Kevin Wolf [Tue, 20 Mar 2018 14:08:00 +0000 (15:08 +0100)]
vdi: Change 'static' create option to 'preallocation' in QMP
What static=on really does is what we call metadata preallocation for
other block drivers. While we can still change the QMP interface, make
it more consistent by using 'preallocation' for VDI, too.
This doesn't implement any new functionality, so the only supported
preallocation modes are 'off' and 'metadata' for now.
Alberto Garcia [Wed, 21 Mar 2018 13:38:52 +0000 (15:38 +0200)]
qcow2: Reset free_cluster_index when allocating a new refcount block
When we try to allocate new clusters we first look for available ones
starting from s->free_cluster_index and once we find them we increase
their reference counts. Before we get to call update_refcount() to do
this last step s->free_cluster_index is already pointing to the next
cluster after the ones we are trying to allocate.
During update_refcount() it may happen however that we also need to
allocate a new refcount block in order to store the refcounts of these
new clusters (and to complicate things further that may also require
us to grow the refcount table). After all this we don't know if the
clusters that we originally tried to allocate are still available, so
we return -EAGAIN to ask the caller to restart the search for free
clusters.
This is what can happen in a common scenario:
1) We want to allocate a new cluster and we see that cluster N is
free.
2) We try to increase N's refcount but all refcount blocks are full,
so we allocate a new one at N+1 (where s->free_cluster_index was
pointing at).
3) Once we're done we return -EAGAIN to look again for a free
cluster, but now s->free_cluster_index points at N+2, so that's
the one we allocate. Cluster N remains unallocated and we have a
hole in the qcow2 file.
After this the image has 132608 bytes (256 clusters), and the refcount
block is full. If we write 512 more bytes it should allocate two new
clusters: the data cluster itself and a new refcount block.
qemu-io -c 'write 124k 512' hd.qcow2
However the image has now three new clusters (259 in total), and the
first one of them is empty (and unallocated):
If we write larger amounts of data in the last step instead of the 512
bytes used in this example we can create larger holes in the qcow2
file.
What this patch does is reset s->free_cluster_index to its previous
value when alloc_refcount_block() returns -EAGAIN. This way the caller
will try to allocate again the original clusters if they are still
free.
The output of iotest 026 also needs to be updated because now that
images have no holes some tests fail at a different point and the
number of leaked clusters is different.
Fabiano Rosas [Mon, 12 Mar 2018 22:07:49 +0000 (19:07 -0300)]
block/replication: Remove protocol_name field
The protocol_name field is used when selecting a driver via protocol
syntax (i.e. <protocol_name>:<filename:options:...>). Drivers that are
only selected explicitly (e.g. driver=replication,mode=primary,...)
should not have a protocol_name.
This patch removes the protocol_name field from the brdv_replication
structure so that attempts to invoke this driver using protocol syntax
will fail gracefully:
$ qemu-img info replication:foo
qemu-img: Could not open 'replication:': Unknown protocol 'replication'
Peter Maydell [Sun, 25 Mar 2018 12:51:33 +0000 (13:51 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180323' into staging
target-arm queue:
* arm/translate-a64: don't lose interrupts after unmasking via write to DAIF
* sdhci: fix incorrect use of Error *
* hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses
* hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15
* i.MX: Support serial RS-232 break properly
* mach-virt: Set VM's SMBIOS system version to mc->name
* target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK
* target/arm: Factor out code to calculate FSR for debug exceptions
* target/arm: Set FSR for BKPT, BRK when raising exception
* target/arm: Always set FAR to a known unknown value for debug exceptions
* remotes/pmaydell/tags/pull-target-arm-20180323:
target/arm: Always set FAR to a known unknown value for debug exceptions
target/arm: Set FSR for BKPT, BRK when raising exception
target/arm: Factor out code to calculate FSR for debug exceptions
target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK
mach-virt: Set VM's SMBIOS system version to mc->name
i.MX: Support serial RS-232 break properly
hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15
hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses
sdhci: fix incorrect use of Error *
arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT
Peter Maydell [Sat, 24 Mar 2018 19:26:11 +0000 (19:26 +0000)]
Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20180323a' into staging
Migration fixes for 2.12
All small fixes. Dan's is a missing piece
of a cleanup that finally completes something,
and between Paolo, Dan and myself we recon it's
still on the edge of being a bug fix.
