Commit Graph

86335 Commits

Author SHA1 Message Date
Klaus Jensen
5cefe28708 hw/block/nvme: store aiocb in compare
nvme_compare() fails to store the aiocb from the blk_aio_preadv() call.
Fix this.

Fixes: 0a384f923f ("hw/block/nvme: add compare command")
Cc: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
2021-04-12 08:55:23 +02:00
Padmakar Kalghatgi
d357230b20 hw/block/nvme: map prp fix if prp2 contains non-zero offset
nvme_map_prp needs to calculate the number of list entries based on the
offset value. For the subsequent PRP2 list, need to ensure the number of
entries is within the MAX number of PRP entries for a page.

Signed-off-by: Padmakar Kalghatgi <p.kalghatgi@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2021-04-12 08:55:20 +02:00
Klaus Jensen
a3d9f3a962 docs: add nvme emulation documentation
Remove the docs/specs/nvme.txt and replace it with proper documentation
in docs/system/nvme.rst.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-04-12 07:05:31 +02:00
Daniel Henrique Barboza
2b18fc794f spapr.c: always pulse guest IRQ in spapr_core_unplug_request()
Commit 47c8c915b1 fixed a problem where multiple spapr_drc_detach()
requests were breaking QEMU. The solution was to just spapr_drc_detach()
once, and use spapr_drc_unplug_requested() to filter whether we already
detached it or not. The commit also tied the hotplug request to the
guest in the same condition.

Turns out that there is a reliable way for a CPU hotunplug to fail. If a
guest with one CPU hotplugs a CPU1, then offline CPU0s via 'echo 0 >
/sys/devices/system/cpu/cpu0/online', then attempts to hotunplug CPU1,
the kernel will refuse it because it's the last online CPU of the
system. Given that we're pulsing the IRQ only in the first try, in a
failed attempt, all other CPU1 hotunplug attempts will fail, regardless
of the online state of CPU1 in the kernel, because we're simply not
letting the guest know that we want to hotunplug the device.

Let's move spapr_hotplug_req_remove_by_index() back out of the "if
(!spapr_drc_unplug_requested(drc))" conditional, allowing for multiple
'device_del' requests to the same CPU core to reach the guest, in case
the CPU core didn't fully hotunplugged previously.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20210401000437.131140-3-danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-04-12 12:27:14 +10:00
Daniel Henrique Barboza
d522cb52e6 spapr: rollback 'unplug timeout' for CPU hotunplugs
The pseries machines introduced the concept of 'unplug timeout' for CPU
hotunplugs. The idea was to circunvent a deficiency in the pSeries
specification (PAPR), that currently does not define a proper way for
the hotunplug to fail. If the guest refuses to release the CPU (see [1]
for an example) there is no way for QEMU to detect the failure.

Further discussions about how to send a QAPI event to inform about the
hotunplug timeout [2] exposed problems that weren't predicted back when
the idea was developed. Other QEMU machines don't have any type of
hotunplug timeout mechanism for any device, e.g. ACPI based machines
have a way to make hotunplug errors visible to the hypervisor. This
would make this timeout mechanism exclusive to pSeries, which is not
ideal.

The real problem is that a QAPI event that reports hotunplug timeouts
puts the management layer (namely Libvirt) in a weird spot. We're not
telling that the hotunplug failed, because we can't be 100% sure of
that, and yet we're resetting the unplug state back, preventing any
DEVICE_DEL events to reach out in case the guest decides to release the
device. Libvirt would need to inspect the guest itself to see if the
device was released or not, otherwise the internal domain states will be
inconsistent.  Moreover, Libvirt already has an 'unplug timeout'
concept, and a QEMU side timeout would need to be juggled together with
the existing Libvirt timeout.

All this considered, this solution ended up creating more trouble than
it solved. This patch reverts the 3 commits that introduced the timeout
mechanism for CPU hotplugs in pSeries machines.

This reverts commit 4515a5f786
"qemu_timer.c: add timer_deadline_ms() helper"

This reverts commit d1c2e3ce3d
"spapr_drc.c: add hotunplug timeout for CPUs"

This reverts commit 51254ffb32
"spapr_drc.c: introduce unplug_timeout_timer"

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1911414
[2] https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg04682.html

CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20210401000437.131140-2-danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-04-12 12:27:14 +10:00
Peter Maydell
555249a59e x86 and CPU bug fixes for 6.0-rc3
* Add missing features to EPYC-Rome CPU model (Babu Moger)
 * Fix crash with "-device ...-cpu-core,help" (Greg Kurz)
 -----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCAAyFiEEWjIv1avE09usz9GqKAeTb5hNxaYFAmBwtwIUHGVoYWJrb3N0
 QHJlZGhhdC5jb20ACgkQKAeTb5hNxaaNqBAAh+v/wxP3Rx2K58Da2FDfk9+he3cB
 ggBE/XbtRZl2awMiiO7Dthxjogika4tqN9Xo6x1T20/IZRsZur7waKE8goJoka/e
 5fni3Vq2A+DUFYZvfoUdsYBgBohZcoD3UlXjcSNl0G1liPGqGgR66XgD4e4eNT+C
 nd80VtwacK/xo/lW/mO+fk8j9zoiuGHjIoophyK8axurPxCC3WWXY5KGjZEAq7NA
 1pBHdHAZDB//oNdmm1FIcHhPDZpJ2OIrhYkrH4MEY2qe4NfP6KA71kCAHgfyrbX3
 d8/qa2bMg8CfvqABkWj1jKRUJPmwxJxpuTW1V5ve6u5GD1BIXeOaTzuD1NCp77ry
 o4FwFewpJtHQDbWXUAMbIQ/rBH4Rl1l3ABAPNliUY85Y4odXquU0hPk/4Jfj68v3
 3mbYECkD24N7Kev+cAec6BRplu2WkDSYKPpaiXr0Nu5IOcL5huT2qDORvTJDF3lz
 At7KDcmd+B+IyorL/A6eWIJ42qte+4zG1ILBRTcR0FyqHCFWv5yqjbfFEkYgBImf
 UBmxCdROnKz0Q1TSZporzm19kPBSo692kNWl8EtwTooEB+YjZOBSIC+AhjbNRWZu
 7UrUPRc2Vbu7P/C52XVUIpY52RS09Afv1FcARj621h0HzWibqWUYMmG5zXt9y33k
 GJrN/YwFZTpgSbY=
 =KMA5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost-gl/tags/x86-next-pull-request' into staging

x86 and CPU bug fixes for 6.0-rc3

* Add missing features to EPYC-Rome CPU model (Babu Moger)
* Fix crash with "-device ...-cpu-core,help" (Greg Kurz)

# gpg: Signature made Fri 09 Apr 2021 21:20:18 BST
# gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg:                issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost-gl/tags/x86-next-pull-request:
  cpu/core: Fix "help" of CPU core device types
  i386: Add missing cpu feature bits in EPYC-Rome model

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-10 16:58:56 +01:00
Greg Kurz
0b47ec4b95 cpu/core: Fix "help" of CPU core device types
Calling qdev_get_machine() from a QOM instance_init function is
fragile because we can't be sure the machine object actually
exists. And this happens to break when passing ",help" on the
command line to get the list of properties for a CPU core
device types :

$ ./qemu-system-ppc64 -device power8_v2.0-spapr-cpu-core,help
qemu-system-ppc64: ../../hw/core/machine.c:1290:
 qdev_get_machine: Assertion `machine != NULL' failed.
Aborted (core dumped)

This used to work before QEMU 5.0, but commit 3df261b667
unwillingly introduced a subtle regression : the above command
line needs to create an instance but the instance_init function
of the base class calls qdev_get_machine() before
qemu_create_machine() has been called, which is a programming bug.

Use current_machine instead. It is okay to skip the setting of
nr_thread in this case since only its type is displayed.

Fixes: 3df261b667 ("softmmu/vl.c: Handle '-cpu help' and '-device help' before 'no default machine'")
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
Cc: peter.maydell@linaro.org
Message-Id: <20210409160339.500167-3-groug@kaod.org>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-04-09 16:05:16 -04:00
Babu Moger
cdeaed2778 i386: Add missing cpu feature bits in EPYC-Rome model
Found the following cpu feature bits missing from EPYC-Rome model.
ibrs    : Indirect Branch Restricted Speculation
ssbd    : Speculative Store Bypass Disable

These new features will be added in EPYC-Rome-v2. The -cpu help output
after the change.

x86 EPYC-Rome             (alias configured by machine type)
x86 EPYC-Rome-v1          AMD EPYC-Rome Processor
x86 EPYC-Rome-v2          AMD EPYC-Rome Processor

Reported-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com>
Signed-off-by: Babu Moger <babu.moger@amd.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Edmondson <david.edmondson@oracle.com>
Message-Id: <161478622280.16275.6399866734509127420.stgit@bmoger-ubuntu>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-04-09 16:02:18 -04:00
Peter Maydell
836b36af93 Block layer fixes
- mirror: Fix job-complete race condition causing unexpected errors
 - fdc: Fix 'fallback' property on sysbus floppy disk controllers
 - rbd: Fix memory leaks
 - iotest improvements
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmBwfRcRHGt3b2xmQHJl
 ZGhhdC5jb20ACgkQfwmycsiPL9afvA/9Ek5sr95gYMWz+4XuuaeVYjCwyrcEv3WX
 +zZNCwT/lcbmKAmkKwuHcU9nDpEfeRZ2nmJB1rhCKIdya/qWhLyJKRY7s8Ip8W8h
 uhWz+LIoo8q/ZGcxIDlkyazr8s5qQMSZtvBkb/QSi2h8yhwY8wf1dIk2J3IgB2wf
 JjZaZIyGpUYnfDmYncnTduGUOKrgHPNaSagGbis9OFqd8jqdcCt9vb+jDNYa29st
 e5223MUpjHilhdvrM7lCNX8wTcximTeZfXnBvZd87MQXIoitl3jb9Da0qTLZyo/b
 uGORfRs2DXldFgdHAf699KDWjVGieGnMKUQkP3vgFtrUDd4xfj1lRWBmnKolBwng
 4ku9cP8tqRIA7y6LFJX/ExxeR48AwbbMbsQIJNj3mjez49HRlGPMGVRYonCWK9B6
 /XQF8FD+Xk9Ivua6rMRXK7IHMqdJGKIiTvDf1frwg1qbYPrPOAOu9F3h/ybGQQhb
 GxQHQccAinmcDco0PSoJnqe/3ukyuSOrV4Bf/JZpo9pIJau3By4XphLmu35JdBhh
 B+xVUBr7k3SQ/s/DLRnuunRPZGHMGY+Cf9v0dqvTKDEmStdrctfyTshjP01LDsex
 zBmDLFIyzmFwwz14atNP6kusce8H4XIbC6x51DV2jNG01OL4PcTVQaCDmDTsYqlY
 Yi3HfzSG9Ng=
 =948n
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer fixes

