* remotes/bonzini/tags/for-upstream: (39 commits)
qemu-doc: merge qemu-tech and qemu-doc
qemu-tech: rewrite some parts
qemu-tech: reorganize content
qemu-tech: move TCG test documentation to tests/tcg/README
qemu-tech: move user mode emulation features from qemu-tech
qemu-tech: document lazy condition code evaluation in cpu.h
qemu-tech: move text from qemu-tech to tcg/README
qemu-doc: drop installation and compilation notes
qemu-doc: replace introduction with the one from the internals manual
qemu-tech: drop index
test-qht: perform lookups under rcu_read_lock
qht: fix unlock-after-free segfault upon resizing
qht: simplify qht_reset_size
qemu-nbd: Shrink image size by specified offset
qemu_kill_report: Report PID name too
util: Introduce qemu_get_pid_name
char: update read handler in all cases
char: use a fixed idx for child muxed chr
i8259: give ISA device when registering ISA ioports
.travis.yml: add gcc sanitizer build
...
Paolo Bonzini [Thu, 6 Oct 2016 14:12:11 +0000 (16:12 +0200)]
qemu-doc: merge qemu-tech and qemu-doc
Merge what is left of qemu-tech into the main manual as an appendix.
Ultimately we should have a new internals manual built from docs/, and
then the "Translator Internals" parts of qemu-tech could move to docs/
as well. The bits on limitation and features of CPU emulation should
remain in qemu-doc.
Paolo Bonzini [Thu, 6 Oct 2016 13:22:05 +0000 (15:22 +0200)]
qemu-tech: move user mode emulation features from qemu-tech
These are interesting for users too, since nowadays most
qemu-user users are going to be somewhat technical rather than
just people that want to run Wine. Some detail is lost, on
the other hand some of the information I removed (e.g. basic
block unchaining) was obsolete.
Paolo Bonzini [Thu, 6 Oct 2016 12:59:26 +0000 (14:59 +0200)]
qemu-doc: replace introduction with the one from the internals manual
The user manual has an obsolete introduction, and the one in
the internals manual lists QEMU's features quite nicely.
Drop the obsolete content and remove generic user-level
documentation from qemu-tech.
Emilio G. Cota [Wed, 5 Oct 2016 22:34:40 +0000 (18:34 -0400)]
test-qht: perform lookups under rcu_read_lock
qht_lookup is meant to be called from an RCU read-critical
section. Make sure we're in such a section in test-qht
when performing lookups, despite the fact that no races
in qht can be triggered by test-qht since it is single-threaded.
Note that rcu_register_thread is already called by the
rcu_after_fork hook, and therefore duplicating it here would
be a bug.
Emilio G. Cota [Wed, 5 Oct 2016 22:34:39 +0000 (18:34 -0400)]
qht: fix unlock-after-free segfault upon resizing
The old map's bucket locks are being unlocked *after*
that same old map has been passed to RCU for destruction.
This is a bug that can cause a segfault, since there's
no guarantee that the deletion will be deferred (e.g.
there may be no concurrent readers).
The segfault is easily triggered in RHEL6/CentOS6 with qht-test,
particularly on a single-core system or by pinning qht-test
to a single core.
Fix it by unlocking the map's bucket locks right after having
published the new map, and (crucially) before marking the map
for deletion via call_rcu().
While at it, expand qht_do_resize() to atomically do (1) a reset,
(2) a resize, or (3) a reset+resize. This simplifies the calling
code, since the new function (qht_do_resize_reset()) acquires
and releases the buckets' locks.
Note that no qht_do_reset inline is provided, since it would have
no users--qht_reset() already performs a reset without taking
ht->lock.
When --offset is set the apparent device size has to be adjusted
accordingly. Otherwise client may request read/write beyond the file end
which would fail.
Peter Maydell [Thu, 6 Oct 2016 12:34:00 +0000 (13:34 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.8-20161006' into staging
ppc patch queue 2016-10-06
Currently accumulated target-ppc and spapr machine related patches.