# gpg: Signature made Fri 23 Mar 2018 20:17:40 GMT
# gpg: using RSA key 0516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <[email protected]>"
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert/tags/pull-migration-20180323a:
migration: Fix block migration flag case
migration/block: compare only read blocks against the rate limiter
migration/block: limit the number of parallel I/O requests
migration: Fix rate limiting issue on RDMA migration
migration: convert socket server to QIONetListener
Peter Maydell [Sat, 24 Mar 2018 16:34:06 +0000 (16:34 +0000)]
Merge remote-tracking branch 'remotes/marcel/tags/rdma-pull-request' into staging
* fix PVRDMA compilation errors and warnings
* implement query_qp for the PVRDMA device
* fix make - switch from -I to -iquote
# gpg: Signature made Fri 23 Mar 2018 15:39:23 GMT
# gpg: using RSA key 36D4C0F0CF2FE46D
# gpg: Good signature from "Marcel Apfelbaum <[email protected]>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B1C6 3A57 F92E 08F2 640F 31F5 36D4 C0F0 CF2F E46D
* remotes/marcel/tags/rdma-pull-request:
hw/rdma: Fix 32-bit compilation
hw/rdma: Use correct print format in CHK_ATTR macro
hw/rdma: Change host_virt to void *
hw/rdma: fix clang compilation errors
make: switch from -I to -iquote
rdma: fix up include directives
hw/rdma: Add support for Query QP verb to pvrdma device
hw/rdma: Add Query QP operation
Peter Maydell [Fri, 23 Mar 2018 18:26:46 +0000 (18:26 +0000)]
target/arm: Always set FAR to a known unknown value for debug exceptions
For debug exceptions due to breakpoints or the BKPT instruction which
are taken to AArch32, the Fault Address Register is architecturally
UNKNOWN. We were using that as license to simply not set
env->exception.vaddress, but this isn't correct, because it will
expose to the guest whatever old value was in that field when
arm_cpu_do_interrupt_aarch32() writes it to the guest IFSR. That old
value might be a FAR for a previous guest EL2 or secure exception, in
which case we shouldn't show it to an EL1 or non-secure exception
handler. It might also be a non-deterministic value, which is bad
for record-and-replay.
Clear env->exception.vaddress before taking breakpoint debug
exceptions, to avoid this minor information leak.
Peter Maydell [Fri, 23 Mar 2018 18:26:46 +0000 (18:26 +0000)]
target/arm: Set FSR for BKPT, BRK when raising exception
Now that we have a helper function specifically for the BRK and
BKPT instructions, we can set the exception.fsr there rather
than in arm_cpu_do_interrupt_aarch32(). This allows us to
use our new arm_debug_exception_fsr() helper.
In particular this fixes a bug where we were hardcoding the
short-form IFSR value, which is wrong if the target exception
level has LPAE enabled.
Peter Maydell [Fri, 23 Mar 2018 18:26:46 +0000 (18:26 +0000)]
target/arm: Factor out code to calculate FSR for debug exceptions
When a debug exception is taken to AArch32, it appears as a Prefetch
Abort, and the Instruction Fault Status Register (IFSR) must be set.
The IFSR has two possible formats, depending on whether LPAE is in
use. Factor out the code in arm_debug_excp_handler() which picks
an FSR value into its own utility function, update it to use
arm_fi_to_lfsc() and arm_fi_to_sfsc() rather than hard-coded constants,
and use the correct condition to select long or short format.
