Commit Graph

86112 Commits

Author SHA1 Message Date
Yuri Benditovich
c3fd706165 virtio-pci: add check for vdev in virtio_pci_isr_read
https://bugzilla.redhat.com/show_bug.cgi?id=1743098
This commit completes the solution of segfault in hot unplug flow
(by commit ccec7e9603).
Added missing check for vdev in virtio_pci_isr_read.
Typical stack of crash:
virtio_pci_isr_read ../hw/virtio/virtio-pci.c:1365 with proxy-vdev = 0
memory_region_read_accessor at ../softmmu/memory.c:442
access_with_adjusted_size at ../softmmu/memory.c:552
memory_region_dispatch_read1 at ../softmmu/memory.c:1420
memory_region_dispatch_read  at ../softmmu/memory.c:1449
flatview_read_continue at ../softmmu/physmem.c:2822
flatview_read at ../softmmu/physmem.c:2862
address_space_read_full at ../softmmu/physmem.c:2875

Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Message-Id: <20210315115937.14286-2-yuri.benditovich@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-04-01 11:39:12 -04:00
Denis Plotnikov
2b7d06c452 vhost-user-blk: add immediate cleanup on shutdown
Qemu crashes on shutdown if the chardev used by vhost-user-blk has been
finalized before the vhost-user-blk.

This happens with char-socket chardev operating in the listening mode (server).
The char-socket chardev emits "close" event at the end of finalizing when
its internal data is destroyed. This calls vhost-user-blk event handler
which in turn tries to manipulate with destroyed chardev by setting an empty
event handler for vhost-user-blk cleanup postponing.

This patch separates the shutdown case from the cleanup postponing removing
the need to set an event handler.

Signed-off-by: Denis Plotnikov <den-plotnikov@yandex-team.ru>
Message-Id: <20210325151217.262793-4-den-plotnikov@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-04-01 11:39:12 -04:00
Denis Plotnikov
bc79c87bcd vhost-user-blk: perform immediate cleanup if disconnect on initialization
Commit 4bcad76f4c ("vhost-user-blk: delay vhost_user_blk_disconnect")
introduced postponing vhost_dev cleanup aiming to eliminate qemu aborts
because of connection problems with vhost-blk daemon.

However, it introdues a new problem. Now, any communication errors
during execution of vhost_dev_init() called by vhost_user_blk_device_realize()
lead to qemu abort on assert in vhost_dev_get_config().

This happens because vhost_user_blk_disconnect() is postponed but
it should have dropped s->connected flag by the time
vhost_user_blk_device_realize() performs a new connection opening.
On the connection opening, vhost_dev initialization in
vhost_user_blk_connect() relies on s->connection flag and
if it's not dropped, it skips vhost_dev initialization and returns
with success. Then, vhost_user_blk_device_realize()'s execution flow
goes to vhost_dev_get_config() where it's aborted on the assert.

To fix the problem this patch adds immediate cleanup on device
initialization(in vhost_user_blk_device_realize()) using different
event handlers for initialization and operation introduced in the
previous patch.
On initialization (in vhost_user_blk_device_realize()) we fully
control the initialization process. At that point, nobody can use the
device since it isn't initialized and we don't need to postpone any
cleanups, so we can do cleaup right away when there is a communication
problem with the vhost-blk daemon.
On operation we leave it as is, since the disconnect may happen when
the device is in use, so the device users may want to use vhost_dev's data
to do rollback before vhost_dev is re-initialized (e.g. in vhost_dev_set_log()).

Signed-off-by: Denis Plotnikov <den-plotnikov@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20210325151217.262793-3-den-plotnikov@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-04-01 11:39:12 -04:00
Denis Plotnikov
0c99d722e7 vhost-user-blk: use different event handlers on initialization
It is useful to use different connect/disconnect event handlers
on device initialization and operation as seen from the further
commit fixing a bug on device initialization.

This patch refactors the code to make use of them: we don't rely any
more on the VM state for choosing how to cleanup the device, instead
we explicitly use the proper event handler depending on whether
the device has been initialized.

Signed-off-by: Denis Plotnikov <den-plotnikov@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20210325151217.262793-2-den-plotnikov@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-04-01 11:39:12 -04:00
Peter Maydell
1bd16067b6 Pull request
A fix for VDI image files and more generally for CoRwlock.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmBkRe8ACgkQnKSrs4Gr
 c8g2EAf9Eq81Ve816xZTUc/2FzC0HGKxPehNkdbCBLbX/a+HgYQEUALFP6Lzfvud
 D1rF2bcVTpPUdvpW2UebIyQcLqRH80q1Ba9VhuA99FAYeryg+xVcRFLbHgKfticT
 omKSc9yrwJgKJXRZodSsggVBPjsCmhfClO0kA4nGLEywmZbr7i1L/fcbUPI68cOr
 5Lv19UDjTIgaGCt0oJN9x/W7FKzz53tBOkGKqmQd2ZEq4LmIlObFQq7ZIHRejneU
 76PDPiNRM4Y6fotXl91vMjCZykihuf8FYncXWhnHIOdUxUPQge2SCXhRe16bCEVG
 y/6keiV9U3CfsSCHuLK85QnBQKrTPg==
 =T9vh
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging

Pull request

A fix for VDI image files and more generally for CoRwlock.

# gpg: Signature made Wed 31 Mar 2021 10:50:39 BST
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha-gitlab/tags/block-pull-request:
  test-coroutine: Add rwlock downgrade test
  test-coroutine: Add rwlock upgrade test
  coroutine-lock: Reimplement CoRwlock to fix downgrade bug
  coroutine-lock: Store the coroutine in the CoWaitRecord only once
  block/vdi: Don't assume that blocks are larger than VdiHeader
  block/vdi: When writing new bmap entry fails, don't leak the buffer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-31 16:38:49 +01:00
Peter Maydell
6ee55e1d10 ppc patch queue for 2021-03-31
Here's another set of patches for the ppc target and associated
 machine types.  I'd hoped to send this closer to the hard freeze, but
 got caught up for some time chasing what looked like a strange
 regression, before finally concluding it was due to unrelated failures
 on the CI.
 
