Rao, Lei [Fri, 16 Oct 2020 05:52:02 +0000 (13:52 +0800)]
Fix the qemu crash when guest shutdown in COLO mode
In COLO mode, if the startup parameters of QEMU include "no-shutdown",
QEMU will crash when the guest shutdown. The root cause is when the
guest shutdown, the state of VM will switch COLO to SHUTDOWN. When do
checkpoint again, the state will be changed to COLO. But the state
switch is undefined in runstate_transitions_def, we should add it.
This patch fixes the following:
qemu-system-x86_64: invalid runstate transition: 'shutdown' -> 'colo'
Aborted
Rao, Lei [Fri, 16 Oct 2020 05:52:01 +0000 (13:52 +0800)]
Reduce the time of checkpoint for COLO
we should set ram_bulk_stage to false after ram_state_init,
otherwise the bitmap will be unused in migration_bitmap_find_dirty.
all pages in ram cache will be flushed to the ram of secondary guest
for each checkpoint.
* remotes/pmaydell/tags/pull-target-arm-20201110:
target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check
tests/qtest/npcm7xx_rng-test: count runs properly
hw/arm/nseries: Check return value from load_image_targphys()
hw/arm/musicpal: Only use qdev_get_gpio_in() when necessary
hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input
hw/arm/nseries: Remove invalid/unnecessary n8x0_uart_setup()
hw/misc/stm32f2xx_syscfg: Remove extraneous IRQ
hw/arm/armsse: Correct expansion MPC interrupt lines
target/arm: Fix neon VTBL/VTBX for len > 1
hw/arm/virt: Remove dependency on Cortex-A15 MPCore peripherals
docs: add some notes on the sbsa-ref machine
target/arm: add space before the open parenthesis '('
target/arm: Don't use '#' flag of printf format
target/arm: add spaces around operator
ssi: Fix bad printf format specifiers
hw/arm/Kconfig: ARM_V7M depends on PTIMER
Peter Maydell [Tue, 10 Nov 2020 12:23:05 +0000 (12:23 +0000)]
Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-11-10' into staging
* Some small qtest fixes
* Oss-fuzz updates
* Publish the docs built during gitlab CI to the user's gitlab.io page
* Update the OpenBSD VM test to v6.8
* Fix the device-crash-test script to run with the meson build system
* Some small s390x fixes
* remotes/huth-gitlab/tags/pull-request-2020-11-10:
s390x: Avoid variable size warning in ipl.h
s390x: fix clang 11 warnings in cpu_models.c
qtest: Update references to parse_escape() in comments
fuzz: add virtio-blk fuzz target
docs: add "page source" link to sphinx documentation
gitlab: force enable docs build in Fedora, Ubuntu, Debian
gitlab: publish the docs built during CI
configure: surface deprecated targets in the help output
fuzz: Make fork_fuzz.ld compatible with LLVM's LLD
scripts/oss-fuzz: give all fuzzers -target names
docs/fuzz: update fuzzing documentation post-meson
docs/fuzz: rST-ify the fuzzing documentation
MAINTAINERS: Add gitlab-pipeline-status script to GitLab CI section
gitlab-ci: Drop generic cache rule
tests/qtest/tpm: Remove redundant check in the tpm_test_swtpm_test()
qtest: Fix bad printf format specifiers
device-crash-test: Check if path is actually an executable file
tests/vm: update openbsd to release 6.8
meson: always include contrib/libvhost-user
Peter Maydell [Mon, 9 Nov 2020 14:53:24 +0000 (14:53 +0000)]
target/arm/translate-neon.c: Handle VTBL UNDEF case before VFP access check
Checks for UNDEF cases should go before the "is VFP enabled?" access
check, except in special cases. Move a stray UNDEF check in the VTBL
trans function up above the access check.
The number of runs is equal to the number of 0-1 and 1-0 transitions,
plus one. Currently, it's counting the number of times these transitions
do _not_ happen, plus one.
Source:
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-22r1a.pdf
section 2.3.4 point (3).
Peter Maydell [Tue, 3 Nov 2020 11:49:18 +0000 (11:49 +0000)]
hw/arm/nseries: Check return value from load_image_targphys()
The nseries machines have a codepath that allows them to load a
secondary bootloader. This code wasn't checking that the
load_image_targphys() succeeded. Check the return value and report
the error to the user.