In particular this fixes a bug where we could select the short
format because we're at EL0 and the EL1 translation regime is
not using LPAE, but then route the debug exception to EL2 because
of MDCR_EL2.TDE and hand EL2 the wrong format FSR.
Peter Maydell [Fri, 23 Mar 2018 18:26:46 +0000 (18:26 +0000)]
target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK
The MDCR_EL2.TDE bit allows the exception level targeted by debug
exceptions to be set to EL2 for code executing at EL0. We handle
this in the arm_debug_target_el() function, but this is only used for
hardware breakpoint and watchpoint exceptions, not for the exception
generated when the guest executes an AArch32 BKPT or AArch64 BRK
instruction. We don't have enough information for a translate-time
equivalent of arm_debug_target_el(), so instead make BKPT and BRK
call a special purpose helper which can do the routing, rather than
the generic exception_with_syndrome helper.
Wei Huang [Fri, 23 Mar 2018 18:26:46 +0000 (18:26 +0000)]
mach-virt: Set VM's SMBIOS system version to mc->name
Instead of using "1.0" as the system version of SMBIOS, we should use
mc->name for mach-virt machine type to be consistent other architectures.
With this patch, "dmidecode -t 1" (e.g., "-M virt-2.12,accel=kvm") will
show:
Handle 0x0100, DMI type 1, 27 bytes
System Information
Manufacturer: QEMU
Product Name: KVM Virtual Machine
Version: virt-2.12
Serial Number: Not Specified
...
instead of:
Handle 0x0100, DMI type 1, 27 bytes
System Information
Manufacturer: QEMU
Product Name: KVM Virtual Machine
Version: 1.0
Serial Number: Not Specified
...
For backward compatibility, we allow older machine types to keep "1.0"
as the default system version.
Trent Piepho [Fri, 23 Mar 2018 18:26:45 +0000 (18:26 +0000)]
i.MX: Support serial RS-232 break properly
Linux does not detect a break from this IMX serial driver as a magic
sysrq. Nor does it note a break in the port error counts.
The former is because the Linux driver uses the BRCD bit in the USR2
register to trigger the RS-232 break handler in the kernel, which is
where sysrq hooks in. The emulated UART was not setting this status
bit.
The latter is because the Linux driver expects, in addition to the BRK
bit, that the ERR bit is set when a break is read in the FIFO. A break
should also count as a frame error, so add that bit too.
Peter Maydell [Fri, 23 Mar 2018 18:26:45 +0000 (18:26 +0000)]
hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15
The BCM2836 uses a Cortex-A7, not a Cortex-A15. Update the device to
use the correct CPU.
https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf
When the BCM2836 was introduced (bad5623690b) the Cortex-A7 was not
available, so the very similar Cortex-A15 was used. Since dcf578ed8ce
we can model the correct core.
Peter Maydell [Fri, 23 Mar 2018 18:26:45 +0000 (18:26 +0000)]
hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses
If the GIC has the security extension support enabled, then a
non-secure access to ICC_PMR must take account of the non-secure
view of interrupt priorities, where real priorities 0x00..0x7f
are secure-only and not visible to the non-secure guest, and
priorities 0x80..0xff are shown to the guest as if they were
0x00..0xff. We had the logic here wrong:
* on reads, the priority is in the secure range if bit 7
is clear, not if it is set
* on writes, we want to set bit 7, not mask everything else
Our ICC_RPR read code had the same error as ICC_PMR.
(Compare the GICv3 spec pseudocode functions ICC_RPR_EL1
and ICC_PMR_EL1.)
Victor Kamensky [Fri, 23 Mar 2018 18:26:45 +0000 (18:26 +0000)]
arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT
In OE project 4.15 linux kernel boot hang was observed under
single cpu aarch64 qemu. Kernel code was in a loop waiting for
vtimer arrival, spinning in TC generated blocks, while interrupt
was pending unprocessed. This happened because when qemu tried to
handle vtimer interrupt target had interrupts disabled, as
result flag indicating TCG exit, cpu->icount_decr.u16.high,
was cleared but arm_cpu_exec_interrupt function did not call
arm_cpu_do_interrupt to process interrupt. Later when target
reenabled interrupts, it happened without exit into main loop, so
following code that waited for result of interrupt execution
run in infinite loop.
