block/block-copy: Fix uninitialized variable in block_copy_task_entry
Fix when building with -Os:
CC block/block-copy.o
block/block-copy.c: In function ‘block_copy_task_entry’:
block/block-copy.c:428:38: error: ‘error_is_read’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
428 | t->call_state->error_is_read = error_is_read;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
Max Reitz [Wed, 13 May 2020 11:05:43 +0000 (13:05 +0200)]
block: Pass BdrvChildRole in remaining cases
These calls have no real use for the child role yet, but it will not
harm to give one.
Notably, the bdrv_root_attach_child() call in blockjob.c is left
unmodified because there is not much the generic BlockJob object wants
from its children.
Max Reitz [Wed, 13 May 2020 11:05:39 +0000 (13:05 +0200)]
block: Use bdrv_default_perms()
bdrv_default_perms() can decide which permission profile to use based on
the BdrvChildRole, so block drivers do not need to select it explicitly.
The blkverify driver now no longer shares the WRITE permission for the
image to verify. We thus have to adjust two places in
test-block-iothread not to take it. (Note that in theory, blkverify
should behave like quorum in this regard and share neither WRITE nor
RESIZE for both of its children. In practice, it does not really
matter, because blkverify is used only for debugging, so we might as
well keep its permissions rather liberal.)
Max Reitz [Wed, 13 May 2020 11:05:36 +0000 (13:05 +0200)]
block: Make filter drivers use child_of_bds
Note that some filters have secondary children, namely blkverify (the
image to be verified) and blklogwrites (the log). This patch does not
touch those children.
Note that for blkverify, the filtered child should not be format-probed.
While there is nothing enforcing this here, in practice, it will not be:
blkverify implements .bdrv_file_open. The block layer ensures (and in
fact, asserts) that BDRV_O_PROTOCOL is set for every BDS whose driver
implements .bdrv_file_open. This flag will then be bequeathed to
blkverify's children, and they will thus (by default) not be probed
either.
("By default" refers to the fact that blkverify's other child (the
non-filtered one) will have BDRV_O_PROTOCOL force-unset, because that is
what happens for all non-filtered children of non-format drivers.)
Max Reitz [Wed, 13 May 2020 11:05:35 +0000 (13:05 +0200)]
block: Make format drivers use child_of_bds
Commonly, they need to pass the BDRV_CHILD_IMAGE set as the
BdrvChildRole; but there are exceptions for drivers with external data
files (qcow2 and vmdk).
Max Reitz [Wed, 13 May 2020 11:05:33 +0000 (13:05 +0200)]
block: Make backing files child_of_bds children
Make all parents of backing files pass the appropriate BdrvChildRole.
By doing so, we can switch their BdrvChildClass over to the generic
child_of_bds, which will do the right thing when given a correct
BdrvChildRole.
Max Reitz [Wed, 13 May 2020 11:05:31 +0000 (13:05 +0200)]
block: Switch child_format users to child_of_bds
Both users (quorum and blkverify) use child_format for
not-really-filtered children, so the appropriate BdrvChildRole in both
cases is DATA. (Note that this will cause bdrv_inherited_options() to
force-allow format probing.)
Max Reitz [Wed, 13 May 2020 11:05:30 +0000 (13:05 +0200)]
raw-format: Split raw_read_options()
Split raw_read_options() into one function that actually just reads the
options, and another that applies them. This will allow us to detect
whether the user has specified any options before attaching the file
child (so we can decide on its role based on the options).
Max Reitz [Wed, 13 May 2020 11:05:29 +0000 (13:05 +0200)]
block: Add bdrv_default_perms()
This callback can be used by BDSs that use child_of_bds with the
appropriate BdrvChildRole for their children.
Also, make bdrv_format_default_perms() use it for child_of_bds children
(just a temporary solution until we can drop bdrv_format_default_perms()
altogether).
Max Reitz [Wed, 13 May 2020 11:05:28 +0000 (13:05 +0200)]
block: Relax *perms_for_storage for data children
We can be less restrictive about pure data children than those with
metadata on them, so let bdrv_default_perms_for_storage() handle
metadata children differently from pure data children.
As explained in the code, the restrictions on metadata children are
strictly stricter than those for pure data children, so in theory we
just have to distinguish between pure-data and all other storage
children (pure metadata or data+metadata). In practice, that is not
obvious, though, so we have two independent code paths for metadata and
for data children, and data+metadata children will go through both
(without the path for data children doing anything meaningful).