While we're in the vicinity, fix the comment style of the
comment documenting what this image load is doing.
hw/arm/musicpal: Don't connect two qemu_irqs directly to the same input
The MusicPal board code connects both of the IRQ outputs of the UART
to the same INTC qemu_irq. Connecting two qemu_irqs outputs directly
to the same input is not valid as it produces subtly wrong behaviour
(for instance if both the IRQ lines are high, and then one goes
low, the INTC input will see this as a high-to-low transition
even though the second IRQ line should still be holding it high).
This kind of wiring needs an explicitly created OR gate; add one.
omap2420_mpu_init() introduced in commit 827df9f3c5f ("Add basic
OMAP2 chip support") takes care of creating the 3 UARTs.
Then commit 58a26b477e9 ("Emulate a serial bluetooth HCI with H4+
extensions and attach to n8x0's UART") added n8x0_uart_setup()
which create the UART and connects it to an IRQ output,
overwritting the existing peripheral and its IRQ connection.
This is incorrect.
Fortunately we don't need to fix this, because commit 6da68df7f9b
("hw/arm/nseries: Replace the bluetooth chardev with a "null"
chardev") removed the use of this peripheral. We can simply
remove the code.
The helper function did not get updated when we reorganized
the vector register file for SVE. Since then, the neon dregs
are non-sequential and cannot be simply indexed.
At the same time, make the helper function operate on 64-bit
quantities so that we do not have to call it twice.
Andrew Jones [Wed, 4 Nov 2020 10:33:43 +0000 (11:33 +0100)]
hw/arm/Kconfig: ARM_V7M depends on PTIMER
commit 32bd322a0134 ("hw/timer/armv7m_systick: Rewrite to use ptimers")
changed armv7m_systick to build on ptimers. Make sure we have ptimers
in the build when building armv7m_systick.
* remotes/vivier2/tags/linux-user-for-5.2-pull-request:
linux-user/sparc: Don't zero high half of PC, NPC, PSR in sigreturn
linux-user/sparc: Correct set/get_context handling of fp and i7
linux-user/sparc: Fix errors in target_ucontext structures
Peter Maydell [Tue, 10 Nov 2020 09:24:56 +0000 (09:24 +0000)]
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20201109' into staging
This fixes two bugs in the RISC-V port. One is a bug in the
Ibex PLIC, the other fixes the Hypvervisor access functions.
# gpg: Signature made Tue 10 Nov 2020 03:53:49 GMT
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <[email protected]>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-to-apply-20201109:
hw/intc/ibex_plic: Clear the claim register when read
target/riscv: Split the Hypervisor execute load helpers
target/riscv: Remove the hyp load and store functions
target/riscv: Remove the HS_TWO_STAGE flag
target/riscv: Set the virtualised MMU mode when doing hyp accesses
target/riscv: Add a virtualised MMU Mode
Daniele Buono [Thu, 5 Nov 2020 22:19:00 +0000 (17:19 -0500)]
s390x: Avoid variable size warning in ipl.h
S390IPLState contains two IplParameterBlock, which may in turn have
either a IPLBlockPV or a IplBlockFcp, both ending with a variable
sized field (an array).
This causes a warning with clang 11 or greater, which checks that
variable sized type are only allocated at the end of the struct:
In file included from ../qemu-cfi-v3/target/s390x/diag.c:21:
../qemu-cfi-v3/hw/s390x/ipl.h:161:23: error: field 'iplb' with variable sized type 'IplParameterBlock' (aka 'union IplParameterBlock') not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
IplParameterBlock iplb;
^
../qemu-cfi-v3/hw/s390x/ipl.h:162:23: error: field 'iplb_pv' with variable sized type 'IplParameterBlock' (aka 'union IplParameterBlock') not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
IplParameterBlock iplb_pv;
In this case, however, the warning is a false positive, because
IPLBlockPV and IplBlockFcp are allocated in a union wrapped at 4K,
making the union non-variable sized.
Fix the warning by turning the two variable sized arrays into arrays
of size 0. This avoids the compiler error and should produce the
same code.