To solve the problem instructions that operate on CPU sys state
(i.e enable/disable interrupt), and marked as DISAS_UPDATE,
should be considered as DISAS_EXIT variant, and should be
forced to exit back to main loop so qemu will have a chance
processing pending CPU state updates, including pending
interrupts.
This change brings consistency with how DISAS_UPDATE is treated
in aarch32 case.
Eric Blake [Mon, 19 Mar 2018 20:50:40 +0000 (15:50 -0500)]
qapi: Force UTF8 encoding when parsing qapi files
Commit d4e5ec877 already fixed things to work around Python 3's
lame bug of having LC_ALL=C not be 8-bit clean, when parsing the
main QMP qapi files; but failed to do likewise in the tests
directory. As a result, running 'LC_ALL=C make check' fails on
escape-too-big and unicode-str when using python 3 with a nasty
stack trace instead of the intended graceful error message that
QAPI doesn't yet support 8-bit data (the two tests contain
Unicode é, when parsed in UTF-8; they represent something
different when parsed in a proper single-byte C locale, but that
doesn't matter to the error message printed out, provided that
brain-dead Python hasn't first choked on the input instead of
being 8-bit clean).
Ideally, we'd teach the qapi generator scripts to automatically
slurp things in using UTF-8 regardless of locale, and to honor
content that is not limited to 7 bit data rather than gracefully
erroring out; but until then, since our graceful error depends
on python parsing 8-bit data (even if nothing we generate uses
8-bit data), our quick fix is to use the right locale when
running these tests.
Enabling OOB caused several iotests failures; due to the imminent
2.12 release, the safest action is to disable OOB for now. If
other patches fix the issues that iotests exposed, it may be turned
back on in time for the release, otherwise it will be 2.13 material;
either way, the framework changes not reverted now do not hurt if
they remain as part of the 2.12 release.
Additionally, revert the tests in the patch 02130314d8 ("qmp: introduce
QMPCapability", 2018-03-19), as both parts must be reverted at once
to keep 'make check' passing.
Enabling OOB caused several iotests failures; due to the imminent
2.12 release, the safest action is to disable OOB, but first we
have to revert tests that rely on OOB.
Enabling OOB caused several iotests failures; due to the imminent
2.12 release, the safest action is to disable OOB, but first we
have to revert tests that rely on OOB.
Peter Lieven [Thu, 8 Mar 2018 11:18:27 +0000 (12:18 +0100)]
migration/block: limit the number of parallel I/O requests
the current implementation submits up to 512 I/O requests in parallel
which is much to high especially for a background task.
This patch adds a maximum limit of 16 I/O requests that can
be submitted in parallel to avoid monopolizing the I/O device.
Lidong Chen [Sat, 10 Mar 2018 14:32:58 +0000 (22:32 +0800)]
migration: Fix rate limiting issue on RDMA migration
RDMA migration implement save_page function for QEMUFile, but
ram_control_save_page do not increase bytes_xfer. So when doing
RDMA migration, it will use whole bandwidth.
migration: convert socket server to QIONetListener
Instead of creating a QIOChannelSocket directly for the migration
server socket, use a QIONetListener. This provides the ability
to listen on multiple sockets at the same time, so enables
full support for IPv4/IPv6 dual stack.
For example, '$QEMU -incoming tcp::9000' now correctly listens
on both 0.0.0.0 and :: at the same time, instead of only on 0.0.0.0.