Max Reitz [Wed, 13 May 2020 11:05:27 +0000 (13:05 +0200)]
block: Pull out bdrv_default_perms_for_storage()
Right now, bdrv_format_default_perms() is used by format parents
(generally). We want to switch to a model where most parents use a
single BdrvChildClass, which then decides the permissions based on the
child role. To do so, we have to split bdrv_format_default_perms() into
separate functions for each such role.
Note that bdrv_default_perms_for_storage() currently handles all DATA |
METADATA children. A follow-up patch is going to split it further into
one function for each case.
Max Reitz [Wed, 13 May 2020 11:05:26 +0000 (13:05 +0200)]
block: Pull out bdrv_default_perms_for_cow()
Right now, bdrv_format_default_perms() is used by format parents
(generally). We want to switch to a model where most parents use a
single BdrvChildClass, which then decides the permissions based on the
child role. To do so, we have to split bdrv_format_default_perms() into
separate functions for each such role.
Max Reitz [Wed, 13 May 2020 11:05:25 +0000 (13:05 +0200)]
block: Distinguish paths in *_format_default_perms
bdrv_format_default_perms() has one code path for backing files, and one
for storage files. We want to pull them out into their own functions,
so make sure they are completely distinct before so the next patches
will be a bit cleaner.
Max Reitz [Wed, 13 May 2020 11:05:24 +0000 (13:05 +0200)]
block: Add child_of_bds
Any current user of child_file, child_format, and child_backing can and
should use this generic BdrvChildClass instead, as it can handle all of
these cases. However, to be able to do so, the users must pass the
appropriate BdrvChildRole when the child is created/attached. (The
following commits will take care of that.)
Max Reitz [Wed, 13 May 2020 11:05:23 +0000 (13:05 +0200)]
block: Unify bdrv_child_cb_detach()
Make bdrv_child_cb_detach() call bdrv_backing_detach() for children with
a COW role (and drop the reverse call from bdrv_backing_detach()), so it
can be used for any child (with a proper role set).
Because so far no child has a proper role set, we need a temporary new
callback for child_backing.detach that ensures bdrv_backing_detach() is
called for all COW children that do not have their role set yet.
(Also, move bdrv_child_cb_detach() down to group it with
bdrv_inherited_options() and bdrv_child_cb_attach().)
Max Reitz [Wed, 13 May 2020 11:05:22 +0000 (13:05 +0200)]
block: Unify bdrv_child_cb_attach()
Make bdrv_child_cb_attach() call bdrv_backing_attach() for children with
a COW role (and drop the reverse call from bdrv_backing_attach()), so it
can be used for any child (with a proper role set).
Because so far no child has a proper role set, we need a temporary new
callback for child_backing.attach that ensures bdrv_backing_attach() is
called for all COW children that do not have their role set yet.
(Also, move bdrv_child_cb_attach() down to group it with
bdrv_inherited_options().)
Max Reitz [Wed, 13 May 2020 11:05:21 +0000 (13:05 +0200)]
block: Use bdrv_inherited_options()
Let child_file's, child_format's, and child_backing's .inherit_options()
implementations fall back to bdrv_inherited_options() to show that it
would really work for all of these cases, if only the parents passed the
appropriate BdrvChildRole and parent_is_format values.
(Also, make bdrv_open_inherit(), the only place to explicitly call
bdrv_backing_options(), call bdrv_inherited_options() instead.)
This patch should incur only two visible changes, both for child_format
children, both of which are effectively bug fixes:
First, they no longer have discard=unmap set by default. This reason it
was set is because bdrv_inherited_fmt_options() fell through to
bdrv_protocol_options(), and that set it because "format drivers take
care to send flushes and respect unmap policy". None of the drivers
that use child_format for their children (quorum and blkverify) are
format drivers, though, so this reasoning does not apply here.
Second, they no longer have BDRV_O_NO_IO force-cleared. child_format
was used solely for children that do not store any metadata and as such
will not be accessed by their parents as long as those parents do not
receive I/O themselves. Thus, such children should inherit
BDRV_O_NO_IO.
Max Reitz [Wed, 13 May 2020 11:05:20 +0000 (13:05 +0200)]
block: Add generic bdrv_inherited_options()
After the series this patch belongs to, we want to have a common
BdrvChildClass that encompasses all of child_file, child_format, and
child_backing. Such a single class needs a single .inherit_options()
implementation, and this patch introduces it.
The next patch will show how the existing implementations can fall back
to it just by passing appropriate BdrvChildRole and parent_is_format
values.