Daniele Buono [Thu, 5 Nov 2020 22:18:58 +0000 (17:18 -0500)]
s390x: fix clang 11 warnings in cpu_models.c
There are void * pointers that get casted to enums, in cpu_models.c
Such casts can result in a small integer type and are caught as
warnings with clang, starting with version 11:
Clang 11 finds a bunch of spots in the code that trigger this new warnings:
../qemu-base/target/s390x/cpu_models.c:985:21: error: cast to smaller integer type 'S390Feat' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
S390Feat feat = (S390Feat) opaque;
^~~~~~~~~~~~~~~~~
../qemu-base/target/s390x/cpu_models.c:1002:21: error: cast to smaller integer type 'S390Feat' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
S390Feat feat = (S390Feat) opaque;
^~~~~~~~~~~~~~~~~
../qemu-base/target/s390x/cpu_models.c:1036:27: error: cast to smaller integer type 'S390FeatGroup' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
S390FeatGroup group = (S390FeatGroup) opaque;
^~~~~~~~~~~~~~~~~~~~~~
../qemu-base/target/s390x/cpu_models.c:1057:27: error: cast to smaller integer type 'S390FeatGroup' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
S390FeatGroup group = (S390FeatGroup) opaque;
^~~~~~~~~~~~~~~~~~~~~~
4 errors generated.
Avoid this warning by casting the pointer to uintptr_t first.
Peter Maydell [Mon, 9 Nov 2020 16:26:21 +0000 (16:26 +0000)]
qtest: Update references to parse_escape() in comments
In commit 61030280ca2d67bd in 2018 we renamed the parse_escape()
function to parse_interpolation(), but we didn't catch the references
to this function in doc comments in libqtest.h. Update them.
Dima Stepanov [Mon, 9 Nov 2020 11:25:50 +0000 (14:25 +0300)]
fuzz: add virtio-blk fuzz target
The virtio-blk fuzz target sets up and fuzzes the available virtio-blk
queues. The implementation is based on two files:
- tests/qtest/fuzz/virtio_scsi_fuzz.c
- tests/qtest/virtio_blk_test.c
gitlab: force enable docs build in Fedora, Ubuntu, Debian
Meson runs a test to see if Sphinx works, and automatically disables it
on error. This can lead to the CI jobs skipping docs build without
maintainers noticing the problem. Use --enable-docs to force a fatal
error if Sphinx doesn't work on the jobs where we expect it to be OK.
Most of the build jobs will create the sphinx documentation. If we
expose this as an artifact of a "pages" job in a "public" directory, it
will get published using GitLab Pages. This means a user can push a
branch with docs changes to GitLab and view the results at
Daniele Buono [Thu, 5 Nov 2020 22:18:57 +0000 (17:18 -0500)]
fuzz: Make fork_fuzz.ld compatible with LLVM's LLD
LLVM's linker, LLD, supports the keyword "INSERT AFTER", starting with
version 11.
However, when multiple sections are defined in the same "INSERT AFTER",
they are added in a reversed order, compared to BFD's LD.
This patch makes fork_fuzz.ld generic enough to work with both linkers.
Each section now has its own "INSERT AFTER" keyword, so proper ordering is
defined between the sections added.
This was also not a complete fix, because though OSS-Fuzz
ignores the renamed fuzzer, the underlying ClusterFuzz, doesn't:
https://storage.googleapis.com/clusterfuzz-builds/qemu/targets.list.address
https://oss-fuzz-build-logs.storage.googleapis.com/log-9bfb55f9-1c20-4aa6-a49c-ede12864eeb2.txt
(clusterfuzz still lists qemu-fuzz-i386.base as a fuzzer)
This change keeps the hard-links, but makes them all point to a file
with a qemu-fuzz-i386-target-.. name. If we have targets, A, B, C, the
result will be:
The result should be that every file that looks like a fuzzer to
OSS-Fuzz/ClusterFuzz, can run as a fuzzer (we don't have a separate base
copy). Unfortunately, there is not simple way to test this locally.
In the future, it might be worth it to link the majority of QEMU in as a
shared-object (see https://github.com/google/oss-fuzz/issues/4575 )
Peter Maydell [Thu, 5 Nov 2020 21:23:14 +0000 (21:23 +0000)]
linux-user/sparc: Don't zero high half of PC, NPC, PSR in sigreturn
The function do_sigreturn() tries to store the PC, NPC and PSR in
uint32_t local variables, which implicitly drops the high half of
these fields for 64-bit guests.
The usual effect was that a guest which used signals would crash on
return from a signal unless it was lucky enough to take it while the
PC was in the low 4GB of the address space. In particular, Debian
/bin/dash and /bin/bash would segfault after executing external
commands.