Yuval Shaia [Thu, 22 Mar 2018 09:52:18 +0000 (11:52 +0200)]
hw/rdma: Change host_virt to void *
To avoid compilation warnings on 32-bit machines:
rdma_backend.c: In function 'rdma_backend_create_mr':
rdma_backend.c:409:37: error: cast to pointer from integer of different
size [-Werror=int-to-pointer-cast]
mr->ibmr = ibv_reg_mr(pd->ibpd, (void *)addr, length, access);
Our rule right now is to use <> for external headers,
"" for internal ones. The idea was to avoid conflicts
between e.g. a system file named <trace.h> and an
internal one by the same name.
Unfortunately we use -I compiler flag so it does not
help: a system file doing #include <trace.h> will
still pick up ours first.
To fix, switch to -iquote which is supported by both
gcc and clang and only affects #include "" directives.
As a side effect, this catches any future uses of
#include <> for internal headers.
s390x/cpumodel: fix feature groups and breakage of MSA8
Since commit 46a99c9f73c7 ("s390x/cpumodel: model PTFF subfunctions
for Multiple-epoch facility") -cpu help no longer shows the MSA8
feature group. Turns out that we forgot to add the new MEPOCH_PTFF
group enum.
Fixes: 46a99c9f73c7 ("s390x/cpumodel: model PTFF subfunctions for Multiple-epoch facility") Reviewed-by: David Hildenbrand <[email protected]> Signed-off-by: Christian Borntraeger <[email protected]>
Peter Maydell [Mon, 19 Mar 2018 13:17:43 +0000 (13:17 +0000)]
gitmodules: Use the QEMU mirror of qemu-palcode
We have a mirror of the qemu-palcode repository on
git.qemu.org; use that instead of the upstream github,
in line with our general policy of keeping and using
a mirror for submodules.
Peter Maydell [Thu, 22 Mar 2018 14:01:29 +0000 (14:01 +0000)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Multiboot patches
# gpg: Signature made Wed 21 Mar 2018 14:38:36 GMT
# gpg: using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <[email protected]>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream:
tests/multiboot: Add .gitignore
tests/multiboot: Add tests for the a.out kludge
tests/multiboot: Test exit code for every qemu run
multiboot: Check validity of mh_header_addr
multiboot: Reject kernels exceeding the address space
Peter Maydell [Thu, 22 Mar 2018 13:15:52 +0000 (13:15 +0000)]
Merge remote-tracking branch 'remotes/elmarco/tags/dump-pull-request' into staging
Pull request
# gpg: Signature made Wed 21 Mar 2018 14:37:05 GMT
# gpg: using RSA key DAE8E10975969CE5
# gpg: Good signature from "Marc-André Lureau <[email protected]>"
# gpg: aka "Marc-André Lureau <[email protected]>"
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5
* remotes/elmarco/tags/dump-pull-request:
dump-guest-memory: more descriptive lookup_type failure
dump.c: allow fd_write_vmcore to return errno on failure
Peter Maydell [Thu, 22 Mar 2018 12:13:43 +0000 (12:13 +0000)]
Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2018-03-21-1' into staging
Merge tpm 2018/03/21 v1
# gpg: Signature made Wed 21 Mar 2018 12:02:06 GMT
# gpg: using RSA key 75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* remotes/stefanberger/tags/pull-tpm-2018-03-21-1:
tpm: CRB: query backend for TPM established flag
tpm: CRB: reset locAssigned upon relinquishing locality
tpm: CRB: set registers to 0 by default
tpm: CRB: Set tpmRegValidSts flag to '1' in device reset
Kevin Wolf [Wed, 14 Mar 2018 12:29:46 +0000 (13:29 +0100)]
tests/multiboot: Test exit code for every qemu run
Testing the exit code only once after a whole group of tests has
completed is not enough, it catches errors only in the very last qemu
invocation. We need to have the check after each qemu run.
The logging and diff with the reference output is still done once per
group to keep things more managable. This is not a problem because the
log file accumulates the output of all runs.
Kevin Wolf [Wed, 14 Mar 2018 16:57:45 +0000 (17:57 +0100)]
multiboot: Check validity of mh_header_addr
I couldn't find a case where this prevents something bad from happening
that isn't already caught by other checks, but let's err on the safe
side and check that mh_header_addr is as expected.
