qmp_cont in RUN_STATE_FINISH_MIGRATE may lead to moving vm to
RUN_STATE_RUNNING, before actual migration finish. So, when migration
thread will try to go to RUN_STATE_POSTMIGRATE, assuming transition
RUN_STATE_FINISH_MIGRATE->RUN_STATE_POSTMIGRATE, it will crash, as
current state is RUN_STATE_RUNNING, and transition
RUN_STATE_RUNNING->RUN_STATE_POSTMIGRATE is forbidden.
Alberto Garcia [Tue, 14 May 2019 13:57:35 +0000 (16:57 +0300)]
block: Use BDRV_REQUEST_MAX_BYTES instead of BDRV_REQUEST_MAX_SECTORS
There are a few places in which we turn a number of bytes into sectors
in order to compare the result against BDRV_REQUEST_MAX_SECTORS
instead of using BDRV_REQUEST_MAX_BYTES directly.
Alberto Garcia [Fri, 10 May 2019 16:22:54 +0000 (19:22 +0300)]
qcow2: Define and use QCOW2_COMPRESSED_SECTOR_SIZE
When an L2 table entry points to a compressed cluster the space used
by the data is specified in 512-byte sectors. This size is independent
from BDRV_SECTOR_SIZE and is specific to the qcow2 file format.
The QCOW2_COMPRESSED_SECTOR_SIZE constant defined in this patch makes
this explicit.
Max Reitz [Fri, 10 May 2019 21:12:44 +0000 (23:12 +0200)]
block/file-posix: Truncate in xfs_write_zeroes()
XFS_IOC_ZERO_RANGE does not increase the file length:
$ touch foo
$ xfs_io -c 'zero 0 65536' foo
$ stat -c "size=%s, blocks=%b" foo
size=0, blocks=128
We do want writes beyond the EOF to automatically increase the file
length, however. This is evidenced by the fact that iotest 061 is
broken on XFS since qcow2's check implementation checks for blocks
beyond the EOF.
Peter Maydell [Mon, 20 May 2019 09:51:42 +0000 (10:51 +0100)]
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging
This fixes the virtfs documentation (LP 1581976), deprecates the
-virtfs_synth command line option, along with some assorted cleanups.
# gpg: Signature made Fri 17 May 2019 19:29:40 BST
# gpg: using RSA key B4828BAF943140CEF2A3491071D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <[email protected]>" [full]
# gpg: aka "Gregory Kurz <[email protected]>" [full]
# gpg: aka "[jpeg image of size 3330]" [full]
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6
* remotes/gkurz/tags/for-upstream:
virtfs: Fix documentation of -fsdev and -virtfs
vl: Deprecate -virtfs_synth
fsdev: Error out when unsupported option is passed
fsdev: Move some types definition to qemu-fsdev.c
fsdev: Drop unused opaque field
fsdev: Drop unused extern declaration
Signed-off-by: Peter Maydell <[email protected]>
# Conflicts:
# qemu-deprecated.texi
Record the software fp control register, as set by the
osf_setsysinfo syscall. Add those masked exceptions
to fpcr_exc_enable. Do not raise a signal for masked
fp exceptions.
Fixes: https://bugs.launchpad.net/bugs/1701835 Signed-off-by: Richard Henderson <[email protected]>
* remotes/kraxel/tags/ui-20190517-pull-request:
kbd-state: fix autorepeat handling
ui/console: Precautionary glBindTexture and surface->texture validation in surface_gl_update_texture
ui/curses: manipulate cchar_t with standard curses functions
ui/curses: do not assume wchar_t contains unicode
Greg Kurz [Fri, 17 May 2019 15:34:49 +0000 (17:34 +0200)]
virtfs: Fix documentation of -fsdev and -virtfs
This fixes several things:
- add "id" description to -virtfs documentation
- split the description into several lines in both usage and documentation
for accurateness and clarity
- add documentation and usage of the synth fsdriver
- add "throttling.*" description to -fsdev local
- add some missing periods
- add proper reference to the virtfs-proxy-helper(1) manual page
- document that the virtio device may be either virtio-9p-pci, virtio-9p-ccw
or virtio-9p-device, depending on the machine type
Greg Kurz [Fri, 17 May 2019 15:34:48 +0000 (17:34 +0200)]
vl: Deprecate -virtfs_synth
The synth fsdriver never got used for anything else but the QTest
testcase for VirtIO 9P. And even there, QTest uses -fsdev synth and
-device virtio-9p-... directly.