Use abi_ulong, which is the type these fields all have in the
__siginfo_t struct.
Peter Maydell [Thu, 5 Nov 2020 21:23:13 +0000 (21:23 +0000)]
linux-user/sparc: Correct set/get_context handling of fp and i7
Because QEMU's user-mode emulation just directly accesses guest CPU
state, for SPARC the guest register window state is not the same in
the sparc64_get_context() and sparc64_set_context() functions as it
is for the real kernel's versions of those functions. Specifically,
for the kernel it has saved the user space state such that the O*
registers go into a pt_regs struct as UREG_I*, and the I* registers
have been spilled onto the userspace stack. For QEMU, we haven't
done that, so the guest's O* registers are still in WREG_O* and the
I* registers in WREG_I*.
The code was already accessing the O* registers correctly for QEMU,
but had copied the kernel code for accessing the I* registers off the
userspace stack. Replace this with direct accesses to fp and i7 in
the CPU state, and add a comment explaining why we differ from the
kernel code here.
This fix is sufficient to get bash to a shell prompt.
Peter Maydell [Thu, 5 Nov 2020 21:23:12 +0000 (21:23 +0000)]
linux-user/sparc: Fix errors in target_ucontext structures
The various structs that make up the SPARC target_ucontext had some
errors:
* target structures must not include fields which are host pointers,
which might be the wrong size. These should be abi_ulong instead
* because we don't have the 'long double' part of the mcfpu_fregs
union in our version of the target_mc_fpu struct, we need to
manually force it to be 16-aligned
In particular, the lack of 16-alignment caused sparc64_get_context()
and sparc64_set_context() to read and write all the registers at the
wrong offset, which triggered a guest glibc stack check in
siglongjmp:
*** longjmp causes uninitialized stack frame ***: terminated
when trying to run bash.
hw/intc/ibex_plic: Clear the claim register when read
After claiming the interrupt by reading the claim register we want to
clear the register to make sure the interrupt doesn't appear at the next
read.
This matches the documentation for the claim register as when an interrupt
is claimed by a target the relevant bit of IP is cleared (which we already
do): https://docs.opentitan.org/hw/ip/rv_plic/doc/index.html
target/riscv: Remove the hyp load and store functions
Remove the special Virtulisation load and store functions and just use
the standard tcg tcg_gen_qemu_ld_tl() and tcg_gen_qemu_st_tl() functions
instead.
As part of this change we ensure we still run an access check to make
sure we can perform the operations.
Peter Maydell [Mon, 9 Nov 2020 19:33:07 +0000 (19:33 +0000)]
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-11-09-v2' into staging
Block patches for 5.2.0-rc1:
- Some nvme fixes (addressing problems spotted by Coverity)
- Fix nfs compiling on mingw (and enable it in Cirrus)
- Fix an error path in bdrv_co_invalidate_cache() (permission update
was initiated, but not aborted)
- Fix (on-error) roll back in bdrv_drop_intermediate(): Instead of
inlining bdrv_replace_node() (wrongly), call that function
- Fix for iotest 240
- Fix error handling in bdrv_getlength()
- Be more explicit about how QCowL2Meta objects are handled
- Cleanups
* remotes/maxreitz/tags/pull-block-2020-11-09-v2:
block: make bdrv_drop_intermediate() less wrong
block: add bdrv_replace_node_common()
block: add forgotten bdrv_abort_perm_update() to bdrv_co_invalidate_cache()
block: Fix some code style problems, "foo* bar" should be "foo *bar"
block: Fix integer promotion error in bdrv_getlength()
block: enable libnfs on msys2/mingw in cirrus.yml
block: Fixes nfs compiling error on msys2/mingw
iotests: rewrite iotest 240 in python
iotests: add filter_qmp_virtio_scsi function
hw/block/nvme: fix free of array-typed value
hw/block/nvme: fix uint16_t use of uint32_t sgls member
hw/block/nvme: fix null ns in register namespace
qcow2: Document and enforce the QCowL2Meta invariants
block: Move bdrv_drain_all_end_quiesce() to block_int.h
block: Remove unused include
First, permission update loop tries to do iterations transactionally,
but the whole update is not transactional: nobody roll-back successful
loop iterations when some iteration fails.
Second, in the iteration we have nested permission update:
c->klass->update_filename may point to bdrv_child_cb_update_filename()
which calls bdrv_backing_update_filename(), which may do node reopen to
RW.
Permission update system is not prepared to nested updates, at least it
has intermediate permission-update state stored in BdrvChild
structures: has_backup_perm, backup_perm and backup_shared_perm.