 This is just a handful of fairly straightforward fixes, plus one
 performance improvement that's simple and beneficial enough that I'm
 considering it a "performance bug fix".
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAmBkFRkACgkQbDjKyiDZ
 s5JrbBAAlaiADr4H0nx6XcNXdDCru+ceG1kc9xVMRIg3oSex4hhMkUH4kNqEVAVT
 pfekIRlv2I5jlth4ogxHY5SqAJ9/NqZBMT9NxgSoDQAZtSIvW/6PegcdbbcdSnGT
 afBYJH/Tw4aqu2K92knTX7meVxlmhcQF/we1tYkUkO1iEfRSSz7Ubdb5QxTbuAch
 1aOWg9RPw47DqLsPDnEZ+VLkRZI6m02uFy8Bl4DOM9DuugY+qKrCnWR1wgnWFMty
 lbYzKRnoDtrs/ginAY8uzNEonoeAhLOYO1vgAbSE0sastueNhLx4tBhB5Q6Wxw1e
 gETP1/a/+RNOIf3ua4zucVcDswqgxw0TPZYIjesn498eFxTggy2au2Rlwkg+lQt1
 jS258BFfOPKkL/cmVWC84nVZhIasE3uA6A7A5tQjFEyaAPOijIRwg6nwx46zTTeO
 kFZLBoc5T9933sXaXlsj1dB/bSZ0aBPOZBBhL5eIgeLsfTAcJGNfwT8k2qBpWRqn
 pX7ZbFvqgUm3bLtY+GIbCa8hHLrmdxfPhfh+J+NrM75lQrjKKBsToDI2fBF+5iIc
 UYoRFngqSP0rGq4H/zLlFNjN5J9wYfjKxA4fA+1ghB7LmUSABoOGOCmrLNnjvis6
 5iy8CbUZ0fHxoABbma3hb2vaMYgKyxE0pD83v7TysjpyW6IQ9uY=
 =jEq4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.0-20210331' into staging

ppc patch queue for 2021-03-31

Here's another set of patches for the ppc target and associated
machine types.  I'd hoped to send this closer to the hard freeze, but
got caught up for some time chasing what looked like a strange
regression, before finally concluding it was due to unrelated failures
on the CI.

This is just a handful of fairly straightforward fixes, plus one
performance improvement that's simple and beneficial enough that I'm
considering it a "performance bug fix".

# gpg: Signature made Wed 31 Mar 2021 07:22:17 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dg-gitlab/tags/ppc-for-6.0-20210331:
  hw/net: fsl_etsec: Tx padding length should exclude CRC
  spapr: Fix typo in the patb_entry comment
  spapr: Assert DIMM unplug state in spapr_memory_unplug()
  target/ppc/kvm: Cache timebase frequency
  hw/ppc: e500: Add missing #address-cells and #size-cells in the eTSEC node

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-31 13:14:18 +01:00
Peter Maydell
b307a3174f linux-user Pull request 20210330
Fix NETLINK_LIST_MEMBERSHIPS with NULL/invalid pointer and 0 length
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmBjN+sSHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748Eb8P/2Yq9BGaRt3grDdsvvoc4HtyuEhKQ7O/
 KQql+lWSkYtBFjyd3HzM0wj6/FHahTstZbsIcaXJQwGZ7C8GGBAmwWn1q4CkVbjt
 RSHz+6bqzC8uR7XfmmOwGqj4N6EIoSpXW8CNJAv87ImEgD/cF6E0Dlq4pEOcjKPg
 DSywgofCuhqBwvqwLHsoJ4wzA8jn3jtwtrWQE1yI5cIvLjl08lxpEW/ClAVaxs0J
 zs0bAP8dFC9N4plllQ62Ffs67DVfzYS0YprrPivJoTNUCgmq8lF9yts4nbkd1r6C
 GSio824UFY/P4AMGbYWKcxRTvb4q7/HaJ8DKeuuCDqyx/HpEFJfNTse6n03BF0+y
 38qQ9G2erKD1VLBNLWPyEBsavJA5fbaYmVpa39J+1KpepdnlL1GcqPQ5G327P6sQ
 GaqZQZBxJ0cbMRgRQvnT5iMAS6KgnSb7JwAUQZP+JGdKjRJg93it/CO1FAgQnH3I
 Jl92ZbUWjkC194aqYnFS78bUI3a5ecbdYAY6JnM77U+G1cLpMcVWjpORQdUIdmgY
 XHE6DO80Hr0KPN52ogATaxdMB1b9UtqWYgu05uU23Lq1DB75iGxcZ6EBvQqsMwRL
 h1Nl6IU15tPTNNAW7ySRnU8pzQ9GUDPW7D59j3AZjqTYEob7ClACrHcdI1660/Jz
 y0DwlRKi/A51
 =N/0o
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging

linux-user Pull request 20210330

Fix NETLINK_LIST_MEMBERSHIPS with NULL/invalid pointer and 0 length

# gpg: Signature made Tue 30 Mar 2021 15:38:35 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-6.0-pull-request:
  linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-31 10:44:43 +01:00
David Edmondson
b6489ac066 test-coroutine: Add rwlock downgrade test
Test that downgrading an rwlock does not result in a failure to
schedule coroutines queued on the rwlock.

The diagram associated with test_co_rwlock_downgrade() describes the
intended behaviour, but what was observed previously corresponds to:

| c1     | c2         | c3         | c4       |
|--------+------------+------------+----------|
| rdlock |            |            |          |
| yield  |            |            |          |
|        | wrlock     |            |          |
|        | <queued>   |            |          |
|        |            | rdlock     |          |
|        |            | <queued>   |          |
|        |            |            | wrlock   |
|        |            |            | <queued> |
| unlock |            |            |          |
| yield  |            |            |          |
|        | <dequeued> |            |          |
|        | downgrade  |            |          |
|        | ...        |            |          |
|        | unlock     |            |          |
|        |            | <dequeued> |          |
|        |            | <queued>   |          |

This results in a failure...