Max Reitz [Wed, 13 May 2020 11:05:18 +0000 (13:05 +0200)]
block: Pass parent_is_format to .inherit_options()
We plan to unify the generic .inherit_options() functions. The
resulting common function will need to decide whether to force-enable
format probing, force-disable it, or leave it as-is. To make this
decision, it will need to know whether the parent node is a format node
or not (because we never want format probing if the parent is a format
node already (except for the backing chain)).
Max Reitz [Wed, 13 May 2020 11:05:14 +0000 (13:05 +0200)]
block: Add BdrvChildRole and BdrvChildRoleBits
This mask will supplement BdrvChildClass when it comes to what role (or
combination of roles) a child takes for its parent. It consists of
BdrvChildRoleBits values (which is an enum).
Because empty enums are not allowed, let us just start with it filled.
Max Reitz [Wed, 13 May 2020 11:05:13 +0000 (13:05 +0200)]
block: Rename BdrvChildRole to BdrvChildClass
This structure nearly only contains parent callbacks for child state
changes. It cannot really reflect a child's role, because different
roles may overlap (as we will see when real roles are introduced), and
because parents can have custom callbacks even when the child fulfills a
standard role.
Max Reitz [Wed, 13 May 2020 11:05:12 +0000 (13:05 +0200)]
block: Add BlockDriver.is_format
We want to unify child_format and child_file at some point. One of the
important things that set format drivers apart from other drivers is
that they do not expect other format nodes under them (except in the
backing chain), i.e. we must not probe formats inside of formats. That
means we need something on which to distinguish format drivers from
others, and hence this flag.
Kevin Wolf [Fri, 15 May 2020 11:25:44 +0000 (13:25 +0200)]
replication: Avoid blk_make_empty() on read-only child
This is just a bandaid to keep tests/test-replication working after
bdrv_make_empty() starts to assert that we're not trying to call it on a
read-only child.
For the real solution in the future, replication should not steal the
BdrvChild from its backing file (this is never correct to do!), but
instead have its own child node references, with the appropriate
permissions.
Max Reitz [Wed, 29 Apr 2020 14:11:25 +0000 (16:11 +0200)]
block: Add blk_make_empty()
Two callers of BlockDriver.bdrv_make_empty() remain that should not call
this method directly. Both do not have access to a BdrvChild, but they
can use a BlockBackend, so we add this function that lets them use it.
Max Reitz [Wed, 29 Apr 2020 14:11:23 +0000 (16:11 +0200)]
block: Add bdrv_make_empty()
Right now, all users of bdrv_make_empty() call the BlockDriver method
directly. That is not only bad style, it is also wrong, unless the
caller has a BdrvChild with a WRITE or WRITE_UNCHANGED permission.
(WRITE_UNCHANGED suffices, because callers generally use this function
to clear a node with a backing file after a commit operation.)
Introduce bdrv_make_empty() that verifies that it does.
Kevin Wolf [Mon, 11 May 2020 16:35:29 +0000 (18:35 +0200)]
iotests: Run pylint and mypy in a testcase
We made sure that iotests.py passes pylint. It would be a shame if we
allowed new patches in that break this again, so let's just add a
meta-test case that runs pylint on it.
While we don't pass mypy --strict yet, we can already run it with a few
options that would be part of --strict to make sure that we won't
regress on these aspects at least until we can enable the full thing.
Kevin Wolf [Mon, 11 May 2020 16:35:28 +0000 (18:35 +0200)]
iotests: Fix incomplete type declarations
We need to fix only a few places so that iotests.py can pass
mypy --disallow-incomplete-defs, which seems to be a desirable option to
have enabled in the long run.
Lukas Straub [Mon, 11 May 2020 07:08:01 +0000 (09:08 +0200)]
block/replication.c: Avoid cancelling the job twice
If qemu in colo secondary mode is stopped, it crashes because
s->backup_job is canceled twice: First with job_cancel_sync_all()
in qemu_cleanup() and then in replication_stop().
Fix this by assigning NULL to s->backup_job when the job completes
so replication_stop() and replication_do_checkpoint() won't touch
the job.
Kevin Wolf [Mon, 11 May 2020 13:58:25 +0000 (15:58 +0200)]
iotests: Mirror with different source/target size
This tests that the mirror job catches situations where the target node
has a different size than the source node. It must also forbid resize
operations when the job is already running.
Kevin Wolf [Mon, 11 May 2020 13:58:24 +0000 (15:58 +0200)]
mirror: Make sure that source and target size match
If the target is shorter than the source, mirror would copy data until
it reaches the end of the target and then fail with an I/O error when
trying to write past the end.