So, let's first do bdrv_replace_node_common() (which is more
transactional than open-coded update in bdrv_drop_intermediate()) and
then call update_filename() in separate. We still do not rollback
changes in case of update_filename() failure but it's not much worse
than pre-patch behavior.
Note that bdrv_replace_node_common() does check for frozen children,
so corresponding check is dropped in bdrv_drop_intermediate().
Add new parameter to bdrv_replace_node(): auto_skip. With
auto_skip=false we'll have stricter behavior: update _all_ from
parents or fail. New behaviour will be used in the following commit in
block.c, so keep original function name as public interface.
Note: new error message is a bit funny in contrast with further
"Cannot" in case of frozen child, but we'd better keep some difference
to make it possible to distinguish one from another on failure. Still,
actually we'd better refactor should_update_child() call to distinguish
also different kinds of "should not". Let's do it later.
shiliyang [Fri, 30 Oct 2020 03:35:12 +0000 (11:35 +0800)]
block: Fix some code style problems, "foo* bar" should be "foo *bar"
There have some code style problems be found when read the block driver code.
So I fixes some problems of this error, ERROR: "foo* bar" should be "foo *bar".
This cache rule is meant for Avocado artifacts, but affects
all jobs. Moreover the 'acceptance_template' template already
include a more detailled rule to cache artifacts.
AlexChen [Thu, 5 Nov 2020 15:03:36 +0000 (23:03 +0800)]
tests/qtest/tpm: Remove redundant check in the tpm_test_swtpm_test()
The 'addr' would not be NULL after checking 'succ' is valid,
and it has been dereferenced in the previous code(args = g_strdup_printf()).
So the check on 'addr' in the tpm_test_swtpm_test() is redundant. Remove it.
Eduardo Habkost [Mon, 26 Oct 2020 12:52:38 +0000 (08:52 -0400)]
device-crash-test: Check if path is actually an executable file
After the transition to Meson, the build directory now have
subdirectories named "qemu-system-*.p", and device-crash-test
will try to execute them as if they were binaries. This results
in errors like:
Stefan Hajnoczi [Fri, 6 Nov 2020 21:03:40 +0000 (21:03 +0000)]
meson: always include contrib/libvhost-user
libvhost-user is needed when CONFIG_LINUX is set. The CONFIG_VHOST_USER
check in meson.build is incorrect.
In fact, no explicit check is needed since this dependency is not built
by default. If something declares a dependency on libvhost-user then it
will be built, otherwise it won't be built (i.e. on non-Linux hosts).
This fixes ./configure --disable-vhost-user && make.
Eric Blake [Thu, 5 Nov 2020 15:51:22 +0000 (09:51 -0600)]
block: Fix integer promotion error in bdrv_getlength()
Back in 2015, we attempted to fix error reporting for images that
claimed to have more than INT64_MAX/512 sectors, but due to the type
promotions caused by BDRV_SECTOR_SIZE being unsigned, this
inadvertently forces all negative ret values to be slammed into -EFBIG
rather than the original error. While we're at it, we can avoid the
confusing ?: by spelling the logic more directly.
Yonggang Luo [Thu, 5 Nov 2020 12:31:15 +0000 (20:31 +0800)]
block: Fixes nfs compiling error on msys2/mingw
These compiling errors are fixed:
../block/nfs.c:27:10: fatal error: poll.h: No such file or directory
27 | #include <poll.h>
| ^~~~~~~~
compilation terminated.
../block/nfs.c:63:5: error: unknown type name 'blkcnt_t'
63 | blkcnt_t st_blocks;
| ^~~~~~~~
../block/nfs.c: In function 'nfs_client_open':
../block/nfs.c:550:27: error: 'struct _stat64' has no member named 'st_blocks'
550 | client->st_blocks = st.st_blocks;
| ^
../block/nfs.c: In function 'nfs_get_allocated_file_size':
../block/nfs.c:751:41: error: 'struct _stat64' has no member named 'st_blocks'
751 | return (task.ret < 0 ? task.ret : st.st_blocks * 512);
| ^
../block/nfs.c: In function 'nfs_reopen_prepare':
../block/nfs.c:805:31: error: 'struct _stat64' has no member named 'st_blocks'
805 | client->st_blocks = st.st_blocks;
| ^
../block/nfs.c: In function 'nfs_get_allocated_file_size':
../block/nfs.c:752:1: error: control reaches end of non-void function [-Werror=return-type]
752 | }
| ^
On msys2/mingw, there is no st_blocks in struct _stat64 yet, we disable the usage of it
on msys2/mingw, and create a typedef long long blkcnt_t; for further implementation
Klaus Jensen [Wed, 4 Nov 2020 10:22:48 +0000 (11:22 +0100)]
hw/block/nvme: fix free of array-typed value
Since 7f0f1acedf15 ("hw/block/nvme: support multiple namespaces"), the
namespaces member of NvmeCtrl is no longer a dynamically allocated
array. Remove the free.