Greg Kurz [Fri, 17 May 2019 15:34:48 +0000 (17:34 +0200)]
fsdev: Error out when unsupported option is passed
Each fsdriver only supports a subset of the options that can be passed
to -fsdev. Unsupported options are simply ignored. This could cause the
user to erroneously think QEMU has a bug.
Enforce strict checking of supported options for all fsdrivers. This
shouldn't impact libvirt, since it doesn't know about the synth and
proxy fsdrivers.
Greg Kurz [Fri, 17 May 2019 15:34:48 +0000 (17:34 +0200)]
fsdev: Move some types definition to qemu-fsdev.c
It would make sense for these types to be defined in a header file if
we had an API for fsdrivers to register themselves. In practice, we
only have three of them and it is very unlikely we add new ones since
the future of file sharing between host and guest is the upcoming
virtio-fs.
Move the types to qemu-fsdev.c instead since they are only used there.
Peter Maydell [Fri, 17 May 2019 15:17:34 +0000 (16:17 +0100)]
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
Mostly bugfixes and cleanups, the most important being
"megasas: fix mapped frame size" from Peter Lieven.
In addition, -realtime is marked as deprecated.
* remotes/bonzini/tags/for-upstream: (21 commits)
hw/net/ne2000: Extract the PCI device from the chipset common code
hw/char: Move multi-serial devices into separate file
ioapic: allow buggy guests mishandling level-triggered interrupts to make progress
build: don't build hardware objects with linux-user
build: chardev is only needed for softmmu targets
configure: qemu-ga is only needed with softmmu targets
build: replace GENERATED_FILES by generated-files-y
trace: only include trace-event-subdirs when they are needed
sun4m: obey -vga none
mips-fulong2e: obey -vga none
hw/i386/acpi: Assert a pointer is not null BEFORE using it
hw/i386/acpi: Add object_resolve_type_unambiguous to improve modularity
hw/acpi/piix4: Move TYPE_PIIX4_PM to a public header
memory: correct the comment to DIRTY_MEMORY_MIGRATION
vl: fix -sandbox parsing crash when seccomp support is disabled
hvf: Add missing break statement
megasas: fix mapped frame size
vl: Add missing descriptions to the VGA adapters list
Declare -realtime as deprecated
roms: assert if max rom size is less than the used size
...
Peter Maydell [Fri, 17 May 2019 14:46:37 +0000 (15:46 +0100)]
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-20190517' into staging
qemu-sparc queue
# gpg: Signature made Fri 17 May 2019 10:30:54 BST
# gpg: using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg: issuer "[email protected]"
# gpg: Good signature from "Mark Cave-Ayland <[email protected]>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F
* remotes/mcayland/tags/qemu-sparc-20190517:
MAINTAINERS: add myself for leon3
leon3: introduce the plug and play mechanism
leon3: add a little bootloader
grlib, apbuart: get rid of the old-style create function
grlib, gptimer: get rid of the old-style create function
grlib, irqmp: get rid of the old-style create function
leon3: fix the error message when no bios are provided
hw/char/escc: Lower irq when transmit buffer is filled
Cornelia Huck [Fri, 17 May 2019 13:40:06 +0000 (15:40 +0200)]
Merge tag 's390x-tcg-2019-05-17-2' into s390-next-staging
Implement all Vector Integer Instructions introduced with the
"Vector Facility" for s390x TCG.