- More POWER9 instruction implementations
- Additional test case / enabling of test cases for Power
- Assorted fixes
* remotes/dgibson/tags/ppc-for-2.8-20161006: (29 commits)
hw/ppc/spapr: Use POWER8 by default for the pseries-2.8 machine
tests/pxe: Use -nodefaults to speed up ppc64/ipv6 pxe test
spapr: fix check of cpu alias name in spapr_get_cpu_core_type()
tests: enable ohci/uhci/xhci tests on PPC64
libqos: use generic qtest_shutdown()
libqos: add PCI management in qtest_vboot()/qtest_shutdown()
libqos: add PPC64 PCI support
target-ppc: fix vmx instruction type/type2
target-ppc/kvm: Enable transactional memory on POWER8 with KVM-HV, too
target-ppc/kvm: Add a wrapper function to check for KVM-PR
MAINTAINERS: Add two more ppc related files
target-ppc: Implement mtvsrws instruction
target-ppc: add vclzlsbb/vctzlsbb instructions
target-ppc: add vector compare not equal instructions
target-ppc: fix invalid mask - cmpl, bctar
target-ppc: add stxvb16x instruction
target-ppc: add lxvb16x instruction
target-ppc: add stxvh8x instruction
target-ppc: add lxvh8x instruction
target-ppc: improve stxvw4x implementation
...
Peter Maydell [Tue, 4 Oct 2016 16:27:21 +0000 (17:27 +0100)]
rules.mak: quiet-command: Split command name and args to print
The quiet-command make rule currently takes two arguments:
the command and arguments to run, and a string to print if
the V flag is not set (ie we are not being verbose).
By convention, the string printed is of the form
" NAME some args". Unfortunately to get nicely lined up
output all the strings have to agree about what column the
arguments should start in, which means that if we add a
new quiet-command usage which wants a slightly longer CMD
name then we either put up with misalignment or change
every quiet-command string.
Split the quiet-mode string into two, the "NAME" and
the "same args" part, and use printf(1) to format the
string automatically. This means we only need to change
one place if we want to support a longer maximum name.
In particular, we can now print 7-character names lined
up properly (they are needed for the OSX "SETTOOL" invocation).
Change all the uses of quiet-command to the new syntax.
(Any which are missed or inadvertently reintroduced
via later merges will result in slightly misformatted
quiet output rather than disaster.)
A few places in the pc-bios/ makefiles are updated to use
"BUILD", "SIGN" and "STRIP" rather than "Building",
"Signing" and "Stripping" for consistency and to keep them
below 7 characters. Module .mo links now print "LD" rather
than the nonstandard "LD -r".
Thomas Huth [Wed, 5 Oct 2016 07:44:51 +0000 (09:44 +0200)]
hw/ppc/spapr: Use POWER8 by default for the pseries-2.8 machine
A couple of distributors are compiling their distributions
with "-mcpu=power8" for ppc64le these days, so the user sooner
or later runs into a crash there when not explicitely specifying
the "-cpu POWER8" option to QEMU (which is currently using POWER7
for the "pseries" machine by default). Due to this reason, the
linux-user target already switched to POWER8 a while ago (see commit de3f1b98410e0d5b406a0df3a48547b559d18602). Since the softmmu target
of course has the same problem, we should switch there to POWER8 for
the newer machine types, too.
Thomas Huth [Wed, 5 Oct 2016 12:52:09 +0000 (14:52 +0200)]
tests/pxe: Use -nodefaults to speed up ppc64/ipv6 pxe test
SLOF is unfortunately quite slow when running with TCG, so
the pxe test is also performing rather slow here. By using
"-nodefaults" we can disable some devices (vscsi) that we
are not interested in here, so that SLOF does not have to
scan them during boot and thus starts up a little bit faster.
The ppc64 pxe-test now only takes 27 seconds on my laptop
instead of 33 seconds.
The "-nodefaults" flag seems to work fine for the x86 tests,
too, so it is added here unconditionally here (though there
is no speed-up on x86 by using this flag).
Greg Kurz [Mon, 3 Oct 2016 12:13:20 +0000 (14:13 +0200)]
spapr: fix check of cpu alias name in spapr_get_cpu_core_type()
If the user passes an alias name and a property to -cpu, QEMU fails to
find the CPU definition and exits.
$ qemu-system-ppc64 -cpu POWER8E,compat=power7
qemu-system-ppc64: Unable to find sPAPR CPU Core definition
This happens because spapr_get_cpu_core_type() passes the full string from
the command line (i.e. "POWER8E,compat=power7") to ppc_cpu_lookup_alias(),
instead of the alias name piece only (i.e. "POWER8E").
The fix is to pass model_pieces[0] to ppc_cpu_lookup_alias().