ERROR:../tests/test-coroutine.c:369:test_co_rwlock_downgrade: assertion failed: (c3_done)
Bail out! ERROR:../tests/test-coroutine.c:369:test_co_rwlock_downgrade: assertion failed: (c3_done)

...as a result of the c3 coroutine failing to run to completion.

Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20210325112941.365238-7-pbonzini@redhat.com
Message-Id: <20210309144015.557477-5-david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-03-31 10:44:21 +01:00
Paolo Bonzini
25bc2daed0 test-coroutine: Add rwlock upgrade test
Test that rwlock upgrade is fair, and that readers go back to sleep if
a writer is in line.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20210325112941.365238-6-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-03-31 10:44:21 +01:00
Paolo Bonzini
050de36b13 coroutine-lock: Reimplement CoRwlock to fix downgrade bug
An invariant of the current rwlock is that if multiple coroutines hold a
reader lock, all must be runnable. The unlock implementation relies on
this, choosing to wake a single coroutine when the final read lock
holder exits the critical section, assuming that it will wake a
coroutine attempting to acquire a write lock.

The downgrade implementation violates this assumption by creating a
read lock owning coroutine that is exclusively runnable - any other
coroutines that are waiting to acquire a read lock are *not* made
runnable when the write lock holder converts its ownership to read
only.

More in general, the old implementation had lots of other fairness bugs.
The root cause of the bugs was that CoQueue would wake up readers even
if there were pending writers, and would wake up writers even if there
were readers.  In that case, the coroutine would go back to sleep *at
the end* of the CoQueue, losing its place at the head of the line.

To fix this, keep the queue of waiters explicitly in the CoRwlock
instead of using CoQueue, and store for each whether it is a
potential reader or a writer.  This way, downgrade can look at the
first queued coroutines and wake it only if it is a reader, causing
all other readers in line to be released in turn.

Reported-by: David Edmondson <david.edmondson@oracle.com>
Reviewed-by: David Edmondson <david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20210325112941.365238-5-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-03-31 10:44:21 +01:00
David Edmondson
2f6ef0393b coroutine-lock: Store the coroutine in the CoWaitRecord only once
When taking the slow path for mutex acquisition, set the coroutine
value in the CoWaitRecord in push_waiter(), rather than both there and
in the caller.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20210325112941.365238-4-pbonzini@redhat.com
Message-Id: <20210309144015.557477-4-david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-03-31 10:44:21 +01:00
David Edmondson
07ee2ab4fd block/vdi: Don't assume that blocks are larger than VdiHeader
Given that the block size is read from the header of the VDI file, a
wide variety of sizes might be seen. Rather than re-using a block
sized memory region when writing the VDI header, allocate an
appropriately sized buffer.

Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Max Reitz <mreitz@redhat.com>
Message-id: 20210325112941.365238-3-pbonzini@redhat.com
Message-Id: <20210309144015.557477-3-david.edmondson@oracle.com>
Acked-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-03-31 10:44:21 +01:00
David Edmondson
574b8304cf block/vdi: When writing new bmap entry fails, don't leak the buffer
If a new bitmap entry is allocated, requiring the entire block to be
written, avoiding leaking the buffer allocated for the block should
the write fail.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Max Reitz <mreitz@redhat.com>
Message-id: 20210325112941.365238-2-pbonzini@redhat.com
Message-Id: <20210309144015.557477-2-david.edmondson@oracle.com>
Acked-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-03-31 10:44:21 +01:00
Bin Meng
611ac0a60f hw/net: fsl_etsec: Tx padding length should exclude CRC
As the comment of tx_padding_and_crc() says: "Never add CRC in QEMU",
min_frame_len should excluce CRC, so it should be 60 instead of 64.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210316081505.72898-1-bmeng.cn@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-03-31 11:10:50 +11:00
Alexey Kardashevskiy
a40888bad6 spapr: Fix typo in the patb_entry comment
There is no H_REGISTER_PROCESS_TABLE, it is H_REGISTER_PROC_TBL handler
for which is still called h_register_process_table() though.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20210225032335.64245-1-aik@ozlabs.ru>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-03-31 11:10:50 +11:00
Greg Kurz
df2d7ca774 spapr: Assert DIMM unplug state in spapr_memory_unplug()
spapr_memory_unplug() is the last step of the hot unplug sequence.
It is indirectly called by:

 spapr_lmb_release()
  hotplug_handler_unplug()

and spapr_lmb_release() already buys us that DIMM unplug state is
present : it gets restored with spapr_recover_pending_dimm_state()
if missing.

g_assert() that spapr_pending_dimm_unplugs_find() cannot return NULL
in spapr_memory_unplug() to make this clear and silence Coverity.

Fixes: Coverity CID 1450767
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <161562021166.948373.15092876234470478331.stgit@bahia.lan>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-03-31 11:10:50 +11:00
Greg Kurz
9cbcfb5924 target/ppc/kvm: Cache timebase frequency
Each vCPU core exposes its timebase frequency in the DT. When running
under KVM, this means parsing /proc/cpuinfo in order to get the timebase
frequency of the host CPU.

The parsing appears to slow down the boot quite a bit with higher number
of cores:

# of cores     seconds spent in spapr_dt_cpus()
      8                  0.550122
     16                  1.342375
     32                  2.850316
     64                  5.922505
     96                  9.109224
    128                 12.245504
    256                 24.957236
    384                 37.389113

The timebase frequency of the host CPU is identical for all
cores and it is an invariant for the VM lifetime. Cache it
instead of doing the same expensive parsing again and again.

Rename kvmppc_get_tbfreq() to kvmppc_get_tbfreq_procfs() and
rename the 'retval' variable to make it clear it is used as
fallback only. Come up with a new version of kvmppc_get_tbfreq()
that calls kvmppc_get_tbfreq_procfs() only once and keep the
value in a static.