# gpg: Signature made Fri 17 May 2019 01:37:40 PM CEST
# gpg: using RSA key 4DDE10F700FF835A
# gpg: Good signature from "David Hildenbrand <[email protected]>" [full]
# gpg: aka "David Hildenbrand <[email protected]>" [full]
* tag 's390x-tcg-2019-05-17-2': (40 commits)
s390x/tcg: Implement VECTOR TEST UNDER MASK
s390x/tcg: Implement VECTOR SUM ACROSS WORD
s390x/tcg: Implement VECTOR SUM ACROSS QUADWORD
s390x/tcg: Implement VECTOR SUM ACROSS DOUBLEWORD
s390x/tcg: Implement VECTOR SUBTRACT WITH BORROW COMPUTE BORROW INDICATION
s390x/tcg: Implement VECTOR SUBTRACT WITH BORROW INDICATION
s390x/tcg: Implement VECTOR SUBTRACT COMPUTE BORROW INDICATION
s390x/tcg: Implement VECTOR SUBTRACT
s390x/tcg: Implement VECTOR SHIFT RIGHT LOGICAL *
s390x/tcg: Implement VECTOR SHIFT RIGHT ARITHMETIC
s390x/tcg: Implement VECTOR SHIFT LEFT DOUBLE BY BYTE
s390x/tcg: Implement VECTOR SHIFT LEFT (BY BYTE)
s390x/tcg: Implement VECTOR ELEMENT SHIFT
s390x/tcg: Implement VECTOR ELEMENT ROTATE AND INSERT UNDER MASK
s390x/tcg: Implement VECTOR ELEMENT ROTATE LEFT LOGICAL
s390x/tcg: Implement VECTOR POPULATION COUNT
s390x/tcg: Implement VECTOR OR WITH COMPLEMENT
s390x/tcg: Implement VECTOR OR
s390x/tcg: Implement VECTOR NOT EXCLUSIVE OR
s390x/tcg: Implement VECTOR NOR
...
hw/net/ne2000: Extract the PCI device from the chipset common code
The ne2000.c file contains functions common the the ISA and PCI
devices. To allow to build with one or another, extract the PCI
specific part into a new file.
This fix an issue where the NE2000_ISA Kconfig had to pull the
full PCI core objects.
Thomas Huth [Sun, 31 Mar 2019 12:40:28 +0000 (14:40 +0200)]
hw/char: Move multi-serial devices into separate file
In our downstream distribution of QEMU, we'd like to ship the binary
without the multi-serial PCI devices. To make this disablement easier,
let's move the devices into a separate file and add a proper Kconfig-
switch for these devices.
ioapic: allow buggy guests mishandling level-triggered interrupts to make progress
It was found that Hyper-V 2016 on KVM in some configurations (q35 machine +
piix4-usb-uhci) hangs on boot. Root-cause was that one of Hyper-V
level-triggered interrupt handler performs EOI before fixing the cause of
the interrupt. This results in IOAPIC keep re-raising the level-triggered
interrupt after EOI because irq-line remains asserted.
Gory details: https://www.spinics.net/lists/kvm/msg184484.html
(the whole thread).
Turns out we were dealing with similar issues before; in-kernel IOAPIC
implementation has commit 184564efae4d ("kvm: ioapic: conditionally delay
irq delivery duringeoi broadcast") which describes a very similar issue.
Steal the idea from the above mentioned commit for IOAPIC implementation in
QEMU. SUCCESSIVE_IRQ_MAX_COUNT, delay and the comment are borrowed as well.
build: don't build hardware objects with linux-user
Some objects are only needed for system emulation and tools.
We can ignore them for the user mode case
Update tests to run accordingly: conditionally build some tests
on CONFIG_BLOCK.
Some tests use components that are only built when softmmu or
block tools are enabled, not for linux-user. So, if these components
are not available, disable the tests.
hw/i386/acpi: Assert a pointer is not null BEFORE using it
Commit 72c194f7e75c added a non-null check on the 'obj' pointer.
Later, commit 500b11ea5095 added code which uses the 'obj'
pointer _before_ the assertion check. Move the assertion
_before_ the pointer use.
hw/i386/acpi: Add object_resolve_type_unambiguous to improve modularity
When building with CONFIG_Q35=n, we get:
LINK x86_64-softmmu/qemu-system-x86_64
/usr/bin/ld: hw/i386/acpi-build.o: in function `acpi_get_misc_info':
/source/qemu/hw/i386/acpi-build.c:243: undefined reference to `ich9_lpc_find'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:204: qemu-system-x86_64] Error 1
This is due to a dependency in acpi-build.c on the ICH9_LPC
(via ich9_lpc_find) and PIIX4_PM (via piix4_pm_find) devices.
To allow better modularity (compile acpi-build.c with only
Q35/ICH9 or ISAPC/PIIX4), refactor the similar helper as
object_resolve_type_unambiguous(). This way we relax the
linker dependencies and can build the x86 targets with a
selection of machines (instead of all of them).
Gerd Hoffmann [Tue, 14 May 2019 04:24:43 +0000 (06:24 +0200)]
kbd-state: fix autorepeat handling
When allowing multiple down-events in a row (key autorepeat) we can't
use change_bit() any more to update the state, because autorepeat events
don't change the key state. We have to explicitly use set_bit() and
clear_bit() instead.