Thomas Huth [Thu, 29 Sep 2016 10:48:07 +0000 (12:48 +0200)]
target-ppc/kvm: Enable transactional memory on POWER8 with KVM-HV, too
Transactional memory is also supported on POWER8 KVM-HV if the
KVM_CAP_PPC_HTM is not available in the kernel yet, so add a hack
to allow TM here, too.
Thomas Huth [Thu, 29 Sep 2016 10:48:06 +0000 (12:48 +0200)]
target-ppc/kvm: Add a wrapper function to check for KVM-PR
It makes more sense if we have a proper function to check
for KVM-PR than to check for the GET_PVINFO extension all
over the place.
Signed-off-by: Thomas Huth <[email protected]>
[dwg: Expanded a comment to discourage overuse of this function] Signed-off-by: David Gibson <[email protected]>
Thomas Huth [Wed, 28 Sep 2016 11:16:30 +0000 (13:16 +0200)]
ppc: Check the availability of transactional memory
KVM-PR currently does not support transactional memory, and the
implementation in TCG is just a fake. We should not announce TM
support in the ibm,pa-features property when running on such a
system, so disable it by default and only enable it if the KVM
implementation supports it (i.e. recent versions of KVM-HV).
These changes are based on some earlier work from Anton Blanchard
(thanks!).
Thomas Huth [Wed, 28 Sep 2016 11:16:29 +0000 (13:16 +0200)]
hw/ppc/spapr: Fix the selection of the processor features
The current code uses pa_features_206 for POWERPC_MMU_2_06, and
for everything else, it uses pa_features_207. This is bad in some
cases because there is also a "degraded" MMU version of ISA 2.06,
called POWERPC_MMU_2_06a, which should of course use the flags for
2.06 instead. And there is also the possibility that the user runs
the pseries machine with a POWER5+ or even 970 processor. In that
case we certainly do not want to set the flags for 2.07, and rather
simply skip the setting of the pa-features property instead.
Thomas Huth [Wed, 28 Sep 2016 11:16:28 +0000 (13:16 +0200)]
hw/ppc/spapr: Move code related to "ibm,pa-features" to a separate function
The function spapr_populate_cpu_dt() has become quite big
already, and since we likely have to extend the pa-features
property for every new processor generation, it is nicer
if we put the related code into a separate function.
David Gibson [Wed, 28 Sep 2016 04:31:55 +0000 (14:31 +1000)]
pseries: Add 2.8 machine type, set up compatibility macros
Now that 2.7 is released, create the pseries-2.8 machine type and add the
boilerplate compatiblity macro stuff. There's nothing new to put into the
2.7 compatiliby properties yet, but we'll need something eventually, so
we might as well get it ready now.
Thomas Huth [Mon, 26 Sep 2016 20:17:46 +0000 (22:17 +0200)]
tests: Test IPv6 and ppc64 in the PXE tester
The firmware of the pseries machine, SLOF, is able to load files via
IPv6 networking, too. So to test both, network bootloading on ppc64
and IPv6 (via Slirp) , let's add some PXE tests for this environment,
too. Since we can not use the normal x86 boot sector for network boot
loading, we use a simple Forth script on ppc64 instead.
Peter Maydell [Tue, 4 Oct 2016 17:57:12 +0000 (18:57 +0100)]
Merge remote-tracking branch 'remotes/dgilbert/tags/pull-hmp-20161004' into staging
HMP pull
Just Wanpeng's pull request this time, but
this pull is as much about me checking out my
process.