Alberto Garcia [Wed, 7 Oct 2020 16:13:23 +0000 (18:13 +0200)]
qcow2: Document and enforce the QCowL2Meta invariants
The QCowL2Meta structure is used to store information about a part of
a write request that touches clusters that need changes in their L2
entries. This happens with newly-allocated clusters or subclusters.
This structure has changed a bit since it was first created and its
current documentation is not quite up-to-date.
A write request can span a region consisting of a combination of
clusters of different types, and qcow2_alloc_host_offset() can
repeatedly call handle_copied() and handle_alloc() to add more
clusters to the mix as long as they all are contiguous on the image
file.
Because of this a write request has a list of QCowL2Meta structures,
one for each part of the request that needs changes in the L2
metadata.
Each one of them spans nb_clusters and has two copy-on-write regions
located immediately before and after the middle region touched by that
part of the write request. Even when those regions themselves are
empty their offsets must be correct because they are used to know the
location of the middle region.
This was not always the case but it is not a problem anymore
because the only two places where QCowL2Meta structures are created
(calculate_l2_meta() and qcow2_co_truncate()) ensure that the
copy-on-write regions are correctly defined, and so do assertions like
the ones in perform_cow().
The conditional initialization of the 'written_to' variable is
therefore unnecessary and is removed by this patch.
CI jobs results:
. https://cirrus-ci.com/build/5340929353580544
. https://gitlab.com/philmd/qemu/-/pipelines/213407241
. https://travis-ci.org/github/philmd/qemu/builds/742315021
# gpg: Signature made Sun 08 Nov 2020 23:58:37 GMT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <[email protected]>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
Peter Maydell [Mon, 9 Nov 2020 10:10:49 +0000 (10:10 +0000)]
Merge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-fixes-20201109' into staging
MIPS patches queue
- Deprecate nanoMIPS ISA
- Fix PageMask with variable page size (Huacai Chen)
- Fix memory leak in boston_fdt_filter (Coverity CID 1432275, Peter Maydell)
CI jobs results:
. https://cirrus-ci.com/build/5439131968864256
. https://gitlab.com/philmd/qemu/-/pipelines/213403385
. https://travis-ci.org/github/philmd/qemu/builds/742312387
# gpg: Signature made Sun 08 Nov 2020 23:41:19 GMT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <[email protected]>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd-gitlab/tags/mips-fixes-20201109:
hw/mips/boston: Fix memory leak in boston_fdt_filter() error-handling paths
target/mips: Fix PageMask with variable page size
target/mips: Deprecate nanoMIPS ISA
BlockDeviceMapEntry has never been used. It was added in commit facd6e2 "so that it is published through the introspection mechanism."
What exactly introspecting types that aren't used for anything could
accomplish isn't clear. What "introspection mechanism" to use is also
nebulous. To the best of my knowledge, there has never been one that
covered this type. Certainly not query-qmp-schema, which includes
only types that are actually used in QMP.
Not being able to introspect BlockDeviceMapEntry hasn't bothered
anyone enough to complain in almost four years. Get rid of it.
Max Reitz [Wed, 4 Nov 2020 16:55:12 +0000 (17:55 +0100)]
qapi/block-core: Improve MapEntry documentation
MapEntry and BlockDeviceMapEntry are kind of the same thing, and the
latter is not used, so we want to remove it. However, the documentation
it provides for some fields is better than that of MapEntry, so steal
some of it for the latter.
(And adjust them a bit in the process, because I feel like we can make
them even clearer.)
MAINTAINERS: Demote Renesas target & hardware to 'Odd Fixes'
To be fair with other subsystems listed as 'Odd Fixes' but having
maintainers more present, demote the Renesas sections from being
'Maintained' to 'Odd Fixes' (has a maintainer but they don't have
time to do much other than throw the odd patch in.)