Zero is certainly not a valid value for the timebase frequency.
Treat atoi() returning zero as another parsing error and return
the fallback value instead. This allows kvmppc_get_tbfreq() to
use zero as an indicator that kvmppc_get_tbfreq_procfs() hasn't
been called yet.

With this patch applied:

    384                 0.518382

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <161600382766.1780699.6787739229984093959.stgit@bahia.lan>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-03-31 11:10:50 +11:00
Bin Meng
093256789a hw/ppc: e500: Add missing #address-cells and #size-cells in the eTSEC node
Per devicetree spec v0.3 [1] chapter 2.3.5:

The #address-cells and #size-cells properties are not inherited
from ancestors in the devicetree. They shall be explicitly defined.
If missing, a client program should assume a default value of 2
for #address-cells, and a value of 1 for #size-cells.

These properties are currently missing, causing the <reg> property
of the queue-group subnode to be incorrectly parsed using default
values.

[1] https://github.com/devicetree-org/devicetree-specification/releases/download/v0.3/devicetree-specification-v0.3.pdf

Fixes: fdfb7f2cdb ("e500: Add support for eTSEC in device tree")
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Message-Id: <20210311081608.66891-1-bmeng.cn@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-03-31 11:10:50 +11:00
Peter Maydell
6d40ce00c1 Update version for v6.0.0-rc1 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-30 18:19:07 +01:00
Peter Maydell
b471d55491 * net/npcm7xx_emc.c: Fix handling of receiving packets when RSDR not set
* hw/display/xlnx_dp: Free FIFOs adding xlnx_dp_finalize()
  * hw/arm/smmuv3: Drop unused CDM_VALID() and is_cd_valid()
  * target/arm: Make number of counters in PMCR follow the CPU
  * hw/timer/renesas_tmr: Add default-case asserts in read_tcnt()
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmBjJlUZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3oWOEACXNbKL+hmbzErBqymWX22Y
 vgg9PBSb7TCMgue5nQdxFCPx8D4XSyjqJf/86gOZb4b/7Rx9ltrR+UhTIOESyNZV
 WniCXPaUtKFBy93IrrukLtV/ekIAi1cIPfHZBEEwSPUSxqfIgDWz5L74HfeJZVWr
 LGZCdvxBZYA8lHvqJZS7QpPjlAngu82CRnW9GEd6cRn3YBP6yIqwgNhcRDtuu3+g
 IkjueipA1qLwplixM2tZ2Se2wT6PaKa0esbPb9zs7dmdXSLo5HmPA7xCN+NNPCnR
 Bd7dMr82P4A/lXVEwK6ZJFXU0Ooum7BBBCuYS26axJEsn5IJxk2Jusjg0CdN7Roi
 hmUI9rQrAVJlmHX7czEeHZ2sM/N1kau98eQu6tb8RuE408rLCASx/VgIBfkxGyIX
 cxCgsOmM/GXcZr79eRMTt4rDjPuzmsMRSWM9LlDiDyczRr7jDgqoWgGmWOBTW+Ad
 2rUHwaL3PpsP1b56uzVuuSDslj9RV4Q/2Q+hTTzazkGhowYG0XL/D+9PFvC4gk6U
 fUqaHOO4tMvA1z6/urpCSta7cM5U0iivZTGoTJgbsBYrUpeL5iOpWSS9GqzV/wID
 zTS9jbs9HsijIGawq4kqzqN3zR1avthi2ngAIucPNw0dPrsQ1koNwyAAq3JwSG9G
 Bs5ukPXpg+989DVPmbSGgw==
 =4GT6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210330' into staging

 * net/npcm7xx_emc.c: Fix handling of receiving packets when RSDR not set
 * hw/display/xlnx_dp: Free FIFOs adding xlnx_dp_finalize()
 * hw/arm/smmuv3: Drop unused CDM_VALID() and is_cd_valid()
 * target/arm: Make number of counters in PMCR follow the CPU
 * hw/timer/renesas_tmr: Add default-case asserts in read_tcnt()

# gpg: Signature made Tue 30 Mar 2021 14:23:33 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20210330:
  hw/timer/renesas_tmr: Add default-case asserts in read_tcnt()
  target/arm: Make number of counters in PMCR follow the CPU
  hw/arm/smmuv3: Drop unused CDM_VALID() and is_cd_valid()
  hw/display/xlnx_dp: Free FIFOs adding xlnx_dp_finalize()
  net/npcm7xx_emc.c: Fix handling of receiving packets when RSDR not set

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-30 16:37:15 +01:00
Peter Maydell
4a0ba67c77 Block patches for 6.0-rc1:
- Mark the qcow2 cache clean timer as external to fix record/replay
 - Fix the mirror filter node's permissions so that an external process
   cannot grab an image while it is used as the mirror source
 - Add documentation about FUSE exports to the storage daemon
 - When creating a qcow2 image with the data-file-raw option, all
   metadata structures should be preallocated
 - iotest fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQFGBAABCAAwFiEEkb62CjDbPohX0Rgp9AfbAGHVz0AFAmBjG9ASHG1yZWl0ekBy
 ZWRoYXQuY29tAAoJEPQH2wBh1c9AVa4H/1NC4aTFi2sMzyQ8hkUck2llPiZdxP4V
 KZbyUay+z2pLPWMonyDP6szGv6444lHGBnGQWKZHcw4o5xWNu50jEB2YpkhXS9i1
 8shkZNVGxy6CVxinhrFG9qMv7GuoX3vOsVu5HnBjgpM162ZVYR+Af/8erqG1A4js
 9odM5Zl6hb+okbSovgucT3UxNeYvBDnhsKzpQnvUvsdJu3RKz6gSlTz+f6jJLLP/
 +hK54CDkCpK4fY6W0QLcZcLmmhTHYZXgeKDAHWGAzBH5p3ARY6uAXGZ9+fLE88X4
 fhgcuYeLMS+sJCzGXnEDAmGebGhEOzszvskBRIHdWK861zg0RssWQP4=
 =BdFo
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2021-03-30' into staging