- mirror: Fix job-complete race condition causing unexpected errors
- fdc: Fix 'fallback' property on sysbus floppy disk controllers
- rbd: Fix memory leaks
- iotest improvements

# gpg: Signature made Fri 09 Apr 2021 17:13:11 BST
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  test-blockjob: Test job_wait_unpaused()
  job: Allow complete for jobs on standby
  mirror: Do not enter a paused job on completion
  mirror: Move open_backing_file to exit_common
  hw/block/fdc: Fix 'fallback' property on sysbus floppy disk controllers
  iotests: Test mirror-top filter permissions
  iotests: add test for removing persistent bitmap from backing file
  iotests/qsd-jobs: Filter events in the first test
  block/rbd: fix memory leak in qemu_rbd_co_create_opts()
  block/rbd: fix memory leak in qemu_rbd_connect()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-09 19:26:42 +01:00
Peter Maydell
471387aa14 One s390x fix:
- correctly handle the case where the guest ccw payload points to
   invalid memory areas
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAmBwaCESHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vcJsQAKJO6tlZx/dEr00FeuXN0J1o25pw1PtQ
 N2wgWn7hQ5KEvfppNxiiARlZY13ki94hoPNKGW+XISEoyZ9Zx1HsbhCYE80oa1SZ
 4paCbGj5sauTNjjMhuwrl3FlchszoC9oUg9Ev7GeGsFbtHP+gvR7X9giE3xfHjO4
 2AlghUVxo2N5IL3yEgmdTBWEbpSlqMm18yDn7cZsgYRr+s/cUNlTvhTcwR7PmYsK
 KnBFeM1PbOXl+8MqdP5xZevXpzhlUpIR+Dwfo1TcNKscj6hHE1GHJhAUGMDvDG/K
 4dair5/l4HxxaF2G4HvVU5dr4pJwZ1QXEvfpIykN2vGW6dwwP15xIknqgMCtEcU8
 MD7lpvGpq1x2ScEs2AIlK5ElD2vZiK3zZSYNah634f034RSIz6T3RFAKEMdVYmKJ
 6r3NqYp7ZCsIDHttOSzE9b+5mwU0FYx21XNCC2YNe1cHNqegfxCFefvggN+c7RGv
 /AZA7URPW11wj760ySeg1pzeTygtlpkwDU39UYTz/lG0vhkMPwOrd0R2njuL3jJy
 pIXAJZ9Ha6hYLNPFie81VrGLu/dBoLeKwqe70HYDMdPTafPtJRDAlvo8r6oc4FwG
 1y8fqrafSpFVZsmO0qWkoCUmObq+aQY1MnuASA8MoRDS+xVT6LXJVv/PWf1m0DjR
 wxYGQaRrFsnT
 =6cYM
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210409' into staging

One s390x fix:
- correctly handle the case where the guest ccw payload points to
  invalid memory areas

# gpg: Signature made Fri 09 Apr 2021 15:43:45 BST
# gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [unknown]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [unknown]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck-gitlab/tags/s390x-20210409:
  s390x: css: report errors from ccw_dstream_read/write

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-09 17:21:18 +01:00
Max Reitz
c2c731a4d3 test-blockjob: Test job_wait_unpaused()
Create a job that remains on STANDBY after a drained section, and see
that invoking job_wait_unpaused() will get it unstuck.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210409120422.144040-5-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-04-09 18:00:29 +02:00
Max Reitz
53ddb9c892 job: Allow complete for jobs on standby
The only job that implements .complete is the mirror job, and it can
handle completion requests just fine while the job is paused.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1945635
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210409120422.144040-4-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-04-09 18:00:29 +02:00
Max Reitz
00769414cd mirror: Do not enter a paused job on completion
Currently, it is impossible to complete jobs on standby (i.e. paused
ready jobs), but actually the only thing in mirror_complete() that does
not work quite well with a paused job is the job_enter() at the end.

If we make it conditional, this function works just fine even if the
mirror job is paused.

So technically this is a no-op, but obviously the intention is to accept
block-job-complete even for jobs on standby, which we need this patch
for first.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210409120422.144040-3-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-04-09 18:00:29 +02:00
Max Reitz
c41f5b96ee mirror: Move open_backing_file to exit_common
This is a graph change and therefore should be done in job-finalize
(which is what invokes mirror_exit_common()).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210409120422.144040-2-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-04-09 18:00:29 +02:00
Philippe Mathieu-Daudé
da64789d3a hw/block/fdc: Fix 'fallback' property on sysbus floppy disk controllers
Setting the 'fallback' property corrupts the QOM instance state
(FDCtrlSysBus) because it accesses an incorrect offset (it uses
the offset of the FDCtrlISABus state).