This matches Magnus's possibilities so far:
https://www.mail-archive.com/[email protected]/msg710319.html
Peter Maydell [Fri, 6 Nov 2020 17:58:23 +0000 (17:58 +0000)]
hw/mips/boston: Fix memory leak in boston_fdt_filter() error-handling paths
Coverity points out that the error-handling paths in the
boston_fdt_filter() function don't free the fdt that was allocated.
Fix the leak by using g_autofree.
Jiaxun Yang [Fri, 6 Nov 2020 04:21:45 +0000 (12:21 +0800)]
target/mips: Fix PageMask with variable page size
Our current code assumed the target page size is always 4k
when handling PageMask and VPN2, however, variable page size
was just added to mips target and that's no longer true.
Unfortunately the links referenced doesn't work anymore (www.mips.com).
From this Wayback machine link [1] we can get to a working place to
download a toolchain (a more recent release than the one referenced
in the announcement mails):
http://codescape.mips.com/components/toolchain/nanomips/2018.04-02/downloads.html
The toolchain page mention LLVM but simply links http://llvm.org/
where there is no reference on nanoMIPS.
The only reference in the GCC mailing list, is the nanoMIPS
announcement: https://gcc.gnu.org/pipermail/gcc/2018-May.txt
The developer who authored the announcements have been emailed [2]
to ask for more information but all their emails are now bouncing:
Our deprecation policy do not allow feature removal before 2 release,
therefore declare the nanoMIPS ISA code deprecated as of QEMU 5.2.
This gives time to developers to update the QEMU community, or
interested parties to step in to maintain this code.
Peter Maydell [Fri, 6 Nov 2020 09:40:50 +0000 (09:40 +0000)]
Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20201106' into staging
9pfs: some fixes
* Fix meson build config for Xen.
* Code style fixes.
# gpg: Signature made Fri 06 Nov 2020 09:12:51 GMT
# gpg: using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395
# gpg: issuer "[email protected]"
# gpg: Good signature from "Christian Schoenebeck <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: ECAB 1A45 4014 1413 BA38 4926 30DB 47C3 A012 D5F4
# Subkey fingerprint: 96D8 D110 CF7A F808 4F88 5901 34C2 B587 65A4 7395
* remotes/cschoenebeck/tags/pull-9p-20201106:
hw/9pfs: Fix Kconfig dependency problem between 9pfs and Xen
hw/9pfs : add space before the open parenthesis '('
hw/9pfs : open brace '{' following struct go on the same line
hw/9pfs : add spaces around operator
* remotes/vivier2/tags/linux-user-for-5.2-pull-request:
linux-user: Check copy_from_user() return value in vma_dump_size()
linux-user/syscall: Fix missing target_to_host_timespec64() check
linux-user: Use "!= 0" when checking if MAP_FIXED_NOREPLACE is non-zero
linux-user/mips/cpu_loop: silence the compiler warnings
* remotes/dg-gitlab/tags/ppc-for-5.2-20201105:
spapr: Convert hpt_prepare_thread() to use qemu_try_memalign()
spapr: Drop dead code in spapr_reallocate_hpt()
target/ppc/excp_helper: Add a fallthrough for fix compiler warning
Peter Maydell [Thu, 5 Nov 2020 15:16:43 +0000 (15:16 +0000)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc,pci,vhost,virtio: fixes
Lots of fixes all over the place.
virtio-mem and virtio-iommu patches are kind of fixes but
it seems better to just make them behave sanely than
try to educate users about the limitations ...
Signed-off-by: Michael S. Tsirkin <[email protected]>
# gpg: Signature made Wed 04 Nov 2020 18:40:03 GMT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "[email protected]"
# gpg: Good signature from "Michael S. Tsirkin <[email protected]>" [full]
# gpg: aka "Michael S. Tsirkin <[email protected]>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream: (31 commits)
contrib/vhost-user-blk: fix get_config() information leak
block/export: fix vhost-user-blk get_config() information leak
block/export: make vhost-user-blk config space little-endian
configure: introduce --enable-vhost-user-blk-server
libvhost-user: follow QEMU comment style
vhost-blk: set features before setting inflight feature
Revert "vhost-blk: set features before setting inflight feature"
net: Add vhost-vdpa in show_netdevs()
vhost-vdpa: Add qemu_close in vhost_vdpa_cleanup
vfio: Don't issue full 2^64 unmap
virtio-iommu: Set supported page size mask
vfio: Set IOMMU page size as per host supported page size
memory: Add interface to set iommu page size mask
virtio-iommu: Add notify_flag_changed() memory region callback
virtio-iommu: Add replay() memory region callback
virtio-iommu: Call memory notifiers in attach/detach
virtio-iommu: Add memory notifiers for map/unmap
virtio-iommu: Store memory region in endpoint struct
virtio-iommu: Fix virtio_iommu_mr()
hw/smbios: Fix leaked fd in save_opt_one() error path
...