# gpg: Signature made Tue 04 Oct 2016 18:24:10 BST
# gpg: using RSA key 0x0516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <[email protected]>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert/tags/pull-hmp-20161004:
hmp: fix qemu crash due to ioapic state dump w/ split irqchip
Peter Maydell [Tue, 4 Oct 2016 13:25:08 +0000 (14:25 +0100)]
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches
# gpg: Signature made Thu 29 Sep 2016 14:11:30 BST
# gpg: using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <[email protected]>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream:
oslib-posix: add a configure switch to debug stack usage
coroutine-sigaltstack: use helper for allocating stack memory
coroutine-ucontext: use helper for allocating stack memory
coroutine: add a macro for the coroutine stack size
coroutine-sigaltstack: rename coroutine struct appropriately
oslib-posix: add helpers for stack alloc and free
block: Remove qemu_root_bds_opts
block: Move 'discard' option to bdrv_open_common()
block: Use 'detect-zeroes' option for 'blockdev-change-medium'
block: Parse 'detect-zeroes' in bdrv_open_common()
block/qapi: Move 'aio' option to file driver
block/qapi: Use separate options type for curl driver
block: Drop aio/cache consistency check from qmp_blockdev_add()
block: Fix error path in qmp_blockdev_change_medium()
block-backend: remove blk_flush_all
qemu: use bdrv_flush_all for vm_stop et al
block: reintroduce bdrv_flush_all
* remotes/pmaydell/tags/pull-target-arm-20161004: (27 commits)
target-arm: Correctly handle 'sub pc, pc, 1' for ARMv6
target-arm: A64: Fix decoding of iss_sf in disas_ld_lit
cadence_gem: Fix priority queue out of bounds access
docs: Add a generic loader explanation document
generic-loader: Add a generic loader
ARM: Virt: ACPI: Add GIC ITS description in ACPI MADT table
ACPI: Add GIC Interrupt Translation Service Structure definition
arm/virt: Add ITS to the virt board
hw/intc/arm_gicv3_its: Implement support for in-kernel ITS emulation
kvm-all: Pass requester ID to MSI routing functions
target-arm: move gicv3_class_name from machine to kvm_arm.h
hw/intc/arm_gicv3_its: Implement ITS base class
hw/intc/arm_gic(v3)_kvm: Initialize gsi routing
hw/arm/virt: add 2.8 machine type
vmstateify tsc210x
vmstateify tsc2005
hw/arm: Fix Integrator/CM initialization
mainstone: Add mapping for dot, slash and backspace.
mainstone: Fix incorrect key mapping for Enter key.
MAINTAINERS: Add Alistair to the maintainers list
...
Peter Maydell [Tue, 4 Oct 2016 12:28:10 +0000 (13:28 +0100)]
target-arm: Correctly handle 'sub pc, pc, 1' for ARMv6
In the ARM v6 architecture, 'sub pc, pc, 1' is not an interworking
branch, so the computed new value is written to r15 as a normal
value. The architecture says that in this case, bits [1:0] of
the value written must be ignored if we are in ARM mode (or
bit [0] ignored if in Thumb mode); this is a change from the
ARMv4/v5 specification that behaviour is UNPREDICTABLE.
Use the correct mask on the PC value when doing a non-interworking
store to PC.
A popular library used on RaspberryPi uses this instruction
as part of a trick to determine whether it is running on
ARMv6 or ARMv7, and we were mishandling the sequence.
target-arm: A64: Fix decoding of iss_sf in disas_ld_lit
Fix the decoding of iss_sf in disas_ld_lit.
The SF (Sixty-Four) field in the ISS (Instruction Specific Syndrome)
is a bit that specifies the width of the register that the
instruction loads to.
If cleared it specifies 32 bits.
If set it specifies 64 bits.
cadence_gem: Fix priority queue out of bounds access
There was an error with some of the register implementation assuming
there are 16 priority queues supported when the IP only supports 8. This
patch corrects the registers to only support 8 queues.
Add a generic loader to QEMU which can be used to load images or set
memory values.
Internally inside QEMU this is a device. It is a strange device that
provides no hardware interface but allows QEMU to monkey patch memory
specified when it is created. To be able to do this it has a reset
callback that does the memory operations.
This device allows the user to monkey patch memory. To be able to do
this it needs a backend to manage the datas, the same as other
memory-related devices. In this case as the backend is so trivial we
have merged it with the frontend instead of creating and maintaining a
seperate backend.
Pavel Fedin [Tue, 4 Oct 2016 12:28:09 +0000 (13:28 +0100)]
hw/intc/arm_gicv3_its: Implement support for in-kernel ITS emulation
The ITS control frame is in-kernel emulated while accesses to the
GITS_TRANSLATER are mediated through the KVM_SIGNAL_MSI ioctl (MSI
direct MSI injection advertised by the CAP_SIGNAL_MSI capability)
the kvm_gsi_direct_mapping is explicitly set to false to emphasize the
difference with GICv2M. Direct mapping cannot work with ITS since
the content of the MSI data is not the target interrupt ID but an
eventd id.
GSI routing is advertised (kvm_gsi_routing_allowed) as well as
msi/irqfd signaling (kvm_msi_via_irqfd_allowed).
The MSI frame (GITS_TRANSLATER) absolute GPA is computed on first
kvm_its_send_msi() call. It is then passed through KVM_SIGNAL_MSI
ioctl.