Cc: qemu-stable@nongnu.org
Fixes: a73275dd6f ("fdc: Add fallback option")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210407133742.1680424-1-f4bug@amsat.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-04-09 18:00:29 +02:00
Max Reitz
f940b0ac6f iotests: Test mirror-top filter permissions
Add a test accompanying commit 53431b9086
("block/mirror: Fix mirror_top's permissions").

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210331122815.51491-1-mreitz@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-04-09 18:00:29 +02:00
Vladimir Sementsov-Ogievskiy
030262a6e4 iotests: add test for removing persistent bitmap from backing file
Just demonstrate one of x-blockdev-reopen usecases. We can't simply
remove persistent bitmap from RO node (for example from backing file),
as we need to remove it from the image too. So, we should reopen the
node first.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20210401161522.8001-1-vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-04-09 18:00:29 +02:00
Max Reitz
66f18320f7 iotests/qsd-jobs: Filter events in the first test
The job may or may not be ready before the 'quit' is issued.  Whether it
is is irrelevant; for the purpose of the test, it only needs to still be
there.  Filter the job status change and READY events from the output so
it becomes reliable.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210401132839.139939-1-mreitz@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-04-09 18:00:29 +02:00
Stefano Garzarella
b084b420d9 block/rbd: fix memory leak in qemu_rbd_co_create_opts()
When we allocate 'q_namespace', we forgot to set 'has_q_namespace'
to true. This can cause several issues, including a memory leak,
since qapi_free_BlockdevCreateOptions() does not deallocate that
memory, as reported by valgrind:

  13 bytes in 1 blocks are definitely lost in loss record 7 of 96
     at 0x4839809: malloc (vg_replace_malloc.c:307)
     by 0x48CEBB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x48E3FE3: g_strdup (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x180010: qemu_rbd_co_create_opts (rbd.c:446)
     by 0x1AE72C: bdrv_create_co_entry (block.c:492)
     by 0x241902: coroutine_trampoline (coroutine-ucontext.c:173)
     by 0x57530AF: ??? (in /usr/lib64/libc-2.32.so)
     by 0x1FFEFFFA6F: ???

Fix setting 'has_q_namespace' to true when we allocate 'q_namespace'.

Fixes: 19ae9ae014 ("block/rbd: Add support for ceph namespaces")
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20210329150129.121182-3-sgarzare@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-04-09 18:00:29 +02:00
Stefano Garzarella
c1c1f6cf51 block/rbd: fix memory leak in qemu_rbd_connect()
In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host()
using g_strjoinv(), but it's only freed in the error path, leaking
memory in the success path as reported by valgrind:

  80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516
     at 0x4839809: malloc (vg_replace_malloc.c:307)
     by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x87D07E: qemu_rbd_mon_host (rbd.c:538)
     by 0x87D07E: qemu_rbd_connect (rbd.c:562)
     by 0x87E1CE: qemu_rbd_open (rbd.c:740)
     by 0x840EB1: bdrv_open_driver (block.c:1528)
     by 0x8453A9: bdrv_open_common (block.c:1802)
     by 0x8453A9: bdrv_open_inherit (block.c:3444)
     by 0x8464C2: bdrv_open (block.c:3537)
     by 0x8108CD: qmp_blockdev_add (blockdev.c:3569)
     by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086)
     by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131)
     by 0x907EA4: aio_bh_poll (async.c:164)

Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly.

Fixes: 0a55679b4a
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20210329150129.121182-2-sgarzare@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-04-09 18:00:29 +02:00
Peter Maydell
285f6f57fa linux-user pull request 20210409
Fix lock_user()/unlock_user()
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmBwUf0SHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748PwkP/1N86uPuXYXaQPj8a8KKPNUrIpVDojmq
 cOeyvIa4pRdShd2xHyEwYSIF0LmWxIFj/LlbI7lnerQvQKI9H8A5P/XYz+JVcUTD
 lC7pIujalkpH0mw9MrO1AzX5I0I3HidbKG/d3DWTS82JN6jLguB198SiqhrJJjq8
 zGnJJIJ8t2fiNdDYGfklctWEcet7VXBcQuDrOCY5sPNcPGu6ngUyMBbJU41uVkIC
 547UI3WnEgBKM2Y65or2GgVtIi5elqoirgolDcHzY3da9z/IGAR+Y6olIpGR2Bhj
 urCA7uNsNHab4adgGPWBRchUxXWXjc98ZOGWlJ0WVQDBIJFDI7XCiNJcWEy2hW2n
 RXXZHd54So+GIpw3gRbHpNYsFDtXOMSW7E3VzC0Ico0huOexu/S6SLj1V66+1TLO
 Cj5QW+izg1Wp9aEPybSgDBDcqpq79bfYPGfB5jLtvAmjEPhYn3uEwOta8RmZnIsG
 wy8LpyVGIBVMCoCw+3A2CD16GetA7HLFEzsw00EmIbm1i/RMNxKtaQo3QRX3fFMl
 gsmpv/YqmJNZ8DNw1P/8b64MRftRMh2CV17KwDKaVr39Y4myQVxHrJo2k9XGFIrA
 Ce+Fw0ddGK+DNNqhsWSe+Khka6Rsotcgw7AHuJbYl/fTD+xjazARKBP5UIsn86C0
 Ih0EeYFRgYpW
 =PmqE
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging

linux-user pull request 20210409

Fix lock_user()/unlock_user()

# gpg: Signature made Fri 09 Apr 2021 14:09:17 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-6.0-pull-request:
  linux-user: Use signed lengths in uaccess.c

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-09 14:22:03 +01:00
Pierre Morel
d895d25ae2 s390x: css: report errors from ccw_dstream_read/write
ccw_dstream_read/write functions returned values are sometime
not taking into account and reported back to the upper level
of interpretation of CCW instructions.