If the target is longer than the source, the mirror job would complete
successfully, but the target wouldn't actually be an accurate copy of
the source image (it would contain some additional garbage at the end).
Fix this by checking that both images have the same size when the job
starts.
Kevin Wolf [Mon, 11 May 2020 13:58:23 +0000 (15:58 +0200)]
iotests/229: Use blkdebug to inject an error
229 relies on the mirror running into an I/O error when the target is
smaller than the source. After changing mirror to catch this condition
while starting the job, this test case won't get a job that is paused
for an I/O error any more. Use blkdebug instead to inject an error.
Kevin Wolf [Mon, 11 May 2020 13:58:22 +0000 (15:58 +0200)]
iotests/109: Don't mirror with mismatched size
This patch makes the raw image the same size as the file in a different
format that is mirrored as raw to it to avoid errors when mirror starts
to enforce that source and target are the same size.
We check only that the first 512 bytes are zeroed (instead of 64k)
because some image formats create image files that are smaller than 64k,
so trying to read 64k would result in I/O errors. Apart from this, 512
is more appropriate anyway because the raw format driver protects
specifically the first 512 bytes.
Joseph Myers [Mon, 4 May 2020 23:40:20 +0000 (23:40 +0000)]
softfloat: fix floatx80 pseudo-denormal round to integer
The softfloat function floatx80_round_to_int incorrectly handles the
case of a pseudo-denormal where only the high bit of the significand
is set, ignoring that bit (treating the number as an exact zero)
rather than treating the number as an alternative representation of
+/- 2^-16382 (which may round to +/- 1 depending on the rounding mode)
as hardware does. Fix this check (simplifying the code in the
process).
The softfloat floatx80 comparisons fail to allow for pseudo-denormals,
which should compare equal to corresponding values with biased
exponent 1 rather than 0. Add an adjustment for that case when
comparing numbers with the same sign.
The softfloat function addFloatx80Sigs, used for addition of values
with the same sign and subtraction of values with opposite sign, fails
to handle the case where the two values both have biased exponent zero
and there is a carry resulting from adding the significands, which can
occur if one or both values are pseudo-denormals (biased exponent
zero, explicit integer bit 1). Add a check for that case, so making
the results match those seen on x86 hardware for pseudo-denormals.
Joseph Myers [Mon, 4 May 2020 23:37:54 +0000 (23:37 +0000)]
softfloat: silence sNaN for conversions to/from floatx80
Conversions between IEEE floating-point formats should convert
signaling NaNs to quiet NaNs. Most of those in QEMU's softfloat code
do so, but those for floatx80 fail to. Fix those conversions to
silence signaling NaNs as well.
Peter Maydell [Fri, 15 May 2020 14:47:47 +0000 (15:47 +0100)]
Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-tcg-plugins-150520-2' into staging
Various testing, tcg and plugin updates
- fix bug in gdbstub tests that leave hanging QEMUs
- tweak s390x travis test
- re-factor guest_base handling
- support "notes" in disassembler output
- include guest address notes in out_asm
- cleanup plugin headers and and constify hwaddr
- updates MAINTAINERS for cpu-common.c
# gpg: Signature made Fri 15 May 2020 15:40:40 BST
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <[email protected]>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* remotes/stsquad/tags/pull-testing-tcg-plugins-150520-2:
MAINTAINERS: update the orphaned cpus-common.c file
qemu/qemu-plugin: Make qemu_plugin_hwaddr_is_io() hwaddr argument const
qemu/plugin: Move !CONFIG_PLUGIN stubs altogether
qemu/plugin: Trivial code movement
translate-all: include guest address in out_asm output
disas: add optional note support to cap_disas
disas: include an optional note for the start of disassembly
accel/tcg: don't disable exec_tb trace events
accel/tcg: Relax va restrictions on 64-bit guests
exec/cpu-all: Use bool for have_guest_base
linux-user: completely re-write init_guest_space
travis.yml: Improve the --disable-tcg test on s390x
tests/guest-debug: catch hanging guests
Alex Bennée [Wed, 13 May 2020 17:51:34 +0000 (18:51 +0100)]
translate-all: include guest address in out_asm output
We already have information about where each guest instructions
representation starts stored in the tcg_ctx->gen_insn_data so we can
rectify the PC for faults. We can re-use this information to annotate
the out_asm output with guest instruction address which makes it a bit
easier to work out where you are especially with longer blocks. A
minor wrinkle is that some instructions get optimised away so we have
to scan forward until we find some actual generated code.