Kevin Wolf [Wed, 14 Mar 2018 16:46:38 +0000 (17:46 +0100)]
multiboot: Reject kernels exceeding the address space
The code path where mh_load_end_addr is non-zero in the Multiboot
header checks that mh_load_end_addr >= mh_load_addr and so
mb_load_size is checked. However, mb_load_size is not checked when
calculated from the file size, when mh_load_end_addr is 0.
If the kernel binary size is larger than can fit in the address space
after load_addr, we ended up with a kernel_size that is smaller than
load_size, which means that we read the file into a too small buffer.
Add a check to reject kernel files with such Multiboot headers.
Andrew Jones [Wed, 14 Mar 2018 15:38:20 +0000 (16:38 +0100)]
dump-guest-memory: more descriptive lookup_type failure
We've seen a few reports of
(gdb) source /usr/share/qemu-kvm/dump-guest-memory.py
Traceback (most recent call last):
File "/usr/share/qemu-kvm/dump-guest-memory.py", line 19, in <module>
UINTPTR_T = gdb.lookup_type("uintptr_t")
gdb.error: No type named uintptr_t.
This occurs when symbols haven't been loaded first, i.e. neither a
QEMU binary was loaded nor a QEMU process was attached first. Let's
better inform the user of how to fix the issue themselves in order
to avoid more reports.
Yasmin Beatriz [Mon, 12 Feb 2018 14:25:06 +0000 (12:25 -0200)]
dump.c: allow fd_write_vmcore to return errno on failure
fd_write_vmcore can fail to execute for a lot of reasons that can be
retrieved by errno, but it only returns -1. This makes difficult for
the caller to know what happened and only a generic error message is
propagated back to the user. This is an example using dump-guest-memory:
(qemu) dump-guest-memory /home/yasmin/mnt/test.dump
dump: failed to save memory
All callers of fd_write_vmcore of dump.c does error handling via
error_setg(), so at first it seems feasible to add the Error pointer as
an argument of fd_write_vmcore. This proved to be more complex than it
first looked. fd_write_vmcore is used by write_elf64_notes and
write_elf32_notes as a WriteCoreDumpFunction prototype. WriteCoreDumpFunction
is declared in include/qom/cpu.h and is used all around the code. This
leaves us with few alternatives:
- change the WriteCoreDumpFunction prototype to include an error pointer.
This would require to change all functions that implements this prototype
to also receive an Error pointer;
- change both write_elf64_notes and write_elf32_notes to no use the
WriteCoreDumpFunction. These functions use not only fd_write_vmcore
but also buf_write_note, so this would require to change buf_write_note
to handle an Error pointer. Considerable easier than the alternative
above, but it's still a lot of code just for the benefit of the callers
of fd_write_vmcore.
This patch presents an easier solution that benefits all fd_write_vmcore
callers:
- instead of returning -1 on error, return -errno. All existing callers
already checks for ret < 0 so there is no need to change the caller's
logic too much. This also allows the retrieval of the errno.
- all callers were updated to use error_setg_errno instead of just
errno_setg. Now that fd_write_vmcore can return an errno, let's update
all callers so they can benefit from a more detailed error message.
This is the same dump-guest-memory example with this patch applied:
(qemu) dump-guest-memory /home/yasmin/mnt/test.dump
dump: failed to save memory: No space left on device
(qemu)
This example illustrates an error of fd_write_vmcore when called
from write_data. All other callers will benefit from better
error messages as well.
Stefan Berger [Mon, 19 Mar 2018 16:13:14 +0000 (12:13 -0400)]
tpm: CRB: Set tpmRegValidSts flag to '1' in device reset
Fix the initialization of the tpmRegValidSts flag and set it to '1'
during device reset without expecting a write to another register.
This seems to also be the default behavior of real hardware.