It follows that accessing an invalid address does not trigger
a subchannel status program check to the guest as it should.

Let's test the return values of ccw_dstream_write[_buf] and
ccw_dstream_read[_buf] and report it to the caller.

Cc: qemu-stable@nongnu.org
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <1617899529-9329-2-git-send-email-pmorel@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-04-09 10:52:13 +02:00
Peter Maydell
ce69aa92d7 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJgbs4gAAoJEO8Ells5jWIRvgAIAJjpj9ptxEfEAisTeU7IMNPk
 vFyf9aBj/QBPv8VmcC90Mz/x38bMn0zE6V9E53camA7s1YtLxWj5ZG9wvj0ExJB9
 jgk4kEm5gpj8LY7/GwECNffaITQtLZgE4HVP98dVG9o1+5iCkZf8RnXAQH2ckzTs
 WoYuM0Glgj0XXdBauvpEkidQ+q23cOw7ipxNseI5wxZBAZt0RGdXoO6Dh+S219ro
 kFoDwzZS9tnuwpzzZJefQJuRWkUm1LsZ6rwC7Yd+gpk2Yt+fLGihF4dc0se2+SE1
 jeq7fV1E62PvEs2GJx4hs3rqakcBDE4Bf83sZnbFKMVpuvFUh+mXcKaIfXABDi8=
 =3d/N
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Thu 08 Apr 2021 10:34:24 BST
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  tap-win32: correctly recycle buffers
  Revert "qapi: net: Add query-netdev command"
  Revert "tests: Add tests for query-netdev command"
  Revert "net: Move NetClientState.info_str to dynamic allocations"
  Revert "hmp: Use QAPI NetdevInfo in hmp_info_network"
  Revert "net: Do not fill legacy info_str for backends"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-08 16:45:31 +01:00
Peter Maydell
d8724020dd V2 migration+virtiofs fixes pull 2021-04-07
A seg fix in virtiofsd, a bunch of fixes for background snapshots, and
 a migration test fix.
 
 Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
 
 v2
   Fix for !linux build
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEERfXHG0oMt/uXep+pBRYzHrxb/ecFAmBt8YkACgkQBRYzHrxb
 /efHNBAAismdo7L9iU8hUpvIuFbdLzREoYH3vqbZT6K1zjbmabpqbmMkcPQvj9Oo
 St9uSdq+6oOMrMi3r0oDpkb2F2csbIdPLQ7a2Y3hZTbzsUJXmI6eoYuSLUNRkvP1
 57MoUienK5TsATGFFPd3MuAvwHVOIBZGgg8aeYkC5RiltlQx42IQ4SEtc7yXSrnp
 TbjS45kd5I13crH4RxNG4X2/cG8McVYCSzEUMPBqbvNFiw2dJTOWr2kzza0jh4tP
 0VsgjeqPIoYa4n7LZEs7BgSiXcFcOPbUXvZ/ho7wHOLckhKlbdhJgklBUOom5aqO
 RZcN1XyPdzcKoxpch3T5d0h/YdEXEQSS7zdLBJDx4bUfb1ZhjEq0RhXqdYJ9YFEG
 dZTtxaxzW4u8UhPom4Eu0/HNyaqvjyqGrTxCpnS5fHH6pJKtdVhH7WfdEyYHj4lp
 PkEoKuTPZClk7Fjdsc329vHtIv0+rrWxBWtzFmrPgj13Xy8CkOOmKlYO2BhwI5zb
 j76s+y3IGNas4pJqhksNBE8AaODZ2IB8hq5dnqb9EsX4gtbOwhXYlA6aZY0EokiS
 VPbQ76emdE79A/vjArBkfiHsDzUkNe+sBSmreHBxzij/mmaXMP4mcVGew5dNfCFm
 TQrG9C1oH445yopZIXukcOOZofS3met90m6bbZO0DfAX+wXAAQM=
 =FKJ4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20210407b' into staging

V2 migration+virtiofs fixes pull 2021-04-07

A seg fix in virtiofsd, a bunch of fixes for background snapshots, and
a migration test fix.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

v2
  Fix for !linux build

# gpg: Signature made Wed 07 Apr 2021 18:53:13 BST
# gpg:                using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert/tags/pull-migration-20210407b:
  tests/migration: fix parameter of auto-converge migration
  migration: Rename 'bs' to 'block' in background snapshot code
  migration: Pre-fault memory before starting background snasphot
  migration: Inhibit virtio-balloon for the duration of background snapshot
  migration: Fix missing qemu_fflush() on buffer file in bg_migration_thread
  virtiofsd: Fix security.capability comparison