Alex Bennée [Wed, 13 May 2020 17:51:32 +0000 (18:51 +0100)]
disas: include an optional note for the start of disassembly
This will become useful shortly for providing more information about
output assembly inline. While there fix up the indenting and code
formatting in disas().
We cannot at present limit a 64-bit guest to a virtual address
space smaller than the host. It will mostly work to ignore this
limitation, except if the guest uses high bits of the address
space for tags. But it will certainly work better, as presently
we can wind up failing to allocate the guest stack.
Widen our user-only page tree to the host or abi pointer width.
Remove the workaround for this problem from target/alpha.
Always validate guest addresses vs reserved_va, as there we
control allocation ourselves.
Alex Bennée [Wed, 13 May 2020 17:51:28 +0000 (18:51 +0100)]
linux-user: completely re-write init_guest_space
First we ensure all guest space initialisation logic comes through
probe_guest_base once we understand the nature of the binary we are
loading. The convoluted init_guest_space routine is removed and
replaced with a number of pgb_* helpers which are called depending on
what requirements we have when loading the binary.
We first try to do what is requested by the host. Failing that we try
and satisfy the guest requested base address. If all those options
fail we fall back to finding a space in the memory map using our
recently written read_self_maps() helper.
There are some additional complications we try and take into account
when looking for holes in the address space. We try not to go directly
after the system brk() space so there is space for a little growth. We
also don't want to have to use negative offsets which would result in
slightly less efficient code on x86 when it's unable to use the
segment offset register.
Less mind-binding gotos and hopefully clearer logic throughout.
Thomas Huth [Wed, 13 May 2020 17:51:26 +0000 (18:51 +0100)]
travis.yml: Improve the --disable-tcg test on s390x
Since the s390x containers do not allow KVM, we only compile-test
the --disable-tcg build on s390x and do not run the qtests. Thus,
it does not make sense to install genisoimage here, and it also does
not make sense to build the s390-ccw.img here again - it is simply
not used without the qtests.
On the other hand, if we do not build the s390-ccw.img anymore, we
can also compile with Clang - so let's use that compiler here to
get some additional test coverage.
* remotes/armbru/tags/pull-qom-2020-05-15: (21 commits)
hw: Remove unnecessary DEVICE() cast
various: Remove unnecessary OBJECT() cast
target: Remove unnecessary CPU() cast
qom: Drop @errp parameter of object_property_del()
spapr_pci: Drop some dead error handling
qdev: Unrealize must not fail
Drop more @errp parameters after previous commit
qom: Drop parameter @errp of object_property_add() & friends
qdev: Clean up qdev_connect_gpio_out_named()
hw/arm/bcm2835: Drop futile attempts at QOM-adopting memory
e1000: Don't run e1000_instance_init() twice
hw/isa/superio: Make the components QOM children
s390x/cpumodel: Fix UI to CPU features pcc-cmac-{aes,eaes}-256
tests/check-qom-proplist: Improve iterator coverage
qom: Drop object_property_set_description() parameter @errp
qom: Make all the object_property_add_FOO() return the property
qom: Drop convenience method object_property_get_uint16List()
qom: Simplify object_property_get_enum()
qom: Drop object_property_del_child()'s unused parameter @errp
qom: Clean up inconsistent use of gchar * vs. char *
...
qom: Drop @errp parameter of object_property_del()
Same story as for object_property_add(): the only way
object_property_del() can fail is when the property with this name
does not exist. Since our property names are all hardcoded, failure
is a programming error, and the appropriate way to handle it is
passing &error_abort. Most callers do that, the commit before
previous fixed one that didn't (and got the error handling wrong), and
the two remaining exceptions ignore errors.
chassis_from_bus() uses object_property_get_uint() to get property
"chassis_nr" of the bridge device. Failure would be a programming
error. Pass &error_abort, and simplify its callers.
Device realization may fail. Realization is recursive: a device's
realize() method realizes its components, and device_set_realized()
realizes its buses (which should in turn realize the devices on that
bus, except bus_set_realized() doesn't implement that, yet).
When realization of a component or bus fails, we need to roll back:
unrealize everything we realized so far. If any of these unrealizes
failed, the device would be left in an inconsistent state. Must not
happen.
device_set_realized() lets it happen: it ignores errors in the roll
back code starting at label child_realize_fail.
Since realization is recursive, unrealization must be recursive, too.