hw/9pfs: Fix Kconfig dependency problem between 9pfs and Xen
Commit b2c00bce54c ("meson: convert hw/9pfs, cleanup") introduced
CONFIG_9PFS (probably a wrong conflict resolution). This config is
not used anywhere. Backends depend on CONFIG_FSDEV_9P which itself
depends on CONFIG_VIRTFS.
Remove the invalid CONFIG_9PFS and use CONFIG_FSDEV_9P instead, to
fix the './configure --without-default-devices --enable-xen' build:
/usr/bin/ld: libcommon.fa.p/hw_xen_xen-legacy-backend.c.o: in function `xen_be_register_common':
hw/xen/xen-legacy-backend.c:754: undefined reference to `xen_9pfs_ops'
/usr/bin/ld: libcommon.fa.p/fsdev_qemu-fsdev.c.o:(.data.rel+0x8): undefined reference to `local_ops'
/usr/bin/ld: libcommon.fa.p/fsdev_qemu-fsdev.c.o:(.data.rel+0x20): undefined reference to `synth_ops'
/usr/bin/ld: libcommon.fa.p/fsdev_qemu-fsdev.c.o:(.data.rel+0x38): undefined reference to `proxy_ops'
collect2: error: ld returned 1 exit status
* remotes/bonzini-gitlab/tags/for-upstream:
qapi, qemu-options: make all parsing visitors parse boolean options the same
qtest: escape device name in device-introspect-test
ivshmem-test: do not use short-form boolean option
semihosting: fix order of initialization functions
fuzz: fuzz offsets within pio/mmio regions
fuzz: check the MR in the DMA callback
fuzz: fix writing DMA patterns
tests/qtest: Fix potential NULL pointer dereference in qos_build_main_args()
configure: fix gio_libs reference
meson: fix warning for bad sphinx-build
tests/qtest/libqos/ahci.c: Avoid NULL dereference in ahci_exec()
tests/qtest/libqtest.c: Check for setsockopt() failure
meson: vhost-user-gpu/virtiofsd: use absolute path
meson: use b_staticpic=false for meson >=0.56.0
qtest: add a reproducer for LP#1878642
hw/isa/lpc_ich9: Ignore reserved/invalid SCI IRQ
scripts/oss-fuzz: rename bin/qemu-fuzz-i386
exec: Remove dead code (CID 1432876)
docs: expand sourceset documentation
cutils: replace strdup with g_strdup
Pavel Dovgalyuk [Thu, 5 Nov 2020 05:51:57 +0000 (08:51 +0300)]
target/s390x: fix execution with icount
This patch adds some gen_io_start() calls to allow execution
of s390x targets in icount mode with -smp 1.
It enables deterministic timers and record/replay features.
Greg Kurz [Thu, 29 Oct 2020 15:33:56 +0000 (16:33 +0100)]
spapr: Convert hpt_prepare_thread() to use qemu_try_memalign()
HPT resizing is asynchronous: the guest first kicks off the creation of a
new HPT, then it waits for that new HPT to be actually created and finally
it asks the current HPT to be replaced by the new one.
In the case of a userland allocated HPT, this currently relies on calling
qemu_memalign() which aborts on OOM and never returns NULL. Since we seem
to have path to report the failure to the guest with an H_NO_MEM return
value, use qemu_try_memalign() instead of qemu_memalign().
Greg Kurz [Thu, 29 Oct 2020 15:33:48 +0000 (16:33 +0100)]
spapr: Drop dead code in spapr_reallocate_hpt()
Sometimes QEMU needs to allocate the HPT in userspace, namely with TCG
or PR KVM. This is performed with qemu_memalign() because of alignment
requirements. Like glib's allocators, its behaviour is to abort on OOM
instead of returning NULL.
This could be changed to qemu_try_memalign(), but in the specific case
of spapr_reallocate_hpt(), the outcome would be to terminate QEMU anyway
since no HPT means no MMU for the guest. Drop the dead code instead.
projects / qemu.git / log