Block patches for 6.0-rc1:
- Mark the qcow2 cache clean timer as external to fix record/replay
- Fix the mirror filter node's permissions so that an external process
  cannot grab an image while it is used as the mirror source
- Add documentation about FUSE exports to the storage daemon
- When creating a qcow2 image with the data-file-raw option, all
  metadata structures should be preallocated
- iotest fixes

# gpg: Signature made Tue 30 Mar 2021 13:38:40 BST
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/maxreitz/tags/pull-block-2021-03-30:
  iotests/244: Test preallocation for data-file-raw
  qcow2: Force preallocation with data-file-raw
  qsd: Document FUSE exports
  block/mirror: Fix mirror_top's permissions
  iotests/046: Filter request length
  qcow2: use external virtual timers
  iotests/116: Fix reference output
  iotests: fix 051.out expected output after error text touchups
  iotests: Fix typo in iotest 051

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-30 14:06:54 +01:00
Peter Maydell
b9e3f1579a hw/timer/renesas_tmr: Add default-case asserts in read_tcnt()
In commit 81b3ddaf87 we fixed a use of uninitialized data
in read_tcnt(). However this change wasn't enough to placate
Coverity, which is not smart enough to see that if we read a
2 bit field and then handle cases 0, 1, 2 and 3 then there cannot
be a flow of execution through the switch default. Add explicit
default cases which assert that they can't be reached, which
should help silence Coverity.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210319162458.13760-1-peter.maydell@linaro.org
2021-03-30 14:05:34 +01:00
Peter Maydell
f7fb73b8cd target/arm: Make number of counters in PMCR follow the CPU
Currently we give all the v7-and-up CPUs a PMU with 4 counters.  This
means that we don't provide the 6 counters that are required by the
Arm BSA (Base System Architecture) specification if the CPU supports
the Virtualization extensions.

Instead of having a single PMCR_NUM_COUNTERS, make each CPU type
specify the PMCR reset value (obtained from the appropriate TRM), and
use the 'N' field of that value to define the number of counters
provided.

This means that we now supply 6 counters for Cortex-A53, A57, A72,
A15 and A9 as well as '-cpu max'; Cortex-A7 and A8 stay at 4; and
Cortex-R5 goes down to 3.

Note that because we now use the PMCR reset value of the specific
implementation, we no longer set the LC bit out of reset.  This has
an UNKNOWN value out of reset for all cores with any AArch32 support,
so guest software should be setting it anyway if it wants it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-id: 20210311165947.27470-1-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2021-03-30 14:05:33 +01:00
Zenghui Yu
6c1bd93954 hw/arm/smmuv3: Drop unused CDM_VALID() and is_cd_valid()
They were introduced in commit 9bde7f0674 ("hw/arm/smmuv3: Implement
translate callback") but never actually used. Drop them.

Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Acked-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20210325142702.790-1-yuzenghui@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-30 14:05:33 +01:00
Philippe Mathieu-Daudé
c8aaa24537 hw/display/xlnx_dp: Free FIFOs adding xlnx_dp_finalize()
When building with --enable-sanitizers we get:

  Direct leak of 16 byte(s) in 1 object(s) allocated from:
      #0 0x5618479ec7cf in malloc (qemu-system-aarch64+0x233b7cf)
      #1 0x7f675745f958 in g_malloc (/lib64/libglib-2.0.so.0+0x58958)
      #2 0x561847c2dcc9 in xlnx_dp_init hw/display/xlnx_dp.c:1259:5
      #3 0x56184a5bdab8 in object_init_with_type qom/object.c:375:9
      #4 0x56184a5a2bda in object_initialize_with_type qom/object.c:517:5
      #5 0x56184a5a24d5 in object_initialize qom/object.c:536:5
      #6 0x56184a5a2f6c in object_initialize_child_with_propsv qom/object.c:566:5
      #7 0x56184a5a2e60 in object_initialize_child_with_props qom/object.c:549:10
      #8 0x56184a5a3a1e in object_initialize_child_internal qom/object.c:603:5
      #9 0x5618495aa431 in xlnx_zynqmp_init hw/arm/xlnx-zynqmp.c:273:5

The RX/TX FIFOs are created in xlnx_dp_init(), add xlnx_dp_finalize()
to destroy them.

Fixes: 58ac482a66 ("introduce xlnx-dp")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210323182958.277654-1-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-30 14:05:33 +01:00
Doug Evans
a62ee00aa0 net/npcm7xx_emc.c: Fix handling of receiving packets when RSDR not set
Turning REG_MCMDR_RXON is enough to start receiving packets.

Signed-off-by: Doug Evans <dje@google.com>
Message-id: 20210319195044.741821-1-dje@google.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-30 14:05:33 +01:00
Max Reitz
2ec7e8a946 iotests/244: Test preallocation for data-file-raw
Three test cases:
(1) Adding a qcow2 (metadata) file to an existing data file, see whether
    we can read the existing data through the qcow2 image.
(2) Append data to the data file, grow the qcow2 image accordingly, see
    whether we can read the new data through the qcow2 image.
(3) At runtime, add a backing image to a freshly created qcow2 image
    with an external data file (with data-file-raw).  Reading data from
    the qcow2 image must return the same result as reading data from the
    data file, so everything in the backing image must be ignored.
    (This did not use to be the case, because without the L2 tables
    preallocated, all clusters would appear as unallocated, and so the
    qcow2 driver would fall through to the backing file.)

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210326145509.163455-3-mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-30 13:02:11 +02:00
Max Reitz
484108293d qcow2: Force preallocation with data-file-raw
Setting the qcow2 data-file-raw bit means that you can ignore the
qcow2 metadata when reading from the external data file.  It does not
mean that you have to ignore it, though.  Therefore, the data read must
be the same regardless of whether you interpret the metadata or whether
you ignore it, and thus the L1/L2 tables must all be present and give a
1:1 mapping.