Luke Shumaker [Thu, 28 Dec 2017 18:08:13 +0000 (13:08 -0500)]
linux-user: init_guest_space: Try to make ARM space+commpage continuous
At a fixed distance after the usable memory that init_guest_space maps, for
32-bit ARM targets we also need to map a commpage. The normal
init_guest_space logic doesn't keep this in mind when searching for an
address range.
If !host_start, then try to find a big continuous segment where we can put
both the usable memory and the commpage; we then munmap that segment and
set current_start to that address; and let the normal code mmap the usable
memory and the commpage separately. That is: if we don't have hint of
where to start looking for memory, come up with one that is better than
NULL. Depending on host_size and guest_start, there may or may not be a
gap between the usable memory and the commpage, so this is slightly more
restrictive than it needs to be; but it's only a hint, so that's OK.
We only do that for !host start, because if host_start, then either:
- we got an address passed in with -B, in which case we don't want to
interfere with what the user said;
- or host_start is based off of the ELF image's loaddr. The check "if
(host_start && real_start != current_start)" suggests that we really
want lowest available address that is >= loaddr. I don't know why that
is, but I'm trusting that Paul Brook knew what he was doing when he
wrote the original version of that check in c581deda322080e8beb88b2e468d4af54454e4b3 way back in 2010.
Now that we have the mechanisms in here, allow shared memory in a
postcopy.
Note that QEMU can't tell who all the users of shared regions are
and thus can't tell whether all the users of the shared regions
have appropriate support for postcopy. Those devices that explicitly
support shared memory (e.g. vhost-user) must check, but it doesn't
stop weirder configurations causing problems.
This message is sent just before the end of postcopy to get the
client to stop using userfault since we wont respond to any more
requests. It should close userfaultfd so that any other pages
get mapped to the backing file automatically by the kernel, since
at this point we know we've received everything.
Add a hook to allow a client userfaultfd to be 'woken'
when a page arrives, and a walker that calls that
hook for relevant clients given a RAMBlock and offset.
Provide a helper to send a 'wake' request on a userfaultfd for
a shared process.
The address in the clients address space is specified together
with the RAMBlock it was resolved to.
# gpg: Signature made Mon 19 Mar 2018 20:07:14 GMT
# gpg: using RSA key 2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <[email protected]>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/machine-next-pull-request:
i386: Disable Intel PT if packets IP payloads have LIP values
cpu: drop unnecessary NULL check and cpu_common_class_by_name()
cpu: get rid of unused cpu_init() defines
Use cpu_create(type) instead of cpu_init(cpu_model)
cpu: add CPU_RESOLVING_TYPE macro
tests: add machine 'none' with -cpu test
nios2: 10m50_devboard: replace cpu_model with cpu_type
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x7efe20417a38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38)
#1 0x7efe1f7b2f75 in g_malloc0 ../glib/gmem.c:124
#2 0x7efe1f7b3249 in g_malloc0_n ../glib/gmem.c:355
#3 0x558272879162 in sev_get_info /home/elmarco/src/qemu/target/i386/sev.c:414
#4 0x55827285113b in hmp_info_sev /home/elmarco/src/qemu/target/i386/monitor.c:684
#5 0x5582724043b8 in handle_hmp_command /home/elmarco/src/qemu/monitor.c:3333
zhangjixiang [Sun, 25 Feb 2018 01:47:51 +0000 (09:47 +0800)]
HMP: Initialize err before using
When bdrv_snapshot_delete return fail, the errp will not be
assigned a valid value in error_propagate as errp didn't be
initialized in hmp_delvm, then error_reportf_err will use an
uninitialized value(call by hmp_delvm), and qemu crash.
Michael Clark [Mon, 19 Mar 2018 21:18:49 +0000 (14:18 -0700)]
RISC-V: Fix riscv_isa_string memory size bug
This version uses a constant size memory buffer sized for
the maximum possible ISA string length. It also uses g_new
instead of g_new0, uses more efficient logic to append
extensions and adds manual zero termination of the string.