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-08 14:00:57 +01:00
Peter Maydell
9692c7b037 Testing updates:
- fix x86_64 cross compilers
   - don't use registry for non-x86 containers
   - add valid host types for given cross compile containers
   - clean up i386 code16 test with explicit -no-pie
   - relax sha1.py gdbstub test
   - add more gdbstub documentation
   - remove annoying warning on gitlab
   - test dtrace backend in gitlab
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmBsdnkACgkQ+9DbCVqe
 KkTnWAf/R7dkCJD9haKG1BHYfKxXtDsUxwa99Ep+C+8xRIbfMqjnHJl4YBaXvkcS
 OeiPXJ4FFo36ZDusM4cJUzmB3Jr3OBN6Q33BTOIJfbrNunKfgUgVlc5LWy9AlFcN
 3Pz5GyTDJIH/1BC+NzzHFq0KWMXgtNX/uGyJpeAD7Hqv6QtPJ82R1sGMRuLa2ep2
 KuFVuLRSFdo37U6rxyRlbgIgC29lbKwR5fp/AQMTHT/a6qpsVPX7jOD53U07x/sY
 45NWftzw8dQsOufdXRNCt/qq7TJ94KfIOWU6pNnFxBmuuJq4QxrObYwxZyylhmie
 AEbA6lT8hdak21DYbRf8UQTItIB2qg==
 =4j4F
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stsquad/tags/pull-6.0-rc2-fixes-060421-1' into staging

Testing updates:

  - fix x86_64 cross compilers
  - don't use registry for non-x86 containers
  - add valid host types for given cross compile containers
  - clean up i386 code16 test with explicit -no-pie
  - relax sha1.py gdbstub test
  - add more gdbstub documentation
  - remove annoying warning on gitlab
  - test dtrace backend in gitlab

# gpg: Signature made Tue 06 Apr 2021 15:55:53 BST
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-6.0-rc2-fixes-060421-1:
  gitlab-ci.yml: Test the dtrace backend in one of the jobs
  gitlab-ci.yml: Fix the filtering for the git submodules
  docs/system/gdb.rst: Document how to debug multicore machines
  docs/system/gdb.rst: Add some more heading structure
  tests/tcg: relax the next step precision of the gdb sha1 test
  tests/tcg/i386: force -fno-pie for test-i386
  tests/tcg/i386: expand .data sections for system tests
  tests/tcg/configure.sh: make sure we pick up x86_64 cross compilers
  tests/tcg: add concept of container_hosts
  tests/docker: don't set DOCKER_REGISTRY on non-x86_64
  tests/tcg: update the defaults for x86 compilers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-08 11:39:53 +01:00
Jason Wang
21df394d9e tap-win32: correctly recycle buffers
Commit 969e50b61a ("net: Pad short frames to minimum size before
sending from SLiRP/TAP") tries to pad frames but try to recyle the
local array that is used for padding to tap thread. This patch fixes
this by recyling the original buffer.

Fixes: 969e50b61a ("net: Pad short frames to minimum size before sending from SLiRP/TAP")
Tested-by: Howard Spoelstra <hsp.cat7@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-04-08 17:33:59 +08:00
Jason Wang
f9bb0c1f98 Revert "qapi: net: Add query-netdev command"
Several issues has been reported for query-netdev series. Consider
it's late in the rc, this reverts commit
d32ad10a14.

Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-04-08 17:33:59 +08:00
Jason Wang
22317309df Revert "tests: Add tests for query-netdev command"
Several issues has been reported for query-netdev series. Consider
it's late in the rc, this reverts commit
3c3b656885.

Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-04-08 17:33:59 +08:00
Jason Wang
56e6f594bf Revert "net: Move NetClientState.info_str to dynamic allocations"
Several issues has been reported for query-netdev info
series. Consider it's late in the rc, this reverts commit
commit 59b5437eb7.

Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-04-08 17:33:59 +08:00
Jason Wang
603f2f7c6c Revert "hmp: Use QAPI NetdevInfo in hmp_info_network"
Several issues has been reported for query-netdev info
series. Consider it's late in the rc, this reverts commit
a0724776c5.

Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-04-08 17:33:59 +08:00
Jason Wang
d89b4f839f Revert "net: Do not fill legacy info_str for backends"
Several issues has been reported for query-netdev info
series. Consider it's late in the rc, this reverts commit
f2e8319d45.

Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-04-08 17:33:59 +08:00
Peter Maydell
1b7dabccd0 emulated nvme fixes for -rc3
v3:
   - removed unnecessary deprecation warning
 
 v2:
   - added missing patches
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmBt4hEACgkQTeGvMW1P
 DeknCAf9H6rYJoiA/ELlQCBXtNZZExl5pqCCaN2kgUixwA5TuW4/OST2ClmThRoo
 RA5XdDQoATYloB6XaL5Mm+uXI7wiRrNe3WLDZsqIBRmLrLb7Vl7fH+MsO4m3dHrQ
 zBi4Zg2oHit8eTrhI6tUHmNdHEWyt+74bG/vVxd+wi1inXtTI3naNSoLU9ZxCZ+t
 99otl4jjeqQJS/SOtHJlw2e3qPIxkTXxgFvAWITrbBxQuac1fA0jJ0CVWFCgxipv
 VCM7VNsinrQL/RYiknMM/O72QhnQfs90jEBr7vNsAs9zIsv4q23TFXsjRzFpVi4W
 h3kTb4a9OM1PPDcYDeKt3yhXmsmakg==
 =36si
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/nvme/tags/nvme-fixes-20210407-pull-request' into staging

emulated nvme fixes for -rc3

v3:
  - removed unnecessary deprecation warning

v2:
  - added missing patches

# gpg: Signature made Wed 07 Apr 2021 17:47:13 BST
# gpg:                using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9