This patch changes 244's output: First, the qcow2 file is larger right
after creation, because of metadata preallocation.  Second, the qemu-img
map output changes: Everything that was not explicitly discarded or
zeroed is now a data area.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210326145509.163455-2-mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-30 13:02:10 +02:00
Frédéric Fortier
13e340c886 linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0
getsockopt(fd, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, *optval, *optlen)
syscall allows optval to be NULL/invalid if optlen points to a size of
zero. This allows userspace to query the length of the array they should
use to get the full membership list before allocating memory for said
list, then re-calling getsockopt with proper optval/optlen arguments.

Notable users of this pattern include systemd-networkd, which in the
(albeit old) version 237 tested, cannot start without this fix.

Signed-off-by: Frédéric Fortier <frf@ghgsat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20210328180135.88449-1-frf@ghgsat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-03-29 21:56:18 +02:00
Peter Maydell
7993b0f83f emulated nvme fixes
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmBiCGIACgkQTeGvMW1P
 DelF4ggAqg1fMknSqY8xKuNIvtgE7yfL8uSsp98WR70Dlc9Ri2SwuAi6pe0t6U1l
 khCE8qcHQxhPeaCvTtHfmiUvPPWmpBr9pjOTB6Kiq8WIcZ6Y2h2qxO9VKFPI01/V
 FY7Wn6u4HR9hhn60g7vN26tB3bQOj96rfuOKJjB+jmJ5z3e26cBiZsIxHsR8SWpP
 NOZLW96H19quq1yy8QM0N02vx8n9IAVr+txTe7KtxErcAuhzvbBCR2aYedqxtt11
 eEXlU5YBLZRbnxLkXuaoUBcXyPv5r/N3IAhWgvFlCmPKhlUXCuVE97SCG0xglom8
 hqeYYKvOOPYpj5fJfQ6eGzpc61tU0g==
 =efGd
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/nvme/tags/nvme-fixes-for-6.0-pull-request' into staging

emulated nvme fixes

# gpg: Signature made Mon 29 Mar 2021 18:03:30 BST
# gpg:                using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9

* remotes/nvme/tags/nvme-fixes-for-6.0-pull-request:
  hw/block/nvme: fix ref counting in nvme_format_ns
  hw/block/nvme: fix resource leak in nvme_dif_rw

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-29 18:45:12 +01:00
Klaus Jensen
3a69cadbef hw/block/nvme: fix ref counting in nvme_format_ns
Max noticed that since blk_aio_pwrite_zeroes() may invoke the callback
before returning, the callbacks will never see *count == 0 and thus
never free the count variable or decrement num_formats causing a CQE to
never be posted.

Coverity (CID 1451082) also picked up on the fact that count would not
be free'ed if the namespace was of zero size.

Fix both of these issues by explicitly checking *count and finalize for
the given namespace if --(*count) is zero. Enqueing a CQE if there are
no AIOs outstanding after this case is already handled by nvme_format()
by inspecting *num_formats.

Reported-by: Max Reitz <mreitz@redhat.com>
Reported-by: Coverity (CID 1451082)
Fixes: dc04d25e2f ("hw/block/nvme: add support for the format nvm command")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
2021-03-29 18:46:57 +02:00
Klaus Jensen
9561353ddc hw/block/nvme: fix resource leak in nvme_dif_rw
If nvme_map_dptr() fails, nvme_dif_rw() will leak the bounce context.
Fix this by using the same error handling as everywhere else in the
function.

Reported-by: Coverity (CID 1451080)
Fixes: 146f720c55 ("hw/block/nvme: end-to-end data protection")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
2021-03-29 18:46:47 +02:00
Max Reitz
220222a0fe qsd: Document FUSE exports
Implementing FUSE exports required no changes to the storage daemon, so
we forgot to document them there.  Considering that both NBD and
vhost-user-blk exports are documented in its man page (and NBD exports
in its --help text), we should probably do the same for FUSE.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210217115844.62661-1-mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-29 18:28:33 +02:00
Max Reitz
53431b9086 block/mirror: Fix mirror_top's permissions
mirror_top currently shares all permissions, and takes only the WRITE
permission (if some parent has taken that permission, too).

That is wrong, though; mirror_top is a filter, so it should take
permissions like any other filter does.  For example, if the parent
needs CONSISTENT_READ, we need to take that, too, and if it cannot share
the WRITE permission, we cannot share it either.

The exception is when mirror_top is used for active commit, where we
cannot take CONSISTENT_READ (because it is deliberately unshared above
the base node) and where we must share WRITE (so that it is shared for
all images in the backing chain, so the mirror job can take it for the
target BB).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210211172242.146671-2-mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2021-03-29 18:09:00 +02:00
Max Reitz
6d7bb95180 iotests/046: Filter request length
For its concurrent requests, 046 has always filtered the offset,
probably because concurrent requests may settle in any order.  However,
it did not filter the request length, and so if requests with different
lengths settle in an unexpected order (notably the longer request before
the shorter request), the test fails (for no good reason).

Filter the length, too.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200918153323.108932-1-mreitz@redhat.com>
2021-03-29 18:06:14 +02:00
Pavel Dovgalyuk
ad0ce64279 qcow2: use external virtual timers
Regular virtual timers are used to emulate timings
related to vCPU and peripheral states. QCOW2 uses timers
to clean the cache. These timers should have external
flag. In the opposite case they affect the execution
and it can't be recorded and replayed.
This patch adds external flag to the timer for qcow2
cache clean.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <161700516327.1141158.8366564693714562536.stgit@pasha-ThinkPad-X280>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2021-03-29 18:04:29 +02:00
Max Reitz
d751448d4f iotests/116: Fix reference output
15ce94a68c ("block/qed: bdrv_qed_do_open: deal with errp") has improved
the qed driver's error reporting, though sadly did not add a test for
it.
The good news are: There already is such a test, namely 116.
The bad news are: Its reference output was not adjusted, and so now it
fails.

Let's fix the reference output, which has the nice side effect of
demonstrating 15ce94a68ca's improvements.