Pavel Fedin [Tue, 4 Oct 2016 12:28:09 +0000 (13:28 +0100)]
kvm-all: Pass requester ID to MSI routing functions
Introduce global kvm_msi_use_devid flag plus associated
kvm_msi_devid_required() macro. Passes the device ID,
if needed, while building the MSI route entry. Device IDs are
required by the ARM GICv3 ITS (IRQ remapping function is based on
this information).
Pavel Fedin [Tue, 4 Oct 2016 12:28:08 +0000 (13:28 +0100)]
hw/intc/arm_gicv3_its: Implement ITS base class
This is the basic skeleton for both KVM and software-emulated ITS.
Since we already prepare status structure, we also introduce complete
VMState description. But, because we currently have no migratable
implementations, we also set unmigratable flag.
Eric Auger [Tue, 4 Oct 2016 12:28:08 +0000 (13:28 +0100)]
hw/intc/arm_gic(v3)_kvm: Initialize gsi routing
Advertise gsi routing and set up irqchip routing entries for
GIC SPIs.
This is not mandated as long as MSI routing is not used
(because the kernel sets a default irqchip routing table).
However once MSI routing gets used (for VIRTIO-PCI vhost for
example), the first call to KVM_SET_GSI_ROUTING overrides the
kernel default irqchip table.
If no routing entry exists for the GSI, any IRQFD signaling for
this GSI will fail.
I'm now saving all 3 of the pll entries; only 2 were saved before.
There are a couple of times that were previously stored as offsets
from 'now' calculated before saving; with vmstate it's easier
to store the 'now' and fix it up on reload.
Jakub Jermar [Tue, 4 Oct 2016 12:28:08 +0000 (13:28 +0100)]
hw/arm: Fix Integrator/CM initialization
Initialization of a class instance cannot depend on its own properties
as these are not yet set. Move parts of integratorcm_init() that depend
on the "memsz" property to the newly added integratorcm_realize().
This fixes: https://bugs.launchpad.net/qemu/+bug/1624726
Vijay Kumar B [Tue, 4 Oct 2016 12:28:07 +0000 (13:28 +0100)]
mainstone: Fix incorrect key mapping for Enter key.
According to the manual the (5, 5) corresponds to backspace key, and
not Enter key. Linux kernel maps (5, 4) to the enter key. Fixing it up
to match the mapping in the Linux kernel.
Peter Maydell [Tue, 4 Oct 2016 10:28:30 +0000 (11:28 +0100)]
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
x86 bug fixes
Fix for a XSAVE regression when using "-cpu host", and a fix on
the Opteron_G3 CPU model.
# gpg: Signature made Mon 03 Oct 2016 20:08:13 BST
# gpg: using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <[email protected]>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Correct family/model/stepping for Opteron_G3
target-i386: Report known CPUID[EAX=0xD,ECX=0]:EAX bits as migratable
Peter Maydell [Tue, 4 Oct 2016 10:01:39 +0000 (11:01 +0100)]
Merge remote-tracking branch 'remotes/famz/tags/for-upstream' into staging
# gpg: Signature made Sun 02 Oct 2016 02:49:58 BST
# gpg: using RSA key 0xCA35624C6A9171C6
# gpg: Good signature from "Fam Zheng <[email protected]>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5003 7CB7 9706 0F76 F021 AD56 CA35 624C 6A91 71C6
* remotes/famz/tags/for-upstream:
docker: Build in a clean directory
smbios: fix uuid copy
xenpv: Fix qemu_uuid compiling error
In commit ac1b84dd1 (rhbz#1027181), a check was added to only update the
"read handler" when the front-end is opened, because the read callbacks
were not restored when a device is plugged. However, this seems not
correct, the handler is correctly set back on hotplug (in
virtconsole_realize) and the bug can no longer be reproduced.