* remotes/nvme/tags/nvme-fixes-20210407-pull-request:
  hw/block/nvme: fix out-of-bounds read in nvme_subsys_ctrl
  hw/block/nvme: fix assert crash in nvme_subsys_ns
  hw/block/nvme: fix ns attachment out-of-bounds read
  hw/block/nvme: add missing copyright headers
  hw/block/nvme: fix handling of private namespaces
  hw/block/nvme: update dmsrl limit on namespace detachment
  hw/block/nvme: fix warning about legacy namespace configuration
  hw/block/nvme: fix the nsid 'invalid' value
  hw/block/nvme: fix missing string representation for ns attachment
  hw/block/nvme: fix pi constraint check

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-07 19:21:47 +01:00
Hyman Huang(黄勇)
e999fa47b2 tests/migration: fix parameter of auto-converge migration
when execute the following test command:
$ ./guestperf-batch.py --auto-converge \
    --auto-converge-step {percent} ...
test aborts and error message be throwed as the following:
"Parameter 'x-cpu-throttle-increment' is unexpected"

The reason is that 'x-cpu-throttle-increment' has been
deprecated and 'cpu-throttle-increment' was introduced
Since v2.7. Use the new parameter instead.

Signed-off-by: Hyman Huang(黄勇) <huangy81@chinatelecom.cn>
Message-Id: <0195d34a317ce3cc417b3efd275e30cad35a7618.1616513998.git.huangy81@chinatelecom.cn>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-04-07 18:37:56 +01:00
Andrey Gruzdev
82ea3e3b99 migration: Rename 'bs' to 'block' in background snapshot code
Rename 'bs' to commonly used 'block' in migration/ram.c background
snapshot code.

Signed-off-by: Andrey Gruzdev <andrey.gruzdev@virtuozzo.com>
Reported-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210401092226.102804-5-andrey.gruzdev@virtuozzo.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-04-07 18:37:56 +01:00
Andrey Gruzdev
eeccb99c9d migration: Pre-fault memory before starting background snasphot
This commit solves the issue with userfault_fd WP feature that
background snapshot is based on. For any never poluated or discarded
memory page, the UFFDIO_WRITEPROTECT ioctl() would skip updating
PTE for that page, thereby loosing WP setting for it.

So we need to pre-fault pages for each RAM block to be protected
before making a userfault_fd wr-protect ioctl().

Fixes: 278e2f551a (migration: support
  UFFD write fault processing in ram_save_iterate())
Signed-off-by: Andrey Gruzdev <andrey.gruzdev@virtuozzo.com>
Reported-by: David Hildenbrand <david@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210401092226.102804-4-andrey.gruzdev@virtuozzo.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
dgilbert:
  Bodged ifdef __linux__ on ram_write_tracking_prepare, should really
      go in a stub
2021-04-07 18:37:28 +01:00
Richard Henderson
360f0abdc5 linux-user: Use signed lengths in uaccess.c
Partially revert 09f679b62d, but only for the length arguments.
Instead of reverting to long, use ssize_t.  Reinstate the > 0 check
in unlock_user.

Fixes: 09f679b62d
Reported-by: Coverity (CID 1446711)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20210315204004.2025219-1-richard.henderson@linaro.org>
[lv: remove superfluous semicolon]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-04-07 18:55:27 +02:00
Klaus Jensen
7645f21f40 hw/block/nvme: fix out-of-bounds read in nvme_subsys_ctrl
nvme_subsys_ctrl() is used in contexts where the given controller
identifier is from an untrusted source. Like its friends nvme_ns() and
nvme_subsys_ns(), nvme_subsys_ctrl() should just return NULL if an
invalid identifier is given.

Fixes: 645ce1a70c ("hw/block/nvme: support namespace attachment command")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
2021-04-07 10:48:33 +02:00
Klaus Jensen
ec20329748 hw/block/nvme: fix assert crash in nvme_subsys_ns
nvme_subsys_ns() is used in contexts where the namespace identifier is
taken from an untrusted source. Commit 3921756dee ("hw/block/nvme:
assert namespaces array indices") tried to guard against this by
introducing an assert on the namespace identifier.

This is wrong since it is perfectly valid to call the function with an
invalid namespace identifier and like nvme_ns(), nvme_subsys_ns() should
simply return NULL.

Fixes: 3921756dee ("hw/block/nvme: assert namespaces array indices")
Fixes: 94d8d6d167 ("hw/block/nvme: support allocated namespace type")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
2021-04-07 10:48:32 +02:00
Klaus Jensen
8eb5c8069a hw/block/nvme: fix ns attachment out-of-bounds read
nvme_ns_attachment() does not verify the contents of the host-supplied
16 bit "Number of Identifiers" field in the command payload.

Make sure the value is capped at 2047 and fix the out-of-bounds read.