Fixes: 15ce94a68c
       ("block/qed: bdrv_qed_do_open: deal with errp")
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210326141419.156831-1-mreitz@redhat.com>
2021-03-29 14:13:55 +02:00
Connor Kuehl
c00316e9b2 iotests: fix 051.out expected output after error text touchups
A patch was recently applied that touched up some error messages that
pertained to key names like 'node-name'. The trouble is it only updated
tests/qemu-iotests/051.pc.out and not tests/qemu-iotests/051.out as
well.

Do that now.

Fixes: 785ec4b1b9 ("block: Clarify error messages pertaining to
'node-name'")
Signed-off-by: Connor Kuehl <ckuehl@redhat.com>
Message-Id: <20210318200949.1387703-2-ckuehl@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2021-03-29 14:13:55 +02:00
Tao Xu
93d8d1293b iotests: Fix typo in iotest 051
There is an typo in iotest 051, correct it.

Signed-off-by: Tao Xu <tao3.xu@intel.com>
Message-Id: <20210324084321.90952-1-tao3.xu@intel.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2021-03-29 14:13:55 +02:00
Peter Maydell
ec2e6e016d linux-user pull request 20210328
- Fix recvfrom with NULL msg
 - Fix sigreturn address on s390x
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmBgqVkSHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748zHkP/ismZ9ZGHjHt7pBKoA+O7M4gc4UwGTzQ
 TyolDr8WNP2yGJmh0ONAPZAh4gsH/1XJ+rtXGiTvudh6hXN2D1cK7txfLQTc8pVm
 f1NG1mhgyJwmzmCkr5DtiT5XHTSeoHiulw62YvJVhYy1SOz9k1HtBd9pRYroofrC
 G2e61XcSrTgALS4+fEqrVgFcgnAhwdRn0fj6tttbhr83g1LVYzAahr96JqGHMOp7
 v+e20voFbatsdbmYU1EDe2kAOMCKBgT7NmtVSsXiEJszXs0GYKbRCW/skLwCn4/P
 ItGz4FgS1c1+oyndOKYn82Ee0eyfwOv+1yAf6f27Hj8Zmro6f58IQDbX0WapOnTC
 ru2Ce+NK4gCGfejyhZwMgA3/fnMlCkUiddjP/yv6fRbPYg2kexFp9jv2TO9ZBUuS
 5NvlGeGZIwN4rMbrsMoW/yOLpcNnJB8j3c0ADJjhMt8fNH4fzvU2mfIASJFYJIAx
 4oFVzkxJqZY5bWjhITSEgwXnA0cNM8eFcWBLnHGbqi/N5BK2hZ9WcpoPsndFaQ1U
 eA+YawYG2hZ4viIGlbA5/69Bx3lBFEYvloXo4TDDw4o1zDRN9XRyQgSbFH7L9VAA
 XcQTnwgP1qs9K2xkl2RVE/FgACFD1ayRn+ND7hNoHjZMD93CcoAqnca1WeBq/Qe7
 nCR9vAPzdf3k
 =FFBm
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging

linux-user pull request 20210328

- Fix recvfrom with NULL msg
- Fix sigreturn address on s390x

# gpg: Signature made Sun 28 Mar 2021 17:05:45 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-6.0-pull-request:
  linux-user: allow NULL msg in recvfrom
  linux-user/s390x: Use the guest pointer for the sigreturn stub

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-28 19:49:57 +01:00
Zach Reizner
4a1e6bce23 linux-user: allow NULL msg in recvfrom
The kernel allows a NULL msg in recvfrom so that he size of the next
message may be queried before allocating a correctly sized buffer. This
change allows the syscall translator to pass along the NULL msg pointer
instead of returning early with EFAULT.

Signed-off-by: Zach Reizner <zachr@google.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <CAFNex=DvFCq=AQf+=19fTfw-T8eZZT=3NnFFm2JMFvVr5QgQyA@mail.gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-03-27 16:48:45 +01:00
Peter Maydell
7b9a3c9f94 fixes for usb, virtio-gpu and vhost-gpu
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmBd2EoACgkQTLbY7tPo
 cTifrxAApA0+EjoDDd5lN5rMH21pqyWaN1X7gDd5LhQLqgBiSGN5WbGWl32lFp4z
 zjXDjLngnmTDxkkIsVScDjswBF2bZV5Qw0qrAM5E1wdMSC1shiSlDBi0IYJZLbXF
 VnlfuTbi6VCb4tnMDMfve6pliy8diV+f38QXXOE12FTrhdCYzQfg2cbesvHlWMsL
 dgw53J0NuSWU4lgd3dMR0g15PEutpFPFNSKznBwolUj7+Sg/lqD9Idc/O+ewt5Je
 dnro/ngZBG5ajZmHWqHOeVcpe9rjlpN2/bEp7TDxXSy4Iu57RR6Itvv6Icp/wup/
 3adu1uAYtEBB05/1prIr+kVShG/QiUFfJuJCXVqijfboGAIgsOOFt9CgwnMMMYk8
 jBqzddKyjcwHOckw1kPcIZT53akiKf+riYndrf5RI/PaOtp8D2832Bb+FscCSbg2
 rFLgOENsRZ0d6vVPcqeTxl9hctrEgwlAebBWZGcfFAIoSjBFblYC1LHAyQzMhblp
 YTv7AmXE8cEo/MimDZpq9yG0DSPI/H519Kk1lCD1jP+SZKN6TWhzRt6mzpEdVSA5
 wgLew4BBeWSLCJ8l+vcs/5rwuzSlmwFh0rr5chtKiuNthg8qdSug8o0D+7KTaK7S
 Kou0bXYtwV0IJiwWCnjTf9enZ3l7PMI4nC/zUB+RMShdB6AqVI4=
 =2H3A
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20210326-pull-request' into staging

fixes for usb, virtio-gpu and vhost-gpu

# gpg: Signature made Fri 26 Mar 2021 12:49:14 GMT
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/fixes-20210326-pull-request:
  hw/usb/hcd-ehci: Fix crash when showing help of EHCI devices
  s390x: modularize virtio-gpu-ccw
  s390x: add have_virtio_ccw
  s390x: move S390_ADAPTER_SUPPRESSIBLE
  hw/usb/hcd-ehci-sysbus: Free USBPacket on instance finalize()
  vhost-user-gpu: fix cursor move/update
  vhost-user-gpu: fix vugbm_device_init fallback
  vhost-user-gpu: glFlush before notifying clients
  usb: Remove "-usbdevice ccid"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-26 12:58:58 +00:00
Thomas Huth
db0b034185 hw/usb/hcd-ehci: Fix crash when showing help of EHCI devices
QEMU crashes with certain targets when trying to show the help
output of EHCI devices:

