped as
RW in other cases BIOS is mapped as RO. Do the same for option
ROM 'pc.rom' when machine has PCI enabled.

As useful side-effect pc.rom MemoryRegion stops being
put in vhost memory map (filtered out by vhost_section()),
which reduces number of entries by 1.

Coincidentally it fixes migration failure reported in

"[PATCH V2]  vhost: fix a migration failed because of vhost region merge"

where following destination CLI with /sys/module/vhost/parameters/max_mem_regions = 8

export DIMMSCOUNT=6
QEMU -enable-kvm \
     -netdev type=tap,id=guest0,vhost=on,script=no,vhostforce \
     -device virtio-net-pci,netdev=guest0 \
     -m 256,slots=256,maxmem=2G \
     `i=0; while [ $i -lt $DIMMSCOUNT ]; do echo \
         "-object memory-backend-ram,id=m$i,size=128M \
          -device pc-dimm,id=d$i,memdev=m$i"; i=$(($i + 1)); \
     done`

will fail to startup with error:

 "-device pc-dimm,id=d5,memdev=m5: a used vhost backend has no free memory slots left"

while it's possible to add the 6th DIMM during hotplug
on source.

Issue is caused by the fact that number of entries in vhost map
is bigger on 1 entry, when -device is processed, than
after guest boots up, and that offending entry belongs to
'pc.rom', it's not like vhost intends to do IO in ROM range
so making it RO hides region from vhost and makes number
of entries in vhost memory map at -device/machine_done time
match number of entries after guest boots.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reported-by: Peng Hao <peng.hao2@zte.com.cn>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-02 00:13:26 +03:00
Yunjian Wang
41d4e5ec9f vhost-user: fix watcher need be removed when vhost-user hotplug
"nc" is freed after hotplug vhost-user, but the watcher is not removed.
The QEMU crash when the watcher access the "nc" when socket disconnects.

    Program received signal SIGSEGV, Segmentation fault.
    #0  object_get_class (obj=obj@entry=0x2) at qom/object.c:750
    #1  0x00007f9bb4180da1 in qemu_chr_fe_disconnect (be=<optimized out>) at chardev/char-fe.c:372
    #2  0x00007f9bb40d1100 in net_vhost_user_watch (chan=<optimized out>, cond=<optimized out>, opaque=<optimized out>) at net/vhost-user.c:188
    #3  0x00007f9baf97f99a in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
    #4  0x00007f9bb41d7ebc in glib_pollfds_poll () at util/main-loop.c:213
    #5  os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261
    #6  main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:515
    #7  0x00007f9bb3e266a7 in main_loop () at vl.c:1917
    #8  main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4786

Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-02 00:13:26 +03:00
Dr. David Alan Gilbert
91c38e08af tests/bios-tables-test: Compiler warning fix
gcc 7.1.1 in fedora 26 moans about the:
   tables = g_new0(uint32_t, tables_nr)

because it can't convince itself that tables_nr is positive.
This is fallout from g_assert_cmpint no longer necessarily being
no-return;  replace it with a plain g_assert.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2017-08-02 00:13:26 +03:00
Laurent Vivier
2f6b38d171 accel: cleanup error output
Only emit "XXX accelerator not found", if there are not
further accelerators listed. eg

   accel=kvm:tcg

doesn't print a "KVM accelerator not found" warning
when it falls back to tcg, but a

   accel=kvm

prints a warning, since no fallback is given.

Suggested-by: Daniel P. Berrange <berrange@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
2017-08-02 00:13:25 +03:00
Peter Xu
07f7b73398 intel_iommu: use access_flags for iotlb
It was cached by read/write separately. Let's merge them.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-02 00:13:25 +03:00
Peter Xu
892721d91d intel_iommu: fix iova for pt
IOMMUTLBEntry.iova is returned incorrectly on one PT path (though mostly
we cannot really trigger this path, even if we do, we are mostly
disgarding this value, so it didn't break anything). Fix it by
converting the VTD_PAGE_MASK into the correct definition
VTD_PAGE_MASK_4K, then remove VTD_PAGE_MASK.

Fixes: b93130 ("intel_iommu: cleanup vtd_{do_}iommu_translate()")
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-08-02 00:13:25 +03:00
Felipe Franciosi
5df04f1762 vhost-user: fix legacy cross-endian configurations
Currently, vhost-user does not implement any means for notifying the
backend about guest endianess. This commit introduces a new message
called VHOST_USER_SET_VRING_ENDIAN which is analogous to the ioctl()
called VHOST_SET_VRING_ENDIAN used for kernel vhost backends. Such
message is necessary for backends supporting legacy (pre-1.0) virtio
devices running in big-endian guests.

Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
Signed-off-by: Mike Cui <cui@nutanix.com>
2017-08-02 00:13:25 +03:00