HOU Qiming [Tue, 7 May 2019 08:05:01 +0000 (11:05 +0300)]
ui/console: Precautionary glBindTexture and surface->texture validation in surface_gl_update_texture
In a GVT-g setup with dmabuf and GTK GUI, the current 2D texture at
surface_gl_update_texture is not necessarily
surface->texture. Adding a glBindTexture fixes related crashes and
artifacts, and is generally more secure.
Peter Maydell [Fri, 17 May 2019 10:40:23 +0000 (11:40 +0100)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Fri 17 May 2019 10:01:18 BST
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <[email protected]>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
net/colo-compare.c: Fix a crash in COLO Primary.
net/slirp: fix the IPv6 prefix length error message
e1000: Never increment the RX undersize count register
vhost_net: don't set backend for the uninitialized virtqueue
* remotes/vivier/tags/m68k-staging-pull-request:
target/m68k: Optimize rotate_x() using extract_i32()
target/m68k: Fix a tcg_temp leak
target/m68k: Reduce the l1 TCGLabel scope
target/m68k: Switch to transaction_failed hook
target/m68k: In get_physical_address() check for memory access failures
target/m68k: In dump_address_map() check for memory access failures
Signed-off-by: Peter Maydell <[email protected]>
# Conflicts:
# target/m68k/cpu.h
Because event_unhandled_count may be accessed concurrently, it needs
to be protected by taking the lock. However the assert is outside the
lock, probably causing it to read garbage and aborting Qemu erroneously.
The Bug only happens when running Qemu in COLO mode.
This Patch fixes the following bug: https://bugs.launchpad.net/qemu/+bug/1824622
Chris Kenna [Thu, 4 Apr 2019 15:21:26 +0000 (10:21 -0500)]
e1000: Never increment the RX undersize count register
In situations where e1000 receives an undersized Ethernet frame,
QEMU increments the emulated "Receive Undersize Count (RUC)"
register when padding the frame.
This is incorrect because this an expected scenario (e.g. with
VLAN tag stripping) and not an error. As such, QEMU should not
increment the emulated RUC.
Jason Wang [Mon, 25 Mar 2019 03:40:36 +0000 (11:40 +0800)]
vhost_net: don't set backend for the uninitialized virtqueue
We used to set backend unconditionally, this won't work for some
guests (e.g windows driver) who may not initialize all virtqueues. For
kernel backend, this will fail since it may try to validate the rings
during setting backend.
Fixing this by simply skipping the backend set when we find desc is
not ready.
Let's return the cc value directly via cpu_env. Unfortunately there
isn't a simple way to calculate the value lazily - one would have to
calculate and store e.g. the population count of the mask and the
result so it can be evaluated in a cc helper.
But as VTM only sets the cc, we can assume the value will be needed soon
either way.
s390x/tcg: Implement VECTOR ELEMENT ROTATE LEFT LOGICAL
Take care of properly taking the modulo of the count. We might later
want to come back and create a variant of VERLL where the base register
is 0, resulting in an immediate.
Quite some variants to handle. At least handle some 32-bit element
variants via gvec expansion (we could also handle 16/32-bit variants
for ODD and EVEN easily via gvec expansion, but let's keep it simple
for now).
s390x/tcg: Implement VECTOR GALOIS FIELD MULTIPLY SUM (AND ACCUMULATE)
A galois field multiplication in field 2 is like binary multiplication,
however instead of doing ordinary binary additions, xor's are performed.
So no carries are considered.
Implement all variants via helpers. s390_vec_sar() and s390_vec_shr()
will be reused later on.
To carry out the comparison, we can reuse the existing gvec comparison
function. In case the CC is to be computed, save the result vector
and compute the CC lazily. The result is a vector consisting of all 1's
for elements that matched and 0's for elements that didn't match.
Time to introduce read_vec_element_i32 and write_vec_element_i32.
Take proper care of properly adding the carry. We can perform both
additions including the carry via tcg_gen_add2_i32().
Introduce two types of fancy new helpers that will be reused a couple of
times
1. gen_gvec_fn_3: Call an existing tcg_gen_gvec_X function with 3
parameters, simplifying parameter passing
2. gen_gvec128_3_i64: Call a function that performs 128 bit calculations
using two 64 bit values per vector.