But how could a partly failed unrealize be rolled back? We'd have to
re-realize, which can fail. This design is fundamentally broken.
device_set_realized() does not roll back at all. Instead, it keeps
unrealizing, ignoring further errors.
It can screw up even for a device with no buses: if the lone
dc->unrealize() fails, it still unregisters vmstate, and calls
listeners' unrealize() callback.
bus_set_realized() does not roll back either. Instead, it stops
unrealizing.
Fortunately, no unrealize method can fail, as we'll see below.
To fix the design error, drop parameter @errp from all the unrealize
methods.
Any unrealize method that uses @errp now needs an update. This leads
us to unrealize() methods that can fail. Merely passing it to another
unrealize method cannot cause failure, though. Here are the ones that
do other things with @errp:
* virtio_serial_device_unrealize()
Fails when qbus_set_hotplug_handler() fails, but still does all the
other work. On failure, the device would stay realized with its
resources completely gone. Oops. Can't happen, because
qbus_set_hotplug_handler() can't actually fail here. Pass
&error_abort to qbus_set_hotplug_handler() instead.
* hw/ppc/spapr_drc.c's unrealize()
Fails when object_property_del() fails, but all the other work is
already done. On failure, the device would stay realized with its
vmstate registration gone. Oops. Can't happen, because
object_property_del() can't actually fail here. Pass &error_abort
to object_property_del() instead.
* spapr_phb_unrealize()
Fails and bails out when remove_drcs() fails, but other work is
already done. On failure, the device would stay realized with some
of its resources gone. Oops. remove_drcs() fails only when
chassis_from_bus()'s object_property_get_uint() fails, and it can't
here. Pass &error_abort to remove_drcs() instead.
Therefore, no unrealize method can fail before this patch.
device_set_realized()'s recursive unrealization via bus uses
object_property_set_bool(). Can't drop @errp there, so pass
&error_abort.
We similarly unrealize with object_property_set_bool() elsewhere,
always ignoring errors. Pass &error_abort instead.
Several unrealize methods no longer handle errors from other unrealize
methods: virtio_9p_device_unrealize(),
virtio_input_device_unrealize(), scsi_qdev_unrealize(), ...
Much of the deleted error handling looks wrong anyway.
One unrealize methods no longer ignore such errors:
usb_ehci_pci_exit().
Several realize methods no longer ignore errors when rolling back:
v9fs_device_realize_common(), pci_qdev_unrealize(),
spapr_phb_realize(), usb_qdev_realize(), vfio_ccw_realize(),
virtio_device_realize().
Several functions can't fail anymore: ich9_pm_add_properties(),
device_add_bootindex_property(), ppc_compat_add_property(),
spapr_caps_add_properties(), PropertyInfo.create(). Drop their @errp
parameter.
qom: Drop parameter @errp of object_property_add() & friends
The only way object_property_add() can fail is when a property with
the same name already exists. Since our property names are all
hardcoded, failure is a programming error, and the appropriate way to
handle it is passing &error_abort.
Same for its variants, except for object_property_add_child(), which
additionally fails when the child already has a parent. Parentage is
also under program control, so this is a programming error, too.
We have a bit over 500 callers. Almost half of them pass
&error_abort, slightly fewer ignore errors, one test case handles
errors, and the remaining few callers pass them to their own callers.
The previous few commits demonstrated once again that ignoring
programming errors is a bad idea.
Of the few ones that pass on errors, several violate the Error API.
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call. ich9_pm_add_properties(), sparc32_ledma_realize(),
sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize()
are wrong that way.
When the one appropriate choice of argument is &error_abort, letting
users pick the argument is a bad idea.
Drop parameter @errp and assert the preconditions instead.
There's one exception to "duplicate property name is a programming
error": the way object_property_add() implements the magic (and
undocumented) "automatic arrayification". Don't drop @errp there.
Instead, rename object_property_add() to object_property_try_add(),
and add the obvious wrapper object_property_add().
Both qdev_connect_gpio_out_named() and device_set_realized() put
objects without a parent into the "/machine/unattached/" orphanage.
qdev_connect_gpio_out_named() needs a lengthy comment to explain how
it works. It exploits that object_property_add_child() can fail only
when we got a parent already, and ignoring that error does what we
want. True. If it failed due to "duplicate property", we'd be in
trouble, but that would be a programming error.
device_set_realized() is cleaner: it checks whether we need a parent,
then calls object_property_add_child(), aborting on failure. No need
for a comment, and programming errors get caught.
hw/arm/bcm2835: Drop futile attempts at QOM-adopting memory
The "bcm2835-peripherals" device's .instance_init() method
bcm2835_peripherals_init() attempts to make two memory regions QOM
children of the device. This is futile, because memory_region_init()
already did. The errors are ignored (a later commit will change
that). Drop the useless calls.