Calling chr_update_read_handler() allows to fix the mux driver to stop
calling the child handlers (which may be going to be destroyed).
mux_chr_update_read_handler() is adding a new mux_cnt each time
mux_chr_update_read_handler() is called, it's not possible to actually
update the "child" chr callbacks that were set previously. This may lead
to crashes if the "child" chr is destroyed:
==4306== Invalid read of size 8
==4306== at 0x8061D3: json_lexer_destroy (json-lexer.c:385)
==4306== by 0x7E39F8: json_message_parser_destroy (json-streamer.c:134)
==4306== by 0x3447F6: monitor_qmp_event (monitor.c:3908)
==4306== by 0x480153: mux_chr_send_event (qemu-char.c:630)
==4306== by 0x480694: mux_chr_event (qemu-char.c:734)
==4306== by 0x47F1E9: qemu_chr_be_event (qemu-char.c:205)
==4306== by 0x481207: fd_chr_close (qemu-char.c:1114)
==4306== by 0x481659: qemu_chr_close_stdio (qemu-char.c:1221)
==4306== by 0x486F07: qemu_chr_free (qemu-char.c:4146)
==4306== by 0x486F97: qemu_chr_delete (qemu-char.c:4154)
==4306== by 0x487E66: qemu_chr_cleanup (qemu-char.c:4678)
==4306== by 0x495A98: main (vl.c:4675)
==4306== Address 0x28439e90 is 112 bytes inside a block of size 240 free'd
==4306== at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==4306== by 0x1E4CBF2D: g_free (in /usr/lib64/libglib-2.0.so.0.4800.2)
==4306== by 0x344DE9: monitor_cleanup (monitor.c:4058)
==4306== by 0x495A93: main (vl.c:4674)
==4306== Block was alloc'd at
==4306== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==4306== by 0x1E4CBE18: g_malloc (in /usr/lib64/libglib-2.0.so.0.4800.2)
==4306== by 0x344BF8: monitor_init (monitor.c:4021)
==4306== by 0x49063C: mon_init_func (vl.c:2417)
==4306== by 0x7FC6DE: qemu_opts_foreach (qemu-option.c:1116)
==4306== by 0x4954E0: main (vl.c:4473)
Instead, keep the "child" chr associated with a particular idx so its
handlers can be updated and removed to avoid the crash.
Alex Bennée [Fri, 30 Sep 2016 21:31:03 +0000 (22:31 +0100)]
.travis.yml: add gcc sanitizer build
As it seems easy to break the ThreadSanitizer build we should defend it to
ensure that fixes get applied when it breaks. We use the Ubuntu GCC PPA
to get the latest GCC goodness.
As we need to use the -fuse-ld=gold work around we have to disable the
linux-user targets as these trip up the linker.
The make check run is also disabled for Travis but this can be
re-enabled once the check targets have been fixed.
Alex Bennée [Fri, 30 Sep 2016 21:31:02 +0000 (22:31 +0100)]
qga/command: use QEMU atomic primitives
The guest client's use of the glib's g_atomic primitives causes newer
GCC's to barf when built on Travis. As QEMU has its own primitives with
well understood semantics we might as well use them.
The use of atomics was a little inconsistent so I've also ensure the
values are correctly set with atomic primitives at the same time.
I also made the usage of bool consistent while I was at it.
Alex Bennée [Fri, 30 Sep 2016 21:31:00 +0000 (22:31 +0100)]
util/qht: atomically set b->hashes
ThreadSanitizer detects a possible race between reading/writing the
hashes. The ordering semantics are already documented for QHT however
for true C11 compliance we should use relaxed atomic primitives for
accesses that are done across threads. On x86 this slightly changes to
the code to not do a load/compare in a single instruction leading to a
slight performance degradation.
Running 'taskset -c 0 tests/qht-bench -n 1 -d 10' (i.e. all lookups) 10
times, we get:
Alex Bennée [Fri, 30 Sep 2016 21:30:59 +0000 (22:30 +0100)]
cpu: atomically modify cpu->exit_request
ThreadSanitizer picks up potential races although we already use
barriers to ensure things are in the correct order when processing exit
requests. For true C11 defined behaviour across threads we need to use
relaxed atomic_set/atomic_read semantics to reassure tsan.
Alex Bennée [Fri, 30 Sep 2016 21:30:57 +0000 (22:30 +0100)]
qom/object: update class cache atomically
The idiom CPU_GET_CLASS(cpu) is fairly extensively used in various
threads and trips of ThreadSanitizer due to the fact it updates
obj->class->object_cast_cache behind the scenes. As this is just a
fast-path cache there is no need to lock updates.
However to ensure defined C11 behaviour across threads we need to use
the plain atomic_read/set primitives and keep the sanitizer happy.
Paolo Bonzini [Fri, 30 Sep 2016 21:30:56 +0000 (22:30 +0100)]
seqlock: use atomic writes for the sequence
There is a data race if the sequence is written concurrently to the
read. In C11 this has undefined behavior. Use atomic_set; the
read side is already using atomic_read.
projects / qemu.git / log