Fixes: 645ce1a70c ("hw/block/nvme: support namespace attachment command")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
2021-04-07 10:48:32 +02:00
Klaus Jensen
102ce606fb hw/block/nvme: add missing copyright headers
Add missing license/copyright headers to the nvme-dif.{c,h} files.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-04-07 10:48:32 +02:00
Klaus Jensen
e548935634 hw/block/nvme: fix handling of private namespaces
Prior to this patch, if a private nvme-ns device (that is, a namespace
that is not linked to a subsystem) is wired up to an nvme-subsys linked
nvme controller device, the device fails to verify that the namespace id
is unique within the subsystem. NVM Express v1.4b, Section 6.1.6 ("NSID
and Namespace Usage") states that because the device supports Namespace
Management, "NSIDs *shall* be unique within the NVM subsystem".

Additionally, prior to this patch, private namespaces are not known to
the subsystem and the namespace is considered exclusive to the
controller with which it is initially wired up to. However, this is not
the definition of a private namespace; per Section 1.6.33 ("private
namespace"), a private namespace is just a namespace that does not
support multipath I/O or namespace sharing, which means "that it is only
able to be attached to one controller at a time".

Fix this by always allocating namespaces in the subsystem (if one is
linked to the controller), regardless of the shared/private status of
the namespace. Whether or not the namespace is shareable is controlled
by a new `shared` nvme-ns parameter.

Finally, this fix allows the nvme-ns `subsys` parameter to be removed,
since the `shared` parameter now serves the purpose of attaching the
namespace to all controllers in the subsystem upon device realization.
It is invalid to have an nvme-ns namespace device with a linked
subsystem without the parent nvme controller device also being linked to
one and since the nvme-ns devices will unconditionally be "attached" (in
QEMU terms that is) to an nvme controller device through an NvmeBus, the
nvme-ns namespace device can always get a reference to the subsystem of
the controller it is explicitly (using 'bus=' parameter) or implicitly
attaching to.

Fixes: e570768566 ("hw/block/nvme: support for shared namespace in subsystem")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
2021-04-07 10:48:31 +02:00
Klaus Jensen
9b8671ed43 hw/block/nvme: update dmsrl limit on namespace detachment
The Non-MDTS DMSRL limit must be recomputed when namespaces are
detached.

Fixes: 645ce1a70c ("hw/block/nvme: support namespace attachment command")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-04-07 10:47:43 +02:00
Klaus Jensen
f447f92c88 hw/block/nvme: fix warning about legacy namespace configuration
Remove the unused BlockConf from the controller structure and remove the
noop constraint checking.

Device works just fine with both legacy drive parameter namespace and
nvme-ns namespace definitions.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
2021-04-07 10:46:47 +02:00
Klaus Jensen
dae8be368e hw/block/nvme: fix the nsid 'invalid' value
The `nvme_nsid()` function returns '-1' (FFFFFFFFh) when the given
namespace is NULL. Since FFFFFFFFh is actually a valid namespace
identifier (the "broadcast" value), change this to be '0' since that
actually *is* the invalid value.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-04-06 20:44:56 +02:00
Klaus Jensen
349bf41d59 hw/block/nvme: fix missing string representation for ns attachment
Add the missing nvme_adm_opc_str entry for the Namespace Attachment
command.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-04-06 20:44:56 +02:00
Klaus Jensen
5ad7d0174e hw/block/nvme: fix pi constraint check
Protection Information can only be enabled if there is at least 8 bytes
of metadata.

Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
2021-04-06 20:44:56 +02:00
Andrey Gruzdev
1a8e44a89f migration: Inhibit virtio-balloon for the duration of background snapshot
The same thing as for incoming postcopy - we cannot deal with concurrent
RAM discards when using background snapshot feature in outgoing migration.

Fixes: 8518278a6a (migration: implementation
  of background snapshot thread)
Signed-off-by: Andrey Gruzdev <andrey.gruzdev@virtuozzo.com>
Reported-by: David Hildenbrand <david@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210401092226.102804-3-andrey.gruzdev@virtuozzo.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-04-06 18:56:01 +01:00
Andrey Gruzdev
ecb23efea0 migration: Fix missing qemu_fflush() on buffer file in bg_migration_thread
Added missing qemu_fflush() on buffer file holding precopy device state.
Increased initial QIOChannelBuffer allocation to 512KB to avoid reallocs.
Typical configurations often require >200KB for device state and VMDESC.

Fixes: 8518278a6a (migration: implementation
  of background snapshot thread)
Signed-off-by: Andrey Gruzdev <andrey.gruzdev@virtuozzo.com>
Message-Id: <20210401092226.102804-2-andrey.gruzdev@virtuozzo.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-04-06 18:56:01 +01:00
Dr. David Alan Gilbert
99c3ac6dbe virtiofsd: Fix security.capability comparison
My security fix for the security.capability remap has a silly early
segfault in a simple case where there is an xattrmapping but it doesn't
remap the security.capability.

Fixes: e586edcb41 ("virtiofs: drop remapped security.capability xattr as needed")
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20210401145845.78445-1-dgilbert@redhat.com>
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-04-06 18:56:01 +01:00
Peter Maydell
d0d3dd401b Update version for v6.0.0-rc2 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-06 18:34:34 +01:00