QOM object initialization runs .instance_init() for the type and all
its supertypes; see object_init_with_type().
Both TYPE_E1000_BASE and its concrete subtypes set .instance_init() to
e1000_instance_init(). For the concrete subtypes, it duly gets run
twice. The second run fails, but the error gets ignored (a later
commit will change that).
isa_superio_realize() attempts to make isa-parallel and isa-serial QOM
children, but this does not work, because it calls
object_property_add_child() after realizing with qdev_init_nofail().
Realizing a device without a parent gives it one: it gets put into the
"/machine/unattached/" orphanage. The extra
object_property_add_child() fails, and isa_superio_realize() ignores
the error.
Move the object_property_add_child() before qdev_init_nofail(), and
pass &error_abort.
For the other components, isa_superio_realize() doesn't even try. Add
object_property_add_child() there.
This affects machines 40p, clipper and fulong2e.
For instance, fulong2e has its vt82c686b-superio (which is an
isa-superio) at /machine/unattached/device[9]. Before the patch, its
components are at /machine/unattached/device[10] .. [14]. Afterwards,
they are at
/machine/unattached/device[9]/{parallel0,serial0,serial1,isa-fdc,i8042}.
s390x/cpumodel: Fix UI to CPU features pcc-cmac-{aes,eaes}-256
Both s390_features[S390_FEAT_PCC_CMAC_AES_256].name and
s390_features[S390_FEAT_PCC_CMAC_EAES_256].name is
"pcc-cmac-eaes-256". The former is obviously a pasto.
Impact:
* s390_feat_bitmap_to_ascii() misidentifies S390_FEAT_PCC_CMAC_AES_256
as "pcc-cmac-eaes-256". Affects QMP commands query-cpu-definitions,
query-cpu-model-expansion, query-cpu-model-baseline,
query-cpu-model-comparison, and the error message when
s390_realize_cpu_model() fails in check_compatibility().
* s390_cpu_list() also misidentifies it. Affects -cpu help.
* s390_cpu_model_register_props() creates CPU property
"pcc-cmac-eaes-256" twice. The second one fails, but the error is
ignored (a later commit will change that). Results in a single
property "pcc-cmac-eaes-256" with the description for
S390_FEAT_PCC_CMAC_AES_256, and no property for
S390_FEAT_PCC_CMAC_EAES_256. CPU properties are visible in CLI -cpu
and -device, QMP & HMP device_add, QMP device-list-properties, and
QOM introspection.
The two features are almost always used via their group msa4. Such
use is not affected by this bug.
The tests' "qemu-dummy" device has only class properties. Turn one of
them into an instance property. test_dummy_class_iterator() expects
one fewer property than test_dummy_iterator(). Rewrite
test_dummy_prop_iterator() to take expected properties as argument.
qom: Drop object_property_set_description() parameter @errp
object_property_set_description() and
object_class_property_set_description() fail only when property @name
is not found.
There are 85 calls of object_property_set_description() and
object_class_property_set_description(). None of them can fail:
* 84 immediately follow the creation of the property.
* The one in spapr_rng_instance_init() refers to a property created in
spapr_rng_class_init(), from spapr_rng_properties[].
Every one of them still gets to decide what to pass for @errp.
51 calls pass &error_abort, 32 calls pass NULL, one receives the error
and propagates it to &error_abort, and one propagates it to
&error_fatal. I'm actually surprised none of them violates the Error
API.
What are we gaining by letting callers handle the "property not found"
error? Use when the property is not known to exist is simpler: you
don't have to guard the call with a check. We haven't found such a
use in 5+ years. Until we do, let's make life a bit simpler and drop
the @errp parameter.
qom: Drop convenience method object_property_get_uint16List()
qom/object.c provides object_property_get_TYPE() and
object_property_set_TYPE() for a number of common types. These are
all convenience wrappers around object_property_get_qobject() and
object_property_set_qobject().
Except for object_property_get_uint16List(), which is unusual in two ways:
* It bypasses object_property_get_qobject(). Fixable; the previous
commit did it for object_property_get_enum())
* It stores the value through a parameter. Its contract claims it
returns the value, like the other functions do. Also fixable.
Fixing is not worthwhile, though: object_property_get_uint16List() has
seen exactly one user in six years.