Peter Maydell [Tue, 20 Mar 2018 09:51:49 +0000 (09:51 +0000)]
Merge remote-tracking branch 'remotes/ericb/tags/pull-qapi-2018-03-12-v4' into staging
qapi patches for 2018-03-12, 2.12 softfreeze
- Marc-André Lureau: 0/4 qapi: generate a literal qobject for introspection
- Max Reitz: 0/7 block: Handle null backing link
- Daniel P. Berrange: chardev: tcp: postpone TLS work until machine done
- Peter Xu: 00/23 QMP: out-of-band (OOB) execution support
- Vladimir Sementsov-Ogievskiy: 0/2 block latency histogram
- Eric Blake: qapi: Pass '-u' when doing non-silent diff
# gpg: Signature made Mon 19 Mar 2018 19:59:04 GMT
# gpg: using RSA key A7A16B4A2527436A
# gpg: Good signature from "Eric Blake <[email protected]>"
# gpg: aka "Eric Blake (Free Software Programmer) <[email protected]>"
# gpg: aka "[jpeg image of size 6874]"
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A
* remotes/ericb/tags/pull-qapi-2018-03-12-v4: (38 commits)
qapi: Pass '-u' when doing non-silent diff
qapi: add block latency histogram interface
block/accounting: introduce latency histogram
tests: qmp-test: add oob test
tests: qmp-test: verify command batching
qmp: add command "x-oob-test"
monitor: enable IO thread for (qmp & !mux) typed
qmp: isolate responses into io thread
qmp: support out-of-band (oob) execution
qapi: introduce new cmd option "allow-oob"
monitor: send event when command queue full
qmp: add new event "command-dropped"
monitor: separate QMP parser and dispatcher
monitor: let suspend/resume work even with QMPs
monitor: let suspend_cnt be thread safe
monitor: introduce monitor_qmp_respond()
qmp: introduce QMPCapability
monitor: allow using IO thread for parsing
monitor: let mon_list be tail queue
monitor: unify global init
...
Laurent Vivier [Mon, 19 Mar 2018 11:35:44 +0000 (12:35 +0100)]
target/m68k: add a mechanism to automatically free TCGv
SRC_EA() and gen_extend() can return either a temporary
TCGv or a memory allocated one. Mark them when they are
allocated, and free them automatically at end of the
instruction translation.
We want to free locally allocated TCGv to avoid
overflow in sequence like:
That can fill a lot of TCGv entries in a sequence,
especially since 15fa08f845 ("tcg: Dynamically allocate TCGOps")
we have no limit to fill the TCGOps cache and we can fill
the entire TCG variables array and overflow it.
vhost+postcopy: Helper to send requests to source for shared pages
Provide a helper to be used by shared waker functions to request
shared pages from the source.
The last_rb pointer is moved into the incoming state since this
helper can update it as well as the main fault thread function.
We need a better way, but at the moment we need the address of the
mappings sent back to qemu so it can interpret the messages on the
userfaultfd it reads.
This is done as a 3 stage set:
QEMU -> client
set_mem_table
mmap stuff, get addresses
client -> qemu
here are the addresses
qemu -> client
OK - now you can use them
That ensures that qemu has registered the new addresses in it's
userfault code before the client starts accessing them.
Note: We don't ask for the default 'ack' reply since we've got our own.
postcopy+vhost-user: Split set_mem_table for postcopy
Split the set_mem_table routines in both qemu and libvhost-user
because the postcopy versions are going to be quite different
once changes in the later patches are added. However, this patch
doesn't produce any functional change, just the split.
migrate: Update ram_block_discard_range for shared
The choice of call to discard a block is getting more complicated
for other cases. We use fallocate PUNCH_HOLE in any file cases;
it works for both hugepage and for tmpfs.
We use the DONTNEED for non-hugepage cases either where they're
anonymous or where they're private.
Care should be taken when trying other backing files.
projects / qemu.git / log