$ ./qemu-system-aarch64 -device ich9-usb-ehci1,help
qemu-system-aarch64: ../../devel/qemu/softmmu/physmem.c:1154: phys_section_add:
 Assertion `map->sections_nb < TARGET_PAGE_SIZE' failed.
Aborted (core dumped)

This happens because the device is doing things at "instance_init" time
that should be done at "realize" time instead. So move the related code
to the realize() function instead. (NB: This now also matches the
memory_region_del_subregion() calls which are done in usb_ehci_unrealize(),
and not during finalize()).

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210326095155.1994604-1-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-26 11:10:49 +01:00
Gerd Hoffmann
adcf33a504 s390x: modularize virtio-gpu-ccw
Since the virtio-gpu-ccw device depends on the hw-display-virtio-gpu
module, which provides the type virtio-gpu-device, packaging the
hw-display-virtio-gpu module as a separate package that may or may not
be installed along with the qemu package leads to problems. Namely if
the hw-display-virtio-gpu is absent, qemu continues to advertise
virtio-gpu-ccw, but it aborts not only when one attempts using
virtio-gpu-ccw, but also when libvirtd's capability probing tries
to instantiate the type to introspect it.

Let us thus introduce a module named hw-s390x-virtio-gpu-ccw that
is going to provide the virtio-gpu-ccw device. The hw-s390x prefix
was chosen because it is not a portable device.

With virtio-gpu-ccw built as a module, the correct way to package a
modularized qemu is to require that hw-display-virtio-gpu must be
installed whenever the module hw-s390x-virtio-gpu-ccw.

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210317095622.2839895-4-kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-26 09:33:50 +01:00
Gerd Hoffmann
2dd9d8cfb4 s390x: add have_virtio_ccw
Introduce a symbol which can be used to prevent ccw modules
being loaded into system emulators without ccw support.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210317095622.2839895-3-kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-26 09:33:50 +01:00
Gerd Hoffmann
d4c603d7be s390x: move S390_ADAPTER_SUPPRESSIBLE
The definition S390_ADAPTER_SUPPRESSIBLE was moved to "cpu.h", per
suggestion of Thomas Huth. From interface design perspective, IMHO, not
a good thing as it belongs to the public interface of
css_register_io_adapters(). We did this because CONFIG_KVM requeires
NEED_CPU_H and Thomas, and other commenters did not like the
consequences of that.

Moving the interrupt related declarations to s390_flic.h was suggested
by Cornelia Huck.

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210317095622.2839895-2-kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-26 09:33:50 +01:00
Philippe Mathieu-Daudé
2da6e36b33 hw/usb/hcd-ehci-sysbus: Free USBPacket on instance finalize()
When building with --enable-sanitizers we get:

  Direct leak of 32 byte(s) in 2 object(s) allocated from:
      #0 0x5618479ec7cf in malloc (qemu-system-aarch64+0x233b7cf)
      #1 0x7f675745f958 in g_malloc (/lib64/libglib-2.0.so.0+0x58958)
      #2 0x561847f02ca2 in usb_packet_init hw/usb/core.c:531:5
      #3 0x561848df4df4 in usb_ehci_init hw/usb/hcd-ehci.c:2575:5
      #4 0x561847c119ac in ehci_sysbus_init hw/usb/hcd-ehci-sysbus.c:73:5
      #5 0x56184a5bdab8 in object_init_with_type qom/object.c:375:9
      #6 0x56184a5bd955 in object_init_with_type qom/object.c:371:9
      #7 0x56184a5a2bda in object_initialize_with_type qom/object.c:517:5
      #8 0x56184a5a24d5 in object_initialize qom/object.c:536:5
      #9 0x56184a5a2f6c in object_initialize_child_with_propsv qom/object.c:566:5
      #10 0x56184a5a2e60 in object_initialize_child_with_props qom/object.c:549:10
      #11 0x56184a5a3a1e in object_initialize_child_internal qom/object.c:603:5
      #12 0x561849542d18 in npcm7xx_init hw/arm/npcm7xx.c:427:5

Similarly to commit d710e1e7bd ("usb: ehci: fix memory leak in
ehci"), fix by calling usb_ehci_finalize() to free the USBPacket.

Fixes: 7341ea075c
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210323183701.281152-1-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-26 09:14:48 +01:00
Marc-André Lureau
59be75e7d8 vhost-user-gpu: fix cursor move/update
"move" is incorrectly initialized.

Fix it by using a switch statement and also treating unknown commands
with a fallback.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210312100108.2706195-5-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-26 06:37:03 +01:00
Marc-André Lureau
96ee096a13 vhost-user-gpu: fix vugbm_device_init fallback
vugbm implements GBM device wrapping, udmabuf and memory fallback.
However, the fallback/detection logic is flawed, as if "/dev/udmabuf"
failed to be opened, it will not initialize vugbm and crash later.

Rework the vugbm_device_init() logic to initialize correctly in all
cases.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210312100108.2706195-4-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-26 06:37:03 +01:00
Marc-André Lureau
0c27b9c568 vhost-user-gpu: glFlush before notifying clients
For similar reasons as commit 3af1671852 ("spice: flush on GL update
before notifying client"), vhost-user-gpu must ensure the GL state is
flushed before sharing its rendering result.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210312100108.2706195-3-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-26 06:37:03 +01:00