Convert the lone user to do its job with the generic
object_property_get_qobject(), and drop object_property_get_uint16List().
qom: Clean up inconsistent use of gchar * vs. char *
Uses of gchar * in qom/object.h:
* ObjectProperty member @name
Functions that take a property name argument all use char *. Change
the member to match.
* ObjectProperty member @type
Functions that take a property type argument or return it all use
char *. Change the member to match.
* ObjectProperty member @description
Functions that take a property description argument all use char *.
Change the member to match.
* object_resolve_path_component() parameter @part
Path components are property names. Most callers pass char *
arguments. Change the parameter to match. Adjust the few callers
that pass gchar * to pass char *.
* Return value of object_get_canonical_path_component(),
object_get_canonical_path()
Most callers convert their return values right back to char *.
Change the return value to match. Adjust the few callers where that
would add a conversion to gchar * to use char * instead.
Peter Maydell [Thu, 14 May 2020 15:17:55 +0000 (16:17 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200514' into staging
target-arm queue:
* target/arm: Use correct GDB XML for M-profile cores
* target/arm: Code cleanup to use gvec APIs better
* aspeed: Add support for the sonorapass-bmc board
* target/arm: Support reporting KVM host memory errors
to the guest via ACPI notifications
* target/arm: Finish conversion of Neon 3-reg-same insns to decodetree
Peter Maydell [Tue, 12 May 2020 16:39:04 +0000 (17:39 +0100)]
target/arm: Convert NEON VFMA, VFMS 3-reg-same insns to decodetree
Convert the Neon floating point VFMA and VFMS insn to decodetree.
These are the last insns in the 3-reg-same group so we can
remove all the support/loop code from the old decoder.
Peter Maydell [Tue, 12 May 2020 16:39:03 +0000 (17:39 +0100)]
target/arm: Convert Neon fp VMAX/VMIN/VMAXNM/VMINNM/VRECPS/VRSQRTS to decodetree
Convert the Neon fp VMAX/VMIN/VMAXNM/VMINNM/VRECPS/VRSQRTS 3-reg-same
insns to decodetree. (These are all the remaining non-accumulation
instructions in this group.)
Peter Maydell [Tue, 12 May 2020 16:39:02 +0000 (17:39 +0100)]
target/arm: Move 'env' argument of recps_f32 and rsqrts_f32 helpers to usual place
The usual location for the env argument in the argument list of a TCG helper
is immediately after the return-value argument. recps_f32 and rsqrts_f32
differ in that they put it at the end.
Move the env argument to its usual place; this will allow us to
more easily use these helper functions with the gvec APIs.
Convert the Neon integer VMUL, VMLA, and VMLS 3-reg-same inssn to
decodetree.
We don't have a gvec helper for multiply-accumulate, so VMLA and VMLS
need a loop function do_3same_fp(). This takes a reads_vd parameter
to do_3same_fp() which tells it to load the old value into vd before
calling the callback function, in the same way that the do_vfp_3op_sp()
and do_vfp_3op_dp() functions in translate-vfp.inc.c work. (The
only uses in this patch pass reads_vd == true, but later commits
will use reads_vd == false.)
This conversion fixes in passing an underdecoding for VMUL
(originally reported by Fredrik Strupe <[email protected]>): bit 1
of the 'size' field must be 0. The old decoder didn't enforce this,
but the decodetree pattern does.
The gen_VMLA_fp_reg() function performs the addition operation
with the operands in the opposite order to the old decoder:
since Neon sets 'default NaN mode' float32_add operations are
commutative so there is no behaviour difference, but putting
them this way around matches the Arm ARM pseudocode and the
required operation order for the subtraction in gen_VMLS_fp_reg().
Peter Maydell [Tue, 12 May 2020 16:38:59 +0000 (17:38 +0100)]
target/arm: Convert Neon VPMIN/VPMAX/VPADD float 3-reg-same insns to decodetree
Convert the Neon float VPMIN, VPMAX and VPADD 3-reg-same insns to
decodetree. These are the only remaining 'pairwise' operations,
so we can delete the pairwise-specific bits of the old decoder's
for-each-element loop now.
Peter Maydell [Tue, 12 May 2020 16:38:58 +0000 (17:38 +0100)]
target/arm: Convert Neon VADD, VSUB, VABD 3-reg-same insns to decodetree
Convert the Neon VADD, VSUB, VABD 3-reg-same insns to decodetree.
We already have gvec helpers for addition and subtraction, but must
add one for fabd.
projects / qemu.git / log