Luckily, for VECTOR ADD we already have everything we need.
KONRAD Frederic [Wed, 15 May 2019 12:31:31 +0000 (14:31 +0200)]
leon3: add a little bootloader
This adds a little bootloader to the leon3_machine when a ram image is
given through the kernel parameter and no bios are provided:
* The UART transmiter is enabled.
* The TIMER is initialized.
KONRAD Frederic [Wed, 15 May 2019 12:31:27 +0000 (14:31 +0200)]
leon3: fix the error message when no bios are provided
The leon3 board is looking for u-boot.bin by default (LEON3_PROM_FILENAME)..
But in the case this file is not found and no other file are given on the
command line we get the following error:
hw/char/escc: Lower irq when transmit buffer is filled
The SCC/ESCC will briefly stop asserting an interrupt when the
transmit FIFO is filled.
This code doesn't model the transmit FIFO/shift register so the
pending transmit interrupt is never deasserted which means that an
edge-triggered interrupt controller will never see the low-to-high
transition it needs to raise another interrupt. The practical
consequence of this is that guest firmware with an interrupt service
routine for the ESCC that does not send all of the data it has
immediately will stop sending data if the following sequence of
events occurs:
1. Disable processor interrupts
2. Write a character to the ESCC
3. Add additional characters to a buffer which is drained by the ISR
4. Enable processor interrupts
In this case, the first character will be sent, the interrupt will
fire and the ISR will output the second character. Since the pending
transmit interrupt remains asserted, no additional interrupts will
ever fire.
This behavior was triggered by firmware for an embedded system with a
Z85C30 which necessitated this patch.
This patch fixes that situation by explicitly lowering the IRQ when a
character is written to the buffer and no other interrupts are currently
pending.
Cornelia Huck [Thu, 2 May 2019 15:46:51 +0000 (17:46 +0200)]
s390/ipl: cast to SCSIDevice directly
Coverity notes that the result of object_dynamic_cast() to
SCSIDevice is not checked in s390_gen_initial_iplp(); as
we know that we always have a SCSIDevice in that branch,
we can instead cast via SCSI_DEVICE directly.
vl: fix -sandbox parsing crash when seccomp support is disabled
$ ./x86_64-softmmu/qemu-system-x86_64 -sandbox off
qemu-system-x86_64: -sandbox off: There is no option group 'sandbox'
Segmentation fault
Commit 5780760f5e ("seccomp: check TSYNC host capability") wrapped one
use of the sandbox option group to produce a sensible error, it didn't
do the same for another call to qemu_opts_parse_noisily():
(gdb) bt
at util/qemu-option.c:829
#0 0x00000000105b36d8 in opts_parse (list=0x0, params=0x3ffffffffab5 "off", permit_abbrev=true, defaults=false, errp=0x3ffffffff080)
at util/qemu-option.c:829
#1 0x00000000105b3b74 in qemu_opts_parse_noisily (list=<optimized out>, params=<optimized out>, permit_abbrev=<optimized out>) at util/qemu-option.c:890
#2 0x0000000010024964 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:3589
target/m68k: Optimize rotate_x() using extract_i32()
Optimize rotate_x() using tcg_gen_extract_i32(). We can now free the
'sz' tcg_temp earlier. Since it is allocated with tcg_const_i32(),
free it with tcg_temp_free_i32().
Peter Maydell [Mon, 10 Dec 2018 16:56:36 +0000 (16:56 +0000)]
target/m68k: Switch to transaction_failed hook
Switch the m68k target from the old unassigned_access hook
to the transaction_failed hook.
The notable difference is that rather than it being called
for all physical memory accesses which fail (including
those made by DMA devices or by the gdbstub), it is only
called for those made by the CPU via its MMU. (In previous
commits we put in explicit checks for the direct physical
loads made by the target/m68k code which will no longer
be handled by calling the unassigned_access hook.)
Peter Maydell [Mon, 10 Dec 2018 16:56:35 +0000 (16:56 +0000)]
target/m68k: In get_physical_address() check for memory access failures
In get_physical_address(), use address_space_ldl() and
address_space_stl() instead of ldl_phys() and stl_phys().
This allows us to check whether the memory access failed.
For the moment, we simply return -1 in this case;
add a TODO comment that we should ideally generate the
appropriate kind of fault.
projects / qemu.git / log